#Pentesting

Showing 60 of 1193 repositories tagged #pentesting, ranked by stars

sherlock-project
sherlock-project
sherlock

Hunt down social media accounts by username across social networks

Score
100
โ˜… 86.2k โ‘‚ 10.1k +134/day
Python
KeygraphHQ
KeygraphHQ
shannon

Shannon is an autonomous, white-box AI pentester for web applications and APIs. It analyzes your source code, identifies attack vectors, and executes real exploits to prove vulnerabilities before they reach production.

Score
100
โ˜… 45.6k โ‘‚ 5.3k +155/day
TypeScript
sqlmapproject
sqlmapproject
sqlmap

Automatic SQL injection and database takeover tool

Score
99
โ˜… 37.8k โ‘‚ 6.3k +43/day
Python
soxoj
soxoj
maigret

๐Ÿ•ต๏ธโ€โ™‚๏ธ Collect a dossier on a person by username from 3000+ sites

Score
98
โ˜… 35.1k โ‘‚ 2.7k +181/day
Python
qeeqbox
qeeqbox
social-analyzer

API, CLI, and Web App for analyzing and finding a person's profile in 1000 social media \ websites

Score
92
โ˜… 23.4k โ‘‚ 2.2k +31/day
JavaScript
promptfoo
promptfoo
promptfoo

Test your prompts, agents, and RAGs. Red teaming/pentesting/vulnerability scanning for AI. Compare performance of GPT, Claude, Gemini, DeepSeek, and more. Simple declarative configs with command line and CI/CD integration. Used by OpenAI and Anthropic.

Score
100
โ˜… 23.1k โ‘‚ 2.1k +112/day
TypeScript
bee-san
bee-san
Ciphey

โšก Automatically decrypt encryptions without knowing the key or cipher, decode encodings, and crack hashes โšก

Score
97
โ˜… 21.5k โ‘‚ 1.4k +18/day
Rust
bee-san
bee-san
RustScan

๐Ÿค– The Modern Port Scanner ๐Ÿค–

Score
100
โ˜… 20.1k โ‘‚ 1.3k +18/day
Rust
smicallef
smicallef
spiderfoot

SpiderFoot automates OSINT for threat intelligence and mapping your attack surface.

Score
95
โ˜… 19.3k โ‘‚ 3.2k +37/day
Python
ffuf
ffuf
ffuf

Fast web fuzzer written in Go

Score
97
โ˜… 16.3k โ‘‚ 1.6k +33/day
Go
sundowndev
sundowndev
hacker-roadmap

A collection of hacking tools, resources and references to practice ethical hacking.

Score
96
โ˜… 15.5k โ‘‚ 1.7k +23/day
maurosoria
maurosoria
dirsearch

Web path scanner

Score
94
โ˜… 14.5k โ‘‚ 2.4k +7/day
Python
HunxByts
HunxByts
GhostTrack

Useful tool to track location or mobile number

Score
69
โ˜… 14.4k โ‘‚ 1.9k +35/day
Python
OJ
OJ
gobuster

Directory/File, DNS and VHost busting tool written in Go

Score
100
โ˜… 13.9k โ‘‚ 1.6k +33/day
Go
juice-shop
juice-shop
juice-shop

OWASP Juice Shop: Probably the most modern and sophisticated insecure web application

Score
100
โ˜… 13.5k โ‘‚ 18.6k +3/day
TypeScript
OWASP
OWASP
mastg

The OWASP Mobile Application Security Testing Guide (MASTG) is a comprehensive manual for mobile app security testing and reverse engineering. It describes technical processes for verifying the OWASP Mobile Security Weakness Enumeration (MASWE) weaknesses, which are in alignment with the OWASP MASVS.

Score
93
โ˜… 13.0k โ‘‚ 2.8k +4/day
Python
vanhauser-thc
vanhauser-thc
thc-hydra

hydra

Score
100
โ˜… 12.0k โ‘‚ 2.6k +19/day
C
HackTricks-wiki
HackTricks-wiki
hacktricks

Welcome to the page where you will find each trick/technique/whatever I have learnt in CTFs, real life apps, and reading researches and news.

Score
100
โ˜… 11.8k โ‘‚ 3.1k +46/day
CSS
dstotijn
dstotijn
hetty

An HTTP toolkit for security research.

Score
94
โ˜… 11.7k โ‘‚ 746 +148/day
Go
infosecn1nja
infosecn1nja
Red-Teaming-Toolkit

This repository contains cutting-edge open-source security tools (OST) for a red teamer and threat hunter.

Score
99
โ˜… 10.5k โ‘‚ 2.4k +22/day
1N3
1N3
Sn1per

Automated penetration testing & attack surface management platform. Recon, scan, exploit, report โ€” 600+ exploits, 90+ integrations, 10K+ detections.

Score
100
โ˜… 10.3k โ‘‚ 2.1k +16/day
Shell
0x4m4
0x4m4
hexstrike-ai

HexStrike AI MCP Agents is an advanced MCP server that lets AI agents (Claude, GPT, Copilot, etc.) autonomously run 150+ cybersecurity tools for automated pentesting, vulnerability discovery, bug bounty automation, and security research. Seamlessly bridge LLMs with real-world offensive security capabilities.

Score
90
โ˜… 10.2k โ‘‚ 2.1k +68/day
Python
blacklanternsecurity
blacklanternsecurity
bbot

The recursive internet scanner for hackers. ๐Ÿงก

Score
91
โ˜… 10.1k โ‘‚ 876 +17/day
Python
OWASP
OWASP
wstg

The Web Security Testing Guide is a comprehensive Open Source guide to testing the security of web applications and web services.

Score
99
โ˜… 9.6k โ‘‚ 1.6k +16/day
aliasrobotics
aliasrobotics
cai

Cybersecurity AI (CAI), the framework for AI Security

Score
89
โ˜… 9.4k โ‘‚ 1.4k +31/day
Python
byt3bl33d3r
byt3bl33d3r
CrackMapExec

A swiss army knife for pentesting networks

Score
63
โ˜… 9.1k โ‘‚ 1.7k โ€”
Python
n1nj4sec
n1nj4sec
pupy

Pupy is an opensource, cross-platform (Windows, Linux, OSX, Android) C2 and post-exploitation framework written in python and C

Score
64
โ˜… 9.0k โ‘‚ 1.9k โ€”
Python
yogeshojha
yogeshojha
rengine

reNgine is an automated reconnaissance framework for web applications with a focus on highly configurable streamlined recon process via Engines, recon data correlation and organization, continuous monitoring, backed by a database, and simple yet intuitive User Interface. reNgine makes it easy for penetration testers to gather reconnaissance with minimal configuration and with the help of reNgine's correlation, it just makes recon effortless.

Score
99
โ˜… 8.7k โ‘‚ 1.3k +11/day
HTML
TheKingOfDuck
TheKingOfDuck
fuzzDicts

You Know, For WEB Fuzzing !

Score
66
โ˜… 8.4k โ‘‚ 2.5k +15/day
Python
trickest
trickest
cve

Gather and update all available and newest CVEs with their PoC.

Score
99
โ˜… 7.9k โ‘‚ 976 +7/day
HTML
firerpa
firerpa
lamda

Android Full-Stack Device Control Platform: WebRTC/H.264 remote desktop, UI/OCR/image-matching automation, one-click MITM, built-in Frida, proxy/VPN/frp/P2P networking, MCP/Agent, 160+ APIs, designed for multi-device clusters and engineered deployments.

Score
87
โ˜… 7.9k โ‘‚ 1.0k +10/day
Python
v1s1t0r1sh3r3
v1s1t0r1sh3r3
airgeddon

This is a multi-use bash script for Linux systems to audit wireless networks.

Score
99
โ˜… 7.8k โ‘‚ 1.3k โ€”
Shell
six2dez
six2dez
reconftw

reconFTW is a tool designed to perform automated recon on a target domain by running the best set of tools to perform scanning and finding out vulnerabilities

Score
99
โ˜… 7.8k โ‘‚ 1.2k +60/day
Shell
jakejarvis
jakejarvis
awesome-shodan-queries

๐Ÿ” A collection of interesting, funny, and depressing search queries to plug into shodan.io ๐Ÿ‘ฉโ€๐Ÿ’ป

Score
93
โ˜… 7.6k โ‘‚ 1.0k +14/day
infoslack
infoslack
awesome-web-hacking

A list of web application security

Score
99
โ˜… 7.0k โ‘‚ 1.3k +6/day
p1ngul1n0
p1ngul1n0
blackbird

An OSINT tool to search for accounts by username and email in social networks.

Score
60
โ˜… 6.9k โ‘‚ 772 +169/day
Python
urbanadventurer
urbanadventurer
WhatWeb

Next generation web scanner

Score
99
โ˜… 6.7k โ‘‚ 999 +14/day
Ruby
S1ckB0y1337
S1ckB0y1337
Active-Directory-Exploitation-Cheat-Sheet

A cheat sheet that contains common enumeration and attack methods for Windows Active Directory.

Score
99
โ˜… 6.7k โ‘‚ 1.3k +5/day
ihebski
ihebski
DefaultCreds-cheat-sheet

One place for all the default credentials to assist the Blue/Red teamers identifying devices with default password ๐Ÿ›ก๏ธ

Score
85
โ˜… 6.6k โ‘‚ 780 +3/day
Python
infobyte
infobyte
faraday

Open Source Vulnerability Management Platform

Score
86
โ˜… 6.6k โ‘‚ 1.1k +5/day
Python
j3ssie
j3ssie
osmedeus

A Modern Orchestration Engine for Security

Score
91
โ˜… 6.5k โ‘‚ 1.0k +2/day
Go
infinition
infinition
Bjorn

Bjorn is a powerful network scanning and offensive security tool for the Raspberry Pi with a 2.13-inch e-Paper HAT. It discovers network targets, identifies open ports, exposed services, and potential vulnerabilities. Bjorn can perform brute force attacks, file stealing, host zombification, and supports custom attack scripts.

Score
76
โ˜… 6.1k โ‘‚ 358 +11/day
Python
androguard
androguard
androguard

Reverse engineering and pentesting for Android applications

Score
84
โ˜… 6.1k โ‘‚ 1.1k +4/day
Python
DominicBreuker
DominicBreuker
pspy

Monitor linux processes without root permissions

Score
83
โ˜… 6.1k โ‘‚ 570 +4/day
Go
AzeemIdrisi
AzeemIdrisi
PhoneSploit-Pro

An all-in-one hacking tool to remotely exploit Android devices using ADB and Metasploit-Framework to get a Meterpreter session.

Score
78
โ˜… 6.0k โ‘‚ 836 +9/day
Python
rmusser01
rmusser01
Infosec_Reference

An Information Security Reference That Doesn't Suck; https://rmusser.net/git/admin-2/Infosec_Reference for non-MS Git hosted version.

Score
97
โ˜… 6.0k โ‘‚ 1.2k +2/day
CSS
commixproject
commixproject
commix

Automated All-in-One OS Command Injection Exploitation Tool

Score
83
โ˜… 5.8k โ‘‚ 934 +10/day
Python
madhuakula
madhuakula
kubernetes-goat

Kubernetes Goat is a "Vulnerable by Design" cluster environment to learn and practice Kubernetes security using an interactive hands-on playground ๐Ÿš€

Score
98
โ˜… 5.7k โ‘‚ 1.0k +7/day
HTML
Pennyw0rth
Pennyw0rth
NetExec

The Network Execution Tool

Score
80
โ˜… 5.7k โ‘‚ 728 +6/day
Python
OlivierLaflamme
OlivierLaflamme
Cheatsheet-God

Penetration Testing Reference Bank - OSCP / PTP & PTX Cheatsheet

Score
92
โ˜… 5.6k โ‘‚ 1.3k +1/day
LyleMi
LyleMi
Learn-Web-Hacking

Study Notes For Web Hacking / Webๅฎ‰ๅ…จๅญฆไน ็ฌ”่ฎฐ

Score
79
โ˜… 5.4k โ‘‚ 943 +10/day
Python
Hackplayers
Hackplayers
evil-winrm

The ultimate WinRM shell for hacking/pentesting

Score
98
โ˜… 5.4k โ‘‚ 681 +5/day
Ruby
OWASP
OWASP
Nettacker

Automated Penetration Testing Framework - Open-Source Vulnerability Scanner - Vulnerability Management

Score
82
โ˜… 5.3k โ‘‚ 1.1k +8/day
Python
tanprathan
tanprathan
MobileApp-Pentest-Cheatsheet

The Mobile App Pentest cheat sheet was created to provide concise collection of high value information on specific mobile application penetration testing topics.

Score
85
โ˜… 5.2k โ‘‚ 1.3k +4/day
Ullaakut
Ullaakut
cameradar

Cameradar hacks its way into RTSP videosurveillance cameras

Score
89
โ˜… 5.1k โ‘‚ 623 +3/day
Go
hakluke
hakluke
hakrawler

Simple, fast web crawler designed for easy, quick discovery of endpoints and assets within a web application

Score
54
โ˜… 5.1k โ‘‚ 537 +3/day
Go
jassics
jassics
security-study-plan

Complete Practical Study Plan to become a successful cybersecurity engineer based on roles like Pentest, AppSec, Cloud Security, DevSecOps and so on...

Score
98
โ˜… 5.0k โ‘‚ 628 +3/day
UndeadSec
UndeadSec
SocialFish

Phishing Tool & Information Collector

Score
77
โ˜… 4.8k โ‘‚ 1.4k +8/day
CSS
nicocha30
nicocha30
ligolo-ng

An advanced, yet simple, tunneling/pivoting tool that uses a TUN interface.

Score
86
โ˜… 4.7k โ‘‚ 445 +12/day
Go
PurpleAILAB
PurpleAILAB
Decepticon

Autonomous Hacking Agent for Red Team

Score
99
โ˜… 4.7k โ‘‚ 901 +53/day
Python
Related Topics
#hacking#security#penetration-testing#python#infosec#security-tools#cybersecurity#osint#pentest#bugbounty#information-gathering#appsec

ยฉ 2026 GitRepoTrend ยท GitHub repositories by topic ยท Updated weekly