https://github.com/shingareom/pentestingtools

This repository contains a collection of tools designed for automating penetration testing, while also being valuable for manual testing. Leveraging these tools can enhance both the efficiency and effectiveness of your security assessments.
https://github.com/shingareom/pentestingtools

bugbounty pentesting-tools webpentest

Last synced: 4 months ago
JSON representation

Host: GitHub
URL: https://github.com/shingareom/pentestingtools
Owner: shingareom
License: mit
Created: 2024-08-10T03:44:42.000Z (over 1 year ago)
Default Branch: main
Last Pushed: 2024-11-02T05:38:27.000Z (about 1 year ago)
Last Synced: 2025-03-13T00:42:57.004Z (11 months ago)
Topics: bugbounty, pentesting-tools, webpentest
Homepage: https://youtu.be/apUc8zjTiG4?si=Wm4vLas6hw69AK9-
Size: 8.79 KB
Stars: 0
Watchers: 1
Forks: 1
Open Issues: 0
Metadata Files:
- Readme: README.md
- License: LICENSE

Awesome Lists containing this project

README

          [![GitHub stars](https://img.shields.io/github/stars/ShingareOm/PentestingTools?style=flat-square)](https://github.com/ShingareOm/PentestingTools/stargazers)

[![GitHub forks](https://img.shields.io/github/forks/ShingareOm/PentestingTools?style=flat-square)](https://github.com/ShingareOm/PentestingTools/network)

[![GitHub issues](https://img.shields.io/github/issues/ShingareOm/PentestingTools?style=flat-square)](https://github.com/ShingareOm/PentestingTools/issues)

[![GitHub license](https://img.shields.io/github/license/ShingareOm/PentestingTools?style=flat-square)](https://github.com/ShingareOm/PentestingTools/blob/main/LICENSE)

# Advance Penetration Testing Tools

Welcome to the **Advance Penetration Testing Tools** repository. This comprehensive collection of tools is designed to enhance both automated and manual penetration testing. These tools cover a wide range of tasks, from subdomain enumeration and vulnerability scanning to web crawling and visual reconnaissance.

## Tools

### General Tools

- **[dirsearch](https://github.com/maurosoria/dirsearch)** - Directory and file scanner.

- **[JSParser](https://github.com/nahamsec/JSParser)** - JavaScript parser for finding sensitive data.

- **[knockpy](https://github.com/guelfoweb/knock)** - Subdomain scanner.

- **[lazys3](https://github.com/nahamsec/lazys3)** - S3 bucket enumeration tool.

- **[recon_profile](https://github.com/nahamsec/recon_profile)** - Reconnaissance profile manager.

- **[sqlmap-dev](https://github.com/sqlmapproject/sqlmap)** - SQL injection tool.

- **[Sublist3r](https://github.com/aboul3la/Sublist3r)** - Subdomain enumeration tool.

- **[teh_s3_bucketeers](https://github.com/nahamsec/teh_s3_bucketeers)** - S3 bucket enumeration tool.

- **[virtual-host-discovery](https://github.com/jobertabma/virtual-host-discovery)** - Virtual host discovery tool.

- **[wpscan](https://github.com/wpscanteam/wpscan)** - WordPress vulnerability scanner.

- **[webscreenshot](https://github.com/ubergraph/webscreenshot)** - Automated screenshot tool for websites.

- **[Massdns](https://github.com/blechschmidt/massdns)** - DNS resolver.

- **[Asnlookup](https://github.com/someone/asnlookup)** - ASN lookup tool.

- **[Unfurl](https://github.com/tomnomnom/unfurl)** - Extracts and unfurls URLs.

- **[Waybackurls](https://github.com/tomnomnom/waybackurls)** - Retrieve URLs from the Wayback Machine.

- **[Httprobe](https://github.com/tomnomnom/httprobe)** - HTTP probe tool.

- **[Seclists collection](https://github.com/danielmiessler/SecLists)** - Collection of security lists.

### VPS-Bug-Bounty-Tools

For a comprehensive installation script and toolset, visit the [VPS-Bug-Bounty-Tools GitHub page](https://github.com/drak3hft7/VPS-Bug-Bounty-Tools#vps-bug-bounty-tools).

#### Installation Instructions

```shell

cd /tmp && git clone https://github.com/drak3hft7/VPS-Bug-Bounty-Tools

cd VPS-Bug-Bounty-Tools

sudo ./Tools-BugBounty-installer.sh

```

#### Example Installation

[![Installation Example](https://github.com/drak3hft7/VPS-Bug-Bounty-Tools/raw/main/images/tool.PNG)](https://github.com/drak3hft7/VPS-Bug-Bounty-Tools/blob/main/images/tool.PNG)

### Tool Categories

- **Network Scanners:**

  - **[Nmap](https://nmap.org/)** - Network scanner.

  - **[Masscan](https://github.com/robertdavidgraham/masscan)** - High-speed port scanner.

  - **[Naabu](https://github.com/projectdiscovery/naabu)** - Port scanning tool.

- **Subdomain Enumeration and DNS Resolver:**

  - **[Massdns](https://github.com/blechschmidt/massdns)** - DNS resolver.

  - **[Subfinder](https://github.com/projectdiscovery/subfinder/)** - Subdomain discovery tool.

  - **[Knock](https://github.com/guelfoweb/knock.git)** - Subdomain scanner.

  - **[Lazyrecon](https://github.com/nahamsec/lazyrecon.git)** - Reconnaissance tool.

  - **[Github-subdomains](https://github.com/gwen001/github-subdomains)** - Subdomain enumeration.

  - **[Sublist3r](https://github.com/aboul3la/Sublist3r.git)** - Subdomain enumeration tool.

  - **[Crtndstry](https://github.com/nahamsec/crtndstry.git)** - Certificate transparency subdomain enumeration.

  - **[Assetfinder](https://github.com/tomnomnom/assetfinder)** - Domain and subdomain finder.

  - **[Dnsx](https://github.com/projectdiscovery/dnsx)** - DNS toolkit.

  - **[Dnsgen](https://github.com/ProjectAnte/dnsgen)** - DNS record generator.

- **Subdomain Takeovers:**

  - **[SubOver](https://github.com/Ice3man543/SubOver)** - Subdomain takeover tool.

- **Web Fuzzers:**

  - **[Dirsearch](https://github.com/maurosoria/dirsearch)** - Directory and file scanner.

  - **[Ffuf](https://github.com/ffuf/ffuf)** - Fuzzing tool.

- **Wordlists:**

  - **[SecLists](https://github.com/danielmiessler/SecLists.git)** - Collection of wordlists.

- **CMS Scanners:**

  - **[Wpscan](https://github.com/wpscanteam/wpscan)** - WordPress vulnerability scanner.

  - **[Droopescan](https://github.com/droope/droopescan)** - Drupal and Joomla scanner.

- **SQL Vulnerability Tools:**

  - **[SQLmap](https://sqlmap.org/)** - SQL injection tool.

  - **[NoSQLmap](https://github.com/codingo/NoSQLMap.git)** - NoSQL injection tool.

  - **[Jeeves](https://github.com/ferreiraklet/Jeeves)** - SQL injection tool.

- **JavaScript Enumeration:**

  - **[LinkFinder](https://github.com/GerbenJavado/LinkFinder.git)** - JavaScript link finder.

  - **[SecretFinder](https://github.com/m4ll0k/SecretFinder.git)** - Secret data finder in JavaScript.

  - **[JSParser](https://github.com/nahamsec/JSParser.git)** - JavaScript parser.

- **Visual Recon:**

  - **[Aquatone](https://github.com/michenriksen/aquatone/releases/download/v1.7.0/aquatone_linux_amd64_1.7.0.zip)** - Visual reconnaissance tool.

- **Web Crawlers:**

  - **[GoSpider](https://github.com/jaeles-project/gospider)** - Web spider.

  - **[Hakrawler](https://github.com/hakluke/hakrawler)** - Web crawler.

  - **[Katana](https://github.com/projectdiscovery/katana)** - Web crawler.

- **XSS Vulnerability Tools:**

  - **[XSStrike](https://github.com/s0md3v/XSStrike)** - XSS vulnerability scanner.

  - **[XSS-Loader](https://github.com/capture0x/XSS-LOADER/)** - XSS payload loader.

  - **[Freq](https://github.com/takshal/freq)** - Frequency analysis tool for XSS.

  - **[Gxss](https://github.com/KathanP19/Gxss)** - XSS vulnerability scanner.

  - **[Dalfox](https://github.com/hahwul/dalfox)** - XSS scanning tool.

- **SSRF Vulnerability Tools:**

  - **[SSRFmap](https://github.com/swisskyrepo/SSRFmap)** - SSRF mapping tool.

  - **[Gopherus](https://github.com/tarunkant/Gopherus.git)** - SSRF testing tool.

- **Vulnerability Scanners:**

  - **[Nuclei](https://github.com/projectdiscovery/nuclei)** - Vulnerability scanner.

- **Virtual Host Discovery:**

  - **[Virtual host scanner](https://github.com/jobertabma/virtual-host-discovery.git)** - Virtual host discovery tool.

- **Additional Useful Tools:**

  - **[Anew](https://github.com/tomnomnom/anew)** - Append unique lines to files.

  - **[Unew](https://github.com/dwisiswant0/unew)** - Unique newline processing.

  - **[Gf](https://github.com/tomnomnom/gf)** - GitHub fuzzing tool.

  - **[Httprobe](https://github.com/tomnomnom/httprobe)** - HTTP probe tool.

  - **[Httpx](https://github.com/projectdiscovery/httpx/)** - HTTP probing tool.

  - **[Waybackurls](https://github.com/tomnomnom/waybackurls)** - Retrieve URLs from the Wayback Machine.

  - **[Arjun](https://github.com/s0md3v/Arjun)** - HTTP parameter discovery tool.

  - **[Gau](https://github.com/lc/gau)** - Get all URLs.

  - **[GauPlus](https://github.com/bp0lr/gauplus)** - Enhanced version of Gau.

  - **[Uro](https://github.com/s0md3v/uro)** - URL-related operations tool.

  - **[Qsreplace](https://github.com/tomnomnom/qsreplace)** - URL parameter replacement.

  - **[SocialHunter](https://github.com/utkusen/socialhunter)** - Social media reconnaissance tool.

### Additional Resources

- [Available Tools List](https://github.com/supr4s/WebHackingTools#available-tools-list)

## Note

I am merely a script kiddie and all credits go to the respective tool creators. Special thanks to The Cyberboy for their comprehensive overview on YouTube: [Watch Here](https://www.youtube.com/watch?v=apUc8zjTiG4).

ecosyste.ms

Data

Tools

Indexes

Applications

Experiments

Awesome

https://github.com/shingareom/pentestingtools

Awesome Lists containing this project

README