Penetration Testing
Browse 1,275 penetration testing tools
FEATURED
An educational cheatsheet that provides privilege escalation fundamentals and examples for CTF players and cybersecurity beginners.
A vulnerability scanner that helps you identify and fix vulnerabilities in your code
A standalone man-in-the-middle attack framework used for phishing login credentials and bypassing 2-factor authentication.
AppMon is a Frida-based automated framework for monitoring and tampering with system API calls across macOS, iOS, and Android applications.
A Python-based framework that generates evidence of MITRE ATT&CK tactics to help blue teams test their detection capabilities against simulated malicious activities.
A comprehensive guide to using Metasploit, including searching for modules, specifying exploits and payloads, and using auxiliary modules.
CloudFox is an open source command line tool that helps penetration testers and offensive security professionals identify exploitable attack paths and gain situational awareness in cloud infrastructure environments.
An Android port of the Radamsa fuzzing tool compiled with Android NDK to support Android ABIs for security testing on mobile platforms.
GNU/Linux Wireless distribution for security testing with XFCE desktop environment.
A collection of security research tools from Google's Project Zero team for testing and analyzing iPhone messaging systems including SMS, iMessage, and IMAP protocols.
A centralized reference resource containing default credentials for various devices and systems to assist security professionals in both offensive and defensive operations.
A comprehensive collection of free online laboratories and platforms for practicing penetration testing, CTF challenges, and cybersecurity skills development.
A tool for identifying potential security vulnerabilities in web applications
Shadow Workers is an open source C2 framework and proxy tool for penetration testers to exploit XSS vulnerabilities and malicious Service Workers.
A tool for generating permutations, alterations and mutations of subdomains and resolving them
SourcePoint generates customizable C2 profiles for Cobalt Strike servers to enhance evasion capabilities against security defenses.
Pacu is an open-source AWS exploitation framework designed for offensive security testing against cloud environments through modular attack capabilities.
A lightweight Command and Control (C2) implant written in Nim that provides remote access capabilities for penetration testing and red team operations.
A dynamic multi-cloud infrastructure framework that enables rapid deployment of disposable instances pre-loaded with security tools for distributed offensive and defensive security operations.
Modular framework for pentesting Modbus protocol with diagnostic and offensive features.
A Python-based honeypot service for SSH, FTP, and Telnet connections
LaBrea is a 'sticky' honeypot and IDS tool that traps malicious actors by creating virtual servers on unused IP addresses.
A Live CD and Live USB for penetration testing and security assessment
