All Categories β†’ Security β†’ pentesting

Top 487 pentesting open source projects

Keyfinder
KeyfinderπŸ”‘ is a tool that let you find keys while surfing the web!
Huge Collection Of Cheatsheet
Share of my Huge Collection of Cheatsheet (Coding, Cheat, Pinouts, Command Lists, Etc.)
Insectsawake
Network Vulnerability Scanner
Red Team Infrastructure Wiki
Wiki to collect Red Team infrastructure hardening resources
Rspet
RSPET (Reverse Shell and Post Exploitation Tool) is a Python based reverse shell equipped with functionalities that assist in a post exploitation scenario.
Cc.py
Extracting URLs of a specific target based on the results of "commoncrawl.org"
Mobileapp Pentest Cheatsheet
The Mobile App Pentest cheat sheet was created to provide concise collection of high value information on specific mobile application penetration testing topics.
Physmem2profit
Physmem2profit can be used to create a minidump of a target hosts' LSASS process by analysing physical memory remotely
Txtool
an easy pentesting tool.
Scout
πŸ”­ Lightweight URL fuzzer and spider: Discover a web server's undisclosed files, directories and VHOSTs
Juice Shop Ctf
Capture-the-Flag (CTF) environment setup tools for OWASP Juice Shop
Commix
Automated All-in-One OS Command Injection Exploitation Tool.
Leakscraper
LeakScraper is an efficient set of tools to process and visualize huge text files containing credentials. Theses tools are designed to help penetration testers and redteamers doing OSINT by gathering credentials belonging to their target.
Filesensor
Dynamic file detection tool based on crawler εŸΊδΊŽηˆ¬θ™«ηš„εŠ¨ζ€ζ•ζ„Ÿζ–‡δ»ΆζŽ’ζ΅‹ε·₯ε…·
Drozer
The Leading Security Assessment Framework for Android.
Androtickler
Penetration testing and auditing toolkit for Android apps.
Rogue
An extensible toolkit providing penetration testers an easy-to-use platform to deploy Access Points during penetration testing and red team engagements.
Shellab
Linux and Windows shellcode enrichment utility
Aaia
AWS Identity and Access Management Visualizer and Anomaly Finder
Iot Pt
A Virtual environment for Pentesting IoT Devices
Darkspiritz
πŸŒ” Official Repository for DarkSpiritz Penetration Framework | Written in Python 🐍
Oscp Cheat Sheet
This is my OSCP cheat sheet made by combining a lot of different resources online with a little bit of tweaking. I used this cheat sheet during my exam (Fri, 13 Sep 2019) and during the labs. I can proudly say it helped me pass so I hope it can help you as well ! Good Luck and Try Harder
Capsulecorp Pentest
Vagrant VirtualBox environment for conducting an internal network penetration test
Sharpattack
A simple wrapper for C# tools
✭ 211
dotnetpentesting
Lnkup
Generates malicious LNK file payloads for data exfiltration
Decryptteamviewer
Enumerate and decrypt TeamViewer credentials from Windows registry
✭ 205
pentesting
O365recon
retrieve information via O365 with a valid cred
Evil Ssdp
Spoof SSDP replies and create fake UPnP devices to phish for credentials and NetNTLM challenge/response.
Awesome Nmap Grep
Awesome Nmap Grep
Wstg
The Web Security Testing Guide is a comprehensive Open Source guide to testing the security of web applications and web services.
Doxbox
web-based OSINT and reconaissance toolkit
Hawkeye
Hawkeye filesystem analysis tool
Fdsploit
File Inclusion & Directory Traversal fuzzing, enumeration & exploitation tool.
Betterbackdoor
A backdoor with a multitude of features.
Hrshell
HRShell is an HTTPS/HTTP reverse shell built with flask. It is an advanced C2 server with many features & capabilities.
Cintruder
Captcha Intruder (CIntrud3r) is an automatic pentesting tool to bypass captchas.
Dns Persist
DNS-Persist is a post-exploitation agent which uses DNS for command and control.
Stegseek
⚑️ Worlds fastest steghide cracker, chewing through millions of passwords per second ⚑️
Webmap
A Python tool used to automate the execution of the following tools : Nmap , Nikto and Dirsearch but also to automate the report generation during a Web Penetration Testing
Knary
A simple HTTP(S) and DNS Canary bot with Slack/Discord/MS Teams & Pushover support
Socialfish
Phishing Tool & Information Collector
Awesome Shodan Queries
πŸ” A collection of interesting, funny, and depressing search queries to plug into shodan.io πŸ‘©β€πŸ’»
Slurp
Evaluate the security of S3 buckets
Crithit
Takes a single wordlist item and tests it one by one over a large collection of websites before moving onto the next. Create signatures to cross-check vulnerabilities over multiple hosts.
Jwtcat
A CPU-based JSON Web Token (JWT) cracker and - to some extent - scanner.
Burpsuite Asset discover
Burp Suite extension to discover assets from HTTP response.
Http Asynchronous Reverse Shell
[POC] Asynchronous reverse shell using the HTTP protocol.
Xerror
fully automated pentesting tool
Hacktricks
Welcome to the page where you will find each trick/technique/whatever I have learnt in CTFs, real life apps, and reading researches and news.
Content Bruteforcing Wordlist
Wordlist for content(directory) bruteforce discovering with Burp or dirsearch
Evabs
An open source Android application that is intentionally vulnerable so as to act as a learning platform for Android application security beginners.
1-60 of 487 pentesting projects