Pentesting

Top 23 Pentesting Open-Source Projects

Pentesting
  1. SQLMap

    Automatic SQL injection and database takeover tool

    Project mention: Top Github repositories for 10+ programming languages | dev.to | 2024-07-16

    SQL MAP, learning SQL

  2. CodeRabbit

    CodeRabbit: AI Code Reviews for Developers. Revolutionize your code reviews with AI. CodeRabbit offers PR summaries, code walkthroughs, 1-click suggestions, and AST-based analysis. Boost productivity and code quality across all major languages with each PR.

    CodeRabbit logo
  3. Ciphey

    ⚑ Automatically decrypt encryptions without knowing the key or cipher, decode encodings, and crack hashes ⚑

  4. RustScan

    πŸ€– The Modern Port Scanner πŸ€–

    Project mention: πŸš€ εΏ«ι€Ÿγ€ζ™Ίθƒ½γ€ι«˜ζ•ˆηš„ηŽ°δ»£η«―ε£ζ‰«ζε™¨ β€” RustScan | dev.to | 2024-11-20
  5. spiderfoot

    SpiderFoot automates OSINT for threat intelligence and mapping your attack surface.

    Project mention: SpiderFoot automates OSINT for threat intelligence | news.ycombinator.com | 2024-07-03

    Some would disagree with that statement: <https://github.com/smicallef/spiderfoot/issues>

      The little development on the project is probably due to it's age.

  6. ffuf

    Fast web fuzzer written in Go

    Project mention: How to Explore an Exposed .git | dev.to | 2024-08-22

    There are many automated tools available for directory enumeration. In this example, I will demonstrate how to use the ffuf tool.

  7. dirsearch

    Web path scanner

  8. social-analyzer

    API, CLI, and Web App for analyzing and finding a person's profile in 1000 social media \ websites

  9. SaaSHub

    SaaSHub - Software Alternatives and Reviews. SaaSHub helps you find the best software and product alternatives

    SaaSHub logo
  10. owasp-mastg

    The Mobile Application Security Testing Guide (MASTG) is a comprehensive manual for mobile app security testing and reverse engineering. It describes the technical processes for verifying the controls listed in the OWASP Mobile Application Security Verification Standard (MASVS).

    Project mention: The Case for Standards in Mobile App Security | dev.to | 2024-07-31

    The OWASP Mobile Application Security (MAS) flagship project provides a robust security standard for mobile apps, known as the OWASP MASVS, along with a comprehensive testing guide (OWASP MASTG). These resources cover the processes, techniques, and tools used during a mobile app security test, ensuring consistent and complete results.

  11. gobuster

    Directory/File, DNS and VHost busting tool written in Go

    Project mention: Ask HN: How to find subdomains and paths for a website | news.ycombinator.com | 2024-06-01

    Are you looking for something like Gobuster?

    https://github.com/OJ/gobuster

  12. juice-shop

    OWASP Juice Shop: Probably the most modern and sophisticated insecure web application

    Project mention: OWASP Juice Shop: the most modern and sophisticated insecure web application | news.ycombinator.com | 2024-09-21
  13. thc-hydra

    hydra

  14. hacktricks

    Welcome to the page where you will find each trick/technique/whatever I have learnt in CTFs, real life apps, and reading researches and news.

  15. Red-Teaming-Toolkit

    This repository contains cutting-edge open-source security tools (OST) for a red teamer and threat hunter.

    Project mention: Read Team Tools Collection | news.ycombinator.com | 2024-07-30
  16. pupy

    Pupy is an opensource, cross-platform (Windows, Linux, OSX, Android) C2 and post-exploitation framework written in python and C

  17. Sn1per

    Attack Surface Management Platform

  18. bbot

    The recursive internet scanner for hackers. 🧑

    Project mention: Blacklanternsecurity / Bbot | news.ycombinator.com | 2024-12-13
  19. rengine

    reNgine is an automated reconnaissance framework for web applications with a focus on highly configurable streamlined recon process via Engines, recon data correlation and organization, continuous monitoring, backed by a database, and simple yet intuitive User Interface. reNgine makes it easy for penetration testers to gather reconnaissance with minimal configuration and with the help of reNgine's correlation, it just makes recon effortless.

  20. wstg

    The Web Security Testing Guide is a comprehensive Open Source guide to testing the security of web applications and web services.

  21. cve

    Gather and update all available and newest CVEs with their PoC.

  22. airgeddon

    This is a multi-use bash script for Linux systems to audit wireless networks.

    Project mention: Hacking WiFi 101: basic concepts, terminology, and a real-life example | dev.to | 2024-04-03

    Known tools (scripts) that are used to exploit WPS vulnerabilities are Reaver and Bully. Another great automated tool is Airgeddon. With some luck, you will be able to run these tools on vulnerable access points (or network repeaters, which are usually vulnerable to WPS attacks) and retrieve the key.

  23. hetty

    An HTTP toolkit for security research.

  24. awesome-shodan-queries

    πŸ” A collection of interesting, funny, and depressing search queries to plug into shodan.io πŸ‘©β€πŸ’»

  25. awesome-web-hacking

    A list of web application security

  26. SaaSHub

    SaaSHub - Software Alternatives and Reviews. SaaSHub helps you find the best software and product alternatives

    SaaSHub logo
NOTE: The open source projects on this list are ordered by number of github stars. The number of mentions indicates repo mentiontions in the last 12 Months or since we started tracking (Dec 2020).

Pentesting discussion

Log in or Post with

Pentesting related posts

  • Black Hat Rust

    2 projects | news.ycombinator.com | 8 Dec 2024
  • πŸš€ εΏ«ι€Ÿγ€ζ™Ίθƒ½γ€ι«˜ζ•ˆηš„ηŽ°δ»£η«―ε£ζ‰«ζε™¨ β€” RustScan

    1 project | dev.to | 20 Nov 2024
  • How to Explore an Exposed .git

    1 project | dev.to | 22 Aug 2024
  • PURPOSELY Exploiting A Kubernetes Cluster

    1 project | dev.to | 22 Aug 2024
  • The Case for Standards in Mobile App Security

    1 project | dev.to | 31 Jul 2024
  • Read Team Tools Collection

    1 project | news.ycombinator.com | 30 Jul 2024
  • Why are CTFs so important???

    1 project | dev.to | 17 Jul 2024
  • A note from our sponsor - SaaSHub
    www.saashub.com | 6 Feb 2025
    SaaSHub helps you find the best software and product alternatives Learn more β†’

Index

What are some of the best open-source Pentesting projects? This list will help you:

# Project Stars
1 SQLMap 33,169
2 Ciphey 18,695
3 RustScan 15,534
4 spiderfoot 13,648
5 ffuf 13,285
6 dirsearch 12,481
7 social-analyzer 12,069
8 owasp-mastg 11,943
9 gobuster 10,823
10 juice-shop 10,765
11 thc-hydra 10,017
12 hacktricks 9,409
13 Red-Teaming-Toolkit 9,258
14 pupy 8,558
15 Sn1per 8,365
16 bbot 7,713
17 rengine 7,669
18 wstg 7,579
19 cve 6,711
20 airgeddon 6,697
21 hetty 6,187
22 awesome-shodan-queries 6,075
23 awesome-web-hacking 6,005

Sponsored
CodeRabbit: AI Code Reviews for Developers
Revolutionize your code reviews with AI. CodeRabbit offers PR summaries, code walkthroughs, 1-click suggestions, and AST-based analysis. Boost productivity and code quality across all major languages with each PR.
coderabbit.ai