awesome-pentest

n-depth Attack Surface Mapping and Asset Discovery

Tools to perform basic search on GitHub.

Goca is a FOCA fork written in Go, which is a tool used mainly to find metadata and hidden information in the documents its scans.

Subfinder is a subdomain discovery tool that discovers valid subdomains for websites. Designed as a passive framework to be useful for bug bounties and safe for penetration testing.

AndroGoat is purposely developed open source vulnerable/insecure app using Kotlin.

A tool for reverse engineering 3rd party, closed, binary Android apps.

Damn Vulnerable Bank is designed to be an intentionally vulnerable android application.

Tools to work with android .dex and java .class files.

Dynamic instrumentation toolkit for developers, reverse-engineers, and security researchers.

Swift interop from Frida.

Guide to generating AV evading payloads.

Appshark is a static taint analysis platform to scan vulnerabilities in an Android app.

an open source tool that enables defenders and security researchers alike to quickly identify vulnerabilities in any .NET assembly using automated source-to-sink analysis.

AutomatedLab is a provisioning solution and framework that lets you deploy complex labs on HyperV and Azure with simple PowerShell scripts.

BadBlood by Secframe fills a Microsoft Active Directory Domain with a structure and thousands of objects. The output of the tool is a domain similar to a domain in the real world.

Security Tool to Look For Interesting Files in S3 Buckets.

Enumerate the permissions associated with AWS credential set.

A Ruby script to bruteforce for AWS s3 buckets using different permutations.

Tool to check AWS S3 bucket permissions.

Scan for open S3 buckets and dump the contents.

A blazing fast & feature rich Amazon S3 bucket enumerator.

Binwalk is a fast, easy to use tool for analyzing, reverse engineering, and extracting firmware images.

The Bus Pirate is an open source hacker multi-tool that talks to electronic stuff.

CHIPSEC is a framework for analyzing the security of PC platforms including hardware, system firmware (BIOS/UEFI), and platform components. It includes a security test suite, tools for accessing various low level interfaces, and forensic capabilities.

The complete open-source toolchain for side-channel power analysis and glitching attacks.

DSLogic is a series of USB-based logic analyzer, with max sample rate up to 1GHz, and max sample depth up to 16G.

The HydraBus (hardware) with HydraFW (firmware) are used as an open source multi-tool for anyone interested in learning/developping/debugging/hacking/Penetration Testing for basic or advanced embedded hardware.

This extension hijacks Burp's HTTP/TLS stack and allows you to spoof any browser fingerprint in order to make it more powerful and less prone to fingerprinting by all kinds of WAFs.

Obtain GraphQL API schema despite disabled introspection!

Drupal enumeration & exploitation tool.

GraphQL automated security testing toolkit.

Represent any GraphQL API as an interactive graph.