All Categories → Security → pentesting

Top 584 pentesting open source projects

Killchain
A unified console to perform the "kill chain" stages of attacks.
Attiny85
RubberDucky like payloads for DigiSpark Attiny85
Java Deserialization Cheat Sheet
The cheat sheet about Java Deserialization vulnerabilities
Enumdb
Relational database brute force and post exploitation tool for MySQL and MSSQL
Zap Cli
A simple tool for interacting with OWASP ZAP from the commandline.
Pspy
Monitor linux processes without root permissions
Zerodoor
A script written lazily for generating cross-platform backdoors on the go :)
Pycat
Python network tool, similar to Netcat with custom features.
Invoke Apex
A PowerShell-based toolkit and framework consisting of a collection of techniques and tradecraft for use in red team, post-exploitation, adversary simulation, or other offensive security tasks.
Git Scanner
A tool for bug hunting or pentesting for targeting websites that have open .git repositories available in public
Firecrack
🔥 Firecrack pentest tools: Facebook hacking random attack, deface, admin finder, bing dorking:
✭ 157
pentesting
Rescope
Rescope is a tool geared towards pentesters and bugbounty researchers, that aims to make life easier when defining scopes for Burp Suite and OWASP ZAP.
Web2attack
Web hacking framework with tools, exploits by python
Jalesc
Just Another Linux Enumeration Script: A Bash script for locally enumerating a compromised Linux box
Autosint
Tool to automate common OSINT tasks
Airmaster
Use ExpiredDomains.net and BlueCoat to find useful domains for red team.
Wwwolf Php Webshell
WhiteWinterWolf's PHP web shell
Crackmapextreme
For all your network pentesting needs
Wincmdfu
Windows one line commands that make life easier, shortcuts and command line fu.
Mida Multitool
Bash script purposed for system enumeration, vulnerability identification and privilege escalation.
Burpsuite Xkeys
A Burp Suite Extension to extract interesting strings (key, secret, token, or etc.) from a webpage.
Fuxploider
File upload vulnerability scanner and exploitation tool.
Sqlite Lab
This code is vulnerable to SQL Injection and having SQLite database. For SQLite database, SQL Injection payloads are different so it is for fun. Just enjoy it \m/
Quiver
Quiver is the tool to manage all of your tools for bug bounty hunting and penetration testing.
Networm
Python network worm that spreads on the local network and gives the attacker control of these machines.
Silentbridge
Silentbridge is a toolkit for bypassing 802.1x-2010 and 802.1x-2004.
Evilosx
An evil RAT (Remote Administration Tool) for macOS / OS X.
Xssmap
XSSMap 是一款基于 Python3 开发用于检测 XSS 漏洞的工具
Xorpass
Encoder to bypass WAF filters using XOR operations
Awesome Csirt
Awesome CSIRT is an curated list of links and resources in security and CSIRT daily activities.
Dedsploit
Network protocol auditing framework
Trigmap
A wrapper for Nmap to quickly run network scans
Jsonp
jsonp is a Burp Extension which attempts to reveal JSONP functionality behind JSON endpoints. This could help reveal cross-site script inclusion vulnerabilities or aid in bypassing content security policies.
Reconness
ReconNess is a platform to allow continuous recon (CR) where you can set up a pipeline of #recon tools (Agents) and trigger it base on schedule or events.
Cloud Buster
A Cloudflare resolver that works
Poc T
渗透测试插件化并发框架 / Open-sourced remote vulnerability PoC/EXP framework
Dnstricker
A simple dns resolver of dns-record and web-record log server for pentesting
Awesome Mobile Security
An effort to build a single place for all useful android and iOS security related stuff. All references and tools belong to their respective owners. I'm just maintaining it.
Aggressor scripts
A collection of useful scripts for Cobalt Strike
Asnip
ASN target organization IP range attack surface mapping for reconnaissance, fast and lightweight
Pidrila
Python Interactive Deepweb-oriented Rapid Intelligent Link Analyzer
Subrake
A Subdomain Enumeration and Validation tool for Bug Bounty and Pentesters.
Gtfoblookup
Offline command line lookup utility for GTFOBins (https://github.com/GTFOBins/GTFOBins.github.io) and LOLBAS (https://github.com/LOLBAS-Project/LOLBAS)
Spaces Finder
A tool to hunt for publicly accessible DigitalOcean Spaces
Ssrf Testing
SSRF (Server Side Request Forgery) testing resources
Ratel
RAT-el is an open source penetration test tool that allows you to take control of a windows machine. It works on the client-server model, the server sends commands and the client executes the commands and sends the result back to the server. The client is completely undetectable by anti-virus software.
61-120 of 584 pentesting projects