Penetration Testing

#can-bus#vulnerability-testing#vehicle-pentesting

canTotPython

A Python CLI framework for automotive security testing, exploiting known CAN Bus vulnerabilities and fun hacks.

Stars150

Forks28

#modular-architecture#security-awareness#penetration-testing

echoCTF.REDPHP

An open-source platform for developing, running, and administering Capture the Flag (CTF) competitions on real IT infrastructure.

Stars148

Forks29

Last commit10 days ago

IPObfuscatorC

A simple tool to convert IP addresses into various obfuscated formats like DWORD, hex, and octal representations.

#bypass-filters#octal#penetration-testing

Stars145

Forks45

#pentest#ip-leak-detection#command-line-tool

Cloud BusterPython

A pentest tool that checks Cloudflare-protected sites for origin IP leaks and misconfigurations.

Stars145

Forks49

Last commit7 years ago

mailspoofPython

Scans SPF and DMARC DNS records to identify vulnerabilities that could allow email spoofing attacks.

#python-tool#spf-scanner#dns-security

Stars136

Forks24

#hacking-tools#web-security#ctf-challenges

Awesome CTF Cheatsheet

A curated collection of tips, commands, and strategies for solving Capture the Flag (CTF) challenges and HackTheBox machines.

Stars134

Capture the Flag CheatSheet

A curated collection of tips, commands, and strategies for solving Capture the Flag (CTF) challenges and HackTheBox machines.

#hacking-tools#web-exploitation#ctf-challenges

Stars134

#debugging-tools#mobile-security#security-analysis

Android OpenDebugJava

A Cydia Substrate tool that makes all Android applications debuggable on rooted devices.

Stars133

Forks34

Last commit12 years ago

goctopusGo

A fast GraphQL discovery and fingerprinting toolbox for security testing and reconnaissance.

#introspection-detection#subdomain-enumeration#graphql

Stars131

Forks13

#security-automation#penetration-testing#wordlist-management

autocrackPython

A Python wrapper for Hashcat that automates password cracking workflows with wordlist management and brute-force attacks.

Stars124

Forks34

Last commit

DroidGroundTypeScript

A custom platform for hosting controlled, realistic Android mobile hacking challenges in CTF competitions.

#exploit-development#adb#android

Stars116

Forks7

Last commit7 days ago

Vezir Project

A pre-configured Ubuntu-based virtual machine for mobile application security testing and malware analysis.

#vulnerability-assessment#mobile-security#ios-security

Stars116

Forks21

Last commit10 years ago

rulesfinderRust

A Rust tool that machine-learns efficient password mangling rules for John the Ripper or Hashcat from a dictionary and password list.

#penetration-testing#security-tools#offensive-security

Stars115

Forks20

#honeypot#honeypots#cyber-threat-intelligence

honeydetGo

A signature-based, multi-threaded honeypot detection tool written in Go that identifies emulated services via crafted requests.

Stars112

Forks8

#python-tool#wordlist-generator#password-reset-testing

token-reverserPython

A wordlist generator for security testing that creates permutations of known data to crack tokens.

Stars110

#web-security#penetration-testing#python

Last commit6 years ago

pwngitmanagerPython

A penetration testing tool for selectively downloading files from exposed .git repositories on web servers.

Stars109

Forks22

Last commit10 years ago

RSF

A standardized methodology for performing security assessments in robotics across physical, network, firmware, and application layers.

#robotics#vulnerability-assessment#embedded-security

Stars98

Forks17

Last commit7 years ago

nyxgeek-rulesShell

A collection of custom password cracking rules for Hashcat and John the Ripper to enhance brute-force attacks.

#cracking#jtr#cracking-hashes

Stars95

Forks19

Bypass signature and permission checks for IPCsJava

Android security testing tool that bypasses signature and permission checks for inter-process communications.

#app-security#mobile-security#penetration-testing

Stars86

Forks28

Last commit

X-Frame-Options: All about Clickjacking?

A repository containing Cure53's security audit reports, white papers, academic publications, and security tools.

#web-security#penetration-testing#vulnerability-research

Stars86

Forks10

#cloud-infrastructure#security-tooling#penetration-testing

RookPython

A Python tool that automates the provisioning of AWS p3 GPU instances via Terraform for high-speed password cracking with Hashcat.

Stars85

#generator#vulnerabilities#web-security

Last commit6 years ago

VWGenPython

A tool that generates vulnerable web applications for security testing and education, supporting multiple attack modules.

Stars85

Forks16

Last commit8 years ago

heapbytesShell

A Zsh theme designed for penetration testers with VPN and network interface awareness.

#oh-my-zsh-theme#ip#terminal

Stars83

Forks17

Last commit11 months ago

sshamePython

An interactive SSH public-key brute force tool for penetration testing, enabling command execution on remote hosts.

#ssh-key#authentication#network-scanning

Stars78

Forks15

#tcp-socket#command-line-interface#reflective-injection

HarnessPython

Interactive remote PowerShell payload providing native-like CLI over TCP with unmanaged and reflective injection capabilities.

Stars78

Forks20

Last commit10 years ago

RedHerd FrameworkJavaScript

A collaborative serverless framework for orchestrating geographically distributed assets to simulate offensive cyberspace operations.

#collaborative-tools#serverless#distributed-systems

A Python-based toolkit that automates Android penetration testing workflows by bundling and managing essential security tools.

#pentest-android#pentest-tool#adb

Stars74

Forks14

Last commit25 days ago

HyperionPython

A collection of security tools, exploits, proof-of-concept code, shellcodes, and scripts for educational purposes.

#educational-resources#penetration-testing#vulnerability-research

An oh-my-zsh plugin providing aliases and functions for penetration testing and security auditing.

#hacktoberfest#command-line-tools#network-enumeration

Stars69

#vulnerable-app#mobile-security#firebase-authentication

VuldroidJava

A vulnerable Android application demonstrating common security flaws for educational purposes.

Stars68

Forks22

Last commit4 years ago

NozzlrPython

A modular, script-friendly multithreaded bruteforce framework for penetration testing and security auditing.

#wordlist-attacks#ssh-bruteforce#infosec

Stars65

Forks14

#red-teaming#penetration-testing#tor

offensive-tor-toolkitGo

A collection of Go tools for performing exploitation and post-exploitation tasks over Tor with embedded Tor instances.

Stars63

Forks9

Last commit5 years ago

EyeWitnessPython

A tool for taking screenshots of websites, gathering server headers, and identifying default credentials.

#proxy-support#kali-linux#security-reconnaissance

Stars60

Forks5