Penetration Testing
Explore 593 curated cybersecurity tools, with 15,190 visitors searching for solutions
FEATURED
A collection of security research tools from Google's Project Zero team for testing and analyzing iPhone messaging systems including SMS, iMessage, and IMAP protocols.
A collection of security research tools from Google's Project Zero team for testing and analyzing iPhone messaging systems including SMS, iMessage, and IMAP protocols.
A centralized reference resource containing default credentials for various devices and systems to assist security professionals in both offensive and defensive operations.
A centralized reference resource containing default credentials for various devices and systems to assist security professionals in both offensive and defensive operations.
A comprehensive collection of free online laboratories and platforms for practicing penetration testing, CTF challenges, and cybersecurity skills development.
A comprehensive collection of free online laboratories and platforms for practicing penetration testing, CTF challenges, and cybersecurity skills development.
A tool for identifying potential security vulnerabilities in web applications
A tool for identifying potential security vulnerabilities in web applications
Shadow Workers is an open source C2 framework and proxy tool for penetration testers to exploit XSS vulnerabilities and malicious Service Workers.
Shadow Workers is an open source C2 framework and proxy tool for penetration testers to exploit XSS vulnerabilities and malicious Service Workers.
A tool for generating permutations, alterations and mutations of subdomains and resolving them
A tool for generating permutations, alterations and mutations of subdomains and resolving them
SourcePoint generates customizable C2 profiles for Cobalt Strike servers to enhance evasion capabilities against security defenses.
SourcePoint generates customizable C2 profiles for Cobalt Strike servers to enhance evasion capabilities against security defenses.
Pacu is an open-source AWS exploitation framework designed for offensive security testing against cloud environments through modular attack capabilities.
Pacu is an open-source AWS exploitation framework designed for offensive security testing against cloud environments through modular attack capabilities.
A lightweight Command and Control (C2) implant written in Nim that provides remote access capabilities for penetration testing and red team operations.
A lightweight Command and Control (C2) implant written in Nim that provides remote access capabilities for penetration testing and red team operations.
A dynamic multi-cloud infrastructure framework that enables rapid deployment of disposable instances pre-loaded with security tools for distributed offensive and defensive security operations.
A dynamic multi-cloud infrastructure framework that enables rapid deployment of disposable instances pre-loaded with security tools for distributed offensive and defensive security operations.
Modular framework for pentesting Modbus protocol with diagnostic and offensive features.
Modular framework for pentesting Modbus protocol with diagnostic and offensive features.
A Python-based honeypot service for SSH, FTP, and Telnet connections
A Python-based honeypot service for SSH, FTP, and Telnet connections
LaBrea is a 'sticky' honeypot and IDS tool that traps malicious actors by creating virtual servers on unused IP addresses.
LaBrea is a 'sticky' honeypot and IDS tool that traps malicious actors by creating virtual servers on unused IP addresses.
A Live CD and Live USB for penetration testing and security assessment
A Live CD and Live USB for penetration testing and security assessment
MSBuildAPICaller is an offensive security tool that enables interaction with the MSBuild API to execute arbitrary scripts for red teaming and penetration testing purposes.
MSBuildAPICaller is an offensive security tool that enables interaction with the MSBuild API to execute arbitrary scripts for red teaming and penetration testing purposes.
GRFICS is a Unity 3D-based framework that provides a virtual industrial control system environment for practicing ICS security attacks and defenses with visual feedback.
GRFICS is a Unity 3D-based framework that provides a virtual industrial control system environment for practicing ICS security attacks and defenses with visual feedback.
Ivy is a payload creation framework for executing arbitrary VBA source code directly in memory, utilizing programmatical access to load, decrypt, and execute shellcode.
Ivy is a payload creation framework for executing arbitrary VBA source code directly in memory, utilizing programmatical access to load, decrypt, and execute shellcode.
A collection of vulnerable web application test cases designed to benchmark and evaluate the effectiveness of static security analyzers and penetration testing tools.
A collection of vulnerable web application test cases designed to benchmark and evaluate the effectiveness of static security analyzers and penetration testing tools.
A tool to profile web applications based on response time discrepancies.
A tool to profile web applications based on response time discrepancies.
A series of vulnerable virtual machine images with documentation to teach Linux, Apache, PHP, MySQL security.
A series of vulnerable virtual machine images with documentation to teach Linux, Apache, PHP, MySQL security.
A tool for working with Direct System Calls in Cobalt Strike's Beacon Object Files (BOF) for offensive security purposes.
A tool for working with Direct System Calls in Cobalt Strike's Beacon Object Files (BOF) for offensive security purposes.
A list of Windows privilege escalation techniques, categorized and explained in detail.
A list of Windows privilege escalation techniques, categorized and explained in detail.
HTB Academy offers guided cybersecurity training with industry certifications to help you become a market-ready professional.
HTB Academy offers guided cybersecurity training with industry certifications to help you become a market-ready professional.
A VM for mobile application security testing, Android and iOS applications, with custom-made tools and scripts.
A VM for mobile application security testing, Android and iOS applications, with custom-made tools and scripts.
