awesome-pentest
github.com/enaqx/awesome-pentest ↗A collection of awesome penetration testing resources, tools and other shiny things
Use this list with your AI agent
Add the Context Awesome MCP server to Claude, Cursor, or any MCP client, then ask:
"Show me europe resources from awesome-pentest"
Installation instructions →What's inside
Periodicals
- 2600: The Hacker Quarterly
American publication about technology and computer "underground" culture.
Conferences and Events
- 44ConEurope
Annual Security Conference held in London.
- AppSecUSANorth America
Annual conference organized by OWASP.
- BalCConEurope
Balkan Computer Congress, annually held in Novi Sad, Serbia.
- Black HatNorth America
Annual security conference in Las Vegas.
- BruCONEurope
Annual security conference in Belgium.
- BSides
Framework for organising and holding security conferences.
Network Tools
- ACLightNetwork Reconnaissance Tools
Script for advanced discovery of sensitive Privileged Accounts - includes Shadow Admins.
- Aircrack-ngWireless Network Tools
Set of tools for auditing wireless networks.
- AirgeddonWireless Network Tools
Multi-use bash script for Linux systems to audit wireless networks.
- AneviconDDoS Tools
Powerful UDP-based load generator, written in Rust.
- AQUATONENetwork Reconnaissance Tools
Subdomain discovery tool utilizing various open sources producing a report that can be used as input to other tools.
- BetterCAPProxies and Machine-in-the-Middle (MITM) Tools
Modular, portable and easily extensible MITM framework.
Network Vulnerability Scanners
- ACSTISWeb Vulnerability Scanners
Automated client-side template injection (sandbox escape/bypass) detection for AngularJS.
- ArachniWeb Vulnerability Scanners
Scriptable framework for evaluating the security of web applications.
- celerystalk
Asynchronous enumeration and vulnerability scanner that "runs all the tools on all the hosts" in a configurable manner.
- cms-explorerWeb Vulnerability Scanners
Reveal the specific modules, plugins, components and themes that various websites powered by content management systems are running.
Privilege Escalation Tools
- Active Directory and Privilege Escalation (ADAPE)
Umbrella script that automates numerous useful PowerShell modules to discover security misconfigurations and attempt privilege escalation against Active Directory.
- DomainPasswordSprayPassword Spraying Tools
Tool written in PowerShell to perform a password spray attack against users of a domain.
Books
- Advanced Penetration Testing by Wil Allsopp, 2017
- Advanced Penetration Testing for Highly-Secured Environments by Lee Allen, 2012
- Advanced Persistent Threat Hacking: The Art and Science of Hacking Any Organization by Tyler Wrightson, 2014
- Android Hacker's Handbook by Joshua J. Drake et al., 2014
- Black Hat Python: Python Programming for Hackers and Pentesters by Justin Seitz, 2014
- BTFM: Blue Team Field Manual by Alan J White & Ben Clark, 2017
Static Analyzers
- Agentic Radar
Open-source CLI security scanner for agentic AI workflows.
- bandit
Security oriented static analyser for Python code.
- Brakeman
Static analysis security vulnerability scanner for Ruby on Rails applications.
- cppcheck
Extensible C/C++ static analyzer focused on finding bugs.
- cwe_checker
Suite of tools built atop the Binary Analysis Platform (BAP) to heuristically detect CWEs in compiled binaries and firmware.
- FindBugs
Free software static analyzer to look for bugs in Java code.
Anti-virus Evasion Tools
- Amber
Reflective PE packer for converting native PE files to position-independent shellcode.
- AntiVirus Evasion Tool (AVET)
Post-process exploits containing executable files targeted for Windows machines to avoid being recognized by antivirus software.
- CarbonCopy
Tool that creates a spoofed certificate of any online website and signs an Executable for AV evasion.
Showing a sample of 580 resources. View the full list on GitHub →