{"id":13539330,"url":"https://github.com/gwen001/pentest-tools","last_synced_at":"2025-05-15T02:09:26.573Z","repository":{"id":41276317,"uuid":"45383423","full_name":"gwen001/pentest-tools","owner":"gwen001","description":"A collection of custom security tools for quick needs.","archived":false,"fork":false,"pushed_at":"2023-05-01T20:40:26.000Z","size":3902,"stargazers_count":3189,"open_issues_count":3,"forks_count":787,"subscribers_count":107,"default_branch":"master","last_synced_at":"2025-04-14T00:58:25.589Z","etag":null,"topics":["audit","bash","bugbounty","bugbountytips","enumeration","hacking","nmap","pentesting","php","python","recon","sectools","security","security-tools"],"latest_commit_sha":null,"homepage":"","language":"Python","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":null,"status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/gwen001.png","metadata":{"files":{"readme":"README.md","changelog":null,"contributing":null,"funding":".github/FUNDING.yml","license":null,"code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null,"governance":null},"funding":{"github":["gwen001"],"patreon":null,"open_collective":null,"ko_fi":null,"tidelift":null,"community_bridge":null,"liberapay":null,"issuehunt":null,"otechie":null,"custom":null}},"created_at":"2015-11-02T09:04:53.000Z","updated_at":"2025-04-12T06:39:44.000Z","dependencies_parsed_at":"2022-07-13T15:29:45.640Z","dependency_job_id":"ba3300f1-cdc9-4fa3-90ed-b4f6d5a36766","html_url":"https://github.com/gwen001/pentest-tools","commit_stats":null,"previous_names":[],"tags_count":1,"template":false,"template_full_name":null,"repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/gwen001%2Fpentest-tools","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/gwen001%2Fpentest-tools/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/gwen001%2Fpentest-tools/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/gwen001%2Fpentest-tools/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/gwen001","download_url":"https://codeload.github.com/gwen001/pentest-tools/tar.gz/refs/heads/master","host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":254259384,"owners_count":22040820,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2022-07-04T15:15:14.044Z","host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":["audit","bash","bugbounty","bugbountytips","enumeration","hacking","nmap","pentesting","php","python","recon","sectools","security","security-tools"],"created_at":"2024-08-01T09:01:23.530Z","updated_at":"2025-05-15T02:09:21.553Z","avatar_url":"https://github.com/gwen001.png","language":"Python","funding_links":["https://github.com/sponsors/gwen001"],"categories":["\u003ca id=\"1233584261c0cd5224b6e90a98cc9a94\"\u003e\u003c/a\u003e渗透\u0026\u0026offensive\u0026\u0026渗透框架\u0026\u0026后渗透框架","Weapons","Python (1887)","Python","HarmonyOS","其他_安全与渗透","\u003ca id=\"5dd93fbc2f2ebc8d98672b2d95782af3\"\u003e\u003c/a\u003e工具","Security","📦 Legacy \u0026 Inactive Projects","\u003ca id=\"8c5a692b5d26527ef346687e047c5c21\"\u003e\u003c/a\u003e收集","Pentesting"],"sub_categories":["\u003ca id=\"2e40f2f1df5d7f93a7de47bf49c24a0e\"\u003e\u003c/a\u003e未分类-Pentest","Tools","Windows Manager","资源传输下载","Web","ARM"],"readme":"\u003ch1 align=\"center\"\u003epentest-tools\u003c/h1\u003e\n\n\u003ch4 align=\"center\"\u003eA collection of custom security tools for quick needs.\u003c/h4\u003e\n\n\u003cp align=\"center\"\u003e\n    \u003cimg src=\"https://img.shields.io/badge/-bash-gray\" alt=\"bash badge\"\u003e\n    \u003cimg src=\"https://img.shields.io/badge/python-v3-blue\" alt=\"python badge\"\u003e\n    \u003cimg src=\"https://img.shields.io/badge/php-%3E=5.5-blue\" alt=\"php badge\"\u003e\n    \u003cimg src=\"https://img.shields.io/badge/license-MIT-green\" alt=\"MIT license badge\"\u003e\n    \u003ca href=\"https://twitter.com/intent/tweet?text=https%3a%2f%2fgithub.com%2fgwen001%2fpentest-tools%2f\" target=\"_blank\"\u003e\u003cimg src=\"https://img.shields.io/twitter/url?style=social\u0026url=https%3A%2F%2Fgithub.com%2Fgwen001%2Fpentest-tools\" alt=\"twitter badge\"\u003e\u003c/a\u003e\n\u003c/p\u003e\n\n\u003c!-- \u003cp align=\"center\"\u003e\n    \u003cimg src=\"https://img.shields.io/github/stars/gwen001/pentest-tools?style=social\" alt=\"github stars badge\"\u003e\n    \u003cimg src=\"https://img.shields.io/github/watchers/gwen001/pentest-tools?style=social\" alt=\"github watchers badge\"\u003e\n    \u003cimg src=\"https://img.shields.io/github/forks/gwen001/pentest-tools?style=social\" alt=\"github forks badge\"\u003e\n\u003c/p\u003e --\u003e\n\n---\n\n## Important note\n\n‼ A big clean occured in 2022-11 ‼  \n\nSome useless/not working scripts have been archived and some others have been moved to their own repository to get more visibility, feel free to check them:\n- [apk-analyzer](https://github.com/gwen001/apk-analyzer)\n- [cloudflare-origin-ip](https://github.com/gwen001/cloudflare-origin-ip)\n- [csp-analyzer](https://github.com/gwen001/csp-analyzer)\n- [detectify-cves](https://github.com/gwen001/detectify-cves)\n- [extract-endpoints](https://github.com/gwen001/extract-endpoints)\n- [favicon-hashtrick](https://github.com/gwen001/favicon-hashtrick)\n- [google-search](https://github.com/gwen001/google-search)\n- [graphql-introspection-analyzer](https://github.com/gwen001/graphql-introspection-analyzer)\n- [keyhacks.sh](https://github.com/gwen001/keyhacks.sh)\n- [related-domains](https://github.com/gwen001/related-domains)\n\n---\n\n## Install\n\n```\ngit clone https://github.com/gwen001/pentest-tools\ncd pentest-tools\npip3 install -r requirements.txt\n```\n\n---\n\n## arpa.sh\nConverts IP address in `arpa` format to classical format.\n\n## bbhost.sh\nPerforms `host` command on a given hosts list using `parallel` to make it fast.\n\n## codeshare.php\nPerforms a string search on [codeshare.io](https://codeshare.io/).\n\n## cors.py\nTest CORS issue on a given list of hosts.\n\n## crlf.py\nTest CRLF issue on a given list of hosts.\n\n## crtsh.php\nGrabs subdomains of a given domain from [crt.sh](https://crt.sh).\n\n## detect-vnc-rdp.sh\nTests if ports `3389` and `5900` are open on a given IP range using `netcat`.\n\n## dnsenum-brute.sh\nPerforms brute force through wordlist to find subdomains.\n\n## dnsenum-bruten.sh\nPerforms brute force through numeric variation to find subdomains.\n\n## dnsenum-reverse.sh\nApply reverse DNS method on a given IP range to find subdomains.\n\n## dnsenum-reverserange.sh\nSame thing but IP ranges are read from an input file.\n\n## dnsenum-zonetransfer.sh\nTests Zone Transfer of a given domain.\n\n## dnsreq-alltypes.sh\nPerforms all types of DNS requests for a given (sub)domain.\n\n## extract-domains.py\nExtracts domain of a given URL or a list of URLs.\n\n## extract_links.php\nExtracts links from a given HTML file.\n\n## filterurls.py\nClassifies and displays URLs by vulnerability types.\n\n## flash-regexp.sh\nPerforms regexps listed in `flash-regexp.txt` for Flash apps testing purpose.\n\n## gdorks.php\nGenerates Google dorks for a given domain (searches are not performed).\n\n## hashall.php\nUses about 40 algorithms to hash a given string.\n\n## ip-converter.php\nConverts a given IP address to different format, see [Nicolas Grégoire presentation](https://www.agarri.fr/docs/AppSecEU15-Server_side_browsing_considered_harmful.pdf).\n\n## ip-listing.php\nGenerates a list of IPs addresses from the given start to the given end, range and mask supported.\n\n## mass_axfr.sh\nMass test zone transfer on a given list of domains.\n\n## mass-smtp-user-enum-bruteforce.sh\nPerforms SMTP user enumeration on a given list of IP address using [smtp-user-enum](https://github.com/pentestmonkey/smtp-user-enum).\n\n## mass-smtp-user-enum-check.sh\nTests if SMTP user enumeration is possible on a given list of IP address using [smtp-user-enum](https://github.com/pentestmonkey/smtp-user-enum).\n\n## myutils.sh\nJust few common Bash functions.\n\n## node-uuid.js\nEncode/Decode UUID using base36.\n\n## nrpe.sh\nTest Nagios Remote Plugin Executor Arbitrary Command Execution on a given host using Metasploit.\n\n## openredirect.py\nTest Open Redirect issue on a given list of hosts.\n\n## pass-permut.php\nCreates words permutation with different separators and output the hashes using about 40 algorithms.\n\n## pastebin.php\nPerforms a string search on [pastebin.com](https://pastebin.com/).\n\n## phantom-xss.js\nSee `xss.py`.\n\n## ping-sweep-nc.sh\nDetermines what IPs are alive in a given range of IPs addresses using `netcat`.\n\n## ping-sweep-nmap.sh\nDetermines what IPs are alive in a given range of IPs addresses using `nmap`.\n\n## ping-sweep-ping.sh\nDetermines what IPs are alive in a given range of IPs addresses using `ping`.\n\n## portscan-nc.sh\nDetermines the open ports of a given IP address using `netcat`.\n\n## quick-hits.php\nTests a given list of path on a given list of hosts.\n\n## quickhits.py\nSame but the Python version. Tests a given list of path on a given list of hosts.\n\n## rce.py\nTest RCE issue on a given list of hosts.\n\n## resolve.py\nResolves a give list of hosts to check which ones are alive and which ones are dead.\n\n## screensite.sh\nTakes screenshots of a given url+port using `xvfb`.\n\n## shodan.php\nPerforms searches on Shodan using their API.\n\n## smuggler.py\nTest HTTP request smuggling issue on a given list of hosts.\n\n## srv_reco.sh\nPerform very small tests of a given IP address.\n\n## ssh-timing-b4-pass.sh\nTries to guess SSH users using timing attack.\n\n## ssrf-generate-ip.php\nGenerate random IP address:port inside private network range for SSRF scans.\n\n## subalt.py\nGenerates subdomains alterations and permutations.\n\n## test-ip-wordlist.sh\nBrute force a wordlist on IPs range and ports list.\n\n## testhttp.php\nTries to determine if an url (subdomain+port) is a web thing.\n\n## testnc.sh\nPerforms fuzzing on a given IP address+port using `netcat`.\n\n## Utils.php\nJust few common PHP functions.\n\n## webdav-bruteforce.sh\nPerform brute force on a given url that use `WebDav` using [Davtest](https://github.com/cldrn/davtest).\n\n## xss.py\nTest XSS issue on a given list of hosts using `phantomjs`.\n\n---\n\nFeel free to [open an issue](/../../issues/) if you have any problem with the script.  \n\n","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fgwen001%2Fpentest-tools","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Fgwen001%2Fpentest-tools","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fgwen001%2Fpentest-tools/lists"}