Penetration Testing

#vulnerability-assessment#web-security#wpvulndb

wpscanRuby

A free, open-source WordPress security scanner for professionals and site maintainers to test website vulnerabilities.

Stars9.5k

#ctf-tools#penetration-testing#tool-management

Last commit2 days ago

CTF ToolsShell

A collection of setup scripts to install and manage security research tools for CTFs and binary analysis.

Stars9.4k

Forks1.9k

Last commit1 month ago

Android SecurityMakefile

A comprehensive, curated collection of tools, research, and resources for Android application security analysis and reverse engineering.

#vulnerability-assessment#mobile-security#android

Stars9.4k

Forks1.5k

Last commit

android-security-awesomeMakefile

A comprehensive, curated collection of tools, research, and resources for Android application security analysis and penetration testing.

#vulnerability-assessment#mobile-security#android

A runtime mobile exploration toolkit powered by Frida for security assessment of iOS and Android apps without jailbreak.

#runtime-analysis#mobile-security#pentest

Stars9.0k

Forks969

Last commit12 days ago

pwnagotchiPython

An AI-powered WiFi security auditing tool that uses deep reinforcement learning to optimize capture of WPA handshakes.

#wifi-security#ai#wpa-psk

Stars9.0k

Forks1.2k

Last commit8 months ago

FuzzDBPHP

The most comprehensive open dictionary of attack patterns, predictable resource locations, and regex for black-box application security testing.

#resource-discovery#vulnerability-discovery#attack-patterns

Stars8.9k

Forks2.1k

#red-teaming#penetration-testing#agent-framework

empirePowerShell

A post-exploitation framework with PowerShell and Python agents for cryptographically secure communications and flexible modules.

Stars7.8k

Forks2.9k

Last commit6 years ago

PowerShellEmpirePowerShell

A post-exploitation framework with PowerShell and Python agents for security testing and red team operations.

#windows-exploitation#penetration-testing#linux-exploitation

A fast, simple, recursive content discovery tool written in Rust for forced browsing attacks.

#hacktoberfest#enumeration#pentest

Stars7.7k

Forks611

Last commit9 days ago

Awesome Shodan Search Queries

A curated collection of interesting, funny, and concerning search queries for Shodan.io to find exposed devices and services.

#iot#vulnerability-discovery#search-queries

Stars7.4k

Forks1.0k

#vulnerability-assessment#infection-monkey#malware-simulation

Infection MonkeyPython

An open-source adversary emulation platform that simulates malware attacks to test and improve network security defenses.

Stars7.0k

Forks817

Last commit11 months ago

CalderaPython

An automated cyber security platform for adversary emulation, red teaming, and incident response built on the MITRE ATT&CK framework.

#mitre#caldera#security-automation

Stars6.9k

#hacking-tools#vulnerability-assessment#vulnerabilities

Last commit3 days ago

Awesome Web Hacking

A curated list of resources for learning and practicing web application security, including tools, books, courses, and vulnerable labs.

Stars6.8k

#penetration-test#owasp#kali-linux

Last commit14 days ago

WhatWebRuby

A next-generation web scanner that identifies websites and their technologies using over 1800 plugins with configurable aggression levels.

Stars6.5k

Forks981

Last commit22 days ago

wfuzzPython

A modular web application fuzzer that replaces FUZZ keywords with payloads to test parameters, authentication, forms, and directories.

#python-tool#web-security#fuzzing

Stars6.5k

Forks1.4k

Last commit3 months ago

PoisonTapJavaScript

Exploits locked computers via USB to hijack internet traffic, steal browser cookies, and install persistent web backdoors using a Raspberry Pi Zero.

#raspberry-pi-zero#web-security#dns-rebinding

Stars6.5k

Forks980

Last commit7 years ago

Awesome bug bounty resources by EdOverflow

A community-curated collection of payloads, tools, and techniques for bug bounty hunters and security researchers.

#web-security#vulnerability-testing#infosec

Stars6.4k

Forks1.6k

#exploit-development#rop-gadgets#penetration-testing

PEDAPython

A Python extension for GDB that enhances exploit development with colorized displays, security checks, and specialized commands.

Stars6.1k

Forks828

#security-training#reference-guide#osint

Infosec_ReferenceCSS

A comprehensive, free information security reference covering techniques, tools, tactics, and resources for learning and professional development.

Stars5.9k

Forks1.2k

Last commit6 months ago

AQUATONEGo

A tool for visual inspection of websites across many hosts, providing an overview of HTTP-based attack surfaces.

#web-security#osint#report-generation

Stars5.9k

Forks910

Last commit3 years ago

CUPPPython

A Python tool for generating custom wordlists by profiling users to guess weak passwords during penetration tests.

#wordlist-generator#wordlist#dictionary-attack

Stars5.9k

Forks2.0k

Last commit3 months ago

PhoneSpolit-ProPython

A Python-based hacking tool for remotely exploiting Android devices via ADB and Metasploit to gain Meterpreter sessions.

#exploit#adb#adb-toolkit

Stars5.8k

Forks809

Last commit3 days ago

CommixPython

An automated penetration testing tool that detects and exploits command injection vulnerabilities in web applications.

#open-source#owasp#web-security

Stars5.7k

Forks926

Last commit9 days ago

Infosec

A curated list of awesome information security courses, training resources, and hands-on labs for cybersecurity professionals and students.

#security-training#pentest#web-security

Stars5.6k

Forks749

Last commit5 months ago

Recon-ngPython

A modular reconnaissance framework for conducting open source intelligence (OSINT) gathering from web-based sources.

#information-gathering#osint#security-automation

Stars5.5k

Forks857

#ptes#archlinux#penetration-testing

PTFPython

A Python framework to automate the installation and updating of penetration testing tools on Debian/Ubuntu/ArchLinux systems.

Stars5.5k

Mobile App Pentest Cheat Sheet

A comprehensive cheat sheet and tool collection for mobile application penetration testing, mapped to OWASP Mobile Top 10 risks.

#ios-app#vulnerability-assessment#runtime-analysis

Stars5.2k

#payload-list#web-security#xss

AwesomeXSSJavaScript

A curated collection of XSS resources including payloads, polyglots, bypass techniques, and tools for security researchers.

Stars5.1k

Forks779

#video-surveillance#network-scanner#dictionary-attack

CameradarGo

A penetration testing tool that discovers and accesses RTSP video surveillance cameras through network scanning and dictionary attacks.

Stars5.0k

Forks621

Last commit10 days ago

W3afPython

An open-source web application security scanner that identifies and exploits 200+ vulnerabilities for developers and penetration testers.

#sql-injection#web-security#cross-site-scripting

Stars4.9k

Forks1.2k

Last commit3 years ago

ResponderPython

A network poisoning tool that captures authentication credentials by spoofing LLMNR, NBT-NS, and mDNS responses.

#llmnr-poisoning#credential-capture#authentication-spoofing

Stars4.9k

Forks1.8k

Last commit5 years ago

DrozerPython

A security testing framework for Android that identifies vulnerabilities by interacting with apps, IPC endpoints, and the OS.

#vulnerability-assessment#mobile-security#android-framework

Stars4.5k

Forks833

Last commit16 days ago

P4wnP1Python

A highly customizable USB attack platform for penetration testing, based on a Raspberry Pi Zero.

#usb-attack#duckyscript#raspberry-pi-zero

Stars4.4k

Forks664

#cyber-skills#hacking-environments#training-platforms

Awesome Cyber Skills

A curated list of free, legal, and safe hacking environments for cybersecurity training and skill development.

Stars4.4k

Forks511