Top 584 pentesting open source projects

SQLi Query Tampering extends and adds custom Payload Generator/Processor in Burp Suite's Intruder. This extension gives you the flexibility of manual testing with many powerful evasion techniques.

XENA is the managed remote administration platform for botnet creation & development powered by blockchain and machine learning. Aiming to provide an ecosystem which serves the bot herders. Favoring secrecy and resiliency over performance. It's micro-service oriented allowing for specialization and lower footprint. Join the community of the ulti…

bWAPP latest modified for PHP7

The Pentester's Swiss Army Knife

Tool to communicate with RPC services and check misconfigurations on NFS shares

Totally Insecure Web Application Project (TIWAP)

Multi-threaded XMLRPC brute forcer using amplification attacks targeting WordPress installations prior to version 4.4.

Binary String Toolkit (BST). Quickly and easily convert binary strings for all your exploit development needs. 😎

General stuff for pentesting - password cracking, phishing, automation, Kali, etc.

Offensive Infrastructure with Modern Technologies

The iOS Agent for the Needle Security Assessment Framework

Cybersecurity Career Path

Extracting Syscall Stub, Modernized

pentesting tool for noob hackers.Runs on linux and termux

WordPress pentest tool

A Python 3 standalone Windows 10 / Linux Rootkit using Tor.

wifi attacks suite

Collection of several DDos tools.

This is a repository that will be used to help create a process of a new kali vagrant box for hashicorp each week.

A Powerful Penetration Tool For Automating Penetration Tasks Such As Local Privilege Escalation, Enumeration, Exfiltration and More... Use Or Build Automation Modules To Speed Up Your Cyber Security Life

Pentester's Tools Parser (PTP) provides an unified way to retrieve the information from all (final goal) automated pentesting tools and assign an automated ranking for each finding.

Test your Security Skills, and Clean Code Development as a Pythonist, Hacker & Warrior 🥷🏻

A simple, extensible C&C beaconing system.

Framework For Exploring kernel vulnerabilities, network vulnerabilities ✨

recon-ng modules for Censys

WiFi Penetration Testing Guide

Exploit for Pulse Connect Secure SSL VPN arbitrary file read vulnerability (CVE-2019-11510)

The initial conversation slides and menu of scenarios

A £10 Rubber Ducky USB HID! A USB device which emulates a keyboard and automates key entry.

One stop place for exploiting Jira instances in your proximity

Tool to bypass 40X response codes.

Docker - Ubuntu with a bunch of PenTesting tools and wordlists

A useful wordlist made from French Canadian leaked passwords!

Boxer: A fast directory bruteforce tool written in Python with concurrency.

Collection of penetration test reports and pentest report templates. Published by the the best security companies in the world.

Automated Web Recon Shell Scripts

Information Security Library

Custom scripts for the PIPER Burp extensions.

🔑 ftpknocker is a multi-threaded scanner for finding anonymous FTP servers

Customized Kali Linux - Ansible playbook

Bash script that automates the enumeration of domains and DNS servers in the active information gathering.

A Python3 module to assist in fuzzing web applications

Find endpoints on GitHub.

Multi-threaded Padding Oracle attacks against any service. Written in Rust.

Wingkalabs (Linux) Wingkalabs es una máquina Virtual Linux intencionalmente vulnerable. Esta máquina virtual se puede utilizar para realizar entrenamientos de seguridad, probar herramientas de seguridad y practicar técnicas comunes de pruebas de penetración.

Script for doing evil stuff to Redis servers (for educational purposes only).

Customized Password/Passphrase List inputting Target Info

PeekABoo tool can be used during internal penetration testing when a user needs to enable Remote Desktop on the targeted machine. It uses PowerShell remoting to perform this task. Note: Remote desktop is disabled by default on all Windows operating systems.

Automated Enumeration Script for Pentesting

Python Script to help/automate the WiFi hacking exercises.

Espionaje y recopilación de Información

REST API backend for Reconmap

A basic AIX enumeration guide for penetration testers/red teamers

Framework for exploiting local vulnerabilities

A tool that allows you to convert NMAP results to html, csv, json, markdown, graphviz (dot). Simply put it's nmap converter.

OWASP Juice Shop: Probably the most modern and sophisticated insecure web application

A simple multi-threaded distributed SSH brute-forcing tool written in Python

A weird and wonderful console based tool for pentesting web applications

An advanced, yet simple, tunneling/pivoting tool that uses a TUN interface.

Intercept, modify, repeat and attack Android's Binder transactions using Burp Suite