Awesome Open Source
Search
Programming Languages
Languages
All Categories
Categories
About
Search results for security tools pentest tool
pentest-tool
x
security-tools
x
83 search results found
Sn1per
⭐
7,480
Attack Surface Management Platform
Monkey
⭐
6,414
Infection Monkey - An open-source adversary emulation platform
Reconftw
⭐
5,204
reconFTW is a tool designed to perform automated recon on a target domain by running the best set of tools to perform scanning and finding out vulnerabilities
Osmedeus
⭐
5,076
A Workflow Engine for Offensive Security
Scan4all
⭐
4,909
Official repository vuls Scan: 15000+PoCs; 23 kinds of application password crack; 7000+Web fingerprints; 146 protocols and 90000+ rules Port scanning; Fuzz, HW, awesome BugBounty( ͡° ͜ʖ ͡°)...
1earn
⭐
4,841
ffffffff0x 团队维护的安全知识框架,内容包括不仅限于 web安全、工控安全、取证、应急、蓝队设施部署、后渗透、Linux安全、各类靶机writup
Arl
⭐
4,502
ARL(Asset Reconnaissance Lighthouse)资产侦察灯塔系统旨在快速侦察与目标关联的互联网资产,构建基础资产信息库。 协助甲方安全团队或者渗透测试人员有效侦察和检索资产,发现存在的薄弱点和攻击面。
Redteam Tools
⭐
4,019
Tools and Techniques for Red Team / Penetration Testing
Vulmap
⭐
2,935
Vulmap 是一款 web 漏洞扫描和验证工具, 可对 webapps 进行漏洞扫描, 并且具备漏洞验证功能
Stowaway
⭐
2,195
👻Stowaway -- Multi-hop Proxy Tool for pentesters
Dismap
⭐
1,840
Asset discovery and identification tools 快速识别 Web 指纹信息,定位资产类型。辅助红队快速定位目标资产信息,辅助蓝队发现疑似脆弱点
Netexec
⭐
1,596
The Network Execution Tool
Cloakify
⭐
1,483
CloakifyFactory - Data Exfiltration & Infiltration In Plain Sight; Convert any filetype into list of everyday strings, using Text-Based Steganography; Evade DLP/MLS Devices, Defeat Data Whitelisting Controls, Social Engineering of Analysts, Evade AV Detection
Dronesploit
⭐
1,306
Drone pentesting framework console
Satansword
⭐
1,048
红队综合渗透框架
Perun
⭐
1,037
Perun是一款主要适用于乙方安服、渗透测试人员和甲方RedTeam红队人员的网络资产漏洞扫描器/扫
Inventory
⭐
1,019
Asset inventory of over 800 public bug bounty programs.
Evillimiter
⭐
928
Tool that monitors, analyzes and limits the bandwidth of devices on the local network without administrative access.
Habu
⭐
853
Hacking Toolkit
Cloudpeler
⭐
841
CrimeFlare is a useful tool for bypassing websites protected by CloudFlare WAF, with this tool you can easily see the real IP of websites that have been protected by CloudFlare. The resulting information is certainly very useful for conducting further penetration testing, and analyzing websites with the same server.
Hosthunter
⭐
826
HostHunter a recon tool for discovering hostnames using OSINT techniques.
Pompem
⭐
794
Find exploit tool
Dumpsterfire
⭐
709
"Security Incidents In A Box!" A modular, menu-driven, cross-platform tool for building customized, time-delayed, distributed security events. Easily create custom event chains for Blue- & Red Team drills and sensor / alert mapping. Red Teams can create decoy incidents, distractions, and lures to support and scale their operations. Build event sequences ("narratives") to simulate realistic scenarios and generate corresponding network and filesystem artifacts.
Blackmamba
⭐
688
C2/post-exploitation framework
Packetwhisper
⭐
607
PacketWhisper: Stealthily exfiltrate data and defeat attribution using DNS queries and text-based steganography. Avoid the problems associated with typical DNS exfiltration methods. Transfer data between systems without the communicating devices directly connecting to each other or to a common endpoint. No need to control a DNS Name Server.
Impost3r
⭐
556
👻Impost3r -- A linux password thief
Haiti
⭐
532
🔑 Hash type identifier (CLI & lib)
Envizon
⭐
519
network visualization & pentest reporting
Crlfsuite
⭐
499
The most powerful CRLF injection (HTTP Response Splitting) scanner.
Yasuo
⭐
491
A ruby script that scans for vulnerable & exploitable 3rd-party web applications on a network
Gadgetprobe
⭐
420
Probe endpoints consuming Java serialized objects to identify classes, libraries, and library versions on remote Java classpaths.
Dotdotslash
⭐
366
Search for Directory Traversal Vulnerabilities
Sippts
⭐
347
Set of tools to audit SIP based VoIP Systems
Koko Moni
⭐
338
一个网络空间搜索引擎监控平台,可定时进行资产信息爬取,及时发现新增资产,本项目聚合了 Fofa、Hunter、Quake、Zoomeye 和 Threatbook 的数据源,并对获取到的数据进行去重与清洗
Susanoo
⭐
321
A REST API security testing framework.
Sbscan
⭐
316
SBSCAN是一款专注于spring框架的渗透测试工具,可以对指定站点进行springboot未授权 [SBSCAN is a penetration testing tool focused on the spring framework that can scan springboot sensitive information/unauthorized for specified sites and scan and validate spring related vulnerabilities]
Watchdog
⭐
309
Watchdog - A Comprehensive Security Scanning and a Vulnerability Management Tool.
Eyejo
⭐
294
EyeJo是一款自动化资产风险评估平台,可以协助甲方安全人员或乙方安全人员对授权的资产中进行排查,快
Vaf
⭐
241
Vaf is a cross-platform very advanced and fast web fuzzer written in nim
Afuzz
⭐
204
Afuzz is an automated web path fuzzing tool for the Bug Bounty projects.
Arl Plus Docker
⭐
196
基于斗象灯塔ARL修改后的版本。相比原版,增加了OneForAll、中央数据库,修改了altDns
Zigdiggity
⭐
194
A ZigBee hacking toolkit by Bishop Fox
Lucifer
⭐
177
A Powerful Penetration Tool For Automating Penetration Tasks Such As Local Privilege Escalation, Enumeration, Exfiltration and More... Use Or Build Automation Modules To Speed Up Your Cyber Security Life
Icp Domains
⭐
163
输入一个域名,输出ICP备案所有关联域名
Crithit
⭐
152
Takes a single wordlist item and tests it one by one over a large collection of websites before moving onto the next. Create signatures to cross-check vulnerabilities over multiple hosts.
Favirecon
⭐
149
Use favicon.ico to improve your target recon phase. Quickly detect technologies, WAF, exposed panels, known services.
Vmass
⭐
148
vMass Bot 🪝 Vulnerability Scanner & Auto Exploiter Tool Written in Perl.
Nix Security Box
⭐
147
Tool set for Information security professionals and all others
Airmaster
⭐
131
Use ExpiredDomains.net and BlueCoat to find useful domains for red team.
Jwtxploiter
⭐
130
A tool to test security of json web token
Webstor
⭐
119
A script to quickly enumerate all websites across all of your organization's networks, store their responses, and query for known web technologies, such as those with zero-day vulnerabilities.
Burp Suite Pro
⭐
109
A bash and powershell script to download the latest version of Burp-Suite Professional and use it for free.
Peekaboo
⭐
108
PeekABoo tool can be used during internal penetration testing when a user needs to enable Remote Desktop on the targeted machine. It uses PowerShell remoting to perform this task. Note: Remote desktop is disabled by default on all Windows operating systems.
Catnip
⭐
102
Cat-Nip Automated Basic Pentest Tool - Designed For Kali Linux
Pentol
⭐
61
PENTOL - Pentester Toolkit for Fiddler2
Venera
⭐
55
A modular exploitation framework extensible with Lua
Autoredtools
⭐
54
AutoRedTools是一款轻量级一站式自动下载/自动更新常用开源软件的工具,主要帮助安全从业者/ 装的时间,从而提升生产效率或工作效率。
Phaser
⭐
53
Automated attack surface mapper and vulnerability scanner (Work In Progress 🚧)
Xsmtp
⭐
46
xSMTP 🦟 Lightning fast, multithreaded smtp scanner targeting open-relay and unsecured servers in multiple network ranges.
Httpuploadexfil
⭐
42
A simple HTTP server for delivering and exfiltrating files/data during, for example, CTFs.
Ipwarden
⭐
42
IPWarden(守望者)是一个IP资产风险巡查工具。持续发现系统、Web两个维度的资产和安全风险。
Brokensmtp
⭐
41
Small python script to look for common vulnerabilities on SMTP server.
Rbust
⭐
39
[ Blazing Fast Web Fuzzer in Rust ]
Obsidiansailboat
⭐
35
Nmap and NSE command line wrapper in the style of Metasploit
Cswsh
⭐
34
A command-line tool for Cross-Site WebSocket Hijacking
Wifibang
⭐
29
wifi attacks suite
Packet Sequence
⭐
24
A pen-test/DoS tool that can be used to send single or multiple packets in sequences with a lot of packet customization.
Dnsmap
⭐
24
Scan for subdomains using bruteforcing techniques
Substack
⭐
22
Sub-domains enumeration framework
Spraycannon
⭐
22
Fast multithreaded multiplatform password spraying tool designed for easy use. Supports webhooks, jitter, delay, files, rotation, backend database
Ooze
⭐
21
Ooze is a tool to use at pentest with Social engineering. - beta
Arsenal
⭐
20
Tools for bug hunting in a container
Unauthorized_com
⭐
19
未授权检测的命令行版,支持批量检测
Smart Url Fuzzer
⭐
18
Explore URLs of domains fast and efficiently using fuzzing techniques
Revshfuzz
⭐
18
A tool for fuzzing for ports that allow outgoing connections
Zaproxy Automation
⭐
17
This is a collection of ZAProxy Automation Tools and scripts to automate security tests of WEB Applications and WEB Sites
Mailripv3
⭐
16
SMTP and IMAP checker / cracker for mailpass combolists with a user-friendly GUI, automated inbox test and many more features.
Behold3r
⭐
15
收集指定网站的子域名,并可监控指定网站的子域名更新情况,发送变更报告至指定邮箱
Hackenv
⭐
15
Manage and access your Kali Linux or Parrot Security VM from the terminal (SSH support + file sharing, especially convenient during CTFs, Hack The Box, etc.) 🚀🔧
Badmoodle
⭐
15
Moodle community-based vulnerability scanner
Automatedhunter
⭐
14
Google Chrome Extension automates testing fundamental Web Problems via Chrome
Aws Loot
⭐
11
Pull secrets from an AWS environment
Ddos2
⭐
10
Denial of service testing toolkit written in C
Kaliladon
⭐
10
Ladon for Linux (Kali), Large Network Penetration Scanner, vulnerability / exploit / detection / MS17010 / password
Search_vulns
⭐
8
Search for known vulnerabilities in software using software titles or a CPE 2.3 string
Hive Burp Extension
⭐
8
About Hive Burp Suite Extension
Bruttrack
⭐
6
A list of useful payloads and bypasses for Web Application Security. Feel free to improve with your payloads and techniques ! I ❤️ pull requests :)
Unisecbarber
⭐
5
This tool receives a security tool command with its parameters as input, runs the tool in a new process and parses the result returning a normalized json as response.
Jok3r
⭐
5
Jok3r - Network and Web Pentest Framework
Webpwn
⭐
5
Cracking the Lenses of Perimeter Penetrationtests
Dirforce
⭐
5
dirforce is a tool for directory discovery
Related Searches
Python Security Tools (592)
Penetration Testing Pentest Tool (327)
Penetration Testing Security Tools (319)
1-83 of 83 search results
Privacy
|
About
|
Terms
|
Follow Us On Twitter
Copyright 2018-2024 Awesome Open Source. All rights reserved.