pentesting
There are 4219 repositories under pentesting topic.
sherlock-project/sherlock
Hunt down social media accounts by username across social networks
sqlmapproject/sqlmap
Automatic SQL injection and database takeover tool
bee-san/Ciphey
β‘ Automatically decrypt encryptions without knowing the key or cipher, decode encodings, and crack hashes β‘
bee-san/RustScan
π€ The Modern Port Scanner π€
smicallef/spiderfoot
SpiderFoot automates OSINT for threat intelligence and mapping your attack surface.
sundowndev/hacker-roadmap
A collection of hacking tools, resources and references to practice ethical hacking.
ffuf/ffuf
Fast web fuzzer written in Go
maurosoria/dirsearch
Web path scanner
qeeqbox/social-analyzer
API, CLI, and Web App for analyzing and finding a person's profile in 1000 social media \ websites
OWASP/owasp-mastg
The Mobile Application Security Testing Guide (MASTG) is a comprehensive manual for mobile app security testing and reverse engineering. It describes the technical processes for verifying the controls listed in the OWASP Mobile Application Security Verification Standard (MASVS).
OJ/gobuster
Directory/File, DNS and VHost busting tool written in Go
juice-shop/juice-shop
OWASP Juice Shop: Probably the most modern and sophisticated insecure web application
HackTricks-wiki/hacktricks
Welcome to the page where you will find each trick/technique/whatever I have learnt in CTFs, real life apps, and reading researches and news.
infosecn1nja/Red-Teaming-Toolkit
This repository contains cutting-edge open-source security tools (OST) for a red teamer and threat hunter.
byt3bl33d3r/CrackMapExec
A swiss army knife for pentesting networks
n1nj4sec/pupy
Pupy is an opensource, cross-platform (Windows, Linux, OSX, Android) C2 and post-exploitation framework written in python and C
1N3/Sn1per
Attack Surface Management Platform
blacklanternsecurity/bbot
The recursive internet scanner for hackers. π§‘
yogeshojha/rengine
reNgine is an automated reconnaissance framework for web applications with a focus on highly configurable streamlined recon process via Engines, recon data correlation and organization, continuous monitoring, backed by a database, and simple yet intuitive User Interface. reNgine makes it easy for penetration testers to gather reconnaissance with minimal configuration and with the help of reNgine's correlation, it just makes recon effortless.
OWASP/wstg
The Web Security Testing Guide is a comprehensive Open Source guide to testing the security of web applications and web services.
TheKingOfDuck/fuzzDicts
You Know, For WEB Fuzzing ! ζ₯η«η¨ηεε Έγ
trickest/cve
Gather and update all available and newest CVEs with their PoC.
v1s1t0r1sh3r3/airgeddon
This is a multi-use bash script for Linux systems to audit wireless networks.
dstotijn/hetty
An HTTP toolkit for security research.
jakejarvis/awesome-shodan-queries
π A collection of interesting, funny, and depressing search queries to plug into shodan.io π©βπ»
six2dez/reconftw
reconFTW is a tool designed to perform automated recon on a target domain by running the best set of tools to perform scanning and finding out vulnerabilities
infoslack/awesome-web-hacking
A list of web application security
ihebski/DefaultCreds-cheat-sheet
One place for all the default credentials to assist the Blue/Red teamers identifying devices with default password π‘οΈ
promptfoo/promptfoo
Test your prompts, agents, and RAGs. Red teaming, pentesting, and vulnerability scanning for LLMs. Compare performance of GPT, Claude, Gemini, Llama, and more. Simple declarative configs with command line and CI/CD integration.
S1ckB0y1337/Active-Directory-Exploitation-Cheat-Sheet
A cheat sheet that contains common enumeration and attack methods for Windows Active Directory.
urbanadventurer/WhatWeb
Next generation web scanner
rmusser01/Infosec_Reference
An Information Security Reference That Doesn't Suck; https://rmusser.net/git/admin-2/Infosec_Reference for non-MS Git hosted version.
RogueMaster/flipperzero-firmware-wPlugins
RogueMaster Flipper Zero Firmware
j3ssie/osmedeus
A Workflow Engine for Offensive Security
androguard/androguard
Reverse engineering and pentesting for Android applications