370 Open source projects that are alternatives of or similar to pentest-tools

Collect email addresses by crawling search engine results.

Fast tool to extract all subdomains from crt.sh website. Output will be up to sub.sub.sub.subdomain.com with standard and advanced search techniques

Automated Pentest Tools Designed For Parrot Linux

Web Penetration Testing with Kali Linux - Third Edition, published by Packt

An awesome collection of curated Cyber Security resources(Books, Tutorials, Blogs, Podcasts, ...)

Collection of penetration test reports and pentest report templates. Published by the the best security companies in the world.

Vaf is a cross-platform very advanced and fast web fuzzer written in nim

PENIOT: Penetration Testing Tool for IoT

Kali image with kali-linux-full metapackage installed, build every night.

Classic code from 1999+ I am fairly sure this is the first public polymorphic shellcode ever (best IMHO and others http://ids.cs.columbia.edu/sites/default/files/ccs07poly.pdf :) If I ever port this to 64 or implement a few other suggestions (sorry I lost ppc code version contributed) it will be orders of magnitude more difficult to spot, so I h…

An XMLRPC brute forcer targeting Wordpress written in Python 3. (DISCONTINUED)

This is an open source tool to dump the wifi profiles and cleartext passwords of the connected access points on the Windows machine. This tool will help you in a Wifi penetration testing. Furthermore, it is useful while performing red team or an internal infrastructure engagements.

Opening the door, one reverse shell at a time

A dictionary attack tool for PostgreSQL and MSSQL

Pass in a list of URLs with query strings, get back a unique list of URLs and query string combinations

Quick SQL Scanner, Dorker, Webshell injector PHP

Bash script that automates the enumeration of domains and DNS servers in the active information gathering.

CloudDefense.ai is an automated web application security testing tool that audits your web applications by checking for vulnerabilities like SQL Injection, Cross-site scripting and other exploitable vulnerabilities.

Collection of several DDos tools.

Microsoft Azure Exploitation Framework

Kali Intelligence Suite (KIS) shall aid in the fast, autonomous, central, and comprehensive collection of intelligence by executing standard penetration testing tools. The collected data is internally stored in a structured manner to allow the fast identification and visualisation of the collected information.

TryHackMe CTFs writeups, notes, drafts, scrabbles, files and solutions.

Docker - Ubuntu with a bunch of PenTesting tools and wordlists

Security Testing is not as simple as right click > Scan. It's messy, a tough game. What if you had missed to test just that one thing and had to regret later? Sh00t is a highly customizable, intelligent platform that understands the life of bug hunters and emphasizes on manual security testing.

A Python Hacking Library consisting of network scanner, arp spoofer and detector, dns spoofer, code injector, packet sniffer, network jammer, email sender, downloader, wireless password harvester credential harvester, keylogger, download&execute, ransomware, data harvestors, etc.

A script to configure a TP-Link MR3040 running OpenWRT into a simple, yet powerful penetration-testing "dropbox".

Wordpress 🔥 Joomla 🔥 Drupal 🔥 OsCommerce 🔥 Prestashop 🔥 Opencart 🔥

Script to spider a website and find publicly open S3 buckets

Multi source CVE/exploit parser.

Framework For Exploring kernel vulnerabilities, network vulnerabilities ✨

DevBrute is a Password Brute Forcer, It can Brute Force almost all Social Media Accounts or Any Web Application.

[WIP] Anti-Forensics ToolKit to clear post-intrusion sensible logfiles 🔥 (For Research Only)

Pentest: Subdomains enumeration tool for penetration testers.

Go library for credentials recovery

Penetration tests on SSH servers using brute force or dictionary attacks. Written in Python.

Automated Web Recon Shell Scripts

Login hunter of default credentials for administrative web interfaces leveraging NNdefaccts dataset.

recon-ng modules for Censys

This Script will produce all of the WPA2 Passwords used by various Router companies aswell as Fritzbox. All of these Passwords will be 16 Numbers in length. So it could get a bit large.

Cheat-Sheet of tools for penetration testing

Work in progress...

:.IP webcam penetration test suit.:

PowerShell payload generator

Bypassing FILTER_SANITIZE_EMAIL & FILTER_VALIDATE_EMAIL filters in filter_var for SQL Injection ( xD )

Turn PuTTY into an SSH login bruteforcing tool.

Exploit for Pulse Connect Secure SSL VPN arbitrary file read vulnerability (CVE-2019-11510)

In my computer security courses I make extensive usage of cheatsheets for various tools and extra materials to complement the student learning if they are willing to do so. I have decided to share them to enable others to take advantage of them

pure python remote adb scanner + nmap scan module

Command line tool for passive reconnaissance, able to gather and link public information to a target domain, company or individual. It can make intelligence gathering faster and more effective by drastically reducing manual user interaction. This is achieved through the engineering of a highly customisable single input to multiple output solutio…

Obtain GraphQL API Schema even if the introspection is not enabled

The LAZY script will make your life easier, and of course faster.

Tools used for Penetration testing / Red Teaming

Ary 是一个集成类工具，主要用于调用各种安全工具，从而形成便捷的一键式渗透。

graphw00f is GraphQL Server Engine Fingerprinting utility for software security professionals looking to learn more about what technology is behind a given GraphQL endpoint.

GoPhish Templates that I have retired and/or templates I've recreated.

Penetration Test Framwork

WordPress pentest tool

A simple, extensible C&C beaconing system.

Boxer: A fast directory bruteforce tool written in Python with concurrency.

pentest toolbox