Penetration Testing
Browse 1,275 penetration testing tools
FEATURED
A repository documenting AppLocker bypass techniques with verified methods, legacy DLL execution approaches, and a PowerShell module for identifying AppLocker weaknesses.
InvisibilityCloak is a proof-of-concept C# code obfuscation toolkit designed for red teaming and penetration testing to conceal post-exploitation tools from detection.
Darkarmour is an open-source Windows antivirus evasion framework that enables security professionals to bypass antivirus detection through customizable obfuscation and anti-analysis techniques.
OWASP OWTF is a penetration testing framework focused on efficiency and alignment with security standards.
Free online ethical hacking course covering penetration testing, web app assessments, exploit development, and security operations.
A comprehensive toolkit for web application security testing, offering a range of products and solutions for identifying vulnerabilities and improving security posture.
PEDA is a Python extension for GDB that enhances debugging with colorized displays and specialized commands for exploit development and binary security analysis.
A Linux process injection tool that uses ptrace() to inject assembly-based shellcode into running processes without NULL byte restrictions.
FeatherDuster is a cryptanalysis tool that automatically identifies and exploits weaknesses in cryptographic systems by analyzing ciphertext files.
A comprehensive repository of payloads and bypass techniques for web application security testing and penetration testing across multiple platforms and attack vectors.
OneGadget is a CTF-focused tool that uses symbolic execution to find RCE gadgets in binaries that can execute shell commands through execve('/bin/sh', NULL, NULL).
Sysreptor offers a customizable reporting solution for offensive security assessments.
Platform for users to test cybersecurity skills by exploiting vulnerabilities.
A collection of YARA rules designed to identify files containing sensitive information such as usernames, passwords, and credit card numbers for penetration testing and forensic analysis.
Sysreptor provides a customizable reporting platform for pentesters and red teamers to efficiently document security assessments.
A pocket reference guide providing various options for navigating and pivoting through different environments and situations.
Tool for enumerating proxy configurations and generating CobaltStrike-compatible shellcode.
AHHHZURE is an automated deployment script that creates vulnerable Azure cloud lab environments for offensive security training and cloud penetration testing practice.
SharpC2 is a C#-based Command and Control framework that provides remote access capabilities for penetration testing and red team operations.
A Python script that performs security testing attacks against AWS Cognito services including account creation, user enumeration, and privilege escalation vulnerabilities.
A web-based Android application dynamic analysis tool that provides real-time Frida instrumentation capabilities through a Flask interface with modular JavaScript hooking support.
A Python script for creating a cohesive and up-to-date penetration testing framework.
High-performant, coroutines-driven, and fully customisable Low & Slow load generator for real-world pentesting with undetectability through Tor.
Sysreptor offers a customizable reporting solution for penetration testing and red teaming.
