Awesome Open Source
Search results for penetration testing pentest tool
406 search results found
Web path scanner
Attack Surface Management Platform
Infection Monkey - An open-source adversary emulation platform
The all-in-one Red Team extension for Web Pentester 🛠
reconFTW is a tool designed to perform automated recon on a target domain by running the best set of tools to perform scanning and finding out vulnerabilities
A Workflow Engine for Offensive Security
暂停维护 | ffffffff0x 团队维护的安全知识框架,内容包括不仅限于 web安全、工控安全、取证、应急、蓝队设施部署、后渗透、Linux安全、各类靶机writup
Tools and Techniques for Red Team / Penetration Testing
An all-in-one hacking tool to remotely exploit Android devices using ADB and Metasploit-Framework to get a Meterpreter session.
Automation for internal Windows Penetrationtest / AD-Security
Vulmap 是一款 web 漏洞扫描和验证工具, 可对 webapps 进行漏洞扫描, 并且具备漏洞验证功能
The LAZY script will make your life easier, and of course faster.
有关burpsuite的插件(非商店),文章以及使用技巧的收集(此项目不再提供burpsuite破解 of burpsuite plugins (non-stores), articles and tips for using Burpsuite, no crack version file
A high performance offensive security tool for reconnaissance and vulnerability scanning
Privilege Escalation Enumeration Script for Windows
👻Stowaway -- Multi-hop Proxy Tool for pentesters
SSRF (Server Side Request Forgery) testing resources
🔎 Find origin servers of websites behind CloudFlare by using Internet-wide scan data from Censys.
A tool designed to exploit a privilege escalation vulnerability in the sudo program on Unix-like systems. It takes advantage of a specific misconfiguration or flaw in sudo to gain elevated privileges on the system, essentially allowing a regular user to execute commands as the root user.
All In One Web Recon
Venom - A Multi-hop Proxy for Penetration Testers
pwncat - netcat on steroids with Firewall, IDS/IPS evasion, bind and reverse shell, self-injecting shell and port forwarding magic - and its fully scriptable with Python (PSE)
Gives you one-liners that aids in penetration testing operations, privilege escalation and more
CloakifyFactory - Data Exfiltration & Infiltration In Plain Sight; Convert any filetype into list of everyday strings, using Text-Based Steganography; Evade DLP/MLS Devices, Defeat Data Whitelisting Controls, Social Engineering of Analysts, Evade AV Detection
ODAT: Oracle Database Attacking Tool
linWinPwn is a bash script that automates a number of Active Directory Enumeration and Vulnerability checks
For basic researches, top 25 vulnerability parameters that can be used in automation tools or manual recon. 🛡️⚔️🧙
Drone pentesting framework console
Penetration Testing Platform
🔐 Lockdoor Framework : A Penetration Testing framework with Cyber Security Resources
👶 BabySploit Beginner Pentesting Toolkit/Framework Written in Python 🐍
linuxprivchecker.py -- a Linux Privilege Escalation Check Script
Tool that monitors, analyzes and limits the bandwidth of devices on the local network without administrative access.
Asset inventory of over 800 public bug bounty programs.
Passhunt is a simple tool for searching of default credentials for network devices, web applications and more. Search through 523 vendors and their 2084 default passwords.
An advanced, yet simple, tunneling/pivoting tool that uses a TUN interface.
A next generation version of enum4linux (a Windows/Samba enumeration tool) with additional features like JSON/YAML export. Aimed for security professionals and CTF players.
CrimeFlare is a useful tool for bypassing websites protected by CloudFlare WAF, with this tool you can easily see the real IP of websites that have been protected by CloudFlare. The resulting information is certainly very useful for conducting further penetration testing, and analyzing websites with the same server.
HostHunter a recon tool for discovering hostnames using OSINT techniques.
MSDAT: Microsoft SQL Database Attacking Tool
"Security Incidents In A Box!" A modular, menu-driven, cross-platform tool for building customized, time-delayed, distributed security events. Easily create custom event chains for Blue- & Red Team drills and sensor / alert mapping. Red Teams can create decoy incidents, distractions, and lures to support and scale their operations. Build event sequences ("narratives") to simulate realistic scenarios and generate corresponding network and filesystem artifacts.
JustTryHarder, a cheat sheet which will aid you through the PWK course & the OSCP Exam. (Inspired by PayloadAllTheThings)
Awesome cloud enumerator
Subdomain and target enumeration tool built for offensive security testing
Awesome Pentest Tools Collection
RubberDucky like payloads for DigiSpark Attiny85
All releases of the security research group (a.k.a. hackers) The Hacker's Choice
Censys Subdomain Finder
⚡ Perform subdomain enumeration using the certificate transparency logs from Censys.
PacketWhisper: Stealthily exfiltrate data and defeat attribution using DNS queries and text-based steganography. Avoid the problems associated with typical DNS exfiltration methods. Transfer data between systems without the communicating devices directly connecting to each other or to a common endpoint. No need to control a DNS Name Server.
Python3 tool to perform password spraying using RDP
👻Impost3r -- A linux password thief
Fast directory scanning and scraping tool
Open Redirect Payloads
Open Redirect Payloads
network visualization & pentest reporting
Internal penetration testing tool for Linux that can be used to enumerate OS information, domain information, shares, directories, and users through SMB.
Vajra is a highly customizable target and scope based automated web hacking framework to automate boring recon tasks and same scans for multiple target during web applications penetration testing.
Tool Information Gathering Write By Python.
A ruby script that scans for vulnerable & exploitable 3rd-party web applications on a network
BigBountyRecon tool utilises 58 different techniques using various Google dorks and open source tools to expedite the process of initial reconnaissance on the target organisation.
Automatic SSTI detection tool with interactive interface
Overlord - Red Teaming Infrastructure Automation
🔑 Hash type identifier (CLI & lib)
Probe endpoints consuming Java serialized objects to identify classes, libraries, and library versions on remote Java classpaths.
The Network Execution Tool
Pymeta will search the web for files on a domain to download and extract metadata. This technique can be used to identify: domains, usernames, software/version numbers and naming conventions.
Network Pivoting Toolkit
The most powerful CRLF injection (HTTP Response Splitting) scanner.
A standalone python script which utilizes python's built-in modules to enumerate SUID binaries, separate default binaries from custom binaries, cross-match those with bins in GTFO Bin's repository & auto-exploit those, all with colors! ( ͡~ ͜ʖ ͡°)
network reconnaissance toolkit
A tool to automate penetration tests
Penetration Testing and Hacking CTF's Swiss Army Knife with: Reverse Shell Handling - Encoding/Decoding - Encryption/Decryption - Cracking Hashes / Hashing
Tool Information Gathering & social engineering Write By [Python,JS,PHP]
A REST API security testing framework.
Set of tools to audit SIP based VoIP Systems
Extract subdomains from SSL certificates in HTTPS sites.
an easy pentesting tool.
User-Agent , X-Forwarded-For and Referer SQLI Fuzzer
A collection of CTF write-ups, pentesting topics, guides and notes. Notes compiled from multiple sources and my own lab research. Topics also support OSCP, Active Directory, CRTE, eJPT and eCPPT.
CloudBunny is a tool to capture the real IP of the server that uses a WAF as a proxy or protection. In this tool we used three search engines to search domain information: Shodan, Censys and Zoomeye.
A CPU-based JSON Web Token (JWT) cracker and - to some extent - scanner.
An extensible toolkit providing penetration testers an easy-to-use platform to deploy Access Points during penetration testing and red team engagements.
Command & Control-Framework created for collaboration in python3
(deprecated) Android application vulnerability analysis and Android pentest tool
Vaf is a cross-platform very advanced and fast web fuzzer written in nim
Domain name permutation engine written in Go
Weakpass rule-based online generator to create a wordlist based on a set of words entered by the user.
Relational database brute force and post exploitation tool for MySQL and MSSQL
🔄 A collection of mitmproxy inline scripts
An online handy-recon tool
Afuzz is an automated web path fuzzing tool for the Bug Bounty projects.
A unified console to perform the "kill chain" stages of attacks.
Content Bruteforcing Wordlist
Wordlist for content(directory) bruteforce discovering with Burp or dirsearch
Penetration Testing Pentesting (3,393)
Penetration Testing Pentest (3,390)
Python3 Penetration Testing (1,296)
Python Penetration Testing (1,180)
Hacking Penetration Testing (800)
Shell Penetration Testing (443)
Scanner Penetration Testing (369)
1-100 of 406 search results
Follow Us On Twitter
Copyright 2018-2023 Awesome Open Source. All rights reserved.