Awesome Open Source
Search
Programming Languages
Languages
All Categories
Categories
About
Search results for penetration testing security tools
penetration-testing
x
security-tools
x
139 search results found
Rustscan
⭐
11,903
🤖 The Modern Port Scanner 🤖
Spiderfoot
⭐
11,035
SpiderFoot automates OSINT for threat intelligence and mapping your attack surface.
Social Analyzer
⭐
10,841
API, CLI, and Web App for analyzing and finding a person's profile in 1000 social media \ websites
Sn1per
⭐
7,480
Attack Surface Management Platform
Rengine
⭐
6,446
reNgine is an automated reconnaissance framework for web applications with a focus on highly configurable streamlined recon process via Engines, recon data correlation and organization, continuous monitoring, backed by a database, and simple yet intuitive User Interface. reNgine makes it easy for penetration testers to gather reconnaissance with minimal configuration and with the help of reNgine's correlation, it just makes recon effortless.
Monkey
⭐
6,414
Infection Monkey - An open-source adversary emulation platform
Cve
⭐
5,806
Gather and update all available and newest CVEs with their PoC.
Reconftw
⭐
5,204
reconFTW is a tool designed to perform automated recon on a target domain by running the best set of tools to perform scanning and finding out vulnerabilities
Whatweb
⭐
5,075
Next generation web scanner
Osmedeus
⭐
5,023
A Workflow Engine for Offensive Security
1earn
⭐
4,841
ffffffff0x 团队维护的安全知识框架,内容包括不仅限于 web安全、工控安全、取证、应急、蓝队设施部署、后渗透、Linux安全、各类靶机writup
Awesome Shodan Queries
⭐
4,597
🔍 A collection of interesting, funny, and depressing search queries to plug into shodan.io 👩💻
Ladon
⭐
4,564
Ladon大型内网渗透工具,可PowerShell模块化、可CS插件化、可内存加载,无文件扫描。含端 12.2内置262个功能,网络资产探测模块32个通过多种协议(ICMP\NBT\DNS\MAC\SM
Cheatsheet God
⭐
4,540
Penetration Testing Reference Bank - OSCP / PTP & PTX Cheatsheet
Redteam Tools
⭐
4,019
Tools and Techniques for Red Team / Penetration Testing
Cameradar
⭐
3,626
Cameradar hacks its way into RTSP videosurveillance cameras
Pocsuite3
⭐
3,412
pocsuite3 is an open-sourced remote vulnerability testing framework developed by the Knownsec 404 Team.
Usbrubberducky Payloads
⭐
3,242
The Official USB Rubber Ducky Payload Repository
Bbot
⭐
3,155
A recursive internet scanner for hackers.
Vulmap
⭐
2,935
Vulmap 是一款 web 漏洞扫描和验证工具, 可对 webapps 进行漏洞扫描, 并且具备漏洞验证功能
Nettacker
⭐
2,915
Automated Penetration Testing Framework - Open-Source Vulnerability Scanner - Vulnerability Management
Nosqlmap
⭐
2,728
Automated NoSQL database enumeration and web application exploitation tool.
Awesome Hacking
⭐
2,716
Awesome hacking is an awesome collection of hacking tools.
Black Hat Rust
⭐
2,662
Applied offensive security with Rust - https://kerkour.com/black-hat-rust
Pentest Tools
⭐
2,652
A collection of custom security tools for quick needs.
Awesome Mobile Security
⭐
2,511
An effort to build a single place for all useful android and iOS security related stuff. All references and tools belong to their respective owners. I'm just maintaining it.
Bashbunny Payloads
⭐
2,499
The Official Bash Bunny Payload Repository
Emba
⭐
2,229
EMBA - The firmware security analyzer
Stowaway
⭐
2,195
👻Stowaway -- Multi-hop Proxy Tool for pentesters
Reconnoitre
⭐
2,053
A security tool for multithreaded information gathering and service enumeration whilst building directory structures to store results, along with writing out recommendations for further testing.
Pwndoc
⭐
1,827
Pentest Report Generator
Vulnx
⭐
1,763
vulnx 🕷️ an intelligent Bot, Shell can achieve automatic injection, and help researchers detect security vulnerabilities CMS system. It can perform a quick CMS security detection, information collection (including sub-domain name, ip address, country information, organizational information and time zone, etc.) and vulnerability scanning.
Vxscan
⭐
1,711
python3写的综合扫描工具,主要用来存活验证,敏感文件探测(目录扫描/js泄露接口/html注释
Dirhunt
⭐
1,675
Find web directories without bruteforce
Diamorphine
⭐
1,639
LKM rootkit for Linux Kernels 2.6.x/3.x/4.x/5.x/6.x (x86/x86_64 and ARM64)
Netexec
⭐
1,596
The Network Execution Tool
Rapidscan
⭐
1,489
🆕 The Multi-Tool Web Vulnerability Scanner.
Xattacker
⭐
1,486
X Attacker Tool ☣ Website Vulnerability Scanner & Auto Exploiter
Cloakify
⭐
1,483
CloakifyFactory - Data Exfiltration & Infiltration In Plain Sight; Convert any filetype into list of everyday strings, using Text-Based Steganography; Evade DLP/MLS Devices, Defeat Data Whitelisting Controls, Social Engineering of Analysts, Evade AV Detection
Ksubdomain
⭐
1,457
无状态子域名爆破工具
Inql
⭐
1,378
InQL is a robust, open-source Burp Suite extension for advanced GraphQL testing, offering intuitive vulnerability detection, customizable scans, and seamless Burp integration.
Sprayingtoolkit
⭐
1,360
Scripts to make password spraying attacks against Lync/S4B, OWA & O365 a lot quicker, less painful and more efficient
Noseyparker
⭐
1,313
Nosey Parker is a command-line program that finds secrets and sensitive information in textual data and Git history.
Dronesploit
⭐
1,306
Drone pentesting framework console
A Red Teamer Diaries
⭐
1,294
RedTeam/Pentest notes and experiments tested on several infrastructures related to professional engagements.
Cariddi
⭐
1,228
Take a list of domains, crawl urls and scan for endpoints, secrets, api keys, file extensions, tokens and more
Interlace
⭐
1,161
Easily turn single threaded command line applications into a fast, multi-threaded application with CIDR and glob support.
Fbi Tools
⭐
1,153
🕵️ OSINT Tools for gathering information and actions forensics 🕵️
Github Search
⭐
1,121
A collection of tools to perform searches on GitHub.
Vhostscan
⭐
1,114
A virtual host scanner that performs reverse lookups, can be used with pivot tools, detect catch-all scenarios, work around wildcards, aliases and dynamic default pages.
Metabigor
⭐
1,087
OSINT tools and more but without API ke
Goby
⭐
1,081
Attack surface mapping
Awesome Flipperzero Withmodules
⭐
1,074
A collection of awesome resources & modules for the Flipper Zero device. Best used with Rogue Master Flipper Zero Custom Firmware.
Changeme
⭐
1,058
A default credential scanner.
Perun
⭐
1,037
Perun是一款主要适用于乙方安服、渗透测试人员和甲方RedTeam红队人员的网络资产漏洞扫描器/扫
Inventory
⭐
1,019
Asset inventory of over 800 public bug bounty programs.
Ios
⭐
943
Most usable tools for iOS penetration testing
Evillimiter
⭐
928
Tool that monitors, analyzes and limits the bandwidth of devices on the local network without administrative access.
Athena Iso
⭐
902
Athena OS is an Arch Linux-based distro focused on Cybersecurity. Learn, practice and enjoy with any hacking tool!
Swiftnessx
⭐
877
A cross-platform note-taking & target-tracking app for penetration testers.
Ssh Snake
⭐
874
SSH-Snake is a self-propagating, self-replicating, file-less script that automates the post-exploitation task of SSH private key and host discovery.
Habu
⭐
853
Hacking Toolkit
Cloudpeler
⭐
841
CrimeFlare is a useful tool for bypassing websites protected by CloudFlare WAF, with this tool you can easily see the real IP of websites that have been protected by CloudFlare. The resulting information is certainly very useful for conducting further penetration testing, and analyzing websites with the same server.
Hosthunter
⭐
826
HostHunter a recon tool for discovering hostnames using OSINT techniques.
Web Cache Vulnerability Scanner
⭐
756
Web Cache Vulnerability Scanner is a Go-based CLI tool for testing for web cache poisoning. It is developed by Hackmanit GmbH (http://hackmanit.de/).
Leaky Paths
⭐
746
A collection of special paths linked to common internal paths, known misconfigurations, juicy APIs ..etc. It could be used as a part of web content discovery, to scan passively for high-quality endpoints and quick-wins.
Ethical Hacking Labs
⭐
726
Practical Ethical Hacking Labs 🗡🛡
Psudohash
⭐
724
Generates millions of keyword-based password mutations in seconds.
Dumpsterfire
⭐
709
"Security Incidents In A Box!" A modular, menu-driven, cross-platform tool for building customized, time-delayed, distributed security events. Easily create custom event chains for Blue- & Red Team drills and sensor / alert mapping. Red Teams can create decoy incidents, distractions, and lures to support and scale their operations. Build event sequences ("narratives") to simulate realistic scenarios and generate corresponding network and filesystem artifacts.
Blackmamba
⭐
688
C2/post-exploitation framework
Scilla
⭐
682
Information Gathering tool - DNS / Subdomains / Ports / Directories enumeration
Reverse Ssh
⭐
672
Statically-linked ssh server with reverse shell functionality for CTFs and such
Scant3r
⭐
657
ScanT3r - Module based Bug Bounty Automation Tool
Autopwn Suite
⭐
636
AutoPWN Suite is a project for scanning vulnerabilities and exploiting systems automatically.
Datasurgeon
⭐
630
Quickly Extracts IP's, Email Addresses, Hashes, Files, Credit Cards, Social Secuirty Numbers and a lot More From Text
Hashview Old
⭐
630
A web front-end for password cracking and analytics
Zeuscloud
⭐
628
Open Source Cloud Security
Fireelf
⭐
620
fireELF - Fileless Linux Malware Framework
Packetwhisper
⭐
605
PacketWhisper: Stealthily exfiltrate data and defeat attribution using DNS queries and text-based steganography. Avoid the problems associated with typical DNS exfiltration methods. Transfer data between systems without the communicating devices directly connecting to each other or to a common endpoint. No need to control a DNS Name Server.
O365spray
⭐
604
Username enumeration and password spraying tool aimed at Microsoft O365.
Apkhunt
⭐
580
APKHunt is a comprehensive static code analysis tool for Android apps that is based on the OWASP MASVS framework. Although APKHunt is intended primarily for mobile app developers and security testers, it can be used by anyone to identify and address potential security vulnerabilities in their code.
Aiodnsbrute
⭐
579
Python 3.5+ DNS asynchronous brute force utility
Mxtract
⭐
573
mXtract - Memory Extractor & Analyzer
Jok3r
⭐
564
Jok3r v3 BETA 2 - Network and Web Pentest Automation Framework
Impost3r
⭐
556
👻Impost3r -- A linux password thief
Resolvers
⭐
536
The most exhaustive list of reliable DNS resolvers.
Haiti
⭐
532
🔑 Hash type identifier (CLI & lib)
Envizon
⭐
519
network visualization & pentest reporting
Above
⭐
502
Invisible network protocol sniffer
Crlfsuite
⭐
499
The most powerful CRLF injection (HTTP Response Splitting) scanner.
Rustbuster
⭐
493
A Comprehensive Web Fuzzer and Content Discovery Tool
Darkangel
⭐
492
DarkAngel 是一款全自动白帽漏洞扫描器,从hackerone、bugcrowd资产监听到漏洞报告生成、漏洞URL
Yasuo
⭐
491
A ruby script that scans for vulnerable & exploitable 3rd-party web applications on a network
Raven Storm
⭐
475
Raven-Storm is a powerful DDoS toolkit for penetration tests, including attacks for several protocols written in python. Takedown many connections using several exotic and classic protocols.
Offsec Reporting
⭐
459
Offensive Security OSCP, OSWP, OSEP, OSWA, OSWE, OSED, OSMR, OSEE, OSDA Exam and Lab Reporting / Note-Taking Tool
Github Subdomains
⭐
426
Find subdomains on GitHub.
Gadgetprobe
⭐
420
Probe endpoints consuming Java serialized objects to identify classes, libraries, and library versions on remote Java classpaths.
Webshell Sniper
⭐
416
🔨 Manage your website via terminal
Gtfonow
⭐
414
Automatic privilege escalation for misconfigured capabilities, sudo and suid binaries using GTFOBins.
Jfscan
⭐
407
JF⚡can - Super fast port scanning & service discovery using Masscan and Nmap. Scan large networks with Masscan and use Nmap's scripting abilities to discover information about services. Generate report.
Related Searches
Python Penetration Testing (1,380)
Security Penetration Testing (767)
Python Security Tools (592)
Scanner Penetration Testing (373)
1-100 of 139 search results
Next >
Privacy
|
About
|
Terms
|
Follow Us On Twitter
Copyright 2018-2024 Awesome Open Source. All rights reserved.