Awesome Open Source

Programming Languages

Search results for security tools pentest tool

security-tools x

83 search results found

Sn1per ⭐ 7,480

Attack Surface Management Platform

Monkey ⭐ 6,414

Infection Monkey - An open-source adversary emulation platform

Reconftw ⭐ 5,204

reconFTW is a tool designed to perform automated recon on a target domain by running the best set of tools to perform scanning and finding out vulnerabilities

Osmedeus ⭐ 5,076

A Workflow Engine for Offensive Security

Scan4all ⭐ 4,909

Official repository vuls Scan: 15000+PoCs; 23 kinds of application password crack; 7000+Web fingerprints; 146 protocols and 90000+ rules Port scanning; Fuzz, HW, awesome BugBounty( ͡° ͜ʖ ͡°)...

1earn ⭐ 4,841

ffffffff0x 团队维护的安全知识框架,内容包括不仅限于 web安全、工控安全、取证、应急、蓝队设施部署、后渗透、Linux安全、各类靶机writup

ARL(Asset Reconnaissance Lighthouse)资产侦察灯塔系统旨在快速侦察与目标关联的互联网资产，构建基础资产信息库。协助甲方安全团队或者渗透测试人员有效侦察和检索资产，发现存在的薄弱点和攻击面。

Redteam Tools ⭐ 4,019

Tools and Techniques for Red Team / Penetration Testing

Vulmap ⭐ 2,935

Vulmap 是一款 web 漏洞扫描和验证工具, 可对 webapps 进行漏洞扫描, 并且具备漏洞验证功能

Stowaway ⭐ 2,195

👻Stowaway -- Multi-hop Proxy Tool for pentesters

Dismap ⭐ 1,840

Asset discovery and identification tools 快速识别 Web 指纹信息，定位资产类型。辅助红队快速定位目标资产信息，辅助蓝队发现疑似脆弱点

Netexec ⭐ 1,596

The Network Execution Tool

Cloakify ⭐ 1,483

CloakifyFactory - Data Exfiltration & Infiltration In Plain Sight; Convert any filetype into list of everyday strings, using Text-Based Steganography; Evade DLP/MLS Devices, Defeat Data Whitelisting Controls, Social Engineering of Analysts, Evade AV Detection

Dronesploit ⭐ 1,306

Drone pentesting framework console

Satansword ⭐ 1,048

红队综合渗透框架

Perun ⭐ 1,037

Perun是一款主要适用于乙方安服、渗透测试人员和甲方RedTeam红队人员的网络资产漏洞扫描器/扫

Inventory ⭐ 1,019

Asset inventory of over 800 public bug bounty programs.

Evillimiter ⭐ 928

Tool that monitors, analyzes and limits the bandwidth of devices on the local network without administrative access.

Hacking Toolkit

Cloudpeler ⭐ 841

CrimeFlare is a useful tool for bypassing websites protected by CloudFlare WAF, with this tool you can easily see the real IP of websites that have been protected by CloudFlare. The resulting information is certainly very useful for conducting further penetration testing, and analyzing websites with the same server.

Hosthunter ⭐ 826

HostHunter a recon tool for discovering hostnames using OSINT techniques.

Find exploit tool

Dumpsterfire ⭐ 709

"Security Incidents In A Box!" A modular, menu-driven, cross-platform tool for building customized, time-delayed, distributed security events. Easily create custom event chains for Blue- & Red Team drills and sensor / alert mapping. Red Teams can create decoy incidents, distractions, and lures to support and scale their operations. Build event sequences ("narratives") to simulate realistic scenarios and generate corresponding network and filesystem artifacts.

Blackmamba ⭐ 688

C2/post-exploitation framework

Packetwhisper ⭐ 607

PacketWhisper: Stealthily exfiltrate data and defeat attribution using DNS queries and text-based steganography. Avoid the problems associated with typical DNS exfiltration methods. Transfer data between systems without the communicating devices directly connecting to each other or to a common endpoint. No need to control a DNS Name Server.

Impost3r ⭐ 556

👻Impost3r -- A linux password thief

🔑 Hash type identifier (CLI & lib)

Envizon ⭐ 519

network visualization & pentest reporting

Crlfsuite ⭐ 499

The most powerful CRLF injection (HTTP Response Splitting) scanner.

A ruby script that scans for vulnerable & exploitable 3rd-party web applications on a network

Gadgetprobe ⭐ 420

Probe endpoints consuming Java serialized objects to identify classes, libraries, and library versions on remote Java classpaths.

Dotdotslash ⭐ 366

Search for Directory Traversal Vulnerabilities

Set of tools to audit SIP based VoIP Systems

Koko Moni ⭐ 338

一个网络空间搜索引擎监控平台，可定时进行资产信息爬取，及时发现新增资产，本项目聚合了 Fofa、Hunter、Quake、Zoomeye 和 Threatbook 的数据源，并对获取到的数据进行去重与清洗

Susanoo ⭐ 321

A REST API security testing framework.

SBSCAN是一款专注于spring框架的渗透测试工具，可以对指定站点进行springboot未授权 [SBSCAN is a penetration testing tool focused on the spring framework that can scan springboot sensitive information/unauthorized for specified sites and scan and validate spring related vulnerabilities]

Watchdog ⭐ 309

Watchdog - A Comprehensive Security Scanning and a Vulnerability Management Tool.

EyeJo是一款自动化资产风险评估平台，可以协助甲方安全人员或乙方安全人员对授权的资产中进行排查，快

Vaf is a cross-platform very advanced and fast web fuzzer written in nim

Afuzz is an automated web path fuzzing tool for the Bug Bounty projects.

Arl Plus Docker ⭐ 196

基于斗象灯塔ARL修改后的版本。相比原版，增加了OneForAll、中央数据库，修改了altDns

Zigdiggity ⭐ 194

A ZigBee hacking toolkit by Bishop Fox

Lucifer ⭐ 177

A Powerful Penetration Tool For Automating Penetration Tasks Such As Local Privilege Escalation, Enumeration, Exfiltration and More... Use Or Build Automation Modules To Speed Up Your Cyber Security Life

Icp Domains ⭐ 163

输入一个域名，输出ICP备案所有关联域名

Crithit ⭐ 152

Takes a single wordlist item and tests it one by one over a large collection of websites before moving onto the next. Create signatures to cross-check vulnerabilities over multiple hosts.

Favirecon ⭐ 149

Use favicon.ico to improve your target recon phase. Quickly detect technologies, WAF, exposed panels, known services.

vMass Bot 🪝 Vulnerability Scanner & Auto Exploiter Tool Written in Perl.

Nix Security Box ⭐ 147

Tool set for Information security professionals and all others

Airmaster ⭐ 131

Use ExpiredDomains.net and BlueCoat to find useful domains for red team.

Jwtxploiter ⭐ 130

A tool to test security of json web token

Webstor ⭐ 119

A script to quickly enumerate all websites across all of your organization's networks, store their responses, and query for known web technologies, such as those with zero-day vulnerabilities.

Burp Suite Pro ⭐ 109

A bash and powershell script to download the latest version of Burp-Suite Professional and use it for free.

Peekaboo ⭐ 108

PeekABoo tool can be used during internal penetration testing when a user needs to enable Remote Desktop on the targeted machine. It uses PowerShell remoting to perform this task. Note: Remote desktop is disabled by default on all Windows operating systems.

Cat-Nip Automated Basic Pentest Tool - Designed For Kali Linux

PENTOL - Pentester Toolkit for Fiddler2

A modular exploitation framework extensible with Lua

Autoredtools ⭐ 54

AutoRedTools是一款轻量级一站式自动下载/自动更新常用开源软件的工具，主要帮助安全从业者/ 装的时间，从而提升生产效率或工作效率。

Automated attack surface mapper and vulnerability scanner (Work In Progress 🚧)

xSMTP 🦟 Lightning fast, multithreaded smtp scanner targeting open-relay and unsecured servers in multiple network ranges.

Httpuploadexfil ⭐ 42

A simple HTTP server for delivering and exfiltrating files/data during, for example, CTFs.

Ipwarden ⭐ 42

IPWarden（守望者）是一个IP资产风险巡查工具。持续发现系统、Web两个维度的资产和安全风险。

Brokensmtp ⭐ 41

Small python script to look for common vulnerabilities on SMTP server.

[ Blazing Fast Web Fuzzer in Rust ]

Obsidiansailboat ⭐ 35

Nmap and NSE command line wrapper in the style of Metasploit

A command-line tool for Cross-Site WebSocket Hijacking

Wifibang ⭐ 29

wifi attacks suite

Packet Sequence ⭐ 24

A pen-test/DoS tool that can be used to send single or multiple packets in sequences with a lot of packet customization.

Scan for subdomains using bruteforcing techniques

Substack ⭐ 22

Sub-domains enumeration framework

Spraycannon ⭐ 22

Fast multithreaded multiplatform password spraying tool designed for easy use. Supports webhooks, jitter, delay, files, rotation, backend database

Ooze is a tool to use at pentest with Social engineering. - beta

Tools for bug hunting in a container

Unauthorized_com ⭐ 19

未授权检测的命令行版，支持批量检测

Smart Url Fuzzer ⭐ 18

Explore URLs of domains fast and efficiently using fuzzing techniques

Revshfuzz ⭐ 18

A tool for fuzzing for ports that allow outgoing connections

Zaproxy Automation ⭐ 17

This is a collection of ZAProxy Automation Tools and scripts to automate security tests of WEB Applications and WEB Sites

Mailripv3 ⭐ 16

SMTP and IMAP checker / cracker for mailpass combolists with a user-friendly GUI, automated inbox test and many more features.

Behold3r ⭐ 15

收集指定网站的子域名，并可监控指定网站的子域名更新情况，发送变更报告至指定邮箱

Manage and access your Kali Linux or Parrot Security VM from the terminal (SSH support + file sharing, especially convenient during CTFs, Hack The Box, etc.) 🚀🔧

Badmoodle ⭐ 15

Moodle community-based vulnerability scanner

Automatedhunter ⭐ 14

Google Chrome Extension automates testing fundamental Web Problems via Chrome

Aws Loot ⭐ 11

Pull secrets from an AWS environment

Denial of service testing toolkit written in C

Kaliladon ⭐ 10

Ladon for Linux (Kali), Large Network Penetration Scanner, vulnerability / exploit / detection / MS17010 / password

Search_vulns ⭐ 8

Search for known vulnerabilities in software using software titles or a CPE 2.3 string

Hive Burp Extension ⭐ 8

About Hive Burp Suite Extension

Bruttrack ⭐ 6

A list of useful payloads and bypasses for Web Application Security. Feel free to improve with your payloads and techniques ! I ❤️ pull requests :)

Unisecbarber ⭐ 5

This tool receives a security tool command with its parameters as input, runs the tool in a new process and parses the result returning a normalized json as response.

Jok3r - Network and Web Pentest Framework

Cracking the Lenses of Perimeter Penetrationtests

dirforce is a tool for directory discovery

Related Searches

Python Security Tools (592)

Penetration Testing Pentest Tool (327)

Penetration Testing Security Tools (319)

1-83 of 83 search results

Privacy | About | Terms | Follow Us On Twitter

Copyright 2018-2024 Awesome Open Source. All rights reserved.