There are 279 repositories under pentest topic.
A list of useful payloads and bypass for Web Application Security and Pentest/CTF
A collection of hacking tools, resources and references to practice ethical hacking.
API, CLI, and Web App for analyzing and finding a person's profile in 1000 social media \ websites
A list of resources for those interested in getting started in bug bounties
hydra
windows-kernel-exploits Windows平台提权漏洞集合
Program for determining types of files for Windows, Linux and MacOS.
All about bug bounty (bypasses, payloads, and etc)
A fast, simple, recursive content discovery tool written in Rust.
One place for all the default credentials to assist the Blue/Red teamers activities on finding devices with default password 🛡️
Tools and Techniques for Red Team / Penetration Testing
linux-kernel-exploits Linux平台提权漏洞集合
Next generation web scanner
ffffffff0x 团队维护的安全知识框架,内容包括不仅限于 web安全、工控安全、取证、应急、蓝队设施部署、后渗透、Linux安全、各类靶机writup
A curated list of awesome infosec courses and training resources.
Ladon大型内网渗透工具,可PowerShell模块化、可CS插件化、可内存加载,无文件扫描。含端口扫描、服务识别、网络资产探测、密码审计、高危漏洞检测、漏洞利用、密码读取以及一键GetShell,支持批量A段/B段/C段以及跨网段扫描,支持URL、主机、域名列表扫描等。Ladon 12.2内置262个功能,网络资产探测模块32个通过多种协议(ICMP\NBT\DNS\MAC\SMB\WMI\SSH\HTTP\HTTPS\Exchange\mssql\FTP\RDP)以及方法快速获取目标网络存活主机IP、计算机名、工作组、共享资源、网卡地址、操作系统版本、网站、子域名、中间件、开放服务、路由器、交换机、数据库、打印机等信息,高危漏洞检测16个含MS17010、Zimbra、Exchange
The ultimate WinRM shell for hacking/pentesting
Phishing Tool & Information Collector
Collection of the cheat sheets useful for pentesting
Villain is a C2 framework that can handle multiple TCP socket & HoaxShell-based reverse shells, enhance their functionality with additional features (commands, utilities etc) and share them among connected sibling servers (Villain instances running on different machines).
PENTEST-WIKI is a free online security knowledge library for pentesters / researchers. If you have a good idea, please share it with others.
Applied offensive security with Rust - https://kerkour.com/black-hat-rust
Automatic SSRF fuzzer and exploitation tool
A collection of awesome API Security tools and resources. The focus goes to open-source tools and resources that benefit all the community.
Awesome Node.js Security resources