#Penetration-testing-tools

Showing 60 of 195 repositories tagged #penetration-testing-tools, ranked by stars

vxcontrol
vxcontrol
pentagi

Fully autonomous AI Agents system capable of performing complex penetration testing tasks

Score
100
★ 18.5k ⑂ 2.5k +414/day
Go
urbanadventurer
urbanadventurer
WhatWeb

Next generation web scanner

Score
100
★ 6.7k ⑂ 999 +14/day
Ruby
drk1wi
drk1wi
Modlishka

Modlishka. Reverse Proxy.

Score
86
★ 5.4k ⑂ 948 +9/day
Go
cdk-team
cdk-team
CDK

📦 Make security testing of K8s, Docker, and Containerd easier.

Score
71
★ 4.7k ⑂ 604 +3/day
Go
t3l3machus
t3l3machus
Villain

Villain is a high level stage 0/1 C2 framework that can handle multiple reverse TCP & HoaxShell-based shells, enhance their functionality with additional features (commands, utilities) and share them among connected sibling servers (Villain instances running on different machines).

Score
94
★ 4.4k ⑂ 691
Python
kelvinBen
kelvinBen
AppInfoScanner

一款适用于以HW行动/红队/渗透测试团队为场景的移动端(Android、iOS、WEB、H5、静态网站)信息收集扫描工具,可以帮助渗透测试工程师、攻击队成员、红队成员快速收集到移动端或者静态WEB站点中关键的资产信息并提供基本的信息输出,如:Title、Domain、CDN、指纹信息、状态信息等。

Score
100
★ 3.5k ⑂ 406
Python
BishopFox
BishopFox
cloudfox

Automating situational awareness for cloud penetration tests.

Score
57
★ 2.5k ⑂ 243 +1/day
Go
Armur-Ai
Armur-Ai
Pentest-Swarm-AI

Autonomous penetration testing using a swarm of AI agents. Orchestrates recon, classification, exploitation, and reporting specialists with ReAct reasoning — supports bug bounty, continuous monitoring, and CTF modes. Built with Go, Claude API, and 7+ native security tools.

Score
99
★ 2.0k ⑂ 401 +24/day
Go
Unclecheng-li
Unclecheng-li
VulnClaw

基于 AI Agent + MCP 工具链 + 渗透 Skill 编排, 配合大语言模型, 自然语言输入 → 自动完成「信息收集 → 漏洞发现 → 漏洞利用 → 报告生成」全流程。

Score
99
★ 2.0k ⑂ 274 +144/day
Python
vladko312
vladko312
SSTImap

Automatic SSTI detection tool with interactive interface

Score
98
★ 1.6k ⑂ 176 +5/day
Python
NHAS
NHAS
reverse_ssh

SSH based reverse shell

Score
98
★ 1.4k ⑂ 181 +9/day
Go
Hackmanit
Hackmanit
Web-Cache-Vulnerability-Scanner

Web Cache Vulnerability Scanner is a Go-based CLI tool for testing for web cache poisoning. It is developed by Hackmanit GmbH (http://hackmanit.de/).

Score
96
★ 1.2k ⑂ 161 +2/day
Go
SanMuzZzZz
SanMuzZzZz
LuaN1aoAgent

LuaN1aoAgent is a cognitive-driven AI hacker. It is a fully autonomous AI penetration testing agent, using dual-graph reasoning.

Score
97
★ 1.1k ⑂ 168 +15/day
Python
Fahrj
Fahrj
reverse-ssh

Statically-linked ssh server with reverse shell functionality for CTFs and such

Score
90
★ 1.0k ⑂ 150
Go
rhaidiz
rhaidiz
broxy

An HTTP/HTTPS intercept proxy written in Go.

Score
89
★ 1.0k ⑂ 54
Go
Esc4iCEscEsc
Esc4iCEscEsc
skanuvaty

Dangerously fast DNS/network/port scanner

Score
100
★ 924 ⑂ 90
Rust
jwt1399
jwt1399
Sec-Tools

🍉一款基于Python-Django的多功能Web安全渗透测试工具,包含漏洞扫描,端口扫描,指纹识别,目录扫描,旁站扫描,域名扫描等功能。

Score
33
★ 852 ⑂ 158
Python
sinfulz
sinfulz
JustTryHarder

JustTryHarder, a cheat sheet which will aid you through the PWK course & the OSCP Exam. (Inspired by PayloadAllTheThings)

Score
97
★ 832 ⑂ 105 +1/day
Python
R0X4R
R0X4R
Garud

An automation tool that scans sub-domains, sub-domain takeover, then filters out XSS, SSTI, SSRF, and more injection point parameters and scans for some low hanging vulnerabilities automatically.

Score
43
★ 810 ⑂ 181
Shell
MattKeeley
MattKeeley
Spoofy

Spoofy is a program that checks if a list of domains can be spoofed based on SPF and DMARC records.

Score
67
★ 768 ⑂ 82
Python
ZishanAdThandar
ZishanAdThandar
pentest

Pentesting and Bug Bounty Notes, Cheetsheets and Guide for Ethical Hacker, Whitehat Pentesters and CTF Players.

Score
96
★ 727 ⑂ 105 +1/day
PHP
hueristiq
hueristiq
xurlfind3r

A command-line utility designed to discover URLs for a given domain in a simple, efficient way. It works by gathering information from a variety of passive sources, meaning it doesn't interact directly with the target but instead gathers data that is already publicly available.

Score
29
★ 706 ⑂ 78
Go
Marven11
Marven11
EtherGhost

新一代Webshell管理器,兼容蚁剑与冰蝎的PHP webshell

Score
94
★ 684 ⑂ 52
Python
ByteSnipers
ByteSnipers
awesome-pentest-cheat-sheets

Collection of cheat sheets useful for pentesting

Score
85
★ 660 ⑂ 55 +1/day
Cgboal
Cgboal
SonarSearch

A rapid API for the Project Sonar dataset

Score
87
★ 656 ⑂ 95 +1/day
Go
factionsecurity
factionsecurity
faction

Pen Test Report Generation and Assessment Collaboration

Score
95
★ 595 ⑂ 63
Java
InfosecMatter
InfosecMatter
Minimalistic-offensive-security-tools

A repository of tools for pentesting of restricted and isolated environments.

Score
86
★ 595 ⑂ 121 +1/day
PowerShell
redeye-framework
redeye-framework
Redeye

Redeye is a tool intended to help you manage your data during a pentest operation

Score
82
★ 471 ⑂ 45
JavaScript
0xrajneesh
0xrajneesh
Ethical-Hacking-Projects-for-beginners

Hands-on ethical hacking projects for beginners, covering network scanning, web app testing, password cracking, honeypots, Wi-Fi auditing, phishing, and SQL injection.

Score
84
★ 471 ⑂ 121 +2/day
Coalfire-Research
Coalfire-Research
Slackor

A Golang implant that uses Slack as a command and control server

Score
84
★ 463 ⑂ 106
Python
CervantesSec
CervantesSec
cervantes

Cervantes is an open-source, collaborative platform designed specifically for pentesters and red teams. It serves as a comprehensive management tool, streamlining the organization of projects, clients, vulnerabilities, and reports in a single, centralized location.

Score
93
★ 442 ⑂ 69 +1/day
C#
MS-WEB-BN
MS-WEB-BN
t14m4t

Automated brute-forcing attack tool.

Score
82
★ 421 ⑂ 84 +3/day
Shell
DFW1N
DFW1N
DFW1N-OSINT

Australian Open Source Intelligence Gathering Resources, Australias Largest Open Source Intelligence Repository for Cyber Professionals and Ethical Hackers

Score
80
★ 419 ⑂ 58
helich0pper
helich0pper
Karkinos

Penetration Testing and Hacking CTF's Swiss Army Knife with: Reverse Shell Handling - Encoding/Decoding - Encryption/Decryption - Cracking Hashes / Hashing

Score
88
★ 417 ⑂ 85
PHP
mhmdiaa
mhmdiaa
second-order

Second-order subdomain takeover scanner

Score
92
★ 405 ⑂ 68
Go
SofianeHamlaoui
SofianeHamlaoui
Pentest-Notes

Collection of Pentest Notes and Cheatsheets

Score
83
★ 403 ⑂ 113
edoardottt
edoardottt
lit-bb-hack-tools

Little Bug Bounty & Hacking Tools⚔️

Score
92
★ 382 ⑂ 64
Go
PalindromeLabs
PalindromeLabs
STEWS

A Security Tool for Enumerating WebSockets

Score
78
★ 376 ⑂ 42
Python
Stratus-Security
Stratus-Security
Subdominator

The Internets #1 Subdomain Takeover Tool

Score
74
★ 310 ⑂ 28
C#
InfosecHouse
InfosecHouse
InfosecHouse

Tools & Resources for Cyber Security Operations

Score
91
★ 297 ⑂ 61
securitycipher
securitycipher
penetration-testing-roadmap

Complete Roadmap for Penetration Testing

Score
93
★ 296 ⑂ 53 +2/day
DontPanicO
DontPanicO
jwtXploiter

A tool to test security of json web token

Score
73
★ 290 ⑂ 33
Python
trickest
trickest
mksub

Generate tens of thousands of subdomain combinations in a matter of seconds

Score
72
★ 276 ⑂ 27
Go
Ixve
Ixve
Red-Team-Tools

Repo containing cracked red teaming tools.

Score
88
★ 243 ⑂ 51 +1/day
Batchfile
yakuza8
yakuza8
peniot

PENIOT: Penetration Testing Tool for IoT

Score
72
★ 234 ⑂ 54
Python
mhmdiaa
mhmdiaa
chronos

Wayback Machine OSINT Framework

Score
70
★ 233 ⑂ 42
Go
Warxim
Warxim
petep

PETEP (PEnetration TEsting Proxy) is an open-source Java application for traffic analysis & modification using TCP/UDP proxies. PETEP is a useful tool for performing penetration tests of applications with various application protocols. ⚡

Score
68
★ 228 ⑂ 22
Java
trickest
trickest
dsieve

Filter and enrich a list of subdomains by level

Score
66
★ 212 ⑂ 25
Go
putsi
putsi
privatecollaborator

A script for installing private Burp Collaborator with free Let's Encrypt SSL-certificate

Score
69
★ 211 ⑂ 46
Shell
MichaelDim02
MichaelDim02
Narthex

Modular personalized dictionary generator.

Score
65
★ 210 ⑂ 21
C
iomoath
iomoath
SharpStrike

A Post exploitation tool written in C# uses either CIM or WMI to query remote systems.

Score
69
★ 199 ⑂ 51
C#
trickest
trickest
mkpath

Make URL path combinations using a wordlist

Score
64
★ 174 ⑂ 28
Go
dev-angelist
dev-angelist
eWPTv2-Notes

INE/eLearnSecurity Web Application Penetration Tester (eWPTv2) Notes

Score
66
★ 173 ⑂ 43 +1/day
firetix
firetix
vibe-coding-penetration-tester

Vibe Coding? Cool story. But your vibe might be "security breach waiting to happen." Introducing VibePenTester, the AI pen-tester who rolls its eyes at your half-baked code, discovers your vulnerabilities faster than your coworkers discover free pizza, and gently bullies your web app into compliance. Less "vibe check," more "reality check."

Score
91
★ 172 ⑂ 34
Python
LiveGray
LiveGray
OPENORCHID

Collection of GoPhish templates available for legitimate usage.

Score
67
★ 171 ⑂ 47
HTML
trickest
trickest
find-gh-poc

Find CVE PoCs on GitHub

Score
63
★ 163 ⑂ 26
Go
t3l3machus
t3l3machus
Synergy-httpx

A Python http(s) server designed to assist in red teaming activities such as receiving intercepted data via POST requests and serving content dynamically (e.g. payloads).

Score
58
★ 140 ⑂ 17
Python
iomoath
iomoath
SharpSpray

Active Directory password spraying tool. Auto fetches user list and avoids potential lockouts.

Score
57
★ 132 ⑂ 21
C#
hueristiq
hueristiq
xsubfind3r

A command-line utility designed to discover subdomains for a given domain in a simple, efficient way. It works by gathering information from a variety of passive sources, meaning it doesn't interact directly with the target but instead gathers data that is already publicly available.

Score
87
★ 120 ⑂ 9
Go
paulveillard
paulveillard
cybersecurity-dark-web

A collection of awesome software, libraries, learning tutorials, documents, books & technical resources and cool stuff about dark web.

Score
53
★ 118 ⑂ 19 +1/day
Related Topics
#penetration-testing#pentesting#security#security-tools#hacking#pentest#cybersecurity#golang#hacking-tools#bugbounty#infosec#pentesting-tools

© 2026 GitRepoTrend · GitHub repositories by topic · Updated weekly