Top 584 pentesting open source projects

The LAZY script will make your life easier, and of course faster.

Keyfinder🔑 is a tool that let you find keys while surfing the web!

Share of my Huge Collection of Cheatsheet (Coding, Cheat, Pinouts, Command Lists, Etc.)

Network Vulnerability Scanner

Wiki to collect Red Team infrastructure hardening resources

RSPET (Reverse Shell and Post Exploitation Tool) is a Python based reverse shell equipped with functionalities that assist in a post exploitation scenario.

Extracting URLs of a specific target based on the results of "commoncrawl.org"

The Mobile App Pentest cheat sheet was created to provide concise collection of high value information on specific mobile application penetration testing topics.

Physmem2profit can be used to create a minidump of a target hosts' LSASS process by analysing physical memory remotely

an easy pentesting tool.

🔭 Lightweight URL fuzzer and spider: Discover a web server's undisclosed files, directories and VHOSTs

Capture-the-Flag (CTF) environment setup tools for OWASP Juice Shop

Automated All-in-One OS Command Injection Exploitation Tool.

PHP function tracker

LeakScraper is an efficient set of tools to process and visualize huge text files containing credentials. Theses tools are designed to help penetration testers and redteamers doing OSINT by gathering credentials belonging to their target.

Dynamic file detection tool based on crawler 基于爬虫的动态敏感文件探测工具

Cameradar hacks its way into RTSP videosurveillance cameras

The Leading Security Assessment Framework for Android.

Penetration testing and auditing toolkit for Android apps.

An extensible toolkit providing penetration testers an easy-to-use platform to deploy Access Points during penetration testing and red team engagements.

Linux and Windows shellcode enrichment utility

AWS Identity and Access Management Visualizer and Anomaly Finder

A Virtual environment for Pentesting IoT Devices

🌔 Official Repository for DarkSpiritz Penetration Framework | Written in Python 🐍

This is my OSCP cheat sheet made by combining a lot of different resources online with a little bit of tweaking. I used this cheat sheet during my exam (Fri, 13 Sep 2019) and during the labs. I can proudly say it helped me pass so I hope it can help you as well ! Good Luck and Try Harder

Vagrant VirtualBox environment for conducting an internal network penetration test

Rockyou for web fuzzing

A simple wrapper for C# tools

Generates malicious LNK file payloads for data exfiltration

Enumerate and decrypt TeamViewer credentials from Windows registry

retrieve information via O365 with a valid cred

Spoof SSDP replies and create fake UPnP devices to phish for credentials and NetNTLM challenge/response.

Awesome Nmap Grep

The Web Security Testing Guide is a comprehensive Open Source guide to testing the security of web applications and web services.

web-based OSINT and reconaissance toolkit

Hawkeye filesystem analysis tool

File Inclusion & Directory Traversal fuzzing, enumeration & exploitation tool.

A backdoor with a multitude of features.

An automated e-mail OSINT tool

HRShell is an HTTPS/HTTP reverse shell built with flask. It is an advanced C2 server with many features & capabilities.

Captcha Intruder (CIntrud3r) is an automatic pentesting tool to bypass captchas.

DNS-Persist is a post-exploitation agent which uses DNS for command and control.

⚡️ Worlds fastest steghide cracker, chewing through millions of passwords per second ⚡️

A tool to fastly get all javascript sources/files

A Python tool used to automate the execution of the following tools : Nmap , Nikto and Dirsearch but also to automate the report generation during a Web Penetration Testing

A simple HTTP(S) and DNS Canary bot with Slack/Discord/MS Teams & Pushover support

Phishing Tool & Information Collector

🔍 A collection of interesting, funny, and depressing search queries to plug into shodan.io 👩‍💻

Evaluate the security of S3 buckets

Takes a single wordlist item and tests it one by one over a large collection of websites before moving onto the next. Create signatures to cross-check vulnerabilities over multiple hosts.

The all-in-one Red Team extension for Web Pentester 🛠

A CPU-based JSON Web Token (JWT) cracker and - to some extent - scanner.

Code from Blackhat Python book

Intelligence and Reconnaissance Package/Bundle installer.

Burp Suite extension to discover assets from HTTP response.

[POC] Asynchronous reverse shell using the HTTP protocol.

fully automated pentesting tool

Welcome to the page where you will find each trick/technique/whatever I have learnt in CTFs, real life apps, and reading researches and news.

Wordlist for content(directory) bruteforce discovering with Burp or dirsearch

An open source Android application that is intentionally vulnerable so as to act as a learning platform for Android application security beginners.