Penetration Testing
Explore 593 curated cybersecurity tools, with 15,190 visitors searching for solutions
FEATURED
Deliberately vulnerable web application for security professionals to practice attack techniques.
Deliberately vulnerable web application for security professionals to practice attack techniques.
A Python tool that mines URLs from web archives to assist security researchers in discovering potential attack surfaces for bug hunting and vulnerability assessment.
A Python tool that mines URLs from web archives to assist security researchers in discovering potential attack surfaces for bug hunting and vulnerability assessment.
An advanced cross-platform tool for detecting and exploiting SQL injection security flaws
An advanced cross-platform tool for detecting and exploiting SQL injection security flaws
An intentionally vulnerable web application containing multiple web service security flaws designed for educational purposes and security testing practice.
An intentionally vulnerable web application containing multiple web service security flaws designed for educational purposes and security testing practice.
A tool for enumerating and attacking GitHub Actions pipelines
A fuzzer for detecting open redirect vulnerabilities
SecLists is a comprehensive repository of security testing lists including usernames, passwords, URLs, fuzzing payloads, and web shells used during penetration testing and security assessments.
SecLists is a comprehensive repository of security testing lists including usernames, passwords, URLs, fuzzing payloads, and web shells used during penetration testing and security assessments.
Needle is a discontinued open source modular framework for iOS application security assessments that was compatible with iOS 9 and iOS 10 before being replaced by Objection.
Needle is a discontinued open source modular framework for iOS application security assessments that was compatible with iOS 9 and iOS 10 before being replaced by Objection.
Open-source Java application for creating proxies for traffic analysis & modification.
Open-source Java application for creating proxies for traffic analysis & modification.
A security assessment tool that identifies AWS IAM permissions by systematically testing API calls to determine the actual scope of access granted to specific credentials.
A security assessment tool that identifies AWS IAM permissions by systematically testing API calls to determine the actual scope of access granted to specific credentials.
A CVE compliant archive of public exploits and corresponding vulnerable software, and a categorized index of Internet search engine queries designed to uncover sensitive information.
A CVE compliant archive of public exploits and corresponding vulnerable software, and a categorized index of Internet search engine queries designed to uncover sensitive information.
A specification/framework for extending default C2 communication channels in Cobalt Strike
A specification/framework for extending default C2 communication channels in Cobalt Strike
Sysreptor offers a customizable security reporting solution for penetration testers and red teamers.
Sysreptor offers a customizable security reporting solution for penetration testers and red teamers.
A honeypot that emulates a Belkin N300 Home Wireless router with default setup to observe traffic
A honeypot that emulates a Belkin N300 Home Wireless router with default setup to observe traffic
PyBOF is a Python library that enables in-memory loading and execution of Beacon Object Files (BOFs) with support for argument passing and function targeting.
PyBOF is a Python library that enables in-memory loading and execution of Beacon Object Files (BOFs) with support for argument passing and function targeting.
A security tool for discovering S3 bucket references in web content and testing buckets for misconfigurations.
A security tool for discovering S3 bucket references in web content and testing buckets for misconfigurations.
A Linux privilege escalation auditing tool that identifies potential kernel vulnerabilities and suggests applicable exploits based on system analysis.
A Linux privilege escalation auditing tool that identifies potential kernel vulnerabilities and suggests applicable exploits based on system analysis.
x8 is a hidden parameters discovery suite that automatically identifies undocumented parameters in web applications and APIs for security testing purposes.
x8 is a hidden parameters discovery suite that automatically identifies undocumented parameters in web applications and APIs for security testing purposes.
APKLeaks is a command-line tool that scans Android APK files to identify embedded URIs, endpoints, and secrets for security assessment purposes.
APKLeaks is a command-line tool that scans Android APK files to identify embedded URIs, endpoints, and secrets for security assessment purposes.
A fast web crawler for discovering endpoints and assets within web applications during security reconnaissance.
A fast web crawler for discovering endpoints and assets within web applications during security reconnaissance.
Blacknet is a low interaction SSH multi-head honeypot system with logging capabilities.
Blacknet is a low interaction SSH multi-head honeypot system with logging capabilities.
InsecureShop is an intentionally vulnerable Android application built in Kotlin for educating developers and security professionals about mobile app vulnerabilities and penetration testing techniques.
InsecureShop is an intentionally vulnerable Android application built in Kotlin for educating developers and security professionals about mobile app vulnerabilities and penetration testing techniques.
A high-interaction honeypot solution for detecting and analyzing SMB-based attacks
A high-interaction honeypot solution for detecting and analyzing SMB-based attacks
A Python-based red team toolkit that leverages AWS boto3 SDK to perform offensive operations including credential extraction and file exfiltration from EC2 instances.
A Python-based red team toolkit that leverages AWS boto3 SDK to perform offensive operations including credential extraction and file exfiltration from EC2 instances.
