Repository navigation
penetration-testing-tools
- Website
- Wikipedia
Modlishka. Reverse Proxy.
📦 Make security testing of K8s, Docker, and Containerd easier.
Villain is a high level stage 0/1 C2 framework that can handle multiple reverse TCP & HoaxShell-based shells, enhance their functionality with additional features (commands, utilities) and share them among connected sibling servers (Villain instances running on different machines).
一款适用于以HW行动/红队/渗透测试团队为场景的移动端(Android、iOS、WEB、H5、静态网站)信息收集扫描工具,可以帮助渗透测试工程师、攻击队成员、红队成员快速收集到移动端或者静态WEB站点中关键的资产信息并提供基本的信息输出,如:Title、Domain、CDN、指纹信息、状态信息等。
Automating situational awareness for cloud penetration tests.
SSH based reverse shell
Automatic SSTI detection tool with interactive interface
An HTTP/HTTPS intercept proxy written in Go.
Dude Suite Web Security Tools
Statically-linked ssh server with reverse shell functionality for CTFs and such
Web Cache Vulnerability Scanner is a Go-based CLI tool for testing for web cache poisoning. It is developed by Hackmanit GmbH (http://hackmanit.de/).
Dangerously fast DNS/network/port scanner
JustTryHarder, a cheat sheet which will aid you through the PWK course & the OSCP Exam. (Inspired by PayloadAllTheThings)
An automation tool that scans sub-domains, sub-domain takeover, then filters out XSS, SSTI, SSRF, and more injection point parameters and scans for some low hanging vulnerabilities automatically.
🍉一款基于Python-Django的多功能Web安全渗透测试工具,包含漏洞扫描,端口扫描,指纹识别,目录扫描,旁站扫描,域名扫描等功能。
Spoofy is a program that checks if a list of domains can be spoofed based on SPF and DMARC records.
A rapid API for the Project Sonar dataset
A command-line utility designed to discover URLs for a given domain in a simple, efficient way. It works by gathering information from a variety of passive sources, meaning it doesn't interact directly with the target but instead gathers data that is already publicly available.
A repository of tools for pentesting of restricted and isolated environments.