Penetration Testing
Browse 1,275 penetration testing tools
FEATURED
idb is a tool that simplifies iOS penetration testing and security research tasks, available in both command line and GUI versions.
Pwntools is a Python CTF framework and exploit development library that provides tools for rapid prototyping and development of exploits and CTF challenge solutions.
A modular, cross-platform framework for creating repeatable, time-delayed security events and scenarios for Blue Team training and Red Team operations.
Sysreptor offers a customizable security reporting solution for penetration testers and red teamers.
A comprehensive SQL injection cheat sheet covering various database management systems and techniques.
Havoc is a malleable post-exploitation command and control framework that provides a client-server architecture with payload generation, customizable C2 profiles, and team collaboration capabilities for red team operations.
Create a vulnerable active directory for testing various Active Directory attacks.
Sysreptor offers a customizable reporting solution for penetration testing and red teaming activities.
A Python-based network hacking toolkit that implements various attack and reconnaissance techniques for educational purposes and network security learning.
Sysreptor offers a customizable security reporting solution for penetration testers and red teamers.
Sysreptor offers a customizable reporting solution for offensive security assessments.
Automate Google Hacking Database scraping and searching with Pagodo, a tool for finding vulnerabilities and sensitive information.
A distributed systems simulator that creates intentionally vulnerable Kubernetes clusters in AWS for security training and attack scenario practice.
A technique for social engineering and untrusted command execution using ClickOnce technology
A fully customizable, offensive security reporting solution for pentesters, red teamers, and other security professionals.
An easy to set up SSH honeypot for logging SSH connections and activity.
Introspy-Android is a dynamic analysis framework that hooks Android APIs at runtime to monitor application behavior and identify security vulnerabilities on rooted devices.
BeEF is a penetration testing framework that exploits web browsers to assess client-side security vulnerabilities and launch attacks from within the browser context.
AutoTTP automates complex attack sequences and testing scenarios for regression tests and research using frameworks like Empire, Metasploit, and Cobalt Strike.
A cross-platform post-exploitation HTTP/2 Command & Control framework designed specifically for testing and exploiting containerized environments including Docker and Kubernetes.
A collection of command reference cheatsheets for penetration testing tools and security utilities, designed to help security professionals quickly recall important but infrequently used commands.
A Linux-based environment for penetration testing and vulnerability exploitation
A penetration testing tool that intercepts SSH connections by patching OpenSSH source code to act as a proxy and log plaintext passwords and sessions.
