#Pentesting-tools

Showing 60 of 156 repositories tagged #pentesting-tools, ranked by stars

usestrix
usestrix
strix

Open-source AI penetration testing tool to find and fix your app’s vulnerabilities.

Score
100
★ 39.8k ⑂ 4.2k +443/day
Python
1N3
1N3
Sn1per

Automated penetration testing & attack surface management platform. Recon, scan, exploit, report — 600+ exploits, 90+ integrations, 10K+ detections.

Score
100
★ 10.3k ⑂ 2.1k +16/day
Shell
0x4m4
0x4m4
hexstrike-ai

HexStrike AI MCP Agents is an advanced MCP server that lets AI agents (Claude, GPT, Copilot, etc.) autonomously run 150+ cybersecurity tools for automated pentesting, vulnerability discovery, bug bounty automation, and security research. Seamlessly bridge LLMs with real-world offensive security capabilities.

Score
90
★ 10.2k ⑂ 2.1k +68/day
Python
We5ter
We5ter
Scanners-Box

A powerful and open-source toolkit for hackers and security automation - 安全行业从业者自研开源扫描器合辑

Score
99
★ 9.0k ⑂ 2.4k +6/day
urbanadventurer
urbanadventurer
WhatWeb

Next generation web scanner

Score
98
★ 6.7k ⑂ 999 +14/day
Ruby
OWASP
OWASP
Nettacker

Automated Penetration Testing Framework - Open-Source Vulnerability Scanner - Vulnerability Management

Score
80
★ 5.3k ⑂ 1.1k +8/day
Python
Ed1s0nZ
Ed1s0nZ
CyberStrikeAI

CyberStrikeAI is an AI-native security testing platform built in Go. It integrates 100+ security tools, an intelligent orchestration engine, role-based testing with predefined security roles, a skills system with specialized testing skills, and comprehensive lifecycle management capabilities.

Score
100
★ 5.0k ⑂ 813 +30/day
Go
jonaslejon
jonaslejon
malicious-pdf

💀 Generate malicious PDF test files for testing phone-home callbacks, SSRF, XSS, NTLM credential theft, and data exfiltration in PDF viewers, converters, and web applications. Can be used with Burp Collaborator or Interact.sh

Score
70
★ 4.1k ⑂ 542
Python
arch3rPro
arch3rPro
Pentest-Windows

⚔️Windows11 Penetration Suite Toolkit 🔰 The First Windows Penetration Testing Environment on Mac M Chips

Score
91
★ 3.5k ⑂ 339
t3l3machus
t3l3machus
hoaxshell

A Windows reverse shell payload generator and handler that abuses the http(s) protocol to establish a beacon-like reverse shell.

Score
50
★ 3.5k ⑂ 522
Python
thewhiteh4t
thewhiteh4t
FinalRecon

All In One Web Recon

Score
60
★ 2.8k ⑂ 499 +6/day
Python
GH05TCREW
GH05TCREW
pentestagent

PentestAgent is an AI agent framework for black-box security testing, supporting bug bounty, red-team, and penetration testing workflows.

Score
98
★ 2.8k ⑂ 555 +31/day
Python
yogsec
yogsec
Hacking-Tools

A curated list of penetration testing and ethical hacking tools, organized by category. This compilation includes tools from Kali Linux and other notable sources.

Score
97
★ 1.8k ⑂ 281 +37/day
vladko312
vladko312
SSTImap

Automatic SSTI detection tool with interactive interface

Score
96
★ 1.6k ⑂ 176 +5/day
Python
SofianeHamlaoui
SofianeHamlaoui
Lockdoor-Framework

🔐 Lockdoor Framework : A Penetration Testing framework with Cyber Security Resources

Score
88
★ 1.5k ⑂ 300 +1/day
Python
t3l3machus
t3l3machus
toxssin

An XSS exploitation command-line interface and payload generator.

Score
87
★ 1.4k ⑂ 196
Python
taielab
taielab
awesome-hacking-lists

A curated collection of top-tier penetration testing tools and productivity utilities across multiple domains. Join us to explore, contribute, and enhance your hacking toolkit!

Score
94
★ 1.4k ⑂ 264 +5/day
MrTuxx
MrTuxx
SocialPwned

SocialPwned is an OSINT tool that allows to get the emails, from a target, published in social networks such as Instagram, Linkedin and Twitter to find possible credentials leaks in PwnDB or Dehashed and obtain Google account information via GHunt.

Score
85
★ 1.3k ⑂ 120
Python
wddadk
wddadk
Offensive-OSINT-Tools

OffSec OSINT Pentest/RedTeam Tools

Score
95
★ 1.2k ⑂ 154 +3/day
bitquark
bitquark
shortscan

An IIS short filename enumeration tool

Score
85
★ 1.2k ⑂ 115 +2/day
Go
noobpk
noobpk
frida-ios-hook

A tool that helps you easy trace classes, functions, and modify the return values of methods on iOS platform

Score
100
★ 1.2k ⑂ 175 +1/day
JavaScript
ForbiddenProgrammer
ForbiddenProgrammer
conti-pentester-guide-leak

Leaked pentesting manuals given to Conti ransomware crooks

Score
86
★ 1.1k ⑂ 262 +1/day
Batchfile
SaadAhla
SaadAhla
FilelessPELoader

Loading Remote AES Encrypted PE in memory , Decrypted it and run it

Score
83
★ 1.0k ⑂ 197
C++
0xZDH
0xZDH
o365spray

Username enumeration and password spraying tool aimed at Microsoft O365.

Score
30
★ 1.0k ⑂ 120
Python
Cyber-Buddy
Cyber-Buddy
APKHunt

APKHunt is a comprehensive static code analysis tool for Android apps that is based on the OWASP MASVS framework. Although APKHunt is intended primarily for mobile app developers and security testers, it can be used by anyone to identify and address potential security vulnerabilities in their code.

Score
0
★ 968 ⑂ 102
Go
bountyyfi
bountyyfi
lonkero

Lonkero - Wraps around your attack surface. Professional-grade scanner for real penetration testing. Fast. Modular. Rust.

Score
100
★ 965 ⑂ 80 +4/day
Rust
Syslifters
Syslifters
OffSec-Reporting

Offensive Security OSCP+, OSEP, OSWP, OSWA, OSWE, OSED, OSMR, OSEE, OSDA, OSIR, OSTH Exam and Lab Reporting / Note-Taking Tool

Score
89
★ 929 ⑂ 117
flashnuke
flashnuke
wifi-deauth

A deauth attack that disconnects all devices from the target wifi network (2.4Ghz & 5Ghz), WPA3 also supported (PMF not tested)

Score
93
★ 877 ⑂ 106 +2/day
Python
sinfulz
sinfulz
JustTryHarder

JustTryHarder, a cheat sheet which will aid you through the PWK course & the OSCP Exam. (Inspired by PayloadAllTheThings)

Score
95
★ 832 ⑂ 105 +1/day
Python
aaaguirrep
aaaguirrep
offensive-docker

Offensive Docker is an image with the more used offensive tools to create an environment easily and quickly to launch assessment to the targets.

Score
80
★ 768 ⑂ 160
Dockerfile
Leo4j
Leo4j
Invoke-ADEnum

Active Directory Auditing and Enumeration

Score
92
★ 535 ⑂ 56
PowerShell
johnnyxmas
johnnyxmas
ScanCannon

A script for credentials-based attack surface enumeration and general reconnaissance of massive networks

Score
92
★ 478 ⑂ 76 +2/day
Shell
kp300
kp300
shotdroid

ShotDroid is a pentesting tool for android. There are 3 tools that have their respective functions, Get files from Android directory, internal and external storage, Android Keylogger + Reverse Shell and Take a webcam shot of the face from the front camera of the phone and PC.

Score
74
★ 454 ⑂ 78 +2/day
Java
0x1CA3
0x1CA3
AdbNet

A tool that allows you to search for vulnerable android devices across the world and exploit them.

Score
72
★ 429 ⑂ 75
Python
0xffsec
0xffsec
handbook

A living document for penetration testing and offensive security.

Score
68
★ 318 ⑂ 49
HTML
InfamousSYN
InfamousSYN
rogue

An extensible toolkit providing penetration testers an easy-to-use platform to deploy Access Points during penetration testing and red team engagements.

Score
67
★ 300 ⑂ 50
Python
DontPanicO
DontPanicO
jwtXploiter

A tool to test security of json web token

Score
65
★ 290 ⑂ 33
Python
codesiddhant
codesiddhant
Jasmin-Ransomware

Jasmin Ransomware is an advanced red team tool (WannaCry Clone) used for simulating real ransomware attacks. Jasmin helps security researchers to overcome the risk of external attacks.

Score
70
★ 286 ⑂ 81
C#
trickest
trickest
mksub

Generate tens of thousands of subdomain combinations in a matter of seconds

Score
63
★ 276 ⑂ 27
Go
ooovenenoso
ooovenenoso
BadUSB-GPT

This repo houses Rubber Ducky scripts integrated with OpenAI's GPT. Designed for ethical hackers and researchers, it merges quick Ducky executions with GPT's intelligence. Always use responsibly and with proper permissions.

Score
88
★ 276 ⑂ 21 +1/day
Python
Karmaz95
Karmaz95
crimson

Web Application Security Testing Tools

Score
65
★ 252 ⑂ 51
Python
edoardottt
edoardottt
favirecon

Use favicons to improve your target recon phase. Quickly detect technologies, WAF, exposed panels, known services.

Score
90
★ 245 ⑂ 35
Go
brows3r
brows3r
iPwn

A Framework meant for the exploitation of iOS devices.

Score
61
★ 234 ⑂ 36
Python
wraith-labs
wraith-labs
wraith

[WIP] A free and open-source, modular Remote Administration Tool (RAT) / Payload Dropper written in Go(lang) with a flexible command and control (C2) system.

Score
62
★ 230 ⑂ 50
Go
Warxim
Warxim
petep

PETEP (PEnetration TEsting Proxy) is an open-source Java application for traffic analysis & modification using TCP/UDP proxies. PETEP is a useful tool for performing penetration tests of applications with various application protocols. ⚡

Score
58
★ 228 ⑂ 22
Java
Warxim
Warxim
deluder

Deluder is a tool for intercepting traffic of proxy unaware applications. Currently, Deluder supports OpenSSL, GnuTLS, SChannel, WinSock and Linux Sockets out of the box. ⚡

Score
78
★ 213 ⑂ 20
Python
trickest
trickest
dsieve

Filter and enrich a list of subdomains by level

Score
55
★ 212 ⑂ 25
Go
DarkSpaceSecurity
DarkSpaceSecurity
RunAs-Stealer

RunAs Utility Credential Stealer implementing 3 techniques : Hooking CreateProcessWithLogonW, Smart Keylogging, Remote Debugging

Score
58
★ 208 ⑂ 37
C++
ShivamRai2003
ShivamRai2003
Reconky-Automated_Bash_Script

Reconky is an great Content Discovery bash script for bug bounty hunters which automate lot of task and organized in the well mannered form which help them to look forward.

Score
59
★ 204 ⑂ 42
Shell
kulkansecurity
kulkansecurity
gitxray

A multifaceted security tool which leverages Public GitHub REST APIs for OSINT, Forensics, Pentesting and more.

Score
79
★ 181 ⑂ 14
Python
t3l3machus
t3l3machus
wwwtree

A utility for quickly and easily locating, web hosting and transferring resources (e.g., exploits/enumeration scripts) from your filesystem to a victim machine during privilege escalation.

Score
53
★ 181 ⑂ 31
Python
SofianeHamlaoui
SofianeHamlaoui
Pentest-Bookmarkz

A collection of useful links for Pentesters

Score
57
★ 179 ⑂ 47
cytopia
cytopia
smtp-user-enum

SMTP user enumeration via VRFY, EXPN and RCPT with clever timeout, retry and reconnect functionality.

Score
52
★ 176 ⑂ 29
Python
trickest
trickest
mkpath

Make URL path combinations using a wordlist

Score
51
★ 174 ⑂ 28
Go
alienwhatever
alienwhatever
Admin-Scanner

This tool is design to find admin panel of any website by using custom wordlist or default wordlist easily and allow you to find admin panel trough a proxy server

Score
52
★ 168 ⑂ 37
Python
mytechnotalent
mytechnotalent
turbo-attack

A turbo traffic generator pentesting tool to generate random traffic with random MAC and IP addresses in addition to random sequence numbers to a particular IP and port.

Score
77
★ 167 ⑂ 31 +1/day
Go
RossGeerlings
RossGeerlings
webstor

WebStor efficiently enumerates all websites across your organization’s networks and those in your DNS records - including cloud-hosted servers via zone transfer data - stores their responses, and lets you query for known web technologies, including those with zero-day vulnerabilities.

Score
45
★ 157 ⑂ 19
Python
RikunjSindhwad
RikunjSindhwad
Task-Ninja

Ultimate Tasks Automation Framework for Hackers, DevSecOps, Pentesters, and Bug-bounty hunters!

Score
68
★ 154 ⑂ 25
Go
ALDON94
ALDON94
argus

Argus Advanced Remote & Local Keylogger For macOS and Windows

Score
48
★ 144 ⑂ 26
Python
Anof-cyber
Anof-cyber
ParaForge

A BurpSuite extension to create a custom word-list of endpoint and parameters for enumeration and fuzzing

Score
45
★ 142 ⑂ 19
Python
Related Topics
#pentesting#penetration-testing#hacking#security#pentest#cybersecurity#security-tools#hacking-tools#pentest-tool#bugbounty#hacking-tool#infosec

© 2026 GitRepoTrend · GitHub repositories by topic · Updated weekly