All Categories → Security → pentest-tool

Top 176 pentest-tool open source projects

Txtool
an easy pentesting tool.
Samuraiwtf
The main SamuraiWTF collaborative distro repo.
Anevicon
🔥 A high-performant UDP load generator, written in Rust
F8x
红/蓝队环境自动化部署工具
Crosslinked
LinkedIn enumeration tool to extract valid employee names from an organization through search engine scraping
Darkspiritz
🌔 Official Repository for DarkSpiritz Penetration Framework | Written in Python 🐍
Tigershark
Bilingual PhishingKit. TigerShark intergrates a vast array of various phishing tools and frameworks, from C2 servers, backdoors and delivery methods in multiple scripting languages in order to suit whatever your deployment needs may be.
Socialfishmobile
📱 🐟 An app to remote control SocialFish.
Foolav
Pentest tool for antivirus evasion and running arbitrary payload on target Wintel host
Content Bruteforcing Wordlist
Wordlist for content(directory) bruteforce discovering with Burp or dirsearch
Killchain
A unified console to perform the "kill chain" stages of attacks.
Pymeta
Pymeta will search the web for files on a domain to download and extract metadata. This technique can be used to identify: domains, usernames, software/version numbers and naming conventions.
Zigdiggity
A ZigBee hacking toolkit by Bishop Fox
Attiny85
RubberDucky like payloads for DigiSpark Attiny85
Finshir
💫 An asynchronous Low & Slow traffic generator, written in Rust
Enumdb
Relational database brute force and post exploitation tool for MySQL and MSSQL
Darkside
Tool Information Gathering & social engineering Write By [Python,JS,PHP]
Git Scanner
A tool for bug hunting or pentesting for targeting websites that have open .git repositories available in public
Airmaster
Use ExpiredDomains.net and BlueCoat to find useful domains for red team.
Dirmap
An advanced web directory & file scanning tool that will be more powerful than DirBuster, Dirsearch, cansina, and Yu Jian.一个高级web目录、文件扫描工具,功能将会强于DirBuster、Dirsearch、cansina、御剑。
Burpsuite Xkeys
A Burp Suite Extension to extract interesting strings (key, secret, token, or etc.) from a webpage.
Gitmails
An information gathering tool to collect git commit emails in version control host services
Trigmap
A wrapper for Nmap to quickly run network scans
Pakuri
Penetration test Achieve Knowledge Unite Rapid Interface
Struts2 check
一个用于识别目标网站是否采用Struts2框架开发的工具demo
Msploitego
Pentesting suite for Maltego based on data in a Metasploit database
Ssrf Testing
SSRF (Server Side Request Forgery) testing resources
Ratel
RAT-el is an open source penetration test tool that allows you to take control of a windows machine. It works on the client-server model, the server sends commands and the client executes the commands and sends the result back to the server. The client is completely undetectable by anti-virus software.
Espkey
Wiegand data logger, replay device and micro door-controller
Catnip
Cat-Nip Automated Basic Pentest Tool - Designed For Kali Linux
Dnsub
dnsub一款好用的子域名扫描工具
Arl
ARL(Asset Reconnaissance Lighthouse)资产侦察灯塔系统旨在快速侦察与目标关联的互联网资产,构建基础资产信息库。 协助甲方安全团队或者渗透测试人员有效侦察和检索资产,发现存在的薄弱点和攻击面。
Win Portfwd
Powershell script to setup windows port forwarding using native netsh client
Erodir
A fast web directory/file enumeration tool written in Rust
Foolavc
foolav successor - loads DLL, executable or shellcode into memory and runs it effectively bypassing AV
Winpwn
Automation for internal Windows Penetrationtest / AD-Security
Eyes.sh
Let's you perform domain/IP information gathering... in BASH! Wasn't it esr who said "With enough eyeballs, all your IP info are belong to us?"
In Spectre Meltdown
This tool allows to check speculative execution side-channel attacks that affect many modern processors and operating systems designs. CVE-2017-5754 (Meltdown) and CVE-2017-5715 (Spectre) allows unprivileged processes to steal secrets from privileged processes. These attacks present 3 different ways of attacking data protection measures on CPUs enabling attackers to read data they shouldn't be able to. This tool is originally based on Microsoft: https://support.microsoft.com/en-us/help/4073119/protect-against-speculative-execution-side-channel-vulnerabilities-in
One Lin3r
Gives you one-liners that aids in penetration testing operations, privilege escalation and more
Venom
Venom - A Multi-hop Proxy for Penetration Testers
Ldap search
Python3 script to perform LDAP queries and enumerate users, groups, and computers from Windows Domains. Ldap_Search can also perform brute force/password spraying to identify valid accounts via LDAP.
Cloudflair
🔎 Find origin servers of websites behind CloudFlare by using Internet-wide scan data from Censys.
Xshock
XSHOCK Shellshock Exploit
Cloakify
CloakifyFactory - Data Exfiltration & Infiltration In Plain Sight; Convert any filetype into list of everyday strings, using Text-Based Steganography; Evade DLP/MLS Devices, Defeat Data Whitelisting Controls, Social Engineering of Analysts, Evade AV Detection
1-60 of 176 pentest-tool projects