Awesome Open Source

Programming Languages

Search results for penetration testing pentest tool

penetration-testing x

406 search results found

Dirsearch ⭐ 10,307

Web path scanner

Thc Hydra ⭐ 8,165

Sn1per ⭐ 6,889

Attack Surface Management Platform

Monkey ⭐ 6,331

Infection Monkey - An open-source adversary emulation platform

Hack Tools ⭐ 4,990

The all-in-one Red Team extension for Web Pentester 🛠

Reconftw ⭐ 4,700

reconFTW is a tool designed to perform automated recon on a target domain by running the best set of tools to perform scanning and finding out vulnerabilities

Osmedeus ⭐ 4,676

A Workflow Engine for Offensive Security

1earn ⭐ 4,384

暂停维护 | ffffffff0x 团队维护的安全知识框架,内容包括不仅限于 web安全、工控安全、取证、应急、蓝队设施部署、后渗透、Linux安全、各类靶机writup

Redteam Tools ⭐ 4,019

Tools and Techniques for Red Team / Penetration Testing

Phonesploit Pro ⭐ 3,496

An all-in-one hacking tool to remotely exploit Android devices using ADB and Metasploit-Framework to get a Meterpreter session.

Winpwn ⭐ 2,939

Automation for internal Windows Penetrationtest / AD-Security

Vulmap ⭐ 2,935

Vulmap 是一款 web 漏洞扫描和验证工具, 可对 webapps 进行漏洞扫描, 并且具备漏洞验证功能

Lscript ⭐ 2,921

The LAZY script will make your life easier, and of course faster.

Burpsuite Collections ⭐ 2,665

有关burpsuite的插件(非商店),文章以及使用技巧的收集(此项目不再提供burpsuite破解 of burpsuite plugins (non-stores), articles and tips for using Burpsuite, no crack version file

Raccoon ⭐ 2,571

A high performance offensive security tool for reconnaissance and vulnerability scanning

Privesccheck ⭐ 2,223

Privilege Escalation Enumeration Script for Windows

Stowaway ⭐ 2,077

👻Stowaway -- Multi-hop Proxy Tool for pentesters

Ssrf Testing ⭐ 2,014

SSRF (Server Side Request Forgery) testing resources

Cloudflair ⭐ 1,984

🔎 Find origin servers of websites behind CloudFlare by using Internet-wide scan data from Censys.

Sudo_killer ⭐ 1,971

A tool designed to exploit a privilege escalation vulnerability in the sudo program on Unix-like systems. It takes advantage of a specific misconfiguration or flaw in sudo to gain elevated privileges on the system, essentially allowing a regular user to execute commands as the root user.

Finalrecon ⭐ 1,869

All In One Web Recon

Venom ⭐ 1,814

Venom - A Multi-hop Proxy for Penetration Testers

Xssor2 ⭐ 1,797

XSS'OR - Hack with JavaScript.

Pwncat ⭐ 1,571

pwncat - netcat on steroids with Firewall, IDS/IPS evasion, bind and reverse shell, self-injecting shell and port forwarding magic - and its fully scriptable with Python (PSE)

One Lin3r ⭐ 1,526

Gives you one-liners that aids in penetration testing operations, privilege escalation and more

Cloakify ⭐ 1,432

CloakifyFactory - Data Exfiltration & Infiltration In Plain Sight; Convert any filetype into list of everyday strings, using Text-Based Steganography; Evade DLP/MLS Devices, Defeat Data Whitelisting Controls, Social Engineering of Analysts, Evade AV Detection

ODAT: Oracle Database Attacking Tool

Linwinpwn ⭐ 1,325

linWinPwn is a bash script that automates a number of Active Directory Enumeration and Vulnerability checks

Top25 Parameter ⭐ 1,311

For basic researches, top 25 vulnerability parameters that can be used in automation tools or manual recon. 🛡️⚔️🧙

Dronesploit ⭐ 1,284

Drone pentesting framework console

Penetration Testing Platform

Lockdoor Framework ⭐ 1,197

🔐 Lockdoor Framework : A Penetration Testing framework with Cyber Security Resources

Babysploit ⭐ 965

👶 BabySploit Beginner Pentesting Toolkit/Framework Written in Python 🐍

Linuxprivchecker ⭐ 934

linuxprivchecker.py -- a Linux Privilege Escalation Check Script

Evillimiter ⭐ 928

Tool that monitors, analyzes and limits the bandwidth of devices on the local network without administrative access.

Inventory ⭐ 899

Asset inventory of over 800 public bug bounty programs.

Passhunt ⭐ 898

Passhunt is a simple tool for searching of default credentials for network devices, web applications and more. Search through 523 vendors and their 2084 default passwords.

Ligolo Ng ⭐ 889

An advanced, yet simple, tunneling/pivoting tool that uses a TUN interface.

Enum4linux Ng ⭐ 882

A next generation version of enum4linux (a Windows/Samba enumeration tool) with additional features like JSON/YAML export. Aimed for security professionals and CTF players.

Cloudpeler ⭐ 841

CrimeFlare is a useful tool for bypassing websites protected by CloudFlare WAF, with this tool you can easily see the real IP of websites that have been protected by CloudFlare. The resulting information is certainly very useful for conducting further penetration testing, and analyzing websites with the same server.

Hosthunter ⭐ 826

HostHunter a recon tool for discovering hostnames using OSINT techniques.

Hacking Toolkit

Perun是一款主要适用于乙方安服、渗透测试人员和甲方RedTeam红队人员的网络资产漏洞扫描器/扫

MSDAT: Microsoft SQL Database Attacking Tool

Dumpsterfire ⭐ 709

"Security Incidents In A Box!" A modular, menu-driven, cross-platform tool for building customized, time-delayed, distributed security events. Easily create custom event chains for Blue- & Red Team drills and sensor / alert mapping. Red Teams can create decoy incidents, distractions, and lures to support and scale their operations. Build event sequences ("narratives") to simulate realistic scenarios and generate corresponding network and filesystem artifacts.

Justtryharder ⭐ 709

JustTryHarder, a cheat sheet which will aid you through the PWK course & the OSCP Exam. (Inspired by PayloadAllTheThings)

Cloudbrute ⭐ 695

Awesome cloud enumerator

Blackmamba ⭐ 688

C2/post-exploitation framework

Subscraper ⭐ 680

Subdomain and target enumeration tool built for offensive security testing

Pentesttools ⭐ 650

Awesome Pentest Tools Collection

Attiny85 ⭐ 620

RubberDucky like payloads for DigiSpark Attiny85

Thc Archive ⭐ 601

All releases of the security research group (a.k.a. hackers) The Hacker's Choice

Censys Subdomain Finder ⭐ 589

⚡ Perform subdomain enumeration using the certificate transparency logs from Censys.

Packetwhisper ⭐ 587

PacketWhisper: Stealthily exfiltrate data and defeat attribution using DNS queries and text-based steganography. Avoid the problems associated with typical DNS exfiltration methods. Transfer data between systems without the communicating devices directly connecting to each other or to a common endpoint. No need to control a DNS Name Server.

Rdpassspray ⭐ 575

Python3 tool to perform password spraying using RDP

Impost3r ⭐ 556

👻Impost3r -- A linux password thief

Fast directory scanning and scraping tool

Open Redirect Payloads ⭐ 529

Open Redirect Payloads

Envizon ⭐ 519

network visualization & pentest reporting

Nullinux ⭐ 515

Internal penetration testing tool for Linux that can be used to enumerate OS information, domain information, shares, directories, and users through SMB.

Vajra is a highly customizable target and scope based automated web hacking framework to automate boring recon tasks and same scans for multiple target during web applications penetration testing.

Webkiller ⭐ 500

Tool Information Gathering Write By Python.

A ruby script that scans for vulnerable & exploitable 3rd-party web applications on a network

Bigbountyrecon ⭐ 471

BigBountyRecon tool utilises 58 different techniques using various Google dorks and open source tools to expedite the process of initial reconnaissance on the target organisation.

Sstimap ⭐ 471

Automatic SSTI detection tool with interactive interface

Overlord ⭐ 463

Overlord - Red Teaming Infrastructure Automation

Pentest101 ⭐ 456

一些关于渗透测试的Tips

🔑 Hash type identifier (CLI & lib)

Gadgetprobe ⭐ 420

Probe endpoints consuming Java serialized objects to identify classes, libraries, and library versions on remote Java classpaths.

Netexec ⭐ 415

The Network Execution Tool

Pymeta will search the web for files on a domain to download and extract metadata. This technique can be used to identify: domains, usernames, software/version numbers and naming conventions.

Pivotsuite ⭐ 395

Network Pivoting Toolkit

Crlfsuite ⭐ 394

The most powerful CRLF injection (HTTP Response Splitting) scanner.

Suid3num ⭐ 393

A standalone python script which utilizes python's built-in modules to enumerate SUID binaries, separate default binaries from custom binaries, cross-match those with bins in GTFO Bin's repository & auto-exploit those, all with colors! ( ͡~ ͜ʖ ͡°)

Badkarma ⭐ 390

network reconnaissance toolkit

Hackerenv ⭐ 375

A tool to automate penetration tests

Sharphostinfo ⭐ 345

SharpHostInfo是一款快速探测内网主机信息工具（深信服深蓝实验室天威战队强力驱动）

Karkinos ⭐ 338

Penetration Testing and Hacking CTF's Swiss Army Knife with: Reverse Shell Handling - Encoding/Decoding - Encryption/Decryption - Cracking Hashes / Hashing

Darkside ⭐ 315

Tool Information Gathering & social engineering Write By [Python,JS,PHP]

Susanoo ⭐ 314

A REST API security testing framework.

Set of tools to audit SIP based VoIP Systems

Getaltname ⭐ 306

Extract subdomains from SSL certificates in HTTPS sites.

an easy pentesting tool.

Userefuzz ⭐ 302

User-Agent , X-Forwarded-For and Referer SQLI Fuzzer

Pentest Everything ⭐ 289

A collection of CTF write-ups, pentesting topics, guides and notes. Notes compiled from multiple sources and my own lab research. Topics also support OSCP, Active Directory, CRTE, eJPT and eCPPT.

Cloudbunny ⭐ 279

CloudBunny is a tool to capture the real IP of the server that uses a WAF as a proxy or protection. In this tool we used three search engines to search domain information: Shodan, Censys and Zoomeye.

A CPU-based JSON Web Token (JWT) cracker and - to some extent - scanner.

An extensible toolkit providing penetration testers an easy-to-use platform to deploy Access Points during penetration testing and red team engagements.

Phoenixc2 ⭐ 247

Command & Control-Framework created for collaboration in python3

Droid Hunter ⭐ 244

(deprecated) Android application vulnerability analysis and Android pentest tool

Vaf is a cross-platform very advanced and fast web fuzzer written in nim

Dnsmorph ⭐ 235

Domain name permutation engine written in Go

Weakpass ⭐ 221

Weakpass rule-based online generator to create a wordlist based on a set of words entered by the user.

Relational database brute force and post exploitation tool for MySQL and MSSQL

Mitm Scripts ⭐ 206

🔄 A collection of mitmproxy inline scripts

Investigator ⭐ 205

An online handy-recon tool

Afuzz is an automated web path fuzzing tool for the Bug Bounty projects.

Killchain ⭐ 192

A unified console to perform the "kill chain" stages of attacks.

Content Bruteforcing Wordlist ⭐ 187

Wordlist for content(directory) bruteforce discovering with Burp or dirsearch

Related Searches

Penetration Testing Pentesting (3,393)

Penetration Testing Pentest (3,390)

Python3 Penetration Testing (1,296)

Python Penetration Testing (1,180)

Hacking Penetration Testing (800)

Shell Penetration Testing (443)

Scanner Penetration Testing (369)

1-100 of 406 search results

Privacy | About | Terms | Follow Us On Twitter

Copyright 2018-2023 Awesome Open Source. All rights reserved.