Awesome Open Source
Search
Programming Languages
Languages
All Categories
Categories
About
Search results for penetration testing information security
information-security
x
penetration-testing
x
25 search results found
Dirsearch
⭐
11,165
Web path scanner
Spiderfoot
⭐
11,035
SpiderFoot automates OSINT for threat intelligence and mapping your attack surface.
Ffuf
⭐
10,658
Fast web fuzzer written in Go
Red Teaming Toolkit
⭐
8,230
This repository contains cutting-edge open-source security tools (OST) for a red teamer and threat hunter.
Scanners Box
⭐
7,927
A powerful and open-source toolkit for hackers and security automation - 安全行业从业者自研开源扫描器合辑
Nishang
⭐
7,771
Nishang - Offensive PowerShell for red team, penetration testing and offensive security.
Rengine
⭐
6,446
reNgine is an automated reconnaissance framework for web applications with a focus on highly configurable streamlined recon process via Engines, recon data correlation and organization, continuous monitoring, backed by a database, and simple yet intuitive User Interface. reNgine makes it easy for penetration testers to gather reconnaissance with minimal configuration and with the help of reNgine's correlation, it just makes recon effortless.
Cve
⭐
5,806
Gather and update all available and newest CVEs with their PoC.
Infosec_reference
⭐
5,348
An Information Security Reference That Doesn't Suck; https://rmusser.net/git/admin-2/Infosec_Reference for non-MS Git hosted version.
Hetty
⭐
5,132
An HTTP toolkit for security research.
Defaultcreds Cheat Sheet
⭐
5,023
One place for all the default credentials to assist the Blue/Red teamers activities on finding devices with default password 🛡️
1earn
⭐
4,841
ffffffff0x 团队维护的安全知识框架,内容包括不仅限于 web安全、工控安全、取证、应急、蓝队设施部署、后渗透、Linux安全、各类靶机writup
Awesome Infosec
⭐
4,810
A curated list of awesome infosec courses and training resources.
Allaboutbugbounty
⭐
4,793
All about bug bounty (bypasses, payloads, and etc)
Awesome Shodan Queries
⭐
4,597
🔍 A collection of interesting, funny, and depressing search queries to plug into shodan.io 👩💻
Cheatsheet God
⭐
4,540
Penetration Testing Reference Bank - OSCP / PTP & PTX Cheatsheet
Faraday
⭐
4,422
Open Source Vulnerability Management Platform
Security Study Plan
⭐
3,949
Complete Practical Study Plan to become a successful cybersecurity engineer based on roles like Pentest, AppSec, Cloud Security, DevSecOps and so on...
Cameradar
⭐
3,626
Cameradar hacks its way into RTSP videosurveillance cameras
Xunfeng
⭐
2,946
巡风是一款适用于企业内网的漏洞快速应急,巡航扫描系统。
Black Hat Rust
⭐
2,662
Applied offensive security with Rust - https://kerkour.com/black-hat-rust
Snoop
⭐
2,530
Snoop — инструмент разведки на основе открытых данных (OSINT world)
Awesome Nodejs Security
⭐
2,515
Awesome Node.js Security resources
Awesome Api Security
⭐
2,492
A collection of awesome API Security tools and resources. The focus goes to open-source tools and resources that benefit all the community.
Emba
⭐
2,229
EMBA - The firmware security analyzer
31 Days Of Api Security Tips
⭐
2,006
This challenge is Inon Shkedy's 31 days API Security Tips.
Awesome Cybersecurity Handbooks
⭐
1,980
A huge chunk of my personal notes since I started playing CTFs and working as a Red Teamer.
Pwndoc
⭐
1,827
Pentest Report Generator
Subjack
⭐
1,665
Subdomain Takeover tool written in Go
Mitmap
⭐
1,623
📡 A python program to create a fake AP and sniff data.
Netexec
⭐
1,596
The Network Execution Tool
Metlo
⭐
1,537
Metlo is an open-source API security platform.
Cloakify
⭐
1,483
CloakifyFactory - Data Exfiltration & Infiltration In Plain Sight; Convert any filetype into list of everyday strings, using Text-Based Steganography; Evade DLP/MLS Devices, Defeat Data Whitelisting Controls, Social Engineering of Analysts, Evade AV Detection
Sx
⭐
1,357
🖖 Fast, modern, easy-to-use network scanner
Top25 Parameter
⭐
1,311
For basic researches, top 25 vulnerability parameters that can be used in automation tools or manual recon. 🛡️⚔️🧙
Cariddi
⭐
1,228
Take a list of domains, crawl urls and scan for endpoints, secrets, api keys, file extensions, tokens and more
Wordlists
⭐
1,200
Real-world infosec wordlists, updated regularly
Chimera
⭐
1,192
Chimera is a PowerShell obfuscation script designed to bypass AMSI and commercial antivirus solutions.
Mongoaudit
⭐
1,154
🔥 A powerful MongoDB auditing and pentesting tool 🔥
Fbi Tools
⭐
1,153
🕵️ OSINT Tools for gathering information and actions forensics 🕵️
Goofuzz
⭐
1,119
GooFuzz is a tool to perform fuzzing with an OSINT approach, managing to enumerate directories, files, subdomains or parameters without leaving evidence on the target's server and by means of advanced Google searches (Google Dorking).
Api Securityempire
⭐
1,089
API Security Project aims to present unique attack & defense methods in API Security field
Metabigor
⭐
1,087
OSINT tools and more but without API ke
Changeme
⭐
1,058
A default credential scanner.
Inventory
⭐
1,019
Asset inventory of over 800 public bug bounty programs.
Learn365
⭐
1,006
This repository is about @harshbothra_'s 365 days of Learning Tweets & Mindmaps collection.
Ios
⭐
943
Most usable tools for iOS penetration testing
Passphrase Wordlist
⭐
849
Passphrase wordlist and hashcat rules for offline cracking of long, complex passwords
Nmap
⭐
839
Idiomatic nmap library for go developers
Gorsair
⭐
829
Gorsair gives root access on remote docker containers that expose their APIs
Powershell For Hackers
⭐
792
This repository is a collection of powershell functions every hacker should know
Aboutsecurity
⭐
762
Everything for pentest. | 用于渗透测试的 payload 和 bypass 字典.
Aptrs
⭐
750
Automated Penetration Testing Reporting System
Cloudbrute
⭐
750
Awesome cloud enumerator
Awesome Security Gists
⭐
721
A collection of various GitHub gists for hackers, pentesters and security researchers
Dumpsterfire
⭐
709
"Security Incidents In A Box!" A modular, menu-driven, cross-platform tool for building customized, time-delayed, distributed security events. Easily create custom event chains for Blue- & Red Team drills and sensor / alert mapping. Red Teams can create decoy incidents, distractions, and lures to support and scale their operations. Build event sequences ("narratives") to simulate realistic scenarios and generate corresponding network and filesystem artifacts.
Gourdscanv2
⭐
683
被动式漏洞扫描系统
Assessment Mindset
⭐
664
Security Mindmap that could be useful for the infosec community when doing pentest, bug bounty or red-team assessments.
Active Directory Exploitation Cheat Sheet
⭐
659
A cheat sheet that contains common enumeration and attack methods for Windows Active Directory.
Scant3r
⭐
657
ScanT3r - Module based Bug Bounty Automation Tool
Autopwn Suite
⭐
636
AutoPWN Suite is a project for scanning vulnerabilities and exploiting systems automatically.
Datasurgeon
⭐
630
Quickly Extracts IP's, Email Addresses, Hashes, Files, Credit Cards, Social Secuirty Numbers and a lot More From Text
Zeuscloud
⭐
628
Open Source Cloud Security
Dradis Ce
⭐
608
Dradis Framework: Colllaboration and reporting for IT Security teams
Chashell
⭐
599
Chashell is a Go reverse shell that communicates over DNS. It can be used to bypass firewalls or tightly restricted networks.
Apkhunt
⭐
580
APKHunt is a comprehensive static code analysis tool for Android apps that is based on the OWASP MASVS framework. Although APKHunt is intended primarily for mobile app developers and security testers, it can be used by anyone to identify and address potential security vulnerabilities in their code.
Gosint
⭐
567
OSINT Swiss Army Knife
Damn Vulnerable Bank
⭐
562
Damn Vulnerable Bank is designed to be an intentionally vulnerable android application. This provides an interface to assess your android application security hacking skills.
Sstimap
⭐
546
Automatic SSTI detection tool with interactive interface
Sqlidetector
⭐
538
Simple python script supported with BurpBouty profile that helps you to detect SQL injection "Error based" by sending multiple requests with 14 payloads and checking for 152 regex patterns for different databases.
Resolvers
⭐
536
The most exhaustive list of reliable DNS resolvers.
Haiti
⭐
532
🔑 Hash type identifier (CLI & lib)
Application Security
⭐
519
Resources for Application Security including Web, API, Android, iOS and Thick Client
Practicalcybersecurityresources
⭐
471
This repository contains a curated list of resources I suggest on LinkedIn and Twitter.📝🌝
Komo
⭐
456
🚀Komo, a comprehensive asset collection and vulnerability scanning tool. Komo 一个综合资产收集和漏洞扫描工具,集成了20余款工具,通过多种方式对子域进行获取,收集域名邮箱,进行存
Bug Bounty Methodology
⭐
438
These are my checklists which I use during my hunting.
Securitymanageframwork
⭐
421
Security Manage Framwork is a security management platform for enterprise intranet, which includes asset management, vulnerability management, account management, knowledge base management, security scanning automation function modules, and can be used for internal security management. This platform is designed to help Party A with fewer security personnel, complicated business lines, difficult periodic inspection and low automation to better achieve internal safety management.
Spoofy
⭐
394
Spoofy is a program that checks if a list of domains can be spoofed based on SPF and DMARC records.
Rekono
⭐
385
Pentesting automation platform that combines hacking tools to complete assessments
Offensive Osint Tools
⭐
373
OffSec OSINT Pentest/RedTeam Tools
Reconmap
⭐
368
Vulnerability assessment and penetration testing automation and reporting platform for teams.
Hershell
⭐
367
Hershell is a simple TCP reverse shell written in Go.
Phishapi
⭐
366
Comprehensive Web Based Phishing Suite for Rapid Deployment and Real-Time Alerting!
Red_team_attack_lab
⭐
360
Red Team Attack Lab for TTP testing & research
Eviltree
⭐
348
A python3 remake of the classic "tree" command with the additional feature of searching for user provided keywords/regex in files, highlighting those that contain matches.
Dorknet
⭐
333
Selenium powered Python script to automate searching for vulnerable web apps.
Useful_websites_for_pentester
⭐
324
This repository is to make life of the pentester easy as it is a collection of the websites that can be used by pentesters for day to day studies and to remain updated.
Getaltname
⭐
306
Extract subdomains from SSL certificates in HTTPS sites.
Smogcloud
⭐
299
Find cloud assets that no one wants exposed 🔎 ☁️
Rescope
⭐
298
A scope generation tool for Burp Suite & ZAP
Werdlists
⭐
296
⌨️ Wordlists, Dictionaries and Other Data Sets for Writing Software Security Test Cases
Bug Bounty
⭐
295
Bug Bounty ~ Awesomes | Books | Cheatsheets | Checklists | Tools | Wordlists | More
Second Order
⭐
295
Second-order subdomain takeover scanner
Asnlookup
⭐
288
Leverage ASN to look up IP addresses (IPv4 & IPv6) owned by a specific organization for reconnaissance purposes, then run port scanning on it.
Novahot
⭐
285
A webshell framework for penetration testers.
Pwndoc Ng
⭐
273
Pentest Report Generator
Evilginx3 Phishlets
⭐
268
Learn my systematic process of creating Evilginx Phishlets from scratch: https://www.simplerhacking.com
Credphish
⭐
262
CredPhish is a PowerShell script designed to invoke legitimate credential prompts and exfiltrate passwords over DNS.
Buster
⭐
254
An advanced tool for email reconnaissance
Bucketloot
⭐
252
BucketLoot is an automated S3-compatible bucket inspector that can help users extract assets, flag secret exposures and even search for custom keywords as well as Regular Expressions from publicly-exposed storage buckets by scanning files that store data in plain-text.
Related Searches
Python Penetration Testing (1,380)
Security Penetration Testing (767)
Python Information Security (413)
Shell Penetration Testing (398)
Exploitation Penetration Testing (392)
Scanner Penetration Testing (373)
Penetration Testing Pentest Tool (335)
Penetration Testing Security Tools (308)
Penetration Testing Red Team (305)
1-25 of 25 search results
Privacy
|
About
|
Terms
|
Follow Us On Twitter
Copyright 2018-2024 Awesome Open Source. All rights reserved.