#Pentest

Showing 60 of 456 repositories tagged #pentest, ranked by stars

swisskyrepo
swisskyrepo
PayloadsAllTheThings

A list of useful payloads and bypass for Web Application Security and Pentest/CTF

Score
100
★ 79.0k ⑂ 17.2k +72/day
Python
qeeqbox
qeeqbox
social-analyzer

API, CLI, and Web App for analyzing and finding a person's profile in 1000 social media \ websites

Score
97
★ 23.4k ⑂ 2.2k +31/day
JavaScript
sundowndev
sundowndev
hacker-roadmap

A collection of hacking tools, resources and references to practice ethical hacking.

Score
94
★ 15.5k ⑂ 1.7k +23/day
nahamsec
nahamsec
Resources-for-Beginner-Bug-Bounty-Hunters

A list of resources for those interested in getting started in bug bounties

Score
93
★ 12.1k ⑂ 2.0k +7/day
vanhauser-thc
vanhauser-thc
thc-hydra

hydra

Score
100
★ 12.0k ⑂ 2.6k +19/day
C
horsicq
horsicq
Detect-It-Easy

Program for determining types of files for Windows, Linux and MacOS.

Score
100
★ 11.2k ⑂ 925 +41/day
JavaScript
A-poc
A-poc
RedTeam-Tools

Tools and Techniques for Red Team / Penetration Testing

Score
99
★ 9.4k ⑂ 1.3k +173/day
sensepost
sensepost
objection

📱 objection - runtime mobile exploration

Score
93
★ 9.2k ⑂ 986 +5/day
Python
Orange-Cyberdefense
Orange-Cyberdefense
GOAD

game of active directory

Score
100
★ 8.0k ⑂ 1.1k +15/day
PowerShell
epi052
epi052
feroxbuster

A fast, simple, recursive content discovery tool written in Rust.

Score
100
★ 7.9k ⑂ 624 +25/day
Rust
six2dez
six2dez
reconftw

reconFTW is a tool designed to perform automated recon on a target domain by running the best set of tools to perform scanning and finding out vulnerabilities

Score
99
★ 7.8k ⑂ 1.2k +60/day
Shell
yaklang
yaklang
yakit

Cyber Security ALL-IN-ONE Platform

Score
100
★ 7.6k ⑂ 817 +6/day
TypeScript
daffainfo
daffainfo
AllAboutBugBounty

All about bug bounty (bypasses, payloads, and etc)

Score
89
★ 6.8k ⑂ 1.3k +14/day
urbanadventurer
urbanadventurer
WhatWeb

Next generation web scanner

Score
99
★ 6.7k ⑂ 999 +14/day
Ruby
ihebski
ihebski
DefaultCreds-cheat-sheet

One place for all the default credentials to assist the Blue/Red teamers identifying devices with default password 🛡️

Score
90
★ 6.6k ⑂ 780 +3/day
Python
k8gege
k8gege
K8tools

K8工具合集(内网渗透/提权工具/远程溢出/漏洞利用/扫描工具/密码破解/免杀工具/Exploit/APT/0day/Shellcode/Payload/priviledge/BypassUAC/OverFlow/WebShell/PenTest) Web GetShell Exploit(Struts2/Zimbra/Weblogic/Tomcat/Apache/Jboss/DotNetNuke/zabbix)

Score
90
★ 6.2k ⑂ 2.1k +5/day
PowerShell
alpkeskin
alpkeskin
mosint

An automated e-mail OSINT tool

Score
46
★ 5.9k ⑂ 645 +10/day
Go
onlurking
onlurking
awesome-infosec

A curated list of awesome infosec courses and training resources.

Score
96
★ 5.7k ⑂ 748 +8/day
ffffffff0x
ffffffff0x
1earn

ffffffff0x 团队维护的安全知识框架,内容包括不仅限于 web安全、工控安全、取证、应急、蓝队设施部署、后渗透、Linux安全、各类靶机writup

Score
88
★ 5.7k ⑂ 1.3k +1/day
C++
Pennyw0rth
Pennyw0rth
NetExec

The Network Execution Tool

Score
86
★ 5.7k ⑂ 728 +6/day
Python
Hackplayers
Hackplayers
evil-winrm

The ultimate WinRM shell for hacking/pentesting

Score
98
★ 5.4k ⑂ 681 +5/day
Ruby
k8gege
k8gege
Ladon

Ladon大型内网渗透扫描器,PowerShell、Cobalt Strike插件、内存加载、无文件扫描。含端口扫描、服务识别、网络资产探测、密码审计、高危漏洞检测、漏洞利用、密码读取以及一键GetShell,支持批量A段/B段/C段以及跨网段扫描,支持URL、主机、域名列表扫描等。网络资产探测32种协议(ICMP\NBT\DNS\MAC\SMB\WMI\SSH\HTTP\HTTPS\Exchange\mssql\FTP\RDP)或方法快速获取目标网络存活主机IP、计算机名、工作组、共享资源、网卡地址、操作系统版本、网站、子域名、中间件、开放服务、路由器、交换机、数据库、打印机等,大量高危漏洞检测模块MS17010、Zimbra、Exchange

Score
87
★ 5.3k ⑂ 881
C#
UndeadSec
UndeadSec
SocialFish

Phishing Tool & Information Collector

Score
83
★ 4.8k ⑂ 1.4k +8/day
CSS
PurpleAILAB
PurpleAILAB
Decepticon

Autonomous Hacking Agent for Red Team

Score
99
★ 4.7k ⑂ 901 +53/day
Python
t3l3machus
t3l3machus
Villain

Villain is a high level stage 0/1 C2 framework that can handle multiple reverse TCP & HoaxShell-based shells, enhance their functionality with additional features (commands, utilities) and share them among connected sibling servers (Villain instances running on different machines).

Score
85
★ 4.4k ⑂ 691
Python
skerkour
skerkour
black-hat-rust

Applied offensive security with Rust - https://kerkour.com/black-hat-rust

Score
89
★ 4.4k ⑂ 434
Rust
coreb1t
coreb1t
awesome-pentest-cheat-sheets

Collection of the cheat sheets useful for pentesting

Score
86
★ 4.4k ⑂ 793
zan8in
zan8in
afrog

A Security Tool for Bug Bounty, Pentest and Red Teaming.

Score
92
★ 4.3k ⑂ 474 +3/day
Go
lcvvvv
lcvvvv
kscan

Kscan是一款纯go开发的全方位扫描器,具备端口扫描、协议检测、指纹识别,暴力破解等功能。支持协议1200+,协议指纹10000+,应用指纹20000+,暴力破解协议10余种。

Score
38
★ 4.3k ⑂ 550
Go
foospidy
foospidy
payloads

Git All the Payloads! A collection of web attack payloads.

Score
86
★ 4.0k ⑂ 991 +2/day
Shell
snooppr
snooppr
snoop

Snoop — инструмент разведки на основе открытых данных (OSINT world)

Score
98
★ 4.0k ⑂ 449 +3/day
Python
arainho
arainho
awesome-api-security

A collection of awesome API Security tools and resources. The focus goes to open-source tools and resources that benefit all the community.

Score
97
★ 3.9k ⑂ 649 +4/day
nixawk
nixawk
pentest-wiki

PENTEST-WIKI is a free online security knowledge library for pentesters / researchers. If you have a good idea, please share it with others.

Score
85
★ 3.7k ⑂ 934
Python
Astrosp
Astrosp
Awesome-OSINT-List

📡 Comprehensive collection of OSINT tools for cybersecurity professionals, researchers, and bug bounty hunters. Topics: information gathering, reverse search, red team, trust & safety, AI.

Score
98
★ 3.7k ⑂ 480 +31/day
Shell
swisskyrepo
swisskyrepo
SSRFmap

Automatic SSRF fuzzer and exploitation tool

Score
87
★ 3.6k ⑂ 570 +4/day
Python
0x4D31
0x4D31
awesome-oscp

A curated list of awesome OSCP resources

Score
84
★ 3.4k ⑂ 720
BlackArch
BlackArch
blackarch

An ArchLinux based distribution for penetration testers and security researchers.

Score
98
★ 3.4k ⑂ 663
Shell
lirantal
lirantal
awesome-nodejs-security

Awesome Node.js Security resources

Score
97
★ 3.0k ⑂ 294 +1/day
pwndoc
pwndoc
pwndoc

Pentest Report Generator

Score
97
★ 2.9k ⑂ 511 +4/day
JavaScript
Voorivex
Voorivex
pentest-guide

Penetration tests guide based on OWASP including test cases, resources and examples.

Score
82
★ 2.8k ⑂ 575 +2/day
rewardone
rewardone
OSCPRepo

A list of commands, scripts, resources, and more that I have gathered and attempted to consolidate for use as OSCP (and more) study material. Commands in 'Usefulcommands' Keepnote. Bookmarks and reading material in 'BookmarkList' CherryTree. Reconscan Py2 and Py3. Custom ISO building.

Score
83
★ 2.7k ⑂ 757 +2/day
C
bhavsec
bhavsec
reconspider

🔎 Most Advanced Open Source Intelligence (OSINT) Framework for scanning IP Address, Emails, Websites, Organizations.

Score
81
★ 2.7k ⑂ 365 +6/day
Python
cipher387
cipher387
Dorks-collections-list

List of Github repositories and articles with list of dorks for different search engines

Score
81
★ 2.7k ⑂ 389 +2/day
m0rtem
m0rtem
CloudFail

Utilize misconfigured DNS and old database records to find hidden IP's behind the CloudFlare network

Score
66
★ 2.6k ⑂ 523 +3/day
Python
TH3xACE
TH3xACE
SUDO_KILLER

A tool designed to exploit a privilege escalation vulnerability in the sudo program on Unix-like systems. It takes advantage of a specific misconfiguration or flaw in sudo to gain elevated privileges on the system, essentially allowing a regular user to execute commands as the root user.

Score
95
★ 2.5k ⑂ 264
Shell
m0nad
m0nad
Diamorphine

LKM rootkit for Linux Kernels 2.6.x/3.x/4.x/5.x/6.x (x86/x86_64 and ARM64)

Score
96
★ 2.4k ⑂ 482 +7/day
C
Ch0pin
Ch0pin
medusa

Mobile Edge-Dynamic Unified Security Analysis

Score
100
★ 2.3k ⑂ 318 +2/day
JavaScript
swisskyrepo
swisskyrepo
InternalAllTheThings

Active Directory and Internal Pentest Cheatsheets

Score
97
★ 2.3k ⑂ 428 +10/day
HTML
inonshk
inonshk
31-days-of-API-Security-Tips

This challenge is Inon Shkedy's 31 days API Security Tips.

Score
80
★ 2.2k ⑂ 350
lefayjey
lefayjey
linWinPwn

linWinPwn is a bash script that streamlines the use of a number of Active Directory tools

Score
96
★ 2.2k ⑂ 302
Shell
anouarbensaad
anouarbensaad
vulnx

vulnx 🕷️ an intelligent Bot, Shell can achieve automatic injection, and help researchers detect security vulnerabilities CMS system. It can perform a quick CMS security detection, information collection (including sub-domain name, ip address, country information, organizational information and time zone, etc.) and vulnerability scanning.

Score
80
★ 2.1k ⑂ 365 +1/day
Python
tom0li
tom0li
collection-document

Collection of quality safety articles. Awesome articles.

Score
80
★ 2.1k ⑂ 508
gquere
gquere
pwn_jenkins

Notes about attacking Jenkins servers

Score
79
★ 2.1k ⑂ 326 +1/day
Python
HolyBugx
HolyBugx
HolyTips

A Collection of Notes, Checklists, Writeups on Bug Bounty Hunting and Web Application Security.

Score
79
★ 2.0k ⑂ 335 +1/day
0xSteph
0xSteph
pentest-ai-agents

Turn Claude Code into your offensive security research assistant. Specialized AI subagents for authorized penetration testing plan engagements, analyze recon, research exploits, build detections, audit STIGs, and write reports.

Score
96
★ 2.0k ⑂ 388 +30/day
Shell
owtf
owtf
owtf

Offensive Web Testing Framework (OWTF), is a framework which tries to unite great tools and make pen testing more efficient http://owtf.org https://twitter.com/owtfp

Score
95
★ 1.9k ⑂ 487 +1/day
TypeScript
cytopia
cytopia
pwncat

pwncat - netcat on steroids with Firewall, IDS/IPS evasion, bind and reverse shell, self-injecting shell and port forwarding magic - and its fully scriptable with Python (PSE)

Score
78
★ 1.9k ⑂ 216
Shell
devploit
devploit
nomore403

🚫 Advanced tool for security researchers to bypass 403/40X restrictions through smart techniques and adaptive request manipulation. Fast. Precise. Effective.

Score
85
★ 1.8k ⑂ 209 +1/day
Go
metlo-labs
metlo-labs
metlo

Metlo is an open-source API security platform.

Score
75
★ 1.8k ⑂ 105
TypeScript
ron190
ron190
jsql-injection

jSQL Injection is a Java application for automatic SQL database injection.

Score
95
★ 1.8k ⑂ 440 +2/day
Java
Related Topics
#security#hacking#pentesting#penetration-testing#security-tools#infosec#cybersecurity#scanner#bugbounty#redteam#bug-bounty#osint

© 2026 GitRepoTrend · GitHub repositories by topic · Updated weekly