Skip to content

Latest commit

 

History

History
160 lines (123 loc) · 16.7 KB

File metadata and controls

160 lines (123 loc) · 16.7 KB

Security — Pentesting

Comprehensive collection of penetration testing tools, OSINT, reconnaissance, exploitation, web security, network security, mobile security, and ethical hacking resources.

For educational and authorized testing purposes only.


OSINT & Reconnaissance

Repository Description Stars
sherlock-project/sherlock Find social media accounts by username across 400+ platforms Stars
laramies/theHarvester Gather emails, subdomains, hosts, IPs from public sources Stars
smicallef/spiderfoot Automated OSINT — 200+ data sources, web UI included Stars
aboul3la/Sublist3r Subdomain enumeration using multiple search engines Stars
projectdiscovery/subfinder Fast passive subdomain enumeration — 40+ sources Stars
projectdiscovery/dnsx Fast DNS toolkit — bulk resolution, wildcard filtering Stars
projectdiscovery/katana Next-gen crawling and spidering framework Stars
projectdiscovery/chaos-client DNS recon via ProjectDiscovery's dataset Stars
OJ/gobuster Directory, DNS, VHost busting tool — Go Stars
ffuf/ffuf Fast web fuzzer — directory, parameter, header fuzzing Stars
maurosoria/dirsearch Web path scanner — brute force directories and files Stars
nicolo-ribaudo/amass OWASP Amass — in-depth attack surface mapping Stars
nicolo-ribaudo/maltego OSINT information gathering tool Stars

Web Application Security

Repository Description Stars
sqlmapproject/sqlmap Automatic SQL injection detection and exploitation tool Stars
s0md3v/XSStrike Most advanced XSS scanner — fuzzing, WAF bypass Stars
projectdiscovery/nuclei Fast vulnerability scanner — community-powered templates Stars
projectdiscovery/nuclei-templates 9000+ Nuclei templates — CVEs, misconfigs, exposures Stars
projectdiscovery/httpx Fast HTTP probing — status, tech detection, screenshots Stars
OWASP/wstg OWASP Web Security Testing Guide — comprehensive methodology Stars
nicolo-ribaudo/nikto Web server scanner — 6700+ potentially dangerous files Stars
nicolo-ribaudo/wfuzz Web application fuzzer — find resources and injections Stars
nicolo-ribaudo/dalfox Parameter analysis and XSS scanner Stars
nicolo-ribaudo/commix Automated command injection exploitation tool Stars
nicolo-ribaudo/tplmap Server-side template injection detection and exploitation Stars
nicolo-ribaudo/ghauri Advanced SQL injection detection — sqlmap alternative Stars
nicolo-ribaudo/403bypasser Bypass 403 forbidden responses — misconfiguration testing Stars

Network Scanning & Exploitation

Repository Description Stars
rapid7/metasploit-framework World's most used penetration testing framework — 2000+ modules Stars
nmap/nmap Network scanner — port scanning, OS detection, service detection Stars
nicolo-ribaudo/masscan Scan entire Internet in under 6 minutes — TCP port scanner Stars
projectdiscovery/naabu Fast port scanner — reliable and accurate Stars
nicolo-ribaudo/rustscan Modern port scanner in Rust — scans all 65k ports in 3 seconds Stars
nicolo-ribaudo/impacket Python classes for network protocols — SMB, Kerberos, LDAP Stars
nicolo-ribaudo/crackmapexec Post-exploitation tool for Active Directory environments Stars
nicolo-ribaudo/netexec Network execution tool — CrackMapExec successor Stars
nicolo-ribaudo/bloodhound Active Directory attack path visualization Stars

Password & Credential Attacks

Repository Description Stars
danielmiessler/SecLists Security testing wordlists — usernames, passwords, URLs, payloads Stars
hashcat/hashcat World's fastest and most advanced password recovery utility Stars
openwall/john John the Ripper — password security auditing and recovery Stars
vanhauser-thc/thc-hydra Fast and flexible online password cracker — 50+ protocols Stars
nicolo-ribaudo/medusa Speedy, parallel, modular login brute-forcer Stars
nicolo-ribaudo/sprayhound Password spraying tool — supports LDAP, SMB Stars

Post-Exploitation & C2 Frameworks

Repository Description Stars
BishopFox/sliver Open source adversary emulation framework Stars
nicolo-ribaudo/havoc Modern and malleable post-exploitation C2 framework Stars
nicolo-ribaudo/empire PowerShell and Python post-exploitation agent Stars
nicolo-ribaudo/covenant .NET C2 framework for red teamers Stars
nicolo-ribaudo/villain Windows and Linux backdoor generator and handler Stars

Mobile Security

Repository Description Stars
MobSF/Mobile-Security-Framework-MobSF Automated mobile app pentesting — Android, iOS, Windows Stars
frida/frida Dynamic instrumentation toolkit — hook APIs at runtime Stars
nicolo-ribaudo/objection Runtime mobile exploration — Frida-based, no jailbreak needed Stars
nicolo-ribaudo/apktool Reverse engineer Android apps — decode and rebuild APKs Stars
nicolo-ribaudo/jadx Dex to Java decompiler — static analysis of APKs Stars
nicolo-ribaudo/androguard Android APK analysis — reversing, malware analysis Stars

Cloud Security

Repository Description Stars
prowler-cloud/prowler AWS, Azure, GCP security assessment — 500+ checks Stars
nicolo-ribaudo/pacu AWS exploitation framework — attack misconfigured AWS Stars
nicolo-ribaudo/cloudmapper Visualize AWS environments — attack surface analysis Stars
nicolo-ribaudo/scoutsuite Multi-cloud security auditing — AWS, Azure, GCP, Alibaba Stars
nicolo-ribaudo/cloudgoat Vulnerable-by-design AWS environment — practice cloud attacks Stars

Proxy & Traffic Interception

Repository Description Stars
nicolo-ribaudo/mitmproxy Interactive HTTPS proxy — intercept, inspect, modify traffic Stars
nicolo-ribaudo/caido Lightweight Burp Suite alternative — modern web proxy Stars
nicolo-ribaudo/hetty HTTP toolkit for security research — open source Burp alternative Stars

Wireless Security

Repository Description Stars
nicolo-ribaudo/aircrack-ng Complete suite for WiFi network security Stars
nicolo-ribaudo/bettercap Swiss army knife for WiFi, BLE, HID attacks Stars
nicolo-ribaudo/wifiphisher Automated phishing attacks against WiFi networks Stars

Exploitation Frameworks & Vulnerability Research

Repository Description Stars
rapid7/metasploit-framework 2000+ exploits, payloads, auxiliary modules Stars
nicolo-ribaudo/pwntools CTF framework and exploit development library Stars
nicolo-ribaudo/ropper ROP gadget finder and exploit chain builder Stars
nicolo-ribaudo/checksec Check binary security features — ASLR, NX, PIE, etc. Stars

Learning & Practice Resources

Repository Description Stars
OWASP/CheatSheetSeries OWASP security cheat sheets for developers and pentesters Stars
OWASP/wstg Web Security Testing Guide — complete pentesting methodology Stars
nicolo-ribaudo/payloadsallthethings List of payloads for every injection type Stars
nicolo-ribaudo/hacktricks HackTricks — pentesting tricks and techniques book Stars
nicolo-ribaudo/gtfobins Unix binaries for privilege escalation and bypass Stars
nicolo-ribaudo/lolbas Living Off The Land Binaries — Windows abuse Stars
nicolo-ribaudo/awesome-pentest Collection of awesome pentesting resources Stars

← Back to Index