Awesome Open Source

Programming Languages

Search results for penetration testing information security

information-security x

penetration-testing x

25 search results found

Dirsearch ⭐ 11,165

Web path scanner

Spiderfoot ⭐ 11,035

SpiderFoot automates OSINT for threat intelligence and mapping your attack surface.

Ffuf ⭐ 10,658

Fast web fuzzer written in Go

Red Teaming Toolkit ⭐ 8,230

This repository contains cutting-edge open-source security tools (OST) for a red teamer and threat hunter.

Scanners Box ⭐ 7,927

A powerful and open-source toolkit for hackers and security automation - 安全行业从业者自研开源扫描器合辑

Nishang ⭐ 7,771

Nishang - Offensive PowerShell for red team, penetration testing and offensive security.

Rengine ⭐ 6,446

reNgine is an automated reconnaissance framework for web applications with a focus on highly configurable streamlined recon process via Engines, recon data correlation and organization, continuous monitoring, backed by a database, and simple yet intuitive User Interface. reNgine makes it easy for penetration testers to gather reconnaissance with minimal configuration and with the help of reNgine's correlation, it just makes recon effortless.

Gather and update all available and newest CVEs with their PoC.

Infosec_reference ⭐ 5,348

An Information Security Reference That Doesn't Suck; https://rmusser.net/git/admin-2/Infosec_Reference for non-MS Git hosted version.

Hetty ⭐ 5,132

An HTTP toolkit for security research.

Defaultcreds Cheat Sheet ⭐ 5,023

One place for all the default credentials to assist the Blue/Red teamers activities on finding devices with default password 🛡️

1earn ⭐ 4,841

ffffffff0x 团队维护的安全知识框架,内容包括不仅限于 web安全、工控安全、取证、应急、蓝队设施部署、后渗透、Linux安全、各类靶机writup

Awesome Infosec ⭐ 4,810

A curated list of awesome infosec courses and training resources.

Allaboutbugbounty ⭐ 4,793

All about bug bounty (bypasses, payloads, and etc)

Awesome Shodan Queries ⭐ 4,597

🔍 A collection of interesting, funny, and depressing search queries to plug into shodan.io 👩‍💻

Cheatsheet God ⭐ 4,540

Penetration Testing Reference Bank - OSCP / PTP & PTX Cheatsheet

Faraday ⭐ 4,422

Open Source Vulnerability Management Platform

Security Study Plan ⭐ 3,949

Complete Practical Study Plan to become a successful cybersecurity engineer based on roles like Pentest, AppSec, Cloud Security, DevSecOps and so on...

Cameradar ⭐ 3,626

Cameradar hacks its way into RTSP videosurveillance cameras

Xunfeng ⭐ 2,946

巡风是一款适用于企业内网的漏洞快速应急，巡航扫描系统。

Black Hat Rust ⭐ 2,662

Applied offensive security with Rust - https://kerkour.com/black-hat-rust

Snoop ⭐ 2,530

Snoop — инструмент разведки на основе открытых данных (OSINT world)

Awesome Nodejs Security ⭐ 2,515

Awesome Node.js Security resources

Awesome Api Security ⭐ 2,492

A collection of awesome API Security tools and resources. The focus goes to open-source tools and resources that benefit all the community.

EMBA - The firmware security analyzer

31 Days Of Api Security Tips ⭐ 2,006

This challenge is Inon Shkedy's 31 days API Security Tips.

Awesome Cybersecurity Handbooks ⭐ 1,980

A huge chunk of my personal notes since I started playing CTFs and working as a Red Teamer.

Pwndoc ⭐ 1,827

Pentest Report Generator

Subjack ⭐ 1,665

Subdomain Takeover tool written in Go

Mitmap ⭐ 1,623

📡 A python program to create a fake AP and sniff data.

Netexec ⭐ 1,596

The Network Execution Tool

Metlo ⭐ 1,537

Metlo is an open-source API security platform.

Cloakify ⭐ 1,483

CloakifyFactory - Data Exfiltration & Infiltration In Plain Sight; Convert any filetype into list of everyday strings, using Text-Based Steganography; Evade DLP/MLS Devices, Defeat Data Whitelisting Controls, Social Engineering of Analysts, Evade AV Detection

🖖 Fast, modern, easy-to-use network scanner

Top25 Parameter ⭐ 1,311

For basic researches, top 25 vulnerability parameters that can be used in automation tools or manual recon. 🛡️⚔️🧙

Cariddi ⭐ 1,228

Take a list of domains, crawl urls and scan for endpoints, secrets, api keys, file extensions, tokens and more

Wordlists ⭐ 1,200

Real-world infosec wordlists, updated regularly

Chimera ⭐ 1,192

Chimera is a PowerShell obfuscation script designed to bypass AMSI and commercial antivirus solutions.

Mongoaudit ⭐ 1,154

🔥 A powerful MongoDB auditing and pentesting tool 🔥

Fbi Tools ⭐ 1,153

🕵️ OSINT Tools for gathering information and actions forensics 🕵️

Goofuzz ⭐ 1,119

GooFuzz is a tool to perform fuzzing with an OSINT approach, managing to enumerate directories, files, subdomains or parameters without leaving evidence on the target's server and by means of advanced Google searches (Google Dorking).

Api Securityempire ⭐ 1,089

API Security Project aims to present unique attack & defense methods in API Security field

Metabigor ⭐ 1,087

OSINT tools and more but without API ke

Changeme ⭐ 1,058

A default credential scanner.

Inventory ⭐ 1,019

Asset inventory of over 800 public bug bounty programs.

Learn365 ⭐ 1,006

This repository is about @harshbothra_'s 365 days of Learning Tweets & Mindmaps collection.

Most usable tools for iOS penetration testing

Passphrase Wordlist ⭐ 849

Passphrase wordlist and hashcat rules for offline cracking of long, complex passwords

Idiomatic nmap library for go developers

Gorsair ⭐ 829

Gorsair gives root access on remote docker containers that expose their APIs

Powershell For Hackers ⭐ 792

This repository is a collection of powershell functions every hacker should know

Aboutsecurity ⭐ 762

Everything for pentest. | 用于渗透测试的 payload 和 bypass 字典.

Automated Penetration Testing Reporting System

Cloudbrute ⭐ 750

Awesome cloud enumerator

Awesome Security Gists ⭐ 721

A collection of various GitHub gists for hackers, pentesters and security researchers

Dumpsterfire ⭐ 709

"Security Incidents In A Box!" A modular, menu-driven, cross-platform tool for building customized, time-delayed, distributed security events. Easily create custom event chains for Blue- & Red Team drills and sensor / alert mapping. Red Teams can create decoy incidents, distractions, and lures to support and scale their operations. Build event sequences ("narratives") to simulate realistic scenarios and generate corresponding network and filesystem artifacts.

Gourdscanv2 ⭐ 683

被动式漏洞扫描系统

Assessment Mindset ⭐ 664

Security Mindmap that could be useful for the infosec community when doing pentest, bug bounty or red-team assessments.

Active Directory Exploitation Cheat Sheet ⭐ 659

A cheat sheet that contains common enumeration and attack methods for Windows Active Directory.

Scant3r ⭐ 657

ScanT3r - Module based Bug Bounty Automation Tool

Autopwn Suite ⭐ 636

AutoPWN Suite is a project for scanning vulnerabilities and exploiting systems automatically.

Datasurgeon ⭐ 630

Quickly Extracts IP's, Email Addresses, Hashes, Files, Credit Cards, Social Secuirty Numbers and a lot More From Text

Zeuscloud ⭐ 628

Open Source Cloud Security

Dradis Ce ⭐ 608

Dradis Framework: Colllaboration and reporting for IT Security teams

Chashell ⭐ 599

Chashell is a Go reverse shell that communicates over DNS. It can be used to bypass firewalls or tightly restricted networks.

Apkhunt ⭐ 580

APKHunt is a comprehensive static code analysis tool for Android apps that is based on the OWASP MASVS framework. Although APKHunt is intended primarily for mobile app developers and security testers, it can be used by anyone to identify and address potential security vulnerabilities in their code.

OSINT Swiss Army Knife

Damn Vulnerable Bank ⭐ 562

Damn Vulnerable Bank is designed to be an intentionally vulnerable android application. This provides an interface to assess your android application security hacking skills.

Sstimap ⭐ 546

Automatic SSTI detection tool with interactive interface

Sqlidetector ⭐ 538

Simple python script supported with BurpBouty profile that helps you to detect SQL injection "Error based" by sending multiple requests with 14 payloads and checking for 152 regex patterns for different databases.

Resolvers ⭐ 536

The most exhaustive list of reliable DNS resolvers.

🔑 Hash type identifier (CLI & lib)

Application Security ⭐ 519

Resources for Application Security including Web, API, Android, iOS and Thick Client

Practicalcybersecurityresources ⭐ 471

This repository contains a curated list of resources I suggest on LinkedIn and Twitter.📝🌝

🚀Komo, a comprehensive asset collection and vulnerability scanning tool. Komo 一个综合资产收集和漏洞扫描工具，集成了20余款工具，通过多种方式对子域进行获取，收集域名邮箱，进行存

Bug Bounty Methodology ⭐ 438

These are my checklists which I use during my hunting.

Securitymanageframwork ⭐ 421

Security Manage Framwork is a security management platform for enterprise intranet, which includes asset management, vulnerability management, account management, knowledge base management, security scanning automation function modules, and can be used for internal security management. This platform is designed to help Party A with fewer security personnel, complicated business lines, difficult periodic inspection and low automation to better achieve internal safety management.

Spoofy is a program that checks if a list of domains can be spoofed based on SPF and DMARC records.

Pentesting automation platform that combines hacking tools to complete assessments

Offensive Osint Tools ⭐ 373

OffSec OSINT Pentest/RedTeam Tools

Reconmap ⭐ 368

Vulnerability assessment and penetration testing automation and reporting platform for teams.

Hershell ⭐ 367

Hershell is a simple TCP reverse shell written in Go.

Phishapi ⭐ 366

Comprehensive Web Based Phishing Suite for Rapid Deployment and Real-Time Alerting!

Red_team_attack_lab ⭐ 360

Red Team Attack Lab for TTP testing & research

Eviltree ⭐ 348

A python3 remake of the classic "tree" command with the additional feature of searching for user provided keywords/regex in files, highlighting those that contain matches.

Dorknet ⭐ 333

Selenium powered Python script to automate searching for vulnerable web apps.

Useful_websites_for_pentester ⭐ 324

This repository is to make life of the pentester easy as it is a collection of the websites that can be used by pentesters for day to day studies and to remain updated.

Getaltname ⭐ 306

Extract subdomains from SSL certificates in HTTPS sites.

Smogcloud ⭐ 299

Find cloud assets that no one wants exposed 🔎 ☁️

Rescope ⭐ 298

A scope generation tool for Burp Suite & ZAP

Werdlists ⭐ 296

⌨️ Wordlists, Dictionaries and Other Data Sets for Writing Software Security Test Cases

Bug Bounty ⭐ 295

Bug Bounty ~ Awesomes | Books | Cheatsheets | Checklists | Tools | Wordlists | More

Second Order ⭐ 295

Second-order subdomain takeover scanner

Asnlookup ⭐ 288

Leverage ASN to look up IP addresses (IPv4 & IPv6) owned by a specific organization for reconnaissance purposes, then run port scanning on it.

Novahot ⭐ 285

A webshell framework for penetration testers.

Pwndoc Ng ⭐ 273

Pentest Report Generator

Evilginx3 Phishlets ⭐ 268

Learn my systematic process of creating Evilginx Phishlets from scratch: https://www.simplerhacking.com

Credphish ⭐ 262

CredPhish is a PowerShell script designed to invoke legitimate credential prompts and exfiltrate passwords over DNS.

An advanced tool for email reconnaissance

Bucketloot ⭐ 252

BucketLoot is an automated S3-compatible bucket inspector that can help users extract assets, flag secret exposures and even search for custom keywords as well as Regular Expressions from publicly-exposed storage buckets by scanning files that store data in plain-text.

Related Searches

Python Penetration Testing (1,380)

Security Penetration Testing (767)

Python Information Security (413)

Shell Penetration Testing (398)

Exploitation Penetration Testing (392)

Scanner Penetration Testing (373)

Penetration Testing Pentest Tool (335)

Penetration Testing Security Tools (308)

Penetration Testing Red Team (305)

1-25 of 25 search results

Privacy | About | Terms | Follow Us On Twitter

Copyright 2018-2024 Awesome Open Source. All rights reserved.