Penetration Testing
Showing 36 of 288 projects
A fast, multi-protocol credential brute-forcer that parses Nmap, Nessus, and Nexpose output to test credentials across 30+ services.
The OWASP Mobile Application Security Verification Standard (MASVS) is the industry standard for mobile app security.
A Linux Kernel Module (LKM) rootkit for hiding processes, granting root privileges, and making files invisible.
A network OSINT tool that automates subdomain enumeration, service fingerprinting, and data collection via Shodan and ViewDNS APIs.
A web-based toolkit for XSS (Cross-Site Scripting) testing, encoding/decoding, and payload generation.
A deprecated collection of PowerShell tools for offensive security operations and penetration testing.
A dynamic network analysis tool that intercepts and simulates network services for malware analysis and penetration testing.
An open-source, lightweight TCP/UDP tunneling solution with connection pooling and multi-protocol support for bypassing network restrictions.
A Python tool that scans HTTP servers for publicly accessible secret files and security vulnerabilities like git repos and backup files.
A collection of notes, scripts, and techniques for exploiting vulnerabilities and attacking Jenkins servers.
A reconnaissance tool that gathers information about targets using APIs without direct contact.
A vulnerable Node.js web application designed to teach how to identify and fix OWASP Top 10 security vulnerabilities.
A graphical tool for custom wordlist generation using human password paradigms, with output for Hashcat and John the Ripper.
A Burp Suite extension that bridges to Frida, enabling dynamic analysis and manipulation of mobile app traffic using the app's own code.
A curated list of awesome guides, tools, and resources related to lockpicking, physical security, and locksport.
A Python security analysis tool that automatically discovers and reports comprehensive information about a given domain.
A comprehensive offensive web application penetration testing framework with 108 modules covering reconnaissance to vulnerability analysis.
A comprehensive offensive web application penetration testing framework with 108 modules covering reconnaissance to vulnerability analysis.
A Python tool that sniffs sensitive credentials and data from network interfaces or pcap files across multiple protocols.
A command-line tool that automates password cracking methodologies through Hashcat with integrated wordlist management and attack orchestration.
A Burp Suite extension for advanced GraphQL security testing, featuring vulnerability scanning, batch attacks, and schema analysis.
A Perl toolkit for ripping web-accessible version control repositories (Git, SVN, Mercurial, Bazaar, CVS) even when directory browsing is disabled.
A Python RDP man-in-the-middle tool and library for intercepting, monitoring, and analyzing Remote Desktop Protocol connections.
A multi-platform client-server tool for distributing Hashcat password cracking tasks across multiple computers.
A penetration testing tool that intercepts SSH connections to log plaintext passwords and full sessions.
A comprehensive password cracking rule combining multiple sources for improved hashcat performance.
A free, cross-platform, single-file fake protocol server simulator that can start or stop multiple network services.
A collection of small, chainable command-line utilities for advanced password cracking operations.
Statistical password cracking rules for Hashcat based on industry patterns and frequency analysis.
A security tool that enumerates AWS S3 buckets to discover and download interesting files using wordlist-based scanning.
An OWASP training app with 62 challenges demonstrating real-world secrets management mistakes and how to find them.
A reflective PE packer for in-memory execution of Windows executables to bypass security products.
A multithreaded PDF password cracking utility with structured search builders, checkpoint/resume, and optimized performance.
Wordlists for statistically likely usernames, optimized for horizontal password attacks and security testing.
A pre-configured Linux virtual machine for adversary emulation and threat hunting with attacker and defender toolkits.
A virtual host scanner for penetration testing that performs reverse lookups, detects catch-all scenarios, and works around wildcards and aliases.
Related Tags
Found a gem we're missing?
Open-Awesome is built by the community, for the community. Submit a project, suggest an awesome list, or help improve the catalog on GitHub.