Penetration Testing
Browse 1,275 penetration testing tools
FEATURED
CloudGoat is a vulnerable-by-design AWS deployment tool that creates intentionally insecure cloud environments for hands-on cybersecurity training through capture-the-flag scenarios.
Medium interaction SSH Honeypot with multiple virtual hosts and sandboxed filesystems.
Covenant is a collaborative .NET command and control framework designed for red team operations and offensive security engagements.
NoSQLMap is an open source Python tool that automates NoSQL injection attacks and exploits configuration weaknesses in NoSQL databases to disclose or clone data.
A structured approach for conducting penetration tests with seven main sections covering all aspects of the test.
A command line tool that generates randomized malleable C2 profiles for Cobalt Strike to vary command and control communication patterns.
A Ruby framework designed to aid in the penetration testing of WordPress systems.
Sysreptor offers a customizable reporting solution for pentesters and red teamers to enhance security documentation.
KFSensor is an advanced Windows honeypot system for detecting hackers and worms by simulating vulnerable system services.
A cheat sheet for pentesters and researchers about deserialization vulnerabilities in various Java (JVM) serialization libraries.
The Hacker News is a leading cybersecurity news platform providing updates, insights, and information to professionals and enthusiasts in the field.
Lambda-Proxy is a utility that enables SQL injection testing of AWS Lambda functions by converting SQLMap HTTP attacks into Lambda invoke calls through a local proxy.
Pwndrop is a self-deployable file hosting service for red teamers, allowing easy upload and sharing of payloads over HTTP and WebDAV.
iOS application for testing iOS penetration testing skills in a legal environment.
A Linux command-line tool that allows you to kill in-progress TCP connections based on a filter expression, useful for libnids-based applications that require a full TCP 3-way handshake for TCB creation.
A comprehensive cheat sheet providing SQLite-specific SQL injection techniques, payloads, and enumeration methods for security testing and penetration testing activities.
EvilClippy is a cross-platform tool that creates malicious MS Office documents with hidden VBA macros and evasion techniques for penetration testing and red team operations.
A standard for conducting penetration tests, covering seven main sections from planning to reporting.
Sysreptor offers a customizable security reporting solution for penetration testers and red teamers.
INE Security offers a range of cybersecurity certifications, including penetration testing, mobile and web application security, and incident response.
A comprehensive PowerShell cheat sheet covering various tasks and techniques for file management, process management, network operations, and system administration.
A Docker security analysis tool that scans containers and networks to identify vulnerabilities and security weaknesses in Docker environments.
