Awesome Open Source
Awesome Open Source
Combined Topics
pentesting
x
Advertising
📦 10
All Projects
Application Programming Interfaces
📦 124
Applications
📦 192
Artificial Intelligence
📦 78
Blockchain
📦 73
Build Tools
📦 113
Cloud Computing
📦 80
Code Quality
📦 28
Collaboration
📦 32
Command Line Interface
📦 49
Community
📦 83
Companies
📦 60
Compilers
📦 63
Computer Science
📦 80
Configuration Management
📦 42
Content Management
📦 175
Control Flow
📦 213
Data Formats
📦 78
Data Processing
📦 276
Data Storage
📦 135
Economics
📦 64
Frameworks
📦 215
Games
📦 129
Graphics
📦 110
Hardware
📦 152
Integrated Development Environments
📦 49
Learning Resources
📦 166
Legal
📦 29
Libraries
📦 129
Lists Of Projects
📦 22
Machine Learning
📦 347
Mapping
📦 64
Marketing
📦 15
Mathematics
📦 55
Media
📦 239
Messaging
📦 98
Networking
📦 315
Operating Systems
📦 89
Operations
📦 121
Package Managers
📦 55
Programming Languages
📦 245
Runtime Environments
📦 100
Science
📦 42
Security
📦 396
Social Media
📦 27
Software Architecture
📦 72
Software Development
📦 72
Software Performance
📦 58
Software Quality
📦 133
Text Editors
📦 49
Text Processing
📦 136
User Interface
📦 330
User Interface Components
📦 514
Version Control
📦 30
Virtualization
📦 71
Web Browsers
📦 42
Web Servers
📦 26
Web User Interface
📦 210
The Top 358 Pentesting Open Source Projects
Categories
>
Security
>
Pentesting
Sqlmap
⭐
19,471
Automatic SQL injection and database takeover tool
Pentesting Bible
⭐
7,718
Learn ethical hacking.Learn about reconnaissance,windows/linux hacking,attacking web technologies,and pen testing wireless networks.Resources for learning malware analysis and reverse engineering.
Owasp Mstg
⭐
7,078
The Mobile Security Testing Guide (MSTG) is a comprehensive manual for mobile app security development, testing and reverse engineering.
Social Analyzer
⭐
6,960
API, CLI & Web App for analyzing & finding a person's profile across 350+ social media websites (Detections are updated regularly)
Ciphey
⭐
6,399
⚡ Automatically decrypt encryptions without knowing the key or cipher, decode encodings, and crack hashes ⚡
Pupy
⭐
6,178
Pupy is an opensource, cross-platform (Windows, Linux, OSX, Android) remote administration and post-exploitation tool mainly written in python
Dirsearch
⭐
5,633
Web path scanner
Red Teaming Toolkit
⭐
4,752
A collection of open source and commercial tools that aid in red team operations.
Thc Hydra
⭐
4,630
hydra
Crackmapexec
⭐
4,546
A swiss army knife for pentesting networks
Juice Shop
⭐
4,308
OWASP Juice Shop: Probably the most modern and sophisticated insecure web application
Gobuster
⭐
4,276
Directory/File, DNS and VHost busting tool written in Go
Ffuf
⭐
4,047
Fast web fuzzer written in Go
Infosec_reference
⭐
3,626
An Information Security Reference That Doesn't Suck
Rustscan
⭐
3,430
🤖 The Modern Port Scanner 🤖
Airgeddon
⭐
3,218
This is a multi-use bash script for Linux systems to audit wireless networks.
Hetty
⭐
3,128
Hetty is an HTTP toolkit for security research.
Fuzzdicts
⭐
3,077
Web Pentesting Fuzz 字典,一个就够了。
Cheatsheet God
⭐
3,008
Penetration Testing Reference Bank - OSCP / PTP & PTX Cheatsheet
Whatweb
⭐
2,948
Next generation web scanner
Xunfeng
⭐
2,932
巡风是一款适用于企业内网的漏洞快速应急,巡航扫描系统。
Faraday
⭐
2,899
Collaborative Penetration Test and Vulnerability Management Platform
Lscript
⭐
2,697
The LAZY script will make your life easier, and of course faster.
Red Team Infrastructure Wiki
⭐
2,649
Wiki to collect Red Team infrastructure hardening resources
Mobileapp Pentest Cheatsheet
⭐
2,648
The Mobile App Pentest cheat sheet was created to provide concise collection of high value information on specific mobile application penetration testing topics.
Commix
⭐
2,543
Automated All-in-One OS Command Injection Exploitation Tool
Cameradar
⭐
2,484
Cameradar hacks its way into RTSP videosurveillance cameras
Drozer
⭐
2,455
The Leading Security Assessment Framework for Android.
Wstg
⭐
2,230
The Web Security Testing Guide is a comprehensive Open Source guide to testing the security of web applications and web services.
Socialfish
⭐
2,096
Educational Phishing Tool & Information Collector
Awesome Shodan Queries
⭐
2,077
🔍 A collection of interesting, funny, and depressing search queries to plug into https://shodan.io/ 👩💻
Hack Tools
⭐
2,055
The all-in-one Red Team extension for Web Pentester 🛠
Raccoon
⭐
2,010
A high performance offensive security tool for reconnaissance and vulnerability scanning
Java Deserialization Cheat Sheet
⭐
1,956
The cheat sheet about Java Deserialization vulnerabilities
Hacktricks
⭐
1,942
Welcome to the page where you will find each trick/technique/whatever I have learnt in CTFs, real life apps, and reading researches and news.
Pspy
⭐
1,916
Monitor linux processes without root permissions
Fuxploider
⭐
1,730
File upload vulnerability scanner and exploitation tool.
Cr3dov3r
⭐
1,645
Know the dangers of credential reuse attacks.
Evilosx
⭐
1,643
An evil RAT (Remote Administration Tool) for macOS / OS X.
Archerysec
⭐
1,603
Centralize Vulnerability Assessment and Management for DevSecOps Team
Poc T
⭐
1,595
渗透测试插件化并发框架 / Open-sourced remote vulnerability PoC/EXP framework
Learn Web Hacking
⭐
1,593
Study Notes For Web Hacking / Web安全学习笔记
Evil Winrm
⭐
1,589
The ultimate WinRM shell for hacking/pentesting
Awesome Mobile Security
⭐
1,569
An effort to build a single place for all useful android and iOS security related stuff. All references and tools belong to their respective owners. I'm just maintaining it.
Redteam Tactics And Techniques
⭐
1,531
Red Teaming Tactics and Techniques
Ssrf Testing
⭐
1,528
SSRF (Server Side Request Forgery) testing resources
Ruler
⭐
1,490
A tool to abuse Exchange services
Mitmap
⭐
1,484
📡 A python program to create a fake AP and sniff data.
Ctfr
⭐
1,441
Abusing Certificate Transparency logs for getting HTTPS websites subdomains.
Defaultcreds Cheat Sheet
⭐
1,432
One place for all the default credentials to assist the Blue/Red teamers activities on finding devices with default password 🛡️
Linux Smart Enumeration
⭐
1,426
Linux enumeration tool for pentesting and CTFs with verbosity levels
Active Directory Exploitation Cheat Sheet
⭐
1,348
A cheat sheet that contains common enumeration and attack methods for Windows Active Directory.
Hackvault
⭐
1,320
A container repository for my public web hacks!
Pentesting_toolkit
⭐
1,268
🏴☠️ Tools for pentesting, CTFs & wargames. 🏴☠️
Reverse Shell
⭐
1,256
Reverse Shell as a Service
Winpwn
⭐
1,237
Automation for internal Windows Penetrationtest / AD-Security
Gitjacker
⭐
1,237
🔪 Leak git repositories from misconfigured websites
Cloudfail
⭐
1,229
Utilize misconfigured DNS and old database records to find hidden IP's behind the CloudFlare network
Venom
⭐
1,213
Venom - A Multi-hop Proxy for Penetration Testers
Deathstar
⭐
1,206
Uses Empire's (https://github.com/BC-SECURITY/Empire) RESTful API to automate gaining Domain and/or Enterprise Admin rights in Active Directory environments using some of the most common offensive TTPs.
Subjack
⭐
1,172
Subdomain Takeover tool written in Go
Mongoaudit
⭐
1,171
🔥 A powerful MongoDB auditing and pentesting tool 🔥
Cloakify
⭐
1,129
CloakifyFactory - Data Exfiltration & Infiltration In Plain Sight; Convert any filetype into list of everyday strings, using Text-Based Steganography; Evade DLP/MLS Devices, Defeat Data Whitelisting Controls, Social Engineering of Analysts, Evade AV Detection
Needle
⭐
1,116
The iOS Security Testing Framework
Redsnarf
⭐
1,108
RedSnarf is a pen-testing / red-teaming tool for Windows environments
Pentest
⭐
1,054
⛔️ offsec batteries included
Privesccheck
⭐
1,024
Privilege Escalation Enumeration Script for Windows
Vulmap
⭐
1,016
Vulmap 是一款 web 漏洞扫描和验证工具, 可对 webapps 进行漏洞扫描, 并且具备漏洞利用功能
Keylogger
⭐
993
A simple keylogger for Windows, Linux and Mac
Dirhunt
⭐
975
Find web directories without bruteforce
Ksubdomain
⭐
962
无状态子域名爆破工具
Burpsuite Collections
⭐
940
有关burpsuite的插件(非商店),文章以及使用技巧的收集(此项目不再提供burpsuite破解文件,如需要请在博客mrxn.net下载)---Collection of burpsuite plugins (non-stores), articles and tips for using Burpsuite, no crack version file
P0wny Shell
⭐
936
Single-file PHP shell
Pwncat
⭐
887
pwncat - netcat on steroids with Firewall, IDS/IPS evasion, bind and reverse shell, self-injecting shell and port forwarding magic - and its fully scriptable with Python (PSE)
Babysploit
⭐
882
👶 BabySploit Beginner Pentesting Toolkit/Framework Written in Python 🐍
Finalrecon
⭐
877
The Last Web Recon Tool You'll Need
Scanless
⭐
871
online port scan scraper
Kubernetes Goat
⭐
853
Kubernetes Goat is "Vulnerable by Design" Kubernetes Cluster. Designed to be an intentionally vulnerable cluster environment to learn and practice Kubernetes security.
Active Directory Exploitation Cheat Sheet
⭐
851
A cheat sheet that contains common enumeration and attack methods for Windows Active Directory.
Sudomy
⭐
845
Sudomy is a subdomain enumeration tool to collect subdomains and analyzing domains performing automated reconnaissance (recon) for bug hunting / pentesting
V3n0m Scanner
⭐
842
Popular Pentesting scanner in Python3.6 for SQLi/XSS/LFI/RFI and other Vulns
Security
⭐
834
Some of my security stuff and vulnerabilities. Nothing advanced. More to come.
Sessiongopher
⭐
832
SessionGopher is a PowerShell tool that uses WMI to extract saved session information for remote access tools such as WinSCP, PuTTY, SuperPuTTY, FileZilla, and Microsoft Remote Desktop. It can be run remotely or locally.
Hashtopolis
⭐
831
A Hashcat wrapper for distributed hashcracking
Sn0int
⭐
798
Semi-automatic OSINT framework and package manager
Goscan
⭐
791
Interactive Network Scanner
Sprayingtoolkit
⭐
788
Scripts to make password spraying attacks against Lync/S4B, OWA & O365 a lot quicker, less painful and more efficient
Privesc
⭐
787
A collection of Windows, Linux and MySQL privilege escalation scripts and exploits.
Awesome Oscp
⭐
786
A curated list of awesome OSCP resources
Dumpsterfire
⭐
772
"Security Incidents In A Box!" A modular, menu-driven, cross-platform tool for building customized, time-delayed, distributed security events. Easily create custom event chains for Blue- & Red Team drills and sensor / alert mapping. Red Teams can create decoy incidents, distractions, and lures to support and scale their operations. Build event sequences ("narratives") to simulate realistic scenarios and generate corresponding network and filesystem artifacts.
Perun
⭐
769
Perun是一款主要适用于乙方安服、渗透测试人员和甲方RedTeam红队人员的网络资产漏洞扫描器/扫描框架
Evillimiter
⭐
754
Tool that monitors, analyzes and limits the bandwidth of devices on the local network without administrative access.
Spoilerwall
⭐
753
Spoilerwall introduces a brand new concept in the field of network hardening. Avoid being scanned by spoiling movies on all your ports!
Breaking And Pwning Apps And Servers Aws Azure Training
⭐
747
Course content, lab setup instructions and documentation of our very popular Breaking and Pwning Apps and Servers on AWS and Azure hands on training!
Gourdscanv2
⭐
737
被动式漏洞扫描系统
Exploitpack
⭐
728
Exploit Pack -The next generation exploit framework
Diamorphine
⭐
720
LKM rootkit for Linux Kernels 2.6.x/3.x/4.x/5.x (x86/x86_64 and ARM64)
Cansina
⭐
708
Web Content Discovery Tool
Linuxprivchecker
⭐
707
linuxprivchecker.py -- a Linux Privilege Escalation Check Script
Autordpwn
⭐
687
The Shadow Attack Framework
1-100 of 358 projects
Next >
Advertising
📦 10
All Projects
Application Programming Interfaces
📦 124
Applications
📦 192
Artificial Intelligence
📦 78
Blockchain
📦 73
Build Tools
📦 113
Cloud Computing
📦 80
Code Quality
📦 28
Collaboration
📦 32
Command Line Interface
📦 49
Community
📦 83
Companies
📦 60
Compilers
📦 63
Computer Science
📦 80
Configuration Management
📦 42
Content Management
📦 175
Control Flow
📦 213
Data Formats
📦 78
Data Processing
📦 276
Data Storage
📦 135
Economics
📦 64
Frameworks
📦 215
Games
📦 129
Graphics
📦 110
Hardware
📦 152
Integrated Development Environments
📦 49
Learning Resources
📦 166
Legal
📦 29
Libraries
📦 129
Lists Of Projects
📦 22
Machine Learning
📦 347
Mapping
📦 64
Marketing
📦 15
Mathematics
📦 55
Media
📦 239
Messaging
📦 98
Networking
📦 315
Operating Systems
📦 89
Operations
📦 121
Package Managers
📦 55
Programming Languages
📦 245
Runtime Environments
📦 100
Science
📦 42
Security
📦 396
Social Media
📦 27
Software Architecture
📦 72
Software Development
📦 72
Software Performance
📦 58
Software Quality
📦 133
Text Editors
📦 49
Text Processing
📦 136
User Interface
📦 330
User Interface Components
📦 514
Version Control
📦 30
Virtualization
📦 71
Web Browsers
📦 42
Web Servers
📦 26
Web User Interface
📦 210