#Pentest-tool

Showing 60 of 288 repositories tagged #pentest-tool, ranked by stars

maurosoria
maurosoria
dirsearch

Web path scanner

Score
100
★ 14.5k ⑂ 2.4k +7/day
Python
moonD4rk
moonD4rk
HackBrowserData

Extract and decrypt browser data, supporting multiple data types, runnable on various operating systems (macOS, Windows, Linux).

Score
100
★ 14.3k ⑂ 1.8k +13/day
Go
vanhauser-thc
vanhauser-thc
thc-hydra

hydra

Score
100
★ 12.0k ⑂ 2.6k +19/day
C
1N3
1N3
Sn1per

Automated penetration testing & attack surface management platform. Recon, scan, exploit, report — 600+ exploits, 90+ integrations, 10K+ detections.

Score
100
★ 10.3k ⑂ 2.1k +16/day
Shell
projectdiscovery
projectdiscovery
httpx

httpx is a fast and multi-purpose HTTP toolkit that allows running multiple probes using the retryablehttp library.

Score
91
★ 10.1k ⑂ 1.1k +8/day
Go
shmilylty
shmilylty
OneForAll

OneForAll是一款功能强大的子域收集工具

Score
96
★ 9.9k ⑂ 1.4k +23/day
Python
six2dez
six2dez
reconftw

reconFTW is a tool designed to perform automated recon on a target domain by running the best set of tools to perform scanning and finding out vulnerabilities

Score
99
★ 7.8k ⑂ 1.2k +60/day
Shell
GhostTroops
GhostTroops
scan4all

Official repository vuls Scan: 15000+PoCs; 23 kinds of application password crack; 7000+Web fingerprints; 146 protocols and 90000+ rules Port scanning; Fuzz, HW, awesome BugBounty( ͡° ͜ʖ ͡°)...

Score
64
★ 6.1k ⑂ 716
Go
AzeemIdrisi
AzeemIdrisi
PhoneSploit-Pro

An all-in-one hacking tool to remotely exploit Android devices using ADB and Metasploit-Framework to get a Meterpreter session.

Score
88
★ 6.0k ⑂ 836 +9/day
Python
ffffffff0x
ffffffff0x
1earn

ffffffff0x 团队维护的安全知识框架,内容包括不仅限于 web安全、工控安全、取证、应急、蓝队设施部署、后渗透、Linux安全、各类靶机writup

Score
94
★ 5.7k ⑂ 1.3k +1/day
C++
Pennyw0rth
Pennyw0rth
NetExec

The Network Execution Tool

Score
92
★ 5.7k ⑂ 728 +6/day
Python
nicocha30
nicocha30
ligolo-ng

An advanced, yet simple, tunneling/pivoting tool that uses a TUN interface.

Score
82
★ 4.7k ⑂ 445 +12/day
Go
arismelachroinos
arismelachroinos
lscript

The LAZY script will make your life easier, and of course faster.

Score
92
★ 4.3k ⑂ 1.1k
Shell
evyatarmeged
evyatarmeged
Raccoon

A high performance offensive security tool for reconnaissance and vulnerability scanning

Score
99
★ 3.8k ⑂ 473 +28/day
Python
S3cur3Th1sSh1t
S3cur3Th1sSh1t
WinPwn

Automation for internal Windows Penetrationtest / AD-Security

Score
75
★ 3.7k ⑂ 536 +1/day
PowerShell
zhzyker
zhzyker
vulmap

Vulmap 是一款 web 漏洞扫描和验证工具, 可对 webapps 进行漏洞扫描, 并且具备漏洞验证功能

Score
90
★ 3.5k ⑂ 573
Python
gnebbia
gnebbia
kb

A minimalist command line knowledge base manager

Score
25
★ 3.4k ⑂ 114
Python
ph4ntonn
ph4ntonn
Stowaway

👻Stowaway -- Multi-hop Proxy Tool for pentesters

Score
73
★ 3.4k ⑂ 441 +3/day
Go
thewhiteh4t
thewhiteh4t
FinalRecon

All In One Web Recon

Score
85
★ 2.8k ⑂ 499 +6/day
Python
TH3xACE
TH3xACE
SUDO_KILLER

A tool designed to exploit a privilege escalation vulnerability in the sudo program on Unix-like systems. It takes advantage of a specific misconfiguration or flaw in sudo to gain elevated privileges on the system, essentially allowing a regular user to execute commands as the root user.

Score
97
★ 2.5k ⑂ 264
Shell
lefayjey
lefayjey
linWinPwn

linWinPwn is a bash script that streamlines the use of a number of Active Directory tools

Score
98
★ 2.2k ⑂ 302
Shell
Dliv3
Dliv3
Venom

Venom - A Multi-hop Proxy for Penetration Testers

Score
55
★ 2.2k ⑂ 357
Go
zhzyker
zhzyker
dismap

Asset discovery and identification tools 快速识别 Web 指纹信息,定位资产类型。辅助红队快速定位目标资产信息,辅助蓝队发现疑似脆弱点

Score
89
★ 2.2k ⑂ 271 +3/day
Go
ffffffff0x
ffffffff0x
f8x

红/蓝队环境自动化部署工具 | Red/Blue team environment automation deployment tool

Score
98
★ 2.1k ⑂ 295
Shell
bitbrute
bitbrute
evillimiter

Tool that monitors, analyzes and limits the bandwidth of devices on the local network without administrative access

Score
97
★ 2.0k ⑂ 365
Python
cytopia
cytopia
pwncat

pwncat - netcat on steroids with Firewall, IDS/IPS evasion, bind and reverse shell, self-injecting shell and port forwarding magic - and its fully scriptable with Python (PSE)

Score
87
★ 1.9k ⑂ 216
Shell
lutfumertceylan
lutfumertceylan
top25-parameter

For basic researches, top 25 vulnerability parameters that can be used in automation tools or manual recon. 🛡️⚔️🧙

Score
88
★ 1.8k ⑂ 280
D4Vinci
D4Vinci
One-Lin3r

Gives you one-liners that aids in penetration testing operations, privilege escalation and more

Score
94
★ 1.8k ⑂ 304
Python
lucasjacks0n
lucasjacks0n
EggShell

iOS/macOS/Linux Remote Administration Tool

Score
100
★ 1.8k ⑂ 385 +1/day
Objective-C
zakirkun
zakirkun
guardian-cli

Guardian is a production-ready AI-powered penetration testing automation CLI tool that leverages Google Gemini and LangChain to orchestrate intelligent, step-by-step penetration testing workflows while maintaining ethical hacking standards.

Score
100
★ 1.7k ⑂ 361 +10/day
Python
arch3rPro
arch3rPro
PentestTools

Awesome Pentest Tools Collection

Score
96
★ 1.7k ⑂ 354 +8/day
TryCatchHCF
TryCatchHCF
Cloakify

CloakifyFactory - Data Exfiltration & Infiltration In Plain Sight; Convert any filetype into list of everyday strings, using Text-Based Steganography; Evade DLP/MLS Devices, Defeat Data Whitelisting Controls, Social Engineering of Analysts, Evade AV Detection

Score
85
★ 1.7k ⑂ 237
Python
Adminisme
Adminisme
ServerScan

ServerScan一款使用Golang开发的高并发网络扫描、服务探测工具。

Score
45
★ 1.6k ⑂ 211 +2/day
Go
MTK911
MTK911
Attiny85

RubberDucky like payloads for DigiSpark Attiny85

Score
88
★ 1.6k ⑂ 405
C++
trickest
trickest
inventory

Asset inventory of over 800 public bug bounty programs.

Score
85
★ 1.6k ⑂ 282
Shell
zidansec
zidansec
CloudPeler

CrimeFlare is a useful tool for bypassing websites protected by CloudFlare WAF, with this tool you can easily see the real IP of websites that have been protected by CloudFlare. The resulting information is certainly very useful for conducting further penetration testing, and analyzing websites with the same server.

Score
83
★ 1.6k ⑂ 193
PHP
vladko312
vladko312
SSTImap

Automatic SSTI detection tool with interactive interface

Score
96
★ 1.6k ⑂ 176 +5/day
Python
m8sec
m8sec
CrossLinked

LinkedIn enumeration tool to extract valid employee names from an organization through search engine scraping

Score
65
★ 1.6k ⑂ 218 +8/day
Python
Viralmaniar
Viralmaniar
BigBountyRecon

BigBountyRecon tool utilises 58 different techniques using various Google dorks and open source tools to expedite the process of initial reconnaissance on the target organisation.

Score
84
★ 1.6k ⑂ 290 +4/day
C#
SofianeHamlaoui
SofianeHamlaoui
Lockdoor-Framework

🔐 Lockdoor Framework : A Penetration Testing framework with Cyber Security Resources

Score
85
★ 1.5k ⑂ 300 +1/day
Python
jeffzh3ng
jeffzh3ng
fuxi

Penetration Testing Platform

Score
83
★ 1.3k ⑂ 368
Python
Viralmaniar
Viralmaniar
Passhunt

Passhunt is a simple tool for searching of default credentials for network devices, web applications and more. Search through 523 vendors and their 2084 default passwords.

Score
80
★ 1.3k ⑂ 190
Python
SpiderLabs
SpiderLabs
HostHunter

HostHunter a recon tool for discovering hostnames using OSINT techniques.

Score
79
★ 1.2k ⑂ 192 +2/day
Python
loseys
loseys
BlackMamba

C2/post-exploitation framework

Score
62
★ 1.2k ⑂ 178
Python
0xsha
0xsha
CloudBrute

Awesome cloud enumerator

Score
78
★ 1.1k ⑂ 159 +2/day
Go
WyAtu
WyAtu
Perun

Perun是一款主要适用于乙方安服、渗透测试人员和甲方RedTeam红队人员的网络资产漏洞扫描器/扫描框架

Score
79
★ 1.1k ⑂ 244
Python
M4cs
M4cs
BabySploit

:baby: BabySploit Beginner Pentesting Toolkit/Framework Written in Python :snake:

Score
54
★ 1.0k ⑂ 148
HTML
TryCatchHCF
TryCatchHCF
DumpsterFire

"Security Incidents In A Box!" A modular, menu-driven, cross-platform tool for building customized, time-delayed, distributed security events. Easily create custom event chains for Blue- & Red Team drills and sensor / alert mapping. Red Teams can create decoy incidents, distractions, and lures to support and scale their operations. Build event sequences ("narratives") to simulate realistic scenarios and generate corresponding network and filesystem artifacts.

Score
78
★ 1.0k ⑂ 150
Python
quentinhardy
quentinhardy
msdat

MSDAT: Microsoft SQL Database Attacking Tool

Score
46
★ 1.0k ⑂ 146 +2/day
Python
ki9mu
ki9mu
ARL-plus-docker

基于ARL-V2.6.2修改后的版本

Score
50
★ 997 ⑂ 162
Shell
noraj
noraj
haiti

:key: Hash type identifier (CLI & lib)

Score
95
★ 988 ⑂ 59
Ruby
JackJuly
JackJuly
linkook

🔍 An OSINT tool for discovering linked social accounts and associated emails across multiple platforms using a single username.

Score
81
★ 987 ⑂ 118 +2/day
Python
fportantier
fportantier
habu

Hacking Toolkit

Score
77
★ 981 ⑂ 164
Python
n00py
n00py
WPForce

Wordpress Attack Suite

Score
58
★ 976 ⑂ 224 +1/day
Python
m8sec
m8sec
subscraper

Subdomain and target enumeration tool built for offensive security testing

Score
42
★ 966 ⑂ 108
Python
krauseler
krauseler
muxcard

A literal credit-card sized computer with E-Paper display, ESP32 and NFC.

Score
93
★ 909 ⑂ 24 +1/day
yashab-cyber
yashab-cyber
HackGpt

HackGPT Enterprise is a production-ready, cloud-native AI-powered penetration testing platform designed for enterprise security teams. It combines advanced AI, machine learning, microservices architecture, and comprehensive security frameworks to deliver professional-grade cybersecurity assessments.

Score
96
★ 900 ⑂ 184 +7/day
Python
carnal0wnage
carnal0wnage
weirdAAL

WeirdAAL (AWS Attack Library)

Score
35
★ 845 ⑂ 94 +1/day
Python
sinfulz
sinfulz
JustTryHarder

JustTryHarder, a cheat sheet which will aid you through the PWK course & the OSCP Exam. (Inspired by PayloadAllTheThings)

Score
95
★ 832 ⑂ 105 +1/day
Python
robiot
robiot
rustcat

Rustcat(rcat) - The modern Port listener and Reverse shell

Score
75
★ 812 ⑂ 64
Rust
Related Topics
#pentesting#penetration-testing#hacking#security#security-tools#pentest#bugbounty#hacking-tool#redteam#osint#infosec#cybersecurity

© 2026 GitRepoTrend · GitHub repositories by topic · Updated weekly