Penetration Testing

#ruby-cli#penetration-testing#security-tools

PipalRuby

A Ruby-based command-line tool for analyzing password dumps to generate statistics and insights for security reports.

Stars662

Forks118

#hacktoberfest#xxe#penetration-testing

dtd-finderKotlin

A security tool that identifies DTDs in filesystem snapshots and generates XXE payloads using those local DTDs.

Stars661

Forks115

Whonow DNS ServerJavaScript

A malicious DNS server for executing DNS rebinding attacks dynamically via domain name requests.

#dns-rebinding#dns#penetration-testing

Stars661

Forks94

Last commit4 years ago

GraphQL CopPython

A lightweight Python utility for running common security tests against GraphQL APIs, ideal for CI/CD checks.

#graphql#penetration-testing#security

Stars651

Forks95

Last commit6 months ago

OneRuleToRuleThemStill

An optimized hashcat rule set for password cracking with reduced rule count and zero performance loss against major breach datasets.

#breach-data#penetration-testing#offensive-security

Stars640

Forks58

Awesome Bluetooth Security

A curated list of Bluetooth security resources covering vulnerabilities, tools, research, and conference talks for BR/EDR, LE, and Mesh.

#conference-talks#bluetooth-hacking#bluetooth-security

Stars605

Forks60

Last commit8 months ago

kwprocessorC

An advanced keyboard-walk generator for password cracking, configurable with base characters, keymaps, and routes.

#human-behavior-simulation#penetration-testing#keyboard-walk

Stars605

Forks93

Last commit9 months ago

StegCrackerPython

A steganography brute-force utility that uncovers hidden data inside files by trying passwords from a wordlist.

#ctf-tools#penetration-testing#steganography

Stars595

Forks106

#windows-automation#penetration-testing#system-administration

PowershelleryPowerShell

A collection of PowerShell scripts for security testing, penetration testing, and general system administration tasks.

Stars581

Forks120

Jenkins Attack FrameworkPython

A command-line tool for security testing and offensive operations against Jenkins CI/CD servers.

#credential-dumping#jenkins#command-line-tool

Stars576

Forks60

Last commit11 months ago

bXSSJavaScript

A utility for bug hunters and organizations to identify Blind Cross-Site Scripting vulnerabilities via customizable payloads and notifications.

#web-security#xss#cross-site-scripting

Stars574

Forks65

Last commit3 years ago

nsa-rulesShell

A collection of password cracking rules and masks for hashcat, generated from analysis of real breached password data.

#mask-files#penetration-testing#password-cracking

Stars565

Forks127

Last commit9 years ago

rshijackRust

A TCP connection hijacking tool written in Rust, enabling packet injection into established connections.

#tcp-hijacking#ctf-tools#tcp

Stars538

Forks44

#voip-security#vulnerability-assessment#sip

Awesome RTC Hacking

A curated list of security resources for penetration testing and vulnerability assessment of VoIP, WebRTC, and VoLTE systems.

Stars537

Forks51

Last commit1 month ago

JShellPython

A tool that creates a JavaScript shell payload for exploiting XSS vulnerabilities to execute code in a victim's browser.

#web-security#javascript-shell#penetration-testing

Stars532

Forks133

Last commit7 years ago

Strong node.jsJavaScript

An exhaustive security checklist for Node.js web services, focused on Express and Hapi frameworks.

#secure-coding#vulnerability-assessment#owasp

Stars507

Forks28

Pentesting Hardware - A Practical Handbook (DRAFT)

A collection of useful notes and reference materials for penetration testing hardware and related topics.

#creative-commons#reference-materials#penetration-testing

Stars504

Forks82

Last commit7 years ago

DNS Rebind ToolkitJavaScript

A frontend JavaScript framework for developing DNS rebinding exploits against vulnerable LAN devices and IoT products.

#iot#javascript-framework#web-security

Stars501

Forks84

Last commit4 years ago

maskprocessorC

A high-performance word generator for password cracking with per-position configurable character sets.

#wordlist-generator#penetration-testing#password-recovery

Stars500

Forks118

Last commit4 years ago

monsoonGo

A fast and flexible HTTP fuzzer for content discovery, credential bruteforcing, and security testing.

#wordlist-fuzzing#fuzzer#enumerator

Stars496

Forks40

#iot#iot-security-testing#web-security

drefJavaScript

A framework for exploiting DNS rebinding vulnerabilities to bypass Same-Origin Policy and attack internal networks from browsers.

Stars493

Forks70

#john#john-rules#penetration-testing

clem9669 rules

A collection of hashcat and John the Ripper rules for password cracking, optimized for common password generation patterns.

Stars463

Forks47

#code-golf#mini-shell#tiny-shell

nanoPHP

A family of extremely stealthy, code-golfed PHP webshells designed for undetectable remote command execution.

Stars449

Forks91

Last commit6 years ago

7z2hashcatPerl

Extracts password-protected 7-Zip archive data into hashcat-compatible hashes for password cracking.

#penetration-testing#security-tool#cryptanalysis

Stars430

Forks49

#webshell-sniper#pentest#terminal-utility

Webshell-SniperPython

A command-line tool for managing webshells on compromised web servers via terminal.

Stars421

Forks110

#cracking#lua-scripting#password-cracker

authoscopeRust

A scriptable network authentication cracker for custom services, using Lua scripts to test credentials.

Stars418

Forks46

#cracking#bruteforce-tool#lua-scripting

badtouchRust

A scriptable network authentication cracker for custom services, using Lua scripts to test credentials.

Stars418

Forks46

#ssh-security#tty-control#penetration-testing

SSHPry v2Python

A tool to spy on and control TTY sessions of SSH-connected clients with built-in keylogging and session recording.

Stars401

Forks77

Last commit8 years ago

pantagrule

Large hashcat rulesets generated from real-world compromised passwords to improve password cracking effectiveness.

#passwords#rulesets#penetration-testing

Stars399

Forks55

#ddos-attack#penetration-testing#denial-of-service

torDDoSPython

A Python tool that automates DDoS attacks through the Tor network for security testing and education.

Stars398

Forks58

#security-analytics#distributed#flask

HashviewPython

A web-based platform for organizing, automating, and analyzing password cracking tasks using Hashcat.

A versatile Rust tool for generating and mutating wordlists using patterns, web scraping, and password formats.

#cracking#hash#infosec

Stars392

Forks22

Last commit4 months ago

crackerjackPython

A web GUI for Hashcat that provides session management, notifications, and a multi-user interface for password cracking.

#penetration-testing#python#security-tools

Stars381

Forks93

#vulnerability-assessment#protocol-fuzzing#mqtt

CotopaxiPython

A toolkit for security testing IoT devices using protocols like CoAP, MQTT, DTLS, and HTTP/2.

Stars362

Forks79

#embedded-security#arm#arm-exploitation

Awesome ARM Exploitation

A curated collection of videos, articles, books, tools, and resources focused on ARM architecture exploitation techniques.

Stars362

Forks45