Top 371 penetration-testing open source projects

A security tool for multithreaded information gathering and service enumeration whilst building directory structures to store results, along with writing out recommendations for further testing.

A place where I can create, collect and share tooling, resources and knowledge about information security.

Automated NoSQL database enumeration and web application exploitation tool.

XSSMap 是一款基于 Python3 开发用于检测 XSS 漏洞的工具

A curated list of VULNERABLE APPS and SYSTEMS which can be used as PENETRATION TESTING PRACTICE LAB.

A wrapper for Nmap to quickly run network scans

Don't let buffer overflows overflow your mind

Wireshark Cheat Sheet

Study Notes For Web Hacking / Web安全学习笔记

A list of commands, scripts, resources, and more that I have gathered and attempted to consolidate for use as OSCP (and more) study material. Commands in 'Usefulcommands' Keepnote. Bookmarks and reading material in 'BookmarkList' CherryTree. Reconscan Py2 and Py3. Custom ISO building.

A tool to test security of json web token

Python Interactive Deepweb-oriented Rapid Intelligent Link Analyzer

A collection of hacking / penetration testing resources to make you better!

Penetration test Achieve Knowledge Unite Rapid Interface

Pentesting suite for Maltego based on data in a Metasploit database

GUI based offensive penetration testing tool (Open Source)

M3m0 Tool ⚔️ Website Vulnerability Scanner & Auto Exploiter

A Tools Session Hijacking And Stealer Local Passcode Telegram Windows

Powerful Visual Subdomain Enumeration at the Click of a Mouse

A collection of personal scripts used in hacking excercises.

🏴‍☠️ Information Gathering tool 🏴‍☠️ DNS / Subdomains / Ports / Directories enumeration

Awesome hacking is an awesome collection of hacking tools.

wooyun public information backup

🔄 A collection of mitmproxy inline scripts

A collection of various awesome lists for hackers, pentesters and security researchers

unix SSH post-exploitation 1337 tool

Content for hackingthe.cloud

my oscp prep collection

A cheat sheet that contains common enumeration and attack methods for Windows Active Directory.

Common password pattern generator using strings list

A phased, evasive Path Traversal + LFI scanning & exploitation tool in Python

A collection of public offensive and defensive security related scripts for InfoSec students.

Keye is a reconnaissance tool that was written in Python with SQLite3 integrated. After adding a single URL, or a list of URLs, it will make a request to these URLs and try to detect changes based on their response's body length.

A collection of Ansible roles for automating infosec builds.

VOIP Security Audit Framework

SSH man-in-the-middle tool

A fast web directory/file enumeration tool written in Rust

A collection of manifests that will create pods with elevated privileges.

Penetration tests guide based on OWASP including test cases, resources and examples.

Command line tool to fetch, decode, brute-force and craft session cookies of a Flask application by guessing secret keys.

This repository is primarily maintained by Omar Santos and includes thousands of resources related to ethical hacking / penetration testing, digital forensics and incident response (DFIR), vulnerability research, exploit development, reverse engineering, and more.

GitBook: OSCP RoadMap

Let's you perform domain/IP information gathering... in BASH! Wasn't it esr who said "With enough eyeballs, all your IP info are belong to us?"

Collection of Pentest Notes and Cheatsheets from a lot of repos (SofianeHamlaoui,dostoevsky,mantvydasb,adon90,BriskSec)

This tool allows to check speculative execution side-channel attacks that affect many modern processors and operating systems designs. CVE-2017-5754 (Meltdown) and CVE-2017-5715 (Spectre) allows unprivileged processes to steal secrets from privileged processes. These attacks present 3 different ways of attacking data protection measures on CPUs enabling attackers to read data they shouldn't be able to. This tool is originally based on Microsoft: https://support.microsoft.com/en-us/help/4073119/protect-against-speculative-execution-side-channel-vulnerabilities-in

The Collective. A repo for a collection of red-team projects found mostly on Github.

Gives you one-liners that aids in penetration testing operations, privilege escalation and more

🔪 Leak git repositories from misconfigured websites

Browser Exploitation Framework is a Open-source penetration testing tool that focuses on browser-based vulnerabilities .This Python Script does the changes Required to make hooked Linked Accessible Over WAN .So anyone can use this framework and Attack Over WAN without Port Forwarding [NGROK or any Localhost to Webhost Service Required ]

SQL injection script for MSSQL that extracts domain users from an Active Directory environment based on RID bruteforcing

An advanced graphical search engine for Exploit-DB

Detect hidden files and text in images

The Robot Security Framework (RSF), Robot Security Framework (RSF), a standardized methodology to perform security assessments in robotics.

Infection vector that bypasses AV, IDS, and IPS. (For now...)

Work in progress...

A list to discover work of red team tooling and methodology for penetration testing and security assessment

A small Php application to fetch archive url snapshots from archive.org. using it you can fetch complete list of snapshot urls of any year or complete list of all years possible. Made Specially for penetration testing purpose.

Automated Cyber Offense

Forward shell generation framework

A Storehouse of resources related to Bug Bounty Hunting collected from different sources. Latest guides, tools, methodology, platforms tips, and tricks curated by us.