Security Testing
Showing 36 of 38 projects
A comprehensive collection of payloads and bypass techniques for web application security testing and penetration testing.
A comprehensive collection of security testing wordlists and payloads for penetration testers and security researchers.
A curated list of strings likely to cause issues when used as user-input data, for automated and manual QA testing.
An open-source penetration testing framework for social engineering with custom attack vectors to create believable attacks quickly.
A comprehensive manual for mobile app security testing and reverse engineering, aligned with OWASP MASVS and MASWE.
A Python-based interactive packet manipulation program and library for network analysis, scanning, and security testing.
A library of portable detection tests mapped to the MITRE ATT&CK framework for security testing.
A collection of webshell scripts in various languages for security testing and research purposes.
The most comprehensive open dictionary of attack patterns, predictable resource locations, and regex for black-box application security testing.
A command-line tool for red-teaming and vulnerability scanning of large language models (LLMs).
An open-source adversary emulation platform that simulates malware attacks to test and improve network security defenses.
A proof-of-concept malware application that implements common anti-analysis techniques to test security tools and sandbox environments.
An automated cyber security platform for adversary emulation, red teaming, and incident response built on the MITRE ATT&CK framework.
AFL++ is a community-enhanced, high-performance fork of the AFL fuzzer with advanced instrumentation, mutators, and speed improvements.
An unsupervised coverage-guided kernel fuzzer for finding bugs in operating system kernels like Linux, Windows, and BSD variants.
A coverage-guided fuzzing solution for testing Go packages, especially those parsing complex or untrusted inputs.
A security testing framework for Android that identifies vulnerabilities by interacting with apps, IPC endpoints, and the OS.
A PowerShell v2.0+ compatible command and script obfuscation framework for security testing.
A testing tool that detects virtual machines and malware analysis environments using techniques observed in real malware.
A security-oriented, feedback-driven, evolutionary software fuzzer that uses hardware and software code coverage to find bugs.
A collection of potentially dangerous file names and paths for security testing and fuzzing.
A collection of test subdomains with intentionally broken SSL configurations for testing client security behavior.
A web interface powered by FRIDA for runtime manipulation, analysis, and security testing of Android and iOS applications.
A comprehensive collection of HTML5-related XSS attack vectors and testing resources for web security professionals.
An on-path blackbox network traffic security testing tool for detecting weak TLS/SSL connections and cleartext traffic.
A stateful REST API fuzzing tool that automatically tests cloud services to find security and reliability bugs.
A self-hosted Fuzzing-As-A-Service platform for continuous developer-driven fuzzing to harden software prior to release.
A Windows Batch script toolset that simulates Advanced Persistent Threat (APT) attack indicators to test security monitoring and detection capabilities.
A modular Rust library for building fast, scalable, and customizable fuzzers that work across multiple platforms and instrumentation backends.
A collection of proof-of-concept (PoC) and exploit (Exp) scripts for various security vulnerabilities.
The OWASP Mobile Application Security Verification Standard (MASVS) is the industry standard for mobile app security.
A curated collection of software testing tools, frameworks, books, blogs, and resources for testers and developers.
A curated collection of software testing tools, frameworks, books, blogs, and resources for testers and developers.
A comprehensive HTML file enumerating all possible ways a website can leak HTTP requests for security testing.
An open-source packer that converts executables and shellcode into stealthy, evasive payloads for Windows.
A service that provides easy-to-remember reverse shell payloads for Unix-like systems, automatically detecting available software on the target.
Related Tags
Found a gem we're missing?
Open-Awesome is built by the community, for the community. Submit a project, suggest an awesome list, or help improve the catalog on GitHub.