Awesome Open Source

Programming Languages

Search results for penetration testing pentest tool

penetration-testing x

82 search results found

Dirsearch ⭐ 12,439

Web path scanner

Sn1per ⭐ 8,308

Attack Surface Management Platform

Reconftw ⭐ 5,890

reconFTW is a tool designed to perform automated recon on a target domain by running the best set of tools to perform scanning and finding out vulnerabilities

Osmedeus ⭐ 5,586

A Workflow Engine for Offensive Security

1earn ⭐ 5,171

ffffffff0x 团队维护的安全知识框架,内容包括不仅限于 web安全、工控安全、取证、应急、蓝队设施部署、后渗透、Linux安全、各类靶机writup

Redteam Tools ⭐ 4,019

Tools and Techniques for Red Team / Penetration Testing

Vulmap ⭐ 2,935

Vulmap 是一款 web 漏洞扫描和验证工具, 可对 webapps 进行漏洞扫描, 并且具备漏洞验证功能

Raccoon ⭐ 2,928

A high performance offensive security tool for reconnaissance and vulnerability scanning

Lscript ⭐ 2,921

The LAZY script will make your life easier, and of course faster.

Cloudflair ⭐ 2,527

🔎 Find origin servers of websites behind CloudFlare by using Internet-wide scan data from Censys.

Ssrf Testing ⭐ 2,274

SSRF (Server Side Request Forgery) testing resources

Stowaway ⭐ 2,195

👻Stowaway -- Multi-hop Proxy Tool for pentesters

Venom ⭐ 2,103

Venom - A Multi-hop Proxy for Penetration Testers

Finalrecon ⭐ 2,054

All In One Web Recon

Sudo_killer ⭐ 2,032

A tool designed to exploit a privilege escalation vulnerability in the sudo program on Unix-like systems. It takes advantage of a specific misconfiguration or flaw in sudo to gain elevated privileges on the system, essentially allowing a regular user to execute commands as the root user.

Ligolo Ng ⭐ 1,950

An advanced, yet simple, tunneling/pivoting tool that uses a TUN interface.

Pwncat ⭐ 1,857

pwncat - netcat on steroids with Firewall, IDS/IPS evasion, bind and reverse shell, self-injecting shell and port forwarding magic - and its fully scriptable with Python (PSE)

One Lin3r ⭐ 1,712

Gives you one-liners that aids in penetration testing operations, privilege escalation and more

Netexec ⭐ 1,596

The Network Execution Tool

Cloakify ⭐ 1,575

CloakifyFactory - Data Exfiltration & Infiltration In Plain Sight; Convert any filetype into list of everyday strings, using Text-Based Steganography; Evade DLP/MLS Devices, Defeat Data Whitelisting Controls, Social Engineering of Analysts, Evade AV Detection

Linwinpwn ⭐ 1,512

linWinPwn is a bash script that automates a number of Active Directory Enumeration and Vulnerability checks

ODAT: Oracle Database Attacking Tool

Penetration Testing Platform

Top25 Parameter ⭐ 1,311

For basic researches, top 25 vulnerability parameters that can be used in automation tools or manual recon. 🛡️⚔️🧙

Dronesploit ⭐ 1,306

Drone pentesting framework console

Lockdoor Framework ⭐ 1,254

🔐 Lockdoor Framework : A Penetration Testing framework with Cyber Security Resources

Hosthunter ⭐ 1,131

HostHunter a recon tool for discovering hostnames using OSINT techniques.

Perun ⭐ 1,037

Perun是一款主要适用于乙方安服、渗透测试人员和甲方RedTeam红队人员的网络资产漏洞扫描器/扫

Inventory ⭐ 1,019

Asset inventory of over 800 public bug bounty programs.

Linuxprivchecker ⭐ 934

linuxprivchecker.py -- a Linux Privilege Escalation Check Script

Evillimiter ⭐ 928

Tool that monitors, analyzes and limits the bandwidth of devices on the local network without administrative access.

Hacking Toolkit

Passhunt ⭐ 898

Passhunt is a simple tool for searching of default credentials for network devices, web applications and more. Search through 523 vendors and their 2084 default passwords.

Enum4linux Ng ⭐ 896

A next generation version of enum4linux (a Windows/Samba enumeration tool) with additional features like JSON/YAML export. Aimed for security professionals and CTF players.

Cloudpeler ⭐ 841

CrimeFlare is a useful tool for bypassing websites protected by CloudFlare WAF, with this tool you can easily see the real IP of websites that have been protected by CloudFlare. The resulting information is certainly very useful for conducting further penetration testing, and analyzing websites with the same server.

Pentesttools ⭐ 816

Awesome Pentest Tools Collection

Subscraper ⭐ 792

Subdomain and target enumeration tool built for offensive security testing

MSDAT: Microsoft SQL Database Attacking Tool

Cloudbrute ⭐ 750

Awesome cloud enumerator

Dumpsterfire ⭐ 709

"Security Incidents In A Box!" A modular, menu-driven, cross-platform tool for building customized, time-delayed, distributed security events. Easily create custom event chains for Blue- & Red Team drills and sensor / alert mapping. Red Teams can create decoy incidents, distractions, and lures to support and scale their operations. Build event sequences ("narratives") to simulate realistic scenarios and generate corresponding network and filesystem artifacts.

Blackmamba ⭐ 688

C2/post-exploitation framework

Packetwhisper ⭐ 635

PacketWhisper: Stealthily exfiltrate data and defeat attribution using DNS queries and text-based steganography. Avoid the problems associated with typical DNS exfiltration methods. Transfer data between systems without the communicating devices directly connecting to each other or to a common endpoint. No need to control a DNS Name Server.

Thc Archive ⭐ 632

All releases of the security research group (a.k.a. hackers) The Hacker's Choice

Fast directory scanning and scraping tool

Censys Subdomain Finder ⭐ 589

⚡ Perform subdomain enumeration using the certificate transparency logs from Censys.

Nullinux ⭐ 574

Internal penetration testing tool for Linux that can be used to enumerate OS information, domain information, shares, directories, and users through SMB.

Impost3r ⭐ 556

👻Impost3r -- A linux password thief

Sstimap ⭐ 546

Automatic SSTI detection tool with interactive interface

Crlfsuite ⭐ 538

The most powerful CRLF injection (HTTP Response Splitting) scanner.

Open Redirect Payloads ⭐ 532

Open Redirect Payloads

🔑 Hash type identifier (CLI & lib)

Envizon ⭐ 519

network visualization & pentest reporting

Vajra is a highly customizable target and scope based automated web hacking framework to automate boring recon tasks and same scans for multiple target during web applications penetration testing.

A ruby script that scans for vulnerable & exploitable 3rd-party web applications on a network

Darkside ⭐ 479

Tool Information Gathering & social engineering Write By [Python,JS,PHP]

Bigbountyrecon ⭐ 471

BigBountyRecon tool utilises 58 different techniques using various Google dorks and open source tools to expedite the process of initial reconnaissance on the target organisation.

Pentest101 ⭐ 456

一些关于渗透测试的Tips

Gadgetprobe ⭐ 420

Probe endpoints consuming Java serialized objects to identify classes, libraries, and library versions on remote Java classpaths.

Pymeta will search the web for files on a domain to download and extract metadata. This technique can be used to identify: domains, usernames, software/version numbers and naming conventions.

Suid3num ⭐ 393

A standalone python script which utilizes python's built-in modules to enumerate SUID binaries, separate default binaries from custom binaries, cross-match those with bins in GTFO Bin's repository & auto-exploit those, all with colors! ( ͡~ ͜ʖ ͡°)

Karkinos ⭐ 386

Penetration Testing and Hacking CTF's Swiss Army Knife with: Reverse Shell Handling - Encoding/Decoding - Encryption/Decryption - Cracking Hashes / Hashing

A tool to automate penetration tests

Hackerenv ⭐ 375

Set of tools to audit SIP based VoIP Systems

Sharphostinfo ⭐ 345

SharpHostInfo是一款快速探测内网主机信息工具（深信服深蓝实验室天威战队强力驱动）

Susanoo ⭐ 326

A REST API security testing framework.

Getaltname ⭐ 306

Extract subdomains from SSL certificates in HTTPS sites.

an easy pentesting tool.

Userefuzz ⭐ 302

User-Agent , X-Forwarded-For and Referer SQLI Fuzzer

An extensible toolkit providing penetration testers an easy-to-use platform to deploy Access Points during penetration testing and red team engagements.

Phoenixc2 ⭐ 247

Command & Control-Framework created for collaboration in python3

Droid Hunter ⭐ 244

(deprecated) Android application vulnerability analysis and Android pentest tool

Vaf is a cross-platform very advanced and fast web fuzzer written in nim

Dnsmorph ⭐ 235

Domain name permutation engine written in Go

Weakpass ⭐ 221

Weakpass rule-based online generator to create a wordlist based on a set of words entered by the user.

Relational database brute force and post exploitation tool for MySQL and MSSQL

Investigator ⭐ 218

An online handy-recon tool

Golinkfinder ⭐ 217

A fast and minimal JS endpoint extractor

Content Bruteforcing Wordlist ⭐ 214

Wordlist for content(directory) bruteforce discovering with Burp or dirsearch

Afuzz is an automated web path fuzzing tool for the Bug Bounty projects.

Killchain ⭐ 192

A unified console to perform the "kill chain" stages of attacks.

Nightingale ⭐ 183

It's a Docker Environment for Pentesting which having all the required tool for VAPT.

Lucifer ⭐ 177

A Powerful Penetration Tool For Automating Penetration Tasks Such As Local Privilege Escalation, Enumeration, Exfiltration and More... Use Or Build Automation Modules To Speed Up Your Cyber Security Life

Powerladon ⭐ 177

Ladon hacking Scanner for PowerShell, vulnerability / exploit / detection / MS17010/SmbGhost,Brute-Force SMB/IPC/WMI/NBT/SSH/FTP/MSSQL/MYSQL/ORACLE/VNC

Docker Security Images ⭐ 173

🔐 Docker Container for Penetration Testing & Security

Sqlscan ⭐ 173

Quick SQL Scanner, Dorker, Webshell injector PHP

Fileless Xec ⭐ 160

Stealth dropper executing remote binaries without dropping them on disk .(HTTP3 support, ICMP support, invisible tracks, cross-platform,...)

Amnesiac ⭐ 157

Amnesiac is a post-exploitation framework entirely written in PowerShell and designed to assist with lateral movement within Active Directory environments

Favirecon ⭐ 149

Use favicon.ico to improve your target recon phase. Quickly detect technologies, WAF, exposed panels, known services.

vMass Bot 🪝 Vulnerability Scanner & Auto Exploiter Tool Written in Perl.

Nix Security Box ⭐ 147

Tool set for Information security professionals and all others

PAKURI has been merged with Python and launched as a new project, PAKURI-THON.

Airmaster ⭐ 131

Use ExpiredDomains.net and BlueCoat to find useful domains for red team.

Jwtxploiter ⭐ 130

A tool to test security of json web token

Golazagne ⭐ 128

Go library for credentials recovery

Pentesting Dockerfiles ⭐ 126

Pentesting/Bugbounty Dockerfiles.

A phased, evasive Path Traversal + LFI scanning & exploitation tool in Python

Trigmap ⭐ 123

A wrapper for Nmap to quickly run network scans

Cloud Buster ⭐ 121

A Cloudflare resolver that works

Webstor ⭐ 119

A script to quickly enumerate all websites across all of your organization's networks, store their responses, and query for known web technologies, such as those with zero-day vulnerabilities.

Related Searches

Python Penetration Testing (1,296)

Security Penetration Testing (767)

Shell Penetration Testing (443)

Scanner Penetration Testing (373)

Exploitation Penetration Testing (354)

Penetration Testing Security Tools (319)

1-82 of 82 search results

Privacy | About | Terms | Follow Us On Twitter

Copyright 2018-2025 Awesome Open Source. All rights reserved.