SaaSHub helps you find the best software and product alternatives Learn more β
Top 23 Pentesting Open-Source Projects
-
SQL MAP, learning SQL
-
CodeRabbit
CodeRabbit: AI Code Reviews for Developers. Revolutionize your code reviews with AI. CodeRabbit offers PR summaries, code walkthroughs, 1-click suggestions, and AST-based analysis. Boost productivity and code quality across all major languages with each PR.
-
Ciphey
β‘ Automatically decrypt encryptions without knowing the key or cipher, decode encodings, and crack hashes β‘
-
Project mention: π εΏ«ιγζΊθ½γι«ζηη°δ»£η«―ε£ζ«ζε¨ β RustScan | dev.to | 2024-11-20
-
Project mention: SpiderFoot automates OSINT for threat intelligence | news.ycombinator.com | 2024-07-03
Some would disagree with that statement: <https://github.com/smicallef/spiderfoot/issues>
The little development on the project is probably due to it's age.
-
There are many automated tools available for directory enumeration. In this example, I will demonstrate how to use the ffuf tool.
-
-
social-analyzer
API, CLI, and Web App for analyzing and finding a person's profile in 1000 social media \ websites
-
SaaSHub
SaaSHub - Software Alternatives and Reviews. SaaSHub helps you find the best software and product alternatives
-
owasp-mastg
The Mobile Application Security Testing Guide (MASTG) is a comprehensive manual for mobile app security testing and reverse engineering. It describes the technical processes for verifying the controls listed in the OWASP Mobile Application Security Verification Standard (MASVS).
The OWASP Mobile Application Security (MAS) flagship project provides a robust security standard for mobile apps, known as the OWASP MASVS, along with a comprehensive testing guide (OWASP MASTG). These resources cover the processes, techniques, and tools used during a mobile app security test, ensuring consistent and complete results.
-
Project mention: Ask HN: How to find subdomains and paths for a website | news.ycombinator.com | 2024-06-01
Are you looking for something like Gobuster?
https://github.com/OJ/gobuster
-
Project mention: OWASP Juice Shop: the most modern and sophisticated insecure web application | news.ycombinator.com | 2024-09-21
-
-
hacktricks
Welcome to the page where you will find each trick/technique/whatever I have learnt in CTFs, real life apps, and reading researches and news.
-
Red-Teaming-Toolkit
This repository contains cutting-edge open-source security tools (OST) for a red teamer and threat hunter.
-
pupy
Pupy is an opensource, cross-platform (Windows, Linux, OSX, Android) C2 and post-exploitation framework written in python and C
-
-
-
rengine
reNgine is an automated reconnaissance framework for web applications with a focus on highly configurable streamlined recon process via Engines, recon data correlation and organization, continuous monitoring, backed by a database, and simple yet intuitive User Interface. reNgine makes it easy for penetration testers to gather reconnaissance with minimal configuration and with the help of reNgine's correlation, it just makes recon effortless.
-
wstg
The Web Security Testing Guide is a comprehensive Open Source guide to testing the security of web applications and web services.
-
-
Project mention: Hacking WiFi 101: basic concepts, terminology, and a real-life example | dev.to | 2024-04-03
Known tools (scripts) that are used to exploit WPS vulnerabilities are Reaver and Bully. Another great automated tool is Airgeddon. With some luck, you will be able to run these tools on vulnerable access points (or network repeaters, which are usually vulnerable to WPS attacks) and retrieve the key.
-
-
awesome-shodan-queries
π A collection of interesting, funny, and depressing search queries to plug into shodan.io π©βπ»
-
-
SaaSHub
SaaSHub - Software Alternatives and Reviews. SaaSHub helps you find the best software and product alternatives
Pentesting discussion
Pentesting related posts
-
Black Hat Rust
-
π εΏ«ιγζΊθ½γι«ζηη°δ»£η«―ε£ζ«ζε¨ β RustScan
-
How to Explore an Exposed .git
-
PURPOSELY Exploiting A Kubernetes Cluster
-
The Case for Standards in Mobile App Security
-
Read Team Tools Collection
-
Why are CTFs so important???
-
A note from our sponsor - SaaSHub
www.saashub.com | 6 Feb 2025
Index
What are some of the best open-source Pentesting projects? This list will help you:
# | Project | Stars |
---|---|---|
1 | SQLMap | 33,169 |
2 | Ciphey | 18,695 |
3 | RustScan | 15,534 |
4 | spiderfoot | 13,648 |
5 | ffuf | 13,285 |
6 | dirsearch | 12,481 |
7 | social-analyzer | 12,069 |
8 | owasp-mastg | 11,943 |
9 | gobuster | 10,823 |
10 | juice-shop | 10,765 |
11 | thc-hydra | 10,017 |
12 | hacktricks | 9,409 |
13 | Red-Teaming-Toolkit | 9,258 |
14 | pupy | 8,558 |
15 | Sn1per | 8,365 |
16 | bbot | 7,713 |
17 | rengine | 7,669 |
18 | wstg | 7,579 |
19 | cve | 6,711 |
20 | airgeddon | 6,697 |
21 | hetty | 6,187 |
22 | awesome-shodan-queries | 6,075 |
23 | awesome-web-hacking | 6,005 |