Ecosyste.ms: Awesome
An open API service indexing awesome lists of open source software.
https://github.com/Kc57/Awesome-Pentest
A list of awesome penetration testing tools and resources.
https://github.com/Kc57/Awesome-Pentest
List: Awesome-Pentest
awesome awesome-list pentesting
Last synced: 16 days ago
JSON representation
A list of awesome penetration testing tools and resources.
- Host: GitHub
- URL: https://github.com/Kc57/Awesome-Pentest
- Owner: Kc57
- Created: 2022-10-31T17:59:35.000Z (about 2 years ago)
- Default Branch: main
- Last Pushed: 2023-10-19T18:01:02.000Z (about 1 year ago)
- Last Synced: 2024-05-23T06:18:30.884Z (7 months ago)
- Topics: awesome, awesome-list, pentesting
- Homepage:
- Size: 31.3 KB
- Stars: 78
- Watchers: 1
- Forks: 4
- Open Issues: 0
-
Metadata Files:
- Readme: README.md
Awesome Lists containing this project
- ultimate-awesome - Awesome-Pentest - A list of awesome penetration testing tools and resources. (Other Lists / Monkey C Lists)
README
# Awesome Pentest Tools and Resources [![Awesome](https://awesome.re/badge-flat2.svg)](https://github.com/sindresorhus/awesome#readme)
> A list of awesome penetration testing tools and resources.## Contents
- [Antivirus Evasion Tools](#antivirus-evasion-tools)
- [AWS](#aws)
- [File Viewers and Pretty Printers](#file-viewers-and-pretty-printers)
- [Hardware Security](#hardware-security)
* [CAN Bus](#can-bus)
* [Logic Analyzers](#logic-analyzers)
* [Misc Hardware Tools](#misc-hardware-tools)
- [Hash Cracking Tools](#hash-cracking-tools)
- [Hex Editors](#hex-editors)
- [Lab Setup](#lab-setup)
- [Mobile Security](#mobile-security)
* [Android](#android)
* [iOS](#ios)
* [Misc](#misc)
* [Vulnerable Apps](#vulnerable-apps)
- [Network Tools](#network-tools)
- [OSINT](#osint)
* [Metadata Tools](#metadata-tools)
- [Privilege Escalation Tools](#privilege-escalation-tools)
- [Reverse Engineering Tools](#reverse-engineering-tools)
- [Static Application Security Testing (SAST)](#static-application-security-testing--sast-)
- [Web Tools](#web-tools)
* [Burp Suite Plugins](#burp-suite-plugins)
* [GraphQL](#graphql)
- [Wordlists](#wordlists)## Antivirus Evasion Tools
* [Anti-Virus-Evading-Payloads](https://github.com/RoseSecurity/Anti-Virus-Evading-Payloads) - Guide to generating AV evading payloads.## AWS
* [AWSBucketDump](https://github.com/jordanpotti/AWSBucketDump) - Security Tool to Look For Interesting Files in S3 Buckets.
* [enumerate-iam](https://github.com/andresriancho/enumerate-iam) - Enumerate the permissions associated with AWS credential set.
* [lazys3](https://github.com/nahamsec/lazys3) - A Ruby script to bruteforce for AWS s3 buckets using different permutations.
* [s3-inspector](https://github.com/clario-tech/s3-inspector) - Tool to check AWS S3 bucket permissions.
* [S3Scanner](https://github.com/sa7mon/S3Scanner) - Scan for open S3 buckets and dump the contents.
* [slurp](https://github.com/0xbharath/slurp) - A blazing fast & feature rich Amazon S3 bucket enumerator.## File Viewers and Pretty Printers
* [gron](https://github.com/TomNomNom/gron) - gron transforms JSON into discrete assignments to make it easier to grep for what you want and see the absolute 'path' to it. It eases the exploration of APIs that return large blobs of JSON but have terrible documentation.
* [jless](https://github.com/PaulJuliusMartinez/jless) - jless is a command-line JSON viewer designed for reading, exploring, and searching through JSON data.## Hardware Security
* [Binwalk](https://github.com/ReFirmLabs/binwalk) - Binwalk is a fast, easy to use tool for analyzing, reverse engineering, and extracting firmware images.
* [chipsec](https://github.com/chipsec/chipsec) - CHIPSEC is a framework for analyzing the security of PC platforms including hardware, system firmware (BIOS/UEFI), and platform components. It includes a security test suite, tools for accessing various low level interfaces, and forensic capabilities.### CAN Bus
* [Korlan USB2CAN](https://www.8devices.com/products/usb2can_korlan) - With USB2CAN you can monitor a CAN network, write a CAN program and communicate with industrial, medical, automotive or another type of CAN bus network devices.### Logic Analyzers
* [DSLogic](https://www.dreamsourcelab.com/product/dslogic-series/) - DSLogic is a series of USB-based logic analyzer, with max sample rate up to 1GHz, and max sample depth up to 16G.
* [Saleae](https://www.saleae.com/) - Saleae logic analyzers are used by electrical engineers, firmware developers, enthusiasts, and engineering students to record, measure, visualize, and decode the signals in their electrical circuits.### Misc Hardware Tools
* [Bus Pirate](https://github.com/BusPirate/Bus_Pirate) - The Bus Pirate is an open source hacker multi-tool that talks to electronic stuff.
* [ChipWhisperer](https://github.com/newaetech/chipwhisperer) - The complete open-source toolchain for side-channel power analysis and glitching attacks.
* [HydraBus](https://github.com/hydrabus/hydrabus) - The HydraBus (hardware) with HydraFW (firmware) are used as an open source multi-tool for anyone interested in learning/developping/debugging/hacking/Penetration Testing for basic or advanced embedded hardware.## Hash Cracking Tools
* [haiti](https://github.com/noraj/haiti) - A CLI tool (and library) to identify hash types (hash type identifier).
* [Hashview](https://github.com/hashview/hashview) - A web front-end for password cracking and analytics.
* [hate_crack](https://github.com/trustedsec/hate_crack) - A tool for automating cracking methodologies through Hashcat from the TrustedSec team.## Hex Editors
* [ImHex](https://github.com/WerWolv/ImHex) - A Hex Editor for Reverse Engineers, Programmers and people who value their retinas when working at 3 AM.## Lab Setup
* [AutomatedLab](https://github.com/AutomatedLab/AutomatedLab) - AutomatedLab is a provisioning solution and framework that lets you deploy complex labs on HyperV and Azure with simple PowerShell scripts.
* [BadBlood](https://github.com/davidprowe/BadBlood) - BadBlood by Secframe fills a Microsoft Active Directory Domain with a structure and thousands of objects. The output of the tool is a domain similar to a domain in the real world.## Mobile Security
### Android
* [Apktool](https://ibotpeaches.github.io/Apktool/) - A tool for reverse engineering 3rd party, closed, binary Android apps.
* [dex2jar](https://github.com/pxb1988/dex2jar) - Tools to work with android .dex and java .class files.
* [rootAVD](https://github.com/newbit1/rootAVD/blob/master/README.md) - root your Android Studio Virtual Device (AVD), with Magisk (Stable, Canary or Alpha).
* [Simplify](https://github.com/CalebFenton/simplify) - Android virtual machine and deobfuscator.### iOS
* [iHide](https://github.com/Kc57/iHide) - A utility for hiding jailbreak from iOS applications.
* [iOS App Signer](https://www.iosappsigner.com/) - iOS App Signer can (re)sign apps and bundle them into ipa files that are ready to be installed on an iOS device.
* [Keychain-Dumper](https://github.com/ptoomey3/Keychain-Dumper) - A tool to check which keychain items are available to an attacker once an iOS device has been jailbroken.
* [MGSpoof](https://github.com/Tonyk7/MGSpoof) - Hook MGCopyAnswer + custom helper so user can spoof some keys.
* [plistsubtractor](https://github.com/joswr1ght/plistsubtractor) - Read a plist file, write out any embedded plist files.
* [plistsubtractor_py3](https://gist.github.com/hoodoer/897f28be05f0283f2c443ca41666d8ee)- plistsubtractor updated for Python3.
* [Shadow](https://github.com/jjolano/shadow) - A jailbreak detection bypass for modern iOS jailbreaks.
* [Sideloadly](https://sideloadly.io/) - Sideloadly is a Cydia impactor alternative that allows you to install IPA for your iPhone or iPad.
* [sigh](https://docs.fastlane.tools/actions/sigh/) - sigh can create, renew, download and repair provisioning profiles (with one command). It supports App Store, Ad Hoc, Development and Enterprise profiles and supports nice features, like auto-adding all test devices.
* [Swift Demangler](https://www.swiftdemangler.com) - Demangles mangled names.### Misc
* [Frida](https://frida.re/) - Dynamic instrumentation toolkit for developers, reverse-engineers, and security researchers.
* [Fridump](https://github.com/Nightbringer21/fridump) - A universal memory dumper using Frida.
* [frida-swift-bridge](https://github.com/frida/frida-swift-bridge) - Swift interop from Frida.
* [ipwndfu](https://github.com/axi0mX/ipwndfu) - open-source jailbreaking tool for many iOS devices.
* [Mobile Security Framework (MobSF)](https://github.com/MobSF/Mobile-Security-Framework-MobSF) - Mobile Security Framework (MobSF) is an automated, all-in-one mobile application (Android/iOS/Windows) pen-testing, malware analysis and security assessment framework capable of performing static and dynamic analysis.
* [objection](https://github.com/sensepost/objection) - objection is a runtime mobile exploration toolkit, powered by Frida.
* [Proxy Helper](https://github.com/trustedsec/proxy_helper) - Proxy Helper is a WiFi Pineapple module that will automatically configure the Pineapple for use with a proxy such as Burp Suite.### Vulnerable Apps
* [AndroGoat](https://github.com/satishpatnayak/AndroGoat) - AndroGoat is purposely developed open source vulnerable/insecure app using Kotlin.
* [Damn-Vulnerable-Bank](https://github.com/rewanthtammana/Damn-Vulnerable-Bank) - Damn Vulnerable Bank is designed to be an intentionally vulnerable android application.
* [igoat](https://github.com/OWASP/igoat) - A Learning Tool for iOS App Pentesting and Security by Swaroop Yermalkar. `Objective-C`
* [iGoat-Swift](https://github.com/OWASP/iGoat-Swift) - A Damn Vulnerable Swift Application for iOS. `Swift`
* [InsecureShop](https://github.com/hax0rgb/InsecureShop) - An Intentionally designed Vulnerable Android Application built in Kotlin. `Kotlin`
* [MASTG-Hacking-Playground](https://github.com/OWASP/MASTG-Hacking-Playground) - The MASTG Hacking Playground is a collection of educational iOS and Android mobile apps, that are intentionally build insecure in order to give practical guidance to developers, security researches and penetration testers.
* [ovaa](https://github.com/oversecured/ovaa) - OVAA (Oversecured Vulnerable Android App) is an Android app that aggregates all the platform's known and popular security vulnerabilities.## Network Tools
* [Certipy](https://github.com/ly4k/Certipy) -Tool for Active Directory Certificate Services enumeration and abuse.
* [Coercer](https://github.com/p0dalirius/Coercer) - A python script to automatically coerce a Windows server to authenticate on an arbitrary machine through 9 methods.
* [Nginxpwner](https://github.com/stark0de/nginxpwner) - Nginxpwner is a simple tool to look for common Nginx misconfigurations and vulnerabilities.
* [Nuclei](https://github.com/projectdiscovery/nuclei) - Fast and customizable vulnerability scanner based on simple YAML based DSL.
* [SSHScan](https://github.com/evict/SSHScan) - SSHScan is a testing tool that enumerates SSH Ciphers. Using SSHScan, weak ciphers can be easily detected.## OSINT
* [Amass](https://github.com/OWASP/Amass) - n-depth Attack Surface Mapping and Asset Discovery
* [github-search](https://github.com/gwen001/github-search) - Tools to perform basic search on GitHub.
* [subfinder](https://github.com/projectdiscovery/subfinder) - Subfinder is a subdomain discovery tool that discovers valid subdomains for websites. Designed as a passive framework to be useful for bug bounties and safe for penetration testing.### Metadata Tools
* [Goca](https://github.com/gocaio/goca) - Goca is a FOCA fork written in Go, which is a tool used mainly to find metadata and hidden information in the documents its scans.## Privilege Escalation Tools
* [IDiagnosticProfileUAC](https://github.com/Wh04m1001/IDiagnosticProfileUAC) - Just another UAC bypass using auto-elevated COM object Virtual Factory for DiagCpl (12C21EA7-2EB8-4B55-9249-AC243DA8C666).
* [iscsicpl_bypassUAC](https://github.com/hackerhouse-opensource/iscsicpl_bypassUAC) - UAC bypass for x64 Windows 7 - 11.## Reverse Engineering Tools
* [Cpp2IL](https://github.com/SamboyCoding/Cpp2IL) - Work-in-progress tool to reverse unity's IL2CPP toolchain. `Unity`
* [dnSpy](https://github.com/dnSpyEx/dnSpy) - Unofficial revival of the well known .NET debugger and assembly editor, dnSpy.
* [Doldrums](https://github.com/rscloura/Doldrums) - A Flutter/Dart reverse engineering tool. `Flutter`
* [Ghidra](https://github.com/NationalSecurityAgency/ghidra) - Ghidra is a software reverse engineering (SRE) framework created and maintained by the National Security Agency Research Directorate.
* [hbctool](https://github.com/bongtrop/hbctool) - Hermes Bytecode Reverse Engineering Tool (Assemble/Disassemble Hermes Bytecode). `React Native`
* [Il2CppDumper](https://github.com/Perfare/Il2CppDumper) - Unity il2cpp reverse engineer. `Unity`
* [Il2CppInspector](https://github.com/djkaty/Il2CppInspector) - Il2CppInspector helps you to reverse engineer IL2CPP applications, providing the most complete analysis currently available. `Unity`
* [Recaf](https://github.com/Col-E/Recaf) - The modern Java bytecode editor.## Static Application Security Testing (SAST)
* [appshark](https://github.com/bytedance/appshark) - Appshark is a static taint analysis platform to scan vulnerabilities in an Android app.
* [route-sixty-sink](https://github.com/mandiant/route-sixty-sink) - an open source tool that enables defenders and security researchers alike to quickly identify vulnerabilities in any .NET assembly using automated source-to-sink analysis.## Web Tools
* [drupwn](https://github.com/immunIT/drupwn) - Drupal enumeration & exploitation tool.
* [jwt_tool](https://github.com/ticarpi/jwt_tool) - _jwt_tool.py_ is a toolkit for validating, forging, scanning and tampering JWTs (JSON Web Tokens).
* [lfimap](https://github.com/hansmach1ne/lfimap) - Local file inclusion discovery and exploitation tool### Burp Suite Plugins
* [burp-awesome-tls](https://github.com/sleeyax/burp-awesome-tls) - This extension hijacks Burp's HTTP/TLS stack and allows you to spoof any browser fingerprint in order to make it more powerful and less prone to fingerprinting by all kinds of WAFs.### GraphQL
* [clairvoyance](https://github.com/nikitastupin/clairvoyance) - Obtain GraphQL API schema despite disabled introspection!
* [GraphCrawler](https://github.com/gsmith257-cyber/GraphCrawler) - GraphQL automated security testing toolkit.
* [graphql-voyager](https://github.com/IvanGoncharov/graphql-voyager) - Represent any GraphQL API as an interactive graph.## Wordlists
* [google-10000-english](https://github.com/first20hours/google-10000-english) - This repo contains a list of the 10,000 most common English words in order of frequency, as determined by n-gram frequency analysis of the Google's Trillion Word Corpus.
* [SecLists](https://github.com/danielmiessler/SecLists) - It's a collection of multiple types of lists used during security assessments, collected in one place.