Pentest
Explore 30 curated tools and resources
LATEST ADDITIONS
A tool to escalate SSRF vulnerabilities on modern cloud environments
A python open source CMS scanner that automates the process of detecting security flaws of the most popular CMSs.
A fast and reliable port scanner for attack surface discovery
A tool for analyzing pentest screenshots using a convolutional neural network
C3 is a framework for creating custom C2 channels, integrating with existing offensive toolkits.
A comprehensive collection of security assessment lists for security testers.
A specification/framework for extending default C2 communication channels in Cobalt Strike
Docker image with essential tools for Kubernetes penetration testing.
Macro_Pack is a tool used to automate obfuscation and generation of Office documents for pentest, demo, and social engineering assessments.
GNU/Linux Wireless distribution for security testing with XFCE desktop environment.
Pacu is an open-source AWS exploitation framework for offensive security testing against cloud environments.
Tool for setting up Glutton, a cybersecurity tool for monitoring SSH traffic.
A tool for spinning up insecure AWS infrastructure with Terraform for training and security assessment purposes.
A pocket reference guide providing various options for navigating and pivoting through different environments and situations.
Sysreptor offers a customizable reporting solution for pentesters and red teamers to enhance security documentation.
Pentest active directory LAB project for practicing attack techniques.
Innovative tool for mobile security researchers to analyze targets with static and dynamic analysis capabilities and sharing functionalities.
A popular free security tool for automatically finding security vulnerabilities in web applications
An image with commonly used tools for creating a pentest environment easily and quickly, with detailed instructions for launching in a VPS.
A BloodHoundAD Report Engine for Security Teams to identify Active Directory security vulnerabilities and harden common configuration vulnerabilities and oversights.
WackoPicko is a vulnerable website with known vulnerabilities, now available as a Docker image and included in the OWASP Broken Web Applications Project.
A security testing framework for Android with tools to search for vulnerabilities and interact with the Android Runtime.
A docker container with multiple vulnerable applications for cybersecurity training.
Cloud Container Attack Tool (CCAT) is a tool for testing security of container environments.
A tutorial on how to use Apache mod_rewrite to randomly serve payloads in phishing attacks
A vulnerable web site for testing Sentinel features
A collection of SQL injection cheat sheets for various databases
Automate the search for Exploits and Vulnerabilities in important databases.
PINNED
Fabric Platform by BlackStork
Fabric Platform is a cybersecurity reporting solution that automates and standardizes report generation, offering a private-cloud platform, open-source tools, and community-supported templates.
Free
Security Operations
Mandos Brief Newsletter
Stay ahead in cybersecurity. Get the week's top cybersecurity news and insights in 8 minutes or less.
Free
Blogs and News
Wiz
Wiz Cloud Security Platform is a cloud-native security platform that enables security, dev, and devops to work together in a self-service model, detecting and preventing cloud security threats in real-time.
Commercial
Cloud Security
Adversa AI
Adversa AI is a cybersecurity company that provides solutions for securing and hardening machine learning, artificial intelligence, and large language models against adversarial attacks, privacy issues, and safety incidents across various industries.
Commercial
AI Security