Awesome Penetration Testing

This page summarizes the projects mentioned and recommended in the original post on dev.to

Our great sponsors
  • OPS - Build and Run Open Source Unikernels
  • Scout APM - Less time debugging, more time building
  • SonarLint - Deliver Cleaner and Safer Code - Right in Your IDE of Choice!
  • awesome-tor

    A list of awesome Tor related projects, articles, papers, etc

    See also awesome-tor.

  • nipe

    An engine to make Tor network your default gateway [Moved to: https://github.com/htrgouvea/nipe] (by GouveaHeitor)

    Nipe - Script to redirect all traffic from the machine to the Tor network.

  • OPS

    OPS - Build and Run Open Source Unikernels. Quickly and easily build and deploy open source unikernels in tens of seconds. Deploy in any language to any cloud.

  • dos-over-tor

    Proof of concept denial of service over TOR stress test tool

    dos-over-tor - Proof of concept denial of service over Tor stress test tool.

  • kalitorify

    Transparent proxy through Tor for Kali Linux OS

    kalitorify - Transparent proxy through Tor for Kali Linux OS.

  • avet

    AntiVirus Evasion Tool

    AntiVirus Evasion Tool (AVET) - Post-process exploits containing executable files targeted for Windows machines to avoid being recognized by antivirus software.

  • CarbonCopy

    A tool which creates a spoofed certificate of any online website and signs an Executable for AV Evasion. Works for both Windows and Linux

    CarbonCopy - Tool that creates a spoofed certificate of any online website and signs an Executable for AV evasion.

  • UniByAv

    UniByAv - Simple obfuscator that takes raw shellcode and generates Anti-Virus friendly executables by using a brute-forcable, 32-bit XOR key.

  • Scout APM

    Less time debugging, more time building. Scout APM allows you to find and fix performance issues with no hassle. Now with error monitoring and external services monitoring, Scout is a developer's best friend when it comes to application development.

  • peCloakCapstone

    Platform independent peCloak fork based on Capstone

    peCloakCapstone - Multi-platform fork of the peCloak.py automated malware antivirus evasion tool.

  • Ciphey

    ⚡ Automatically decrypt encryptions without knowing the key or cipher, decode encodings, and crack hashes ⚡

    Ciphey - Automated decryption tool using artificial intelligence and natural language processing.

  • RsaCtfTool

    RSA attack tool (mainly for ctf) - retreive private key from weak public key and/or uncipher data

    RsaCtfTool - Decrypt data enciphered using weak RSA keys, and recover private keys from public keys using a variety of automated attacks.

  • ctf-tools

    Some setup scripts for security research tools. (by zardus)

    ctf-tools - Collection of setup scripts to install various security research tools easily and quickly deployable to new machines.

  • ShellPop

    Pop shells like a master.

    shellpop - Easily generate sophisticated reverse or bind shell commands to help you save time during penetration tests.

  • lair

    Lair is a reactive attack collaboration framework and web application built with meteor.

    Lair - Reactive attack collaboration framework and web application built with meteor.

  • Pentest Collaboration Framework (PCF) - Open source, cross-platform, and portable toolkit for automating routine pentest processes with a team.

  • RedELK

    Red Team's SIEM - tool for Red Teams used for tracking and alarming about Blue Team activities as well as better usability in long term operations.

    RedELK - Track and alarm about Blue Team activities while providing better usability in long term offensive operations.

  • DET

    (extensible) Data Exfiltration Toolkit (DET)

    DET - Proof of concept to perform data exfiltration using either single or multiple channel(s) at the same time.

  • trevorc2

    TrevorC2 is a legitimate website (browsable) that tunnels client/server communications for covert command execution.

    TrevorC2 - Client/server tool for masking command and control and data exfiltration through a normally browsable website, not typical HTTP POST requests.

  • dnscat2

    dnscat2 - Tool designed to create an encrypted command and control channel over the DNS protocol, which is an effective tunnel out of almost every network.

  • pwnat

    The only tool and technique to punch holes through firewalls/NATs where both clients and server can be behind separate NATs without any 3rd party involvement. Pwnat uses a newly developed technique, exploiting a property of NAT translation tables, with no 3rd party, port forwarding, DMZ, router administrative requirements, STUN/TURN/UPnP/ICE, or spoofing required.

    pwnat - Punches holes in firewalls and NATs.

  • QueenSono

    Golang binary for data exfiltration with ICMP protocol (+ ICMP bindshell, http over ICMP tunneling, ...)

    QueenSono - Client/Server Binaries for data exfiltration with ICMP. Useful in a network where ICMP protocol is less monitored than others (which is a common case).

  • unicorn

    Unicorn is a simple tool for using a PowerShell downgrade attack and inject shellcode straight into memory. Based on Matthew Graeber's powershell attacks and the powershell bypass technique presented by David Kennedy (TrustedSec) and Josh Kelly at Defcon 18. (by trustedsec)

    Magic Unicorn - Shellcode generator for numerous attack vectors, including Microsoft Office macros, PowerShell, HTML applications (HTA), or certutil (using fake certificates).

  • pwntools

    CTF framework and exploit development library

    Pwntools - Rapid exploit development framework built for use in CTFs.

  • peda

    PEDA - Python Exploit Development Assistance for GDB

    peda - Python Exploit Development Assistance for GDB.

  • wordpress-exploit-framework

    A Ruby framework designed to aid in the penetration testing of WordPress systems.

    Wordpress Exploit Framework - Ruby framework for developing and using modules which aid in the penetration testing of WordPress powered websites and systems.

  • Hwacha

    Deploy payloads to *Nix systems en masse

    Hwacha - Post-exploitation tool to quickly execute payloads via SSH on one or more Linux systems simultaneously.

  • Linux_Exploit_Suggester

    Linux Exploit Suggester; based on operating system release number

    Linux Exploit Suggester - Heuristic reporting on potentially viable exploits for a given GNU/Linux system.

  • bruteforce-wallet

    Try to find the password of an encrypted Peercoin (or Bitcoin, Litecoin, etc...) wallet file.

    BruteForce Wallet - Find the password of an encrypted wallet file (i.e. wallet.dat).

  • duplicut

    Remove duplicates from MASSIVE wordlist, without sorting it (for dictionary-based password cracking)

    duplicut - Quickly remove duplicates, without changing the order, and without getting OOM on huge wordlists.

  • gocrack

    GoCrack is a management frontend for password cracking tools written in Go [Moved to: https://github.com/mandiant/gocrack] (by fireeye)

    GoCrack - Management Web frontend for distributed password cracking sessions using hashcat (or other supported tools) written in Go.

  • hate_crack

    A tool for automating cracking methodologies through Hashcat from the TrustedSec team.

    hate_crack - Tool for automating cracking methodologies through Hashcat.

  • jwt-cracker

    Simple HS256 JWT token brute force cracker

    JWT Cracker - Simple HS256 JSON Web Token (JWT) token brute force cracker.

  • Bless

    Bless - Gtk# Hex Editor (fork) (by bwrsandman)

    Bless - High quality, full featured, cross-platform graphical hex editor written in Gtk#.

  • hexedit

    View and edit files in hexadecimal or in ASCII

    hexedit - Simple, fast, console-based hex editor.

  • awesome-industrial-control-system-security

    A curated list of resources related to Industrial Control System (ICS) security.

    See also awesome-industrial-control-system-security.

  • isf

    ISF(Industrial Control System Exploitation Framework),a exploitation framework based on Python

    Industrial Exploitation Framework (ISF) - Metasploit-like exploit framework based on routersploit designed to target Industrial Control Systems (ICS), SCADA devices, PLC firmware, and more.

  • s7scan

    The tool for enumerating Siemens S7 PLCs through TCP/IP or LLC network

    s7scan - Scanner for enumerating Siemens S7 PLCs on a TCP/IP or LLC network.

  • awesome-vulnerable

    A curated list of VULNERABLE APPS and SYSTEMS which can be used as PENETRATION TESTING PRACTICE LAB.

    See also awesome-vulnerable.

  • awesome-lockpicking

    :unlock::sunglasses: A curated list of awesome guides, tools, and other resources related to the security and compromise of locks, safes, and keys.

    See awesome-lockpicking.

  • Bella

    Bella is a pure python post-exploitation data mining tool & remote administration tool for macOS. 🍎💻

    Bella - Pure Python post-exploitation data mining and remote administration tool for macOS.

  • x64dbg

    An open-source x64/x32 debugger for windows.

    x64dbg - Open source x64/x32 debugger for windows.

  • EvilOSX

    An evil RAT (Remote Administration Tool) for macOS / OS X.

    EvilOSX - Modular RAT that uses numerous evasion and exfiltration techniques out-of-the-box.

  • AutoSploit

    Automated Mass Exploiter

    AutoSploit - Automated mass exploiter, which collects target by employing the Shodan.io API and programmatically chooses Metasploit exploit modules based on the Shodan query.

  • Zed

    The OWASP ZAP core project

    OWASP Zed Attack Proxy (ZAP) - Feature-rich, scriptable HTTP intercepting proxy and fuzzer for penetration testing web applications.

  • decker

    Declarative penetration testing orchestration framework (by stevenaldinger)

    Decker - Penetration testing orchestration and automation framework, which allows writing declarative, reusable configurations capable of ingesting variables and using outputs of tools it has run as inputs to others.

  • faraday

    Collaborative Penetration Test and Vulnerability Management Platform (by infobyte)

    Faraday - Multiuser integrated pentesting environment for red teams performing cooperative penetration tests, security audits, and risk assessments.

  • pupy

    Pupy is an opensource, cross-platform (Windows, Linux, OSX, Android) remote administration and post-exploitation tool mainly written in python

    Pupy - Cross-platform (Windows, Linux, macOS, Android) remote administration and post-exploitation tool.

  • wappalyzer

    Identify technology on websites.

    Wappalyzer - Wappalyzer uncovers the technologies used on websites.

  • CrackMapExec

    A swiss army knife for pentesting networks

    CrackMapExec - Swiss army knife for pentesting networks.

  • torsocks

    Library to torify application - NOTE: upstream has been moved to https://gitweb.torproject.org/torsocks.git

    Tor - Free software and onion routed overlay network that helps you defend against traffic analysis.

  • ikeforce

    IKEForce - Command line IPSEC VPN brute forcing tool for Linux that allows group name/ID enumeration and XAUTH brute forcing capabilities.

  • legion

    Legion is an open source, easy-to-use, super-extensible and semi-automated network penetration testing tool that aids in discovery, reconnaissance and exploitation of information systems. (by GoVanguard)

    Legion - Graphical semi-automated discovery and reconnaissance framework based on Python 3 and forked from SPARTA.

  • PRET

    Printer Exploitation Toolkit - The tool that made dumpster diving obsolete.

    Printer Exploitation Toolkit (PRET) - Tool for printer security testing capable of IP and USB connectivity, fuzzing, and exploitation of PostScript, PJL, and PCL printer language features.

  • sslstrip

    A tool for exploiting Moxie Marlinspike's SSL "stripping" attack.

    sslstrip - Demonstration of the HTTPS stripping attacks.

  • spiderfoot

    SpiderFoot automates OSINT for threat intelligence and mapping your attack surface.

    Spiderfoot - Multi-source OSINT automation tool with a Web UI and report visualizations.

  • SigPloit

    SigPloit - Signaling security testing framework dedicated to telecom security for researching vulnerabilites in the signaling protocols used in mobile (cellular phone) operators.

  • SIET

    Smart Install Exploitation Tool

    Smart Install Exploitation Tool (SIET) - Scripts for identifying Cisco Smart Install-enabled switches on a network and then manipulating them.

  • john

    John the Ripper jumbo - advanced offline password cracker, which supports hundreds of hash and cipher types, and runs on many operating systems, CPUs, GPUs, and even some FPGAs

    John the Ripper - Fast password cracker.

  • thc-hydra

    hydra

    THC Hydra - Online password cracking tool with built-in support for many network protocols, including HTTP, SMB, FTP, telnet, ICQ, MySQL, LDAP, IMAP, VNC, and more.

  • tsunami-security-scanner

    Tsunami is a general purpose network security scanner with an extensible plugin system for detecting high severity vulnerabilities with high confidence.

    Tsunami - General purpose network security scanner with an extensible plugin system for detecting high severity vulnerabilities with high confidence.

  • zarp

    Network Attack Tool

    Zarp - Network attack tool centered around the exploitation of local networks.

  • dnstwist

    Domain name permutation engine for detecting homograph phishing attacks, typo squatting, and brand impersonation

    dnstwist - Domain name permutation engine for detecting typo squatting, phishing and corporate espionage.

  • impacket

    Impacket is a collection of Python classes for working with network protocols. [Moved to: https://github.com/SecureAuthCorp/impacket] (by CoreSecurity)

    impacket - Collection of Python classes for working with network protocols.

  • PivotSuite

    Network Pivoting Toolkit

    pivotsuite - Portable, platform independent and powerful network pivoting toolkit.

  • routersploit

    Exploitation Framework for Embedded Devices [Moved to: https://github.com/threat9/routersploit] (by reverse-shell)

    routersploit - Open source exploitation framework similar to Metasploit but dedicated to embedded devices.

  • rshijack

    tcp connection hijacker, rust rewrite of shijack

    rshijack - TCP connection hijacker, Rust rewrite of shijack.

  • anevicon

    :fire: The most powerful UDP-based load generator, written in Rust

    Anevicon - Powerful UDP-based load generator, written in Rust.

  • LOIC

    Low Orbit Ion Cannon - An open source network stress tool, written in C#. Based on Praetox's LOIC project. USE ON YOUR OWN RISK. WITHOUT ANY EXPRESS OR IMPLIED WARRANTIES.

    Low Orbit Ion Canon (LOIC) - Open source network stress tool written for Windows.

  • Metasploit

    Metasploit Framework

    Metasploit - Software for offensive security teams to help verify vulnerabilities and manage security assessments.

  • Memcrashed-DDoS-Exploit

    DDoS attack tool for sending forged UDP packets to vulnerable Memcached servers obtained using Shodan API

    Memcrashed - DDoS attack tool for sending forged UDP packets to vulnerable Memcached servers obtained using Shodan API.

  • slowloris

    Low bandwidth DoS tool. Slowloris rewrite in Python.

    SlowLoris - DoS tool that uses low bandwidth on the attacking side.

  • t50

    T50 - Faster network stress tool.

  • ufonet

    UFONet - Denial of Service Toolkit

    UFONet - Abuses OSI layer 7 HTTP to create/manage 'zombies' and to conduct different attacks using; GET/POST, multithreading, proxies, origin spoofing methods, cache evasion techniques, etc.

  • ACLight

    A script for advanced discovery of Privileged Accounts - includes Shadow Admins

    ACLight - Script for advanced discovery of sensitive Privileged Accounts - includes Shadow Admins.

  • blackarch

    An ArchLinux based distribution for penetration testers and security researchers.

    BlackArch - Arch GNU/Linux-based distribution for penetration testers and security researchers.

  • aquatone

    A Tool for Domain Flyovers

    AQUATONE - Subdomain discovery tool utilizing various open sources producing a report that can be used as input to other tools.

  • CloudFail

    Utilize misconfigured DNS and old database records to find hidden IP's behind the CloudFlare network

    CloudFail - Unmask server IP addresses hidden behind Cloudflare by searching old database records and detecting misconfigured DNS.

  • masscan

    TCP port scanner, spews SYN packets asynchronously, scanning entire Internet in under 5 minutes.

    Mass Scan - TCP port scanner, spews SYN packets asynchronously, scanning entire Internet in under 5 minutes.

  • bettercap

    The Swiss Army knife for 802.11, BLE, IPv4 and IPv6 networks reconnaissance and MITM attacks.

    BetterCAP - Modular, portable and easily extensible MITM framework.

  • Amass

    In-depth Attack Surface Mapping and Asset Discovery

    OWASP Amass - Subdomain enumeration via scraping, web archives, brute forcing, permutations, reverse DNS sweeping, TLS certificates, passive DNS data sources, etc.

  • ScanCannon

    Combines the speed of masscan with the reliability and detailed enumeration of nmap

    ScanCannon - Python script to quickly enumerate large networks by calling masscan to quickly identify open ports and then nmap to gain details on the systems/services on those ports.

  • xray

    XRay is a tool for recon, mapping and OSINT gathering from public networks. (by evilsocket)

    XRay - Network (sub)domain discovery and reconnaissance automation tool.

  • dnsenum

    dnsenum is a perl script that enumerates DNS information

    dnsenum - Perl script that enumerates DNS information from a domain, attempts zone transfers, performs a brute force dictionary style attack, and then performs reverse look-ups on the results.

  • dnsmap

    fork of http://code.google.com/p/dnsmap/source/checkout

    dnsmap - Passive DNS network mapper.

  • dnsrecon

    DNS Enumeration Script

    dnsrecon - DNS enumeration script.

  • SQLMap

    Automatic SQL injection and database takeover tool

    SQLmap - Automatic SQL injection and database takeover tool.

  • fierce

    A DNS reconnaissance tool for locating non-contiguous IP space.

    fierce - Python3 port of the original fierce.pl DNS reconnaissance tool for locating non-contiguous IP space.

  • passivedns-client

    passivedns-client provides a library and a query tool for querying several passive DNS providers

    passivedns-client - Library and query tool for querying several passive DNS providers.

  • prototype-pollution-explained

    Prototype Pollution in JavaScript

    Snyk Vulnerability DB - Detailed information and remediation guidance for vulnerabilities known by Snyk.

  • passivedns

    A network sniffer that logs all DNS server replies for use in a passive DNS setup

    passivedns - Network sniffer that logs all DNS server replies for use in a passive DNS setup.

  • HexFiend

    A fast and clever hex editor for macOS

    Hex Fiend - Fast, open source, hex editor for macOS with support for viewing binary diffs.

  • RustScan

    🤖 The Modern Port Scanner 🤖

    RustScan - Lightweight and quick open-source port scanner designed to automatically pipe open ports into Nmap.

  • scanless

    online port scan scraper

    scanless - Utility for using websites to perform port scans on your behalf so as not to reveal your own IP.

  • smbmap

    SMBMap is a handy SMB enumeration tool

    smbmap - Handy SMB enumeration tool.

  • subbrute

    A DNS meta-query spider that enumerates DNS records, and subdomains.

    subbrute - DNS meta-query spider that enumerates DNS records, and subdomains.

  • mitmproxy

    An interactive TLS-capable intercepting HTTP proxy for penetration testers and software developers.

    mitmproxy - Interactive TLS-capable intercepting HTTP proxy for penetration testers and software developers.

  • awesome-pcaptools

    A collection of tools developed by other researchers in the Computer Science area to process network traces. All the right reserved for the original authors.

    See also awesome-pcaptools.

  • Dshell

    Dshell is a network forensic analysis framework.

    Dshell - Network forensic analysis framework.

  • netzob

    Netzob: Protocol Reverse Engineering, Modeling and Fuzzing

    Netzob - Reverse engineering, traffic generation and fuzzing of communication protocols.

  • netsniff-ng

    A Swiss army knife for your daily Linux network plumbing.

    netsniff-ng - Swiss army knife for network sniffing.

  • sniffglue

    Secure multithreaded packet sniffer

    sniffglue - Secure multithreaded packet sniffer.

  • Kaitai Struct

    Kaitai Struct: declarative language to generate binary data parsers in C++ / C# / Go / Java / JavaScript / Lua / Perl / PHP / Python / Ruby

    Kaitai Struct - File formats and network protocols dissection language and web IDE, generating parsers in C++, C#, Java, JavaScript, Perl, PHP, Python, Ruby.

  • hping

    hping network tool

    hping3 - Network tool able to send custom TCP/IP packets.

  • pig

    A Linux packet crafting tool. (by rafael-santiago)

    pig - GNU/Linux packet crafting tool.

  • hashcat

    World's fastest and most advanced password recovery utility

    Hashcat - The more fast hash cracker.

  • scapy

    Scapy: the Python-based interactive packet manipulation program & library. Supports Python 2 & Python 3.

    scapy - Python-based interactive packet manipulation program and library.

  • habu

    Hacking Toolkit

    Habu - Python utility implementing a variety of network attacks, such as ARP poisoning, DHCP starvation, and more.

  • lambda-proxy

    Lambda-Proxy creates an HTTP proxy listening on localhost port 8082. When it receives an HTTP POST request with a very specific structure , it will parse the request, extract the relevant data required for the test, and will invoke your AWS Lambda function using the AWS SDK client.invoke() method. It was created for testing AWS Lambda functions with SQLMap as described here: https://www.puresec.io/blog/automated-sql-injection-testing-of-serverless-functions-on-a-shoestring-budget-and-some-good-m

    Lambda-Proxy - Utility for testing SQL Injection vulnerabilities on AWS Lambda serverless functions.

  • MITMf

    Framework for Man-In-The-Middle attacks

    MITMf - Framework for Man-In-The-Middle attacks.

  • i2p.i2p

    I2P is an anonymizing network, offering a simple layer that identity-sensitive applications can use to securely communicate. All data is wrapped with several layers of encryption, and the network is both distributed and dynamic, with no trusted parties.

    I2P - The Invisible Internet Project.

  • morpheus

    Morpheus - Automating Ettercap TCP/IP (MITM-hijacking Tool)

    Morpheus - Automated ettercap TCP/IP Hijacking tool.

  • gophish

    Open-Source Phishing Toolkit

    Gophish - Open-source phishing framework.

  • ssh-mitm

    SSH man-in-the-middle tool

    SSH MITM - Intercept SSH connections with a proxy; all plaintext passwords and sessions are logged to disk.

  • dnschef

    DNSChef - DNS proxy for Penetration Testers and Malware Analysts

    dnschef - Highly configurable DNS proxy for pentesters.

  • Cppcheck

    static analysis of C/C++ code

    cppcheck - Extensible C/C++ static analyzer focused on finding bugs.

  • evilgrade

    Evilgrade is a modular framework that allows the user to take advantage of poor upgrade implementations by injecting fake updates.

    evilgrade - Modular framework to take advantage of poor upgrade implementations by injecting fake updates.

  • mallory

    HTTP/HTTPS proxy over SSH

    mallory - HTTP/HTTPS proxy over SSH.

  • iodine

    Official git repo for iodine dns tunnel

    Iodine - Tunnel IPv4 data through a DNS server; useful for exfiltration from networks where Internet access is firewalled, but DNS queries are allowed.

  • oregano

    Man-in-the-middle against Tor bridges

    oregano - Python module that runs as a machine-in-the-middle (MITM) accepting Tor client requests.

  • lynis

    Lynis - Security auditing tool for Linux, macOS, and UNIX-based systems. Assists with compliance testing (HIPAA/ISO27001/PCI DSS) and system hardening. Agentless, and installation optional.

    Lynis - Auditing tool for UNIX-based systems.

  • sslyze

    Fast and powerful SSL/TLS scanning library.

    SSLyze - Fast and comprehensive TLS/SSL configuration analyzer to help identify security mis-configurations.

  • crackpkcs12

    A multithreaded program to crack PKCS#12 files (p12 and pfx extensions)

    crackpkcs12 - Multithreaded program to crack PKCS#12 files (.p12 and .pfx extensions), such as TLS/SSL certificates.

  • mimikatz

    A little tool to play with Windows security

    mimikatz - Credentials extraction tool for Windows operating system.

  • awesome-dva

    A curated list of "damn vulnerable apps" and exploitable VMs / wargames. See contributing.md for information.

    Awesome Penetration Testing

  • angr

    A powerful and user-friendly binary analysis platform!

    angr - Platform-agnostic binary analysis framework.

NOTE: The number of mentions on this list indicates mentions on common posts plus user suggested alternatives. Hence, a higher number means a more popular project.

Suggest a related project

Related posts