{"id":20923523,"url":"https://github.com/shingareom/pentestingtools","last_synced_at":"2026-03-19T18:04:36.499Z","repository":{"id":252481413,"uuid":"840572041","full_name":"shingareom/PentestingTools","owner":"shingareom","description":"This repository contains a collection of tools designed for automating penetration testing, while also being valuable for manual testing. Leveraging these tools can enhance both the efficiency and effectiveness of your security assessments.","archived":false,"fork":false,"pushed_at":"2024-11-02T05:38:27.000Z","size":9,"stargazers_count":0,"open_issues_count":0,"forks_count":1,"subscribers_count":1,"default_branch":"main","last_synced_at":"2025-03-13T00:42:57.004Z","etag":null,"topics":["bugbounty","pentesting-tools","webpentest"],"latest_commit_sha":null,"homepage":"https://youtu.be/apUc8zjTiG4?si=Wm4vLas6hw69AK9-","language":null,"has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":"mit","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/shingareom.png","metadata":{"files":{"readme":"README.md","changelog":null,"contributing":null,"funding":null,"license":"LICENSE","code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null,"governance":null,"roadmap":null,"authors":null,"dei":null,"publiccode":null,"codemeta":null}},"created_at":"2024-08-10T03:44:42.000Z","updated_at":"2024-11-02T05:38:30.000Z","dependencies_parsed_at":"2025-01-19T17:46:14.608Z","dependency_job_id":"40bfa9c4-0888-4650-b037-e4e00d5901a8","html_url":"https://github.com/shingareom/PentestingTools","commit_stats":null,"previous_names":["shingareom/pentestingtools"],"tags_count":0,"template":false,"template_full_name":null,"purl":"pkg:github/shingareom/PentestingTools","repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/shingareom%2FPentestingTools","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/shingareom%2FPentestingTools/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/shingareom%2FPentestingTools/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/shingareom%2FPentestingTools/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/shingareom","download_url":"https://codeload.github.com/shingareom/PentestingTools/tar.gz/refs/heads/main","sbom_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/shingareom%2FPentestingTools/sbom","scorecard":null,"host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":279020042,"owners_count":26086806,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2022-07-04T15:15:14.044Z","status":"online","status_checked_at":"2025-10-14T02:00:06.444Z","response_time":60,"last_error":null,"robots_txt_status":"success","robots_txt_updated_at":"2025-07-24T06:49:26.215Z","robots_txt_url":"https://github.com/robots.txt","online":true,"can_crawl_api":true,"host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":["bugbounty","pentesting-tools","webpentest"],"created_at":"2024-11-18T20:16:13.713Z","updated_at":"2025-10-14T17:44:18.342Z","avatar_url":"https://github.com/shingareom.png","language":null,"funding_links":[],"categories":[],"sub_categories":[],"readme":"[![GitHub stars](https://img.shields.io/github/stars/ShingareOm/PentestingTools?style=flat-square)](https://github.com/ShingareOm/PentestingTools/stargazers)\n[![GitHub forks](https://img.shields.io/github/forks/ShingareOm/PentestingTools?style=flat-square)](https://github.com/ShingareOm/PentestingTools/network)\n[![GitHub issues](https://img.shields.io/github/issues/ShingareOm/PentestingTools?style=flat-square)](https://github.com/ShingareOm/PentestingTools/issues)\n[![GitHub license](https://img.shields.io/github/license/ShingareOm/PentestingTools?style=flat-square)](https://github.com/ShingareOm/PentestingTools/blob/main/LICENSE)\n\n# Advance Penetration Testing Tools\n\nWelcome to the **Advance Penetration Testing Tools** repository. This comprehensive collection of tools is designed to enhance both automated and manual penetration testing. These tools cover a wide range of tasks, from subdomain enumeration and vulnerability scanning to web crawling and visual reconnaissance.\n\n## Tools\n\n### General Tools\n- **[dirsearch](https://github.com/maurosoria/dirsearch)** - Directory and file scanner.\n- **[JSParser](https://github.com/nahamsec/JSParser)** - JavaScript parser for finding sensitive data.\n- **[knockpy](https://github.com/guelfoweb/knock)** - Subdomain scanner.\n- **[lazys3](https://github.com/nahamsec/lazys3)** - S3 bucket enumeration tool.\n- **[recon_profile](https://github.com/nahamsec/recon_profile)** - Reconnaissance profile manager.\n- **[sqlmap-dev](https://github.com/sqlmapproject/sqlmap)** - SQL injection tool.\n- **[Sublist3r](https://github.com/aboul3la/Sublist3r)** - Subdomain enumeration tool.\n- **[teh_s3_bucketeers](https://github.com/nahamsec/teh_s3_bucketeers)** - S3 bucket enumeration tool.\n- **[virtual-host-discovery](https://github.com/jobertabma/virtual-host-discovery)** - Virtual host discovery tool.\n- **[wpscan](https://github.com/wpscanteam/wpscan)** - WordPress vulnerability scanner.\n- **[webscreenshot](https://github.com/ubergraph/webscreenshot)** - Automated screenshot tool for websites.\n- **[Massdns](https://github.com/blechschmidt/massdns)** - DNS resolver.\n- **[Asnlookup](https://github.com/someone/asnlookup)** - ASN lookup tool.\n- **[Unfurl](https://github.com/tomnomnom/unfurl)** - Extracts and unfurls URLs.\n- **[Waybackurls](https://github.com/tomnomnom/waybackurls)** - Retrieve URLs from the Wayback Machine.\n- **[Httprobe](https://github.com/tomnomnom/httprobe)** - HTTP probe tool.\n- **[Seclists collection](https://github.com/danielmiessler/SecLists)** - Collection of security lists.\n\n### VPS-Bug-Bounty-Tools\nFor a comprehensive installation script and toolset, visit the [VPS-Bug-Bounty-Tools GitHub page](https://github.com/drak3hft7/VPS-Bug-Bounty-Tools#vps-bug-bounty-tools).\n\n#### Installation Instructions\n```shell\ncd /tmp \u0026\u0026 git clone https://github.com/drak3hft7/VPS-Bug-Bounty-Tools\ncd VPS-Bug-Bounty-Tools\nsudo ./Tools-BugBounty-installer.sh\n```\n\n#### Example Installation\n[![Installation Example](https://github.com/drak3hft7/VPS-Bug-Bounty-Tools/raw/main/images/tool.PNG)](https://github.com/drak3hft7/VPS-Bug-Bounty-Tools/blob/main/images/tool.PNG)\n\n### Tool Categories\n- **Network Scanners:**\n  - **[Nmap](https://nmap.org/)** - Network scanner.\n  - **[Masscan](https://github.com/robertdavidgraham/masscan)** - High-speed port scanner.\n  - **[Naabu](https://github.com/projectdiscovery/naabu)** - Port scanning tool.\n\n- **Subdomain Enumeration and DNS Resolver:**\n  - **[Massdns](https://github.com/blechschmidt/massdns)** - DNS resolver.\n  - **[Subfinder](https://github.com/projectdiscovery/subfinder/)** - Subdomain discovery tool.\n  - **[Knock](https://github.com/guelfoweb/knock.git)** - Subdomain scanner.\n  - **[Lazyrecon](https://github.com/nahamsec/lazyrecon.git)** - Reconnaissance tool.\n  - **[Github-subdomains](https://github.com/gwen001/github-subdomains)** - Subdomain enumeration.\n  - **[Sublist3r](https://github.com/aboul3la/Sublist3r.git)** - Subdomain enumeration tool.\n  - **[Crtndstry](https://github.com/nahamsec/crtndstry.git)** - Certificate transparency subdomain enumeration.\n  - **[Assetfinder](https://github.com/tomnomnom/assetfinder)** - Domain and subdomain finder.\n  - **[Dnsx](https://github.com/projectdiscovery/dnsx)** - DNS toolkit.\n  - **[Dnsgen](https://github.com/ProjectAnte/dnsgen)** - DNS record generator.\n\n- **Subdomain Takeovers:**\n  - **[SubOver](https://github.com/Ice3man543/SubOver)** - Subdomain takeover tool.\n\n- **Web Fuzzers:**\n  - **[Dirsearch](https://github.com/maurosoria/dirsearch)** - Directory and file scanner.\n  - **[Ffuf](https://github.com/ffuf/ffuf)** - Fuzzing tool.\n\n- **Wordlists:**\n  - **[SecLists](https://github.com/danielmiessler/SecLists.git)** - Collection of wordlists.\n\n- **CMS Scanners:**\n  - **[Wpscan](https://github.com/wpscanteam/wpscan)** - WordPress vulnerability scanner.\n  - **[Droopescan](https://github.com/droope/droopescan)** - Drupal and Joomla scanner.\n\n- **SQL Vulnerability Tools:**\n  - **[SQLmap](https://sqlmap.org/)** - SQL injection tool.\n  - **[NoSQLmap](https://github.com/codingo/NoSQLMap.git)** - NoSQL injection tool.\n  - **[Jeeves](https://github.com/ferreiraklet/Jeeves)** - SQL injection tool.\n\n- **JavaScript Enumeration:**\n  - **[LinkFinder](https://github.com/GerbenJavado/LinkFinder.git)** - JavaScript link finder.\n  - **[SecretFinder](https://github.com/m4ll0k/SecretFinder.git)** - Secret data finder in JavaScript.\n  - **[JSParser](https://github.com/nahamsec/JSParser.git)** - JavaScript parser.\n\n- **Visual Recon:**\n  - **[Aquatone](https://github.com/michenriksen/aquatone/releases/download/v1.7.0/aquatone_linux_amd64_1.7.0.zip)** - Visual reconnaissance tool.\n\n- **Web Crawlers:**\n  - **[GoSpider](https://github.com/jaeles-project/gospider)** - Web spider.\n  - **[Hakrawler](https://github.com/hakluke/hakrawler)** - Web crawler.\n  - **[Katana](https://github.com/projectdiscovery/katana)** - Web crawler.\n\n- **XSS Vulnerability Tools:**\n  - **[XSStrike](https://github.com/s0md3v/XSStrike)** - XSS vulnerability scanner.\n  - **[XSS-Loader](https://github.com/capture0x/XSS-LOADER/)** - XSS payload loader.\n  - **[Freq](https://github.com/takshal/freq)** - Frequency analysis tool for XSS.\n  - **[Gxss](https://github.com/KathanP19/Gxss)** - XSS vulnerability scanner.\n  - **[Dalfox](https://github.com/hahwul/dalfox)** - XSS scanning tool.\n\n- **SSRF Vulnerability Tools:**\n  - **[SSRFmap](https://github.com/swisskyrepo/SSRFmap)** - SSRF mapping tool.\n  - **[Gopherus](https://github.com/tarunkant/Gopherus.git)** - SSRF testing tool.\n\n- **Vulnerability Scanners:**\n  - **[Nuclei](https://github.com/projectdiscovery/nuclei)** - Vulnerability scanner.\n\n- **Virtual Host Discovery:**\n  - **[Virtual host scanner](https://github.com/jobertabma/virtual-host-discovery.git)** - Virtual host discovery tool.\n\n- **Additional Useful Tools:**\n  - **[Anew](https://github.com/tomnomnom/anew)** - Append unique lines to files.\n  - **[Unew](https://github.com/dwisiswant0/unew)** - Unique newline processing.\n  - **[Gf](https://github.com/tomnomnom/gf)** - GitHub fuzzing tool.\n  - **[Httprobe](https://github.com/tomnomnom/httprobe)** - HTTP probe tool.\n  - **[Httpx](https://github.com/projectdiscovery/httpx/)** - HTTP probing tool.\n  - **[Waybackurls](https://github.com/tomnomnom/waybackurls)** - Retrieve URLs from the Wayback Machine.\n  - **[Arjun](https://github.com/s0md3v/Arjun)** - HTTP parameter discovery tool.\n  - **[Gau](https://github.com/lc/gau)** - Get all URLs.\n  - **[GauPlus](https://github.com/bp0lr/gauplus)** - Enhanced version of Gau.\n  - **[Uro](https://github.com/s0md3v/uro)** - URL-related operations tool.\n  - **[Qsreplace](https://github.com/tomnomnom/qsreplace)** - URL parameter replacement.\n  - **[SocialHunter](https://github.com/utkusen/socialhunter)** - Social media reconnaissance tool.\n\n### Additional Resources\n- [Available Tools List](https://github.com/supr4s/WebHackingTools#available-tools-list)\n\n## Note\nI am merely a script kiddie and all credits go to the respective tool creators. Special thanks to The Cyberboy for their comprehensive overview on YouTube: [Watch Here](https://www.youtube.com/watch?v=apUc8zjTiG4).\n","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fshingareom%2Fpentestingtools","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Fshingareom%2Fpentestingtools","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fshingareom%2Fpentestingtools/lists"}