Top 584 pentesting open source projects

被动式漏洞扫描系统

LKM rootkit for Linux Kernels 2.6.x/3.x/4.x/5.x (x86/x86_64 and ARM64)

Exploit Pack -The next generation exploit framework

linuxprivchecker.py -- a Linux Privilege Escalation Check Script

Web Content Discovery Tool

Reverse proxies cheatsheet

The Shadow Attack Framework

🔐 Lockdoor Framework : A Penetration Testing framework with Cyber Security Resources

Gorsair hacks its way into remote docker containers that expose their APIs

Web path scanner

Ruby on Rails Phishing Framework

Collection of misc IT Security related whitepapers, presentations, slides - hacking, bug bounty, web application security, XSS, CSRF, SQLi

Python based backdoor that uses Gmail to exfiltrate data through attachment. This RAT will help during red team engagements to backdoor any Windows machines. It tracks the user activity using screen capture and sends it to an attacker as an e-mail attachment.

Hacking Toolkit

A Powerful Subdomain Takeover Tool

Cross Site "Scripter" (aka XSSer) is an automatic -framework- to detect, exploit and report XSS vulnerabilities in web-based applications.

A web front-end for password cracking and analytics

Passphrase wordlist and hashcat rules for offline cracking of long, complex passwords

🔨 A modern multiple reverse shell sessions manager wrote in go

Advanced Web Shell

A graph-based tool for visualizing effective access and resource relationships in AWS environments.

BigBountyRecon tool utilises 58 different techniques using various Google dorks and open source tools to expedite the process of initial reconnaissance on the target organisation.

This repository contains cutting-edge open-source security tools (OST) for a red teamer and threat hunter.

hydra

A ruby script that scans for vulnerable & exploitable 3rd-party web applications on a network

This repository contains all the material from the talk "Esoteric sub-domain enumeration techniques" given at Bugcrowd LevelUp 2017 virtual conference

Collection of small security tools, mostly in Bash and Python. CTFs, Bug Bounty and other stuff.

Appsecco training course content on Attacking and Auditing Dockers Containers and Kubernetes Clusters

OSINT Tool: Generate username lists for companies on LinkedIn

A swiss army knife for pentesting networks

👻Stowaway -- Multi-hop Proxy Tool for pentesters

mXtract - Memory Extractor & Analyzer

Notes for taking the OSCP in 2097. Read in book form on GitBook

Dictionary collection project such as Pentesing, Fuzzing, Bruteforce and BugBounty. 渗透测试、SRC漏洞挖掘、爆破、Fuzzing等字典收集项目。

OWASP Juice Shop: Probably the most modern and sophisticated insecure web application

All releases of the security research group (a.k.a. hackers) The Hacker's Choice

All MITM attacks in one place.

Directory/File, DNS and VHost busting tool written in Go

NetCat for Windows

Useful tools and scripts during Penetration Testing engagements

Penetration Testing notes, resources and scripts

Open source pre-operation C2 server based on python and powershell

Internal penetration testing tool for Linux that can be used to enumerate OS information, domain information, shares, directories, and users through SMB.

JustTryHarder, a cheat sheet which will aid you through the PWK course & the OSCP Exam. (Inspired by PayloadAllTheThings)

Handbook of information collection for penetration testing and src

Dradis Framework: Colllaboration and reporting for IT Security teams

Fast web fuzzer written in Go

Credential stuffing engine built for security professionals

fireELF - Fileless Linux Malware Framework

Automatically Launch Google Hacking Queries Against A Target Domain

HostHunter a recon tool for discovering hostnames using OSINT techniques.

Intelligence tool but without API key

A framework for Backdoor development!

DNS Rebinding Exploitation Framework

Wi-Fi tools keep getting more and more accessible to beginners, and the Ehtools Framework is a framework of serious penetration tools that can be explored easily from within it. This powerful and simple tool can be used for everything from installing new add-ons to grabbing a WPA handshake in a matter of seconds. Plus, it's easy to install, set up, and utilize.

Quickly analyze and reverse engineer Android packages

Open source security auditing tool to search and dump system configuration. It allows you to generate reports in HTML or RAW-HTML formats.

A curated list of awesome privilege escalation

Extract endpoints from APK files

PacketWhisper: Stealthily exfiltrate data and defeat attribution using DNS queries and text-based steganography. Avoid the problems associated with typical DNS exfiltration methods. Transfer data between systems without the communicating devices directly connecting to each other or to a common endpoint. No need to control a DNS Name Server.