Top 584 pentesting open source projects

A tool to abuse Exchange services

One place for all the default credentials to assist the Blue/Red teamers activities on finding devices with default password 🛡️

Set of tools to audit SIP based VoIP Systems

Penetration Testing and Hacking CTF's Swiss Army Knife with: Reverse Shell Handling - Encoding/Decoding - Encryption/Decryption - Cracking Hashes / Hashing

🏴‍☠️ Information Gathering tool 🏴‍☠️ DNS / Subdomains / Ports / Directories enumeration

📡 A python program to create a fake AP and sniff data.

Human and machine readable web vulnerability testing format

Cross-Site Scripting (XSS) command line tool for testing lists of XSS payloads on web apps.

Adds a customizable "Send to..."-context-menu to your BurpSuite.

Arissploit Framework is a simple framework designed to master penetration testing tools. Arissploit Framework offers simple structure, basic CLI, and useful features for learning and developing penetration testing tools.

Linux enumeration tool for pentesting and CTFs with verbosity levels

An organizational asset and vulnerability management tool, with Jira integration, designed for generating application security reports.

Bella is a pure python post-exploitation data mining tool & remote administration tool for macOS. 🍎💻

Elasticsearch for Offensive Security

Abusing Certificate Transparency logs for getting HTTPS websites subdomains.

EmbedOS - Embedded security testing virtual machine

This repository is created only for infosec professionals whom work day to day basis to equip ourself with uptodate skillset, We can daily contribute daily one hour for day to day tasks and work on problem statements daily, Please contribute by providing problem statements and solutions

A Not So Very Intelligent Fuzzer: An advanced fuzzing framework designed to find vulnerabilities in C/C++ code.

my oscp prep collection

Container with all the list of useful tools/commands while hacking and pentesting Kubernetes Clusters

Automatic finder for subdomains vulnerable to takeover. Written in Go, based on @haccer's subjack.

Ransom0 is a open source ransomware made with Python, designed to find and encrypt user data.

A cheat sheet that contains common enumeration and attack methods for Windows Active Directory.

Go-deliver is a payload delivery tool coded in Go.

small python3 tool to check common vulnerabilities in SMTP servers

A phased, evasive Path Traversal + LFI scanning & exploitation tool in Python

Paramalyzer - Burp extension for parameter analysis of large-scale web application penetration tests.

A collection of public offensive and defensive security related scripts for InfoSec students.

A container repository for my public web hacks!

Fast Modular Web Interfaces Bruteforcer

A step-by-step walkthrough of CloudGoat 2.0 scenarios.

Script to automate PUT HTTP method exploitation to get shell

DeepSea Phishing Gear

mosquito - Automating reconnaissance and brute force attacks

Parse OpenAPI documents into Burp Suite for automating OpenAPI-based APIs security assessments (approved by PortSwigger for inclusion in their official BApp Store).

Command line tool to fetch, decode, brute-force and craft session cookies of a Flask application by guessing secret keys.

Automation for internal Windows Penetrationtest / AD-Security

Python3 script to parse txt files containing Mimikatz output

Let's you perform domain/IP information gathering... in BASH! Wasn't it esr who said "With enough eyeballs, all your IP info are belong to us?"

A Python3 based single-file subdomain enumerator

Collection of Pentest Notes and Cheatsheets from a lot of repos (SofianeHamlaoui,dostoevsky,mantvydasb,adon90,BriskSec)

Reverse Shell as a Service

WaTF Bank - What a Terrible Failure Mobile Banking Application for Android and iOS

BlackRAT - Java Based Remote Administrator Tool

Thoron Framework is a Linux post-exploitation framework that exploits Linux TCP vulnerability to provide a shell-like connection. Thoron Framework has the ability to create simple payloads to provide Linux TCP attack.

Exploit pack for pentesters and ethical hackers.

🏴‍☠️ Tools for pentesting, CTFs & wargames. 🏴‍☠️

The Collective. A repo for a collection of red-team projects found mostly on Github.

zynix-Fusion is a framework that aims to centralize, standardizeand simplify the use of various security tools for pentest professionals.zynix-Fusion (old name: Linux evil toolkit) has few simple commands, one of which is theinit function that allows you to define a target, and thus use all the toolswithout typing anything else.

🔪 Leak git repositories from misconfigured websites

Utilize misconfigured DNS and old database records to find hidden IP's behind the CloudFlare network

A set of recipes useful in pentesting and red teaming scenarios

Responsive Command and Control System

Venom - A Multi-hop Proxy for Penetration Testers

Uses Empire's (https://github.com/BC-SECURITY/Empire) RESTful API to automate gaining Domain and/or Enterprise Admin rights in Active Directory environments using some of the most common offensive TTPs.

An extensible application for penetration testers and software developers to decode/encode data into various formats.

Python3 script to perform LDAP queries and enumerate users, groups, and computers from Windows Domains. Ldap_Search can also perform brute force/password spraying to identify valid accounts via LDAP.

The best Hacking and PenTesting tools installer on the world

The Robot Security Framework (RSF), Robot Security Framework (RSF), a standardized methodology to perform security assessments in robotics.

Subdomain Takeover tool written in Go