penetration-testing-tools
There are 43 repositories under penetration-testing-tools topic.
urbanadventurer / WhatWeb
Next generation web scanner
Language:Ruby 5093- Language:Go 4669
- Language:Go 3626
t3l3machus / Villain
Villain is a C2 framework that can handle multiple TCP socket & HoaxShell-based reverse shells, enhance their functionality with additional features (commands, utilities etc) and share them among connected sibling servers (Villain instances running on different machines).
Language:Python 3561kelvinBen / AppInfoScanner
一款适用于以HW行动/红队/渗透测试团队为场景的移动端(Android、iOS、WEB、H5、静态网站)信息收集扫描工具,可以帮助渗透测试工程师、攻击队成员、红队成员快速收集到移动端或者静态WEB站点中关键的资产信息并提供基本的信息输出,如:Title、Domain、CDN、指纹信息、状态信息等。
Language:Python 2893- cloudfoxLanguage:Go 1787
cyberark / kubesploit
Kubesploit is a cross-platform post-exploitation HTTP/2 Command & Control server and agent written in Golang, focused on containerized environments.
Language:Go 1077- Language:Go 993
Fahrj / reverse-ssh
Statically-linked ssh server with reverse shell functionality for CTFs and such
Language:Go 871Esc4iCEscEsc / skanuvaty
Dangerously fast DNS/network/port scanner
Language:Rust 860Hackmanit / Web-Cache-Vulnerability-Scanner
Web Cache Vulnerability Scanner is a Go-based CLI tool for testing for web cache poisoning. It is developed by Hackmanit GmbH (http://hackmanit.de/).
Language:Go 802- JustTryHarder
sinfulz / JustTryHarder
JustTryHarder, a cheat sheet which will aid you through the PWK course & the OSCP Exam. (Inspired by PayloadAllTheThings)
Language:Python 774 R0X4R / Garud
An automation tool that scans sub-domains, sub-domain takeover, then filters out XSS, SSTI, SSRF, and more injection point parameters and scans for some low hanging vulnerabilities automatically.
Language:Shell 750- SSTImapLanguage:Python 640
Cgboal / SonarSearch
A rapid API for the Project Sonar dataset
Language:Go 634- Language:Python 602
InfosecMatter / Minimalistic-offensive-security-tools
A repository of tools for pentesting of restricted and isolated environments.
Language:PowerShell 525MattKeeley / Spoofy
Spoofy is a program that checks if a list of domains can be spoofed based on SPF and DMARC records.
Language:Python 525hueristiq / xurlfind3r
A command-line interface (CLI) based passive URLs discovery utility. It is designed to efficiently identify known URLs of given domains by tapping into a multitude of curated online passive sources.
Language:Go 520Coalfire-Research / Slackor
A Golang implant that uses Slack as a command and control server
Language:Python 452redeye-framework / Redeye
Redeye is a tool intended to help you manage your data during a pentest operation
Language:JavaScript 451helich0pper / Karkinos
Penetration Testing and Hacking CTF's Swiss Army Knife with: Reverse Shell Handling - Encoding/Decoding - Encryption/Decryption - Cracking Hashes / Hashing
Language:PHP 391- Language:Shell 381
mhmdiaa / second-order
Second-order subdomain takeover scanner
Language:Go 359berylliumsec / nebula
AI-Powered Ethical Hacking Assistant
Language:Python 354factionsecurity / faction
Pen Test Report Generation and Assessment Collaboration
Language:JavaScript 352SofianeHamlaoui / Pentest-Notes
Collection of Pentest Notes and Cheatsheets from a lot of repos (SofianeHamlaoui,dostoevsky,mantvydasb,adon90,BriskSec)
Language:XSLT 332Login hunter of default credentials for administrative web interfaces leveraging NNdefaccts dataset.
Language:Lua 311A tool to be used in post exploitation phase for blue and red teams to bypass APPLICATIONCONTROL policies
Language:C# 309edoardottt / lit-bb-hack-tools
Little Bug Bounty & Hacking Tools⚔️
Language:Go 304itaymigdal / Nimbo-C2
Nimbo-C2 is yet another (simple and lightweight) C2 framework
Language:Nim 292PalindromeLabs / STEWS
A Security Tool for Enumerating WebSockets
Language:Python 289DontPanicO / jwtXploiter
A tool to test security of json web token
Language:Python 258- cervantes
CervantesSec / cervantes
Cervantes is an open-source, collaborative platform designed specifically for pentesters and red teams. It serves as a comprehensive management tool, streamlining the organization of projects, clients, vulnerabilities, and reports in a single, centralized location.
Language:C# 248 - Language:Go 244
