Top 176 pentest-tool open source projects

Fully automated offensive security framework for reconnaissance and vulnerability scanning

[ Admin panel finder / Admin Login Page Finder ] ¢σ∂є∂ ву 👻 (❤-❤) 👻

Decrypt passwords/cookies/history/bookmarks from the browser. 一款可全平台运行的浏览器数据导出解密工具。

Exploit for the RpcEptMapper registry key permissions vulnerability (Windows 7 / 2088R2 / 8 / 2012)

Awesome cloud enumerator

Subdomain enumeration through various techniques

A tool for logging data/testing devices with a Wiegand Interface. Can be used to create a portable RFID reader or installed directly into an existing installation. Provides access to a web based interface using WiFi in AP or Client mode. Will work with nearly all devices that contain a standard 5V Wiegand interface. Primary target group is 26-37bit HID Cards. Similar to the Tastic RFID Thief, Blekey, and ESPKey.

Overlord - Red Teaming Infrastructure Automation

Web path scanner

😹 Tomcter is a python tool developed to bruteforce Apache Tomcat manager login with Apache Tomcat default credentials.

Create a VPS on Google Cloud Platform or Digital Ocean easily with Offensive Docker included to launch assessment to the targets.

Burp Extension for testing authorization issues. Automated request repeating and parameter value extraction on the fly.

Web Recon & Exploitation Tool.

Open Redirect scanner - (out of date)

红蓝对抗以及护网相关工具和资料，内存shellcode（cs+msf）和内存马查杀工具

Yet Another PHP Shell - The most complete PHP reverse shell

Multi OTP Spam Amp/Paralell threads

A tool for fuzzing for ports that allow outgoing connections

👻Behold3r -- 收集指定网站的子域名，并可监控指定网站的子域名更新情况，发送变更报告至指定邮箱

This powershell script has got to run in remote hacked windows host, even for pivoting

Pentesting/Bugbounty Dockerfiles.

./kumasia php simple backdoor

Security program for recovering passwords and pen-testing servers, routers and IoT devices using brute-force password attacks.

This tool was created as a Proof of Concept to reveal the threats related to web service misconfiguration using CloudFlare as reverse proxy and WAF

List of Security Archives Tools and software, generally for facilitate security & penetration research. Opening it up to everyone will facilitate a knowledge transfer. Hopefully the initial set will grow and expand.

Nmap and NSE command line wrapper in the style of Metasploit

SMTP and IMAP checker / cracker for mailpass combolists with a user-friendly GUI, automated inbox test and many more features.

PoC Command and Control Server. Interact with clients through a private web interface, add new users for team sharing and more.

It's a Docker Environment for pentesting which having all the required tool for VAPT.

集漏洞验证和任务运行的一个框架

Bifrost C2. Open-source post-exploitation using Discord API

Dumain Bruteforcer - a fast and flexible domain bruteforcer

🌒 Shell command obfuscation to avoid detection systems

🚀 Takes minutes to explore the topology of all routable /24 prefixes in IPv4 address space. Now supports IPv6 scan!

ffffffff0x 团队维护的安全知识框架,内容包括不仅限于 web安全、工控安全、取证、应急、蓝队设施部署、后渗透、Linux安全、各类靶机writup

🔑 Hash type identifier (CLI & lib)

a fast password wordlist generator, Smartlist creation and password hybrid-mask analysis tool written in pure safe Rust

Tool to communicate with RPC services and check misconfigurations on NFS shares

Go library for credentials recovery

wifi attacks suite

A Powerful Penetration Tool For Automating Penetration Tasks Such As Local Privilege Escalation, Enumeration, Exfiltration and More... Use Or Build Automation Modules To Speed Up Your Cyber Security Life

🔑 ftpknocker is a multi-threaded scanner for finding anonymous FTP servers

Automated Pentest Tools Designed For Parrot Linux

PeekABoo tool can be used during internal penetration testing when a user needs to enable Remote Desktop on the targeted machine. It uses PowerShell remoting to perform this task. Note: Remote desktop is disabled by default on all Windows operating systems.

Python Script to help/automate the WiFi hacking exercises.

An advanced, yet simple, tunneling/pivoting tool that uses a TUN interface.

A tool for generating reverse shell payloads on the fly.

Multi source CVE/exploit parser.

Quick SQL Scanner, Dorker, Webshell injector PHP

Vaf is a cross-platform very advanced and fast web fuzzer written in nim

Rustcat(rcat) - The modern Port listener and Reverse shell

Tool that will request the public disclosures on a specific HackerOne program and show them in a localhost webserver.

Credentials Checking Framework

generates weak passwords based on current date

All In One Pentesting Tool For Recon & Auditing , Phone Number Lookup , Header , SSH Scan , SSL/TLS Scan & Much More.

整理一些内网常用渗透小工具