Data

Tools

Indexes

Applications

Experiments

Awesome

An open API service indexing awesome lists of open source software.

Projects in Awesome Lists tagged with penetration-testing-tools

A curated list of projects in awesome lists tagged with penetration-testing-tools .

https://github.com/t3l3machus/villain

Villain is a high level stage 0/1 C2 framework that can handle multiple reverse TCP & HoaxShell-based shells, enhance their functionality with additional features (commands, utilities) and share them among connected sibling servers (Villain instances running on different machines).

c2 cybersecurity hacking hacking-tool offensive-security open-source penetration-testing penetration-testing-tools pentest pentesting readteaming redteam redteam-tools

Last synced: 13 May 2025

https://github.com/t3l3machus/Villain

Villain is a high level stage 0/1 C2 framework that can handle multiple reverse TCP & HoaxShell-based shells, enhance their functionality with additional features (commands, utilities) and share them among connected sibling servers (Villain instances running on different machines).

c2 cybersecurity hacking hacking-tool offensive-security open-source penetration-testing penetration-testing-tools pentest pentesting readteaming redteam redteam-tools

Last synced: 30 Mar 2025

https://github.com/kelvinben/appinfoscanner

一款适用于以HW行动/红队/渗透测试团队为场景的移动端(Android、iOS、WEB、H5、静态网站)信息收集扫描工具,可以帮助渗透测试工程师、攻击队成员、红队成员快速收集到移动端或者静态WEB站点中关键的资产信息并提供基本的信息输出,如:Title、Domain、CDN、指纹信息、状态信息等。

android apk apk-dex hacking hacking-tool ipa network-security penetration-test penetration-testing-tools python3 scanner security security-tools tools web-hacking

Last synced: 15 May 2025

https://github.com/kelvinBen/AppInfoScanner

一款适用于以HW行动/红队/渗透测试团队为场景的移动端(Android、iOS、WEB、H5、静态网站)信息收集扫描工具,可以帮助渗透测试工程师、攻击队成员、红队成员快速收集到移动端或者静态WEB站点中关键的资产信息并提供基本的信息输出,如:Title、Domain、CDN、指纹信息、状态信息等。

android apk apk-dex hacking hacking-tool ipa network-security penetration-test penetration-testing-tools python3 scanner security security-tools tools web-hacking

Last synced: 15 May 2025

https://github.com/bishopfox/cloudfox

Automating situational awareness for cloud penetration tests.

aws cloud cloud-security golang penetration-testing-tools security

Last synced: 14 May 2025

https://github.com/BishopFox/CloudFox

Automating situational awareness for cloud penetration tests.

aws cloud cloud-security golang penetration-testing-tools security

Last synced: 07 May 2025

https://github.com/BishopFox/cloudfox

Automating situational awareness for cloud penetration tests.

aws cloud cloud-security golang penetration-testing-tools security

Last synced: 02 Apr 2025

https://github.com/cyberark/kubesploit

Kubesploit is a cross-platform post-exploitation HTTP/2 Command & Control server and agent written in Golang, focused on containerized environments.

agent c2 command-and-control containers golang http2 kubernetes penetration-testing-framework penetration-testing-tools post-exploitation red-teams redteam-tools security security-tools

Last synced: 28 Sep 2025

https://github.com/Hackmanit/Web-Cache-Vulnerability-Scanner

Web Cache Vulnerability Scanner is a Go-based CLI tool for testing for web cache poisoning. It is developed by Hackmanit GmbH (http://hackmanit.de/).

bugbounty hacking hacking-tool penetration-testing penetration-testing-tools pentesting scanner security security-audit security-scanner security-tools vulnerability-scanners web-cache

Last synced: 04 Apr 2025

https://github.com/r0x4r/garud

An automation tool that scans sub-domains, sub-domain takeover, then filters out XSS, SSTI, SSRF, and more injection point parameters and scans for some low hanging vulnerabilities automatically.

assetfinder bash-script bugbounty bugbounty-tool bugbountytips garud gf-patterns golang penetration-testing penetration-testing-tools reconnaissance subdomain-takeover vulnerability vulnerability-scanner

Last synced: 12 Apr 2025

https://github.com/R0X4R/Garud

An automation tool that scans sub-domains, sub-domain takeover, then filters out XSS, SSTI, SSRF, and more injection point parameters and scans for some low hanging vulnerabilities automatically.

assetfinder bash-script bugbounty bugbounty-tool bugbountytips garud gf-patterns golang penetration-testing penetration-testing-tools reconnaissance subdomain-takeover vulnerability vulnerability-scanner

Last synced: 07 Apr 2025

https://github.com/jwt1399/Sec-Tools

🍉一款基于Python-Django的多功能Web安全渗透测试工具,包含漏洞扫描,端口扫描,指纹识别,目录扫描,旁站扫描,域名扫描等功能。

django penetration-testing-tools python3 scan-tool security-tools vulnerability-scanners

Last synced: 21 Jul 2025

https://github.com/hueristiq/xurlfind3r

A command-line utility designed to discover URLs for a given domain in a simple, efficient way. It works by gathering information from a variety of passive sources, meaning it doesn't interact directly with the target but instead gathers data that is already publicly available.

bug-bounty bug-bounty-tools contentdiscovery ethical-hacking ethical-hacking-tools go golang osint osint-tools penetration-testing penetration-testing-tools reconnaissance red-teaming red-teaming-tools web-security

Last synced: 24 Oct 2025

https://github.com/sofianehamlaoui/pentest-notes

Collection of Pentest Notes and Cheatsheets from a lot of repos (SofianeHamlaoui,dostoevsky,mantvydasb,adon90,BriskSec)

cheatsheets offensive-security penetration-testing penetration-testing-tools pentesting security security-audit security-tools sofianehamlaoui

Last synced: 12 Mar 2025

https://github.com/SofianeHamlaoui/Pentest-Notes

Collection of Pentest Notes and Cheatsheets from a lot of repos (SofianeHamlaoui,dostoevsky,mantvydasb,adon90,BriskSec)

cheatsheets offensive-security penetration-testing penetration-testing-tools pentesting security security-audit security-tools sofianehamlaoui

Last synced: 12 Jul 2025

https://github.com/cyberark/evasor

A tool to be used in post exploitation phase for blue and red teams to bypass APPLICATIONCONTROL policies

bypass-applocker-policies full-automated penetration-testing-tools post-exploitation

Last synced: 04 Jul 2025

https://github.com/cyberark/Evasor

A tool to be used in post exploitation phase for blue and red teams to bypass APPLICATIONCONTROL policies

bypass-applocker-policies full-automated penetration-testing-tools post-exploitation

Last synced: 11 Jul 2025

https://github.com/dfw1n/dfw1n-osint

Australian Open Source Intelligence Gathering Resources, Australias Largest Open Source Intelligence Repository for Cyber Professionals and Ethical Hackers

australia cryptography cybersecurity darkweb-data ethical-hacking forensics intelligence intelligence-search-service investigator opensource osint osint-framework osint-reconnaissance osint-resources penetration-testing-tools police redteaming social-media social-network

Last synced: 20 Mar 2025

https://github.com/CervantesSec/cervantes

Cervantes is an open-source, collaborative platform designed specifically for pentesters and red teams. It serves as a comprehensive management tool, streamlining the organization of projects, clients, vulnerabilities, and reports in a single, centralized location.

audit burpsuite collaboration collaboration-platform collaborative cve hacking nessus nmap penetration-testing penetration-testing-tools pentesters pentesting red-team red-teaming report reporting security vulnerability vulnerability-management

Last synced: 11 Jul 2025

https://github.com/shadow-workers/shadow-workers

Shadow Workers is a free and open source C2 and proxy designed for penetration testers to help in the exploitation of XSS and malicious Service Workers (SW)

c2 penetration-testing-tools proxy service-worker xss-exploitation

Last synced: 02 Apr 2025

https://github.com/putsi/privatecollaborator

A script for installing private Burp Collaborator with free Let's Encrypt SSL-certificate

bugbounty burp burpsuite burpsuitepro collaborator penetration-testing penetration-testing-tools

Last synced: 12 May 2025

https://github.com/iomoath/SharpStrike

A Post exploitation tool written in C# uses either CIM or WMI to query remote systems.

cybersecurity penetration-testing penetration-testing-tools redteam-tools redteaming winrm wmi wsman

Last synced: 11 Jul 2025

https://github.com/viralmaniar/xposedornot

XposedOrNot (XoN) tool is to search an aggregated repository of xposed passwords comprising of ~850 million real time passwords. Usage of such compromised passwords is detrimental to individual account security.

breach-compilation credentials-gathering intelligence-gathering osint osinttool password-breach password-leak penetration-testing-tools recon reconnaissance

Last synced: 24 Apr 2025

https://github.com/Viralmaniar/XposedOrNot

XposedOrNot (XoN) tool is to search an aggregated repository of xposed passwords comprising of ~850 million real time passwords. Usage of such compromised passwords is detrimental to individual account security.

breach-compilation credentials-gathering intelligence-gathering osint osinttool password-breach password-leak penetration-testing-tools recon reconnaissance

Last synced: 11 Jul 2025

https://github.com/t3l3machus/synergy-httpx

A Python http(s) server designed to assist in red teaming activities such as receiving intercepted data via POST requests and serving content dynamically (e.g. payloads).

arduino attiny85 hacking hacking-tools offensive-security penetration-testing-tools pentesting red-teaming redteam t3l3machus

Last synced: 12 Apr 2025

https://github.com/iomoath/SharpSpray

Active Directory password spraying tool. Auto fetches user list and avoids potential lockouts.

penetration-testing penetration-testing-tools

Last synced: 11 Jul 2025

https://github.com/hueristiq/xsubfind3r

A command-line utility designed to discover subdomains for a given domain in a simple, efficient way. It works by gathering information from a variety of passive sources, meaning it doesn't interact directly with the target but instead gathers data that is already publicly available.

asset-discovery bug-bounty bug-bounty-tools docker docker-image ethical-hacking ethical-hacking-tools go golang osint osint-tools penetration-testing penetration-testing-tools reconnaissance red-team-tools red-teaming subdomain-discovery subdomain-enumeration

Last synced: 06 Apr 2025

https://github.com/eonraider/bca-phantom

A multi-platform HTTP(S) Reverse Shell Server and Client in Python 3

http-client http-server network-programming penetration-testing-tools red-teaming reverse-shell security-tools

Last synced: 11 Apr 2025

https://github.com/kostas-pa/LFITester

LFITester is a Python3 program that automates the detection and exploitation of Local File Inclusion (LFI) vulnerabilities on a server.

bugbounty crawler cybersecurity enumeration exploitation fuzzing hacking lfi lfi-detection lfi-exploitation lfi-vulnerability penetration-testing penetration-testing-tools pentest-tool pentesting python web-hacking webhacking

Last synced: 12 Jul 2025

https://github.com/hueristiq/xcrawl3r

A command-line interface (CLI) based utility to recursively crawl webpages. It is designed to systematically browse webpages' URLs and follow links to discover linked webpages' URLs.

bug-bounty bug-bounty-tools contentdiscovery crawler ethical-hacking ethical-hacking-tools go golang penetration-testing penetration-testing-tools reconnaissance red-teaming red-teaming-tools web-security

Last synced: 06 Apr 2025

https://github.com/the-viper-one/activedirectoryattacktool

ADAT is a small tool used to assist CTF players and Penetration testers with easy commands to run against an Active Directory Domain Controller. This tool is is best utilized using a set of known credentials against the host.

active-directory ctf htb oscp penetration-testing-tools red-team security-tools tryhackme

Last synced: 12 Sep 2025

https://github.com/packet-batch/program

An application that utilizes fast AF_XDP Linux sockets to generate and send network packets. Used for penetration testing including Denial of Service (DoS) and network monitoring. Made by @gamemann!

af-xdp ddos ddos-attack-tools ddos-tool dos dos-attack-tool dos-tool hack-tool linux networking packet packet-generator penetration penetration-testing penetration-testing-tools pentest pentest-tool pentesting pktgen xdp

Last synced: 01 Mar 2025

https://github.com/i5nipe/nipejs

Simplify your life with leak detection in JavaScript. NipeJS streamlines the use of regex, making it effortless to uncover potential leaks.

bug-bounty bugbounty bugbounty-tool infosec penetration-testing-tools pentesting

Last synced: 11 Jul 2025

https://github.com/paulveillard/cybersecurity-penetration-testing

An ongoing & curated collection of awesome software best practices and techniques, libraries and frameworks, E-books and videos, websites, blog posts, links to github Repositories, technical guidelines and important resources about Penetration Testing in Cybersecurity.

cybersecurity cybersecurity-education penetration penetration-test-framework penetration-tester penetration-testing penetration-testing-tools pentest-scripts pentest-tool pentester pentesting pentesting-networks pentesting-windows threat-intelligence

Last synced: 10 Jul 2025

https://github.com/himazawa/bento

Bento Toolkit is a minimal fedora-based container for penetration tests and CTF with the sweet addition of GUI applications.

ctf ctf-tools docker minimal penetration penetration-testing-tools security-vulnerability

Last synced: 11 Jul 2025

https://github.com/dotnetrussell/minerinthemiddle

This application was created as a POC for how to scan your local network traffic for HTTP requests and then inject various javascript cryptocurrency miners into the response payloads

bug-bounty bugbounty hacking hacking-tool info-sec information-security infosec infosectools injection miner monero penetration-testing penetration-testing-tools python red-team

Last synced: 24 Oct 2025

https://github.com/gnothiseautonlw/burp-shell-fwd-lfi

A Burp Suite plugin/extension that offers a shell in Burp. Both useful for OS Command injection and LFI exploration

burp-extensions burp-plugin burpsuite burpsuite-extender penetration-testing penetration-testing-tools pentesting security security-tools

Last synced: 11 Jul 2025

https://github.com/IngoKl/HTTPUploadExfil

A simple HTTP server for delivering and exfiltrating files/data during, for example, CTFs.

ctf ctf-tools golang http http-server oscp-tools penetration-testing-tools pentest-tool pentesting security-tools

Last synced: 11 Jul 2025

https://github.com/netlas-io/netlas-scripts

Several scripts are based on the Netlas.io search engine. They will allow you to carry out the reconnaissance phase before the pen test in a semi-automatic mode: collect all the domains and IP addresses associated with the target and save the responses received after contacting these hosts in HTML format. Over time, new scripts will appear here.

netlas osint penetration-testing-tools security-tools

Last synced: 25 Aug 2025

https://github.com/jonaslejon/lolcrawler

Headless web crawler for bugbounty and penetration-testing/redteaming

bugbounty crawler docker penetration-testing penetration-testing-tools redteam redteam-tools redteaming

Last synced: 12 Jul 2025

https://github.com/r0x4r/snetra

A Python based scanner uses shodan-internetdb to scan the IP.

bugbounty penetration-testing penetration-testing-tools python3 shodan

Last synced: 28 Jul 2025

https://github.com/R0X4R/snetra

A Python based scanner uses shodan-internetdb to scan the IP.

bugbounty penetration-testing penetration-testing-tools python3 shodan

Last synced: 12 Jul 2025

https://github.com/codytolene/red-portals

An educational repository focused on Evil Portals—rogue captive portals designed to mimic legitimate login systems. This project provides insights into their functionality and potential exploitation techniques, helping security researchers, penetration testers, and ethical hackers identify and defend against network vulnerabilities.

access-point ap evil evil-portals penetration penetration-testing penetration-testing-tools pentesting portal portals testing

Last synced: 17 Jun 2025

https://github.com/eonraider/bca-reaper

Log keystrokes, take screenshots and grab system information from a target host and exfiltrate to Discord and Google Forms.

hacking-tools keylogger penetration-testing-tools screen-capture

Last synced: 11 Apr 2025

https://github.com/gh0x0st/raven

A lightweight http file upload service used for penetration testing and incident response.

file-upload http-server incident-response kali-linux kali-linux-tools penetration-testing penetration-testing-tools python3-script security-tools

Last synced: 10 Jul 2025