Top 23 Pentest Open-Source Projects

• PayloadsAllTheThings

  34 56,681 8.6 Python

  A list of useful payloads and bypass for Web Application Security and Pentest/CTF

Project mention: php shell not executed in wordpress | /r/hacking | 2023-12-08

Also https://github.com/swisskyrepo/PayloadsAllTheThings I'm sure there's a few test php files in here for filter bypasses too

• social-analyzer

  22 11,069 4.4 JavaScript

  API, CLI, and Web App for analyzing and finding a person's profile in 1000 social media \ websites

  

• InfluxDB

  www.influxdata.com sponsored

  Power Real-Time Data Analytics at Scale. Get real-time insights from all types of time series data with InfluxDB. Ingest, query, and analyze billions of data points in real-time with unbounded cardinality.

  

• Resources-for-Beginner-Bug-Bounty-Hunters

  5 10,097 2.9

  A list of resources for those interested in getting started in bug bounties

Project mention: Getting started with bb journey | /r/bugbounty | 2023-06-28

• thc-hydra

  18 8,997 5.8 C

  hydra

Project mention: Show HN: Hydra - Open-Source Columnar Postgres | news.ycombinator.com | 2023-09-19

Nice tool, only unfortunate name, consider changing it. Already very well know security tool named hydra https://github.com/vanhauser-thc/thc-hydra been around since 2001. Then facebook went ahead and named their config tool hydra https://github.com/facebookresearch/hydra on top of it. Like we get it, hydra popular mythology but we could use more original naming for tools

• windows-kernel-exploits

  7 7,712 0.0 C

  windows-kernel-exploits Windows平台提权漏洞集合

  

• objection

  17 6,978 3.9 Python

  📱 objection - runtime mobile exploration

  

• Detect-It-Easy

  18 6,567 9.4 JavaScript

  Program for determining types of files for Windows, Linux and MacOS.

Project mention: E-book piracy - a weird ZIP file | /r/Piracy | 2023-05-17

If it was me, I'd first run something like DIE on it (I have a few such programs installed)- https://github.com/horsicq/Detect-It-Easy

• WorkOS

  workos.com sponsored

  The modern identity platform for B2B SaaS. The APIs are flexible and easy-to-use, supporting authentication, user identity, and complex enterprise features like SSO and SCIM provisioning.

  

• AllAboutBugBounty

  3 5,409 3.5

  All about bug bounty (bypasses, payloads, and etc)

Project mention: How I hacked chess.com with a rookie exploit | news.ycombinator.com | 2024-01-26

Yeah, pretty close: "On-site request forgery"[0]

[0] https://github.com/daffainfo/AllAboutBugBounty/blob/master/O...

• DefaultCreds-cheat-sheet

  2 5,269 7.4 Python

  One place for all the default credentials to assist the Blue/Red teamers activities on finding devices with default password 🛡️

• feroxbuster

  12 5,270 8.2 Rust

  A fast, simple, recursive content discovery tool written in Rust.

Project mention: gobuster or dirbuster or dirb | /r/hacking | 2023-06-07

Ferox https://github.com/epi052/feroxbuster

• reconftw

  3 5,231 9.3 Shell

  reconFTW is a tool designed to perform automated recon on a target domain by running the best set of tools to perform scanning and finding out vulnerabilities

Project mention: Automated recognition frameworks? | /r/bugbounty | 2023-06-23

• RedTeam-Tools

  2 5,144 5.8

  Tools and Techniques for Red Team / Penetration Testing

• WhatWeb

  1 5,096 0.0 Ruby

  Next generation web scanner

• awesome-infosec

  16 4,966 0.0

  A curated list of awesome infosec courses and training resources.

Project mention: Ask HN: Guidance starting an infosec careeer from scratch | news.ycombinator.com | 2023-10-12

• evil-winrm

  4 4,150 3.0 Ruby

  The ultimate WinRM shell for hacking/pentesting

  

Project mention: HackTheBox - Writeup Authority [Retired] | dev.to | 2023-12-26

┌──(root㉿kali)-[/home/kali/hackthebox/machines-windows/authority] └─# evil-winrm -i authority.htb -u svc_ldap -p 'lDaP_1n_th3_cle4r!' Evil-WinRM shell v3.4 Warning: Remote path completions is disabled due to ruby limitation: quoting_detection_proc() function is unimplemented on this machine Data: For more information, check Evil-WinRM Github: https://github.com/Hackplayers/evil-winrm#Remote-path-completion Info: Establishing connection to remote endpoint *Evil-WinRM* PS C:\Users\svc_ldap\Documents>

• mosint

  11 3,861 5.9 Go

  An automated e-mail OSINT tool

Project mention: I'm a little sacred after finding information about digital footprint. So if anyone with the knowledge about it could you please give me a hand understanding it ? | /r/privacy | 2023-06-11

MOSINT is an open-source tool, and is quite trustworthy in the community. It does not contain any malware or viruses. Just clone their GitHub repository and follow the instructions mentioned there.

• tplmap

  1 3,624 0.0 Python2

  NO LONGER MAINTAINED - a pentest tool to detect and exploit SSTI

• Villain

  2 3,561 7.7 Python

  Villain is a C2 framework that can handle multiple TCP socket & HoaxShell-based reverse shells, enhance their functionality with additional features (commands, utilities etc) and share them among connected sibling servers (Villain instances running on different machines).

• payloads

  1 3,514 0.0 Shell

  Git All the Payloads! A collection of web attack payloads. (by foospidy)

• patator

  2 3,465 4.8 Python

  Patator is a multi-purpose brute-forcer, with a modular design and a flexible usage.

• pentest-wiki

  1 3,310 0.0 Python

  PENTEST-WIKI is a free online security knowledge library for pentesters / researchers. If you have a good idea, please share it with others.

• black-hat-rust

  48 3,044 4.3 Rust

  Applied offensive security with Rust - https://kerkour.com/black-hat-rust

  

Project mention: Cloudflare for Speed and Security | /r/CloudFlare | 2023-10-20

Bonuses: If you purchase Cloudflare for Speed and Security before November 4, 2023, you'll get my bestseller, Black Hat Rust, for free! Yes, you read it right, two books for less than the price of one!

• afrog

  1 2,798 9.7 Go

  A Security Tool for Bug Bounty, Pentest and Red Teaming.

Project mention: Afrog explained for bug bounty hunters | dev.to | 2023-12-28

• SaaSHub

  www.saashub.com sponsored

  SaaSHub - Software Alternatives and Reviews. SaaSHub helps you find the best software and product alternatives

  

Pentest related posts

• Osint update of the Snoop Project tool search for user by nickname
  1 project | news.ycombinator.com | 2 Jan 2024
• php shell not executed in wordpress
  1 project | /r/hacking | 8 Dec 2023
• Updated OSINT tool to search for user by nickname
  1 project | news.ycombinator.com | 29 Oct 2023
• XXE-XML External Entities Attacks
  2 projects | dev.to | 25 Oct 2023
• Cloudflare for Speed and Security
  2 projects | /r/CloudFlare | 20 Oct 2023
• Show HN: I'm writing a book – Cloudflare for Speed and Security
  1 project | news.ycombinator.com | 18 Oct 2023
• Ask HN: Guidance starting an infosec careeer from scratch
  1 project | news.ycombinator.com | 12 Oct 2023
• A note from our sponsor - WorkOS
  workos.com | 24 Apr 2024

  The APIs are flexible and easy-to-use, supporting authentication, user identity, and complex enterprise features like SSO and SCIM provisioning. Learn more →

Index

Sponsored

SaaSHub - Software Alternatives and Reviews

SaaSHub helps you find the best software and product alternatives

www.saashub.com