Awesome Open Source
Search
Programming Languages
Languages
All Categories
Categories
About
Search results for penetration testing tools
penetration-testing-tools
x
150 search results found
Whatweb
⭐
5,110
Next generation web scanner
Modlishka
⭐
4,670
Modlishka. Reverse Proxy.
Villain
⭐
3,376
Villain is a C2 framework that can handle multiple TCP socket & HoaxShell-based reverse shells, enhance their functionality with additional features (commands, utilities etc) and share them among connected sibling servers (Villain instances running on different machines).
Cdk
⭐
3,267
📦 Make security testing of K8s, Docker, and Containerd easier.
Appinfoscanner
⭐
1,975
一款适用于以HW行动/红队/渗透测试团队为场景的移动端(Android、iOS、WEB、H5、静态网
Cloudfox
⭐
1,681
Automating situational awareness for cloud penetration tests.
Broxy
⭐
932
An HTTP/HTTPS intercept proxy written in Go.
Web Cache Vulnerability Scanner
⭐
756
Web Cache Vulnerability Scanner is a Go-based CLI tool for testing for web cache poisoning. It is developed by Hackmanit GmbH (http://hackmanit.de/).
Justtryharder
⭐
709
JustTryHarder, a cheat sheet which will aid you through the PWK course & the OSCP Exam. (Inspired by PayloadAllTheThings)
Garud
⭐
694
An automation tool that scans sub-domains, sub-domain takeover, then filters out XSS, SSTI, SSRF, and more injection point parameters and scans for some low hanging vulnerabilities automatically.
Reverse Ssh
⭐
672
Statically-linked ssh server with reverse shell functionality for CTFs and such
Sonarsearch
⭐
621
A rapid API for the Project Sonar dataset
Sstimap
⭐
546
Automatic SSTI detection tool with interactive interface
Xurlfind3r
⭐
534
A command-line interface (CLI) based passive URLs discovery utility. It is designed to efficiently identify known URLs of given domains by tapping into a multitude of curated online passive sources.
Kubesploit
⭐
501
Kubesploit is a cross-platform post-exploitation HTTP/2 Command & Control server and agent written in Golang, focused on containerized environments.
Dudesuite
⭐
487
Dude Suite Web 渗透测试工具
Slackor
⭐
452
A Golang implant that uses Slack as a command and control server
Sec Tools
⭐
412
🍉一款基于Python-Django的多功能Web安全渗透测试工具,包含漏洞扫描,端口扫描,指纹识
Spoofy
⭐
394
Spoofy is a program that checks if a list of domains can be spoofed based on SPF and DMARC records.
Karkinos
⭐
386
Penetration Testing and Hacking CTF's Swiss Army Knife with: Reverse Shell Handling - Encoding/Decoding - Encryption/Decryption - Cracking Hashes / Hashing
Redeye
⭐
350
Redeye is a tool intended to help you manage your data during a pentest operation
Second Order
⭐
295
Second-order subdomain takeover scanner
Lit Bb Hack Tools
⭐
293
Little Bug Bounty & Hacking Tools⚔️
Nebula
⭐
291
AI-Powered Ethical Hacking Assistant
Nimbo C2
⭐
255
Nimbo-C2 is yet another (simple and lightweight) C2 framework
Cervantes
⭐
215
Cervantes is an opensource collaborative platform for pentesters or red teams who want to save time to manage their projects, clients, vulnerabilities and reports in one place.
Default Http Login Hunter
⭐
211
Login hunter of default credentials for administrative web interfaces leveraging NNdefaccts dataset.
Mksub
⭐
204
Generate tens of thousands of subdomain combinations in a matter of seconds
Minimalistic Offensive Security Tools
⭐
200
A repository of tools for pentesting of restricted and isolated environments.
Shadow Workers
⭐
196
Shadow Workers is a free and open source C2 and proxy designed for penetration testers to help in the exploitation of XSS and malicious Service Workers (SW)
Narthex
⭐
180
Modular personalized dictionary generator.
Dfw1n Osint
⭐
174
Australian Open Source Intelligence Gathering Resources, Australias Largest Open Source Intelligence Repository for Cyber Professionals and Ethical Hackers
Dsieve
⭐
168
Filter and enrich a list of subdomains by level
T14m4t
⭐
165
Automated brute-forcing attack tool.
Bulwark
⭐
163
An organizational asset and vulnerability management tool, with Jira integration, designed for generating application security reports.
Infosechouse
⭐
162
Tools & Resources for Cyber Security Operations
Recsech
⭐
161
Recsech is a tool for doing Footprinting and Reconnaissance on the target web. Recsech collects information such as DNS Information, Sub Domains, HoneySpot Detected, Subdomain takeovers, Reconnaissance On Github and much more you can see in Features in tools .
Mkpath
⭐
154
Make URL path combinations using a wordlist
Skanuvaty
⭐
140
Dangerously fast DNS/network/port scanner
Sharpstrike
⭐
137
A Post exploitation tool written in C# uses either CIM or WMI to query remote systems.
Subdominator
⭐
136
The Internets #1 Subdomain Takeover Tool
Peniot
⭐
135
PENIOT: Penetration Testing Tool for IoT
Faction
⭐
133
Pen Test Report Generation and Assessment Collaboration
Jwtxploiter
⭐
130
A tool to test security of json web token
Chronos
⭐
127
Extract pieces of info from a web page's Wayback Machine history
Privatecollaborator
⭐
121
A script for installing private Burp Collaborator with free Let's Encrypt SSL-certificate
Find Gh Poc
⭐
117
Find CVE PoCs on GitHub
Synergy Httpx
⭐
106
A Python http(s) server designed to assist in red teaming activities such as receiving intercepted data via POST requests and serving content dynamically (e.g. payloads).
Stews
⭐
96
A Security Tool for Enumerating WebSockets
Petep
⭐
95
PETEP (PEnetration TEsting Proxy) is an open-source Java application for traffic analysis & modification using TCP/UDP proxies. PETEP is a useful tool for performing penetration tests of applications with various application protocols. ⚡
Xsubfind3r
⭐
92
A command-line interface (CLI) based passive subdomain discovery utility. It is designed to efficiently identify known subdomains of given domains by tapping into a multitude of curated online passive sources.
Givingstorm
⭐
89
Infection vector that bypasses AV, IDS, and IPS. (For now...)
Lfitester
⭐
89
LFITester is a Python3 program that automates the detection and exploitation of Local File Inclusion (LFI) vulnerabilities on a server.
Xposedornot
⭐
87
XposedOrNot (XoN) tool is to search an aggregated repository of xposed passwords comprising of ~850 million real time passwords. Usage of such compromised passwords is detrimental to individual account security.
Sharpspray
⭐
82
Active Directory password spraying tool. Auto fetches user list and avoids potential lockouts.
Activedirectoryattacktool
⭐
81
ADAT is a small tool used to assist CTF players and Penetration testers with easy commands to run against an Active Directory Domain Controller. This tool is is best utilized using a set of known credentials against the host.
Xcrawl3r
⭐
79
A command-line interface (CLI) based utility to recursively crawl webpages. It is designed to systematically browse webpages' URLs and follow links to discover linked webpages' URLs.
Evasor
⭐
76
A tool to be used in post exploitation phase for blue and red teams to bypass APPLICATIONCONTROL policies
Chomtesh
⭐
76
CHOMTE.SH is a powerful shell script designed to automate reconnaissance tasks during penetration testing. It utilizes various Go-based tools to gather information and identify the attack surface, making it a valuable asset for bug bounty hunters and penetration testers.
Combogen
⭐
76
Combo List Generator for Android Devices (Termux) by @Voldemort1912.
Bento
⭐
76
Bento Toolkit is a minimal fedora-based container for penetration tests and CTF with the sweet addition of GUI applications.
Nipejs
⭐
74
Simplify your life with leak detection in JavaScript. NipeJS streamlines the use of regex, making it effortless to uncover potential leaks.
Httpworker
⭐
74
A Flask-based HTTP(S) command and control (C2) framework with a web interface. Custom Windows EXE/DLL implants written in C++. For educational use only.
Openorchid
⭐
69
Collection of GoPhish templates available for legitimate usage.
Ctrsploit
⭐
64
A penetration toolkit for container environment
Reversepowershell
⭐
63
Functions that can be used to gain Reverse Shells with PowerShell
Forbidden Buster
⭐
63
A tool designed to automate various techniques in order to bypass HTTP 401 and 403 response codes and gain access to unauthorized areas in the system. This code is made for security enthusiasts and professionals only. Use it at your own risk.
Enumerepo
⭐
60
List all public repositories for (valid) GitHub usernames
Proto Find
⭐
58
Let's check if your target is vulnerable for client side prototype pollution.
Cybersecurity Dark Web
⭐
53
A collection of awesome software, libraries, learning tutorials, documents, books & technical resources and cool stuff about dark web.
Xxelixir
⭐
53
This tool is designed to test for file upload and XXE vulnerabilities by poisoning XLSX files.
Regstrike
⭐
52
RegStrike is a .reg payload generator
Httpuploadexfil
⭐
42
A simple HTTP server for delivering and exfiltrating files/data during, for example, CTFs.
Htkit
⭐
41
Information Gathering Simplified.
Webrecon
⭐
41
Automated Web Recon Shell Scripts
Pb Af Xdp
⭐
40
An application that utilizes fast AF_XDP Linux sockets to send network packets. Used for penetration testing including Denial of Service (DoS), and network monitoring.
Aizawa
⭐
35
Simple command-line webshell that executes commands via the HTTP request in order to avoid any WAF or IDS while bypassing disable_function.
Bifrost
⭐
34
A Flask-based HTTP(S) command and control (C2) with a web frontend. Malleable agent written in Go.
Attacksurfacemanagement
⭐
33
Discover the attack surface and prioritize risks with our continuous Attack Surface Management (ASM) platform - Sn1per Professional #pentest #redteam #bugbounty
Aws Attack
⭐
32
AWSATT&CK adds MITRE ATT&CK context and additional logging capabilities to Rhino Security Labs's open-source AWS exploitation framework, Pacu.
Mgwls
⭐
31
Combine words from two wordlist files and concatenate them with an optional delimiter
Python Security Tool Database
⭐
29
Solid Python toolkit for those in the security industry. Some by me, most by smarter people.
Pichichih0ll0wer
⭐
27
Nim process hollowing loader
Pwg
⭐
25
Penetration Testing with Golang
Wordlist Generator
⭐
24
Generate customised wordlist for penetration testing practice (e.g. brute force attack, dictionary attack, etc.)
Netlas Scripts
⭐
23
Several scripts are based on the Netlas.io search engine. They will allow you to carry out the reconnaissance phase before the pen test in a semi-automatic mode: collect all the domains and IP addresses associated with the target and save the responses received after contacting these hosts in HTML format. Over time, new scripts will appear here.
Sp00fer
⭐
22
Sp00fer blog post -
Submonit88r
⭐
20
Submonit88r is a subdomain enumeration tool that allows you to discover and monitor subdomains for a given list of domains. It fetches subdomains from various sources [crtsh, hackertargetapi, anubis, alienvault, rappiddns, urlscan ] , saves them to a SQLite database, and can notify updates via Discord.
Snetra
⭐
20
A Python based scanner uses shodan-internetdb to scan the IP.
Deep Inside
⭐
19
Command line tool that allows you to explore IoT devices by using Shodan API.
Deviltwin Nodemcu
⭐
18
⚡ Perform Evil Twin Attack Using NodeMCU Board
Sri Check
⭐
18
Python script for fetching script tags without subresource integrity.
Cerberus
⭐
17
Cerberus is another simple stressing tool simulating DDoS attacks.
Cve 2022 44268
⭐
17
CVE-2022-44268 ImageMagick Arbitrary File Read - Proof of Concept exploit
Ggtfobins
⭐
17
Get GTFOBins info about a given exploit from the command line
Bca Phantom
⭐
17
A multi-platform HTTP(S) Reverse Shell Server and Client in Python 3
Mailripv3
⭐
16
SMTP and IMAP checker / cracker for mailpass combolists with a user-friendly GUI, automated inbox test and many more features.
Hacking Repos
⭐
16
A collection of awesome GitHub repositories for hackers, pentesters & security researchers. ADDING MORE REPOs SOON.
Metasploit Tutorial
⭐
15
👽 Metasploit is the most widely used open-source exploitation framework. Learn how to use it and unlock its full potential.
Burp Suite Professional Latest Version
⭐
15
Activate Burp Suite Pro with Key-Generator and Key-Loader
1-100 of 150 search results
Next >
Privacy
|
About
|
Terms
|
Follow Us On Twitter
Copyright 2018-2024 Awesome Open Source. All rights reserved.