fucking-awesome-pentest
github.com/correia-jpv/fucking-awesome-pentest ↗A collection of awesome penetration testing resources, tools and other shiny things. With repository stars⭐ and forks🍴
Use this list with your AI agent
Add the Context Awesome MCP server to Claude, Cursor, or any MCP client, then ask:
"Show me europe resources from fucking-awesome-pentest"
Installation instructions →What's inside
Periodicals
- 2600: The Hacker Quarterly
American publication about technology and computer "underground" culture.
Conferences and Events
- 44ConEurope
Annual Security Conference held in London.
- AppSecUSANorth America
Annual conference organized by OWASP.
- BalCConEurope
Balkan Computer Congress, annually held in Novi Sad, Serbia.
- Black HatNorth America
Annual security conference in Las Vegas.
- BruCONEurope
Annual security conference in Belgium.
- BSides
Framework for organising and holding security conferences.
Network Tools
- ACLightNetwork Reconnaissance Tools
Script for advanced discovery of sensitive Privileged Accounts - includes Shadow Admins.
- Aircrack-ngWireless Network Tools
Set of tools for auditing wireless networks.
- AirgeddonWireless Network Tools
Multi-use bash script for Linux systems to audit wireless networks.
- AneviconDDoS Tools
Powerful UDP-based load generator, written in Rust.
- AQUATONENetwork Reconnaissance Tools
Subdomain discovery tool utilizing various open sources producing a report that can be used as input to other tools.
- BetterCAPProxies and Machine-in-the-Middle (MITM) Tools
Modular, portable and easily extensible MITM framework.
Network Vulnerability Scanners
- ACSTISWeb Vulnerability Scanners
Automated client-side template injection (sandbox escape/bypass) detection for AngularJS.
- ArachniWeb Vulnerability Scanners
Scriptable framework for evaluating the security of web applications.
- celerystalk
Asynchronous enumeration and vulnerability scanner that "runs all the tools on all the hosts" in a configurable manner.
- cms-explorerWeb Vulnerability Scanners
Reveal the specific modules, plugins, components and themes that various websites powered by content management systems are running.
Privilege Escalation Tools
- Active Directory and Privilege Escalation (ADAPE)
Umbrella script that automates numerous useful PowerShell modules to discover security misconfigurations and attempt privilege escalation against Active Directory.
- DomainPasswordSprayPassword Spraying Tools
Tool written in PowerShell to perform a password spray attack against users of a domain.
Books
- Advanced Penetration Testing by Wil Allsopp, 2017
- Advanced Penetration Testing for Highly-Secured Environments by Lee Allen, 2012
- Advanced Persistent Threat Hacking: The Art and Science of Hacking Any Organization by Tyler Wrightson, 2014
- Android Hacker's Handbook by Joshua J. Drake et al., 2014
- Black Hat Python: Python Programming for Hackers and Pentesters by Justin Seitz, 2014
- BTFM: Blue Team Field Manual by Alan J White & Ben Clark, 2017
Static Analyzers
- Agentic Radar
Open-source CLI security scanner for agentic AI workflows.
- bandit
Security oriented static analyser for Python code.
- Brakeman
Static analysis security vulnerability scanner for Ruby on Rails applications.
- cppcheck
Extensible C/C++ static analyzer focused on finding bugs.
- cwe_checker
Suite of tools built atop the Binary Analysis Platform (BAP) to heuristically detect CWEs in compiled binaries and firmware.
- FindBugs
Free software static analyzer to look for bugs in Java code.
Anti-virus Evasion Tools
- Amber
Reflective PE packer for converting native PE files to position-independent shellcode.
- AntiVirus Evasion Tool (AVET)
Post-process exploits containing executable files targeted for Windows machines to avoid being recognized by antivirus software.
- CarbonCopy
Tool that creates a spoofed certificate of any online website and signs an Executable for AV evasion.
Showing a sample of 575 resources. View the full list on GitHub →