penetration-testing-tools

There are 47 repositories under penetration-testing-tools topic.

• urbanadventurer / WhatWeb

  Next generation web scanner

  securitywebscannerrubypenetration-testingkali-linuxowasppenetration-testing-toolspenetration-testhackinghacking-toolsnetwork-securityreconappsecapplication-securitypentestingpentesting-toolspentestweb-hackingsecurity-tools
  Language:Ruby 5340

• drk1wi / Modlishka

  Modlishka. Reverse Proxy.

  phishingpenetration-testing-toolsmitmreverse-proxysecurity-tools
  Language:Go 4745

• cdk-team / CDK

  📦 Make security testing of K8s, Docker, and Containerd easier.

  penetrationpenetration-testing-toolskubernetesdockerhacktoolsk8s-penetration-toolkitk8slinuxexploitscloud-nativeblackhathitbcloud-native-securitycontainercontainer-escapecontainer-securitykernel-exploitationkubernetes-securityprivilege-escalationvulnerabilities
  Language:Go 3770

• t3l3machus / Villain

  Villain is a high level stage 0/1 C2 framework that can handle multiple TCP socket & HoaxShell-based reverse shells, enhance their functionality with additional features (commands, utilities) and share them among connected sibling servers (Villain instances running on different machines).

  open-sourcepentestpentestingreadteamingredteam-toolsredteamcybersecurityoffensive-securityc2hackinghacking-toolpenetration-testingpenetration-testing-tools
  Language:Python 3645

• kelvinBen / AppInfoScanner

  一款适用于以HW行动/红队/渗透测试团队为场景的移动端(Android、iOS、WEB、H5、静态网站)信息收集扫描工具，可以帮助渗透测试工程师、攻击队成员、红队成员快速收集到移动端或者静态WEB站点中关键的资产信息并提供基本的信息输出,如：Title、Domain、CDN、指纹信息、状态信息等。

  androidapkapk-dexhackinghacking-toolipanetwork-securitypenetration-testpenetration-testing-toolspython3scannersecuritysecurity-toolstoolsweb-hacking
  Language:Python 3051
• cloudfox

  BishopFox / cloudfox

  Automating situational awareness for cloud penetration tests.

  awscloudcloud-securitygolangpenetration-testing-toolssecurity
  Language:Go 1857

• cyberark / kubesploit

  Kubesploit is a cross-platform post-exploitation HTTP/2 Command & Control server and agent written in Golang, focused on containerized environments.

  containerskubernetespenetration-testing-frameworkpenetration-testing-toolsredteam-toolssecurity-toolssecuritypost-exploitationgolangred-teamsc2http2command-and-controlagent
  Language:Go 1089

• rhaidiz / broxy

  An HTTP/HTTPS intercept proxy written in Go.

  waptproxyinterceptorbroxyhttp-interceptorhackingsecurityhttp-proxyqt5-guigolangwebsecurityhttp-securitygoqt-wrapperpenetration-testingpenetration-testing-tools
  Language:Go 999

• Fahrj / reverse-ssh

  Statically-linked ssh server with reverse shell functionality for CTFs and such

  backdoorconptygolanghackingpenetration-testingpenetration-testing-toolsremote-admin-toolremote-shellreverse-shellsecuritysecurity-toolssshterminal
  Language:Go 898
• reverse_ssh

  NHAS / reverse_ssh

  SSH based reverse shell

  reverse-shellsshgolangscpproxyshellpentestingsftptunnelhackingpenteststatic-binaryconptypenetration-testing-toolssecurity-toolsterminal
  Language:Go 876

• Esc4iCEscEsc / skanuvaty

  Dangerously fast DNS/network/port scanner

  penetration-testingpenetration-testing-toolspentestingpentestdnsdns-clientsubdomain-scannersubdomain-enumerationscannerrustrust-langsecuritysecurity-toolscybersecurityosint-toolhacking-toolsredteamredteam-tools
  Language:Rust 872

• Hackmanit / Web-Cache-Vulnerability-Scanner

  Web Cache Vulnerability Scanner is a Go-based CLI tool for testing for web cache poisoning. It is developed by Hackmanit GmbH (http://hackmanit.de/).

  bugbountyhackinghacking-toolpenetration-testingpenetration-testing-toolspentestingscannersecuritysecurity-auditsecurity-scannersecurity-toolsvulnerability-scannersweb-cache
  Language:Go 828
• JustTryHarder

  sinfulz / JustTryHarder

  JustTryHarder, a cheat sheet which will aid you through the PWK course & the OSCP Exam. (Inspired by PayloadAllTheThings)

  oscptestingpenetrationpenetration-testingpenetration-testpenetration-test-frameworkpenetration-testing-toolspenetration-testspentestingpentestpentest-toolpentest-scriptspentesting-windowspentesterspentesting-networkspentesting-toolspentest-toolspentest-environmenthacktoberfesthacktoberfest-accepted
  Language:Python 785

• R0X4R / Garud

  An automation tool that scans sub-domains, sub-domain takeover, then filters out XSS, SSTI, SSRF, and more injection point parameters and scans for some low hanging vulnerabilities automatically.

  bugbountybugbountytipsbugbounty-toolreconnaissancesubdomain-takeovergolangbash-scriptpenetration-testingpenetration-testing-toolsgarudgf-patternsassetfindervulnerabilityvulnerability-scanner
  Language:Shell 763
• SSTImap

  vladko312 / SSTImap

  Automatic SSTI detection tool with interactive interface

  information-securitypenetration-testingpenetration-testing-toolspentestpentest-toolpentestingpentesting-toolsrcesstipython
  Language:Python 715

• jwt1399 / Sec-Tools

  🍉一款基于Python-Django的多功能Web安全渗透测试工具，包含漏洞扫描，端口扫描，指纹识别，目录扫描，旁站扫描，域名扫描等功能。

  djangopenetration-testing-toolspython3scan-toolsecurity-toolsvulnerability-scanners
  Language:Python 664

• x364e3ab6 / DudeSuite

  Dude Suite Web 渗透测试工具

  browserdudehackerpacketpenetration-testing-toolsscanscanner-webguihackertoolshydranmaptoolssqlmapacunetix-apiawvsawvs14acunetix14acunetix15awvs15dudesuite
  650

• Cgboal / SonarSearch

  A rapid API for the Project Sonar dataset

  subdomainenumerationbugbountypenetration-testingpenetration-testing-toolsdnssonar-apisubdomain-enumerationosintosint-toolrapid7
  Language:Go 639

• MattKeeley / Spoofy

  Spoofy is a program that checks if a list of domains can be spoofed based on SPF and DMARC records.

  application-securityappseccybersecuritydeliverabilitydmarcemail-securityemailsinfosecpenetration-testingpenetration-testing-toolspentestingphishingpythonpython3redteamsecurityspf
  Language:Python 597

• hueristiq / xurlfind3r

  A command-line interface (CLI) based passive URLs discovery utility. It is designed to efficiently identify known URLs of given domains by tapping into a multitude of curated online passive sources.

  osintpenetration-testingpenetration-testing-toolsbug-bountybug-bounty-toolsethical-hackingethical-hacking-toolsosint-toolsred-teamingred-teaming-toolsweb-securitycontentdiscoveryreconnaissancegogolang
  Language:Go 538

• InfosecMatter / Minimalistic-offensive-security-tools

  A repository of tools for pentesting of restricted and isolated environments.

  login-automationpowershellbrute-forcepenetration-testingwindowslogin-brute-force-attackspenetration-testing-toolssecurity-automationrestricted-environmentssecurity-auditsmbactive-directoryportscannerport-scannerport-scanningportscan
  Language:PowerShell 534

• Coalfire-Research / Slackor

  A Golang implant that uses Slack as a command and control server

  pentestgolangpythonc2penetration-testingpenetration-testing-toolsremote-admin-toolcommand-and-controlred-team
  Language:Python 458

• redeye-framework / Redeye

  Redeye is a tool intended to help you manage your data during a pentest operation

  blueteamframeworkknowledge-basepenetration-testingpenetration-testing-toolsredeyeredteam
  Language:JavaScript 458

• berylliumsec / nebula

  AI-Powered Ethical Hacking Assistant

  aicrackmapexecethical-hackingethical-hacking-toolsmachine-learningnmapvulnerability-scannerszapmetasploitnucleipenetration-testingpenetration-testing-toolsredteam-toolshackinghacking-tool
  Language:Python 403

• helich0pper / Karkinos

  Penetration Testing and Hacking CTF's Swiss Army Knife with: Reverse Shell Handling - Encoding/Decoding - Encryption/Decryption - Cracking Hashes / Hashing

  encryption-decryptioncracking-hasheshashing-algorithmsreverse-shellencoder-decoderpentestingpentest-toolsswiss-army-knifepenetration-testing-toolsctfctf-toolshacking-tools
  Language:PHP 391

• factionsecurity / faction

  Pen Test Report Generation and Assessment Collaboration

  application-securityhackingpenetration-testingpenetration-testing-toolspentestingreportingsecuritysecurity-auditsecurity-automationsecurity-toolssecurity-vulnerability
  Language:JavaScript 388

• MS-WEB-BN / t14m4t

  Automated brute-forcing attack tool.

  bruteforcebrute-forcebrute-force-attacksbrute-force-attackbrute-force-passwordshackinghacking-toolhacking-toolsnmapthc-hydrapenetration-testpenetration-testspenetration-testing-toolswrapper
  Language:Shell 382

• mhmdiaa / second-order

  Second-order subdomain takeover scanner

  securitysecurity-toolswordlistwordlist-generatorpenetration-testingpentestinginfosecreconreconnaissancemappingweb-application-securitypenetration-testing-toolscrawlercrawling
  Language:Go 369

• SofianeHamlaoui / Pentest-Notes

  Collection of Pentest Notes and Cheatsheets from a lot of repos (SofianeHamlaoui,dostoevsky,mantvydasb,adon90,BriskSec)

  sofianehamlaouisecuritysecurity-toolssecurity-auditcheatsheetsoffensive-securitypentestingpenetration-testingpenetration-testing-tools
  Language:XSLT 336

• itaymigdal / Nimbo-C2

  Nimbo-C2 is yet another (simple and lightweight) C2 framework

  c2command-and-controlpentesting-toolsratred-teamred-team-toolsc2-frameworkpayload-generatorpenetration-testing-tools
  Language:Nim 322

• ByteSnipers / awesome-pentest-cheat-sheets

  Collection of cheat sheets useful for pentesting

  cheat-sheetcheat-sheet-pentestpenetration-testingpenetration-testing-toolspentestpentest-cheat-sheetspentestingpentesting-resources
  316

• edoardottt / lit-bb-hack-tools

  Little Bug Bounty & Hacking Tools⚔️

  bug-bountybug-bounty-reconbugbountyclicli-toolctf-toolctf-toolshackinghacking-toolhacking-toolshacktoberfestinfosecinfosectoolspenetration-testing-toolssecurity-toolstools
  Language:Go 316

• InfosecMatter / default-http-login-hunter

  Login hunter of default credentials for administrative web interfaces leveraging NNdefaccts dataset.

  default-credentialsdefault-passwordhacking-toolnmapnmap-scriptspenetration-testingpenetration-testing-toolssecurity-auditsecurity-automation
  Language:Lua 314

• cyberark / Evasor

  A tool to be used in post exploitation phase for blue and red teams to bypass APPLICATIONCONTROL policies

  bypass-applocker-policiesfull-automatedpenetration-testing-toolspost-exploitation
  Language:C# 310

• PalindromeLabs / STEWS

  A Security Tool for Enumerating WebSockets

  penetration-testingpenetration-testing-toolssecurityweb-application-securitywebsocketwebsocket-securitywebsocketswebsockets-security
  Language:Python 306
• cervantes

  CervantesSec / cervantes

  Cervantes is an open-source, collaborative platform designed specifically for pentesters and red teams. It serves as a comprehensive management tool, streamlining the organization of projects, clients, vulnerabilities, and reports in a single, centralized location.

  hackingsecuritycollaborationcollaboration-platformnessuspenetration-testingpenetration-testing-toolspentestingvulnerabilityvulnerability-managementburpsuitecollaborativenmapred-teamred-teamingcvepentestersreportreportingaudit
  Language:C# 267