#Penetration-testing
Showing 60 of 1590 repositories tagged #penetration-testing, ranked by stars
A collection of various awesome lists for hackers, pentesters and security researchers
A list of useful payloads and bypass for Web Application Security and Pentest/CTF
Shannon is an autonomous, white-box AI pentester for web applications and APIs. It analyzes your source code, identifies attack vectors, and executes real exploits to prove vulnerabilities before they reach production.
Open-source AI penetration testing tool to find and fix your app’s vulnerabilities.
This repository is maintained by Omar Santos (@santosomar) and includes thousands of resources related to ethical hacking, bug bounties, digital forensics and incident response (DFIR), AI security, vulnerability research, exploit development, reverse engineering, and more. 🔥 Also check: https://hackertraining.org
817 structured cybersecurity skills for AI agents · Mapped to 6 frameworks: MITRE ATT&CK, NIST CSF 2.0, MITRE ATLAS, D3FEND, NIST AI RMF & MITRE F3 (Fight Fraud) · agentskills.io standard · Works with Claude Code, GitHub Copilot, Codex CLI, Cursor, Gemini CLI & 20+ platforms · 29 security domains · Apache 2.0
Fully autonomous AI Agents system capable of performing complex penetration testing tasks
A collection of hacking / penetration testing resources to make you better!
A collection of hacking tools, resources and references to practice ethical hacking.
Web path scanner
Automated Penetration Testing Agentic Framework Powered by Large Language Models
🐶 A curated list of Web Security materials and resources.
Osintgram is a OSINT tool on Instagram. It offers an interactive shell to perform analysis on Instagram account of any users by its nickname
hydra
Automated penetration testing & attack surface management platform. Recon, scan, exploit, report — 600+ exploits, 90+ integrations, 10K+ detections.
Nishang - Offensive PowerShell for red team, penetration testing and offensive security.
The Web Security Testing Guide is a comprehensive Open Source guide to testing the security of web applications and web services.
Tools and Techniques for Red Team / Penetration Testing
A powerful and open-source toolkit for hackers and security automation - 安全行业从业者自研开源扫描器合辑
reNgine is an automated reconnaissance framework for web applications with a focus on highly configurable streamlined recon process via Engines, recon data correlation and organization, continuous monitoring, backed by a database, and simple yet intuitive User Interface. reNgine makes it easy for penetration testers to gather reconnaissance with minimal configuration and with the help of reNgine's correlation, it just makes recon effortless.
Gather and update all available and newest CVEs with their PoC.
reconFTW is a tool designed to perform automated recon on a target domain by running the best set of tools to perform scanning and finding out vulnerabilities
Complete Mandiant Offensive VM (Commando VM), a fully customizable Windows-based pentesting virtual machine distribution. commandovm@mandiant.com
🔍 A collection of interesting, funny, and depressing search queries to plug into shodan.io 👩💻
渗透测试有关的POC、EXP、脚本、提权、小工具等---About penetration-testing python-script poc getshell csrf xss cms php-getshell domainmod-xss csrf-webshell cobub-razor cve rce sql sql-poc poc-exp bypass oa-getshell cve-cms
A list of web application security
Infection Monkey - An open-source adversary emulation platform
All about bug bounty (bypasses, payloads, and etc)
Next generation web scanner
A cheat sheet that contains common enumeration and attack methods for Windows Active Directory.
Open Source Vulnerability Management Platform
A Modern Orchestration Engine for Security
Top 100 Hacking & Security E-Books (Free Download)
An all-in-one hacking tool to remotely exploit Android devices using ADB and Metasploit-Framework to get a Meterpreter session.
An Information Security Reference That Doesn't Suck; https://rmusser.net/git/admin-2/Infosec_Reference for non-MS Git hosted version.
All-in-One Hacking Tools For Hackers! And more hacking tools! For termux.
A curated list of awesome infosec courses and training resources.
Penetration Testing Reference Bank - OSCP / PTP & PTX Cheatsheet
Study Notes For Web Hacking / Web安全学习笔记
Automated Penetration Testing Framework - Open-Source Vulnerability Scanner - Vulnerability Management
The AWS exploitation framework, designed for testing the security of Amazon Web Services environments.
Cameradar hacks its way into RTSP videosurveillance cameras
Free Security and Hacking eBooks
Grab cam shots & GPS location from target's phone front camera or PC webcam just sending a link.
⚡️An awesome list of the best Termux hacking tools
Villain is a high level stage 0/1 C2 framework that can handle multiple reverse TCP & HoaxShell-based shells, enhance their functionality with additional features (commands, utilities) and share them among connected sibling servers (Villain instances running on different machines).
Collection of the cheat sheets useful for pentesting
A Security Tool for Bug Bounty, Pentest and Red Teaming.
The LAZY script will make your life easier, and of course faster.
Knock Subdomain Scan
💀 Generate malicious PDF test files for testing phone-home callbacks, SSRF, XSS, NTLM credential theft, and data exfiltration in PDF viewers, converters, and web applications. Can be used with Burp Collaborator or Interact.sh
Web Application Security Scanner Framework
AI-powered bug bounty hunting from your terminal - recon, 20 vuln classes, autonomous hunting, and report generation. All inside Claude Code.
Awesome hacking is an awesome collection of hacking tools.
Practical Ethical Hacking Labs 🗡🛡
OSCP Cheat Sheet
Advanced vulnerability scanning with Nmap NSE
A huge chunk of my personal notes since I started playing CTFs and working as a Red Teamer.
😎 🔗 Awesome list about all kinds of resources for learning Ethical Hacking and Penetration Testing.
EMBA - The firmware security analyzer