Top 371 penetration-testing open source projects

Learning Penetration Testing of Android Applications

Penetration Testing Platform

Post-Exploitation Framework

Password wordlist generator using song lyrics for targeted bruteforce audits / attacks. Useful for penetration testing or security research.

Python Books for Security

Simple Karma Attack

Burp Suite extension to passively scan for applications revealing server error messages

The Mobile Application Security Verification Standard (MASVS) is a standard for mobile app security.

Security Tool to Look For Interesting Files in S3 Buckets

ezXSS is an easy way for penetration testers and bug bounty hunters to test (blind) Cross Site Scripting.

A portable console aimed at making pentesting with PowerShell a little easier.

Discover Your Attack Surface!

👀 🖥️ Golang rewrite of eyes.sh. Let's you perform domain/IP address information gathering. Wasn't it esr who said "With enough eyeballs, all your IP info are belong to us?" 🔍 🕵️

Automated Penetration Testing Framework

Passhunt is a simple tool for searching of default credentials for network devices, web applications and more. Search through 523 vendors and their 2084 default passwords.

Burp extension to passively scan for applications revealing software version numbers

An HTTP/HTTPS intercept proxy written in Go.

A Virtual Machine For Assessing Android applications, Reverse Engineering and Malware Analysis

👶 BabySploit Beginner Pentesting Toolkit/Framework Written in Python 🐍

A cheat sheet that contains common enumeration and attack methods for Windows Active Directory.

Tools for Hacking

Random IPv6 - circumvents restrictive IP address-based filter and blocking rules

🔗 All the resources I could find for learning Ethical Hacking and Penetration Testing.

Collection of tips, tools and tutorials around infosec

A default credential scanner.

pwncat - netcat on steroids with Firewall, IDS/IPS evasion, bind and reverse shell, self-injecting shell and port forwarding magic - and its fully scriptable with Python (PSE)

A Python-powered exploitation framework and botnet.

Scripts I use during pentest engagements.

A curated list of awesome OSCP resources

📌 Your beginner pen-testing start guide. A guide for amateur pen testers and a collection of hacking tools, resources and references to practice ethical hacking and web security.

Directory Services Internals (DSInternals) PowerShell Module and Framework

🆕 The Multi-Tool Web Vulnerability Scanner.

Tool that monitors, analyzes and limits the bandwidth of devices on the local network without administrative access.

A virtual host scanner that performs reverse lookups, can be used with pivot tools, detect catch-all scenarios, work around wildcards, aliases and dynamic default pages.

Easily turn single threaded command line applications into a fast, multi-threaded application with CIDR and glob support.

Course content, lab setup instructions and documentation of our very popular Breaking and Pwning Apps and Servers on AWS and Azure hands on training!

🐶 A curated list of Web Security materials and resources.

Self contained htaccess shells and attacks

Sublert is a security and reconnaissance tool which leverages certificate transparency to automatically monitor new subdomains deployed by specific organizations and issued TLS/SSL certificate.

🔐 Lockdoor Framework : A Penetration Testing framework with Cyber Security Resources

Payload for teensy like a rubber ducky but the syntax is different. this Human interfaes device ( HID attacks ). Penetration With Teensy . Brutal is a toolkit to quickly create various payload,powershell attack , virus attack and launch listener for a Human Interface Device ( Payload Teensy )

Gorsair hacks its way into remote docker containers that expose their APIs

Web path scanner

IPv6 attack toolkit

A cross-platform note-taking & target-tracking app for penetration testers.

Ruby on Rails Phishing Framework

Python based backdoor that uses Gmail to exfiltrate data through attachment. This RAT will help during red team engagements to backdoor any Windows machines. It tracks the user activity using screen capture and sends it to an attacker as an e-mail attachment.

Jackhammer - One Security vulnerability assessment/management tool to solve all the security team problems.

Hacking Toolkit

USB Rubber Ducky type scripts written for the DigiSpark.

A collection of more than 140+ tools, scripts, cheatsheets and other loots that I have developed over years for Red Teaming/Pentesting/IT Security audits purposes. Most of them came handy on at least one of my real-world engagements.

DotDotPwn - The Directory Traversal Fuzzer

A web front-end for password cracking and analytics

Infection Monkey - An automated pentest tool

Modern tactical exploitation toolkit.

Damn Vulnerable GraphQL Application is an intentionally vulnerable implementation of Facebook's GraphQL technology, to learn and practice GraphQL Security.

Passphrase wordlist and hashcat rules for offline cracking of long, complex passwords

Nishang - Offensive PowerShell for red team, penetration testing and offensive security.

Hack the World using Termux

A list of useful payloads and bypass for Web Application Security and Pentest/CTF