Pentest
Explore 30 curated tools and resources
Search by name, description, or purpose... (⌘+K)
PINNED
Promoted • 6 toolsCommercial
Data Protection
Commercial
Network Security
Commercial
Consulting
Commercial
Application Security
Commercial
Cloud Security
Commercial
Application Security
Want your tool featured here?
Get maximum visibility with pinned placement
LATEST ADDITIONS
A tool to escalate SSRF vulnerabilities on modern cloud environments
A python open source CMS scanner that automates the process of detecting security flaws of the most popular CMSs.
A python open source CMS scanner that automates the process of detecting security flaws of the most popular CMSs.
A fast and reliable port scanner for attack surface discovery
A tool for analyzing pentest screenshots using a convolutional neural network
A tool for analyzing pentest screenshots using a convolutional neural network
C3 is a framework for creating custom C2 channels, integrating with existing offensive toolkits.
C3 is a framework for creating custom C2 channels, integrating with existing offensive toolkits.
A comprehensive collection of security assessment lists for security testers.
A comprehensive collection of security assessment lists for security testers.
A specification/framework for extending default C2 communication channels in Cobalt Strike
A specification/framework for extending default C2 communication channels in Cobalt Strike
Docker image with essential tools for Kubernetes penetration testing.
Macro_Pack is a tool used to automate obfuscation and generation of Office documents for pentest, demo, and social engineering assessments.
Macro_Pack is a tool used to automate obfuscation and generation of Office documents for pentest, demo, and social engineering assessments.
GNU/Linux Wireless distribution for security testing with XFCE desktop environment.
GNU/Linux Wireless distribution for security testing with XFCE desktop environment.
Pacu is an open-source AWS exploitation framework for offensive security testing against cloud environments.
Pacu is an open-source AWS exploitation framework for offensive security testing against cloud environments.
Tool for setting up Glutton, a cybersecurity tool for monitoring SSH traffic.
Tool for setting up Glutton, a cybersecurity tool for monitoring SSH traffic.
A tool for spinning up insecure AWS infrastructure with Terraform for training and security assessment purposes.
A tool for spinning up insecure AWS infrastructure with Terraform for training and security assessment purposes.
A pocket reference guide providing various options for navigating and pivoting through different environments and situations.
A pocket reference guide providing various options for navigating and pivoting through different environments and situations.
Sysreptor offers a customizable reporting solution for pentesters and red teamers to enhance security documentation.
Sysreptor offers a customizable reporting solution for pentesters and red teamers to enhance security documentation.
Pentest active directory LAB project for practicing attack techniques.
Innovative tool for mobile security researchers to analyze targets with static and dynamic analysis capabilities and sharing functionalities.
Innovative tool for mobile security researchers to analyze targets with static and dynamic analysis capabilities and sharing functionalities.
A popular free security tool for automatically finding security vulnerabilities in web applications
A popular free security tool for automatically finding security vulnerabilities in web applications
An image with commonly used tools for creating a pentest environment easily and quickly, with detailed instructions for launching in a VPS.
An image with commonly used tools for creating a pentest environment easily and quickly, with detailed instructions for launching in a VPS.
A BloodHoundAD Report Engine for Security Teams to identify Active Directory security vulnerabilities and harden common configuration vulnerabilities and oversights.
A BloodHoundAD Report Engine for Security Teams to identify Active Directory security vulnerabilities and harden common configuration vulnerabilities and oversights.
WackoPicko is a vulnerable website with known vulnerabilities, now available as a Docker image and included in the OWASP Broken Web Applications Project.
WackoPicko is a vulnerable website with known vulnerabilities, now available as a Docker image and included in the OWASP Broken Web Applications Project.
A security testing framework for Android with tools to search for vulnerabilities and interact with the Android Runtime.
A security testing framework for Android with tools to search for vulnerabilities and interact with the Android Runtime.
A docker container with multiple vulnerable applications for cybersecurity training.
A docker container with multiple vulnerable applications for cybersecurity training.
Cloud Container Attack Tool (CCAT) is a tool for testing security of container environments.
Cloud Container Attack Tool (CCAT) is a tool for testing security of container environments.
A tutorial on how to use Apache mod_rewrite to randomly serve payloads in phishing attacks
A tutorial on how to use Apache mod_rewrite to randomly serve payloads in phishing attacks
A vulnerable web site for testing Sentinel features
A collection of SQL injection cheat sheets for various databases
A collection of SQL injection cheat sheets for various databases
Automate the search for Exploits and Vulnerabilities in important databases.
Automate the search for Exploits and Vulnerabilities in important databases.