#Pentesting
Showing 60 of 1193 repositories tagged #pentesting, ranked by stars
Hunt down social media accounts by username across social networks
Shannon is an autonomous, white-box AI pentester for web applications and APIs. It analyzes your source code, identifies attack vectors, and executes real exploits to prove vulnerabilities before they reach production.
Automatic SQL injection and database takeover tool
๐ต๏ธโโ๏ธ Collect a dossier on a person by username from 3000+ sites
API, CLI, and Web App for analyzing and finding a person's profile in 1000 social media \ websites
Test your prompts, agents, and RAGs. Red teaming/pentesting/vulnerability scanning for AI. Compare performance of GPT, Claude, Gemini, DeepSeek, and more. Simple declarative configs with command line and CI/CD integration. Used by OpenAI and Anthropic.
โก Automatically decrypt encryptions without knowing the key or cipher, decode encodings, and crack hashes โก
๐ค The Modern Port Scanner ๐ค
SpiderFoot automates OSINT for threat intelligence and mapping your attack surface.
Fast web fuzzer written in Go
A collection of hacking tools, resources and references to practice ethical hacking.
Web path scanner
Useful tool to track location or mobile number
Directory/File, DNS and VHost busting tool written in Go
OWASP Juice Shop: Probably the most modern and sophisticated insecure web application
The OWASP Mobile Application Security Testing Guide (MASTG) is a comprehensive manual for mobile app security testing and reverse engineering. It describes technical processes for verifying the OWASP Mobile Security Weakness Enumeration (MASWE) weaknesses, which are in alignment with the OWASP MASVS.
hydra
Welcome to the page where you will find each trick/technique/whatever I have learnt in CTFs, real life apps, and reading researches and news.
An HTTP toolkit for security research.
This repository contains cutting-edge open-source security tools (OST) for a red teamer and threat hunter.
Automated penetration testing & attack surface management platform. Recon, scan, exploit, report โ 600+ exploits, 90+ integrations, 10K+ detections.
HexStrike AI MCP Agents is an advanced MCP server that lets AI agents (Claude, GPT, Copilot, etc.) autonomously run 150+ cybersecurity tools for automated pentesting, vulnerability discovery, bug bounty automation, and security research. Seamlessly bridge LLMs with real-world offensive security capabilities.
The recursive internet scanner for hackers. ๐งก
The Web Security Testing Guide is a comprehensive Open Source guide to testing the security of web applications and web services.
Cybersecurity AI (CAI), the framework for AI Security
A swiss army knife for pentesting networks
Pupy is an opensource, cross-platform (Windows, Linux, OSX, Android) C2 and post-exploitation framework written in python and C
reNgine is an automated reconnaissance framework for web applications with a focus on highly configurable streamlined recon process via Engines, recon data correlation and organization, continuous monitoring, backed by a database, and simple yet intuitive User Interface. reNgine makes it easy for penetration testers to gather reconnaissance with minimal configuration and with the help of reNgine's correlation, it just makes recon effortless.
You Know, For WEB Fuzzing !
Gather and update all available and newest CVEs with their PoC.
Android Full-Stack Device Control Platform: WebRTC/H.264 remote desktop, UI/OCR/image-matching automation, one-click MITM, built-in Frida, proxy/VPN/frp/P2P networking, MCP/Agent, 160+ APIs, designed for multi-device clusters and engineered deployments.
This is a multi-use bash script for Linux systems to audit wireless networks.
reconFTW is a tool designed to perform automated recon on a target domain by running the best set of tools to perform scanning and finding out vulnerabilities
๐ A collection of interesting, funny, and depressing search queries to plug into shodan.io ๐ฉโ๐ป
A list of web application security
An OSINT tool to search for accounts by username and email in social networks.
Next generation web scanner
A cheat sheet that contains common enumeration and attack methods for Windows Active Directory.
One place for all the default credentials to assist the Blue/Red teamers identifying devices with default password ๐ก๏ธ
Open Source Vulnerability Management Platform
A Modern Orchestration Engine for Security
Bjorn is a powerful network scanning and offensive security tool for the Raspberry Pi with a 2.13-inch e-Paper HAT. It discovers network targets, identifies open ports, exposed services, and potential vulnerabilities. Bjorn can perform brute force attacks, file stealing, host zombification, and supports custom attack scripts.
Reverse engineering and pentesting for Android applications
Monitor linux processes without root permissions
An all-in-one hacking tool to remotely exploit Android devices using ADB and Metasploit-Framework to get a Meterpreter session.
An Information Security Reference That Doesn't Suck; https://rmusser.net/git/admin-2/Infosec_Reference for non-MS Git hosted version.
Automated All-in-One OS Command Injection Exploitation Tool
Kubernetes Goat is a "Vulnerable by Design" cluster environment to learn and practice Kubernetes security using an interactive hands-on playground ๐
The Network Execution Tool
Penetration Testing Reference Bank - OSCP / PTP & PTX Cheatsheet
Study Notes For Web Hacking / Webๅฎๅ จๅญฆไน ็ฌ่ฎฐ
The ultimate WinRM shell for hacking/pentesting
Automated Penetration Testing Framework - Open-Source Vulnerability Scanner - Vulnerability Management
The Mobile App Pentest cheat sheet was created to provide concise collection of high value information on specific mobile application penetration testing topics.
Cameradar hacks its way into RTSP videosurveillance cameras
Simple, fast web crawler designed for easy, quick discovery of endpoints and assets within a web application
Complete Practical Study Plan to become a successful cybersecurity engineer based on roles like Pentest, AppSec, Cloud Security, DevSecOps and so on...
Phishing Tool & Information Collector
An advanced, yet simple, tunneling/pivoting tool that uses a TUN interface.
Autonomous Hacking Agent for Red Team