Awesome Open Source
Search
Programming Languages
Languages
All Categories
Categories
About
Search results for penetration testing pentest tool
penetration-testing
x
pentest-tool
x
82 search results found
Dirsearch
⭐
12,439
Web path scanner
Sn1per
⭐
8,308
Attack Surface Management Platform
Reconftw
⭐
5,890
reconFTW is a tool designed to perform automated recon on a target domain by running the best set of tools to perform scanning and finding out vulnerabilities
Osmedeus
⭐
5,586
A Workflow Engine for Offensive Security
1earn
⭐
5,171
ffffffff0x 团队维护的安全知识框架,内容包括不仅限于 web安全、工控安全、取证、应急、蓝队设施部署、后渗透、Linux安全、各类靶机writup
Redteam Tools
⭐
4,019
Tools and Techniques for Red Team / Penetration Testing
Vulmap
⭐
2,935
Vulmap 是一款 web 漏洞扫描和验证工具, 可对 webapps 进行漏洞扫描, 并且具备漏洞验证功能
Raccoon
⭐
2,928
A high performance offensive security tool for reconnaissance and vulnerability scanning
Lscript
⭐
2,921
The LAZY script will make your life easier, and of course faster.
Cloudflair
⭐
2,527
🔎 Find origin servers of websites behind CloudFlare by using Internet-wide scan data from Censys.
Ssrf Testing
⭐
2,274
SSRF (Server Side Request Forgery) testing resources
Stowaway
⭐
2,195
👻Stowaway -- Multi-hop Proxy Tool for pentesters
Venom
⭐
2,103
Venom - A Multi-hop Proxy for Penetration Testers
Finalrecon
⭐
2,054
All In One Web Recon
Sudo_killer
⭐
2,032
A tool designed to exploit a privilege escalation vulnerability in the sudo program on Unix-like systems. It takes advantage of a specific misconfiguration or flaw in sudo to gain elevated privileges on the system, essentially allowing a regular user to execute commands as the root user.
Ligolo Ng
⭐
1,950
An advanced, yet simple, tunneling/pivoting tool that uses a TUN interface.
Pwncat
⭐
1,857
pwncat - netcat on steroids with Firewall, IDS/IPS evasion, bind and reverse shell, self-injecting shell and port forwarding magic - and its fully scriptable with Python (PSE)
One Lin3r
⭐
1,712
Gives you one-liners that aids in penetration testing operations, privilege escalation and more
Netexec
⭐
1,596
The Network Execution Tool
Cloakify
⭐
1,575
CloakifyFactory - Data Exfiltration & Infiltration In Plain Sight; Convert any filetype into list of everyday strings, using Text-Based Steganography; Evade DLP/MLS Devices, Defeat Data Whitelisting Controls, Social Engineering of Analysts, Evade AV Detection
Linwinpwn
⭐
1,512
linWinPwn is a bash script that automates a number of Active Directory Enumeration and Vulnerability checks
Odat
⭐
1,405
ODAT: Oracle Database Attacking Tool
Fuxi
⭐
1,350
Penetration Testing Platform
Top25 Parameter
⭐
1,311
For basic researches, top 25 vulnerability parameters that can be used in automation tools or manual recon. 🛡️⚔️🧙
Dronesploit
⭐
1,306
Drone pentesting framework console
Lockdoor Framework
⭐
1,254
🔐 Lockdoor Framework : A Penetration Testing framework with Cyber Security Resources
Hosthunter
⭐
1,131
HostHunter a recon tool for discovering hostnames using OSINT techniques.
Perun
⭐
1,037
Perun是一款主要适用于乙方安服、渗透测试人员和甲方RedTeam红队人员的网络资产漏洞扫描器/扫
Inventory
⭐
1,019
Asset inventory of over 800 public bug bounty programs.
Linuxprivchecker
⭐
934
linuxprivchecker.py -- a Linux Privilege Escalation Check Script
Evillimiter
⭐
928
Tool that monitors, analyzes and limits the bandwidth of devices on the local network without administrative access.
Habu
⭐
903
Hacking Toolkit
Passhunt
⭐
898
Passhunt is a simple tool for searching of default credentials for network devices, web applications and more. Search through 523 vendors and their 2084 default passwords.
Enum4linux Ng
⭐
896
A next generation version of enum4linux (a Windows/Samba enumeration tool) with additional features like JSON/YAML export. Aimed for security professionals and CTF players.
Cloudpeler
⭐
841
CrimeFlare is a useful tool for bypassing websites protected by CloudFlare WAF, with this tool you can easily see the real IP of websites that have been protected by CloudFlare. The resulting information is certainly very useful for conducting further penetration testing, and analyzing websites with the same server.
Pentesttools
⭐
816
Awesome Pentest Tools Collection
Subscraper
⭐
792
Subdomain and target enumeration tool built for offensive security testing
Msdat
⭐
754
MSDAT: Microsoft SQL Database Attacking Tool
Cloudbrute
⭐
750
Awesome cloud enumerator
Dumpsterfire
⭐
709
"Security Incidents In A Box!" A modular, menu-driven, cross-platform tool for building customized, time-delayed, distributed security events. Easily create custom event chains for Blue- & Red Team drills and sensor / alert mapping. Red Teams can create decoy incidents, distractions, and lures to support and scale their operations. Build event sequences ("narratives") to simulate realistic scenarios and generate corresponding network and filesystem artifacts.
Blackmamba
⭐
688
C2/post-exploitation framework
Packetwhisper
⭐
635
PacketWhisper: Stealthily exfiltrate data and defeat attribution using DNS queries and text-based steganography. Avoid the problems associated with typical DNS exfiltration methods. Transfer data between systems without the communicating devices directly connecting to each other or to a common endpoint. No need to control a DNS Name Server.
Thc Archive
⭐
632
All releases of the security research group (a.k.a. hackers) The Hacker's Choice
Dirble
⭐
592
Fast directory scanning and scraping tool
Censys Subdomain Finder
⭐
589
⚡ Perform subdomain enumeration using the certificate transparency logs from Censys.
Nullinux
⭐
574
Internal penetration testing tool for Linux that can be used to enumerate OS information, domain information, shares, directories, and users through SMB.
Impost3r
⭐
556
👻Impost3r -- A linux password thief
Sstimap
⭐
546
Automatic SSTI detection tool with interactive interface
Crlfsuite
⭐
538
The most powerful CRLF injection (HTTP Response Splitting) scanner.
Open Redirect Payloads
⭐
532
Open Redirect Payloads
Haiti
⭐
532
🔑 Hash type identifier (CLI & lib)
Envizon
⭐
519
network visualization & pentest reporting
Vajra
⭐
511
Vajra is a highly customizable target and scope based automated web hacking framework to automate boring recon tasks and same scans for multiple target during web applications penetration testing.
Yasuo
⭐
491
A ruby script that scans for vulnerable & exploitable 3rd-party web applications on a network
Darkside
⭐
479
Tool Information Gathering & social engineering Write By [Python,JS,PHP]
Bigbountyrecon
⭐
471
BigBountyRecon tool utilises 58 different techniques using various Google dorks and open source tools to expedite the process of initial reconnaissance on the target organisation.
Pentest101
⭐
456
一些关于渗透测试的Tips
Gadgetprobe
⭐
420
Probe endpoints consuming Java serialized objects to identify classes, libraries, and library versions on remote Java classpaths.
Pymeta
⭐
398
Pymeta will search the web for files on a domain to download and extract metadata. This technique can be used to identify: domains, usernames, software/version numbers and naming conventions.
Suid3num
⭐
393
A standalone python script which utilizes python's built-in modules to enumerate SUID binaries, separate default binaries from custom binaries, cross-match those with bins in GTFO Bin's repository & auto-exploit those, all with colors! ( ͡~ ͜ʖ ͡°)
Karkinos
⭐
386
Penetration Testing and Hacking CTF's Swiss Army Knife with: Reverse Shell Handling - Encoding/Decoding - Encryption/Decryption - Cracking Hashes / Hashing
Kaboom
⭐
382
A tool to automate penetration tests
Hackerenv
⭐
375
Sippts
⭐
347
Set of tools to audit SIP based VoIP Systems
Sharphostinfo
⭐
345
SharpHostInfo是一款快速探测内网主机信息工具(深信服深蓝实验室天威战队强力驱动)
Susanoo
⭐
326
A REST API security testing framework.
Getaltname
⭐
306
Extract subdomains from SSL certificates in HTTPS sites.
Txtool
⭐
305
an easy pentesting tool.
Userefuzz
⭐
302
User-Agent , X-Forwarded-For and Referer SQLI Fuzzer
Rogue
⭐
269
An extensible toolkit providing penetration testers an easy-to-use platform to deploy Access Points during penetration testing and red team engagements.
Phoenixc2
⭐
247
Command & Control-Framework created for collaboration in python3
Droid Hunter
⭐
244
(deprecated) Android application vulnerability analysis and Android pentest tool
Vaf
⭐
241
Vaf is a cross-platform very advanced and fast web fuzzer written in nim
Dnsmorph
⭐
235
Domain name permutation engine written in Go
Weakpass
⭐
221
Weakpass rule-based online generator to create a wordlist based on a set of words entered by the user.
Enumdb
⭐
219
Relational database brute force and post exploitation tool for MySQL and MSSQL
Investigator
⭐
218
An online handy-recon tool
Golinkfinder
⭐
217
A fast and minimal JS endpoint extractor
Content Bruteforcing Wordlist
⭐
214
Wordlist for content(directory) bruteforce discovering with Burp or dirsearch
Afuzz
⭐
204
Afuzz is an automated web path fuzzing tool for the Bug Bounty projects.
Killchain
⭐
192
A unified console to perform the "kill chain" stages of attacks.
Nightingale
⭐
183
It's a Docker Environment for Pentesting which having all the required tool for VAPT.
Lucifer
⭐
177
A Powerful Penetration Tool For Automating Penetration Tasks Such As Local Privilege Escalation, Enumeration, Exfiltration and More... Use Or Build Automation Modules To Speed Up Your Cyber Security Life
Powerladon
⭐
177
Ladon hacking Scanner for PowerShell, vulnerability / exploit / detection / MS17010/SmbGhost,Brute-Force SMB/IPC/WMI/NBT/SSH/FTP/MSSQL/MYSQL/ORACLE/VNC
Docker Security Images
⭐
173
🔐 Docker Container for Penetration Testing & Security
Sqlscan
⭐
173
Quick SQL Scanner, Dorker, Webshell injector PHP
Fileless Xec
⭐
160
Stealth dropper executing remote binaries without dropping them on disk .(HTTP3 support, ICMP support, invisible tracks, cross-platform,...)
Amnesiac
⭐
157
Amnesiac is a post-exploitation framework entirely written in PowerShell and designed to assist with lateral movement within Active Directory environments
Favirecon
⭐
149
Use favicon.ico to improve your target recon phase. Quickly detect technologies, WAF, exposed panels, known services.
Vmass
⭐
148
vMass Bot 🪝 Vulnerability Scanner & Auto Exploiter Tool Written in Perl.
Nix Security Box
⭐
147
Tool set for Information security professionals and all others
Pakuri
⭐
140
PAKURI has been merged with Python and launched as a new project, PAKURI-THON.
Airmaster
⭐
131
Use ExpiredDomains.net and BlueCoat to find useful domains for red team.
Jwtxploiter
⭐
130
A tool to test security of json web token
Golazagne
⭐
128
Go library for credentials recovery
Pentesting Dockerfiles
⭐
126
Pentesting/Bugbounty Dockerfiles.
Vailyn
⭐
126
A phased, evasive Path Traversal + LFI scanning & exploitation tool in Python
Trigmap
⭐
123
A wrapper for Nmap to quickly run network scans
Cloud Buster
⭐
121
A Cloudflare resolver that works
Webstor
⭐
119
A script to quickly enumerate all websites across all of your organization's networks, store their responses, and query for known web technologies, such as those with zero-day vulnerabilities.
Related Searches
Python Penetration Testing (1,296)
Security Penetration Testing (767)
Shell Penetration Testing (443)
Scanner Penetration Testing (373)
Exploitation Penetration Testing (354)
Penetration Testing Security Tools (319)
1-82 of 82 search results
Privacy
|
About
|
Terms
|
Follow Us On Twitter
Copyright 2018-2025 Awesome Open Source. All rights reserved.