Discover the Best Open-Source Penetration-testing Projects Sorted by Stars

Get Insights into Stars Growth, Contributions, Diversity, Bus Factor, and Community Governance. Optimize Your Project's Performance and Collaborate with a Thriving Community.

Hack-with-Github/Awesome-Hacking

A collection of various awesome lists for hackers, pentesters and security researchers

androidawesomebug-bountyfuzzinghackingpenetration-testingpentesting-windowsreverse-engineeringsecurity

68,639

swisskyrepo/PayloadsAllTheThings

A list of useful payloads and bypass for Web Application Security and Pentest/CTF

bountybugbountybypasscheatsheetenumerationhackinghacktoberfestmethodologypayloadpayloadspenetration-testingpentestprivilege-escalationredteamsecurityvulnerabilityweb-application

50,268

The-Art-of-Hacking/h4cker

This repository is primarily maintained by Omar Santos (@santosomar) and includes thousands of resources related to ethical hacking / penetration testing, digital forensics and incident response (DFIR), artificial intelligence, vulnerability research, exploit development, reverse engineering, and more.

aiartificial-intelligenceawesome-listawesome-listscybersecurityethical-hackingexploitexploit-developmentexploitshackerhackershackinghacking-seriespenetration-testingtrainingvulnerabilityvulnerability-assessmentvulnerability-identificationvulnerability-management

14,392

vitalysim/Awesome-Hacking-Resources

A collection of hacking / penetration testing resources to make you better!

buffer-overflowctfexploithackingmalwaremitmowasppenetration-testingprivilege-escalationprivilege-escalation-linuxreverse-engineeringwindows-privilege-escalation

13,813

sundowndev/hacker-roadmap

A collection of hacking tools, resources and references to practice ethical hacking.

exploitationframeworkshackinghacking-toolhacktoolsinformation-gatheringpenetration-testingpentestpentestingpost-exploitationroadmapsecurityweb-hacking

11,425

qazbnm456/awesome-web-security

🐶 A curated list of Web Security materials and resources.

awesomeawesome-listlistpenetration-testingsecuritywebwebsecurity

10,019

Manisso/fsociety

fsociety Hacking Tools Pack – A Penetration Testing Framework

brute-force-attacksdesktopexploitationfinderfsocietyfsociety-hackinginformation-gatheringnetworkpenetration-testing-frameworkport-scanningpost-exploitationpythonweb-hacking

9,389

vanhauser-thc/thc-hydra

hydra

brute-forcebrute-force-attacksbrute-force-passwordsbruteforcebruteforce-attacksbruteforcerbruteforcinghydranetwork-securitypassword-crackerpassword-crackingpenetration-testingpentestpentest-toolpentestingthc

8,046

samratashok/nishang

Nishang - Offensive PowerShell for red team, penetration testing and offensive security.

activedirectoryhackinginfosecnishangpenetration-testingpowershellred-teamredteamsecurity

7,761

We5ter/Scanners-Box

A powerful and open-source toolkit for hackers and security automation - 安全行业从业者自研开源扫描器合辑

apk-analysisbinary-analysiscode-analyzerdevsecopsexploitation-frameworkhacker-toolsinformation-securitymalware-analysispenetration-testingpentesting-toolsprivacy-complianceredteam-toolssecurity-auditsecurity-automationsmart-contractsstatic-analysisvulnerability-scannerswifi-hackingwifi-security

7,574

Datalux/Osintgram

Osintgram is a OSINT tool on Instagram. It offers an interactive shell to perform analysis on Instagram account of any users by its nickname

analysishackinginformation-gatheringinstagraminstagram-accountinstagram-apinicknameosintosint-pythonpenetration-testingpythonpython3tool

7,311

guardicore/monkey

Infection Monkey - An open-source adversary emulation platform

adversary-emulationinfection-monkeypenetration-testingsecurity-automationsecurity-tools

6,287

mandiant/commando-vm

Complete Mandiant Offensive VM (Commando VM), a fully customizable Windows-based pentesting virtual machine distribution. commandovm@mandiant.com

fireeye-flarepenetration-testingred-teamingwindows

6,200

OWASP/wstg

The Web Security Testing Guide is a comprehensive Open Source guide to testing the security of web applications and web services.

application-securityappsecbest-practicesbugbountyguidehackinghacktoberfestowasppenetration-testingpentestingsecurity

5,867

yogeshojha/rengine

reNgine is an automated reconnaissance framework for web applications with a focus on highly configurable streamlined recon process via Engines, recon data correlation and organization, continuous monitoring, backed by a database, and simple yet intuitive User Interface. reNgine makes it easy for penetration testers to gather reconnaissance with minimal configuration and with the help of reNgine's correlation, it just makes recon effortless.

bug-bountybugbountyhackinginformation-gatheringinfosecosintpenetration-testingpentestingreconrecon-enginereconnaissancerenginescannerscanner-webscanningsecurity-tools

5,814

Mr-xn/Penetration_Testing_POC

渗透测试有关的POC、EXP、脚本、提权、小工具等---About penetration-testing python-script poc getshell csrf xss cms php-getshell domainmod-xss csrf-webshell cobub-razor cve rce sql sql-poc poc-exp bypass oa-getshell cve-cms

authentication-bypassbypasscobalt-strikecsrfcsrf-webshellcvecve-cmsexploitgetshelloa-getshellpenetration-testingpenetration-testing-pocphp-bypasspocpoc-exprcesql-getshellsql-pocthinkphp

5,622

trickest/cve

Gather and update all available and newest CVEs with their PoC.

cvecve-pocexploithackinginfoseclatest-cvepenetration-testingpentestingpocred-teamsecuritysecurity-toolssoftware-securitysoftware-vulnerabilitiessoftware-vulnerabilityvulnerabilitiesvulnerability

5,299

rmusser01/Infosec_Reference

An Information Security Reference That Doesn't Suck; https://rmusser.net/git/admin-2/Infosec_Reference for non-MS Git hosted version.

blueteamforensicshackinghacking-simulatorhacktoberfesthacktoberfest2021information-securityinfosecinfosec-referencelinuxosxpenetration-testingpentestingprivilege-escalationprivilege-escalation-exploitsred-teamreferencesreverse-engineeringwindows

5,102

Get updates on the fastest growing repos and cool stats about GitHub right in your inbox

Once per month. No spam.