The APIs are flexible and easy-to-use, supporting authentication, user identity, and complex enterprise features like SSO and SCIM provisioning. Learn more →
Top 23 Pentest Open-Source Projects
-
PayloadsAllTheThings
A list of useful payloads and bypass for Web Application Security and Pentest/CTF
-
social-analyzer
API, CLI, and Web App for analyzing and finding a person's profile in 1000 social media \ websites
-
InfluxDB
Power Real-Time Data Analytics at Scale. Get real-time insights from all types of time series data with InfluxDB. Ingest, query, and analyze billions of data points in real-time with unbounded cardinality.
-
Resources-for-Beginner-Bug-Bounty-Hunters
A list of resources for those interested in getting started in bug bounties
-
WorkOS
The modern identity platform for B2B SaaS. The APIs are flexible and easy-to-use, supporting authentication, user identity, and complex enterprise features like SSO and SCIM provisioning.
-
DefaultCreds-cheat-sheet
One place for all the default credentials to assist the Blue/Red teamers activities on finding devices with default password 🛡️
-
reconftw
reconFTW is a tool designed to perform automated recon on a target domain by running the best set of tools to perform scanning and finding out vulnerabilities
-
Villain
Villain is a C2 framework that can handle multiple TCP socket & HoaxShell-based reverse shells, enhance their functionality with additional features (commands, utilities etc) and share them among connected sibling servers (Villain instances running on different machines).
-
pentest-wiki
PENTEST-WIKI is a free online security knowledge library for pentesters / researchers. If you have a good idea, please share it with others.
-
SaaSHub
SaaSHub - Software Alternatives and Reviews. SaaSHub helps you find the best software and product alternatives
Also https://github.com/swisskyrepo/PayloadsAllTheThings I'm sure there's a few test php files in here for filter bypasses too
Nice tool, only unfortunate name, consider changing it. Already very well know security tool named hydra https://github.com/vanhauser-thc/thc-hydra been around since 2001. Then facebook went ahead and named their config tool hydra https://github.com/facebookresearch/hydra on top of it. Like we get it, hydra popular mythology but we could use more original naming for tools
If it was me, I'd first run something like DIE on it (I have a few such programs installed)- https://github.com/horsicq/Detect-It-Easy
Yeah, pretty close: "On-site request forgery"[0]
[0] https://github.com/daffainfo/AllAboutBugBounty/blob/master/O...
Ferox https://github.com/epi052/feroxbuster
Project mention: Ask HN: Guidance starting an infosec careeer from scratch | news.ycombinator.com | 2023-10-12
┌──(root㉿kali)-[/home/kali/hackthebox/machines-windows/authority] └─# evil-winrm -i authority.htb -u svc_ldap -p 'lDaP_1n_th3_cle4r!' Evil-WinRM shell v3.4 Warning: Remote path completions is disabled due to ruby limitation: quoting_detection_proc() function is unimplemented on this machine Data: For more information, check Evil-WinRM Github: https://github.com/Hackplayers/evil-winrm#Remote-path-completion Info: Establishing connection to remote endpoint *Evil-WinRM* PS C:\Users\svc_ldap\Documents>
Project mention: I'm a little sacred after finding information about digital footprint. So if anyone with the knowledge about it could you please give me a hand understanding it ? | /r/privacy | 2023-06-11MOSINT is an open-source tool, and is quite trustworthy in the community. It does not contain any malware or viruses. Just clone their GitHub repository and follow the instructions mentioned there.
Bonuses: If you purchase Cloudflare for Speed and Security before November 4, 2023, you'll get my bestseller, Black Hat Rust, for free! Yes, you read it right, two books for less than the price of one!
Pentest related posts
- Osint update of the Snoop Project tool search for user by nickname
- php shell not executed in wordpress
- Updated OSINT tool to search for user by nickname
- XXE-XML External Entities Attacks
- Cloudflare for Speed and Security
- Show HN: I'm writing a book – Cloudflare for Speed and Security
- Ask HN: Guidance starting an infosec careeer from scratch
-
A note from our sponsor - WorkOS
workos.com | 24 Apr 2024
Index
What are some of the best open-source Pentest projects? This list will help you:
Project | Stars | |
---|---|---|
1 | PayloadsAllTheThings | 56,681 |
2 | social-analyzer | 11,069 |
3 | Resources-for-Beginner-Bug-Bounty-Hunters | 10,097 |
4 | thc-hydra | 8,997 |
5 | windows-kernel-exploits | 7,712 |
6 | objection | 6,978 |
7 | Detect-It-Easy | 6,567 |
8 | AllAboutBugBounty | 5,409 |
9 | DefaultCreds-cheat-sheet | 5,269 |
10 | feroxbuster | 5,270 |
11 | reconftw | 5,231 |
12 | RedTeam-Tools | 5,144 |
13 | WhatWeb | 5,096 |
14 | awesome-infosec | 4,966 |
15 | evil-winrm | 4,150 |
16 | mosint | 3,861 |
17 | tplmap | 3,624 |
18 | Villain | 3,561 |
19 | payloads | 3,514 |
20 | patator | 3,465 |
21 | pentest-wiki | 3,310 |
22 | black-hat-rust | 3,044 |
23 | afrog | 2,798 |
Sponsored