There are 43 repositories under penetration-testing-tools topic.
Next generation web scanner
Villain is a C2 framework that can handle multiple TCP socket & HoaxShell-based reverse shells, enhance their functionality with additional features (commands, utilities etc) and share them among connected sibling servers (Villain instances running on different machines).
一款适用于以HW行动/红队/渗透测试团队为场景的移动端(Android、iOS、WEB、H5、静态网站)信息收集扫描工具,可以帮助渗透测试工程师、攻击队成员、红队成员快速收集到移动端或者静态WEB站点中关键的资产信息并提供基本的信息输出,如:Title、Domain、CDN、指纹信息、状态信息等。
Kubesploit is a cross-platform post-exploitation HTTP/2 Command & Control server and agent written in Golang, focused on containerized environments.
Statically-linked ssh server with reverse shell functionality for CTFs and such
Dangerously fast DNS/network/port scanner
Web Cache Vulnerability Scanner is a Go-based CLI tool for testing for web cache poisoning. It is developed by Hackmanit GmbH (http://hackmanit.de/).
JustTryHarder, a cheat sheet which will aid you through the PWK course & the OSCP Exam. (Inspired by PayloadAllTheThings)
A rapid API for the Project Sonar dataset
A repository of tools for pentesting of restricted and isolated environments.
Spoofy is a program that checks if a list of domains can be spoofed based on SPF and DMARC records.
A command-line interface (CLI) based passive URLs discovery utility. It is designed to efficiently identify known URLs of given domains by tapping into a multitude of curated online passive sources.
A Golang implant that uses Slack as a command and control server
Redeye is a tool intended to help you manage your data during a pentest operation
Penetration Testing and Hacking CTF's Swiss Army Knife with: Reverse Shell Handling - Encoding/Decoding - Encryption/Decryption - Cracking Hashes / Hashing
Second-order subdomain takeover scanner
AI-Powered Ethical Hacking Assistant
Pen Test Report Generation and Assessment Collaboration
Collection of Pentest Notes and Cheatsheets from a lot of repos (SofianeHamlaoui,dostoevsky,mantvydasb,adon90,BriskSec)
Login hunter of default credentials for administrative web interfaces leveraging NNdefaccts dataset.
Little Bug Bounty & Hacking Tools⚔️
Nimbo-C2 is yet another (simple and lightweight) C2 framework
A Security Tool for Enumerating WebSockets
A tool to test security of json web token
Cervantes is an open-source, collaborative platform designed specifically for pentesters and red teams. It serves as a comprehensive management tool, streamlining the organization of projects, clients, vulnerabilities, and reports in a single, centralized location.