947 Open Source Pentesting Software Projects
Free and open source pentesting code projects including engines, APIs, generators, and tools.
Pentesting Bible 9072 ⭐
Learn ethical hacking.Learn about reconnaissance,windows/linux hacking,attacking web technologies,and pen testing wireless networks.Resources for learning malware analysis and reverse engineering.
Owasp Mstg 8423 ⭐
The Mobile Security Testing Guide (MSTG) is a comprehensive manual for mobile app security testing and reverse engineering. It describes the technical processes for verifying the controls listed in the OWASP Mobile Application Security Verification Standard (MASVS).
Pupy 6787 ⭐
Pupy is an opensource, cross-platform (Windows, Linux, OSX, Android) remote administration and post-exploitation tool mainly written in python
Red Teaming Toolkit 5686 ⭐
This repository contains cutting-edge open-source security tools (OST) for a red teamer and threat hunter.
Juice Shop 6366 ⭐
OWASP Juice Shop: Probably the most modern and sophisticated insecure web application
Infosec_reference 4182 ⭐
An Information Security Reference That Doesn't Suck; https://rmusser.net/git/admin-2/Infosec_Reference for non-MS Git hosted version.
Ciphey 9254 ⭐
⚡ Automatically decrypt encryptions without knowing the key or cipher, decode encodings, and crack hashes ⚡
Mobileapp Pentest Cheatsheet 3068 ⭐
The Mobile App Pentest cheat sheet was created to provide concise collection of high value information on specific mobile application penetration testing topics.
Raccoon 2337 ⭐
A high performance offensive security tool for reconnaissance and vulnerability scanning
Awesome Shodan Queries 2806 ⭐
🔍 A collection of interesting, funny, and depressing search queries to plug into shodan.io 👩💻
Wstg 3934 ⭐
The Web Security Testing Guide is a comprehensive Open Source guide to testing the security of web applications and web services.
Awesome Mobile Security 1852 ⭐
An effort to build a single place for all useful android and iOS security related stuff. All references and tools belong to their respective owners. I'm just maintaining it.
Deathstar 1342 ⭐
Uses Empire's (https://github.com/BC-SECURITY/Empire) RESTful API to automate gaining Domain and/or Enterprise Admin rights in Active Directory environments using some of the most common offensive TTPs.
Cloudfail 1489 ⭐
Utilize misconfigured DNS and old database records to find hidden IP's behind the CloudFlare network
Cloakify 1240 ⭐
CloakifyFactory - Data Exfiltration & Infiltration In Plain Sight; Convert any filetype into list of everyday strings, using Text-Based Steganography; Evade DLP/MLS Devices, Defeat Data Whitelisting Controls, Social Engineering of Analysts, Evade AV Detection
Numirias Security 846 ⭐
Some of my security stuff and vulnerabilities. Nothing advanced. More to come.
Sessiongopher 914 ⭐
SessionGopher is a PowerShell tool that uses WMI to extract saved session information for remote access tools such as WinSCP, PuTTY, SuperPuTTY, FileZilla, and Microsoft Remote Desktop. It can be run remotely or locally.
Spoilerwall 753 ⭐
Spoilerwall introduces a brand new concept in the field of network hardening. Avoid being scanned by spoiling movies on all your ports!
Dumpsterfire 825 ⭐
"Security Incidents In A Box!" A modular, menu-driven, cross-platform tool for building customized, time-delayed, distributed security events. Easily create custom event chains for Blue- & Red Team drills and sensor / alert mapping. Red Teams can create decoy incidents, distractions, and lures to support and scale their operations. Build event sequences ("narratives") to simulate realistic scenarios and generate corresponding network and filesystem artifacts.
Breaking And Pwning Apps And Servers Aws Azure Training 864 ⭐
Course content, lab setup instructions and documentation of our very popular Breaking and Pwning Apps and Servers on AWS and Azure hands on training!
Active Directory Exploitation Cheat Sheet 2565 ⭐
A cheat sheet that contains common enumeration and attack methods for Windows Active Directory.
Sprayingtoolkit 1027 ⭐
Scripts to make password spraying attacks against Lync/S4B, OWA & O365 a lot quicker, less painful and more efficient
Kubernetes Goat 1763 ⭐
Kubernetes Goat 🐐 is a "Vulnerable by Design" Kubernetes Cluster. Designed to be an intentionally vulnerable cluster environment to learn and practice Kubernetes security 🔐
Pwncat 1252 ⭐
pwncat - netcat on steroids with Firewall, IDS/IPS evasion, bind and reverse shell, self-injecting shell and port forwarding magic - and its fully scriptable with Python (PSE)
Sudomy 1165 ⭐
Sudomy is a subdomain enumeration tool to collect subdomains and analyzing domains performing automated reconnaissance (recon) for bug hunting / pentesting
Evillimiter 965 ⭐
Tool that monitors, analyzes and limits the bandwidth of devices on the local network without administrative access.
Powershell Rat 718 ⭐
Python based backdoor that uses Gmail to exfiltrate data through attachment. This RAT will help during red team engagements to backdoor any Windows machines. It tracks the user activity using screen capture and sends it to an attacker as an e-mail attachment.
Epsylon Xsser 707 ⭐
Cross Site "Scripter" (aka XSSer) is an automatic -framework- to detect, exploit and report XSS vulnerabilities in web-based applications.