Awesome Open Source
Search
Programming Languages
Languages
All Categories
Categories
About
Search results for penetration testing pentest tool
penetration-testing
x
pentest-tool
x
406 search results found
Dirsearch
⭐
10,307
Web path scanner
Thc Hydra
⭐
8,165
hydra
Sn1per
⭐
6,889
Attack Surface Management Platform
Monkey
⭐
6,331
Infection Monkey - An open-source adversary emulation platform
Hack Tools
⭐
4,990
The all-in-one Red Team extension for Web Pentester 🛠
Reconftw
⭐
4,700
reconFTW is a tool designed to perform automated recon on a target domain by running the best set of tools to perform scanning and finding out vulnerabilities
Osmedeus
⭐
4,676
A Workflow Engine for Offensive Security
1earn
⭐
4,384
暂停维护 | ffffffff0x 团队维护的安全知识框架,内容包括不仅限于 web安全、工控安全、取证、应急、蓝队设施部署、后渗透、Linux安全、各类靶机writup
Redteam Tools
⭐
4,019
Tools and Techniques for Red Team / Penetration Testing
Phonesploit Pro
⭐
3,496
An all-in-one hacking tool to remotely exploit Android devices using ADB and Metasploit-Framework to get a Meterpreter session.
Winpwn
⭐
2,939
Automation for internal Windows Penetrationtest / AD-Security
Vulmap
⭐
2,935
Vulmap 是一款 web 漏洞扫描和验证工具, 可对 webapps 进行漏洞扫描, 并且具备漏洞验证功能
Lscript
⭐
2,921
The LAZY script will make your life easier, and of course faster.
Burpsuite Collections
⭐
2,665
有关burpsuite的插件(非商店),文章以及使用技巧的收集(此项目不再提供burpsuite破解 of burpsuite plugins (non-stores), articles and tips for using Burpsuite, no crack version file
Raccoon
⭐
2,571
A high performance offensive security tool for reconnaissance and vulnerability scanning
Privesccheck
⭐
2,223
Privilege Escalation Enumeration Script for Windows
Stowaway
⭐
2,077
👻Stowaway -- Multi-hop Proxy Tool for pentesters
Ssrf Testing
⭐
2,014
SSRF (Server Side Request Forgery) testing resources
Cloudflair
⭐
1,984
🔎 Find origin servers of websites behind CloudFlare by using Internet-wide scan data from Censys.
Sudo_killer
⭐
1,971
A tool designed to exploit a privilege escalation vulnerability in the sudo program on Unix-like systems. It takes advantage of a specific misconfiguration or flaw in sudo to gain elevated privileges on the system, essentially allowing a regular user to execute commands as the root user.
Finalrecon
⭐
1,869
All In One Web Recon
Venom
⭐
1,814
Venom - A Multi-hop Proxy for Penetration Testers
Xssor2
⭐
1,797
XSS'OR - Hack with JavaScript.
Pwncat
⭐
1,571
pwncat - netcat on steroids with Firewall, IDS/IPS evasion, bind and reverse shell, self-injecting shell and port forwarding magic - and its fully scriptable with Python (PSE)
One Lin3r
⭐
1,526
Gives you one-liners that aids in penetration testing operations, privilege escalation and more
Cloakify
⭐
1,432
CloakifyFactory - Data Exfiltration & Infiltration In Plain Sight; Convert any filetype into list of everyday strings, using Text-Based Steganography; Evade DLP/MLS Devices, Defeat Data Whitelisting Controls, Social Engineering of Analysts, Evade AV Detection
Odat
⭐
1,405
ODAT: Oracle Database Attacking Tool
Linwinpwn
⭐
1,325
linWinPwn is a bash script that automates a number of Active Directory Enumeration and Vulnerability checks
Top25 Parameter
⭐
1,311
For basic researches, top 25 vulnerability parameters that can be used in automation tools or manual recon. 🛡️⚔️🧙
Dronesploit
⭐
1,284
Drone pentesting framework console
Fuxi
⭐
1,273
Penetration Testing Platform
Lockdoor Framework
⭐
1,197
🔐 Lockdoor Framework : A Penetration Testing framework with Cyber Security Resources
Babysploit
⭐
965
👶 BabySploit Beginner Pentesting Toolkit/Framework Written in Python 🐍
Linuxprivchecker
⭐
934
linuxprivchecker.py -- a Linux Privilege Escalation Check Script
Evillimiter
⭐
928
Tool that monitors, analyzes and limits the bandwidth of devices on the local network without administrative access.
Inventory
⭐
899
Asset inventory of over 800 public bug bounty programs.
Passhunt
⭐
898
Passhunt is a simple tool for searching of default credentials for network devices, web applications and more. Search through 523 vendors and their 2084 default passwords.
Ligolo Ng
⭐
889
An advanced, yet simple, tunneling/pivoting tool that uses a TUN interface.
Enum4linux Ng
⭐
882
A next generation version of enum4linux (a Windows/Samba enumeration tool) with additional features like JSON/YAML export. Aimed for security professionals and CTF players.
Cloudpeler
⭐
841
CrimeFlare is a useful tool for bypassing websites protected by CloudFlare WAF, with this tool you can easily see the real IP of websites that have been protected by CloudFlare. The resulting information is certainly very useful for conducting further penetration testing, and analyzing websites with the same server.
Hosthunter
⭐
826
HostHunter a recon tool for discovering hostnames using OSINT techniques.
Habu
⭐
815
Hacking Toolkit
Perun
⭐
794
Perun是一款主要适用于乙方安服、渗透测试人员和甲方RedTeam红队人员的网络资产漏洞扫描器/扫
Msdat
⭐
754
MSDAT: Microsoft SQL Database Attacking Tool
Dumpsterfire
⭐
709
"Security Incidents In A Box!" A modular, menu-driven, cross-platform tool for building customized, time-delayed, distributed security events. Easily create custom event chains for Blue- & Red Team drills and sensor / alert mapping. Red Teams can create decoy incidents, distractions, and lures to support and scale their operations. Build event sequences ("narratives") to simulate realistic scenarios and generate corresponding network and filesystem artifacts.
Justtryharder
⭐
709
JustTryHarder, a cheat sheet which will aid you through the PWK course & the OSCP Exam. (Inspired by PayloadAllTheThings)
Cloudbrute
⭐
695
Awesome cloud enumerator
Blackmamba
⭐
688
C2/post-exploitation framework
Subscraper
⭐
680
Subdomain and target enumeration tool built for offensive security testing
Pentesttools
⭐
650
Awesome Pentest Tools Collection
Attiny85
⭐
620
RubberDucky like payloads for DigiSpark Attiny85
Thc Archive
⭐
601
All releases of the security research group (a.k.a. hackers) The Hacker's Choice
Censys Subdomain Finder
⭐
589
⚡ Perform subdomain enumeration using the certificate transparency logs from Censys.
Packetwhisper
⭐
587
PacketWhisper: Stealthily exfiltrate data and defeat attribution using DNS queries and text-based steganography. Avoid the problems associated with typical DNS exfiltration methods. Transfer data between systems without the communicating devices directly connecting to each other or to a common endpoint. No need to control a DNS Name Server.
Rdpassspray
⭐
575
Python3 tool to perform password spraying using RDP
Impost3r
⭐
556
👻Impost3r -- A linux password thief
Dirble
⭐
543
Fast directory scanning and scraping tool
Open Redirect Payloads
⭐
529
Open Redirect Payloads
Envizon
⭐
519
network visualization & pentest reporting
Nullinux
⭐
515
Internal penetration testing tool for Linux that can be used to enumerate OS information, domain information, shares, directories, and users through SMB.
Vajra
⭐
511
Vajra is a highly customizable target and scope based automated web hacking framework to automate boring recon tasks and same scans for multiple target during web applications penetration testing.
Webkiller
⭐
500
Tool Information Gathering Write By Python.
Yasuo
⭐
491
A ruby script that scans for vulnerable & exploitable 3rd-party web applications on a network
Bigbountyrecon
⭐
471
BigBountyRecon tool utilises 58 different techniques using various Google dorks and open source tools to expedite the process of initial reconnaissance on the target organisation.
Sstimap
⭐
471
Automatic SSTI detection tool with interactive interface
Overlord
⭐
463
Overlord - Red Teaming Infrastructure Automation
Pentest101
⭐
456
一些关于渗透测试的Tips
Haiti
⭐
451
🔑 Hash type identifier (CLI & lib)
Gadgetprobe
⭐
420
Probe endpoints consuming Java serialized objects to identify classes, libraries, and library versions on remote Java classpaths.
Netexec
⭐
415
The Network Execution Tool
Pymeta
⭐
396
Pymeta will search the web for files on a domain to download and extract metadata. This technique can be used to identify: domains, usernames, software/version numbers and naming conventions.
Pivotsuite
⭐
395
Network Pivoting Toolkit
Crlfsuite
⭐
394
The most powerful CRLF injection (HTTP Response Splitting) scanner.
Suid3num
⭐
393
A standalone python script which utilizes python's built-in modules to enumerate SUID binaries, separate default binaries from custom binaries, cross-match those with bins in GTFO Bin's repository & auto-exploit those, all with colors! ( ͡~ ͜ʖ ͡°)
Badkarma
⭐
390
network reconnaissance toolkit
Hackerenv
⭐
375
Kaboom
⭐
359
A tool to automate penetration tests
Sharphostinfo
⭐
345
SharpHostInfo是一款快速探测内网主机信息工具(深信服深蓝实验室天威战队强力驱动)
Karkinos
⭐
338
Penetration Testing and Hacking CTF's Swiss Army Knife with: Reverse Shell Handling - Encoding/Decoding - Encryption/Decryption - Cracking Hashes / Hashing
Darkside
⭐
315
Tool Information Gathering & social engineering Write By [Python,JS,PHP]
Susanoo
⭐
314
A REST API security testing framework.
Sippts
⭐
311
Set of tools to audit SIP based VoIP Systems
Getaltname
⭐
306
Extract subdomains from SSL certificates in HTTPS sites.
Txtool
⭐
305
an easy pentesting tool.
Userefuzz
⭐
302
User-Agent , X-Forwarded-For and Referer SQLI Fuzzer
Pentest Everything
⭐
289
A collection of CTF write-ups, pentesting topics, guides and notes. Notes compiled from multiple sources and my own lab research. Topics also support OSCP, Active Directory, CRTE, eJPT and eCPPT.
Cloudbunny
⭐
279
CloudBunny is a tool to capture the real IP of the server that uses a WAF as a proxy or protection. In this tool we used three search engines to search domain information: Shodan, Censys and Zoomeye.
Jwtcat
⭐
258
A CPU-based JSON Web Token (JWT) cracker and - to some extent - scanner.
Rogue
⭐
254
An extensible toolkit providing penetration testers an easy-to-use platform to deploy Access Points during penetration testing and red team engagements.
Phoenixc2
⭐
247
Command & Control-Framework created for collaboration in python3
Droid Hunter
⭐
244
(deprecated) Android application vulnerability analysis and Android pentest tool
Vaf
⭐
241
Vaf is a cross-platform very advanced and fast web fuzzer written in nim
Dnsmorph
⭐
235
Domain name permutation engine written in Go
Weakpass
⭐
221
Weakpass rule-based online generator to create a wordlist based on a set of words entered by the user.
Enumdb
⭐
213
Relational database brute force and post exploitation tool for MySQL and MSSQL
Mitm Scripts
⭐
206
🔄 A collection of mitmproxy inline scripts
Investigator
⭐
205
An online handy-recon tool
Afuzz
⭐
204
Afuzz is an automated web path fuzzing tool for the Bug Bounty projects.
Killchain
⭐
192
A unified console to perform the "kill chain" stages of attacks.
Content Bruteforcing Wordlist
⭐
187
Wordlist for content(directory) bruteforce discovering with Burp or dirsearch
Related Searches
Penetration Testing Pentesting (3,393)
Penetration Testing Pentest (3,390)
Python3 Penetration Testing (1,296)
Python Penetration Testing (1,180)
Hacking Penetration Testing (800)
Shell Penetration Testing (443)
Scanner Penetration Testing (369)
1-100 of 406 search results
Next >
Privacy
|
About
|
Terms
|
Follow Us On Twitter
Copyright 2018-2023 Awesome Open Source. All rights reserved.