SaaSHub helps you find the best software and product alternatives Learn more →
Top 23 Shell Pentesting Projects
-
Project mention: somone please help me improving my log file nom Parser code? | reddit.com/r/rust | 2022-10-20
Starting PostgreSQL 13 database server: main. [94m[*][0m Loaded configuration file from /usr/share/sniper/sniper.conf [94m[[0m[92mOK[0m[94m][0m [94m[*][0m Loaded configuration file from /root/.sniper.conf [94m[[0m[92mOK[0m[94m][0m [94m[*][0m Saving loot to /usr/share/sniper/loot/workspace/nosva [94m[[0m[92mOK[0m[94m][0m [94m[*][0m Scanning 192.158.1.38 [94m[[0m[92mOK[0m[94m][0m [91m ____ [0m [91m _________ / _/___ ___ _____[0m [91m / ___/ __ \ / // __ \/ _ \/ ___/[0m [91m (__ ) / / // // /_/ / __/ / [0m [91m /____/_/ /_/___/ .___/\___/_/ [0m [91m /_/ [0m [93m + -- --=[ https://sn1persecurity.com[0m [93m + -- --=[ Sn1per v9.0 by u/xer0dayz[0m [92m====================================================================================[0m•x[92m[2022-08-22](15:56)[0mx• [91m RUNNING SC0PE WEB VULNERABILITY SCAN [0m [92m====================================================================================[0m•x[92m[2022-08-22](15:56)[0mx• P5 - INFO, CSP Not Enforced, http://192.158.1.38/, P2 - HIGH, Clear-Text Protocol - HTTP, http://192.158.1.38/, HTTP/1.1 200 OK P4 - LOW, Clickjacking HTTP, http://192.158.1.38/, P5 - INFO, CSP Not Enforced, https://192.158.1.38:443/, [92m====================================================================================[0m•x[92m[2022-08-22](15:56)[0mx• [91m RUNNING SC0PE NETWORK VULNERABILITY SCAN [0m [92m====================================================================================[0m•x[92m[2022-08-22](15:56)[0mx• P5 - INFO, Interesting Ports Found, 192.158.1.38, 21 8080 9090 7070 [92m====================================================================================[0 m•x[92m[2022-08-22](15:56)[0mx• ==================================================================================== •?((¯°·..• Sc0pe Vulnerability Report by u/xer0dayz •._.·°¯))؟• ==================================================================================== Critical: 0 High: 1 Medium: 0 Low: 1 Info: 2 Score: 8 ==================================================================================== P2 - HIGH, Clear-Text Protocol - HTTP, http://192.158.1.38:80/, HTTP/1.1 200 OK P4 - LOW, Clickjacking HTTP, http://192.158.1.38:80/, P5 - INFO, CSP Not Enforced, http://192.158.1.38:80/, P5 - INFO, CSP Not Enforced, https://192.158.1.38:443/, ==================================================================================== [92m====================================================================================[0m•x[92m[2022-08-22](15:56)[0mx• [91m SCAN COMPLETE! [0m [92m====================================================================================[0m•x[92m[2022-08-22](15:56)[0mx•
-
Project mention: Panda Wireless PAU09 or ALFA AC1200 or ALFA AC1900 | reddit.com/r/Kalilinux | 2022-09-08
-
SonarLint
Clean code begins in your IDE with SonarLint. Up your coding game and discover issues early. SonarLint is a free plugin that helps you find & fix bugs and security issues from the moment you start writing code. Install from your favorite IDE marketplace today.
-
I am using kali Linux with the terminal emulator. I'm in a vm as well and yes the black screen is on the terminal emulator it is just the lazy script from github https://github.com/arismelachroinos/lscript.git after you run ./install.sh you are told to enter your wlan0 and other addresses. I messed up and did not put in the right addresses and now am unable to get back to that screen
-
Linux privesc is a bunch of manual checks from my notes that I have built over time. I also like https://github.com/diego-treitos/linux-smart-enumeration (lse.sh) which is similar to linpeas but the output is less busy.
-
Project mention: Release of EMBA firmware analyzer in version 1.2.0 - aka London Calling | reddit.com/r/netsec | 2022-12-05
-
Project mention: A Summary of Fuzzing Tools and Dictionaries For Bug Bounty Hunters | dev.to | 2022-11-15
-
Sudomy
Sudomy is a subdomain enumeration tool to collect subdomains and analyzing domains performing automated reconnaissance (recon) for bug hunting / pentesting
Project mention: Sudomy is a subdomain enumeration tool to collect subdomains and analyzing domains performing automated reconnaissance (recon) for bug hunting | reddit.com/r/Zerosecurity | 2022-10-08 -
InfluxDB
Build time-series-based applications quickly and at scale.. InfluxDB is the Time Series Platform where developers build real-time applications for analytics, IoT and cloud-native services. Easy to start, it is available in the cloud or on-premises.
-
pwncat
pwncat - netcat on steroids with Firewall, IDS/IPS evasion, bind and reverse shell, self-injecting shell and port forwarding magic - and its fully scriptable with Python (PSE)
-
GooFuzz
GooFuzz is a tool to perform fuzzing with an OSINT approach, managing to enumerate directories, files, subdomains or parameters without leaving evidence on the target's server and by means of advanced Google searches (Google Dorking).
$ git clone https://github.com/m3n0sd0n4ld/GooFuzz.git $ cd GooFuzz $ chmod +x GooFuzz $ ./GooFuzz -h
-
-
-
Project mention: A Summary of Fuzzing Tools and Dictionaries For Bug Bounty Hunters | dev.to | 2022-11-15
payload https://github.com/cujanovic/Open-Redirect-Payloads
-
DDexec
A technique to run binaries filelessly and stealthily on Linux by "overwriting" the shell's process with another.
Project mention: GitHub - arget13/DDexec: A technique to run binaries filelessly and stealthily on Linux using dd to replace the shell with another process. | reddit.com/r/blueteamsec | 2022-05-06 -
archer-t2u-plus-linux
TP-Link Archer T2U Plus / AC600 High Gain USB Wifi Adapter Review & Driver installation Guide for various platforms.
Project mention: Will my wireless USB adapter be compatible with Linux? | reddit.com/r/linux4noobs | 2023-01-05 -
Project mention: Arno: Una herramienta de automatización para instalar las herramientas más populares de #bugbounty o #pentesting | reddit.com/r/u_esgeeks | 2022-08-01
-
Project mention: Enhance your malware detection with WAF + YARA (WAFARAY) | reddit.com/r/netsec | 2022-09-27
-
-
-
-
-
-
log4j-scan-turbo
Multithreaded log4j vulnerability scanner using only bash! Tests all JNDI protocols, HTTP GET/POST, and 84 headers.
Project mention: Example exploits for MacOS Endpoint Protection assessment | reddit.com/r/macsysadmin | 2022-03-06 -
Kali-Linux-Dockerfile
A simple Dockerfile to build an image starting from the latest official one of Kali Linux and including some useful tools.
-
SaaSHub
SaaSHub - Software Alternatives and Reviews. SaaSHub helps you find the best software and product alternatives
Shell Pentesting related posts
- Archer TX20U Plus driver for Linux
- Enhance your malware detection with WAF + YARA (WAFARAY)
- Tplink
- Arno: Una herramienta de automatización para instalar las herramientas más populares de #bugbounty o #pentesting
- How do I install packages offline?
- is this network adapter any good for hocking?
- Example exploits for MacOS Endpoint Protection assessment
-
A note from our sponsor - #<SponsorshipServiceOld:0x00007fea59163aa0>
www.saashub.com | 1 Feb 2023
Index
What are some of the best open-source Pentesting projects in Shell? This list will help you:
Project | Stars | |
---|---|---|
1 | Sn1per | 5,926 |
2 | airgeddon | 4,744 |
3 | lscript | 3,434 |
4 | linux-smart-enumeration | 2,564 |
5 | EMBA | 1,615 |
6 | OneListForAll | 1,607 |
7 | Sudomy | 1,558 |
8 | pwncat | 1,545 |
9 | GooFuzz | 754 |
10 | Goohak | 623 |
11 | ReverseAPK | 606 |
12 | Open-Redirect-Payloads | 499 |
13 | DDexec | 476 |
14 | archer-t2u-plus-linux | 174 |
15 | arno | 115 |
16 | wafaray | 71 |
17 | huntkit | 55 |
18 | webrecon | 48 |
19 | Shelly | 47 |
20 | Hack4Squad | 45 |
21 | wiresec | 29 |
22 | log4j-scan-turbo | 25 |
23 | Kali-Linux-Dockerfile | 24 |