Ecosyste.ms: Awesome

An open API service indexing awesome lists of open source software.

Awesome Lists | Featured Topics | Projects

Projects in Awesome Lists tagged with penetration-testing

A curated list of projects in awesome lists tagged with penetration-testing .

https://github.com/xm1k3/cent

Community edition nuclei templates, a simple tool that allows you to organize all the Nuclei templates offered by the community in one place

bugbounty golang hacktoberfest nuclei nuclei-templates penetration-testing pentesting templates

Last synced: 01 Aug 2024

https://github.com/rhinosecuritylabs/iprotate_burp_extension

Extension for Burp Suite which uses AWS API Gateway to rotate your IP on every request.

aws-apigateway burpsuite hacking penetration-testing webapp

Last synced: 01 Aug 2024

https://github.com/RhinoSecurityLabs/IPRotate_Burp_Extension

Extension for Burp Suite which uses AWS API Gateway to rotate your IP on every request.

aws-apigateway burpsuite hacking penetration-testing webapp

Last synced: 02 Aug 2024

https://github.com/r0x4r/garud

An automation tool that scans sub-domains, sub-domain takeover, then filters out XSS, SSTI, SSRF, and more injection point parameters and scans for some low hanging vulnerabilities automatically.

assetfinder bash-script bugbounty bugbounty-tool bugbountytips garud gf-patterns golang penetration-testing penetration-testing-tools reconnaissance subdomain-takeover vulnerability vulnerability-scanner

Last synced: 01 Oct 2024

https://github.com/r3dy/capsulecorp-pentest

Vagrant VirtualBox environment for conducting an internal network penetration test

ansible ethical-hacking hacking penetration-testing pentest pentesting vagrant

Last synced: 29 Sep 2024

https://github.com/rackerlabs/scantron

A distributed nmap / masscan scanning framework complete with scan scheduling, engine pooling, subsequent scan port diff-ing, and an API client for automation workflows.

ansible api automation django masscan nmap penetration-testing python rest scanning

Last synced: 29 Sep 2024

https://github.com/R0X4R/Garud

An automation tool that scans sub-domains, sub-domain takeover, then filters out XSS, SSTI, SSRF, and more injection point parameters and scans for some low hanging vulnerabilities automatically.

assetfinder bash-script bugbounty bugbounty-tool bugbountytips garud gf-patterns golang penetration-testing penetration-testing-tools reconnaissance subdomain-takeover vulnerability vulnerability-scanner

Last synced: 01 Aug 2024

https://github.com/knassar702/scant3r

ScanT3r - Module based Bug Bounty Automation Tool ( use Lotus instead github.com/bugBlocker/lotus )

bug-bounty bugbounty infosec module-pattern penetration-testing pentesting security-tools web-scanners xss

Last synced: 04 Aug 2024

https://github.com/dradis/dradis-ce

Dradis Framework: Collaboration and reporting for IT Security teams

collaboration dradis dradis-framework infosec penetration-testing pentesting security security-audit

Last synced: 01 Aug 2024

https://github.com/YagamiiLight/Cerberus

一款功能强大的漏洞扫描器,子域名爆破使用aioDNS,asyncio异步快速扫描,覆盖目标全方位资产进行批量漏洞扫描,中间件信息收集,自动收集ip代理,探测Waf信息时自动使用来保护本机真实Ip,在本机Ip被Waf杀死后,自动切换代理Ip进行扫描,Waf信息收集(国内外100+款waf信息)包括安全狗,云锁,阿里云,云盾,腾讯云等,提供部分已知waf bypass 方案,中间件漏洞检测(Thinkphp,weblogic等 CVE-2018-5955,CVE-2018-12613,CVE-2018-11759等),支持SQL注入, XSS, 命令执行,文件包含, ssrf 漏洞扫描, 支持自定义漏洞邮箱推送功能

bypass hacking-tool middleware penetration-testing proxy python security-tools sql-injection ssrf waf websecurity xss

Last synced: 04 Aug 2024

https://github.com/brannondorsey/whonow

A "malicious" DNS server for executing DNS Rebinding attacks on the fly (public instance running on rebind.network:53)

dns dns-rebinding dns-server hacking malicious-domains nodejs penetration-testing red-team

Last synced: 01 Aug 2024

https://github.com/maldevel/pentestkit

Tools, scripts and tips useful during Penetration Testing engagements.

assessment hacking kali-linux network notes penetration-testing pentesting scripts security system tools web

Last synced: 01 Aug 2024

https://github.com/maldevel/PenTestKit

Tools, scripts and tips useful during Penetration Testing engagements.

assessment hacking kali-linux network notes penetration-testing pentesting scripts security system tools web

Last synced: 30 Jul 2024

https://github.com/Syslifters/OffSec-Reporting

Offensive Security OSCP, OSWP, OSEP, OSWA, OSWE, OSED, OSMR, OSEE, OSDA Exam and Lab Reporting / Note-Taking Tool

lab-report offensive-security offsec oscp oscp-tools osed osee osep oswa oswe oswp penetration-testing pentest-report pentesting-tools red-teaming reporting reporting-tool security-tools

Last synced: 02 Aug 2024

https://github.com/Bywalks/DarkAngel

DarkAngel 是一款全自动白帽漏洞扫描器,从hackerone、bugcrowd资产监听到漏洞报告生成、漏洞URL截屏、消息通知。

bugbounty penetration-testing security-tools

Last synced: 04 Aug 2024

https://github.com/eslam3kl/SQLiDetector

Simple python script supported with BurpBouty profile that helps you to detect SQL injection "Error based" by sending multiple requests with 14 payloads and checking for 152 regex patterns for different databases.

bug-bounty bugbounty infosec penetration-testing pentesting sqlinjection

Last synced: 03 Aug 2024

https://github.com/paradoxis/stegcracker

Steganography brute-force utility to uncover hidden data inside files

brute-force ctf ctf-tools penetration-testing pentesting steganography stegcracker steghide

Last synced: 01 Aug 2024

https://github.com/shenril/sitadel

Web Application Security Scanner

penetration-testing python3 scanner-web security

Last synced: 01 Aug 2024

https://github.com/postrequest/link

link is a command and control framework written in rust

c2 command-and-control implant payload penetration-testing pentesting red-team rust

Last synced: 01 Aug 2024

https://github.com/shenril/Sitadel

Web Application Security Scanner

penetration-testing python3 scanner-web security

Last synced: 01 Aug 2024

https://github.com/hueristiq/hqurlfind3r

A command-line interface (CLI) based passive URLs discovery utility. It is designed to efficiently identify known URLs of given domains by tapping into a multitude of curated online passive sources.

bug-bounty bug-bounty-tools contentdiscovery ethical-hacking ethical-hacking-tools go golang osint osint-tools penetration-testing penetration-testing-tools reconnaissance red-teaming red-teaming-tools web-security

Last synced: 25 Aug 2024

https://github.com/hueristiq/xurlfind3r

A command-line interface (CLI) based passive URLs discovery utility. It is designed to efficiently identify known URLs of given domains by tapping into a multitude of curated online passive sources.

bug-bounty bug-bounty-tools contentdiscovery ethical-hacking ethical-hacking-tools go golang osint osint-tools penetration-testing penetration-testing-tools reconnaissance red-teaming red-teaming-tools web-security

Last synced: 01 Aug 2024

https://github.com/frizb/Vanquish

Vanquish is Kali Linux based Enumeration Orchestrator. Vanquish leverages the opensource enumeration tools on Kali to perform multiple active information gathering phases.

kali-linux offensive-security oscp penetration-testing penetration-testing-framework python vulnerability-assessment vulnerability-scanners

Last synced: 01 Aug 2024

https://github.com/dolevf/graphw00f

graphw00f is GraphQL Server Engine Fingerprinting utility for software security professionals looking to learn more about what technology is behind a given GraphQL endpoint.

enumeration fingerprinting graphql information-gathering penetration-testing security

Last synced: 03 Aug 2024

https://github.com/archstrike/archstrike

An Arch Linux repository for security professionals and enthusiasts. Done the Arch Way and optimized for i686, x86_64, ARMv6, ARMv7 and ARMv8.

arch-linux arch-pkgbuilds archstrike armv6 armv7 armv8 distro hackers hacking linux linux-distribution odroid-c2 penetration-testing pentesting raspberry-pi repository security security-audit security-professionals tools

Last synced: 28 Sep 2024

https://github.com/TupleType/awesome-cicd-attacks

Practical resources for offensive CI/CD security research. Curated the best resources I've seen since 2021.

appsec awesome awesome-list bugbounty cicd cybersecurity devesecops hacking infosec offensive-security penetration-testing research tools

Last synced: 26 Sep 2024

https://github.com/The-Viper-One/Pentest-Everything

A collection of CTF write-ups, pentesting topics, guides and notes. Notes compiled from multiple sources and my own lab research. Topics also support OSCP, Active Directory, CRTE, eJPT and eCPPT.

active-directory active-directory-security bloodhound crto crtp ctf ctf-writeups ecpptv2 ejpt hacking hackthebox offensive-security oscp penetration-testing pentest-tools pentesting proving-grounds-writeups security tryhackme

Last synced: 02 Aug 2024

https://github.com/dmdhrumilmistry/pyhtools

A Python Hacking Library consisting of network scanner, arp spoofer and detector, dns spoofer, code injector, packet sniffer, network jammer, email sender, downloader, wireless password harvester credential harvester, keylogger, download&execute, ransomware, data harvestors, etc.

apihacking dmdhrumilmistry hacking hacking-tool hacking-tools hackingwithpython malware-development penetration-testing python python3 ransomware remoteaccess telegram-hack web-hac web-security

Last synced: 31 Jul 2024

https://github.com/v4d1/Dome

Dome - Subdomain Enumeration Tool. Fast and reliable python script that makes active and/or passive scan to obtain subdomains and search for open ports.

bugbounty enumeration hacking-tool osint penetration-testing pentesting recon reconnaissance redteam redteam-tools subdomain subdomain-brute subdomain-enumeration subdomain-finder subdomain-scanner

Last synced: 04 Aug 2024

https://github.com/Paradoxis/Flask-Unsign

Command line tool to fetch, decode, brute-force and craft session cookies of a Flask application by guessing secret keys.

bruteforce ctf ctf-tools penetration-testing pentesting security security-tools

Last synced: 04 Aug 2024

https://github.com/jafarlihi/serpentine

C++/Win32/Boost Windows RAT (Remote Administration Tool) with a multiplatform Java/Spring RESTful C2 server and Go, C++/Qt5 frontends

keylogger penetration-testing rat redteam remote-admin-tool remote-administration remote-administration-tool remote-administrator-tool windows-rat

Last synced: 04 Aug 2024

https://github.com/machine1337/gmailc2

A Fully Undetectable C2 Server That Communicates Via Google SMTP to evade Antivirus Protections and Network Traffic Restrictions

c2server evasion fud-rat googlec2 hacking linux-exploits malware network-analysis penetration-testing rat redteaming smtprat windows-exploitation

Last synced: 01 Aug 2024

https://github.com/anon-exploiter/sitebroker

A cross-platform python based utility for information gathering and penetration testing automation!

cross-platform-python docker-image information-gathering penetration-automation penetration-testing python wapt web-application-security

Last synced: 01 Aug 2024

https://github.com/johnnyxmas/ScanCannon

External attack surface discovery, enumeration and reconnaissance for massive networks

asset-inventory asset-management attack-surface enumeration hacking-tool penetration-testing pentesting reconnaissance

Last synced: 01 Aug 2024

https://github.com/theahmadov/NIVOS

NIVOS is a hacking tool that allows you to scan deeply , crack wifi, see people on your network. It applies to all linux operating systems. And it is improving every day, new packages are added. Thank You For Using NIVOS :> [NIVOS Created By NIVO Team]

azerbaijan azerbaycan bash brute-force coding cyber-security cybersecurity hack hacker hacking hacking-tools linux penetration-testing python tools turkey wifi

Last synced: 06 Aug 2024

https://github.com/lukebaggett/dnscat2-powershell

A Powershell client for dnscat2, an encrypted DNS command and control tool.

penetration-testing powershell security

Last synced: 01 Aug 2024

https://github.com/opsdisk/metagoofil

Search Google and download specific file types

dork google information-leakage metagoofil osint penetration-testing python

Last synced: 02 Aug 2024

https://github.com/ultrasecurity/TeleKiller

A Tools Session Hijacking And Stealer Local Passcode Telegram Windows

hack hack-telegram hacking penetration-testing python python3 rat remote-admin-tool telekiller

Last synced: 04 Aug 2024

https://github.com/initstring/evil-ssdp

Spoof SSDP replies and create fake UPnP devices to phish for credentials and NetNTLM challenge/response.

hacking penetration-testing pentesting

Last synced: 02 Aug 2024

https://github.com/TeraSecTeam/ary

Ary 是一个集成类工具,主要用于调用各种安全工具,从而形成便捷的一键式渗透。

automation penetration-testing pentest poc sqlinjection vulnerability vulnerability-scanners xss

Last synced: 04 Aug 2024

https://github.com/volkandindar/agartha

A Burp extension generates dynamic payloads to uncover injection flaws (LFI, RCE, SQLi), creates user access tables to identify authentication and authorization issues, attempts to bypass HTTP 403 access restrictions, and converts HTTP requests as JavaScript code for enhanced XSS exploitation.

application-security appsec burp-extensions burpsuite cybersecurity hacking hacking-tool offensivesecurity offsec penetration-testing pentesting

Last synced: 04 Aug 2024

https://github.com/SofianeHamlaoui/Pentest-Notes

Collection of Pentest Notes and Cheatsheets from a lot of repos (SofianeHamlaoui,dostoevsky,mantvydasb,adon90,BriskSec)

cheatsheets offensive-security penetration-testing penetration-testing-tools pentesting security security-audit security-tools sofianehamlaoui

Last synced: 04 Aug 2024

https://github.com/dolevf/graphql-cop

Security Auditor Utility for GraphQL APIs

auditing blue-team graphql hacking hardening penetration-testing red-team security

Last synced: 03 Aug 2024

https://github.com/sgxgsx/bluetoolkit

BlueToolkit is an extensible Bluetooth Classic vulnerability testing framework that helps uncover new and old vulnerabilities in Bluetooth-enabled devices. Could be used in the vulnerability research, penetration testing and bluetooth hacking. We also collected and classified Bluetooth vulnerabilities in an "Awesome Bluetooth Security" way

awesome awesome-list bluetooth bluetooth-classic bluetooth-hacking bluetooth-security bluetooth-toolkit exploit information-security penetration-testing pentesting security security-tools wireless-security

Last synced: 26 Sep 2024

https://github.com/gellin/TeamViewer_Permissions_Hook_V1

A proof of concept injectable C++ dll, that uses naked inline hooking and direct memory modification to change your TeamViewer permissions.

cplusplus cpp dll-injection hooking memory-hacking penetration-testing security teamviewer x86

Last synced: 30 Jul 2024

https://github.com/d4rckh/vaf

Vaf is a cross-platform very advanced and fast web fuzzer written in nim

bruteforce bug-bounty bugbounty burpsuite fuzzer fuzzing hacking hacking-tools nim penetration-testing pentest-tool recon security-tools vaf web xss

Last synced: 01 Aug 2024

https://github.com/C0reL0ader/EaST

Exploits and Security Tools Framework 2.0.1

east-framework exploits offensive-security penetration-testing python

Last synced: 30 Jul 2024

https://github.com/c0rel0ader/east

Exploits and Security Tools Framework 2.0.1

east-framework exploits offensive-security penetration-testing python

Last synced: 01 Aug 2024

https://github.com/snovvcrash/DivideAndScan

Divide full port scan results and use it for targeted Nmap runs

masscan nmap penetration-testing port-scanning python-automation rustscan

Last synced: 04 Aug 2024

https://github.com/4shadoww/hakkuframework

Hakku Framework penetration testing

linux penetration-testing python

Last synced: 31 Jul 2024