Awesome Open Source

Programming Languages

Search results for pentesting tools

pentesting-tools x

198 search results found

Scanners Box ⭐ 8,001

A powerful and open-source toolkit for hackers and security automation - 安全行业从业者自研开源扫描器合辑

Sn1per ⭐ 7,480

Attack Surface Management Platform

Whatweb ⭐ 5,110

Next generation web scanner

Feroxbuster ⭐ 5,006

A fast, simple, recursive content discovery tool written in Rust.

Nettacker ⭐ 2,915

Automated Penetration Testing Framework - Open-Source Vulnerability Scanner - Vulnerability Management

Hoaxshell ⭐ 2,678

A Windows reverse shell payload generator and handler that abuses the http(s) protocol to establish a beacon-like reverse shell.

Malicious Pdf ⭐ 2,029

💀 Generate a bunch of malicious pdf files with phone-home functionality. Can be used with Burp Collaborator or Interact.sh

Finalrecon ⭐ 1,949

All In One Web Recon

Pwndoc ⭐ 1,827

Pentest Report Generator

Pwncat ⭐ 1,638

pwncat - netcat on steroids with Firewall, IDS/IPS evasion, bind and reverse shell, self-injecting shell and port forwarding magic - and its fully scriptable with Python (PSE)

Platypus ⭐ 1,442

🔨 A modern multiple reverse shell sessions manager written in go

Lockdoor Framework ⭐ 1,254

🔐 Lockdoor Framework : A Penetration Testing framework with Cyber Security Resources

Toxssin ⭐ 1,105

An XSS exploitation command-line interface and payload generator.

Learn365 ⭐ 1,006

This repository is about @harshbothra_'s 365 days of Learning Tweets & Mindmaps collection.

Sysreptor ⭐ 979

Fully customisable, offensive security reporting solution designed for pentesters, red teamers and other security-related people alike.

Eyeballer ⭐ 959

Convolutional neural network for analyzing pentest screenshots

Socialpwned ⭐ 879

SocialPwned is an OSINT tool that allows to get the emails, from a target, published in social networks such as Instagram, Linkedin and Twitter to find possible credentials leaks in PwnDB or Dehashed and obtain Google account information via GHunt.

Cloakquest3r ⭐ 818

Uncover the true IP address of websites safeguarded by Cloudflare & Others

Awesome Hacking Lists ⭐ 763

平常看到好的渗透hacking工具和多领域效率工具的集合

Automated Penetration Testing Reporting System

Frida Ios Hook ⭐ 744

A tool that helps you easy trace classes, functions, and modify the return values of methods on iOS platform

Offensive Docker ⭐ 718

Offensive Docker is an image with the more used offensive tools to create an environment easily and quickly to launch assessment to the targets.

Justtryharder ⭐ 709

JustTryHarder, a cheat sheet which will aid you through the PWK course & the OSCP Exam. (Inspired by PayloadAllTheThings)

O365spray ⭐ 604

Username enumeration and password spraying tool aimed at Microsoft O365.

Apkhunt ⭐ 580

APKHunt is a comprehensive static code analysis tool for Android apps that is based on the OWASP MASVS framework. Although APKHunt is intended primarily for mobile app developers and security testers, it can be used by anyone to identify and address potential security vulnerabilities in their code.

Firecrack ⭐ 560

🔥 Firecrack pentest tools: Facebook hacking random attack, deface, admin finder, bing dorking:

Packet Sniffer ⭐ 548

A Network Packet Sniffing tool developed in Python 3.

Sstimap ⭐ 546

Automatic SSTI detection tool with interactive interface

A technique to run binaries filelessly and stealthily on Linux by "overwriting" the shell's process with another.

Offsec Reporting ⭐ 459

Offensive Security OSCP, OSWP, OSEP, OSWA, OSWE, OSED, OSMR, OSEE, OSDA Exam and Lab Reporting / Note-Taking Tool

A Virtual environment for Pentesting IoT Devices

Offensive Osint Tools ⭐ 373

OffSec OSINT Pentest/RedTeam Tools

Sessionprobe ⭐ 290

SessionProbe is a multi-threaded tool designed for penetration testing and bug bounty hunting. It evaluates user privileges in web applications by taking a session token and checking access across a list of URLs, highlighting potential authorization issues.

Shotdroid ⭐ 274

ShotDroid is a pentesting tool for android. There are 3 tools that have their respective functions, Get files from Android directory, internal and external storage, Android Keylogger + Reverse Shell and Take a webcam shot of the face from the front camera of the phone and PC.

Pwndoc Ng ⭐ 273

Pentest Report Generator

An extensible toolkit providing penetration testers an easy-to-use platform to deploy Access Points during penetration testing and red team engagements.

Wifi Pentesting Guide ⭐ 269

WiFi Penetration Testing Guide

Keyfinder ⭐ 265

Keyfinder🔑 is a tool that let you find keys while surfing the web!

Nimbo C2 ⭐ 255

Nimbo-C2 is yet another (simple and lightweight) C2 framework

Sweetpotato ⭐ 243

基于burpsuite的资产分析工具

Wechat Dump Rs ⭐ 239

该工具用于导出正在运行中的微信进程的 key 并自动解密所有微信数据库文件以及导出 key 后数据库文件离线解密。

Nekobotv1 ⭐ 236

NekoBot | Auto Exploiter With 500+ Exploit 2000+ Shell

Golinkfinder ⭐ 217

A fast and minimal JS endpoint extractor

Learn365 ⭐ 207

This repository is about @AnubhavSingh_'s 365 days of Learning Tweets collection.

Gtfoblookup ⭐ 206

Offline command line lookup utility for GTFOBins (https://github.com/GTFOBins/GTFOBins.github.io), LOLBAS (https://github.com/LOLBAS-Project/LOLBAS), WADComs (https://wadcoms.github.io), and HijackLibs (https://hijacklibs.net/).

Blackhat Go ⭐ 206

As hackers, we put a premium on function over elegance as time is always scarce. When you need to quickly create a solution to a problem, style concerns come secondary.

Generate tens of thousands of subdomain combinations in a matter of seconds

Handbook ⭐ 196

A living document for penetration testing and offensive security.

[WIP] A free and open-source, modular Remote Administration Tool (RAT) / Payload Dropper written in Go(lang) with a flexible command and control (C2) system.

Crimson ⭐ 194

Web Application Security Testing Tools

Conti Pentester Guide Leak ⭐ 191

Leaked pentesting manuals given to Conti ransomware crooks

Offsec Tools ⭐ 181

Compiled tools for internal assessments

Rapidpayload ⭐ 176

Framework RapidPayload - Metasploit Payload Generator | Crypter FUD AntiVirus Evasion

Reconky Automated_bash_script ⭐ 170

Reconky is an great Content Discovery bash script for bug bounty hunters which automate lot of task and organized in the well mannered form which help them to look forward.

Filter and enrich a list of subdomains by level

Ics Pentesting Tools ⭐ 162

A curated list of tools related to Industrial Control System (ICS) security and Penetration Testing

Amnesiac ⭐ 157

Amnesiac is a post-exploitation framework entirely written in PowerShell and designed to assist with lateral movement within Active Directory environments

Make URL path combinations using a wordlist

Favirecon ⭐ 149

Use favicon.ico to improve your target recon phase. Quickly detect technologies, WAF, exposed panels, known services.

Nix Security Box ⭐ 147

Tool set for Information security professionals and all others

Wwwtree ⭐ 146

A utility for quickly and easily locating, web hosting and transferring resources (e.g., exploits/enumeration scripts) from your filesystem to a victim machine during privilege escalation.

Fuzzingtool ⭐ 143

Software for fuzzing, used on web application pentestings.

Admin Scanner ⭐ 141

This tool is design to find admin panel of any website by using custom wordlist or default wordlist easily and allow you to find admin panel trough a proxy server

PAKURI has been merged with Python and launched as a new project, PAKURI-THON.

This project intends to provide a series of tools to craft, parse, send, analyze and crack a set of LoRaWAN packets in order to audit or pentest the security of a LoraWAN infrastructure.

Recon tool for cloud provider attribution. Supports AWS, Azure, Google, Cloudflare, and Digital Ocean.

Jwtxploiter ⭐ 130

A tool to test security of json web token

Smsgate ⭐ 125

SMSgate is an open source Python-based server for sending and especially receiving SMS using multiple GSM modems and SIM cards.

Smtptester ⭐ 123

small python3 tool to check common vulnerabilities in SMTP servers

Webstor ⭐ 119

A script to quickly enumerate all websites across all of your organization's networks, store their responses, and query for known web technologies, such as those with zero-day vulnerabilities.

Pentesting Framework ⭐ 112

Pentesting Framework is a bundle of penetration testing tools, Includes - security, pentesting, hacking and many more.

Argus Advanced Remote & Local Keylogger For macOS and Windows

Burp Suite Pro ⭐ 109

A bash and powershell script to download the latest version of Burp-Suite Professional and use it for free.

Whoamifuck ⭐ 109

用于Linux应急响应，快速排查异常用户登录情况和入侵信息排查，准确定位溯源时间线，高效辅助还原攻击

Scripts and other stuff.

Some_pentesters_securityresearchers_redteamers ⭐ 97

Some Pentesters, Security Researchers, Red Teamers which i learned from them a lot...

PETEP (PEnetration TEsting Proxy) is an open-source Java application for traffic analysis & modification using TCP/UDP proxies. PETEP is a useful tool for performing penetration tests of applications with various application protocols. ⚡

Mediator ⭐ 91

An extensible, end-to-end encrypted reverse shell that works across networks without port forwarding.

Nist To Tech ⭐ 88

An open-source listing of cybersecurity technology mapped to the NIST Cybersecurity Framework (CSF)

Turbo Attack ⭐ 87

A turbo traffic generator pentesting tool to generate random traffic with random mac and ip addresses in addition to random sequence numbers to a particular ip and port.

PowerShell payload generator

Mailripv2 ⭐ 80

Improved SMTP Checker / SMTP Cracker with proxy-support, inbox test and many more features.

ScanPro - NMap Scanning Scripts ~ Network Mapper

Multi-threaded Padding Oracle attacks against any service. Written in Rust.

Enum4linuxpy ⭐ 77

Everyone's favorite SMB/SAMBA/CIFS enumeration tool ported over to Python.

Simple Async Port Scanner ⭐ 77

A simple asynchronous TCP/IP Connect Port Scanner in Python 3

Smtp User Enum ⭐ 74

SMTP user enumeration via VRFY, EXPN and RCPT with clever timeout, retry and reconnect functionality.

Sqli Query Tampering ⭐ 74

SQLi Query Tampering extends and adds custom Payload Generator/Processor in Burp Suite's Intruder. This extension gives you the flexibility of manual testing with many powerful evasion techniques.

rsGen is a Reverse Shell Payload Generator for hacking.

Pentest Bookmarkz ⭐ 67

A collection of useful links for Pentesters

Hacknetics ⭐ 67

Contained is all my reference material for my OSCP / Red Teaming. Designed to be a one stop shop for code, guides, command syntax, and high level strategy. One simple clone and you have access to some of the most popular tools used for pentesting.

Wifi Deauth ⭐ 63

A deauth attack that disconnects all devices from the target wifi network (2.4Ghz & 5Ghz)

Frida_setup ⭐ 63

One-click installer for Frida and Burp certs for SSL Pinning bypass

Enumerepo ⭐ 60

List all public repositories for (valid) GitHub usernames

🐳 VMs are bloat. Dockerise your CTF environment.

xss vulnerability scanner and input fuzzing tool.

Regstrike ⭐ 52

RegStrike is a .reg payload generator

Offensive Docker Vps ⭐ 52

Create a VPS on Google Cloud Platform or Digital Ocean easily with Offensive Docker included to launch assessment to the targets.

Kali Wsl ⭐ 47

Update, Upgrade, XFCE4 - GUI Mode & Hacking Tools for Kali Linux Windows App

xSMTP 🦟 Lightning fast, multithreaded smtp scanner targeting open-relay and unsecured servers in multiple network ranges.

1-100 of 198 search results

Privacy | About | Terms | Follow Us On Twitter

Copyright 2018-2024 Awesome Open Source. All rights reserved.