pentesting-tools
There are 738 repositories under pentesting-tools topic.
1N3/Sn1per
Attack Surface Management Platform
We5ter/Scanners-Box
A powerful and open-source toolkit for hackers and security automation - 安全行业从业者自研开源扫描器合辑
urbanadventurer/WhatWeb
Next generation web scanner
OWASP/Nettacker
Automated Penetration Testing Framework - Open-Source Vulnerability Scanner - Vulnerability Management
0x4m4/hexstrike-ai
HexStrike AI MCP Agents is an advanced MCP server that lets AI agents (Claude, GPT, Copilot, etc.) autonomously run 150+ cybersecurity tools for automated pentesting, vulnerability discovery, bug bounty automation, and security research. Seamlessly bridge LLMs with real-world offensive security capabilities.
jonaslejon/malicious-pdf
💀 Generate a bunch of malicious pdf files with phone-home functionality. Can be used with Burp Collaborator or Interact.sh
t3l3machus/hoaxshell
A Windows reverse shell payload generator and handler that abuses the http(s) protocol to establish a beacon-like reverse shell.
arch3rPro/Pentest-Windows
⚔️Windows11 Penetration Suite Toolkit 🔰 The First Windows Penetration Testing Environment on Mac M Chips
thewhiteh4t/FinalRecon
All In One Web Recon
spyboy-productions/CloakQuest3r
Uncover the true IP address of websites safeguarded by Cloudflare & Others
0xlane/wechat-dump-rs
该工具用于导出正在运行中的微信进程的 key 并自动解密所有微信数据库文件以及导出 key 后数据库文件离线解密。
harsh-bothra/learn365
This repository is about @harshbothra_'s 365 days of Learning Tweets & Mindmaps collection.
WangYihang/Platypus
:hammer: A modern multiple reverse shell sessions manager written in go
SofianeHamlaoui/Lockdoor-Framework
🔐 Lockdoor Framework : A Penetration Testing framework with Cyber Security Resources
t3l3machus/toxssin
An XSS exploitation command-line interface and payload generator.
vladko312/SSTImap
Automatic SSTI detection tool with interactive interface
BishopFox/eyeballer
Convolutional neural network for analyzing pentest screenshots
MrTuxx/SocialPwned
SocialPwned is an OSINT tool that allows to get the emails, from a target, published in social networks such as Instagram, Linkedin and Twitter to find possible credentials leaks in PwnDB or Dehashed and obtain Google account information via GHunt.
taielab/awesome-hacking-lists
A curated collection of top-tier penetration testing tools and productivity utilities across multiple domains. Join us to explore, contribute, and enhance your hacking toolkit!
noobpk/frida-ios-hook
A tool that helps you easy trace classes, functions, and modify the return values of methods on iOS platform
ForbiddenProgrammer/conti-pentester-guide-leak
Leaked pentesting manuals given to Conti ransomware crooks
wddadk/Offensive-OSINT-Tools
OffSec OSINT Pentest/RedTeam Tools
bitquark/shortscan
An IIS short filename enumeration tool
SaadAhla/FilelessPELoader
Loading Remote AES Encrypted PE in memory , Decrypted it and run it
0xZDH/o365spray
Username enumeration and password spraying tool aimed at Microsoft O365.
arget13/DDexec
A technique to run binaries filelessly and stealthily on Linux by "overwriting" the shell's process with another.
Syslifters/OffSec-Reporting
Offensive Security OSCP+, OSEP, OSWP, OSWA, OSWE, OSED, OSMR, OSEE, OSDA, OSIR, OSTH Exam and Lab Reporting / Note-Taking Tool
Cyber-Buddy/APKHunt
APKHunt is a comprehensive static code analysis tool for Android apps that is based on the OWASP MASVS framework. Although APKHunt is intended primarily for mobile app developers and security testers, it can be used by anyone to identify and address potential security vulnerabilities in their code.
sinfulz/JustTryHarder
JustTryHarder, a cheat sheet which will aid you through the PWK course & the OSCP Exam. (Inspired by PayloadAllTheThings)
EONRaider/Packet-Sniffer
A Network Packet Sniffing tool developed in Python 3.
aaaguirrep/offensive-docker
Offensive Docker is an image with the more used offensive tools to create an environment easily and quickly to launch assessment to the targets.
Ranginang67/Firecrack
:fire: Firecrack pentest tools: Facebook hacking random attack, deface, admin finder, bing dorking:
flashnuke/wifi-deauth
A deauth attack that disconnects all devices from the target wifi network (2.4Ghz & 5Ghz)
enomothem/Whoamifuck
用于Linux应急响应,快速排查异常用户登录情况和入侵信息排查,准确定位溯源时间线,高效辅助还原攻击链。
ricardojoserf/wifi-pentesting-guide
WiFi Penetration Testing Guide
momenbasel/keyFinder
Keyfinder🔑 is a tool that let you find keys while surfing the web!