Trending repositories for topic pentest-tool

The Network Execution Tool

Extract and decrypt browser data, supporting multiple data types, runnable on various operating systems (macOS, Windows, Linux).

An all-in-one hacking tool to remotely exploit Android devices using ADB and Metasploit-Framework to get a Meterpreter session.

Basic website cloner written in Python

An advanced, yet simple, tunneling/pivoting tool that uses a TUN interface.

Web path scanner

The most powerful CRLF injection (HTTP Response Splitting) scanner.

有关burpsuite的插件(非商店),文章以及使用技巧的收集(此项目不再提供burpsuite破解文件,如需要请在博客mrxn.net下载)---Collection of burpsuite plugins (non-stores), articles and tips for using Burpsuite, no crack version file

reconFTW is a tool designed to perform automated recon on a target domain by running the best set of tools to perform scanning and finding out vulnerabilities

👻Stowaway -- Multi-hop Proxy Tool for pentesters

A bash and powershell script to download the latest version of Burp-Suite Professional and use it for free.

Privilege Escalation Enumeration Script for Windows

httpx is a fast and multi-purpose HTTP toolkit that allows running multiple probes using the retryablehttp library.

hydra

基于ARL-V2.6.2修改后的版本

ffffffff0x 团队维护的安全知识框架,内容包括不仅限于 web安全、工控安全、取证、应急、蓝队设施部署、后渗透、Linux安全、各类靶机writup

OneForAll是一款功能强大的子域收集工具

A fast and minimal JS endpoint extractor

A runtime mobile application analysis toolkit with a Web GUI, powered by Frida, written in Python.

红蓝对抗以及护网相关工具和资料，内存shellcode（cs+msf）和内存马查杀工具

Basic website cloner written in Python

The most powerful CRLF injection (HTTP Response Splitting) scanner.

A bash and powershell script to download the latest version of Burp-Suite Professional and use it for free.

A fast and minimal JS endpoint extractor

基于ARL-V2.6.2修改后的版本

Improved SMTP Checker / SMTP Cracker with proxy-support, inbox test and many more features.

The Network Execution Tool

An online handy-recon tool

An advanced, yet simple, tunneling/pivoting tool that uses a TUN interface.

Set of tools to audit SIP based VoIP Systems

收集网上好用、实用的红蓝对抗武器。从资产扫描、泄漏扫描、信息收集、漏洞扫描、SRC批量挖掘、内网渗透、应急响应等等工具。 大部分我都用过、部分会写上自己的感想与建议，希望对你有帮助

Network Pivoting Toolkit

An all-in-one hacking tool to remotely exploit Android devices using ADB and Metasploit-Framework to get a Meterpreter session.

有关burpsuite的插件(非商店),文章以及使用技巧的收集(此项目不再提供burpsuite破解文件,如需要请在博客mrxn.net下载)---Collection of burpsuite plugins (non-stores), articles and tips for using Burpsuite, no crack version file

A tool for logging data/testing devices with a Wiegand Interface. Can be used to create a portable RFID reader or installed directly into an existing installation. Provides access to a web based inter...

👻Stowaway -- Multi-hop Proxy Tool for pentesters

RevSuit is a flexible and powerful reverse connection platform designed for receiving connection from target host in penetration.

Privilege Escalation Enumeration Script for Windows

A runtime mobile application analysis toolkit with a Web GUI, powered by Frida, written in Python.

Extract and decrypt browser data, supporting multiple data types, runnable on various operating systems (macOS, Windows, Linux).

The Network Execution Tool

An advanced, yet simple, tunneling/pivoting tool that uses a TUN interface.

reconFTW is a tool designed to perform automated recon on a target domain by running the best set of tools to perform scanning and finding out vulnerabilities

httpx is a fast and multi-purpose HTTP toolkit that allows running multiple probes using the retryablehttp library.

Extract and decrypt browser data, supporting multiple data types, runnable on various operating systems (macOS, Windows, Linux).

An all-in-one hacking tool to remotely exploit Android devices using ADB and Metasploit-Framework to get a Meterpreter session.

Web path scanner

Attack Surface Management Platform

OneForAll是一款功能强大的子域收集工具

👻Stowaway -- Multi-hop Proxy Tool for pentesters

hydra

Basic website cloner written in Python

A bash and powershell script to download the latest version of Burp-Suite Professional and use it for free.

The most powerful CRLF injection (HTTP Response Splitting) scanner.

有关burpsuite的插件(非商店),文章以及使用技巧的收集(此项目不再提供burpsuite破解文件,如需要请在博客mrxn.net下载)---Collection of burpsuite plugins (non-stores), articles and tips for using Burpsuite, no crack version file

基于ARL-V2.6.2修改后的版本

Vulmap 是一款 web 漏洞扫描和验证工具, 可对 webapps 进行漏洞扫描, 并且具备漏洞验证功能

渗透测试武器库

An online handy-recon tool

🔎 Find origin servers of websites behind CloudFlare by using Internet-wide scan data from Censys.

Basic website cloner written in Python

The Network Execution Tool

🚀 blazing-fast pentesting suite written in Go

A bash and powershell script to download the latest version of Burp-Suite Professional and use it for free.

渗透测试武器库

An online handy-recon tool

An ongoing & curated collection of awesome software best practices and techniques, libraries and frameworks, E-books and videos, websites, blog posts, links to github Repositories, technical guideline...

The most powerful CRLF injection (HTTP Response Splitting) scanner.

Tool set for Information security professionals and all others

基于ARL-V2.6.2修改后的版本

Improved SMTP Checker / SMTP Cracker with proxy-support, inbox test and many more features.

A fast and minimal JS endpoint extractor

An advanced, yet simple, tunneling/pivoting tool that uses a TUN interface.

A rapid HTTP downgrade smuggling scanner written in Go.

RevSuit is a flexible and powerful reverse connection platform designed for receiving connection from target host in penetration.

收集网上好用、实用的红蓝对抗武器。从资产扫描、泄漏扫描、信息收集、漏洞扫描、SRC批量挖掘、内网渗透、应急响应等等工具。 大部分我都用过、部分会写上自己的感想与建议，希望对你有帮助

Set of tools to audit SIP based VoIP Systems

👻Stowaway -- Multi-hop Proxy Tool for pentesters

The unix-way web crawler

:key: Hash type identifier (CLI & lib)

The Network Execution Tool

Web path scanner

Extract and decrypt browser data, supporting multiple data types, runnable on various operating systems (macOS, Windows, Linux).

httpx is a fast and multi-purpose HTTP toolkit that allows running multiple probes using the retryablehttp library.

An all-in-one hacking tool to remotely exploit Android devices using ADB and Metasploit-Framework to get a Meterpreter session.

OneForAll是一款功能强大的子域收集工具

hydra

An advanced, yet simple, tunneling/pivoting tool that uses a TUN interface.

reconFTW is a tool designed to perform automated recon on a target domain by running the best set of tools to perform scanning and finding out vulnerabilities

基于ARL-V2.6.2修改后的版本

Attack Surface Management Platform

Official repository vuls Scan: 15000+PoCs; 23 kinds of application password crack; 7000+Web fingerprints; 146 protocols and 90000+ rules Port scanning; Fuzz, HW, awesome BugBounty( ͡° ͜ʖ ͡°)...

有关burpsuite的插件(非商店),文章以及使用技巧的收集(此项目不再提供burpsuite破解文件,如需要请在博客mrxn.net下载)---Collection of burpsuite plugins (non-stores), articles and tips for using Burpsuite, no crack version file

ffffffff0x 团队维护的安全知识框架,内容包括不仅限于 web安全、工控安全、取证、应急、蓝队设施部署、后渗透、Linux安全、各类靶机writup

Privilege Escalation Enumeration Script for Windows

A Workflow Engine for Offensive Security

红蓝对抗以及护网相关工具和资料，内存shellcode（cs+msf）和内存马查杀工具

👻Stowaway -- Multi-hop Proxy Tool for pentesters

CrimeFlare is a useful tool for bypassing websites protected by CloudFlare WAF, with this tool you can easily see the real IP of websites that have been protected by CloudFlare. The resulting informat...

For basic researches, top 25 vulnerability parameters that can be used in automation tools or manual recon. 🛡️⚔️🧙

Official Kali Linux tool to check all urls of a domain for SQL injections :)

Basic website cloner written in Python

SecretScraper is a web scraper that crawl through target websites, scrape from http response and extract secret information via regular expression.

基于ARL-V2.6.2修改后的版本

🚀 blazing-fast pentesting suite written in Go

📦 1000+ Statically Linked Binaries & Build Scripts for Android (arm64-v8a), Linux (aarch64 | x86-64), Windows (AMD64) :: https://bin.ajam.dev

The Network Execution Tool

Repo containing cracked red teaming tools.

Supernova 的中文版和扩展了一些加密方式（ROT, XOR, RC4, AES, CHACHA20, B64XOR, B64RC4, B64AES, B64CHACHA20）

Apache Tomcat exploit and Pentesting guide for penetration tester

A bash and powershell script to download the latest version of Burp-Suite Professional and use it for free.

Tool set for Information security professionals and all others

Azure Service Subdomain Enumeration

Sniffcon has a wide list of powerful online bug bounty tools which can be used to find security vulnerabilities.

SMTP user enumeration via VRFY, EXPN and RCPT with clever timeout, retry and reconnect functionality.

An ongoing & curated collection of awesome software best practices and techniques, libraries and frameworks, E-books and videos, websites, blog posts, links to github Repositories, technical guideline...

SBSCAN是一款专注于spring框架的渗透测试工具，可以对指定站点进行springboot未授权扫描/敏感信息扫描以及进行spring框架漏洞扫描与验证的综合利用工具。 [SBSCAN is a penetration testing tool focused on the spring framework that can scan springboot sensitive inf...

An advanced, yet simple, tunneling/pivoting tool that uses a TUN interface.

A rapid HTTP downgrade smuggling scanner written in Go.

收集网上好用、实用的红蓝对抗武器。从资产扫描、泄漏扫描、信息收集、漏洞扫描、SRC批量挖掘、内网渗透、应急响应等等工具。 大部分我都用过、部分会写上自己的感想与建议，希望对你有帮助

The Network Execution Tool

一款支持多人协作的渗透测试图形化框架、支持lua插件扩展、域前置/CDN上线、自定义多个模块、自定义shellcode、文件管理、进程管理、内存加载、反向代理等功能

SBSCAN是一款专注于spring框架的渗透测试工具，可以对指定站点进行springboot未授权扫描/敏感信息扫描以及进行spring框架漏洞扫描与验证的综合利用工具。 [SBSCAN is a penetration testing tool focused on the spring framework that can scan springboot sensitive inf...

impacket-gui

Amnesiac is a post-exploitation framework entirely written in PowerShell and designed to assist with lateral movement within Active Directory environments

A rapid HTTP downgrade smuggling scanner written in Go.

Osint tool for track ip adress

Deluder is a tool for intercepting traffic of proxy unaware applications. Currently, Deluder supports OpenSSL, GnuTLS, SChannel, WinSock and Linux Sockets out of the box. ⚡

内网探测工具(Internal network detection tool that not contain any exploit code)

Official Kali Linux tool to check all urls of a domain for SQL injections :)

📦 1000+ Statically Linked Binaries & Build Scripts for Android (arm64-v8a), Linux (aarch64 | x86-64), Windows (AMD64) :: https://bin.ajam.dev

Supernova 的中文版和扩展了一些加密方式（ROT, XOR, RC4, AES, CHACHA20, B64XOR, B64RC4, B64AES, B64CHACHA20）

🚀 blazing-fast pentesting suite written in Go

Azure Service Subdomain Enumeration

A small script to resolve domains to Azure AD tenants (and OAuth login portals)

SecretScraper is a web scraper that crawl through target websites, scrape from http response and extract secret information via regular expression.

Cosmos Market Apps Build By TinyActive

Remote Template Injection Toolkit

The Network Execution Tool

Extract and decrypt browser data, supporting multiple data types, runnable on various operating systems (macOS, Windows, Linux).

httpx is a fast and multi-purpose HTTP toolkit that allows running multiple probes using the retryablehttp library.

Official repository vuls Scan: 15000+PoCs; 23 kinds of application password crack; 7000+Web fingerprints; 146 protocols and 90000+ rules Port scanning; Fuzz, HW, awesome BugBounty( ͡° ͜ʖ ͡°)...

Web path scanner

An advanced, yet simple, tunneling/pivoting tool that uses a TUN interface.

hydra

An all-in-one hacking tool to remotely exploit Android devices using ADB and Metasploit-Framework to get a Meterpreter session.

OneForAll是一款功能强大的子域收集工具

Attack Surface Management Platform

reconFTW is a tool designed to perform automated recon on a target domain by running the best set of tools to perform scanning and finding out vulnerabilities

一款支持多人协作的渗透测试图形化框架、支持lua插件扩展、域前置/CDN上线、自定义多个模块、自定义shellcode、文件管理、进程管理、内存加载、反向代理等功能

ffffffff0x 团队维护的安全知识框架,内容包括不仅限于 web安全、工控安全、取证、应急、蓝队设施部署、后渗透、Linux安全、各类靶机writup

CrimeFlare is a useful tool for bypassing websites protected by CloudFlare WAF, with this tool you can easily see the real IP of websites that have been protected by CloudFlare. The resulting informat...

A Workflow Engine for Offensive Security

Privilege Escalation Enumeration Script for Windows

有关burpsuite的插件(非商店),文章以及使用技巧的收集(此项目不再提供burpsuite破解文件,如需要请在博客mrxn.net下载)---Collection of burpsuite plugins (non-stores), articles and tips for using Burpsuite, no crack version file

🔎 Find origin servers of websites behind CloudFlare by using Internet-wide scan data from Censys.

红蓝对抗以及护网相关工具和资料，内存shellcode（cs+msf）和内存马查杀工具

linWinPwn is a bash script that streamlines the use of a number of Active Directory tools

The Network Execution Tool

A bash and powershell script to download the latest version of Burp-Suite Professional and use it for free.

A modular exploitation framework extensible with Lua

内网探测工具(Internal network detection tool that not contain any exploit code)

一款支持多人协作的渗透测试图形化框架、支持lua插件扩展、域前置/CDN上线、自定义多个模块、自定义shellcode、文件管理、进程管理、内存加载、反向代理等功能

Azure Service Subdomain Enumeration

Simple WebSocket fuzzer

A small script to resolve domains to Azure AD tenants (and OAuth login portals)

its like a tricorder, for your wireless world.

SecretScraper is a web scraper that crawl through target websites, scrape from http response and extract secret information via regular expression.

Minimal web server enumeration & attack surface detection tool based on results of nmap.

Basic website cloner written in Python

Webshell Manager Tool/一句話木馬管理工具/Trojan/Backdoor/Pentest

An advanced, yet simple, tunneling/pivoting tool that uses a TUN interface.

Afuzz is an automated web path fuzzing tool for the Bug Bounty projects.

An application that utilizes fast AF_XDP Linux sockets to generate and send network packets. Used for penetration testing including Denial of Service (DoS) and network monitoring.

常见的未授权漏洞检测

The great Microsoft exchange hack: A penetration tester’s guide (exchange penetration testing)

😹 Tomcter is a python tool developed to bruteforce Apache Tomcat manager login with default credentials.

Apache Tomcat exploit and Pentesting guide for penetration tester