Awesome Open Source

Programming Languages

Search results for pentest tool

417 search results found

Dotdotslash ⭐ 366

Search for Directory Traversal Vulnerabilities

Set of tools to audit SIP based VoIP Systems

Sharphostinfo ⭐ 345

SharpHostInfo是一款快速探测内网主机信息工具（深信服深蓝实验室天威战队强力驱动）

Cloudbunny ⭐ 342

CloudBunny is a tool to capture the real IP of the server that uses a WAF as a proxy or protection. In this tool we used three search engines to search domain information: Shodan, Censys and Zoomeye.

Koko Moni ⭐ 338

一个网络空间搜索引擎监控平台，可定时进行资产信息爬取，及时发现新增资产，本项目聚合了 Fofa、Hunter、Quake、Zoomeye 和 Threatbook 的数据源，并对获取到的数据进行去重与清洗

Susanoo ⭐ 322

A REST API security testing framework.

Perfusion ⭐ 316

Exploit for the RpcEptMapper registry key permissions vulnerability (Windows 7 / 2088R2 / 8 / 2012)

SBSCAN是一款专注于spring框架的渗透测试工具，可以对指定站点进行springboot未授权 [SBSCAN is a penetration testing tool focused on the spring framework that can scan springboot sensitive information/unauthorized for specified sites and scan and validate spring related vulnerabilities]

Darkside ⭐ 315

Tool Information Gathering & social engineering Write By [Python,JS,PHP]

Esp Rfid Tool ⭐ 313

A tool for logging data/testing devices with a Wiegand Interface. Can be used to create a portable RFID reader or installed directly into an existing installation. Provides access to a web based interface using WiFi in AP or Client mode. Will work with nearly all devices that contain a standard 5V Wiegand interface. Primary target group is 26-37bit HID Cards. Similar to the Tastic RFID Thief, Blekey, and ESPKey.

Watchdog ⭐ 309

Watchdog - A Comprehensive Security Scanning and a Vulnerability Management Tool.

Getaltname ⭐ 306

Extract subdomains from SSL certificates in HTTPS sites.

an easy pentesting tool.

Userefuzz ⭐ 302

User-Agent , X-Forwarded-For and Referer SQLI Fuzzer

EyeJo是一款自动化资产风险评估平台，可以协助甲方安全人员或乙方安全人员对授权的资产中进行排查，快

Socialfishmobile ⭐ 284

📱 🐟 An app to remote control SocialFish.

Shotdroid ⭐ 274

ShotDroid is a pentesting tool for android. There are 3 tools that have their respective functions, Get files from Android directory, internal and external storage, Android Keylogger + Reverse Shell and Take a webcam shot of the face from the front camera of the phone and PC.

Wiegand data logger, replay device and micro door-controller

An extensible toolkit providing penetration testers an easy-to-use platform to deploy Access Points during penetration testing and red team engagements.

A CPU-based JSON Web Token (JWT) cracker and - to some extent - scanner.

Phoenixc2 ⭐ 247

Command & Control-Framework created for collaboration in python3

Printspoofer ⭐ 246

Abusing Impersonation Privileges on Windows 10 and Server 2019

Droid Hunter ⭐ 244

(deprecated) Android application vulnerability analysis and Android pentest tool

Vaf is a cross-platform very advanced and fast web fuzzer written in nim

Dnsmorph ⭐ 235

Domain name permutation engine written in Go

Weakpass ⭐ 221

Weakpass rule-based online generator to create a wordlist based on a set of words entered by the user.

Investigator ⭐ 218

An online handy-recon tool

Golinkfinder ⭐ 217

A fast and minimal JS endpoint extractor

Relational database brute force and post exploitation tool for MySQL and MSSQL

Mitm Scripts ⭐ 214

🔄 A collection of mitmproxy inline scripts

Content Bruteforcing Wordlist ⭐ 210

Wordlist for content(directory) bruteforce discovering with Burp or dirsearch

Crawley ⭐ 208

The unix-way web crawler

Afuzz is an automated web path fuzzing tool for the Bug Bounty projects.

Subdomain_shell ⭐ 197

一键调用subfinder+ksubdomain+httpx 强强联合从域名发现-->域名验证-->获取域名标题、状态码以及响应大小最后保存结果,简化重复操作命令

Arl Plus Docker ⭐ 196

基于斗象灯塔ARL修改后的版本。相比原版，增加了OneForAll、中央数据库，修改了altDns

Zigdiggity ⭐ 194

A ZigBee hacking toolkit by Bishop Fox

Killchain ⭐ 192

A unified console to perform the "kill chain" stages of attacks.

Nightingale ⭐ 183

It's a Docker Environment for Pentesting which having all the required tool for VAPT.

Pentest tool for antivirus evasion and running arbitrary payload on target Wintel host

Lucifer ⭐ 177

A Powerful Penetration Tool For Automating Penetration Tasks Such As Local Privilege Escalation, Enumeration, Exfiltration and More... Use Or Build Automation Modules To Speed Up Your Cyber Security Life

Sqlscan ⭐ 173

Quick SQL Scanner, Dorker, Webshell injector PHP

Docker Security Images ⭐ 173

🔐 Docker Container for Penetration Testing & Security

Powerladon ⭐ 171

Ladon hacking Scanner for PowerShell, vulnerability / exploit / detection / MS17010/SmbGhost,Brute-Force SMB/IPC/WMI/NBT/SSH/FTP/MSSQL/MYSQL/ORACLE/VNC

Icp Domains ⭐ 163

输入一个域名，输出ICP备案所有关联域名

Infosechouse ⭐ 162

Tools & Resources for Cyber Security Operations

Ics Pentesting Tools ⭐ 162

A curated list of tools related to Industrial Control System (ICS) security and Penetration Testing

Fileless Xec ⭐ 160

Stealth dropper executing remote binaries without dropping them on disk .(HTTP3 support, ICMP support, invisible tracks, cross-platform,...)

Amnesiac ⭐ 157

Amnesiac is a post-exploitation framework entirely written in PowerShell and designed to assist with lateral movement within Active Directory environments

Crithit ⭐ 152

Takes a single wordlist item and tests it one by one over a large collection of websites before moving onto the next. Create signatures to cross-check vulnerabilities over multiple hosts.

dnsub一款好用的子域名扫描工具

Favirecon ⭐ 149

Use favicon.ico to improve your target recon phase. Quickly detect technologies, WAF, exposed panels, known services.

vMass Bot 🪝 Vulnerability Scanner & Auto Exploiter Tool Written in Perl.

Nix Security Box ⭐ 147

Tool set for Information security professionals and all others

Gitmails ⭐ 146

An information gathering tool to collect git commit emails in version control host services

Auth_analyzer ⭐ 146

Burp Extension for testing authorization issues. Automated request repeating and parameter value extraction on the fly.

PAKURI has been merged with Python and launched as a new project, PAKURI-THON.

Relayer ⭐ 135

SMB Relay Attack Script

Airmaster ⭐ 131

Use ExpiredDomains.net and BlueCoat to find useful domains for red team.

Tirefire ⭐ 131

Automate the scanning and enumeration of machines externally while maintaining complete control over scans shot to the target. Comfortable GUI-ish platform. Great for OSCP/HTB type Machines as well as penetration testing.

Jwtxploiter ⭐ 130

A tool to test security of json web token

RAT-el is an open source penetration test tool that allows you to take control of a windows machine. It works on the client-server model, the server sends commands and the client executes the commands and sends the result back to the server. The client is completely undetectable by anti-virus software.

Golazagne ⭐ 128

Go library for credentials recovery

Pentesting Dockerfiles ⭐ 126

Pentesting/Bugbounty Dockerfiles.

A phased, evasive Path Traversal + LFI scanning & exploitation tool in Python

Trigmap ⭐ 123

A wrapper for Nmap to quickly run network scans

Cloud Buster ⭐ 121

A Cloudflare resolver that works

Webstor ⭐ 119

A script to quickly enumerate all websites across all of your organization's networks, store their responses, and query for known web technologies, such as those with zero-day vulnerabilities.

Msploitego ⭐ 115

Pentesting suite for Maltego based on data in a Metasploit database

Awesome Attack Surface Monitoring ⭐ 111

Curated list of open-source & paid Attack Surface Monitoring (ASM) tools.

Darkspiritz ⭐ 111

🌔 Official Repository for DarkSpiritz Penetration Framework | Written in Python 🐍

Traxosint ⭐ 109

Osint tool for track ip adress

Burp Suite Pro ⭐ 109

A bash and powershell script to download the latest version of Burp-Suite Professional and use it for free.

Peekaboo ⭐ 108

PeekABoo tool can be used during internal penetration testing when a user needs to enable Remote Desktop on the targeted machine. It uses PowerShell remoting to perform this task. Note: Remote desktop is disabled by default on all Windows operating systems.

Notionterm ⭐ 108

🖥️📖 Embed reverse shell in Notion pages

Arl Npoc ⭐ 104

集漏洞验证和任务运行的一个框架

Zenbuster ⭐ 102

Multi-threaded URL enumeration/content-discovery tool in Python.

Cat-Nip Automated Basic Pentest Tool - Designed For Kali Linux

unix SSH post-exploitation 1337 tool

Burp HTTP history browser (BHHB) - A tool to view HTTP history exported from Burp Suite Community Edition

Mega Bot ⭐ 94

[NEW] : Mega Bot ☣ Scanner & Auto Exploiter

arbitrary TCP and UDP connections and listens (Netcat for Python).

foolav successor - loads DLL, executable or shellcode into memory and runs it effectively bypassing AV

A fast web directory/file enumeration tool written in Rust

Win Portfwd ⭐ 93

Powershell script to setup windows port forwarding using native netsh client

Git Scanner ⭐ 92

A tool for bug hunting or pentesting for targeting websites that have open .git repositories available in public

Lazypariah ⭐ 90

A tool for generating reverse shell payloads on the fly.

53r3n17y ⭐ 89

Python based script for Information Gathering.

Lfitester ⭐ 89

LFITester is a Python3 program that automates the detection and exploitation of Local File Inclusion (LFI) vulnerabilities on a server.

Rfparty Monitor ⭐ 88

its like a tricorder, for your wireless world.

Digital Forensics With Kali Linux ⭐ 87

Digital Forensics with Kali Linux, published by Packt

Turbo Attack ⭐ 87

A turbo traffic generator pentesting tool to generate random traffic with random mac and ip addresses in addition to random sequence numbers to a particular ip and port.

Fucking Awesome Hacking ⭐ 86

A collection of various awesome lists for hackers, pentesters and security researchers. With repository stars⭐ and forks🍴

Fastdork ⭐ 85

⚡Chrome extension allows you to create lists of Google and Github dork to open multiple tabs with one click, import "scope/out of scope" from #HackerOne #Bugcrowd #Intigriti ...

Let's you perform domain/IP information gathering... in BASH! Wasn't it esr who said "With enough eyeballs, all your IP info are belong to us?"

In Spectre Meltdown ⭐ 84

This tool allows to check speculative execution side-channel attacks that affect many modern processors and operating systems designs. CVE-2017-5754 (Meltdown) and CVE-2017-5715 (Spectre) allows unprivileged processes to steal secrets from privileged processes. These attacks present 3 different ways of attacking data protection measures on CPUs enabling attackers to read data they shouldn't be able to. This tool is originally based on Microsoft: https://support.microsoft.com/en-us/help/4073119/p

Mailripv2 ⭐ 80

Improved SMTP Checker / SMTP Cracker with proxy-support, inbox test and many more features.

Pentest Tools ⭐ 79

Some random tools I use for penetration testing

ScanPro - NMap Scanning Scripts ~ Network Mapper

Queensono ⭐ 76

Golang binary for data exfiltration with ICMP protocol (+ ICMP bindshell, http over ICMP tunneling, ...)

Penkitgui ⭐ 75

渗透测试武器库

Related Searches

Penetration Testing Pentest Tool (327)

101-200 of 417 search results

Privacy | About | Terms | Follow Us On Twitter

Copyright 2018-2024 Awesome Open Source. All rights reserved.