#Pentest
Showing 60 of 456 repositories tagged #pentest, ranked by stars
A list of useful payloads and bypass for Web Application Security and Pentest/CTF
API, CLI, and Web App for analyzing and finding a person's profile in 1000 social media \ websites
A collection of hacking tools, resources and references to practice ethical hacking.
A list of resources for those interested in getting started in bug bounties
hydra
Program for determining types of files for Windows, Linux and MacOS.
Tools and Techniques for Red Team / Penetration Testing
📱 objection - runtime mobile exploration
game of active directory
A fast, simple, recursive content discovery tool written in Rust.
reconFTW is a tool designed to perform automated recon on a target domain by running the best set of tools to perform scanning and finding out vulnerabilities
Cyber Security ALL-IN-ONE Platform
All about bug bounty (bypasses, payloads, and etc)
Next generation web scanner
One place for all the default credentials to assist the Blue/Red teamers identifying devices with default password 🛡️
K8工具合集(内网渗透/提权工具/远程溢出/漏洞利用/扫描工具/密码破解/免杀工具/Exploit/APT/0day/Shellcode/Payload/priviledge/BypassUAC/OverFlow/WebShell/PenTest) Web GetShell Exploit(Struts2/Zimbra/Weblogic/Tomcat/Apache/Jboss/DotNetNuke/zabbix)
An automated e-mail OSINT tool
A curated list of awesome infosec courses and training resources.
ffffffff0x 团队维护的安全知识框架,内容包括不仅限于 web安全、工控安全、取证、应急、蓝队设施部署、后渗透、Linux安全、各类靶机writup
The Network Execution Tool
The ultimate WinRM shell for hacking/pentesting
Ladon大型内网渗透扫描器,PowerShell、Cobalt Strike插件、内存加载、无文件扫描。含端口扫描、服务识别、网络资产探测、密码审计、高危漏洞检测、漏洞利用、密码读取以及一键GetShell,支持批量A段/B段/C段以及跨网段扫描,支持URL、主机、域名列表扫描等。网络资产探测32种协议(ICMP\NBT\DNS\MAC\SMB\WMI\SSH\HTTP\HTTPS\Exchange\mssql\FTP\RDP)或方法快速获取目标网络存活主机IP、计算机名、工作组、共享资源、网卡地址、操作系统版本、网站、子域名、中间件、开放服务、路由器、交换机、数据库、打印机等,大量高危漏洞检测模块MS17010、Zimbra、Exchange
Phishing Tool & Information Collector
Autonomous Hacking Agent for Red Team
Villain is a high level stage 0/1 C2 framework that can handle multiple reverse TCP & HoaxShell-based shells, enhance their functionality with additional features (commands, utilities) and share them among connected sibling servers (Villain instances running on different machines).
Applied offensive security with Rust - https://kerkour.com/black-hat-rust
Collection of the cheat sheets useful for pentesting
A Security Tool for Bug Bounty, Pentest and Red Teaming.
Kscan是一款纯go开发的全方位扫描器,具备端口扫描、协议检测、指纹识别,暴力破解等功能。支持协议1200+,协议指纹10000+,应用指纹20000+,暴力破解协议10余种。
Git All the Payloads! A collection of web attack payloads.
Snoop — инструмент разведки на основе открытых данных (OSINT world)
A collection of awesome API Security tools and resources. The focus goes to open-source tools and resources that benefit all the community.
PENTEST-WIKI is a free online security knowledge library for pentesters / researchers. If you have a good idea, please share it with others.
📡 Comprehensive collection of OSINT tools for cybersecurity professionals, researchers, and bug bounty hunters. Topics: information gathering, reverse search, red team, trust & safety, AI.
Automatic SSRF fuzzer and exploitation tool
A curated list of awesome OSCP resources
An ArchLinux based distribution for penetration testers and security researchers.
Awesome Node.js Security resources
Pentest Report Generator
Penetration tests guide based on OWASP including test cases, resources and examples.
A list of commands, scripts, resources, and more that I have gathered and attempted to consolidate for use as OSCP (and more) study material. Commands in 'Usefulcommands' Keepnote. Bookmarks and reading material in 'BookmarkList' CherryTree. Reconscan Py2 and Py3. Custom ISO building.
🔎 Most Advanced Open Source Intelligence (OSINT) Framework for scanning IP Address, Emails, Websites, Organizations.
List of Github repositories and articles with list of dorks for different search engines
Utilize misconfigured DNS and old database records to find hidden IP's behind the CloudFlare network
A tool designed to exploit a privilege escalation vulnerability in the sudo program on Unix-like systems. It takes advantage of a specific misconfiguration or flaw in sudo to gain elevated privileges on the system, essentially allowing a regular user to execute commands as the root user.
LKM rootkit for Linux Kernels 2.6.x/3.x/4.x/5.x/6.x (x86/x86_64 and ARM64)
Mobile Edge-Dynamic Unified Security Analysis
Active Directory and Internal Pentest Cheatsheets
This challenge is Inon Shkedy's 31 days API Security Tips.
linWinPwn is a bash script that streamlines the use of a number of Active Directory tools
vulnx 🕷️ an intelligent Bot, Shell can achieve automatic injection, and help researchers detect security vulnerabilities CMS system. It can perform a quick CMS security detection, information collection (including sub-domain name, ip address, country information, organizational information and time zone, etc.) and vulnerability scanning.
Collection of quality safety articles. Awesome articles.
Notes about attacking Jenkins servers
A Collection of Notes, Checklists, Writeups on Bug Bounty Hunting and Web Application Security.
Turn Claude Code into your offensive security research assistant. Specialized AI subagents for authorized penetration testing plan engagements, analyze recon, research exploits, build detections, audit STIGs, and write reports.
Offensive Web Testing Framework (OWTF), is a framework which tries to unite great tools and make pen testing more efficient http://owtf.org https://twitter.com/owtfp
pwncat - netcat on steroids with Firewall, IDS/IPS evasion, bind and reverse shell, self-injecting shell and port forwarding magic - and its fully scriptable with Python (PSE)
🚫 Advanced tool for security researchers to bypass 403/40X restrictions through smart techniques and adaptive request manipulation. Fast. Precise. Effective.
Metlo is an open-source API security platform.
jSQL Injection is a Java application for automatic SQL database injection.