Awesome Open Source

Programming Languages

Search results for security pentest tool

77 search results found

Dirsearch ⭐ 11,165

Web path scanner

Sn1per ⭐ 7,480

Attack Surface Management Platform

Reconftw ⭐ 5,204

reconFTW is a tool designed to perform automated recon on a target domain by running the best set of tools to perform scanning and finding out vulnerabilities

Osmedeus ⭐ 5,076

A Workflow Engine for Offensive Security

1earn ⭐ 4,841

ffffffff0x 团队维护的安全知识框架,内容包括不仅限于 web安全、工控安全、取证、应急、蓝队设施部署、后渗透、Linux安全、各类靶机writup

Vulmap ⭐ 2,935

Vulmap 是一款 web 漏洞扫描和验证工具, 可对 webapps 进行漏洞扫描, 并且具备漏洞验证功能

Stowaway ⭐ 2,195

👻Stowaway -- Multi-hop Proxy Tool for pentesters

Venom ⭐ 1,911

Venom - A Multi-hop Proxy for Penetration Testers

Dismap ⭐ 1,840

Asset discovery and identification tools 快速识别 Web 指纹信息，定位资产类型。辅助红队快速定位目标资产信息，辅助蓝队发现疑似脆弱点

Netexec ⭐ 1,596

The Network Execution Tool

Cloakify ⭐ 1,483

CloakifyFactory - Data Exfiltration & Infiltration In Plain Sight; Convert any filetype into list of everyday strings, using Text-Based Steganography; Evade DLP/MLS Devices, Defeat Data Whitelisting Controls, Social Engineering of Analysts, Evade AV Detection

Top25 Parameter ⭐ 1,311

For basic researches, top 25 vulnerability parameters that can be used in automation tools or manual recon. 🛡️⚔️🧙

Penetration Testing Platform

Perun ⭐ 1,037

Perun是一款主要适用于乙方安服、渗透测试人员和甲方RedTeam红队人员的网络资产漏洞扫描器/扫

Inventory ⭐ 1,019

Asset inventory of over 800 public bug bounty programs.

Linuxprivchecker ⭐ 934

linuxprivchecker.py -- a Linux Privilege Escalation Check Script

Evillimiter ⭐ 928

Tool that monitors, analyzes and limits the bandwidth of devices on the local network without administrative access.

Passhunt ⭐ 898

Passhunt is a simple tool for searching of default credentials for network devices, web applications and more. Search through 523 vendors and their 2084 default passwords.

Enum4linux Ng ⭐ 896

A next generation version of enum4linux (a Windows/Samba enumeration tool) with additional features like JSON/YAML export. Aimed for security professionals and CTF players.

Dumpsterfire ⭐ 709

"Security Incidents In A Box!" A modular, menu-driven, cross-platform tool for building customized, time-delayed, distributed security events. Easily create custom event chains for Blue- & Red Team drills and sensor / alert mapping. Red Teams can create decoy incidents, distractions, and lures to support and scale their operations. Build event sequences ("narratives") to simulate realistic scenarios and generate corresponding network and filesystem artifacts.

Packetwhisper ⭐ 607

PacketWhisper: Stealthily exfiltrate data and defeat attribution using DNS queries and text-based steganography. Avoid the problems associated with typical DNS exfiltration methods. Transfer data between systems without the communicating devices directly connecting to each other or to a common endpoint. No need to control a DNS Name Server.

🔑 Hash type identifier (CLI & lib)

Pentest Everything ⭐ 379

A collection of CTF write-ups, pentesting topics, guides and notes. Notes compiled from multiple sources and my own lab research. Topics also support OSCP, Active Directory, CRTE, eJPT and eCPPT.

Set of tools to audit SIP based VoIP Systems

Koko Moni ⭐ 338

一个网络空间搜索引擎监控平台，可定时进行资产信息爬取，及时发现新增资产，本项目聚合了 Fofa、Hunter、Quake、Zoomeye 和 Threatbook 的数据源，并对获取到的数据进行去重与清洗

Susanoo ⭐ 321

A REST API security testing framework.

SBSCAN是一款专注于spring框架的渗透测试工具，可以对指定站点进行springboot未授权 [SBSCAN is a penetration testing tool focused on the spring framework that can scan springboot sensitive information/unauthorized for specified sites and scan and validate spring related vulnerabilities]

Darkside ⭐ 315

Tool Information Gathering & social engineering Write By [Python,JS,PHP]

Watchdog ⭐ 309

Watchdog - A Comprehensive Security Scanning and a Vulnerability Management Tool.

Droid Hunter ⭐ 244

(deprecated) Android application vulnerability analysis and Android pentest tool

Lucifer ⭐ 177

A Powerful Penetration Tool For Automating Penetration Tasks Such As Local Privilege Escalation, Enumeration, Exfiltration and More... Use Or Build Automation Modules To Speed Up Your Cyber Security Life

Docker Security Images ⭐ 173

🔐 Docker Container for Penetration Testing & Security

Powerladon ⭐ 171

Ladon hacking Scanner for PowerShell, vulnerability / exploit / detection / MS17010/SmbGhost,Brute-Force SMB/IPC/WMI/NBT/SSH/FTP/MSSQL/MYSQL/ORACLE/VNC

Fileless Xec ⭐ 160

Stealth dropper executing remote binaries without dropping them on disk .(HTTP3 support, ICMP support, invisible tracks, cross-platform,...)

Crithit ⭐ 152

Takes a single wordlist item and tests it one by one over a large collection of websites before moving onto the next. Create signatures to cross-check vulnerabilities over multiple hosts.

Favirecon ⭐ 149

Use favicon.ico to improve your target recon phase. Quickly detect technologies, WAF, exposed panels, known services.

Airmaster ⭐ 131

Use ExpiredDomains.net and BlueCoat to find useful domains for red team.

Jwtxploiter ⭐ 130

A tool to test security of json web token

Golazagne ⭐ 128

Go library for credentials recovery

A phased, evasive Path Traversal + LFI scanning & exploitation tool in Python

Webstor ⭐ 119

A script to quickly enumerate all websites across all of your organization's networks, store their responses, and query for known web technologies, such as those with zero-day vulnerabilities.

Peekaboo ⭐ 108

PeekABoo tool can be used during internal penetration testing when a user needs to enable Remote Desktop on the targeted machine. It uses PowerShell remoting to perform this task. Note: Remote desktop is disabled by default on all Windows operating systems.

Fucking Awesome Hacking ⭐ 86

A collection of various awesome lists for hackers, pentesters and security researchers. With repository stars⭐ and forks🍴

PENTOL - Pentester Toolkit for Fiddler2

Linuxprivchecker ⭐ 58

linuxprivchecker.py -- a Linux Privilege Escalation Check Script

A modular exploitation framework extensible with Lua

Autoredtools ⭐ 54

AutoRedTools是一款轻量级一站式自动下载/自动更新常用开源软件的工具，主要帮助安全从业者/ 装的时间，从而提升生产效率或工作效率。

Automated attack surface mapper and vulnerability scanner (Work In Progress 🚧)

Ronin Vulns ⭐ 49

Tests URLs for Local File Inclusion (LFI), Remote File Inclusion (RFI), SQL injection (SQLi), and Cross Site Scripting (XSS), Server Side Template Injection (SSTI), and Open Redirects.

Simwigo is a cross-platform tool, written in Go, to simplify the deployment of a web service.

xSMTP 🦟 Lightning fast, multithreaded smtp scanner targeting open-relay and unsecured servers in multiple network ranges.

Unauthorized ⭐ 44

常见的未授权漏洞检测

Brokensmtp ⭐ 41

Small python script to look for common vulnerabilities on SMTP server.

🌒 Shell command obfuscation to avoid detection systems

ITWSV- Integrated Tool for Web Security Vulnerability

Ftpknocker ⭐ 25

🔑 ftpknocker is a multi-threaded scanner for finding anonymous FTP servers

Scan for subdomains using bruteforcing techniques

🌮 INTERACTIVE reverse shell everywhere! (Particularly digestible with socat multi-handler listener)

Obtain a clean-cut architecture at the launch of a mission and run some tests ( subdomain search, fuzzing, make screenshots on a given perimeter )

Tools for bug hunting in a container

Androsectest ⭐ 20

From this app, Connect a Phone, Extract any app from It, Decompile, Deobfuscate, Remove Certificate Pinning and Repackage it. Meanwhile, Perform some Static and Dynamic Analysis on It.

🚀 CSRFShark - a utility for manipulating cross-site request forgery attacks

Unauthorized_com ⭐ 19

未授权检测的命令行版，支持批量检测

Smart Url Fuzzer ⭐ 18

Explore URLs of domains fast and efficiently using fuzzing techniques

Python For Ethical Hacking ⭐ 17

Build tools for hacking ethically using python.

Ethical Hacking Tools ⭐ 17

List of various ethical hacking tools

Pga4decrypt ⭐ 17

A tool for recovering server credentials from a pgadmin4 database

Zaproxy Automation ⭐ 17

This is a collection of ZAProxy Automation Tools and scripts to automate security tests of WEB Applications and WEB Sites

Manage and access your Kali Linux or Parrot Security VM from the terminal (SSH support + file sharing, especially convenient during CTFs, Hack The Box, etc.) 🚀🔧

Httpcustomhouse ⭐ 15

HTTP request smuggling attack helper/CLI tools to manipulate HTTP packets

Automatedhunter ⭐ 14

Google Chrome Extension automates testing fundamental Web Problems via Chrome

Aws Loot ⭐ 11

Pull secrets from an AWS environment

Denial of service testing toolkit written in C

🚀 blazing-fast pentesting suite written in Go

Typo3accesschecker ⭐ 9

Check if Typo3 security guidelines are followed.

Hive Burp Extension ⭐ 8

About Hive Burp Suite Extension

Search_vulns ⭐ 8

Search for known vulnerabilities in software using software titles or a CPE 2.3 string

Php 8.1.0 Dev Backdoor Rce ⭐ 7

PHP 8.1.0-dev Backdoor System Shell Script

Tendaspill ⭐ 6

An exploitation tool to extract passwords using CVE-2015-5995.

Packet Flooder ⭐ 6

A packet flooding/generating program I made that supports TCP, UDP, and ICMP packets. Includes functionality to change characteristics per packet and is also multithreaded.

Magentoscanner ⭐ 6

Magento Security Scanner

dirforce is a tool for directory discovery

Unisecbarber ⭐ 5

This tool receives a security tool command with its parameters as input, runs the tool in a new process and parses the result returning a normalized json as response.

Jok3r - Network and Web Pentest Framework

Related Searches

Security Vulnerabilities (12,295)

Laravel Security (11,580)

Php Security (10,611)

Python Security (3,510)

Html Security (2,284)

Golang Security (1,316)

Shell Security (1,213)

Security Penetration Testing (920)

C Security (886)

Amazon Web Services Security (874)

1-77 of 77 search results

Privacy | About | Terms | Follow Us On Twitter

Copyright 2018-2024 Awesome Open Source. All rights reserved.