Penetration Testing
Explore 593 curated cybersecurity tools, with 15,190 visitors searching for solutions
FEATURED
A framework for testing and exploiting race condition vulnerabilities through concurrent request analysis and timing attack automation.
A framework for testing and exploiting race condition vulnerabilities through concurrent request analysis and timing attack automation.
A domain reconnaissance tool that automates subdomain discovery, port scanning, and monitoring with support for multiple data sources and notification integrations.
A domain reconnaissance tool that automates subdomain discovery, port scanning, and monitoring with support for multiple data sources and notification integrations.
A collection of three tools for extracting, dumping, and scanning exposed .git repositories on websites to identify sensitive information and security vulnerabilities.
A collection of three tools for extracting, dumping, and scanning exposed .git repositories on websites to identify sensitive information and security vulnerabilities.
ParamPamPam is an open-source tool that detects and exploits web application vulnerabilities using fuzzing, SQL injection, and XSS techniques.
ParamPamPam is an open-source tool that detects and exploits web application vulnerabilities using fuzzing, SQL injection, and XSS techniques.
A collection of customizable automation scripts for Turbo Intruder that facilitate vulnerability scanning, exploitation, and data extraction in penetration testing workflows.
A collection of customizable automation scripts for Turbo Intruder that facilitate vulnerability scanning, exploitation, and data extraction in penetration testing workflows.
A tool for analyzing pentest screenshots using a convolutional neural network
A tool for analyzing pentest screenshots using a convolutional neural network
A DNS rebinding attack framework for security researchers and penetration testers.
A DNS rebinding attack framework for security researchers and penetration testers.
SSTImap is an automated detection tool that identifies Server-Side Template Injection vulnerabilities in web applications through systematic testing and analysis.
SSTImap is an automated detection tool that identifies Server-Side Template Injection vulnerabilities in web applications through systematic testing and analysis.
A tool to discover new target domains using Content Security Policy
A tool to discover new target domains using Content Security Policy
A malicious DNS server that executes DNS Rebinding attacks on-demand to bypass same-origin policy restrictions and access internal network resources.
A malicious DNS server that executes DNS Rebinding attacks on-demand to bypass same-origin policy restrictions and access internal network resources.
A Python library that simplifies testing and exploiting race conditions in web applications using concurrent HTTP requests.
A Python library that simplifies testing and exploiting race conditions in web applications using concurrent HTTP requests.
S3cario is an AWS S3 bucket security testing tool that validates permissions and identifies potential vulnerabilities through scenario simulation.
S3cario is an AWS S3 bucket security testing tool that validates permissions and identifies potential vulnerabilities through scenario simulation.
A command line utility for searching and downloading exploits from multiple exploit databases including Exploit-DB and Packet Storm.
A command line utility for searching and downloading exploits from multiple exploit databases including Exploit-DB and Packet Storm.
mXtract is a Linux-based tool for memory analysis and dumping with regex pattern search capabilities.
mXtract is a Linux-based tool for memory analysis and dumping with regex pattern search capabilities.
A tool that generates .NET serialized gadgets for triggering assembly load and execution through BinaryFormatter deserialization in JavaScript, VBScript, and VBA scripts.
A tool that generates .NET serialized gadgets for triggering assembly load and execution through BinaryFormatter deserialization in JavaScript, VBScript, and VBA scripts.
Yar is a reconnaissance tool for scanning organizations, users, and repositories to identify vulnerabilities and security risks during security assessments.
Yar is a reconnaissance tool for scanning organizations, users, and repositories to identify vulnerabilities and security risks during security assessments.
C3 is a framework by WithSecureLabs for rapid prototyping of custom command and control channels that integrates with existing offensive security toolkits.
C3 is a framework by WithSecureLabs for rapid prototyping of custom command and control channels that integrates with existing offensive security toolkits.
A cloud-focused attack simulation framework that provides granular, self-contained offensive techniques mapped to MITRE ATT&CK for red team exercises.
A cloud-focused attack simulation framework that provides granular, self-contained offensive techniques mapped to MITRE ATT&CK for red team exercises.
A subdomain enumeration tool for penetration testers and security researchers.
A subdomain enumeration tool for penetration testers and security researchers.
kube-hunter is a security scanning tool that identifies vulnerabilities and security weaknesses in Kubernetes clusters through automated assessment and provides detailed reporting with remediation guidance.
kube-hunter is a security scanning tool that identifies vulnerabilities and security weaknesses in Kubernetes clusters through automated assessment and provides detailed reporting with remediation guidance.
Tool for randomizing Cobalt Strike Malleable C2 profiles to evade static, signature-based detection controls.
Tool for randomizing Cobalt Strike Malleable C2 profiles to evade static, signature-based detection controls.
A tool that finds more information about a given URL or domain by querying multiple data sources.
A tool that finds more information about a given URL or domain by querying multiple data sources.
