#Pentest-tool
Showing 60 of 288 repositories tagged #pentest-tool, ranked by stars
Web path scanner
Extract and decrypt browser data, supporting multiple data types, runnable on various operating systems (macOS, Windows, Linux).
hydra
Automated penetration testing & attack surface management platform. Recon, scan, exploit, report — 600+ exploits, 90+ integrations, 10K+ detections.
httpx is a fast and multi-purpose HTTP toolkit that allows running multiple probes using the retryablehttp library.
OneForAll是一款功能强大的子域收集工具
reconFTW is a tool designed to perform automated recon on a target domain by running the best set of tools to perform scanning and finding out vulnerabilities
Official repository vuls Scan: 15000+PoCs; 23 kinds of application password crack; 7000+Web fingerprints; 146 protocols and 90000+ rules Port scanning; Fuzz, HW, awesome BugBounty( ͡° ͜ʖ ͡°)...
An all-in-one hacking tool to remotely exploit Android devices using ADB and Metasploit-Framework to get a Meterpreter session.
ffffffff0x 团队维护的安全知识框架,内容包括不仅限于 web安全、工控安全、取证、应急、蓝队设施部署、后渗透、Linux安全、各类靶机writup
The Network Execution Tool
An advanced, yet simple, tunneling/pivoting tool that uses a TUN interface.
The LAZY script will make your life easier, and of course faster.
A high performance offensive security tool for reconnaissance and vulnerability scanning
Automation for internal Windows Penetrationtest / AD-Security
Vulmap 是一款 web 漏洞扫描和验证工具, 可对 webapps 进行漏洞扫描, 并且具备漏洞验证功能
A minimalist command line knowledge base manager
👻Stowaway -- Multi-hop Proxy Tool for pentesters
All In One Web Recon
A tool designed to exploit a privilege escalation vulnerability in the sudo program on Unix-like systems. It takes advantage of a specific misconfiguration or flaw in sudo to gain elevated privileges on the system, essentially allowing a regular user to execute commands as the root user.
linWinPwn is a bash script that streamlines the use of a number of Active Directory tools
Venom - A Multi-hop Proxy for Penetration Testers
Asset discovery and identification tools 快速识别 Web 指纹信息,定位资产类型。辅助红队快速定位目标资产信息,辅助蓝队发现疑似脆弱点
红/蓝队环境自动化部署工具 | Red/Blue team environment automation deployment tool
Tool that monitors, analyzes and limits the bandwidth of devices on the local network without administrative access
pwncat - netcat on steroids with Firewall, IDS/IPS evasion, bind and reverse shell, self-injecting shell and port forwarding magic - and its fully scriptable with Python (PSE)
For basic researches, top 25 vulnerability parameters that can be used in automation tools or manual recon. 🛡️⚔️🧙
Gives you one-liners that aids in penetration testing operations, privilege escalation and more
iOS/macOS/Linux Remote Administration Tool
Guardian is a production-ready AI-powered penetration testing automation CLI tool that leverages Google Gemini and LangChain to orchestrate intelligent, step-by-step penetration testing workflows while maintaining ethical hacking standards.
Awesome Pentest Tools Collection
CloakifyFactory - Data Exfiltration & Infiltration In Plain Sight; Convert any filetype into list of everyday strings, using Text-Based Steganography; Evade DLP/MLS Devices, Defeat Data Whitelisting Controls, Social Engineering of Analysts, Evade AV Detection
ServerScan一款使用Golang开发的高并发网络扫描、服务探测工具。
RubberDucky like payloads for DigiSpark Attiny85
Asset inventory of over 800 public bug bounty programs.
CrimeFlare is a useful tool for bypassing websites protected by CloudFlare WAF, with this tool you can easily see the real IP of websites that have been protected by CloudFlare. The resulting information is certainly very useful for conducting further penetration testing, and analyzing websites with the same server.
Automatic SSTI detection tool with interactive interface
LinkedIn enumeration tool to extract valid employee names from an organization through search engine scraping
BigBountyRecon tool utilises 58 different techniques using various Google dorks and open source tools to expedite the process of initial reconnaissance on the target organisation.
🔐 Lockdoor Framework : A Penetration Testing framework with Cyber Security Resources
Penetration Testing Platform
Passhunt is a simple tool for searching of default credentials for network devices, web applications and more. Search through 523 vendors and their 2084 default passwords.
HostHunter a recon tool for discovering hostnames using OSINT techniques.
C2/post-exploitation framework
Awesome cloud enumerator
Perun是一款主要适用于乙方安服、渗透测试人员和甲方RedTeam红队人员的网络资产漏洞扫描器/扫描框架
:baby: BabySploit Beginner Pentesting Toolkit/Framework Written in Python :snake:
"Security Incidents In A Box!" A modular, menu-driven, cross-platform tool for building customized, time-delayed, distributed security events. Easily create custom event chains for Blue- & Red Team drills and sensor / alert mapping. Red Teams can create decoy incidents, distractions, and lures to support and scale their operations. Build event sequences ("narratives") to simulate realistic scenarios and generate corresponding network and filesystem artifacts.
MSDAT: Microsoft SQL Database Attacking Tool
基于ARL-V2.6.2修改后的版本
:key: Hash type identifier (CLI & lib)
🔍 An OSINT tool for discovering linked social accounts and associated emails across multiple platforms using a single username.
Hacking Toolkit
Wordpress Attack Suite
Subdomain and target enumeration tool built for offensive security testing
A literal credit-card sized computer with E-Paper display, ESP32 and NFC.
HackGPT Enterprise is a production-ready, cloud-native AI-powered penetration testing platform designed for enterprise security teams. It combines advanced AI, machine learning, microservices architecture, and comprehensive security frameworks to deliver professional-grade cybersecurity assessments.
WeirdAAL (AWS Attack Library)
JustTryHarder, a cheat sheet which will aid you through the PWK course & the OSCP Exam. (Inspired by PayloadAllTheThings)
Rustcat(rcat) - The modern Port listener and Reverse shell