Penetration Testing
Browse 1,275 penetration testing tools
FEATURED
A deliberately vulnerable web application containing DOM-based XSS, CSRF, and other web vulnerabilities for security testing and educational purposes.
A comprehensive collection of wordlists for bruteforcing and password cracking, covering various hashing algorithms and sizes.
SILENTTRINITY is a Python-based, asynchronous C2 framework that uses .NET scripting languages for post-exploitation activities without relying on PowerShell.
A VMware image for penetration testing purposes
A free and open-source deliberately insecure web application for security enthusiasts, developers, and students to discover and prevent web vulnerabilities.
A Go-based tool for discovering and inventorying internet-facing AWS assets across single or multiple accounts to help maintain comprehensive cloud attack surface visibility.
Collection of URLs for vulnerable web applications and systems for cybersecurity practice.
A payload creation framework for generating and executing C# code payloads with anti-evasion capabilities for offensive security operations.
Open source security auditing tool to search and dump system configuration.
WeirdAAL is an open-source framework that provides tools and libraries for simulating attacks and testing security vulnerabilities in AWS environments.
A powerful penetration testing platform for identifying vulnerabilities and weaknesses in computer systems.
A Ruby script that scans networks for vulnerable third-party web applications and front-ends with known exploitable security flaws.
A training program that teaches security professionals how to conduct penetration testing and attack simulations against AWS and Azure cloud infrastructure.
Fake SSH server that sends push notifications for login attempts
A PowerShell toolkit for penetration testing Microsoft Azure environments, providing discovery, configuration auditing, and post-exploitation capabilities.
w3af is an open source web application security scanner that identifies over 200 types of vulnerabilities including XSS, SQL injection, and OS commanding in web applications.
A tool for analyzing and visualizing control relationships and privilege escalation paths within Active Directory environments using graph-based representations.
Pupy is an open-source, cross-platform C2 framework that provides remote access and control capabilities for compromised systems across Windows, Linux, OSX, and Android platforms.
A collection of CTF write-ups demonstrating the use of pwntools for solving binary exploitation challenges across various cybersecurity competitions.
An open-source penetration testing framework for social engineering with custom attack vectors.
A collection of tips and tricks for container and container orchestration hacking and security testing.
Kali Linux is a specialized Linux distribution for cybersecurity professionals, focusing on penetration testing and security auditing.
