469 Open Source Pentest Software Projects
Free and open source pentest code projects including engines, APIs, generators, and tools.
Payloadsallthethings 33815 ⭐
A list of useful payloads and bypass for Web Application Security and Pentest/CTF
Hacker Roadmap 7990 ⭐
:pushpin: Penetration testing for beginners. A guide for amateur pentesters and a collection of hacking tools, resources and references to practice ethical hacking.
Resources For Beginner Bug Bounty Hunters 7285 ⭐
A list of resources for those interested in getting started in bug bounties
K8tools 4237 ⭐
K8工具合集(内网渗透/提权工具/远程溢出/漏洞利用/扫描工具/密码破解/免杀工具/Exploit/APT/0day/Shellcode/Payload/priviledge/BypassUAC/OverFlow/WebShell/PenTest) Web GetShell Exploit(Struts2/Zimbra/Weblogic/Tomcat/Apache/Jboss/DotNetNuke/zabbix)
Pentest Wiki 2690 ⭐
PENTEST-WIKI is a free online security knowledge library for pentesters / researchers. If you have a good idea, please share it with others.
Ladon 2978 ⭐
大型内网渗透扫描器&Cobalt Strike，Ladon8.9内置120个模块，包含信息收集/存活主机/端口扫描/服务识别/密码爆破/漏洞检测/漏洞利用。漏洞检测含MS17010/SMBGhost/Weblogic/ActiveMQ/Tomcat/Struts2，密码口令爆破(Mysql/Oracle/MSSQL)/FTP/SSH(Linux)/VNC/Windows(IPC/WMI/SMB/Netbios/LDAP/SmbHash/WmiHash/Winrm),远程执行命令(smbexec/wmiexe/psexec/atexec/sshexec/webshell),降权提权Runas、GetSystem，Poc/Exploit,支持Cobalt Strike 3.X-4.0
Oscprepo 1934 ⭐
A list of commands, scripts, resources, and more that I have gathered and attempted to consolidate for use as OSCP (and more) study material. Commands in 'Usefulcommands' Keepnote. Bookmarks and reading material in 'BookmarkList' CherryTree. Reconscan Py2 and Py3. Custom ISO building.
Owtf 1525 ⭐
Offensive Web Testing Framework (OWTF), is a framework which tries to unite great tools and make pen testing more efficient http://owtf.org https://twitter.com/owtfp
Vxscan 1413 ⭐
Pentest Guide 1673 ⭐
Penetration tests guide based on OWASP including test cases, resources and examples.
Cloudfail 1495 ⭐
Utilize misconfigured DNS and old database records to find hidden IP's behind the CloudFlare network
Dr0p1t Framework 1199 ⭐
A framework that create an advanced stealthy dropper that bypass most AVs and have a lot of tricks
Cloudflair 1330 ⭐
🔎 Find origin servers of websites behind CloudFlare by using Internet-wide scan data from Censys.
Cloakify 1242 ⭐
CloakifyFactory - Data Exfiltration & Infiltration In Plain Sight; Convert any filetype into list of everyday strings, using Text-Based Steganography; Evade DLP/MLS Devices, Defeat Data Whitelisting Controls, Social Engineering of Analysts, Evade AV Detection
Evilgrade 1157 ⭐
Evilgrade is a modular framework that allows the user to take advantage of poor upgrade implementations by injecting fake updates.
Vulnx 1365 ⭐
vulnx 🕷️ an intelligent Bot, Shell can achieve automatic injection, and help researchers detect security vulnerabilities CMS system. It can perform a quick CMS security detection, information collection (including sub-domain name, ip address, country information, organizational information and time zone, etc.) and vulnerability scanning.
Macro_pack 1432 ⭐
macro_pack is a tool by @EmericNasi used to automatize obfuscation and generation of Office documents, VB scripts, shortcuts, and other formats for pentest, demo, and social engineering assessments. The goal of macro_pack is to simplify exploitation, antimalware bypass, and automatize the process from malicious macro and script generation to final document generation. It also provides a lot of helpful features useful for redteam or security research.
Sudo_killer 1432 ⭐
A tool to identify and exploit sudo rules' misconfigurations and vulnerabilities within sudo for linux privilege escalation.
Spoilerwall 753 ⭐
Spoilerwall introduces a brand new concept in the field of network hardening. Avoid being scanned by spoiling movies on all your ports!
Dumpsterfire 826 ⭐
"Security Incidents In A Box!" A modular, menu-driven, cross-platform tool for building customized, time-delayed, distributed security events. Easily create custom event chains for Blue- & Red Team drills and sensor / alert mapping. Red Teams can create decoy incidents, distractions, and lures to support and scale their operations. Build event sequences ("narratives") to simulate realistic scenarios and generate corresponding network and filesystem artifacts.
Awesome Security Gists 762 ⭐
A collection of various GitHub gists for hackers, pentesters and security researchers
Chashell 861 ⭐
Chashell is a Go reverse shell that communicates over DNS. It can be used to bypass firewalls or tightly restricted networks.
Pwncat 1263 ⭐
pwncat - netcat on steroids with Firewall, IDS/IPS evasion, bind and reverse shell, self-injecting shell and port forwarding magic - and its fully scriptable with Python (PSE)
Sublert 794 ⭐
Sublert is a security and reconnaissance tool which leverages certificate transparency to automatically monitor new subdomains deployed by specific organizations and issued TLS/SSL certificate.
K8cscan 821 ⭐
K8Cscan大型内网渗透自定义插件化扫描神器，包含信息收集、网络资产、漏洞扫描、密码爆破、漏洞利用，程序采用多线程批量扫描大型内网多个IP段C段主机，目前插件包含: C段旁注扫描、子域名扫描、Ftp密码爆破、Mysql密码爆破、Oracle密码爆破、MSSQL密码爆破、Windows/Linux系统密码爆破、存活主机扫描、端口扫描、Web信息探测、操作系统版本探测、Cisco思科设备扫描等,支持调用任意外部程序或脚本，支持Cobalt Strike联动
Powerhub 477 ⭐
A post exploitation tool based on a web application, focusing on bypassing endpoint protection and application whitelisting
Ss7maper 424 ⭐
SS7 MAP (pen-)testing toolkit. DISCONTINUED REPO, please use: https://github.com/0xc0decafe/ss7MAPer/
Reconspider 1115 ⭐
🔎 Most Advanced Open Source Intelligence (OSINT) Framework for scanning IP Address, Emails, Websites, Organizations.
Awvs Decode 367 ⭐
The best and easiest way to decode and repack AWVS scripts. AWVS 最好、最简单、最新的解码/再打包方法，仅15行代码！
Graphqlmap 714 ⭐
GraphQLmap is a scripting engine to interact with a graphql endpoint for pentesting purposes.
Rhinosecuritylabs Ccat 374 ⭐
Cloud Container Attack Tool (CCAT) is a tool for testing security of container environments.
Cloudbunny 296 ⭐
CloudBunny is a tool to capture the real IP of the server that uses a WAF as a proxy or protection. In this tool we used three search engines to search domain information: Shodan, Censys and Zoomeye.
Awesome Windows Red Team 364 ⭐
A curated list of awesome Windows frameworks, libraries, software and resources for Red Teams