📌 Your beginner pen-testing start guide. A guide for amateur pen testers and a collection of hacking tools, resources and references to practice ethical hacking and web security.

roadmap hacking penetration-testing post-exploitation vulnerabilities pentest exploitation hacking-tool frameworks information-gathering web-hacking hacktools

Updated Apr 12, 2020

1N3 / Sn1per

Star

Automated pentest framework for offensive security experts

Updated Jul 5, 2020
Shell

SecWiki / linux-kernel-exploits

Star

linux-kernel-exploits Linux平台提权漏洞集合

linux awesome collection kernel exploit tool pentest

Updated Jul 13, 2020
C

nahamsec / Resources-for-Beginner-Bug-Bounty-Hunters

Star

A list of resources for those interested in getting started in bug bounties

education hackers hacking xss bug-bounty web-security pentest ssrf bug-bounty-hunters learn2hack

Updated Jul 2, 2020

k8gege / K8tools

Star

K8工具合集(内网渗透/提权工具/远程溢出/漏洞利用/扫描工具/密码破解/免杀工具/Exploit/APT/0day/Shellcode/Payload/priviledge/BypassUAC/OverFlow/WebShell/PenTest) Web GetShell Exploit(Struts2/Zimbra/Weblogic/Tomcat/Apache/Jboss/DotNetNuke/zabbix)

database apt exploit scanner hacking password poc brute-force pentest bypass crack privilege-escalation 0day getshell netscan rar-mysql

Updated Jul 10, 2020
PowerShell

onlurking / awesome-infosec

Star

A curated list of awesome infosec courses and training resources.

security awesome lab penetration-testing courses infosec pentest security-professionals

Updated May 14, 2020

sensepost / objection

Star

Open

[bug] Job not created when loading script using import command

2

Techbrunch commented Apr 19, 2020

According to the documentation in the wiki:

Frida scripts loaded with the import command are also run as jobs automatically

Describe the bug

When loading a script with the import command, the script is successfully loaded but no jobs is created.

To Reproduce

import test.js
jobs list

Expected behavior

The job should be listed when running jobs list

**E

[documentation] SQLite Usage Documentation

Open

edit the list of pinned keys/certs

2

urbanadventurer / WhatWeb

Star

Next generation web scanner

Updated Jul 15, 2020
Ruby

foospidy / payloads

Star

Git All the Payloads! A collection of web attack payloads.

hacking xss cybersecurity sqli passwords pentest appsec payload payloads web-attack-payloads

Updated Apr 6, 2019
Shell

nixawk / pentest-wiki

Star

PENTEST-WIKI is a free online security knowledge library for pentesters / researchers. If you have a good idea, please share it with others.

security hacking pentest

Updated May 25, 2020
Python

lanjelot / patator

Star

Patator is a multi-purpose brute-forcer, with a modular design and a flexible usage.

brute-force pentest

Updated Jul 10, 2020
Python

coreb1t / awesome-pentest-cheat-sheets

Star

Collection of the cheat sheets useful for pentesting

security awesome cheatsheet penetration-testing pentest security-cheat-sheets pentest-cheat-sheets

Updated Feb 13, 2020

evilcos / xssor2

Star

XSS'OR - Hack with JavaScript.

encoding hack xss probe csrf pentest hacking-tool pentest-tool

Updated Feb 5, 2020
JavaScript

k8gege / Ladon

Star

大型内网渗透扫描器&Cobalt Strike，Ladon6.6内置74个模块，包含信息收集/存活主机/IP扫描/端口扫描/服务识别/网络资产/密码爆破/漏洞检测/漏洞利用。漏洞检测含MS17010、SMBGhost、Weblogic、ActiveMQ、Tomcat、Struts2系列，密码口令爆破(Mysql、Oracle、MSSQL)、FTP、SSH(Linux)、VNC、Windows(IPC、WMI、SMB、LDAP、SmbHash、WmiHash、Winrm),远程执行命令(wmiexe/psexec/atexec/sshexec/webshell),降权提权Runas、GetSystem，Poc/Exploit,支持Cobalt Strike 3.X-4.0

security tools hack exploit scanner hacking password poc brute-force pentest portscan security-scanner exp security-tools ladon ipscanner getshell netscan

Updated Jul 10, 2020
C#

UndeadSec / SocialFish

Star

Automated Phishing Tool & Information Collector

python phishing educational pentesting pentest undead

Updated Jun 12, 2020
CSS

cujanovic / SSRF-Testing

Star

SSRF (Server Side Request Forgery) testing resources

pentesting pentest ssrf pentest-tool server-side-request-forgery

Updated May 25, 2020
Python

LandGrey / pydictor

Star

A powerful and useful hacker dictionary builder for a brute-force attack

password-generator hacking bruteforce wordlist brute-force pentesting weak-passwords pentest wordlist-generator password-cracker hackertools social-engineering-attacks blasting bruteforce-password-cracker password-wordlist hacker-dictionary-builder

Updated Jan 10, 2020
Python

owtf / owtf

Star

Offensive Web Testing Framework (OWTF), is a framework which tries to unite great tools and make pen testing more efficient http://owtf.org https://twitter.com/owtfp

python linux security nist framework passive mozilla traffic owasp pentest impact kali-linux owtf semi-passive web-application-security

Updated Jul 16, 2020
Python

Hackplayers / evil-winrm

Star

The ultimate WinRM shell for hacking/pentesting

ruby shell docker powershell pentesting-windows hacking kerberos pentesting winrm pentest pass-the-hash remote-management win-rm evil-winrm psrp

Updated Jun 20, 2020
Ruby

0x00-0x00 / ShellPop

Star

Pop shells like a master.

shell remote hacking reverse bind pentest pop-shells

Updated Apr 2, 2019
Python

tom0li / collection-document

Star

Collection of quality safety articles

Updated Jul 7, 2020

swisskyrepo / SSRFmap

Star

Automatic SSRF fuzzer and exploitation tool

vulnerability ctf pentest exploitation ssrf server-side-request-forgery ssrfmap

Updated Jan 28, 2020
Python

rewardone / OSCPRepo

Star

A list of commands, scripts, resources, and more that I have gathered and attempted to consolidate for use as OSCP (and more) study material. Commands in 'Usefulcommands' Keepnote. Bookmarks and reading material in 'BookmarkList' CherryTree. Reconscan Py2 and Py3. Custom ISO building.

penetration-testing pentest oscp reconscan

Updated Jun 22, 2020
C

al0ne / Vxscan

Star

python3写的综合扫描工具，主要用来存活验证，敏感文件探测(目录扫描/js泄露接口/html注释泄露)，WAF/CDN识别，端口扫描，指纹/服务识别，操作系统识别，POC扫描，SQL注入，绕过CDN，查询旁站等功能，主要用来甲方自测或乙方授权测试，请勿用来搞破坏。

python tools cdn detection waf fingerprint python3 identification scan-tool pentest portscan port-scanning security-tools directory-scanning poc-scanning website-fingerprint fingerprint-recognition-error

Updated Jan 2, 2020
Python

D4Vinci / Dr0p1t-Framework

Star

A framework that create an advanced stealthy dropper that bypass most AVs and have a lot of tricks

Updated Nov 3, 2018
Python

m0rtem / CloudFail

Star

Utilize misconfigured DNS and old database records to find hidden IP's behind the CloudFlare network

database scanner tor bruteforce python3 cloudflare ip pentesting recon pentest cloudflare-ip

Updated Jun 27, 2020
Python

pentest

Here are 521 public repositories matching this topic...

swisskyrepo / PayloadsAllTheThings

SecWiki / windows-kernel-exploits

maurosoria / dirsearch

vanhauser-thc / thc-hydra

sundowndev / hacker-roadmap

1N3 / Sn1per

SecWiki / linux-kernel-exploits

nahamsec / Resources-for-Beginner-Bug-Bounty-Hunters

k8gege / K8tools

onlurking / awesome-infosec

sensepost / objection

[bug] Job not created when loading script using import command

[documentation] SQLite Usage Documentation

edit the list of pinned keys/certs

urbanadventurer / WhatWeb

foospidy / payloads

nixawk / pentest-wiki

lanjelot / patator

coreb1t / awesome-pentest-cheat-sheets

evilcos / xssor2

k8gege / Ladon

UndeadSec / SocialFish

cujanovic / SSRF-Testing

LandGrey / pydictor

owtf / owtf

Hackplayers / evil-winrm

0x00-0x00 / ShellPop

tom0li / collection-document

swisskyrepo / SSRFmap

rewardone / OSCPRepo

al0ne / Vxscan

D4Vinci / Dr0p1t-Framework

m0rtem / CloudFail

Improve this page

Add this topic to your repo

Jun	JUL	Aug
	17
2019	2020	2021