Penetration Testing
Browse 1,275 penetration testing tools
FEATURED
A deliberately vulnerable web application that uses WebSocket communication to provide a training environment for learning about WebSocket-related security vulnerabilities.
A suite for man in the middle attacks, featuring sniffing of live connections, content filtering, and protocol dissection.
A Python utility that identifies and exploits domains vulnerable to AWS name server takeover attacks by detecting misconfigured DNS settings.
An automation framework that runs multiple open-source subdomain bruteforcing tools in parallel using Docker Compose and custom wordlists.
An OSINT tool that generates username lists for companies on LinkedIn for social engineering attacks or security testing purposes.
A collaborative, multi-platform, red teaming framework for simulating attacks and testing defenses.
ZAP is an open-source web application security scanner that helps identify vulnerabilities through automated scanning and manual testing capabilities.
Python exploitation tool for gaining root access to Sixnet RTUs in SCADA networks by exploiting application-level vulnerabilities.
A payload creation framework designed to bypass Endpoint Detection and Response (EDR) systems.
A proof-of-concept toolkit for fingerprinting and exploiting Amazon Web Services cloud infrastructures using the boto library.
An image with commonly used tools for creating a pentest environment easily and quickly, with detailed instructions for launching in a VPS.
A deliberately vulnerable web application written in under 100 lines of Python code for educational purposes and web security testing.
A template-driven framework for creating custom evasion techniques to test Anti-Virus and EDR detection capabilities.
A collection of resources for practicing penetration testing
A cheat sheet providing examples of creating reverse shells for penetration testing.
Open source penetration testing tool for detecting and exploiting command injection vulnerabilities.
ezXSS is a testing framework that helps penetration testers and bug bounty hunters identify Cross Site Scripting vulnerabilities, especially blind XSS attacks.
Simple script to check a domain's email protections and identify vulnerabilities.
WackoPicko is an intentionally vulnerable web application used for security testing, penetration testing practice, and vulnerability scanner evaluation.
Sysreptor provides a customizable security reporting solution for penetration testers and red teamers.
drozer is an open source Android security testing framework that identifies vulnerabilities in mobile apps and devices through Android Runtime and IPC endpoint interaction.
An educational workshop providing hands-on training materials, lab environments, and tools for learning local privilege escalation techniques on Windows and Linux systems.
A printer honeypot PoC that simulates a printer on a network to detect and analyze potential attackers.
DVXTE is a Docker-based training platform containing multiple vulnerable applications designed for cybersecurity education and skill development.
