Awesome Penetration Testing

This page summarizes the projects mentioned and recommended in the original post on dev.to

Our great sponsors
  • InfluxDB - Power Real-Time Data Analytics at Scale
  • WorkOS - The modern identity platform for B2B SaaS
  • SaaSHub - Software Alternatives and Reviews
  • awesome-tor

    A list of awesome Tor related projects, articles, papers, etc

  • See also awesome-tor.

  • nipe

    Discontinued An engine to make Tor network your default gateway [Moved to: https://github.com/htrgouvea/nipe] (by GouveaHeitor)

  • Nipe - Script to redirect all traffic from the machine to the Tor network.

  • InfluxDB

    Power Real-Time Data Analytics at Scale. Get real-time insights from all types of time series data with InfluxDB. Ingest, query, and analyze billions of data points in real-time with unbounded cardinality.

    InfluxDB logo
  • dos-over-tor

    Proof of concept denial of service over TOR stress test tool

  • dos-over-tor - Proof of concept denial of service over Tor stress test tool.

  • kalitorify

    Transparent proxy through Tor for Kali Linux OS

  • kalitorify - Transparent proxy through Tor for Kali Linux OS.

  • avet

    AntiVirus Evasion Tool

  • AntiVirus Evasion Tool (AVET) - Post-process exploits containing executable files targeted for Windows machines to avoid being recognized by antivirus software.

  • CarbonCopy

    A tool which creates a spoofed certificate of any online website and signs an Executable for AV Evasion. Works for both Windows and Linux

  • CarbonCopy - Tool that creates a spoofed certificate of any online website and signs an Executable for AV evasion.

  • UniByAv

  • UniByAv - Simple obfuscator that takes raw shellcode and generates Anti-Virus friendly executables by using a brute-forcable, 32-bit XOR key.

  • WorkOS

    The modern identity platform for B2B SaaS. The APIs are flexible and easy-to-use, supporting authentication, user identity, and complex enterprise features like SSO and SCIM provisioning.

    WorkOS logo
  • peCloakCapstone

    Platform independent peCloak fork based on Capstone

  • peCloakCapstone - Multi-platform fork of the peCloak.py automated malware antivirus evasion tool.

  • Ciphey

    ⚡ Automatically decrypt encryptions without knowing the key or cipher, decode encodings, and crack hashes ⚡

  • Ciphey - Automated decryption tool using artificial intelligence and natural language processing.

  • RsaCtfTool

    RSA attack tool (mainly for ctf) - retrieve private key from weak public key and/or uncipher data

  • RsaCtfTool - Decrypt data enciphered using weak RSA keys, and recover private keys from public keys using a variety of automated attacks.

  • ctf-tools

    Some setup scripts for security research tools.

  • ctf-tools - Collection of setup scripts to install various security research tools easily and quickly deployable to new machines.

  • ShellPop

    Pop shells like a master.

  • shellpop - Easily generate sophisticated reverse or bind shell commands to help you save time during penetration tests.

  • lair

    Lair is a reactive attack collaboration framework and web application built with meteor.

  • Lair - Reactive attack collaboration framework and web application built with meteor.

  • Pentest Collaboration Framework (PCF) - Open source, cross-platform, and portable toolkit for automating routine pentest processes with a team.

  • RedELK

    Red Team's SIEM - tool for Red Teams used for tracking and alarming about Blue Team activities as well as better usability in long term operations.

  • RedELK - Track and alarm about Blue Team activities while providing better usability in long term offensive operations.

  • DET

    (extensible) Data Exfiltration Toolkit (DET)

  • DET - Proof of concept to perform data exfiltration using either single or multiple channel(s) at the same time.

  • trevorc2

    TrevorC2 is a legitimate website (browsable) that tunnels client/server communications for covert command execution.

  • TrevorC2 - Client/server tool for masking command and control and data exfiltration through a normally browsable website, not typical HTTP POST requests.

  • dnscat2

  • dnscat2 - Tool designed to create an encrypted command and control channel over the DNS protocol, which is an effective tunnel out of almost every network.

  • pwnat

    The only tool/technique to punch holes through firewalls/NATs where multiple clients & server can be behind separate NATs without any 3rd party involvement. Pwnat is a newly developed technique, exploiting a property of NAT translation tables, with no 3rd party, port forwarding, DMZ, DNS, router admin requirements, STUN/TURN/UPnP/ICE, or spoofing.

  • pwnat - Punches holes in firewalls and NATs.

  • QueenSono

    Golang binary for data exfiltration with ICMP protocol (+ ICMP bindshell, http over ICMP tunneling, ...)

  • QueenSono - Client/Server Binaries for data exfiltration with ICMP. Useful in a network where ICMP protocol is less monitored than others (which is a common case).

  • unicorn

    Unicorn is a simple tool for using a PowerShell downgrade attack and inject shellcode straight into memory. Based on Matthew Graeber's powershell attacks and the powershell bypass technique presented by David Kennedy (TrustedSec) and Josh Kelly at Defcon 18. (by trustedsec)

  • Magic Unicorn - Shellcode generator for numerous attack vectors, including Microsoft Office macros, PowerShell, HTML applications (HTA), or certutil (using fake certificates).

  • pwntools

    CTF framework and exploit development library

  • Pwntools - Rapid exploit development framework built for use in CTFs.

  • peda

    PEDA - Python Exploit Development Assistance for GDB

  • peda - Python Exploit Development Assistance for GDB.

  • wordpress-exploit-framework

    Discontinued A Ruby framework designed to aid in the penetration testing of WordPress systems.

  • Wordpress Exploit Framework - Ruby framework for developing and using modules which aid in the penetration testing of WordPress powered websites and systems.

  • Hwacha

    Deploy payloads to *Nix systems en masse

  • Hwacha - Post-exploitation tool to quickly execute payloads via SSH on one or more Linux systems simultaneously.

  • Linux_Exploit_Suggester

    Linux Exploit Suggester; based on operating system release number

  • Linux Exploit Suggester - Heuristic reporting on potentially viable exploits for a given GNU/Linux system.

  • bruteforce-wallet

    Try to find the password of an encrypted Peercoin (or Bitcoin, Litecoin, etc...) wallet file.

  • BruteForce Wallet - Find the password of an encrypted wallet file (i.e. wallet.dat).

  • duplicut

    Remove duplicates from MASSIVE wordlist, without sorting it (for dictionary-based password cracking)

  • duplicut - Quickly remove duplicates, without changing the order, and without getting OOM on huge wordlists.

  • gocrack

    Discontinued GoCrack is a management frontend for password cracking tools written in Go [Moved to: https://github.com/mandiant/gocrack] (by fireeye)

  • GoCrack - Management Web frontend for distributed password cracking sessions using hashcat (or other supported tools) written in Go.

  • hate_crack

    A tool for automating cracking methodologies through Hashcat from the TrustedSec team.

  • hate_crack - Tool for automating cracking methodologies through Hashcat.

  • jwt-cracker

    Simple HS256, HS384 & HS512 JWT token brute force cracker.

  • JWT Cracker - Simple HS256 JSON Web Token (JWT) token brute force cracker.

  • Bless

    Bless - Gtk# Hex Editor (fork) (by bwrsandman)

  • Bless - High quality, full featured, cross-platform graphical hex editor written in Gtk#.

  • hexedit

    View and edit files in hexadecimal or in ASCII

  • hexedit - Simple, fast, console-based hex editor.

  • awesome-industrial-control-system-security

    A curated list of resources related to Industrial Control System (ICS) security.

  • See also awesome-industrial-control-system-security.

  • isf

    ISF(Industrial Control System Exploitation Framework),a exploitation framework based on Python

  • Industrial Exploitation Framework (ISF) - Metasploit-like exploit framework based on routersploit designed to target Industrial Control Systems (ICS), SCADA devices, PLC firmware, and more.

  • s7scan

    The tool for enumerating Siemens S7 PLCs through TCP/IP or LLC network

  • s7scan - Scanner for enumerating Siemens S7 PLCs on a TCP/IP or LLC network.

  • awesome-vulnerable

    A curated list of VULNERABLE APPS and SYSTEMS which can be used as PENETRATION TESTING PRACTICE LAB.

  • See also awesome-vulnerable.

  • awesome-lockpicking

    :unlock::sunglasses: A curated list of awesome guides, tools, and other resources related to the security and compromise of locks, safes, and keys.

  • See awesome-lockpicking.

  • Bella

    Bella is a pure python post-exploitation data mining tool & remote administration tool for macOS. 🍎💻

  • Bella - Pure Python post-exploitation data mining and remote administration tool for macOS.

  • x64dbg

    An open-source user mode debugger for Windows. Optimized for reverse engineering and malware analysis.

  • x64dbg - Open source x64/x32 debugger for windows.

  • EvilOSX

    An evil RAT (Remote Administration Tool) for macOS / OS X.

  • EvilOSX - Modular RAT that uses numerous evasion and exfiltration techniques out-of-the-box.

  • AutoSploit

    Automated Mass Exploiter

  • AutoSploit - Automated mass exploiter, which collects target by employing the Shodan.io API and programmatically chooses Metasploit exploit modules based on the Shodan query.

  • ZAP

    The ZAP core project

  • OWASP Zed Attack Proxy (ZAP) - Feature-rich, scriptable HTTP intercepting proxy and fuzzer for penetration testing web applications.

  • decker

    Declarative penetration testing orchestration framework (by stevenaldinger)

  • Decker - Penetration testing orchestration and automation framework, which allows writing declarative, reusable configurations capable of ingesting variables and using outputs of tools it has run as inputs to others.

  • faraday

    Open Source Vulnerability Management Platform (by infobyte)

  • Faraday - Multiuser integrated pentesting environment for red teams performing cooperative penetration tests, security audits, and risk assessments.

  • pupy

    Pupy is an opensource, cross-platform (Windows, Linux, OSX, Android) C2 and post-exploitation framework written in python and C

  • Pupy - Cross-platform (Windows, Linux, macOS, Android) remote administration and post-exploitation tool.

  • wappalyzer

    Discontinued Identify technology on websites.

  • Wappalyzer - Wappalyzer uncovers the technologies used on websites.

  • CrackMapExec

    Discontinued A swiss army knife for pentesting networks

  • CrackMapExec - Swiss army knife for pentesting networks.

  • torsocks

    Library to torify application - NOTE: upstream has been moved to https://gitweb.torproject.org/torsocks.git

  • Tor - Free software and onion routed overlay network that helps you defend against traffic analysis.

  • ikeforce

  • IKEForce - Command line IPSEC VPN brute forcing tool for Linux that allows group name/ID enumeration and XAUTH brute forcing capabilities.

  • legion

    Legion is an open source, easy-to-use, super-extensible and semi-automated network penetration testing tool that aids in discovery, reconnaissance and exploitation of information systems. (by GoVanguard)

  • Legion - Graphical semi-automated discovery and reconnaissance framework based on Python 3 and forked from SPARTA.

  • PRET

    Printer Exploitation Toolkit - The tool that made dumpster diving obsolete.

  • Printer Exploitation Toolkit (PRET) - Tool for printer security testing capable of IP and USB connectivity, fuzzing, and exploitation of PostScript, PJL, and PCL printer language features.

  • sslstrip

    A tool for exploiting Moxie Marlinspike's SSL "stripping" attack.

  • sslstrip - Demonstration of the HTTPS stripping attacks.

  • spiderfoot

    SpiderFoot automates OSINT for threat intelligence and mapping your attack surface.

  • Spiderfoot - Multi-source OSINT automation tool with a Web UI and report visualizations.

  • SigPloit

  • SigPloit - Signaling security testing framework dedicated to telecom security for researching vulnerabilites in the signaling protocols used in mobile (cellular phone) operators.

  • SIET

    Smart Install Exploitation Tool

  • Smart Install Exploitation Tool (SIET) - Scripts for identifying Cisco Smart Install-enabled switches on a network and then manipulating them.

  • john

    John the Ripper jumbo - advanced offline password cracker, which supports hundreds of hash and cipher types, and runs on many operating systems, CPUs, GPUs, and even some FPGAs

  • John the Ripper - Fast password cracker.

  • thc-hydra

    hydra

  • THC Hydra - Online password cracking tool with built-in support for many network protocols, including HTTP, SMB, FTP, telnet, ICQ, MySQL, LDAP, IMAP, VNC, and more.

  • tsunami-security-scanner

    Tsunami is a general purpose network security scanner with an extensible plugin system for detecting high severity vulnerabilities with high confidence.

  • Tsunami - General purpose network security scanner with an extensible plugin system for detecting high severity vulnerabilities with high confidence.

  • zarp

    Network Attack Tool

  • Zarp - Network attack tool centered around the exploitation of local networks.

  • dnstwist

    Domain name permutation engine for detecting homograph phishing attacks, typo squatting, and brand impersonation

  • dnstwist - Domain name permutation engine for detecting typo squatting, phishing and corporate espionage.

  • impacket

    Discontinued Impacket is a collection of Python classes for working with network protocols. [Moved to: https://github.com/SecureAuthCorp/impacket] (by CoreSecurity)

  • impacket - Collection of Python classes for working with network protocols.

  • PivotSuite

    Network Pivoting Toolkit

  • pivotsuite - Portable, platform independent and powerful network pivoting toolkit.

  • routersploit

    Discontinued Exploitation Framework for Embedded Devices [Moved to: https://github.com/threat9/routersploit] (by reverse-shell)

  • routersploit - Open source exploitation framework similar to Metasploit but dedicated to embedded devices.

  • rshijack

    TCP connection hijacker, Rust rewrite of shijack

  • rshijack - TCP connection hijacker, Rust rewrite of shijack.

  • anevicon

    Discontinued :fire: The most powerful UDP-based load generator, written in Rust

  • Anevicon - Powerful UDP-based load generator, written in Rust.

  • LOIC

    Discontinued Deprecated - Low Orbit Ion Cannon - An open source network stress tool, written in C#. Based on Praetox's LOIC project. USE ON YOUR OWN RISK. WITHOUT ANY EXPRESS OR IMPLIED WARRANTIES. IF YOU GET V& IT IS YOUR FAULT.

  • Low Orbit Ion Canon (LOIC) - Open source network stress tool written for Windows.

  • Metasploit

    Metasploit Framework

  • Metasploit - Software for offensive security teams to help verify vulnerabilities and manage security assessments.

  • Memcrashed-DDoS-Exploit

    DDoS attack tool for sending forged UDP packets to vulnerable Memcached servers obtained using Shodan API

  • Memcrashed - DDoS attack tool for sending forged UDP packets to vulnerable Memcached servers obtained using Shodan API.

  • slowloris

    Low bandwidth DoS tool. Slowloris rewrite in Python.

  • SlowLoris - DoS tool that uses low bandwidth on the attacking side.

  • t50

  • T50 - Faster network stress tool.

  • ufonet

    UFONet - Denial of Service Toolkit

  • UFONet - Abuses OSI layer 7 HTTP to create/manage 'zombies' and to conduct different attacks using; GET/POST, multithreading, proxies, origin spoofing methods, cache evasion techniques, etc.

  • ACLight

    A script for advanced discovery of Privileged Accounts - includes Shadow Admins

  • ACLight - Script for advanced discovery of sensitive Privileged Accounts - includes Shadow Admins.

  • blackarch

    An ArchLinux based distribution for penetration testers and security researchers.

  • BlackArch - Arch GNU/Linux-based distribution for penetration testers and security researchers.

  • aquatone

    Discontinued A Tool for Domain Flyovers

  • AQUATONE - Subdomain discovery tool utilizing various open sources producing a report that can be used as input to other tools.

  • CloudFail

    Utilize misconfigured DNS and old database records to find hidden IP's behind the CloudFlare network

  • CloudFail - Unmask server IP addresses hidden behind Cloudflare by searching old database records and detecting misconfigured DNS.

  • masscan

    TCP port scanner, spews SYN packets asynchronously, scanning entire Internet in under 5 minutes.

  • Mass Scan - TCP port scanner, spews SYN packets asynchronously, scanning entire Internet in under 5 minutes.

  • bettercap

    The Swiss Army knife for 802.11, BLE, IPv4 and IPv6 networks reconnaissance and MITM attacks.

  • BetterCAP - Modular, portable and easily extensible MITM framework.

  • amass

    In-depth attack surface mapping and asset discovery

  • OWASP Amass - Subdomain enumeration via scraping, web archives, brute forcing, permutations, reverse DNS sweeping, TLS certificates, passive DNS data sources, etc.

  • ScanCannon

    Combines the speed of masscan with the reliability and detailed enumeration of nmap

  • ScanCannon - Python script to quickly enumerate large networks by calling masscan to quickly identify open ports and then nmap to gain details on the systems/services on those ports.

  • xray

    XRay is a tool for recon, mapping and OSINT gathering from public networks. (by evilsocket)

  • XRay - Network (sub)domain discovery and reconnaissance automation tool.

  • dnsenum

    dnsenum is a perl script that enumerates DNS information

  • dnsenum - Perl script that enumerates DNS information from a domain, attempts zone transfers, performs a brute force dictionary style attack, and then performs reverse look-ups on the results.

  • dnsmap

    fork of http://code.google.com/p/dnsmap/source/checkout

  • dnsmap - Passive DNS network mapper.

  • dnsrecon

    DNS Enumeration Script

  • dnsrecon - DNS enumeration script.

  • SQLMap

    Automatic SQL injection and database takeover tool

  • SQLmap - Automatic SQL injection and database takeover tool.

  • fierce

    A DNS reconnaissance tool for locating non-contiguous IP space.

  • fierce - Python3 port of the original fierce.pl DNS reconnaissance tool for locating non-contiguous IP space.

  • passivedns-client

    passivedns-client provides a library and a query tool for querying several passive DNS providers

  • passivedns-client - Library and query tool for querying several passive DNS providers.

  • prototype-pollution-explained

    Prototype Pollution in JavaScript

  • Snyk Vulnerability DB - Detailed information and remediation guidance for vulnerabilities known by Snyk.

  • passivedns

    A network sniffer that logs all DNS server replies for use in a passive DNS setup

  • passivedns - Network sniffer that logs all DNS server replies for use in a passive DNS setup.

  • HexFiend

    A fast and clever hex editor for macOS

  • Hex Fiend - Fast, open source, hex editor for macOS with support for viewing binary diffs.

  • RustScan

    🤖 The Modern Port Scanner 🤖

  • RustScan - Lightweight and quick open-source port scanner designed to automatically pipe open ports into Nmap.

  • scanless

    Discontinued online port scan scraper

  • scanless - Utility for using websites to perform port scans on your behalf so as not to reveal your own IP.

  • smbmap

    SMBMap is a handy SMB enumeration tool

  • smbmap - Handy SMB enumeration tool.

  • subbrute

    A DNS meta-query spider that enumerates DNS records, and subdomains.

  • subbrute - DNS meta-query spider that enumerates DNS records, and subdomains.

  • mitmproxy

    An interactive TLS-capable intercepting HTTP proxy for penetration testers and software developers.

  • mitmproxy - Interactive TLS-capable intercepting HTTP proxy for penetration testers and software developers.

  • awesome-pcaptools

    A collection of tools developed by other researchers in the Computer Science area to process network traces. All the right reserved for the original authors.

  • See also awesome-pcaptools.

  • Dshell

    Dshell is a network forensic analysis framework.

  • Dshell - Network forensic analysis framework.

  • netzob

    Netzob: Protocol Reverse Engineering, Modeling and Fuzzing

  • Netzob - Reverse engineering, traffic generation and fuzzing of communication protocols.

  • netsniff-ng

    A Swiss army knife for your daily Linux network plumbing.

  • netsniff-ng - Swiss army knife for network sniffing.

  • sniffglue

    Secure multithreaded packet sniffer

  • sniffglue - Secure multithreaded packet sniffer.

  • Kaitai Struct

    Kaitai Struct: declarative language to generate binary data parsers in C++ / C# / Go / Java / JavaScript / Lua / Nim / Perl / PHP / Python / Ruby

  • Kaitai Struct - File formats and network protocols dissection language and web IDE, generating parsers in C++, C#, Java, JavaScript, Perl, PHP, Python, Ruby.

  • hping

    hping network tool

  • hping3 - Network tool able to send custom TCP/IP packets.

  • pig

    A Linux packet crafting tool. (by rafael-santiago)

  • pig - GNU/Linux packet crafting tool.

  • hashcat

    World's fastest and most advanced password recovery utility

  • Hashcat - The more fast hash cracker.

  • scapy

    Scapy: the Python-based interactive packet manipulation program & library. Supports Python 2 & Python 3.

  • scapy - Python-based interactive packet manipulation program and library.

  • habu

    Hacking Toolkit

  • Habu - Python utility implementing a variety of network attacks, such as ARP poisoning, DHCP starvation, and more.

  • lambda-proxy

    Lambda-Proxy creates an HTTP proxy listening on localhost port 8082. When it receives an HTTP POST request with a very specific structure , it will parse the request, extract the relevant data required for the test, and will invoke your AWS Lambda function using the AWS SDK client.invoke() method. It was created for testing AWS Lambda functions with SQLMap as described here: https://www.puresec.io/blog/automated-sql-injection-testing-of-serverless-functions-on-a-shoestring-budget-and-some-good-m

  • Lambda-Proxy - Utility for testing SQL Injection vulnerabilities on AWS Lambda serverless functions.

  • MITMf

    Discontinued Framework for Man-In-The-Middle attacks

  • MITMf - Framework for Man-In-The-Middle attacks.

  • i2p.i2p

    I2P is an anonymizing network, offering a simple layer that identity-sensitive applications can use to securely communicate. All data is wrapped with several layers of encryption, and the network is both distributed and dynamic, with no trusted parties.

  • I2P - The Invisible Internet Project.

  • morpheus

    Morpheus - Automating Ettercap TCP/IP (MITM-hijacking Tool)

  • Morpheus - Automated ettercap TCP/IP Hijacking tool.

  • gophish

    Open-Source Phishing Toolkit

  • Gophish - Open-source phishing framework.

  • ssh-mitm

    SSH man-in-the-middle tool

  • SSH MITM - Intercept SSH connections with a proxy; all plaintext passwords and sessions are logged to disk.

  • dnschef

    DNSChef - DNS proxy for Penetration Testers and Malware Analysts

  • dnschef - Highly configurable DNS proxy for pentesters.

  • Cppcheck

    static analysis of C/C++ code

  • cppcheck - Extensible C/C++ static analyzer focused on finding bugs.

  • evilgrade

    Evilgrade is a modular framework that allows the user to take advantage of poor upgrade implementations by injecting fake updates.

  • evilgrade - Modular framework to take advantage of poor upgrade implementations by injecting fake updates.

  • mallory

    HTTP/HTTPS proxy over SSH

  • mallory - HTTP/HTTPS proxy over SSH.

  • iodine

    Official git repo for iodine dns tunnel

  • Iodine - Tunnel IPv4 data through a DNS server; useful for exfiltration from networks where Internet access is firewalled, but DNS queries are allowed.

  • oregano

    Discontinued Man-in-the-middle against Tor bridges

  • oregano - Python module that runs as a machine-in-the-middle (MITM) accepting Tor client requests.

  • lynis

    Lynis - Security auditing tool for Linux, macOS, and UNIX-based systems. Assists with compliance testing (HIPAA/ISO27001/PCI DSS) and system hardening. Agentless, and installation optional.

  • Lynis - Auditing tool for UNIX-based systems.

  • sslyze

    Fast and powerful SSL/TLS scanning library.

  • SSLyze - Fast and comprehensive TLS/SSL configuration analyzer to help identify security mis-configurations.

  • crackpkcs12

    A multithreaded program to crack PKCS#12 files (p12 and pfx extensions)

  • crackpkcs12 - Multithreaded program to crack PKCS#12 files (.p12 and .pfx extensions), such as TLS/SSL certificates.

  • mimikatz

    A little tool to play with Windows security

  • mimikatz - Credentials extraction tool for Windows operating system.

  • awesome-dva

    A curated list of "damn vulnerable apps" and exploitable VMs / wargames. See contributing.md for information.

  • Awesome Penetration Testing

  • angr

    A powerful and user-friendly binary analysis platform!

  • angr - Platform-agnostic binary analysis framework.

  • SaaSHub

    SaaSHub - Software Alternatives and Reviews. SaaSHub helps you find the best software and product alternatives

    SaaSHub logo
NOTE: The number of mentions on this list indicates mentions on common posts plus user suggested alternatives. Hence, a higher number means a more popular project.

Suggest a related project

Related posts