Penetration Testing

#vulnerability-assessment#web-security#wpvulndb

wpscanRuby

A free, open-source WordPress security scanner for professionals and site maintainers to test website vulnerabilities.

Stars9.6k

android-security-awesomeMakefile

Last commit4 days ago

A comprehensive, curated collection of tools, research, and resources for Android application security analysis and penetration testing.

#vulnerability-assessment#mobile-security#android

Stars9.5k

Forks1.6k

Last commit

Android SecurityMakefile

A comprehensive, curated collection of tools, research, and resources for Android application security analysis and reverse engineering.

#vulnerability-assessment#mobile-security#android

A collection of setup scripts to install and manage security research tools for CTFs and binary analysis.

#ctf-tools#penetration-testing#tool-management

Stars9.4k

Forks1.9k

Last commit17 days ago

ObjectionPython

A runtime mobile exploration toolkit powered by Frida for security assessment of iOS and Android apps without jailbreak.

#runtime-analysis#mobile-security#pentest

Stars9.2k

Forks980

Last commit6 days ago

pwnagotchiPython

An AI-powered WiFi security auditing tool that uses deep reinforcement learning to optimize capture of WPA handshakes.

#wifi-security#ai#wpa-psk

Stars9.1k

Forks1.2k

Last commit9 months ago

FuzzDBPHP

The most comprehensive open dictionary of attack patterns, predictable resource locations, and regex for black-box application security testing.

#resource-discovery#vulnerability-discovery#attack-patterns

Stars8.9k

Forks2.1k

#red-teaming#penetration-testing#agent-framework

empirePowerShell

A post-exploitation framework with PowerShell and Python agents for cryptographically secure communications and flexible modules.

Stars7.8k

Forks2.9k

Last commit6 years ago

PowerShellEmpirePowerShell

A post-exploitation framework with PowerShell and Python agents for security testing and red team operations.

#windows-exploitation#penetration-testing#linux-exploitation

A fast, simple, recursive content discovery tool written in Rust for forced browsing attacks.

#hacktoberfest#enumeration#pentest

Stars7.8k

Forks616

Last commit1 month ago

Awesome Shodan Search Queries

A curated collection of interesting, funny, and concerning search queries for Shodan.io to find exposed devices and services.

#iot#vulnerability-discovery#search-queries

Stars7.5k

Forks1.0k

#mitre#caldera#security-automation

CalderaPython

An automated cyber security platform for adversary emulation, red teaming, and incident response built on the MITRE ATT&CK framework.

Stars7.0k

#vulnerability-assessment#infection-monkey#malware-simulation

Last commit5 days ago

Infection MonkeyPython

An open-source adversary emulation platform that simulates malware attacks to test and improve network security defenses.

Stars7.0k

Forks820

#hacking-tools#vulnerability-assessment#vulnerabilities

Awesome Web Hacking

A curated list of resources for learning and practicing web application security, including tools, books, courses, and vulnerable labs.

Stars6.9k

#penetration-test#owasp#kali-linux

Last commit8 days ago

WhatWebRuby

A next-generation web scanner that identifies websites and their technologies using over 1800 plugins with configurable aggression levels.

Stars6.6k

Forks992

Last commit2 months ago

wfuzzPython

A modular web application fuzzer that replaces FUZZ keywords with payloads to test parameters, authentication, forms, and directories.

#python-tool#web-security#fuzzing

Stars6.5k

Forks1.4k

Last commit4 months ago

Awesome bug bounty resources by EdOverflow

A community-curated collection of payloads, tools, and techniques for bug bounty hunters and security researchers.

#web-security#vulnerability-testing#infosec

Stars6.5k

Forks1.6k

#raspberry-pi-zero#web-security#dns-rebinding

PoisonTapJavaScript

Exploits locked computers via USB to hijack internet traffic, steal browser cookies, and install persistent web backdoors using a Raspberry Pi Zero.

Stars6.5k

Forks980

Last commit7 years ago

PEDAPython

A Python extension for GDB that enhances exploit development with colorized displays, security checks, and specialized commands.

#exploit-development#rop-gadgets#penetration-testing

Stars6.1k

Forks832

#security-training#reference-guide#osint

Infosec_ReferenceCSS

A comprehensive, free information security reference covering techniques, tools, tactics, and resources for learning and professional development.

Stars6.0k

Forks1.2k

Last commit7 months ago

CUPPPython

A Python tool for generating custom wordlists by profiling users to guess weak passwords during penetration tests.

#wordlist-generator#wordlist#dictionary-attack

Stars5.9k

Forks2.0k

Last commit5 months ago

AQUATONEGo

A tool for visual inspection of websites across many hosts, providing an overview of HTTP-based attack surfaces.

#web-security#osint#report-generation

Stars5.9k

Forks904

Last commit4 years ago

PhoneSpolit-ProPython

A Python-based hacking tool for remotely exploiting Android devices via ADB and Metasploit to gain Meterpreter sessions.

#exploit#adb#adb-toolkit

Stars5.9k

Forks831

Last commit8 days ago

CommixPython

An automated penetration testing tool that detects and exploits command injection vulnerabilities in web applications.

#open-source#owasp#web-security

Stars5.8k

Forks932

Last commit2 days ago

Infosec

A curated list of awesome information security courses, training resources, and hands-on labs for cybersecurity professionals and students.

#security-training#pentest#web-security

Stars5.7k

Forks747

Last commit6 months ago

Recon-ngPython

A modular reconnaissance framework for conducting open source intelligence (OSINT) gathering from web-based sources.

#information-gathering#osint#security-automation

Stars5.7k

Forks879

#ptes#archlinux#penetration-testing

PTFPython

A Python framework to automate the installation and updating of penetration testing tools on Debian/Ubuntu/ArchLinux systems.

Stars5.5k

Mobile App Pentest Cheat Sheet

A comprehensive cheat sheet and tool collection for mobile application penetration testing, mapped to OWASP Mobile Top 10 risks.

#ios-app#vulnerability-assessment#runtime-analysis

Stars5.2k

#payload-list#web-security#xss

AwesomeXSSJavaScript

A curated collection of XSS resources including payloads, polyglots, bypass techniques, and tools for security researchers.

Stars5.1k

Forks780

#video-surveillance#network-scanner#dictionary-attack

CameradarGo

A penetration testing tool that discovers and accesses RTSP video surveillance cameras through network scanning and dictionary attacks.

Stars5.1k

Forks620

Last commit5 days ago

ResponderPython

A network poisoning tool that captures authentication credentials by spoofing LLMNR, NBT-NS, and mDNS responses.

#llmnr-poisoning#credential-capture#authentication-spoofing

Stars4.9k

Forks1.8k

Last commit6 years ago

W3afPython

An open-source web application security scanner that identifies and exploits 200+ vulnerabilities for developers and penetration testers.

#sql-injection#web-security#cross-site-scripting

Stars4.9k

Forks1.2k

Last commit3 years ago

DrozerPython

A security testing framework for Android that identifies vulnerabilities by interacting with apps, IPC endpoints, and the OS.

#vulnerability-assessment#mobile-security#android-framework

Stars4.5k

Forks837

Last commit2 months ago

Awesome Cyber Skills

A curated list of free, legal, and safe hacking environments for cybersecurity training and skill development.

#cyber-skills#hacking-environments#training-platforms

Stars4.5k

Forks519

#endpoints#web-security#javascript-analysis

LinkFinderPython

A Python script that discovers endpoints and their parameters in JavaScript files for penetration testing and bug hunting.

Stars4.4k

Forks655