Top 584 pentesting open source projects

locate and attack Lync/Skype for Business

Selenium powered Python script to automate searching for vulnerable web apps.

pocsuite3 is an open-sourced remote vulnerability testing framework developed by the Knownsec 404 Team.

SpiderFoot automates OSINT for threat intelligence and mapping your attack surface.

Attack Surface Management Platform | Sn1perSecurity LLC

reNgine is an automated reconnaissance framework for web applications with a focus on highly configurable streamlined recon process via Engines, recon data correlation and organization, continuous monitoring, backed by a database, and simple yet intuitive User Interface. reNgine makes it easy for penetration testers to gather reconnaissance with…

Hundreds of Offensive and Useful Docker Images for Network Intrusion. The name says it all.

Docker image for Osmedeus, a fully automated offensive security tool for reconnaissance and vulnerability scanning

Port scanning and domain utility.

This repo will contain some basic pentest/RT commands.

A customizable, easy-to-navigate tool for researching, pen testing, and defending with the power of Shodan.

A python tool to check subdomain takeover vulnerability

Detects the algorithm of input JWT Token and provide options to generate the new JWT token based on the user selected algorithm.

Load a fresh new copy of ntdll.dll via file mapping to bypass API inline hook.

Linux Rootkits (4.x Kernel)

A fully automatic wifi deauther coded in Python

PowerShell SOCKS proxy with reverse proxy capabilities

Create a VPS on Google Cloud Platform or Digital Ocean easily with Offensive Docker included to launch assessment to the targets.

A pentesting tool inspired by mr robot and derived by zphisher

Just another script for automatize boolean-based blind SQL injections. (Demo)

Raven-Storm is a powerful DDoS toolkit for penetration tests, including attacks for several protocols written in python. Takedown many connections using several exotic and classic protocols.

Quick utility to craft executables for pentesting and managing reverse shells

Pre-connection attacks, gaining access & post-connection attacks on WEP, WPA & WPA2. 🛰✔️

🦄🔒 Awesome list of secrets in environment variables 🖥️

Quick tool for checking CVE-2020-0688 on multiple hosts with a non-intrusive method.

Intelligent XSS detection tool that uses human techniques for looking for reflected cross-site scripting (XSS) vulnerabilities

Command line tool that allows you to explore IoT devices by using Shodan API.

A Modular Framework for the Automated Vulnerability Analysis in IP-based Networks

Do some quick reconnaissance on a domain-based web-application

Repository of my CTF writeups

Facebook Write-ups, PoC, and exploitation codes:

List of every possible vulnerabilities in computer security.

Hashtopolis - A Hashcat wrapper for distributed hashcracking

SecurityExplained is a new series after the previous learning challenge series #Learn365. The aim of #SecurityExplained series is to create informational content in multiple formats and share with the community to enable knowledge creation and learning.

Capture-the-Flag (CTF) environment setup tools for OWASP Juice Shop supporting CTFd, FBCTF and RootTheBox

Summary of online learning materials

Botnet targeting Windows machines written entirely in Python & open source security project.

Yet Another PHP Shell - The most complete PHP reverse shell

Simple Keylogger with smtp to send emails on your account using python works on linux and Windows

🙈 Interactively find and recover deleted or 👉 overwritten 👈 files from your terminal

My documentation and tools for learn ethical hacking.

🏴‍☠️ tools (py3 version) of Black Hat Python book 🏴‍☠️

link is a command and control framework written in rust

A Tool for Domain Flyovers

Multi OTP Spam Amp/Paralell threads

EKOLABS esta dedicada para investigadores independientes y para la comunidad del Software Libre. Vamos a proveer de stands completos con monitor, alimentacion de energia y acceso a internet por cable, y vos vas a traer tu maquina para mostrar tu trabajo y responder preguntas de los participantes de Ekoparty Security Conference

pinky - The PHP mini RAT (Remote Administration Tool)

An actively maintained, Self curated notes related to android application security for security professionals, bugbounty hunters, pentesters, reverse engineer, and redteamers.

Misc. Public Reports of Penetration Testing and Security Audits.

Cybersecurity stuff for both the blue team and the red team, mostly red though.

This repository is used to store answers when resolving ctf challanges, how i came to that answer and the line of thought used to reach it.

Python-Based Pentesting CLI Tool

异步漏洞利用框架

An Advanced tool to Crack Any Password Protected PDF file. A very user friendly script especially for noob hackers.

Remote agent used for processing distributed jobs

Offensive Reverse Shell (Cheat Sheet)

👻Behold3r -- 收集指定网站的子域名，并可监控指定网站的子域名更新情况，发送变更报告至指定邮箱

TP-Link Archer T2U Plus / AC600 High Gain USB Wifi Adapter Review & Driver installation Guide for various platforms.

Graphical Web interface developed to facilitate the use of security information tools.

A tool that allows you to search for vulnerable android devices across the world and exploit them.