Awesome Open Source

Programming Languages

Search results for exploitation penetration testing

penetration-testing x

380 search results found

Sqlmap ⭐ 28,004

Automatic SQL injection and database takeover tool

H4cker ⭐ 14,538

This repository is primarily maintained by Omar Santos (@santosomar) and includes thousands of resources related to ethical hacking / penetration testing, digital forensics and incident response (DFIR), artificial intelligence, vulnerability research, exploit development, reverse engineering, and more.

Awesome Hacking Resources ⭐ 13,406

A collection of hacking / penetration testing resources to make you better!

Hacker Roadmap ⭐ 11,121

A collection of hacking tools, resources and references to practice ethical hacking.

Red Teaming Toolkit ⭐ 7,614

This repository contains cutting-edge open-source security tools (OST) for a red teamer and threat hunter.

Windows Kernel Exploits ⭐ 7,190

windows-kernel-exploits Windows平台提权漏洞集合

Yakit ⭐ 5,545

Cyber Security ALL-IN-ONE Platform

Penetration_testing_poc ⭐ 5,489

渗透测试有关的POC、EXP、脚本、提权、小工具等---About penetration-testing python-script poc getshell csrf xss cms php-getshell domainmod-xss csrf-webshell cobub-razor cve rce sql sql-poc poc-exp bypass oa-getshell cve-cms

Gather and update all available and newest CVEs with their PoC.

K8tools ⭐ 5,313

K8工具合集(内网渗透/提权工具/远程溢出/漏洞利用/扫描工具/密码破解/免杀工具/Exploit/ Web GetShell Exploit(Struts2/Zimbra/Weblogic/Tomcat/Apache/Jbos

Linux Kernel Exploits ⭐ 4,810

linux-kernel-exploits Linux平台提权漏洞集合

The Penetration Testers Framework (PTF) is a way for modular support for up-to-date tools.

Defaultcreds Cheat Sheet ⭐ 4,472

One place for all the default credentials to assist the Blue/Red teamers activities on finding devices with default password 🛡️

Ladon ⭐ 4,206

Ladon大型内网渗透工具，可PowerShell模块化、可CS插件化、可内存加载，无文件扫描。含端 11.6内置252个功能,网络资产探测模块32个通过多种协议(ICMP\NBT\DNS\MAC\SM

Commix ⭐ 4,015

Automated All-in-One OS Command Injection Exploitation Tool.

Active Directory Exploitation Cheat Sheet ⭐ 3,972

A cheat sheet that contains common enumeration and attack methods for Windows Active Directory.

The AWS exploitation framework, designed for testing the security of Amazon Web Services environments.

Phonesploit Pro ⭐ 3,496

An all-in-one hacking tool to remotely exploit Android devices using ADB and Metasploit-Framework to get a Meterpreter session.

Awesome Pentest Cheat Sheets ⭐ 3,349

Collection of the cheat sheets useful for pentesting

Kscan ⭐ 3,061

Kscan是一款纯go开发的全方位扫描器，具备端口扫描、协议检测、指纹识别，暴力破解等功能。支持协议

Vulscan ⭐ 2,983

Advanced vulnerability scanning with Nmap NSE

Xunfeng ⭐ 2,946

巡风是一款适用于企业内网的漏洞快速应急，巡航扫描系统。

Winpwn ⭐ 2,939

Automation for internal Windows Penetrationtest / AD-Security

Vulmap ⭐ 2,935

Vulmap 是一款 web 漏洞扫描和验证工具, 可对 webapps 进行漏洞扫描, 并且具备漏洞验证功能

Kernelhub ⭐ 2,521

🌴Linux、macOS、Windows Kernel privilege escalation vulnerability collection, with compilation environment, demo GIF map, vulnerability details, executable file (提权漏洞合集)

Nosqlmap ⭐ 2,504

Automated NoSQL database enumeration and web application exploitation tool.

Pentest Wiki ⭐ 2,307

PENTEST-WIKI is a free online security knowledge library for pentesters / researchers. If you have a good idea, please share it with others.

Ssrfmap ⭐ 2,306

Automatic SSRF fuzzer and exploitation tool

Iotsecurity101 ⭐ 2,246

A Curated list of IoT Security Resources

Penetration Testing Tools ⭐ 2,167

A collection of more than 170+ tools, scripts, cheatsheets and other loots that I've developed over years for Red Teaming/Pentesting/IT Security audits purposes.

Awesome Ethical Hacking Resources ⭐ 2,029

🔗 All the resources I could find for learning Ethical Hacking and Penetration Testing.

Sudo_killer ⭐ 1,971

A tool designed to exploit a privilege escalation vulnerability in the sudo program on Unix-like systems. It takes advantage of a specific misconfiguration or flaw in sudo to gain elevated privileges on the system, essentially allowing a regular user to execute commands as the root user.

Poc T ⭐ 1,761

渗透测试插件化并发框架 / Open-sourced remote vulnerability PoC/EXP framework

Vulnx ⭐ 1,711

vulnx 🕷️ an intelligent Bot, Shell can achieve automatic injection, and help researchers detect security vulnerabilities CMS system. It can perform a quick CMS security detection, information collection (including sub-domain name, ip address, country information, organizational information and time zone, etc.) and vulnerability scanning.

Fuxploider ⭐ 1,702

File upload vulnerability scanner and exploitation tool.

Hacktronian ⭐ 1,664

Tools for Pentesting

Pwn_jenkins ⭐ 1,604

Notes about attacking Jenkins servers

Reverse Shell ⭐ 1,600

Reverse Shell as a Service

Xattacker ⭐ 1,380

X Attacker Tool ☣ Website Vulnerability Scanner & Auto Exploiter

Findsploit ⭐ 1,361

Find exploits in local and online databases instantly

Linwinpwn ⭐ 1,325

linWinPwn is a bash script that automates a number of Active Directory Enumeration and Vulnerability checks

V3n0m Scanner ⭐ 1,322

Popular Pentesting scanner in Python3.6 for SQLi/XSS/LFI/RFI and other Vulns

A Red Teamer Diaries ⭐ 1,294

RedTeam/Pentest notes and experiments tested on several infrastructures related to professional engagements.

Damn Vulnerable Graphql Application ⭐ 1,291

Damn Vulnerable GraphQL Application is an intentionally vulnerable implementation of Facebook's GraphQL technology, to learn and practice GraphQL Security.

Pentest Notes ⭐ 1,202

Lockdoor Framework ⭐ 1,197

🔐 Lockdoor Framework : A Penetration Testing framework with Cyber Security Resources

Pythem ⭐ 1,161

pentest framework

Pentest Tools ⭐ 1,095

Attack surface mapping

Toxssin ⭐ 1,036

An XSS exploitation command-line interface and payload generator.

K8cscan ⭐ 996

K8Ladon大型内网渗透自定义插件化扫描神器，包含信息收集、网络资产、漏洞扫描、密码爆破、漏洞利用 C段旁注扫描、子域名扫描、Ftp密码爆破、Mysql密码爆破、Oracle密码爆破、MSSQL密码爆 Strike联动

Rafel Rat ⭐ 996

-------> RAFEL<------ Android Rat Written in Java With WebPanel For Controlling Victims...Hack Android Devices

Linuxprivchecker ⭐ 934

linuxprivchecker.py -- a Linux Privilege Escalation Check Script

Cloudpeler ⭐ 841

CrimeFlare is a useful tool for bypassing websites protected by CloudFlare WAF, with this tool you can easily see the real IP of websites that have been protected by CloudFlare. The resulting information is certainly very useful for conducting further penetration testing, and analyzing websites with the same server.

Wordpress Exploit Framework ⭐ 822

A Ruby framework designed to aid in the penetration testing of WordPress systems.

Cross Site "Scripter" (aka XSSer) is an automatic -framework- to detect, exploit and report XSS vulnerabilities in web-based applications.

Htshells ⭐ 801

Self contained htaccess shells and attacks

Awesome List Of Secrets In Environment Variables ⭐ 722

🦄🔒 Awesome list of secrets in environment variables 🖥️

Tactical Exploitation ⭐ 705

Modern tactical exploitation toolkit.

Security Data Analysis And Visualization ⭐ 681

2018-2020青年安全圈-活跃技术博主/博客

Active Directory Exploitation Cheat Sheet ⭐ 659

A cheat sheet that contains common enumeration and attack methods for Windows Active Directory.

Powerhub ⭐ 653

A post exploitation tool based on a web application, focusing on bypassing endpoint protection and application whitelisting

Pentesttools ⭐ 650

Awesome Pentest Tools Collection

Autopwn Suite ⭐ 636

AutoPWN Suite is a project for scanning vulnerabilities and exploiting systems automatically.

Cve 2021 44228 Poc Log4j Bypass Words ⭐ 611

🐱‍💻 ✂️ 🤬 CVE-2021-44228 - LOG4J Java exploit - WAF bypass tricks

Thc Archive ⭐ 601

All releases of the security research group (a.k.a. hackers) The Hacker's Choice

Fireelf ⭐ 597

fireELF - Fileless Linux Malware Framework

Mxtract ⭐ 566

mXtract - Memory Extractor & Analyzer

Jok3r v3 BETA 2 - Network and Web Pentest Automation Framework

Homebrew Pentest ⭐ 536

Homebrew Tap - Pen Test Tools

Pentestdb ⭐ 523

WEB渗透测试数据库

Darkarmy ⭐ 509

DARKARMY Hacking Tools Pack - A Penetration Testing Framework .

Attifyos ⭐ 508

Attify OS - Distro for pentesting IoT devices

Ctf Notes ⭐ 485

Everything needed for doing CTFs

Dostoevsky Pentest Notes ⭐ 427

Notes for taking the OSCP in 2097. Read in book form on GitBook

Securitymanageframwork ⭐ 415

Security Manage Framwork is a security management platform for enterprise intranet, which includes asset management, vulnerability management, account management, knowledge base management, security scanning automation function modules, and can be used for internal security management. This platform is designed to help Party A with fewer security personnel, complicated business lines, difficult periodic inspection and low automation to better achieve internal safety management.

Suid3num ⭐ 393

A standalone python script which utilizes python's built-in modules to enumerate SUID binaries, separate default binaries from custom binaries, cross-match those with bins in GTFO Bin's repository & auto-exploit those, all with colors! ( ͡~ ͜ʖ ͡°)

Awesome Bbht ⭐ 390

A bash script that will automatically install a list of bug hunting tools that I find interesting for recon, exploitation, etc. (minus burp) For Ubuntu/Debain.

Cve 2019 0708 ⭐ 380

3389远程桌面代码执行漏洞CVE-2019-0708批量检测工具(Rdpscan Bluekeep Check)

A Virtual environment for Pentesting IoT Devices

Sqli Hunter ⭐ 356

SQLi-Hunter is a simple HTTP / HTTPS proxy server and a SQLMAP API wrapper that makes digging SQLi easy.

Reconscan ⭐ 324

Network reconnaissance and vulnerability assessment tools.

Awesome Csirt ⭐ 312

Awesome CSIRT is an curated list of links and resources in security and CSIRT daily activities.

Androidmobilepentest101 ⭐ 311

Pentesting Android Application Course For Kids+ (English and Vietnamese edition)

Rubyfu, where Ruby goes evil!

Browsersploit ⭐ 307

BrowserExploit is an advanced browser exploit pack for doing internal and external pentesting, helping gaining access to internal computers.

Exploits and Security Tools Framework 2.0.1

Badpods ⭐ 283

A collection of manifests that will create pods with elevated privileges.

Godgenesis ⭐ 260

A Python3 based C2 server to make life of red teamer a bit easier. The payload is capable to bypass all the known antiviruses and endpoints.

Bluebox Ng ⭐ 254

Pentesting framework using Node.js powers, focused in VoIP.

fully automated pentesting tool

Fdsploit ⭐ 251

File Inclusion & Directory Traversal fuzzing, enumeration & exploitation tool.

RSPET (Reverse Shell and Post Exploitation Tool) is a Python based reverse shell equipped with functionalities that assist in a post exploitation scenario.

Hackers Tool Kit ⭐ 241

Its a framework filled with alot of options and hacking tools you use directly in the script from brute forcing to payload making im still adding more stuff i now have another tool out called htkl-lite its hackers-tool-kit just not as big and messy to see updates check on my instagram @tuf_unkn0wn or if there are any problems message me on instagram

AD Enum is a pentesting tool that allows to find misconfiguration through the the protocol LDAP and exploit some of those weaknesses with kerberos.

Cloud Container Attack Tool (CCAT) is a tool for testing security of container environments.

事件驱动的渗透测试扫描器 Event-driven pentest scanner

Covermyass ⭐ 227

Post-exploitation tool to cover your tracks on a compromised machine

Monitoring exploits & references for CVEs

Linux Soft Exploit Suggester ⭐ 204

Search Exploitable Software on Linux

Related Searches

Python Exploitation (1,591)

Python Penetration Testing (1,296)

Exploitation Cve (767)

Vulnerabilities Exploitation (650)

Shell Penetration Testing (459)

Security Exploitation (394)

Shell Exploitation (384)

Scanner Penetration Testing (343)

Penetration Testing Pentest Tool (339)

Penetration Testing Security Tools (308)

1-100 of 380 search results

Privacy | About | Terms | Follow Us On Twitter

Copyright 2018-2023 Awesome Open Source. All rights reserved.