Penetration Testing
Browse 1,275 penetration testing tools
FEATURED
Preparation process for participating in the Pacific Rim CCDC 2015.
Sysreptor offers a customizable reporting solution for penetration testers and red teamers to streamline their security assessments.
GraphSpy is a browser-based post-exploitation tool for Azure Active Directory and Office 365 environments that enables token management, reconnaissance, and interaction with Microsoft 365 services.
A security testing framework for assessing container environment security across AWS and GCP cloud platforms.
KeeFarce extracts cleartext password database information from KeePass 2.x processes in memory using DLL injection and .NET runtime manipulation.
A tutorial on how to use Apache mod_rewrite to randomly serve payloads in phishing attacks
CTF Writeups are detailed educational documents that explain the step-by-step solutions to Capture The Flag cybersecurity challenges, serving as learning resources for security professionals.
A tool for automated security scanning of web applications and manual penetration testing.
An open-source security tool that simulates network breaches by self-propagating across data centers to test organizational resilience against lateral movement attacks.
Automated script to install and deploy a honeypot with kippo, dionaea, and p0f on Ubuntu 12.04.
InsecureBankv2 is an intentionally vulnerable Android application with a Python back-end server designed for educational purposes in mobile security testing and Android vulnerability research.
Tool for attacking Active Directory environments through SQL Server access.
A dynamic redirect rules generator that creates custom redirect configurations for penetration testing and security assessment scenarios.
A collection of free cloud security research articles by Rhino Security Labs covering AWS, Azure, and GCP security topics including best practices, vulnerability assessments, and threat mitigation strategies.
BeEF is a specialized penetration testing tool for exploiting web browser vulnerabilities to assess security.
A proxy aware C2 framework for penetration testing, red teaming, post-exploitation, and lateral movement with modular format and highly configurable payloads.
DIVA Android is an intentionally vulnerable Android application designed to teach security professionals and developers about mobile application security flaws through hands-on learning.
A three-part educational series documenting techniques for achieving domain administrator privileges in Windows environments, covering attack methods, defenses, and remediation strategies.
A comprehensive collection of SQL injection syntax references and payloads for testing various database management systems during penetration testing and security assessments.
DVHMA is an intentionally vulnerable Android hybrid mobile app built with Apache Cordova for security testing and educational purposes.
