Data

Tools

Indexes

Applications

Experiments

Awesome

An open API service indexing awesome lists of open source software.

penetration-testing

A collection of awesome penetration testing and offensive cybersecurity resources.
https://github.com/txuswashere/penetration-testing

Last synced: about 19 hours ago
JSON representation

  • Social Engineering

    • Social Engineering Tools

      • Modlishka - Flexible and powerful reverse proxy with real-time two-factor authentication.
      • Social Engineer Toolkit (SET) - Open source pentesting framework designed for social engineering featuring a number of custom attack vectors to make believable attacks quickly.
      • SocialFish - Social media phishing framework that can run on an Android phone or in a Docker container.
      • phishery - TLS/SSL enabled Basic Auth credential harvester.
      • wifiphisher - Automated phishing attacks against WiFi networks.

  • Static Analyzers

    • Social Engineering Tools

      • Brakeman - Static analysis security vulnerability scanner for Ruby on Rails applications.
      • Progpilot - Static security analysis tool for PHP code.
      • RegEx-DoS - Analyzes source code for Regular Expressions susceptible to Denial of Service attacks.
      • bandit - Security oriented static analyser for Python code.
      • sobelow - Security-focused static analysis for the Phoenix Framework.
      • cwe_checker - Suite of tools built atop the Binary Analysis Platform (BAP) to heuristically detect CWEs in compiled binaries and firmware.
      • cppcheck - Extensible C/C++ static analyzer focused on finding bugs.
      • FindBugs - Free software static analyzer to look for bugs in Java code.

  • Steganography Tools

    • Social Engineering Tools

      • Cloakify - Textual steganography toolkit that converts any filetype into lists of everyday strings.
      • StegCracker - Steganography brute-force utility to uncover hidden data inside files.

  • Vulnerability Databases

    • Social Engineering Tools

      • Bugtraq (BID) - Software security bug identification database compiled from submissions to the SecurityFocus mailing list and other sources, operated by Symantec, Inc.
      • CISA Known Vulnerabilities Database (KEV) - Vulnerabilities in various systems already known to America's cyber defense agency, the Cybersecurity and Infrastructure Security Agency, to be actively exploited.
      • CXSecurity - Archive of published CVE and Bugtraq software vulnerabilities cross-referenced with a Google dork database for discovering the listed vulnerability.
      • Common Vulnerabilities and Exposures (CVE) - Dictionary of common names (i.e., CVE Identifiers) for publicly known security vulnerabilities.
      • Exploit-DB - Non-profit project hosting exploits for software vulnerabilities, provided as a public service by Offensive Security.
      • HPI-VDB - Aggregator of cross-referenced software vulnerabilities offering free-of-charge API access, provided by the Hasso-Plattner Institute, Potsdam.
      • Inj3ct0r - Exploit marketplace and vulnerability information aggregator. ([Onion service](http://mvfjfugdwgc5uwho.onion/).)
      • National Vulnerability Database (NVD) - United States government's National Vulnerability Database provides additional meta-data (CPE, CVSS scoring) of the standard CVE List along with a fine-grained search engine.
      • Open Source Vulnerabilities (OSV) - Database of vulnerabilities affecting open source software, queryable by project, Git commit, or version.
      • Packet Storm - Compendium of exploits, advisories, tools, and other security-related resources aggregated from across the industry.
      • Snyk Vulnerability DB - Detailed information and remediation guidance for vulnerabilities known by Snyk.
      • US-CERT Vulnerability Notes Database - Summaries, technical details, remediation information, and lists of vendors affected by software vulnerabilities, aggregated by the United States Computer Emergency Response Team (US-CERT).
      • Vulnerability Lab - Open forum for security advisories organized by category of exploit target.
      • Vulners - Security database of software vulnerabilities.
      • Vulmon - Vulnerability search engine with vulnerability intelligence features that conducts full text searches in its database.
      • Packet Storm - Compendium of exploits, advisories, tools, and other security-related resources aggregated from across the industry.
      • Packet Storm - Compendium of exploits, advisories, tools, and other security-related resources aggregated from across the industry.
      • Snyk Vulnerability DB - Detailed information and remediation guidance for vulnerabilities known by Snyk.
      • Packet Storm - Compendium of exploits, advisories, tools, and other security-related resources aggregated from across the industry.
      • Full-Disclosure - Public, vendor-neutral forum for detailed discussion of vulnerabilities, often publishes details before many other sources.
      • Packet Storm - Compendium of exploits, advisories, tools, and other security-related resources aggregated from across the industry.
      • SecuriTeam - Independent source of software vulnerability information.
      • Packet Storm - Compendium of exploits, advisories, tools, and other security-related resources aggregated from across the industry.
      • Zero Day Initiative - Bug bounty program with publicly accessible archive of published security advisories, operated by TippingPoint.
      • Mozilla Foundation Security Advisories - Archive of security advisories impacting Mozilla software, including the Firefox Web Browser.
      • VulDB - Independent vulnerability database with user community, exploit details, and additional meta data (e.g. CPE, CVSS, CWE)

  • Web Exploitation

    • Intercepting Web proxies

      • Fiddler - Free cross-platform web debugging proxy with user-friendly companion tools.
      • OWASP Zed Attack Proxy (ZAP) - Feature-rich, scriptable HTTP intercepting proxy and fuzzer for penetration testing web applications.
      • mitmproxy - Interactive TLS-capable intercepting HTTP proxy for penetration testers and software developers.

    • Social Engineering Tools

      • FuzzDB - Dictionary of attack patterns and primitives for black-box application fault injection and resource discovery.
      • Raccoon - High performance offensive security tool for reconnaissance and vulnerability scanning.
      • WPSploit - Exploit WordPress-powered websites with Metasploit.
      • autochrome - Chrome browser profile preconfigured with appropriate settings needed for web application testing.
      • badtouch - Scriptable network authentication cracker.
      • gobuster - Lean multipurpose brute force search/fuzzing tool for Web (and DNS) reconnaissance.
      • sslstrip2 - SSLStrip version to defeat HSTS.
      • sslstrip - Demonstration of the HTTPS stripping attacks.

    • Web-accessible source code ripping tools

      • DVCS Ripper - Rip web accessible (distributed) version control systems: SVN/GIT/HG/BZR.
      • GitTools - Automatically find and download Web-accessible `.git` repositories.
      • git-dumper - Tool to dump a git repository from a website.
      • git-scanner - Tool for bug hunting or pentesting websites that have open `.git` repositories available in public.

    • Web Exploitation Books

    • Web file inclusion tools

      • Kadimus - LFI scan and exploit tool.
      • LFISuite - Automatic LFI scanner and exploiter.
      • fimap - Find, prepare, audit, exploit and even Google automatically for LFI/RFI bugs.
      • liffy - LFI exploitation tool.

    • Web injection tools

      • Commix - Automated all-in-one operating system command injection and exploitation tool.
      • NoSQLmap - Automatic NoSQL injection and database takeover tool.
      • tplmap - Automatic server-side template injection and Web server takeover tool.

    • Web path discovery and bruteforcing tools

    • Web shells and C2 frameworks

      • Browser Exploitation Framework (BeEF) - Command and control server for delivering exploits to commandeered Web browsers.
      • DAws - Advanced Web shell.
      • Merlin - Cross-platform post-exploitation HTTP/2 Command and Control server and agent written in Golang.
      • PhpSploit - Full-featured C2 framework which silently persists on webserver via evil PHP oneliner.
      • SharPyShell - Tiny and obfuscated ASP.NET webshell for C# web applications.
      • weevely3 - Weaponized PHP-based web shell.

  • Windows Utilities

    • Web Exploitation Books

      • Commando VM - Automated installation of over 140 Windows software packages for penetration testing and red teaming.
      • Covenant - ASP.NET Core application that serves as a collaborative command and control platform for red teamers.
      • ctftool - Interactive Collaborative Translation Framework (CTF) exploration tool capable of launching cross-session edit session attacks.
      • DeathStar - Python script that uses Empire's RESTful API to automate gaining Domain Admin rights in Active Directory environments.
      • Empire - Pure PowerShell post-exploitation agent.
      • Fibratus - Tool for exploration and tracing of the Windows kernel.
      • Inveigh - Windows PowerShell ADIDNS/LLMNR/mDNS/NBNS spoofer/machine-in-the-middle tool.
      • LaZagne - Credentials recovery project.
      • MailSniper - Modular tool for searching through email in a Microsoft Exchange environment, gathering the Global Address List from Outlook Web Access (OWA) and Exchange Web Services (EWS), and more.
      • PowerSploit - PowerShell Post-Exploitation Framework.
      • RID_ENUM - Python script that can enumerate all users from a Windows Domain Controller and crack those user's passwords using brute-force.
      • Responder - Link-Local Multicast Name Resolution (LLMNR), NBT-NS, and mDNS poisoner.
      • Rubeus - Toolset for raw Kerberos interaction and abuses.
      • Ruler - Abuses client-side Outlook features to gain a remote shell on a Microsoft Exchange server.
      • SCOMDecrypt - Retrieve and decrypt RunAs credentials stored within Microsoft System Center Operations Manager (SCOM) databases.
      • Windows Credentials Editor - Inspect logon sessions and add, change, list, and delete associated credentials, including Kerberos tickets.
      • Windows Exploit Suggester - Detects potential missing patches on the target.
      • redsnarf - Post-exploitation tool for retrieving password hashes and credentials from Windows workstations, servers, and domain controllers.
      • wePWNise - Generates architecture independent VBA code to be used in Office documents or templates and automates bypassing application control and exploit mitigation software.
      • Bloodhound - Graphical Active Directory trust relationship explorer.
Programming Languages
Python 86 C 23 Go 16 Shell 14 PHP 7 Rust 7 Ruby 6 JavaScript 5 PowerShell 5 C# 5
Categories
Network Tools 91 Open Sources Intelligence (OSINT) 51 Online Resources 43 Web Exploitation 33 Conferences and Events 28 Vulnerability Databases 26 Books 23 Reverse Engineering 21 Windows Utilities 20 Social Engineering 15 Network Vulnerability Scanners 14 Anonymity Tools 10 Operating System Distributions 9 Static Analyzers 8 Privilege Escalation Tools 8 Exfiltration Tools 7 Hash Cracking Tools 7 Collaboration Tools 7 Multi-paradigm Frameworks 6 Anti-virus Evasion Tools 6 Cloud Platform Attack Tools 6 Physical Access Tools 5 Exploit Development Tools 5 Security Education Courses 5 Hex Editors 5 Intentionally Vulnerable Systems 5 CTF Tools 5 Shellcoding Guides and Tutorials 4 Industrial Control and SCADA Systems 4 Side-channel Tools 3 File Format Analysis Tools 3 Android Utilities 3 Steganography Tools 2 GNU/Linux Utilities 2 macOS Utilities 2 Periodicals 1 Lock Picking 1
Sub Categories
Social Engineering Tools 54 Zealandia 36 Tor Tools 35 Other Lists Online 34 Web application and resource analysis tools 30 Intentionally Vulnerable Systems as Docker Containers 29 Reverse Engineering Tools 29 Web Exploitation Books 22 Network Reconnaissance Tools 22 Malware Analysis Books 20 Wireless Network Tools 20 Penetration Testing Report Templates 18 Proxies and Machine-in-the-Middle (MITM) Tools 12 North America 12 Dorking tools 10 Europe 9 Web Vulnerability Scanners 9 DDoS Tools 8 Protocol Analyzers and Sniffers 7 Web shells and C2 frameworks 6 Network Traffic Replay and Editing Tools 6 OSINT Online Resources 5 Online Penetration Testing Resources 5 Web file inclusion tools 4 Web-accessible source code ripping tools 4 Social Engineering Books 4 Asia 4 Transport Layer Security Tools 4 Data Broker and Search Engine Services 4 Reverse Engineering Books 4 Metadata harvesting and analysis 3 Password Spraying Tools 3 Web injection tools 3 Intercepting Web proxies 3 Web path discovery and bruteforcing tools 3 Network device discovery tools 2 Email search and analysis tools 2 Source code repository searching tools 1 Online Operating Systems Resources 1 South America 1
Keywords
security 45 pentesting 27 python 23 hacking 22 awesome 21 awesome-list 20 pentest 15 security-tools 15 penetration-testing 14 osint 11 scanner 9 security-audit 9 hacking-tool 8 golang 8 infosec 8 pentest-tool 7 linux 7 list 7 bugbounty 6 reverse-engineering 6 enumeration 6 reconnaissance 6 recon 6 rust 5 ruby 5 network 5 cybersecurity 5 vulnerability-scanners 5 security-scanner 5 go 5 post-exploitation 5 python3 5 phishing 5 windows 5 mitm 4 malware-analysis 4 dns 4 static-analysis 4 ctf 4 active-directory 4 tor 4 vulnerabilities 4 appsec 4 hacking-tools 4 shell 4 network-security 4 vulnerability-scanner 4 fuzzing 4 redteam 4 cryptography 3