A collection of open source pentest tools
Tips
- gmh5225/awesome-game-security - awesome game security [Welcome to PR]
- 0xn3va/cheat-sheets - A list of cheat sheets for application security
- vxunderground/VXUG-Papers - Research code & papers from members of vx-underground
- imran-parray/Mind-Maps - Mind-Maps of Several Things
- https://www.thehacker.recipes
- The Red Team Vade Mecum
- blog.qwqdanchun.com - 相关资源列表
- wtsxDev/Penetration-Testing - List of awesome penetration testing resources, tools and other shiny things - 2019停更
- gitbook/dmcxblue: Red Team Notes 2.0
- RedTeamWing/RedTeaming2020 - RedTeaming知识星球2020年安全知识汇总
- bluscreenofjeff/Red-Team-Infrastructure-Wiki - Wiki to collect Red Team infrastructure hardening resources
- dsopas/assessment-mindset - Security Mindmap that could be useful for the infosec community when doing pentest, bug bounty or red-team assessments
- inonshk/31-days-of-API-Security-Tips - This challenge is Inon Shkedy's 31 days API Security Tips
- Wenzel/awesome-virtualization - Collection of resources about Virtualization
- klionsec/RedTeamer - 红方人员作战执行手册 - 这个是思路总结
- she11c0der/Scanners-Box - 安全从业人员常用工具及学习指引
- jivoi/awesome-osint - A curated list of amazingly awesome OSINT
- nullsecuritynet/tools - security and hacking tools, exploits, proof of concepts, shellcodes, scripts
- m4ll0k/Awesome Hacking Tools
- V33RU/IoTSecurity101 - From IoT Pentesting to IoT Security
- Kinimiwar/Penetration-Testing - List of awesome penetration testing resources, tools and other shiny things
- infosecn1nja/Red-Teaming-Toolkit - A collection of open source and commercial tools that aid in red team operations
- shr3ddersec/Shr3dKit - Red Team Tool Kit
- infosecn1nja/AD-Attack-Defense - Active Directory Security For Red & Blue Team
- Ridter/Intranet_Penetration_Tips - 2018年初整理的一些内网渗透TIPS,后面更新的慢,所以公开出来希望跟小伙伴们一起更新维护~
- jivoi/pentest - offsec batteries included - 各种渗透脚本
- d0nkeys/redteam - Red Team Scripts by d0nkeys (ex SnadoTeam)
- Micropoor/Micro8 - 渗透资料,比较基础
- AnonOpsecPrivacy - InfoSec Reference
- Welcome to Red Team Codex (RTC)
- Red Teaming Experiments
- Red Ops Techniques
- Red Team Tips by Vincent Yiu
- my collection of Threat Intel (mostly OSINT) and malware investigation resources
- https://github.com/eligrey/myselfexplorer-hackingLibrary
- rutkai/pentest-bookmarks - A collection of penetration testing related sites
- meitar/awesome-cybersecurity-blueteam - A curated collection of awesome resources, tools, and other shiny things for cybersecurity blue teams
- Mel0day/RedTeam-BCS - BCS(北京网络安全大会)2019 红队行动会议重点内容
- 1135/notes - Security & Development
- zhaoweiho/redteam-tips - 关于红队方面的学习资料
- 0xsp.com
- Qftm/Information_Collection_Handbook - Handbook of information collection for penetration testing and src
- hudunkey/Red-Team-links - 2019年红队资源链接,资源不是本人整理出来,来自互联网,因为流传的少,特意在此做个备份,做个分享
- Integration-IT/Active-Directory-Exploitation-Cheat-Sheet - A cheat sheet that contains common enumeration and attack methods for Windows Active Directory
- vitalysim/Awesome-Hacking-Resources - A collection of hacking / penetration testing resources to make you better!
- 3gstudent/Pentest-and-Development-Tips - A collection of pentest and development tips
- EvilAnne/Violation_Pnetest - 渗透红线Checklist
- hacktricks
- zhutougg/Awesome-Intranet_pentest_tool - 内网渗透测试常用工具
- mubix/repos
- Patrik's Bug Bounty Tools - PDF格式,脑洞
- kmkz/Pentesting - Tricks for penetration testing
- KingOfBugbounty/KingOfBugBountyTips - Our main goal is to share tips from some well-known bughunters
Tools
- k8gege/K8tools - K8工具(内网渗透/提权工具/远程溢出/漏洞利用/Exploit/APT/0day/Shellcode/Payload/priviledge/OverFlow/WebShell/PenTest)
- bt3gl/Pentesting-Toolkit - Tools for pentesting, CTFs & wargames
- dloss/python-pentest-tools - Python tools for penetration testers
- DidierStevens/DidierStevensSuite
- Al1ex/Pentest-tools - 内网渗透工具
- lengjibo/RedTeamTools - 记录自己编写、修改的部分工具
- knownsec/404StarLink2.0-Galaxy - 404StarLink Project 2.0 - 推荐真正优质、有意义、有趣、坚持维护的开源项目
- xdavidhu/awesome-google-vrp-writeups - A list of writeups from the Google VRP Bug Bounty program
Network tools
- fgont/ipv6toolkit - SI6 Networks' IPv6 Toolkit
- daikerSec/windows_protocol - 熟悉内网渗透的应该都对IPC,黄金票据,白银票据,NTLM Relay,Pth,Ptt,Ptk,PTC 这些词汇再熟悉不够了,对其利用工具也了如指掌,但是有些人对里面使用的原理还不太了解,知其然不知其所以然,本系列文章就针对内网渗透的常见协议(如kerberos,ntlm,smb,ldap,netbios等)进行分析,介绍相关漏洞分析以及漏洞工具分析利用
- 360-A-Team/NtlmSocks - a pass-the-hash tool - 开启一个socks代理,在流量中匹配NTLMSSP数据包,替换其中错误的NT哈希和会话密钥
- yadutaf/tracepkt - Trace a ping packet journey across network interfaces and namespace on recent Linux
- FTP
- RPC
- SDN
- SSDP
- QUIC
- UPnP
- DHCP
- VLAN
- IPv6
- Radius
- 百度网盘
Payloads
- med0x2e/GadgetToJScript - A tool for generating .NET serialized gadgets that can trigger .NET assembly load/execution when deserialized using BinaryFormatter from JS/VBS/VBA based scripts
- Flangvik/SharpCollection - Nightly builds of common C# offensive tools, fresh from their respective master branches built and released in a CDI fashion using Azure DevOps release pipelines
- swisskyrepo/PayloadsAllTheThings - A list of useful payloads and bypass for Web Application Security and Pentest/CTF
- EdOverflow/bugbounty-cheatsheet - A list of interesting payloads, tips and tricks for bug bounty hunters
- 1N3/IntruderPayloads - A collection of Burpsuite Intruder payloads, fuzz lists and file uploads
- tennc/fuzzdb - 一个fuzzdb扩展库
- foospidy/payloads - Git All the Payloads! A collection of web attack payloads
- mdsecactivebreach/SharpShooter - Payload Generation Framework (phishing + metasploit) - 支持 HTA/JS/VBS/WSF 几种格式
- xsscx/Commodity-Injection-Signatures - Commodity Injection Signatures, Malicious Inputs, XSS, HTTP Header Injection, XXE, RCE, Javascript, XSLT
- zer0yu/Berserker - 针对Pentest或者CTF的一个fuzz payload项目
Command
- D4Vinci/One-Lin3r - Gives you one-liners that aids in penetration testing operations
- madhuakula/wincmdfu - Windows one line commands that make life easier, shortcuts and command line fu
- Windows oneliners to download remote payload and execute arbitrary code
- arntsonl/calc_security_poc - A sample of proof of concept scripts that run Calc.exe with full source code
Vulnerability scanners
- TideSec/TscanPlus - 一款综合性网络安全检测和运维工具,旨在快速资产发现、识别、检测,构建基础资产信息库,协助甲方安全团队或者安全运维人员有效侦察和检索资产,发现存在的薄弱点和攻击面 - 不开源,本地edge实现的,不推荐使用
- lcvvvv/kscan - Kscan是一款纯go开发的全方位扫描器,具备端口扫描、协议检测、指纹识别,暴力破解等功能。支持协议1200+,协议指纹10000+,应用指纹20000+,暴力破解协议10余种 - 3.3K star
- selinuxG/Golin - 弱口令检测、 漏洞扫描、端口扫描(协议识别,组件识别)、web目录扫描、等保模拟定级、自动化运维、等保工具(网络安全等级保护现场测评工具)内置3级等保核查命令、基线核查工具
- shack2/SNETCracker - 超级弱口令检查工具是一款Windows平台的弱口令审计工具
- shadow1ng/fscan - 一款内网综合扫描工具,方便一键自动化、全方位漏扫扫描 - 5.5K star
- zan8in/afrog - A Security Tool for Bug Bounty, Pentest and Red Teaming - 1.7K star
- tr0uble-mAker/POC-bomber - 利用大量高威胁poc/exp快速获取目标权限,用于渗透和红队快速打点
- Goby Attack surface mapping
- al0ne/Vxscan - python3写的综合扫描工具,主要用来敏感文件探测(目录扫描与js泄露接口),WAF/CDN识别,端口扫描,指纹/服务识别,操作系统识别,弱口令探测,POC扫描,SQL注入,绕过CDN,查询旁站等功能,主要用来甲方自测或乙方授权测试,请勿用来搞破坏 - 1.4K star, 2020停更
- iSafeBlue/TrackRay - 溯光 (Trackray) 2.0 一个微服务插件式渗透测试框架(资产扫描|指纹识别|暴力破解|网页爬虫|端口扫描|漏洞扫描
- ysrc/xunfeng - 巡风是一款适用于企业内网的漏洞快速应急,巡航扫描系统 - 2021停更
- sullo/nikto - Nikto web server scanner
Vulnerability assessments
- chainreactors/gogo - 面向红队的, 高度可控可拓展的自动化引擎 - 1K star
- ASTTeam/SAST - 《深入理解SAST静态应用安全测试》Static Application Security Testing - 很水
- White-hua/Apt_t00ls - 高危漏洞利用工具
- Amulab/CAudit - 十大集权设施基线扫描工具 - 插件非常多,值得一看
- phplaber/yawf - Web 漏洞检测工具 - 偏重fuzz
- Lucifer1993/SatanSword - 红队综合渗透框架 - 2020停更,840 star
- microsoft/restler-fuzzer - RESTler is the first stateful REST API fuzzing tool for automatically testing cloud services through their REST APIs and finding security and reliability bugs in these services - 1.2K star
- yaklang/yakit - Cyber Security ALL-IN-ONE Platform - 交互式应用安全测试平台,5.8K star
- k8gege/Ladon - Ladon大型内网渗透工具
- k8gege/LadonGo - Ladon Pentest Scanner framework 全平台Go开源内网渗透扫描器框架,Windows/Linux/Mac内网渗透,使用它可轻松一键批量探测C段、B段、A段存活主机、高危漏洞检测MS17010、SmbGhost,远程执行SSH/Winrm,密码爆破SMB/SSH/FTP/Mysql/Mssql/Oracle/Winrm/HttpBasic/Redis,端口扫描服务识别PortScan指纹识别/HttpBanner/HttpTitle/TcpBanner/Weblogic/Oxid多网卡主机,端口扫描服务识别PortScan
- inbug-team/InScan - 边界打点后的自动化渗透工具 - 功能很多
- Network security
- AWVS
- intrigueio/intrigue-core - Discover Your Attack Surface - 2021停更
- johnnyxmas/ScanCannon - Combines the speed of masscan with the reliability and detailed enumeration of nmap
- Qclover/CDNCheck - CDN 识别工具,根据 cname 的,2018停更
- vishnudxb/automated-pentest - Minimal docker container of Parrot OS for running an automated scan & pentest report - 一键运行各种脚本
- wofeiwo/webcgi-exploits - Multi-language web CGI interfaces exploits
- Xyntax/POC-T - 渗透测试插件化并发框架
- opensec-cn/vtest - 用于辅助安全工程师漏洞挖掘、测试、复现,集合了mock、httplog、dns tools、xss,可用于测试各类无回显、无法直观判断或特定场景下的漏洞
- chaitin/xray - 一款完善的安全评估工具,支持常见 web 安全问题扫描和自定义 poc - 不开源
- projectdiscovery/httpx - httpx is a fast and multi-purpose HTTP toolkit that allows running multiple probes using the retryablehttp library - 5.9K star,功能很全面,从截屏、指纹、TLS、Favicon HASH等等都有,而且runner可以作为类库单独去用
- projectdiscovery/nuclei - a fast tool for configurable targeted scanning based on templates offering massive extensibility and ease of use
- woj-ciech/LeakLooker - Find open databases - Powered by Binaryedge.io - 2020停更
- Tuhinshubhra/CMSeeK - CMS (Content Management Systems) Detection and Exploitation suite
- smallstep/cli - A zero trust swiss army knife for working with X509, OAuth, JWT, OATH OTP, etc
- 0xInfection/TIDoS-Framework - The Offensive Web Application Penetration Testing Framework
- evyatarmeged/Raccoon - A high performance offensive security tool for reconnaissance and vulnerability scanning - 2018停更
- viraintel/OWASP-Nettacker - Automated Penetration Testing Framework
- Seccubus - Easy automated vulnerability scanning, reporting and analysis - 2019停更
- j3ssie/Osmedeus - Fully automated offensive security tool for reconnaissance and vulnerability scanning
- Moham3dRiahi/XAttacker - X Attacker Tool ☣ Website Vulnerability Scanner & Auto Exploiter - 1K star,没有框架,都是独立的工具
- owtf/owtf - Offensive Web Testing Framework (OWTF), is a framework which tries to unite great tools and make pen testing more efficient
- m4ll0k/WAScan - a Open Source web application security scanner
- YalcinYolalan/WSSAT - WEB SERVICE SECURITY ASSESSMENT TOOL
- fgeek/pyfiscan - Free web-application vulnerability and version scanner - 内置不少指纹和EOL应用版本识别
- v3n0m-Scanner/V3n0M-Scanner - Popular Pentesting scanner in Python3.6 for SQLi/XSS/LFI/RFI and other Vulns - 1K star,python实现,代码质量非常差,内置了一些字典,很多payload比较多余
- siberas/watobo - a security tool for testing web applications
- ring04h/weakfilescan - 动态多线程敏感信息泄露检测工具 - 2016停更,目前唯一一个看到有404检测的扫描器
- bugcrowd/hunt - a proxy extension
- 1N3/BlackWidow - A Python based web application scanner to gather OSINT and fuzz for OWASP vulnerabilities on a target website
- flipkart-incubator/astra - Automated Security Testing For REST API's - 2019停更
- Manisso/fsociety - fsociety Hacking Tools Pack – A Penetration Testing Framework
- CoolerVoid/0d1n - Web security tool to make fuzzing at HTTP/S, Beta
- gyoisamurai/GyoiThon - a growing penetration test tool using Machine Learning
- Arachni/arachni - Web Application Security Scanner Framework
- andresriancho/w3af - web application attack and audit framework, the open source web vulnerability scanner
- rvrsh3ll/OSGiScanner - Scan for OSGi Consoles
- xmendez/wfuzz - facilitate the task in web applications assessments and it is based on a simple concept: it replaces any reference to the FUZZ keyword by the value of a given payload
- dsopas/rfd-checker - security CLI tool to test Reflected File Download issues
- flipkart-incubator/watchdog - A Comprehensive Security Scanning and a Vulnerability Management Tool
- hannob/snallygaster - Tool to scan for secret files on HTTP servers
- PortSwigger/backslash-powered-scanner - Finds unknown classes of injection vulnerabilities
- google/tsunami-security-scanner - Tsunami is a general purpose network security scanner with an extensible plugin system for detecting high severity vulnerabilities with high confidence - 7.2K star,Java实现,非常垃圾的扫描器,指纹居然是基于文件hash,放出来的payload和指纹才不到20个
- IIS
Mobile
Physical
- meitar/awesome-lockpicking - A curated list of awesome guides, tools, and other resources related to the security and compromise of locks, safes, and keys
- xpinclip - Bruteforce forensics solution for PIN & PatternLock
- kenvix/USBCopyer - 用于在插上U盘后自动按需复制该U盘的文件。”备份&偷U盘文件的神器”(写作USBCopyer,读作USBCopier)
- Tutorials
Social media analysis
- vaguileradiaz/tinfoleak - The most complete open-source tool for Twitter intelligence analysis
- batuhaniskr/twitter-intelligence - Twitter Intelligence OSINT project performs tracking and analysis of the Twitter
- x0rz/tweets_analyzer - Tweets metadata scraper & activity analyzer
Uncategorized
- xpn/RandomTSScripts - Collection of random RedTeam scripts - lapsv2decrypt解密laps密码,apppoolcreddecrypt解密IIS密码
- malcomvetter/Periscope - Fully Integrated Adversarial Operations Toolkit (C2, stagers, agents, ephemeral infrastructure, phishing engine, and automation)
- clong/DetectionLab - Automate the creation of a lab environment complete with security tooling and logging best practices
- pi3 blog: Windows 7 TCP/IP hijacking
- ReverendThing/Carnivore - Microsoft External Attack Tool
- 3gstudent/Homework-of-Python
- TryCatchHCF/Cloakify - Data Exfiltration & Infiltration In Plain Sight; Convert any filetype into list of everyday strings, using Text-Based Steganography; Evade DLP/MLS Devices, Defeat Data Whitelisting Controls, Social Engineering of Analysts, Evade AV Detection - 对抗DLP的
- micahflee/onionshare - Securely and anonymously send and receive files, and publish onion sites
- ShikariSenpai/Leak-NTLM-hash-via-HTML - List of HTML tags for leaking NTLM-hashes
- CyberChef - The Cyber Swiss Army Knife - 编码以及多种解密、解压缩工具,单文件HTML实现
- secgroundzero/warberry - Tactical Exploitation
- CIRCL/AIL-framework - AIL framework - Analysis Information Leak framework
- vysec/IPFuscator - A tool to automatically generate alternative IP representations
- NullArray/AutoSploit - Automated Mass Exploiter
- mar10/wsgidav - a generic WebDAV server written in Python and based on WSGI
- archerysec/archerysec - Open Source Vulnerability Assessment and Management helps developers and pentesters to perform scans and manage vulnerabilities
- 1N3/Sn1per - Automated Pentest Recon Scanner
- xdavidhu/lanGhost - A LAN dropbox chatbot controllable via Telegram - 停更
- guardicore/monkey - Infection Monkey - An automated pentest tool
- 0xSobky/HackVault - A container repository for my public web hacks!
- mdsecactivebreach/Chameleon - Chameleon: A tool for evading Proxy categorisation
- ropnop/serverless_toolkit - A collection of useful Serverless functions I use when pentesting
- NotSoSecure/Blacklist3r - accumulate the secret keys / secret materials related to various web frameworks, that are publicly available and potentially used by developers
- GhostManager/DomainCheck - assist operators with monitoring changes related to their domain names. This includes negative changes in categorization, VirusTotal detections, and appearances on malware blacklists
- fireeye/commando-vm - a fully customized, Windows-based security distribution for penetration testing and red teaming
Tutorials
- exploit-db: SAP Penetration Testing
- exploitdb: 44319 - Web Application penetration testing
- The Bug Hunters Methodology v2.1
- yeyintminthuhtut/Awesome-Red-Teaming - List of Awesome Red Teaming Resources
- Running Your Instance of Burp Collaborator Server
- A Journey Into a Red Tea - Charles F. Hamilton
- Fun With LDAP And Kerberos - Troopers 19 - Linux下面的kerberos利用,前面没用的东西比较多,但内容还算全面
- AD Offline Attacks - 使用dsinternals组离线修改ntds等数据库,实现攻击
- NorthSec 2019 — Windows Track Writeup - 挺全的内网渗透CTF,主要是跟域相关的
- Tips for End to End Testing with Puppeteer - puppeteer的例子,包含网络延迟模拟、extension加载、执行JS、 截屏
Writeups
- List of bug bounty writeups (2012-2018)
- ngalongc/bug-bounty-reference - Inspired by https://github.com/djadmin/awesome-bug-bounty, a list of bug bounty write-up that is categorized by the bug nature
- 1hack0/Facebook-Bug-Bounty-Write-ups - Hunting Bugs for Fun and Profit
- arkadiyt/bounty-targets-data - This repo contains hourly-updated data dumps of Hackerone/Bugcrowd scopes that are eligible for reports
- blaCCkHatHacEEkr/PENTESTING-BIBLE - Leran Ethical Hacking and penetration testing .hundreds of ethical hacking & penetration testing & red team & cyber security & computer science resources
Wiki
Whitepaper collections
- bl4de/security_whitepapers - Collection of misc IT Security related whitepapers, presentations, slides - hacking, bug bounty, web application security, XSS, CSRF, SQLi
- tpn/pdfs - PDF Collection
- trimstray/technical-whitepapers - Collection of IT whitepapers, presentations, pdfs; hacking, web app security, db, reverse engineering and more; EN/PL
Pentest reports
WAF