Top 584 pentesting open source projects

Sifter aims to be a fully loaded Op Centre for Pentesters

An Arch Linux repository for security professionals and enthusiasts. Done the Arch Way and optimized for i686, x86_64, ARMv6, ARMv7 and ARMv8.

For basic researches, top 25 vulnerability parameters that can be used in automation tools or manual recon. 🛡️⚔️🧙

Steganography brute-force utility to uncover hidden data inside files

Idiomatic nmap library for go developers

RedTeam/Pentest notes and experiments tested on several infrastructures related to professional engagements.

Probe endpoints consuming Java serialized objects to identify classes, libraries, and library versions on remote Java classpaths.

Automatic SQL injection and database takeover tool

Burpsuite-Plugins-Usage

Security Manage Framwork is a security management platform for enterprise intranet, which includes asset management, vulnerability management, account management, knowledge base management, security scanning automation function modules, and can be used for internal security management. This platform is designed to help Party A with fewer security personnel, complicated business lines, difficult periodic inspection and low automation to better achieve internal safety management.

Open-Source Ransomware As A Service for Linux, MacOS and Windows

An Information Security Reference That Doesn't Suck; https://rmusser.net/git/admin-2/Infosec_Reference for non-MS Git hosted version.

🤖 The Modern Port Scanner 🤖

Python 3.5+ DNS asynchronous brute force utility

Python3 tool to perform password spraying using RDP

Open Redirect Payloads

Enumerate usernames on a domain where you have no creds by using SMB Relay with low priv.

My own OSCP guide

👻Impost3r -- A linux password thief

Attempting to be an all in one repo for others' userful aggressor scripts as well as things we've found useful during Red Team Operations.

swiss army knife for hackers

Scan .onion hidden services with nmap using Tor, proxychains and dnsmasq in a minimal alpine Docker container.

SQLi-Hunter is a simple HTTP / HTTPS proxy server and a SQLMAP API wrapper that makes digging SQLi easy.

A standalone python script which utilizes python's built-in modules to enumerate SUID binaries, separate default binaries from custom binaries, cross-match those with bins in GTFO Bin's repository & auto-exploit those, all with colors! ( ͡~ ͜ʖ ͡°)

Tactics, Techniques, and Procedures

Applied offensive security with Rust - Early access - https://academy.kerkour.com/black-hat-rust?coupon=GITHUB

Collection of pentesting scripts

Easy files and payloads delivery over DNS

Offensive Docker is an image with the more used offensive tools to create an environment easily and quickly to launch assessment to the targets.

👻 A LAN dropbox chatbot controllable via Telegram

Web Application Security Automation Framework which recons the target for various assets to maximize the attack surface for security professionals & bug-hunters

OSINT

A tool to automate penetration tests

Extract subdomains from SSL certificates in HTTPS sites.

A vulnerable Android application that shows simple examples of vulnerabilities in a ctf style.

This is a multi-use bash script for Linux systems to audit wireless networks.

Vajra is a highly customizable target and scope based automated web hacking framework to automate boring recon tasks and same scans for multiple target during web applications penetration testing.

Port of Wappalyzer (uncovers technologies used on websites) to automate mass scanning.

A fast DOM based XSS vulnerability scanner with simplicity.

Hetty is an HTTP toolkit for security research.

Web Pentesting Fuzz 字典,一个就够了。

Intercept, modify, repeat and attack Android's Binder transactions using Burp Suite

This repository contains full code examples from the book Gray Hat C#

Cloud Container Attack Tool (CCAT) is a tool for testing security of container environments.

Framework designed to automate various wireless networks attacks (the project was presented on Pentester Academy TV's toolbox in 2017).

THE ESP8266 HONEYPOT

Penetration Testing Reference Bank - OSCP / PTP & PTX Cheatsheet

A bash script for recon and DOS attacks

A REST API security testing framework.

tcp connection hijacker, rust rewrite of shijack

Next generation web scanner

巡风是一款适用于企业内网的漏洞快速应急，巡航扫描系统。

Faraday introduces a new concept - IPE (Integrated Penetration-Test Environment) a multiuser Penetration test IDE. Designed for distributing, indexing, and analyzing the data generated during a security audit.

Comprehensive Web Based Phishing Suite for Rapid Deployment and Real-Time Alerting!

IP Tools To quickly get information about IP Address's, Web Pages and DNS records.

Awesome cloud enumerator

Linux privilege escalation checks (systemd, dbus, socket fun, etc)

一款信息泄漏利用工具，适用于.git/.svn源代码泄漏和.DS_Store泄漏