Shell Pentesting

Open-source Shell projects categorized as Pentesting

Top 23 Shell Pentesting Projects

  • Sn1per

    Attack Surface Management Platform | Sn1perSecurity LLC

    Project mention: somone please help me improving my log file nom Parser code? | reddit.com/r/rust | 2022-10-20

    Starting PostgreSQL 13 database server: main. [94m[*][0m Loaded configuration file from /usr/share/sniper/sniper.conf [94m[[0m[92mOK[0m[94m][0m [94m[*][0m Loaded configuration file from /root/.sniper.conf [94m[[0m[92mOK[0m[94m][0m [94m[*][0m Saving loot to /usr/share/sniper/loot/workspace/nosva [94m[[0m[92mOK[0m[94m][0m [94m[*][0m Scanning 192.158.1.38 [94m[[0m[92mOK[0m[94m][0m [91m ____ [0m [91m _________ / _/___ ___ _____[0m [91m / ___/ __ \ / // __ \/ _ \/ ___/[0m [91m (__ ) / / // // /_/ / __/ / [0m [91m /____/_/ /_/___/ .___/\___/_/ [0m [91m /_/ [0m [93m + -- --=[ https://sn1persecurity.com[0m [93m + -- --=[ Sn1per v9.0 by u/xer0dayz[0m [92m====================================================================================[0m•x[92m[2022-08-22](15:56)[0mx• [91m RUNNING SC0PE WEB VULNERABILITY SCAN [0m [92m====================================================================================[0m•x[92m[2022-08-22](15:56)[0mx• P5 - INFO, CSP Not Enforced, http://192.158.1.38/, P2 - HIGH, Clear-Text Protocol - HTTP, http://192.158.1.38/, HTTP/1.1 200 OK P4 - LOW, Clickjacking HTTP, http://192.158.1.38/, P5 - INFO, CSP Not Enforced, https://192.158.1.38:443/, [92m====================================================================================[0m•x[92m[2022-08-22](15:56)[0mx• [91m RUNNING SC0PE NETWORK VULNERABILITY SCAN [0m [92m====================================================================================[0m•x[92m[2022-08-22](15:56)[0mx• P5 - INFO, Interesting Ports Found, 192.158.1.38, 21 8080 9090 7070 [92m====================================================================================[0 m•x[92m[2022-08-22](15:56)[0mx• ==================================================================================== •?((¯°·..• Sc0pe Vulnerability Report by u/xer0dayz •._.·°¯))؟• ==================================================================================== Critical: 0 High: 1 Medium: 0 Low: 1 Info: 2 Score: 8 ==================================================================================== P2 - HIGH, Clear-Text Protocol - HTTP, http://192.158.1.38:80/, HTTP/1.1 200 OK P4 - LOW, Clickjacking HTTP, http://192.158.1.38:80/, P5 - INFO, CSP Not Enforced, http://192.158.1.38:80/, P5 - INFO, CSP Not Enforced, https://192.158.1.38:443/, ==================================================================================== [92m====================================================================================[0m•x[92m[2022-08-22](15:56)[0mx• [91m SCAN COMPLETE! [0m [92m====================================================================================[0m•x[92m[2022-08-22](15:56)[0mx•

  • airgeddon

    This is a multi-use bash script for Linux systems to audit wireless networks.

    Project mention: Panda Wireless PAU09 or ALFA AC1200 or ALFA AC1900 | reddit.com/r/Kalilinux | 2022-09-08
  • SonarLint

    Clean code begins in your IDE with SonarLint. Up your coding game and discover issues early. SonarLint is a free plugin that helps you find & fix bugs and security issues from the moment you start writing code. Install from your favorite IDE marketplace today.

  • lscript

    The LAZY script will make your life easier, and of course faster.

    Project mention: lazy script interface issue | reddit.com/r/linux4noobs | 2022-03-24

    I am using kali Linux with the terminal emulator. I'm in a vm as well and yes the black screen is on the terminal emulator it is just the lazy script from github https://github.com/arismelachroinos/lscript.git after you run ./install.sh you are told to enter your wlan0 and other addresses. I messed up and did not put in the right addresses and now am unable to get back to that screen

  • linux-smart-enumeration

    Linux enumeration tool for pentesting and CTFs with verbosity levels

    Project mention: I passed with 100 points on second attempt AMA | reddit.com/r/oscp | 2022-06-14

    Linux privesc is a bunch of manual checks from my notes that I have built over time. I also like https://github.com/diego-treitos/linux-smart-enumeration (lse.sh) which is similar to linpeas but the output is less busy.

  • EMBA

    EMBA - The firmware security analyzer

    Project mention: Release of EMBA firmware analyzer in version 1.2.0 - aka London Calling | reddit.com/r/netsec | 2022-12-05
  • OneListForAll

    Rockyou for web fuzzing

    Project mention: A Summary of Fuzzing Tools and Dictionaries For Bug Bounty Hunters | dev.to | 2022-11-15
  • Sudomy

    Sudomy is a subdomain enumeration tool to collect subdomains and analyzing domains performing automated reconnaissance (recon) for bug hunting / pentesting

    Project mention: Sudomy is a subdomain enumeration tool to collect subdomains and analyzing domains performing automated reconnaissance (recon) for bug hunting | reddit.com/r/Zerosecurity | 2022-10-08
  • InfluxDB

    Build time-series-based applications quickly and at scale.. InfluxDB is the Time Series Platform where developers build real-time applications for analytics, IoT and cloud-native services. Easy to start, it is available in the cloud or on-premises.

  • pwncat

    pwncat - netcat on steroids with Firewall, IDS/IPS evasion, bind and reverse shell, self-injecting shell and port forwarding magic - and its fully scriptable with Python (PSE)

  • GooFuzz

    GooFuzz is a tool to perform fuzzing with an OSINT approach, managing to enumerate directories, files, subdomains or parameters without leaving evidence on the target's server and by means of advanced Google searches (Google Dorking).

    Project mention: GooFuzz - The Power of Google Dorks | reddit.com/r/HackProtectSlo | 2022-09-30

    $ git clone https://github.com/m3n0sd0n4ld/GooFuzz.git $ cd GooFuzz $ chmod +x GooFuzz $ ./GooFuzz -h

  • Goohak

    Automatically Launch Google Hacking Queries Against A Target Domain

  • ReverseAPK

    Quickly analyze and reverse engineer Android packages

  • Open-Redirect-Payloads

    Open Redirect Payloads

    Project mention: A Summary of Fuzzing Tools and Dictionaries For Bug Bounty Hunters | dev.to | 2022-11-15

    payload https://github.com/cujanovic/Open-Redirect-Payloads

  • DDexec

    A technique to run binaries filelessly and stealthily on Linux by "overwriting" the shell's process with another.

    Project mention: GitHub - arget13/DDexec: A technique to run binaries filelessly and stealthily on Linux using dd to replace the shell with another process. | reddit.com/r/blueteamsec | 2022-05-06
  • archer-t2u-plus-linux

    TP-Link Archer T2U Plus / AC600 High Gain USB Wifi Adapter Review & Driver installation Guide for various platforms.

    Project mention: Will my wireless USB adapter be compatible with Linux? | reddit.com/r/linux4noobs | 2023-01-05
  • arno

    An automation tool to install the most popular tools for bug bounty or pentesting.

    Project mention: Arno: Una herramienta de automatización para instalar las herramientas más populares de #bugbounty o #pentesting | reddit.com/r/u_esgeeks | 2022-08-01
  • wafaray

    Enhance your malware detection with WAF + YARA (WAFARAY)

    Project mention: Enhance your malware detection with WAF + YARA (WAFARAY) | reddit.com/r/netsec | 2022-09-27
  • huntkit

    Docker - Ubuntu with a bunch of PenTesting tools and wordlists

  • webrecon

    Automated Web Recon Shell Scripts

  • Shelly

    Automatic Reverse Shell Generator

  • Hack4Squad

    :skull: A bash hacking and scanning framework.

  • wiresec

    📦 Wireless Attacks Tools 🕷️

  • log4j-scan-turbo

    Multithreaded log4j vulnerability scanner using only bash! Tests all JNDI protocols, HTTP GET/POST, and 84 headers.

    Project mention: Example exploits for MacOS Endpoint Protection assessment | reddit.com/r/macsysadmin | 2022-03-06
  • Kali-Linux-Dockerfile

    A simple Dockerfile to build an image starting from the latest official one of Kali Linux and including some useful tools.

    Project mention: Kali Linux Dockerfile | reddit.com/r/Kalilinux | 2022-04-07
  • SaaSHub

    SaaSHub - Software Alternatives and Reviews. SaaSHub helps you find the best software and product alternatives

NOTE: The open source projects on this list are ordered by number of github stars. The number of mentions indicates repo mentiontions in the last 12 Months or since we started tracking (Dec 2020). The latest post mention was on 2023-01-05.

Shell Pentesting related posts

Index

What are some of the best open-source Pentesting projects in Shell? This list will help you:

Project Stars
1 Sn1per 5,926
2 airgeddon 4,744
3 lscript 3,434
4 linux-smart-enumeration 2,564
5 EMBA 1,615
6 OneListForAll 1,607
7 Sudomy 1,558
8 pwncat 1,545
9 GooFuzz 754
10 Goohak 623
11 ReverseAPK 606
12 Open-Redirect-Payloads 499
13 DDexec 476
14 archer-t2u-plus-linux 174
15 arno 115
16 wafaray 71
17 huntkit 55
18 webrecon 48
19 Shelly 47
20 Hack4Squad 45
21 wiresec 29
22 log4j-scan-turbo 25
23 Kali-Linux-Dockerfile 24
SaaSHub - Software Alternatives and Reviews
SaaSHub helps you find the best software and product alternatives
www.saashub.com