Trending repositories for topic penetration-testing-tools

✨ Fully autonomous AI Agents system capable of performing complex penetration testing tasks

Dude Suite Web Security Tools

Next generation web scanner

A curated list of penetration testing and ethical hacking tools, organized by category. This compilation includes tools from Kali Linux and other notable sources.

Vibe Coding? Cool story. But your vibe might be "security breach waiting to happen." Introducing VibePenTester, the AI pen-tester who rolls its eyes at your half-baked code, discovers your vulnerabili...

Web Cache Vulnerability Scanner is a Go-based CLI tool for testing for web cache poisoning. It is developed by Hackmanit GmbH (http://hackmanit.de/).

Automatic SSTI detection tool with interactive interface

Villain is a high level stage 0/1 C2 framework that can handle multiple reverse TCP & HoaxShell-based shells, enhance their functionality with additional features (commands, utilities) and share them ...

📦 Make security testing of K8s, Docker, and Containerd easier.

Wifi-crackerX is a tool for hacking a WPS/WPA/WPA2 Networks

CHOMTE.SH is a powerful shell script designed to automate reconnaissance tasks during penetration testing. It utilizes various Go-based tools to gather information and identify the attack surface, mak...

🍉一款基于Python-Django的多功能Web安全渗透测试工具，包含漏洞扫描，端口扫描，指纹识别，目录扫描，旁站扫描，域名扫描等功能。

一款适用于以HW行动/红队/渗透测试团队为场景的移动端(Android、iOS、WEB、H5、静态网站)信息收集扫描工具，可以帮助渗透测试工程师、攻击队成员、红队成员快速收集到移动端或者静态WEB站点中关键的资产信息并提供基本的信息输出,如：Title、Domain、CDN、指纹信息、状态信息等。

✨ Fully autonomous AI Agents system capable of performing complex penetration testing tasks

Vibe Coding? Cool story. But your vibe might be "security breach waiting to happen." Introducing VibePenTester, the AI pen-tester who rolls its eyes at your half-baked code, discovers your vulnerabili...

Wifi-crackerX is a tool for hacking a WPS/WPA/WPA2 Networks

Dude Suite Web Security Tools

CHOMTE.SH is a powerful shell script designed to automate reconnaissance tasks during penetration testing. It utilizes various Go-based tools to gather information and identify the attack surface, mak...

A curated list of penetration testing and ethical hacking tools, organized by category. This compilation includes tools from Kali Linux and other notable sources.

Web Cache Vulnerability Scanner is a Go-based CLI tool for testing for web cache poisoning. It is developed by Hackmanit GmbH (http://hackmanit.de/).

Automatic SSTI detection tool with interactive interface

🍉一款基于Python-Django的多功能Web安全渗透测试工具，包含漏洞扫描，端口扫描，指纹识别，目录扫描，旁站扫描，域名扫描等功能。

Next generation web scanner

Villain is a high level stage 0/1 C2 framework that can handle multiple reverse TCP & HoaxShell-based shells, enhance their functionality with additional features (commands, utilities) and share them ...

📦 Make security testing of K8s, Docker, and Containerd easier.

一款适用于以HW行动/红队/渗透测试团队为场景的移动端(Android、iOS、WEB、H5、静态网站)信息收集扫描工具，可以帮助渗透测试工程师、攻击队成员、红队成员快速收集到移动端或者静态WEB站点中关键的资产信息并提供基本的信息输出,如：Title、Domain、CDN、指纹信息、状态信息等。

Dude Suite Web Security Tools

✨ Fully autonomous AI Agents system capable of performing complex penetration testing tasks

A curated list of penetration testing and ethical hacking tools, organized by category. This compilation includes tools from Kali Linux and other notable sources.

📦 Make security testing of K8s, Docker, and Containerd easier.

Next generation web scanner

Automatic SSTI detection tool with interactive interface

Villain is a high level stage 0/1 C2 framework that can handle multiple reverse TCP & HoaxShell-based shells, enhance their functionality with additional features (commands, utilities) and share them ...

Vibe Coding? Cool story. But your vibe might be "security breach waiting to happen." Introducing VibePenTester, the AI pen-tester who rolls its eyes at your half-baked code, discovers your vulnerabili...

Pen Test Report Generation and Assessment Collaboration

Automating situational awareness for cloud penetration tests.

新一代Webshell管理器，兼容蚁剑与冰蝎的PHP webshell

🍉一款基于Python-Django的多功能Web安全渗透测试工具，包含漏洞扫描，端口扫描，指纹识别，目录扫描，旁站扫描，域名扫描等功能。

一款适用于以HW行动/红队/渗透测试团队为场景的移动端(Android、iOS、WEB、H5、静态网站)信息收集扫描工具，可以帮助渗透测试工程师、攻击队成员、红队成员快速收集到移动端或者静态WEB站点中关键的资产信息并提供基本的信息输出,如：Title、Domain、CDN、指纹信息、状态信息等。

Modlishka. Reverse Proxy.

Complete Roadmap for Penetration Testing

tomcat自动化漏洞扫描利用工具，支持批量弱口令检测、后台部署war包getshell、CVE-2017-12615 文件上传、CVE-2020-1938/CNVD-2020-10487 文件包含

Tools & Resources for Cyber Security Operations

A command-line utility designed to discover URLs for a given domain in a simple, efficient way. It works by gathering information from a variety of passive sources, meaning it doesn't interact directl...

Web Cache Vulnerability Scanner is a Go-based CLI tool for testing for web cache poisoning. It is developed by Hackmanit GmbH (http://hackmanit.de/).

SSH based reverse shell

Dude Suite Web Security Tools

✨ Fully autonomous AI Agents system capable of performing complex penetration testing tasks

Vibe Coding? Cool story. But your vibe might be "security breach waiting to happen." Introducing VibePenTester, the AI pen-tester who rolls its eyes at your half-baked code, discovers your vulnerabili...

A curated list of penetration testing and ethical hacking tools, organized by category. This compilation includes tools from Kali Linux and other notable sources.

Wifi-crackerX is a tool for hacking a WPS/WPA/WPA2 Networks

fsociety is a penetration toolkit inspired from MR. ROBOT

Pen Test Report Generation and Assessment Collaboration

Complete Roadmap for Penetration Testing

tomcat自动化漏洞扫描利用工具，支持批量弱口令检测、后台部署war包getshell、CVE-2017-12615 文件上传、CVE-2020-1938/CNVD-2020-10487 文件包含

Tools & Resources for Cyber Security Operations

CHOMTE.SH is a powerful shell script designed to automate reconnaissance tasks during penetration testing. It utilizes various Go-based tools to gather information and identify the attack surface, mak...

新一代Webshell管理器，兼容蚁剑与冰蝎的PHP webshell

Cervantes is an open-source, collaborative platform designed specifically for pentesters and red teams. It serves as a comprehensive management tool, streamlining the organization of projects, clients...

Automatic SSTI detection tool with interactive interface

🍉一款基于Python-Django的多功能Web安全渗透测试工具，包含漏洞扫描，端口扫描，指纹识别，目录扫描，旁站扫描，域名扫描等功能。

Generate tens of thousands of subdomain combinations in a matter of seconds

Hands-on ethical hacking projects for beginners, covering network scanning, web app testing, password cracking, honeypots, Wi-Fi auditing, phishing, and SQL injection.

A command-line utility designed to discover URLs for a given domain in a simple, efficient way. It works by gathering information from a variety of passive sources, meaning it doesn't interact directl...

Nimbo-C2 is yet another (simple and lightweight) C2 framework

Automating situational awareness for cloud penetration tests.

Vibe Coding? Cool story. But your vibe might be "security breach waiting to happen." Introducing VibePenTester, the AI pen-tester who rolls its eyes at your half-baked code, discovers your vulnerabili...

Dude Suite Web Security Tools

A curated list of penetration testing and ethical hacking tools, organized by category. This compilation includes tools from Kali Linux and other notable sources.

✨ Fully autonomous AI Agents system capable of performing complex penetration testing tasks

Physical penetration testing is a critical aspect of security assessment that involves simulating real-world attacks to evaluate the effectiveness of physical security controls.

Vibe Coding? Cool story. But your vibe might be "security breach waiting to happen." Introducing VibePenTester, the AI pen-tester who rolls its eyes at your half-baked code, discovers your vulnerabili...

Next generation web scanner

📦 Make security testing of K8s, Docker, and Containerd easier.

Pen Test Report Generation and Assessment Collaboration

Automatic SSTI detection tool with interactive interface

Villain is a high level stage 0/1 C2 framework that can handle multiple reverse TCP & HoaxShell-based shells, enhance their functionality with additional features (commands, utilities) and share them ...

Automating situational awareness for cloud penetration tests.

Modlishka. Reverse Proxy.

Hands-on ethical hacking projects for beginners, covering network scanning, web app testing, password cracking, honeypots, Wi-Fi auditing, phishing, and SQL injection.

新一代Webshell管理器，兼容蚁剑与冰蝎的PHP webshell

一款适用于以HW行动/红队/渗透测试团队为场景的移动端(Android、iOS、WEB、H5、静态网站)信息收集扫描工具，可以帮助渗透测试工程师、攻击队成员、红队成员快速收集到移动端或者静态WEB站点中关键的资产信息并提供基本的信息输出,如：Title、Domain、CDN、指纹信息、状态信息等。

tomcat自动化漏洞扫描利用工具，支持批量弱口令检测、后台部署war包getshell、CVE-2017-12615 文件上传、CVE-2020-1938/CNVD-2020-10487 文件包含

Spoofy is a program that checks if a list of domains can be spoofed based on SPF and DMARC records.

🍉一款基于Python-Django的多功能Web安全渗透测试工具，包含漏洞扫描，端口扫描，指纹识别，目录扫描，旁站扫描，域名扫描等功能。

Collection of cheat sheets useful for pentesting

SSH based reverse shell

Physical penetration testing is a critical aspect of security assessment that involves simulating real-world attacks to evaluate the effectiveness of physical security controls.

Vibe Coding? Cool story. But your vibe might be "security breach waiting to happen." Introducing VibePenTester, the AI pen-tester who rolls its eyes at your half-baked code, discovers your vulnerabili...

✨ Fully autonomous AI Agents system capable of performing complex penetration testing tasks

A curated list of penetration testing and ethical hacking tools, organized by category. This compilation includes tools from Kali Linux and other notable sources.

A curated collection of free or freemium web-based penetration testing and vulnerability analysis tools. These tools assist security professionals and enthusiasts in discovering, assessing, and managi...

Dude Suite Web Security Tools

Wifi-crackerX is a tool for hacking a WPS/WPA/WPA2 Networks

tomcat自动化漏洞扫描利用工具，支持批量弱口令检测、后台部署war包getshell、CVE-2017-12615 文件上传、CVE-2020-1938/CNVD-2020-10487 文件包含

Hands-on ethical hacking projects for beginners, covering network scanning, web app testing, password cracking, honeypots, Wi-Fi auditing, phishing, and SQL injection.

Pen Test Report Generation and Assessment Collaboration

A cheap "bad" USB using a Raspberry Pi Pico running on Lua.

INE/eLearnSecurity Web Application Penetration Tester (eWPTv2) Notes

fsociety is a penetration toolkit inspired from MR. ROBOT

Repo containing cracked red teaming tools.

Cross-Site Scripting (XSS) injects malicious scripts into trusted websites via user input. Attacker-sent scripts run in users' browsers, accessing sensitive data, cookies, and even altering HTML conte...

acunetix-13 install in kali linux

新一代Webshell管理器，兼容蚁剑与冰蝎的PHP webshell

Tools & Resources for Cyber Security Operations

Complete Roadmap for Penetration Testing

Collection of cheat sheets useful for pentesting

新一代Webshell管理器，兼容蚁剑与冰蝎的PHP webshell

A curated list of penetration testing and ethical hacking tools, organized by category. This compilation includes tools from Kali Linux and other notable sources.

Hands-on ethical hacking projects for beginners, covering network scanning, web app testing, password cracking, honeypots, Wi-Fi auditing, phishing, and SQL injection.

tomcat自动化漏洞扫描利用工具，支持批量弱口令检测、后台部署war包getshell、CVE-2017-12615 文件上传、CVE-2020-1938/CNVD-2020-10487 文件包含

✨ Fully autonomous AI Agents system capable of performing complex penetration testing tasks

INE/eLearnSecurity Web Application Penetration Tester (eWPTv2) Notes

A web assembly (WASM) phishing lure generator based on pre-built templates and written in Rust with some GenAI assistance. W.A.L.K. aims at aiding with initial access during red teams and phishing exe...

Physical penetration testing is a critical aspect of security assessment that involves simulating real-world attacks to evaluate the effectiveness of physical security controls.

Vibe Coding? Cool story. But your vibe might be "security breach waiting to happen." Introducing VibePenTester, the AI pen-tester who rolls its eyes at your half-baked code, discovers your vulnerabili...

Wifi-crackerX is a tool for hacking a WPS/WPA/WPA2 Networks

A curated collection of free or freemium web-based penetration testing and vulnerability analysis tools. These tools assist security professionals and enthusiasts in discovering, assessing, and managi...

Next generation web scanner

新一代Webshell管理器，兼容蚁剑与冰蝎的PHP webshell

📦 Make security testing of K8s, Docker, and Containerd easier.

一款适用于以HW行动/红队/渗透测试团队为场景的移动端(Android、iOS、WEB、H5、静态网站)信息收集扫描工具，可以帮助渗透测试工程师、攻击队成员、红队成员快速收集到移动端或者静态WEB站点中关键的资产信息并提供基本的信息输出,如：Title、Domain、CDN、指纹信息、状态信息等。

A curated list of penetration testing and ethical hacking tools, organized by category. This compilation includes tools from Kali Linux and other notable sources.

Villain is a high level stage 0/1 C2 framework that can handle multiple reverse TCP & HoaxShell-based shells, enhance their functionality with additional features (commands, utilities) and share them ...

Automatic SSTI detection tool with interactive interface

Dude Suite Web Security Tools

Modlishka. Reverse Proxy.

Automating situational awareness for cloud penetration tests.

Pentesting and Bug Bounty Notes, Cheetsheets and Guide for Ethical Hacker, Whitehat Pentesters and CTF Players.

Hands-on ethical hacking projects for beginners, covering network scanning, web app testing, password cracking, honeypots, Wi-Fi auditing, phishing, and SQL injection.

SSH based reverse shell

tomcat自动化漏洞扫描利用工具，支持批量弱口令检测、后台部署war包getshell、CVE-2017-12615 文件上传、CVE-2020-1938/CNVD-2020-10487 文件包含

Complete Roadmap for Penetration Testing

✨ Fully autonomous AI Agents system capable of performing complex penetration testing tasks

🍉一款基于Python-Django的多功能Web安全渗透测试工具，包含漏洞扫描，端口扫描，指纹识别，目录扫描，旁站扫描，域名扫描等功能。

Collection of cheat sheets useful for pentesting

Spoofy is a program that checks if a list of domains can be spoofed based on SPF and DMARC records.

Pen Test Report Generation and Assessment Collaboration

新一代Webshell管理器，兼容蚁剑与冰蝎的PHP webshell

Pentesting and Bug Bounty Notes, Cheetsheets and Guide for Ethical Hacker, Whitehat Pentesters and CTF Players.

Vibe Coding? Cool story. But your vibe might be "security breach waiting to happen." Introducing VibePenTester, the AI pen-tester who rolls its eyes at your half-baked code, discovers your vulnerabili...

A web assembly (WASM) phishing lure generator based on pre-built templates and written in Rust with some GenAI assistance. W.A.L.K. aims at aiding with initial access during red teams and phishing exe...

Repo containing cracked red teaming tools.

acunetix-13 install in kali linux

fsociety is a penetration toolkit inspired from MR. ROBOT

Cross-Site Scripting (XSS) injects malicious scripts into trusted websites via user input. Attacker-sent scripts run in users' browsers, accessing sensitive data, cookies, and even altering HTML conte...

Beacon Object File (BOF) launcher - library for executing BOF files in C/C++/Zig applications

Collection of cheat sheets useful for pentesting

Automatic SSTI detection tool with interactive interface

Bruteforce tool / cracker for MD5 hashes. Processing single hashes, lists and combolists (userid:md5hash).

Dude Suite Web Security Tools

A collection of awesome GitHub repositories for hackers, pentesters & security researchers. ADDING MORE REPOs SOON.

A tool designed to automate various techniques in order to bypass HTTP 401 and 403 response codes and gain access to unauthorized areas in the system. This code is made for security enthusiasts and pr...

An ongoing & curated collection of awesome software best practices and techniques, libraries and frameworks, E-books and videos, websites, blog posts, links to github Repositories, technical guideline...

Wayback Machine OSINT Framework

Pen Test Report Generation and Assessment Collaboration

The Internets #1 Subdomain Takeover Tool

An application that utilizes fast AF_XDP Linux sockets to generate and send network packets. Used for penetration testing including Denial of Service (DoS) and network monitoring. Made by @gamemann!