Ecosyste.ms: Awesome

An open API service indexing awesome lists of open source software.

Awesome Lists | Featured Topics | Projects

Projects in Awesome Lists tagged with penetration-testing-tools

A curated list of projects in awesome lists tagged with penetration-testing-tools .

https://github.com/t3l3machus/Villain

Villain is a high level stage 0/1 C2 framework that can handle multiple TCP socket & HoaxShell-based reverse shells, enhance their functionality with additional features (commands, utilities) and share them among connected sibling servers (Villain instances running on different machines).

c2 cybersecurity hacking hacking-tool offensive-security open-source penetration-testing penetration-testing-tools pentest pentesting readteaming redteam redteam-tools

Last synced: 01 Aug 2024

https://github.com/kelvinben/appinfoscanner

一款适用于以HW行动/红队/渗透测试团队为场景的移动端(Android、iOS、WEB、H5、静态网站)信息收集扫描工具,可以帮助渗透测试工程师、攻击队成员、红队成员快速收集到移动端或者静态WEB站点中关键的资产信息并提供基本的信息输出,如:Title、Domain、CDN、指纹信息、状态信息等。

android apk apk-dex hacking hacking-tool ipa network-security penetration-test penetration-testing-tools python3 scanner security security-tools tools web-hacking

Last synced: 30 Sep 2024

https://github.com/kelvinBen/AppInfoScanner

一款适用于以HW行动/红队/渗透测试团队为场景的移动端(Android、iOS、WEB、H5、静态网站)信息收集扫描工具,可以帮助渗透测试工程师、攻击队成员、红队成员快速收集到移动端或者静态WEB站点中关键的资产信息并提供基本的信息输出,如:Title、Domain、CDN、指纹信息、状态信息等。

android apk apk-dex hacking hacking-tool ipa network-security penetration-test penetration-testing-tools python3 scanner security security-tools tools web-hacking

Last synced: 04 Aug 2024

https://github.com/bishopfox/cloudfox

Automating situational awareness for cloud penetration tests.

aws cloud cloud-security golang penetration-testing-tools security

Last synced: 30 Sep 2024

https://github.com/BishopFox/CloudFox

Automating situational awareness for cloud penetration tests.

aws cloud cloud-security golang penetration-testing-tools security

Last synced: 03 Aug 2024

https://github.com/BishopFox/cloudfox

Automating situational awareness for cloud penetration tests.

aws cloud cloud-security golang penetration-testing-tools security

Last synced: 01 Aug 2024

https://github.com/cyberark/kubesploit

Kubesploit is a cross-platform post-exploitation HTTP/2 Command & Control server and agent written in Golang, focused on containerized environments.

agent c2 command-and-control containers golang http2 kubernetes penetration-testing-framework penetration-testing-tools post-exploitation red-teams redteam-tools security security-tools

Last synced: 26 Sep 2024

https://github.com/Hackmanit/Web-Cache-Vulnerability-Scanner

Web Cache Vulnerability Scanner is a Go-based CLI tool for testing for web cache poisoning. It is developed by Hackmanit GmbH (http://hackmanit.de/).

bugbounty hacking hacking-tool penetration-testing penetration-testing-tools pentesting scanner security security-audit security-scanner security-tools vulnerability-scanners web-cache

Last synced: 01 Aug 2024

https://github.com/r0x4r/garud

An automation tool that scans sub-domains, sub-domain takeover, then filters out XSS, SSTI, SSRF, and more injection point parameters and scans for some low hanging vulnerabilities automatically.

assetfinder bash-script bugbounty bugbounty-tool bugbountytips garud gf-patterns golang penetration-testing penetration-testing-tools reconnaissance subdomain-takeover vulnerability vulnerability-scanner

Last synced: 01 Oct 2024

https://github.com/R0X4R/Garud

An automation tool that scans sub-domains, sub-domain takeover, then filters out XSS, SSTI, SSRF, and more injection point parameters and scans for some low hanging vulnerabilities automatically.

assetfinder bash-script bugbounty bugbounty-tool bugbountytips garud gf-patterns golang penetration-testing penetration-testing-tools reconnaissance subdomain-takeover vulnerability vulnerability-scanner

Last synced: 01 Aug 2024

https://github.com/jwt1399/Sec-Tools

🍉一款基于Python-Django的多功能Web安全渗透测试工具,包含漏洞扫描,端口扫描,指纹识别,目录扫描,旁站扫描,域名扫描等功能。

django penetration-testing-tools python3 scan-tool security-tools vulnerability-scanners

Last synced: 08 Aug 2024

https://github.com/hueristiq/hqurlfind3r

A command-line interface (CLI) based passive URLs discovery utility. It is designed to efficiently identify known URLs of given domains by tapping into a multitude of curated online passive sources.

bug-bounty bug-bounty-tools contentdiscovery ethical-hacking ethical-hacking-tools go golang osint osint-tools penetration-testing penetration-testing-tools reconnaissance red-teaming red-teaming-tools web-security

Last synced: 25 Aug 2024

https://github.com/hueristiq/xurlfind3r

A command-line interface (CLI) based passive URLs discovery utility. It is designed to efficiently identify known URLs of given domains by tapping into a multitude of curated online passive sources.

bug-bounty bug-bounty-tools contentdiscovery ethical-hacking ethical-hacking-tools go golang osint osint-tools penetration-testing penetration-testing-tools reconnaissance red-teaming red-teaming-tools web-security

Last synced: 01 Aug 2024

https://github.com/SofianeHamlaoui/Pentest-Notes

Collection of Pentest Notes and Cheatsheets from a lot of repos (SofianeHamlaoui,dostoevsky,mantvydasb,adon90,BriskSec)

cheatsheets offensive-security penetration-testing penetration-testing-tools pentesting security security-audit security-tools sofianehamlaoui

Last synced: 04 Aug 2024

https://github.com/cyberark/Evasor

A tool to be used in post exploitation phase for blue and red teams to bypass APPLICATIONCONTROL policies

bypass-applocker-policies full-automated penetration-testing-tools post-exploitation

Last synced: 04 Aug 2024

https://github.com/CervantesSec/cervantes

Cervantes is an open-source, collaborative platform designed specifically for pentesters and red teams. It serves as a comprehensive management tool, streamlining the organization of projects, clients, vulnerabilities, and reports in a single, centralized location.

audit burpsuite collaboration collaboration-platform collaborative cve hacking nessus nmap penetration-testing penetration-testing-tools pentesters pentesting red-team red-teaming report reporting security vulnerability vulnerability-management

Last synced: 04 Aug 2024

https://github.com/shadow-workers/shadow-workers

Shadow Workers is a free and open source C2 and proxy designed for penetration testers to help in the exploitation of XSS and malicious Service Workers (SW)

c2 penetration-testing-tools proxy service-worker xss-exploitation

Last synced: 01 Aug 2024

https://github.com/putsi/privatecollaborator

A script for installing private Burp Collaborator with free Let's Encrypt SSL-certificate

bugbounty burp burpsuite burpsuitepro collaborator penetration-testing penetration-testing-tools

Last synced: 03 Aug 2024

https://github.com/iomoath/SharpStrike

A Post exploitation tool written in C# uses either CIM or WMI to query remote systems.

cybersecurity penetration-testing penetration-testing-tools redteam-tools redteaming winrm wmi wsman

Last synced: 04 Aug 2024

https://github.com/Viralmaniar/XposedOrNot

XposedOrNot (XoN) tool is to search an aggregated repository of xposed passwords comprising of ~850 million real time passwords. Usage of such compromised passwords is detrimental to individual account security.

breach-compilation credentials-gathering intelligence-gathering osint osinttool password-breach password-leak penetration-testing-tools recon reconnaissance

Last synced: 04 Aug 2024

https://github.com/iomoath/SharpSpray

Active Directory password spraying tool. Auto fetches user list and avoids potential lockouts.

penetration-testing penetration-testing-tools

Last synced: 04 Aug 2024

https://github.com/kostas-pa/LFITester

LFITester is a Python3 program that automates the detection and exploitation of Local File Inclusion (LFI) vulnerabilities on a server.

bugbounty crawler cybersecurity enumeration exploitation fuzzing hacking lfi lfi-detection lfi-exploitation lfi-vulnerability penetration-testing penetration-testing-tools pentest-tool pentesting python web-hacking webhacking

Last synced: 04 Aug 2024

https://github.com/hueristiq/xcrawl3r

A command-line interface (CLI) based utility to recursively crawl webpages. It is designed to systematically browse webpages' URLs and follow links to discover linked webpages' URLs.

bug-bounty bug-bounty-tools contentdiscovery crawler ethical-hacking ethical-hacking-tools go golang penetration-testing penetration-testing-tools reconnaissance red-teaming red-teaming-tools web-security

Last synced: 02 Aug 2024

https://github.com/i5nipe/nipejs

Simplify your life with leak detection in JavaScript. NipeJS streamlines the use of regex, making it effortless to uncover potential leaks.

bug-bounty bugbounty bugbounty-tool infosec penetration-testing-tools pentesting

Last synced: 04 Aug 2024

https://github.com/himazawa/bento

Bento Toolkit is a minimal fedora-based container for penetration tests and CTF with the sweet addition of GUI applications.

ctf ctf-tools docker minimal penetration penetration-testing-tools security-vulnerability

Last synced: 04 Aug 2024

https://github.com/dotnetrussell/minerinthemiddle

This application was created as a POC for how to scan your local network traffic for HTTP requests and then inject various javascript cryptocurrency miners into the response payloads

bug-bounty bugbounty hacking hacking-tool info-sec information-security infosec infosectools injection miner monero penetration-testing penetration-testing-tools python red-team

Last synced: 26 Sep 2024

https://github.com/gnothiseautonlw/burp-shell-fwd-lfi

A Burp Suite plugin/extension that offers a shell in Burp. Both useful for OS Command injection and LFI exploration

burp-extensions burp-plugin burpsuite burpsuite-extender penetration-testing penetration-testing-tools pentesting security security-tools

Last synced: 04 Aug 2024

https://github.com/IngoKl/HTTPUploadExfil

A simple HTTP server for delivering and exfiltrating files/data during, for example, CTFs.

ctf ctf-tools golang http http-server oscp-tools penetration-testing-tools pentest-tool pentesting security-tools

Last synced: 04 Aug 2024

https://github.com/jonaslejon/lolcrawler

Headless web crawler for bugbounty and penetration-testing/redteaming

bugbounty crawler docker penetration-testing penetration-testing-tools redteam redteam-tools redteaming

Last synced: 04 Aug 2024

https://github.com/netlas-io/netlas-scripts

Several scripts are based on the Netlas.io search engine. They will allow you to carry out the reconnaissance phase before the pen test in a semi-automatic mode: collect all the domains and IP addresses associated with the target and save the responses received after contacting these hosts in HTML format. Over time, new scripts will appear here.

netlas osint penetration-testing-tools security-tools

Last synced: 01 Aug 2024

https://github.com/R0X4R/snetra

A Python based scanner uses shodan-internetdb to scan the IP.

bugbounty penetration-testing penetration-testing-tools python3 shodan

Last synced: 04 Aug 2024

https://github.com/ofasgard/ungoliant

A web reconnaissance tool that proxies its results through Burp or ZAP.

burpsuite penetration-testing penetration-testing-tools reconnaissance spider zed-attack-proxy

Last synced: 04 Aug 2024

https://github.com/mhmdiaa/acumen

A clean UI with a modular structure to enhance security researchers' ability to work with data

penetration-testing penetration-testing-tools pentesting recon security security-tools user-interface visualization web-application-security

Last synced: 04 Aug 2024