Pentesting
Explore 30 curated tools and resources
PINNED
InfoSecHired
An AI-powered career platform that automates the creation of cybersecurity job application materials and provides company-specific insights for job seekers.
Commercial
Resources
Mandos Brief Newsletter
A weekly newsletter providing cybersecurity leadership insights, industry updates, and strategic guidance for security professionals advancing to management positions.
Free
Resources
Checkmarx SCA
A software composition analysis tool that identifies vulnerabilities, malicious code, and license risks in open source dependencies throughout the software development lifecycle.
Commercial
Application Security
Check Point CloudGuard WAF
A cloud-native web application and API security solution that uses contextual AI to protect against known and zero-day threats without signature-based detection.
Commercial
Application Security
Orca Security
A cloud-native application protection platform that provides agentless security monitoring, vulnerability management, and compliance capabilities across multi-cloud environments.
Commercial
Cloud Security
DryRun
A GitHub application that performs automated security code reviews by analyzing contextual security aspects of code changes during pull requests.
Commercial
Application Security
Wiz
Wiz Cloud Security Platform is a cloud-native security platform that enables security, dev, and devops to work together in a self-service model, detecting and preventing cloud security threats in real-time.
Commercial
Cloud Security
LATEST ADDITIONS
A scripting engine for interacting with GraphQL endpoints for pentesting purposes.
A collection of payloads and methodologies for web pentesting.
A tool for recursively querying webservers
A subdomain enumeration tool for bug hunting and pentesting
Android application for learning about vulnerabilities in modern Android apps and testing pentesting skills.
A tool for scanning websites with open .git repositories and dumping their content for Bug Hunting/Pentesting Purposes.
A project developed for pentesters to practice SQL Injection concepts in a controlled environment.
A dynamic infrastructure framework for efficient multi-cloud security operations and distributed scanning.
Modular framework for pentesting Modbus protocol with diagnostic and offensive features.
A Python-based honeypot service for SSH, FTP, and Telnet connections
Open-Source framework for detecting and preventing dependency confusion leakage with a holistic approach and wide technology support.
HTB Academy offers guided cybersecurity training with industry certifications to help you become a market-ready professional.
A VM for mobile application security testing, Android and iOS applications, with custom-made tools and scripts.
Linux Virtual Machine for Mobile Application Pentesting and Mobile Malware Analysis with various tools and resources.
A tool for iOS pentesting and research with a GUI version available.
CTF toolkit for rapid exploit development and prototyping.
A fully customizable, offensive security reporting solution for pentesters, red teamers, and other security professionals.
OWASP OWTF is a penetration testing framework focused on efficiency and alignment with security standards.
A set of YARA rules for identifying files containing sensitive information
High-performant, coroutines-driven, and fully customisable Low & Slow load generator for real-world pentesting with undetectability through Tor.
A cheat sheet for pentesters and researchers about deserialization vulnerabilities in various Java (JVM) serialization libraries.
A comprehensive PowerShell cheat sheet covering various tasks and techniques for file management, process management, network operations, and system administration.
A customized Kali Linux distribution for ICS/SCADA pentesting professionals
Automatic tool for pentesting XSS attacks against different applications
A virtual machine with numerous security vulnerabilities for testing exploits with Metasploit.
A post-exploitation tool for pentesting Active Directory
Preparation process for participating in the Pacific Rim CCDC 2015.
Automated script to install and deploy a honeypot with kippo, dionaea, and p0f on Ubuntu 12.04.