Top 584 pentesting open source projects

Python - Human Interface Device Android Attack Framework

XSS in pastebin.com and reddit.com via unsanitized markdown output

All in One CRACKER911181's Tool. This Tool For Hacking and Pentesting. 🎭

This powershell script has got to run in remote hacked windows host, even for pivoting

Exfiltration based on custom X509 certificates

One-click installer for Frida and Burp certs for SSL Pinning bypass

Pentesting/Bugbounty Dockerfiles.

A Collection of Notes, Checklists, Writeups on Bug Bounty Hunting and Web Application Security.

Contained is all my reference material for my OSCP preparation. Designed to be a one stop shop for code, guides, command syntax, and high level strategy. One simple clone and you have access to some of the most popular tools used for pentesting.

The ldapconsole script allows you to perform custom LDAP requests to a Windows domain.

./kumasia php simple backdoor

A Collection of articles, videos, blogs, talks and other materials on Node.js Security

🐱‍💻 ✂️ 🤬 CVE-2021-44228 - LOG4J Java exploit - WAF bypass tricks

365-Stealer is a phishing simualtion tool written in python3. It can be used to execute Illicit Consent Grant Attack.

All MITM attacks in one place.

Post-Exploitation 😎 module for Penetration Tester and Hackers.

The Attack Surface Detector uses static code analyses to identify web app endpoints by parsing routes and identifying parameters

Hacking, pen-testing, and cyber-security related tools built with Python.

Conote 综合安全测试平台社区版。

VulWebaju is a platform that automates setting up your pen-testing environment for learning purposes.

This tool was created as a Proof of Concept to reveal the threats related to web service misconfiguration using CloudFlare as reverse proxy and WAF

AV-evading Pythonic Reverse Shell with Dynamic Adaption Capabilities

onedrive user enumeration - pentest tool to enumerate valid onedrive users

Wordlists and passwords handcrafted with ♥

Nmap and NSE command line wrapper in the style of Metasploit

Damn Vulnerable Bank is designed to be an intentionally vulnerable android application. This provides an interface to assess your android application security hacking skills.

This repository contains wordlists for each versions of common web applications and content management systems (CMS). Each version contains a wordlist of all the files directories for this version.

Feature-rich Post Exploitation Framework with Network Pivoting capabilities.

Vulnerability assessment and penetration testing automation and reporting platform for teams.

Website Security, Antivirus & Firewall || a powerful application that can secure your website against hackers, attacks and other incidents of abuse

An automated tool to turn your ubuntu machine into a hacking lab

SMTP and IMAP checker / cracker for mailpass combolists with a user-friendly GUI, automated inbox test and many more features.

Cheatsheet to exploit and learn SQL Injection.

A collection of resources I'm using while working toward the OSCP

List of Bluetooth BR/EDR/LE security resources

Automatic Reverse Shell Generator

C# Based Universal API Unhooker

The ldap2json script allows you to extract the whole LDAP content of a Windows domain into a JSON file.

Simple directory brute-force tool written with python.

PoC Command and Control Server. Interact with clients through a private web interface, add new users for team sharing and more.

Little tool made in python to create payloads for Linux, Windows and OSX with unique handler

C++ Windows Reverse Shell - Universal DLL Hijack | SSL Encryption | Statically Linked

Community edition nuclei templates, a simple tool that allows you to organize all the Nuclei templates offered by the community in one place

Argus Advanced Remote & Local Keylogger For macOS and Windows

Get GTFOBins info about a given exploit from the command line

Dumain Bruteforcer - a fast and flexible domain bruteforcer

🧮 An online calculator to assess the risk of web vulnerabilities based on OWASP Risk Assessment

GoRAT (Go Remote Access Tool) is an extremely powerful reverse shell, file server, and control plane using HTTPS reverse tunnels as a transport mechanism.

Offensive tooling notes and experiments in AutoIt v3 (https://www.autoitscript.com/site/autoit/)

Nozzlr is a bruteforce framework, trully modular and script-friendly

X.509 Swiss Army Knife is a toolkit atop OpenSSL to ease generation of CAs and aid white-hat pentesting

Simple vueJS based command generator which I developed in order to learn vueJS a little bit more.

Perform various SMB-related attacks, particularly useful for testing large Active Directory environments.

MITMsmtp is an Evil SMTP Server for pentesting SMTP clients to catch login credentials and mails sent over plain or SSL encrypted connections.

Notes from OSCP, CTF, security adventures, etc...

EXIF-based command and control PoC

🔑 Hash type identifier (CLI & lib)

a fast password wordlist generator, Smartlist creation and password hybrid-mask analysis tool written in pure safe Rust

Pentesting tool for Minecraft

Astra is a tool to find URLs and secrets inside a webpage/files