Ethical hacking tools and resources for penetration testing and red team operations. Task: Penetration TestingExplore 89 curated tools and resources
Want your tool featured here?
Get maximum visibility with pinned placement
NetSPI Breach and Attack Simulation as a Service validates security control effectiveness through expert-led attack simulations mapped to the MITRE ATT&CK framework.
NetSPI Breach and Attack Simulation as a Service validates security control effectiveness through expert-led attack simulations mapped to the MITRE ATT&CK framework.
A Python script that scans file systems to identify hardcoded credentials, API keys, and other sensitive secrets using configurable regex patterns.
A Python script that scans file systems to identify hardcoded credentials, API keys, and other sensitive secrets using configurable regex patterns.
An AI-powered penetration testing platform that autonomously discovers, exploits, and documents vulnerabilities while generating NIST-compliant reports.
An AI-powered penetration testing platform that autonomously discovers, exploits, and documents vulnerabilities while generating NIST-compliant reports.
A web application security testing platform that combines manual and automated testing tools for conducting comprehensive security assessments and penetration testing.
A web application security testing platform that combines manual and automated testing tools for conducting comprehensive security assessments and penetration testing.
A proof-of-concept tool that demonstrates automated MFA bypass techniques for Microsoft Outlook through browser automation and request interception.
A proof-of-concept tool that demonstrates automated MFA bypass techniques for Microsoft Outlook through browser automation and request interception.
XAHICO Web Platform is a cloud-based solution for vulnerability detection, penetration testing, and adversary simulation, accessible through web browsers and suitable for various user levels.
XAHICO Web Platform is a cloud-based solution for vulnerability detection, penetration testing, and adversary simulation, accessible through web browsers and suitable for various user levels.
A C++ staged shellcode loader with evasion capabilities, compatible with Sliver and other shellcode sources, designed for offensive security testing.
A C++ staged shellcode loader with evasion capabilities, compatible with Sliver and other shellcode sources, designed for offensive security testing.
A lightweight and portable Docker container for penetration testers and CTF players
A lightweight and portable Docker container for penetration testers and CTF players
A penetration testing framework for identifying and exploiting vulnerabilities.
A penetration testing framework for identifying and exploiting vulnerabilities.
A Python-based tool for identifying and exploiting file inclusion and directory traversal vulnerabilities in web applications.
A Python-based tool for identifying and exploiting file inclusion and directory traversal vulnerabilities in web applications.
Automatic tool for DNS rebinding-based SSRF attacks
A tool for detecting and taking over subdomains with dead DNS records
A tool for detecting and taking over subdomains with dead DNS records
A front-end JavaScript toolkit for creating DNS rebinding attacks
A front-end JavaScript toolkit for creating DNS rebinding attacks
A Burp Suite extension for sending large numbers of HTTP requests and analyzing the results.
A Burp Suite extension for sending large numbers of HTTP requests and analyzing the results.
A framework for testing and exploiting race conditions in software
A domain reconnaissance tool that automates subdomain discovery, port scanning, and monitoring with support for multiple data sources and notification integrations.
A domain reconnaissance tool that automates subdomain discovery, port scanning, and monitoring with support for multiple data sources and notification integrations.
A collection of scripts for Turbo Intruder, a penetration testing tool
A collection of scripts for Turbo Intruder, a penetration testing tool
A DNS rebinding attack framework for security researchers and penetration testers.
A DNS rebinding attack framework for security researchers and penetration testers.
A subdomain enumeration tool for penetration testers and security researchers.
A subdomain enumeration tool for penetration testers and security researchers.
Tool for randomizing Cobalt Strike Malleable C2 profiles to evade static, signature-based detection controls.
Tool for randomizing Cobalt Strike Malleable C2 profiles to evade static, signature-based detection controls.
A tool that finds more information about a given URL or domain by querying multiple data sources.
A tool that finds more information about a given URL or domain by querying multiple data sources.
A tool for enumerating and attacking GitHub Actions pipelines