Awesome Open Source
Search results for security pentesting
747 search results found
A collection of various awesome lists for hackers, pentesters and security researchers
A list of useful payloads and bypass for Web Application Security and Pentest/CTF
A collection of hacking tools, resources and references to practice ethical hacking.
🤖 The Modern Port Scanner 🤖
A collection of awesome software, libraries, documents, books, resources and cools stuffs about security.
Web path scanner
Awesome Web Security
🐶 A curated list of Web Security materials and resources.
OWASP Juice Shop: Probably the most modern and sophisticated insecure web application
Nishang - Offensive PowerShell for red team, penetration testing and offensive security.
Attack Surface Management Platform | Sn1perSecurity LLC
📱 objection - runtime mobile exploration
The Web Security Testing Guide is a comprehensive Open Source guide to testing the security of web applications and web services.
Cyber Security ALL-IN-ONE Platform
This is a multi-use bash script for Linux systems to audit wireless networks.
Gather and update all available and newest CVEs with their PoC.
Awesome Web Hacking
A list of web application security
Next generation web scanner
A Workflow Engine for Offensive Security
A curated list of awesome infosec courses and training resources.
暂停维护 | ffffffff0x 团队维护的安全知识框架,内容包括不仅限于 web安全、工控安全、取证、应急、蓝队设施部署、后渗透、Linux安全、各类靶机writup
reconFTW is a tool designed to perform automated recon on a target domain by running the best set of tools to perform scanning and finding out vulnerabilities
Penetration Testing Reference Bank - OSCP / PTP & PTX Cheatsheet
All about bug bounty (bypasses, payloads, and etc)
Hacking Security Ebooks
Top 100 Hacking & Security E-Books (Free Download)
Open Source Vulnerability Management Platform
Active Directory Exploitation Cheat Sheet
A cheat sheet that contains common enumeration and attack methods for Windows Active Directory.
Free Security Ebooks
Free Security and Hacking eBooks
The AWS exploitation framework, designed for testing the security of Amazon Web Services environments.
Kubernetes Goat is a "Vulnerable by Design" cluster environment to learn and practice Kubernetes security using an interactive hands-on playground 🚀
Web Application Security Scanner Framework
Monitor linux processes without root permissions
Awesome Shodan Queries
🔍 A collection of interesting, funny, and depressing search queries to plug into shodan.io 👩💻
Learn Web Hacking
Study Notes For Web Hacking / Web安全学习笔记
Awesome Pentest Cheat Sheets
Collection of the cheat sheets useful for pentesting
pocsuite3 is an open-sourced remote vulnerability testing framework developed by the Knownsec 404 Team.
The Leading Security Assessment Framework for Android.
Cameradar hacks its way into RTSP videosurveillance cameras
Vulmap 是一款 web 漏洞扫描和验证工具, 可对 webapps 进行漏洞扫描, 并且具备漏洞验证功能
Advanced vulnerability scanning with Nmap NSE
A collection of custom security tools for quick needs.
Black Hat Rust
Applied offensive security with Rust - https://kerkour.com/black-hat-rust
Awesome hacking is an awesome collection of hacking tools.
Automated Penetration Testing Framework - Open-Source Vulnerability Scanner - Vulnerability Management
PENTEST-WIKI is a free online security knowledge library for pentesters / researchers. If you have a good idea, please share it with others.
OSINT automation for hackers.
Automated Security Testing For REST API's
Awesome Api Security
A collection of awesome API Security tools and resources. The focus goes to open-source tools and resources that benefit all the community.
Awesome Nodejs Security
Awesome Node.js Security resources
Penetration Testing Tools
A collection of more than 170+ tools, scripts, cheatsheets and other loots that I've developed over years for Red Teaming/Pentesting/IT Security audits purposes.
A Curated list of IoT Security Resources
👻Stowaway -- Multi-hop Proxy Tool for pentesters
EMBA - The firmware security analyzer
Snoop — инструмент разведки на основе открытых данных (OSINT world)
31 Days Of Api Security Tips
This challenge is Inon Shkedy's 31 days API Security Tips.
Awesome Ethical Hacking Resources
🔗 All the resources I could find for learning Ethical Hacking and Penetration Testing.
The OWASP MASVS (Mobile Application Security Verification Standard) is the industry standard for mobile app security.
Venom - A Multi-hop Proxy for Penetration Testers
A security tool for multithreaded information gathering and service enumeration whilst building directory structures to store results, along with writing out recommendations for further testing.
Awesome Mobile Security
An effort to build a single place for all useful android and iOS security related stuff. All references and tools belong to their respective owners. I'm just maintaining it.
Subdomain Takeover tool written in Go
Offensive Web Testing Framework (OWTF), is a framework which tries to unite great tools and make pen testing more efficient http://owtf.org https://twitter.com/owtfp
Pentest Report Generator
Reverse proxies cheatsheet
Semi-automatic OSINT framework and package manager
🔎 Most Advanced Open Source Intelligence (OSINT) Framework for scanning IP Address, Emails, Websites, Organizations.
Find web directories without bruteforce
Collection of quality safety articles. Awesome articles.
Metlo is an open-source API security platform.
A Burp Suite extension that integrates OpenAI's GPT to perform an additional passive scan for discovering highly bespoke vulnerabilities, and enables running traffic-based analysis of any type.
CloakifyFactory - Data Exfiltration & Infiltration In Plain Sight; Convert any filetype into list of everyday strings, using Text-Based Steganography; Evade DLP/MLS Devices, Defeat Data Whitelisting Controls, Social Engineering of Analysts, Evade AV Detection
🖖 Fast, modern, easy-to-use network scanner
For basic researches, top 25 vulnerability parameters that can be used in automation tools or manual recon. 🛡️⚔️🧙
LKM rootkit for Linux Kernels 2.6.x/3.x/4.x/5.x (x86/x86_64 and ARM64)
Scripts to make password spraying attacks against Lync/S4B, OWA & O365 a lot quicker, less painful and more efficient
Damn Vulnerable Graphql Application
Damn Vulnerable GraphQL Application is an intentionally vulnerable implementation of Facebook's GraphQL technology, to learn and practice GraphQL Security.
Penetration Testing Platform
The iOS Security Testing Framework
Uses Empire's (https://github.com/BC-SECURITY/Empire) RESTful API to automate gaining Domain and/or Enterprise Admin rights in Active Directory environments using some of the most common offensive TTPs.
Discover Your Attack Surface!
🔥 A powerful MongoDB auditing and pentesting tool 🔥
Evilgrade is a modular framework that allows the user to take advantage of poor upgrade implementations by injecting fake updates.
Attack surface mapping
A virtual host scanner that performs reverse lookups, can be used with pivot tools, detect catch-all scenarios, work around wildcards, aliases and dynamic default pages.
A default credential scanner.
Easily turn single threaded command line applications into a fast, multi-threaded application with CIDR and glob support.
RDP monster-in-the-middle (mitm) and library for Python with the ability to watch connections live or after the fact
A Virtual Machine For Assessing Android applications, Reverse Engineering and Malware Analysis
K8Ladon大型内网渗透自定义插件化扫描神器，包含信息收集、网络资产、漏洞扫描、密码爆破、漏洞利用 C段旁注扫描、子域名扫描、Ftp密码爆破、Mysql密码爆破、Oracle密码爆破、MSSQL密码爆 Strike联动
Nosey Parker is a command-line program that finds secrets and sensitive information in textual data and Git history.
OWASP Mutillidae II is a free, open-source, deliberately vulnerable web application providing a target for web-security training. This is an easy-to-use web hacking environment designed for labs, security enthusiasts, classrooms, CTF, and vulnerability assessment tool targets.
linuxprivchecker.py -- a Linux Privilege Escalation Check Script
An HTTP/HTTPS intercept proxy written in Go.
A Collection of Notes, Checklists, Writeups on Bug Bounty Hunting and Web Application Security.
Tool that monitors, analyzes and limits the bandwidth of devices on the local network without administrative access.
Take a list of domains, crawl urls and scan for endpoints, secrets, api keys, file extensions, tokens and more
Passhunt is a simple tool for searching of default credentials for network devices, web applications and more. Search through 523 vendors and their 2084 default passwords.
Security Vulnerability (12,295)
Laravel Security (11,580)
Php Security (10,611)
Penetration Testing Pentesting (3,766)
Html Security (2,245)
Python Security (1,733)
Python Pentesting (1,452)
Golang Security (1,331)
Shell Security (1,085)
1-100 of 747 search results
Follow Us On Twitter
Copyright 2018-2023 Awesome Open Source. All rights reserved.