The Top 335 Pentesting Open Source Projects

Awesome Open Source

Awesome Open Source

Combined Topics

The Top 335 Pentesting Open Source Projects

Categories > Security > Pentesting

Sqlmap ⭐18,731

Automatic SQL injection and database takeover tool

Pentesting Bible ⭐7,157

Learn ethical hacking.Learn about reconnaissance,windows/linux hacking,attacking web technologies,and pen testing wireless networks.Resources for learning malware analysis and reverse engineering.

Owasp Mstg ⭐6,678

The Mobile Security Testing Guide (MSTG) is a comprehensive manual for mobile app security development, testing and reverse engineering.

Pupy is an opensource, cross-platform (Windows, Linux, OSX, Android) remote administration and post-exploitation tool mainly written in python

Ciphey ⭐5,672

⚡ Automatically decrypt encryptions without knowing the key or cipher, decode encodings, and crack hashes ⚡

Dirsearch ⭐4,901

Web path scanner

Red Teaming Toolkit ⭐4,494

A collection of open source and commercial tools that aid in red team operations.

Thc Hydra ⭐4,319

Crackmapexec ⭐4,257

A swiss army knife for pentesting networks

Sn1per ⭐4,016

Automated pentest framework for offensive security experts

Juice Shop ⭐4,009

OWASP Juice Shop: Probably the most modern and sophisticated insecure web application

Gobuster ⭐3,906

Directory/File, DNS and VHost busting tool written in Go

Fast web fuzzer written in Go

Infosec_reference ⭐3,396

An Information Security Reference That Doesn't Suck

Airgeddon ⭐2,989

This is a multi-use bash script for Linux systems to audit wireless networks.

Hetty is an HTTP toolkit for security research.

Rustscan ⭐2,910

🤖 The Modern Port Scanner 🤖

Xunfeng ⭐2,877

巡风是一款适用于企业内网的漏洞快速应急，巡航扫描系统。

Cheatsheet God ⭐2,824

Penetration Testing Reference Bank - OSCP / PTP & PTX Cheatsheet

Fuzzdicts ⭐2,813

Web Pentesting Fuzz 字典,一个就够了。

Faraday ⭐2,809

Collaborative Penetration Test and Vulnerability Management Platform

Whatweb ⭐2,737

Next generation web scanner

Lscript ⭐2,549

The LAZY script will make your life easier, and of course faster.

Mobileapp Pentest Cheatsheet ⭐2,525

The Mobile App Pentest cheat sheet was created to provide concise collection of high value information on specific mobile application penetration testing topics.

Red Team Infrastructure Wiki ⭐2,508

Wiki to collect Red Team infrastructure hardening resources

Commix ⭐2,448

Automated All-in-One OS command injection and exploitation tool.

Cameradar ⭐2,407

Cameradar hacks its way into RTSP videosurveillance cameras

Drozer ⭐2,378

The Leading Security Assessment Framework for Android.

Raccoon ⭐1,933

A high performance offensive security tool for reconnaissance and vulnerability scanning

Socialfish ⭐1,927

Automated Phishing Tool & Information Collector

Awesome Shodan Queries ⭐1,825

🔍 A collection of interesting, funny, and depressing search queries to plug into https://shodan.io/ 👩‍💻

Java Deserialization Cheat Sheet ⭐1,811

The cheat sheet about Java Deserialization vulnerabilities

The Web Security Testing Guide is a comprehensive Open Source guide to testing the security of web applications and web services.

Monitor linux processes without root permissions

Fuxploider ⭐1,672

File upload vulnerability scanner and exploitation tool.

Cr3dov3r ⭐1,590

Know the dangers of credential reuse attacks.

Evilosx ⭐1,583

An evil RAT (Remote Administration Tool) for macOS / OS X.

渗透测试插件化并发框架 / Open-sourced remote vulnerability PoC/EXP framework

Archerysec ⭐1,534

Centralize Vulnerability Assessment and Management for DevSecOps Team

Mitmap ⭐1,474

📡 A python program to create a fake AP and sniff data.

Ssrf Testing ⭐1,467

SSRF (Server Side Request Forgery) testing resources

Evil Winrm ⭐1,446

The ultimate WinRM shell for hacking/pentesting

Learn Web Hacking ⭐1,427

Study Notes For Web Hacking / Web安全学习笔记

Awesome Mobile Security ⭐1,413

An effort to build a single place for all useful android and iOS security related stuff. All references and tools belong to their respective owners. I'm just maintaining it.

Abusing Certificate Transparency logs for getting HTTPS websites subdomains.

A tool to abuse Exchange services

Hackvault ⭐1,276

A container repository for my public web hacks!

Pentesting_toolkit ⭐1,260

🏴‍☠️ Tools for pentesting, CTFs & wargames. 🏴‍☠️

Linux Smart Enumeration ⭐1,241

Linux enumeration tool for pentesting and CTFs with verbosity levels

Redteam Tactics And Techniques ⭐1,226

Red Teaming Tactics and Techniques

Reverse Shell ⭐1,195

Reverse Shell as a Service

Cloudfail ⭐1,170

Utilize misconfigured DNS and old database records to find hidden IP's behind the CloudFlare network

Mongoaudit ⭐1,154

🔥 A powerful MongoDB auditing and pentesting tool 🔥

Gitjacker ⭐1,136

🔪 Leak git repositories from misconfigured websites

Deathstar ⭐1,111

Automate getting Domain Admin using Empire

Needle ⭐1,098

The iOS Security Testing Framework

Redsnarf ⭐1,098

RedSnarf is a pen-testing / red-teaming tool for Windows environments

Subjack ⭐1,092

Subdomain Takeover tool written in Go

Cloakify ⭐1,086

CloakifyFactory - Data Exfiltration & Infiltration In Plain Sight; Convert any filetype into list of everyday strings, using Text-Based Steganography; Evade DLP/MLS Devices, Defeat Data Whitelisting Controls, Social Engineering of Analysts, Evade AV Detection

Venom - A Multi-hop Proxy for Penetration Testers

⛔️ offsec batteries included

Automation for internal Windows Penetrationtest / AD-Security

Find web directories without bruteforce

Keylogger ⭐925

A simple keylogger for Windows, Linux and Mac

Active Directory Exploitation Cheat Sheet ⭐905

A cheat sheet that contains common enumeration and attack methods for Windows Active Directory.

P0wny Shell ⭐892

Single-file PHP shell

Babysploit ⭐868

👶 BabySploit Beginner Pentesting Toolkit/Framework Written in Python 🐍

Scanless ⭐845

online port scan scraper

Hack Tools ⭐843

The all-in-one Red Team extension for Web Pentester 🛠

Jsql Injection ⭐835

jSQL Injection is a Java application for automatic SQL database injection.

Security ⭐832

Some of my security stuff and vulnerabilities. Nothing advanced. More to come.

Privesccheck ⭐825

Privilege Escalation Enumeration Script for Windows

Ksubdomain ⭐824

无状态子域名爆破工具

Sessiongopher ⭐809

SessionGopher is a PowerShell tool that uses WMI to extract saved session information for remote access tools such as WinSCP, PuTTY, SuperPuTTY, FileZilla, and Microsoft Remote Desktop. It can be run remotely or locally.

V3n0m Scanner ⭐787

Popular Pentesting scanner in Python3.6 for SQLi/XSS/LFI/RFI and other Vulns

Hashtopolis ⭐784

A Hashcat wrapper for distributed hashcracking

Interactive Network Scanner

pwncat - netcat on steroids with Firewall, IDS/IPS evasion, bind and reverse shell, self-injecting shell and port forwarding magic - and its fully scriptable with Python (PSE)

A collection of Windows, Linux and MySQL privilege escalation scripts and exploits.

Burpsuite Collections ⭐760

有关burpsuite的插件(非商店),文章以及使用技巧的收集(此项目不再提供burpsuite破解文件,如需要请在博客mrxn.net下载)---Collection of burpsuite plugins (non-stores), articles and tips for using Burpsuite, no crack version file

Spoilerwall ⭐752

Spoilerwall introduces a brand new concept in the field of network hardening. Avoid being scanned by spoiling movies on all your ports!

Finalrecon ⭐750

The Last Web Recon Tool You'll Need

Dumpsterfire ⭐748

"Security Incidents In A Box!" A modular, menu-driven, cross-platform tool for building customized, time-delayed, distributed security events. Easily create custom event chains for Blue- & Red Team drills and sensor / alert mapping. Red Teams can create decoy incidents, distractions, and lures to support and scale their operations. Build event sequences ("narratives") to simulate realistic scenarios and generate corresponding network and filesystem artifacts.

Active Directory Exploitation Cheat Sheet ⭐743

A cheat sheet that contains common enumeration and attack methods for Windows Active Directory.

Semi-automatic OSINT framework and package manager

Perun是一款主要适用于乙方安服、渗透测试人员和甲方RedTeam红队人员的网络资产漏洞扫描器/扫描框架

Exploitpack ⭐728

Exploit Pack -The next generation exploit framework

Gourdscanv2 ⭐728

被动式漏洞扫描系统

Kubernetes Goat ⭐727

Kubernetes Goat is "Vulnerable by Design" Kubernetes Cluster.

Breaking And Pwning Apps And Servers Aws Azure Training ⭐724

Course content, lab setup instructions and documentation of our very popular Breaking and Pwning Apps and Servers on AWS and Azure hands on training!

Sprayingtoolkit ⭐711

Scripts to make password spraying attacks against Lync/S4B, OWA & O365 a lot quicker, less painful and more efficient

Web Content Discovery Tool

Sudomy is a subdomain enumeration tool to collect subdomains and analyzing domains performing automated reconnaissance (recon) for bug hunting / pentesting

Gorsair hacks its way into remote docker containers that expose their APIs

Security_whitepapers ⭐644

Collection of misc IT Security related whitepapers, presentations, slides - hacking, bug bounty, web application security, XSS, CSRF, SQLi

Evillimiter ⭐643

Tool that monitors, analyzes and limits the bandwidth of devices on the local network without administrative access.

Linuxprivchecker ⭐640

linuxprivchecker.py -- a Linux Privilege Escalation Check Script

Autordpwn ⭐628

The Shadow Attack Framework

Awesome Oscp ⭐628

A curated list of awesome OSCP resources

Phishing Frenzy ⭐621

Ruby on Rails Phishing Framework

1-100 of 335 projects