penetration-testing

This repository is primarily maintained by Omar Santos (@santosomar) and includes thousands of resources related to ethical hacking, bug bounties, digital forensics and incident response (DFIR), artificial intelligence security, vulnerability research, exploit development, reverse engineering, and more.

training ai exploit hackers hacking artificial-intelligence cybersecurity penetration-testing exploits vulnerability awesome-list hacker vulnerability-management vulnerability-identification vulnerability-assessment ethical-hacking awesome-lists exploit-development ai-security hacking-series

UpdatedSep 9, 2025
Jupyter Notebook

vitalysim /Awesome-Hacking-Resources

Star16.3k

A collection of hacking / penetration testing resources to make you better!

exploit reverse-engineering malware mitm hacking owasp penetration-testing ctf privilege-escalation buffer-overflow windows-privilege-escalation privilege-escalation-linux

UpdatedMar 12, 2024

sundowndev /hacker-roadmap

Sponsor

Star14.6k

A collection of hacking tools, resources and references to practice ethical hacking.

security roadmap hacking penetration-testing pentesting post-exploitation pentest exploitation hacking-tool frameworks information-gathering web-hacking hacktools

UpdatedOct 16, 2023

maurosoria /dirsearch

Sponsor

Star13.5k

Web path scanner

python security scanner hacking wordlist enumeration penetration-testing bug-bounty fuzzing infosec pentesting bugbounty fuzzer brute appsec hacking-tool dirsearch pentest-tool redteam red-teaming

UpdatedSep 22, 2025
Python

qazbnm456 /awesome-web-security

Sponsor

Star12.5k

🐶 A curated list of Web Security materials and resources.

security list awesome web penetration-testing awesome-list websecurity

UpdatedMay 2, 2025

Datalux /Osintgram

Star11.5k

Osintgram is a OSINT tool on Instagram. It offers an interactive shell to perform analysis on Instagram account of any users by its nickname

python instagram osint analysis tool hacking python3 penetration-testing instagram-api nickname information-gathering instagram-account osint-python

UpdatedAug 25, 2025
Python

vanhauser-thc /thc-hydra

Star10.9k

hydra

bruteforce hydra penetration-testing brute-force-attacks brute-force pentesting pentest password-cracker network-security bruteforce-attacks password-cracking pentest-tool bruteforcing brute-force-passwords thc bruteforcer

UpdatedSep 25, 2025
C

samratashok /nishang

Star9.5k

Nishang - Offensive PowerShell for red team, penetration testing and offensive security.

security powershell hacking activedirectory penetration-testing infosec red-team nishang redteam

UpdatedApr 25, 2024
PowerShell

1N3 /Sn1per

Star9.1k

Attack Surface Management Platform

security hacking cybersecurity penetration-testing pentesting pentest-scripts security-tools pentest-tool osint-framework attack-surface hacking-tools pentest-tools pentesting-tools sn1per sn1per-professional osint-tool bugbounty-platform attacksurface attack-surface-management

UpdatedSep 27, 2025
Shell

GreyDGL /PentestGPT

Star8.9k

A GPT-empowered penetration testing tool

python penetration-testing large-language-models llm

UpdatedJul 29, 2025
Python

We5ter /Scanners-Box

Star8.7k

A powerful and open-source toolkit for hackers and security automation - 安全行业从业者自研开源扫描器合辑

security-audit static-analysis smart-contracts penetration-testing malware-analysis binary-analysis information-security exploitation-framework vulnerability-scanners wifi-security hacker-tools security-automation devsecops apk-analysis wifi-hacking pentesting-tools redteam-tools code-analyzer privacy-compliance

UpdatedAug 25, 2025

OWASP /wstg

Sponsor

Star8.4k

The Web Security Testing Guide is a comprehensive Open Source guide to testing the security of web applications and web services.

security guide best-practices hacking owasp penetration-testing application-security pentesting bugbounty appsec hacktoberfest

UpdatedOct 1, 2025
Dockerfile

yogeshojha /rengine

Sponsor

Star8.2k

reNgine is an automated reconnaissance framework for web applications with a focus on highly configurable streamlined recon process via Engines, recon data correlation and organization, continuous monitoring, backed by a database, and simple yet intuitive User Interface. reNgine makes it easy for penetration testers to gather reconnaissance with…

osint scanner hacking penetration-testing bug-bounty infosec pentesting recon bugbounty scanning information-gathering rengine security-tools reconnaissance scanner-web recon-engine

UpdatedFeb 24, 2025
HTML

mandiant /commando-vm

Star7.4k

Complete Mandiant Offensive VM (Commando VM), a fully customizable Windows-based pentesting virtual machine distribution. commandovm@mandiant.com

windows penetration-testing red-teaming fireeye-flare

UpdatedSep 24, 2024
PowerShell

A-poc /RedTeam-Tools

Star7.4k

Tools and Techniques for Red Team / Penetration Testing

windows linux tools hacking resources cheatsheet cybersecurity enumeration penetration-testing pentest payload red-team security-tools redteam mitre-attack pentest-tools red-team-tools

UpdatedMar 18, 2025

trickest /cve

Star7.3k

Gather and update all available and newest CVEs with their PoC.

security exploit hacking penetration-testing poc vulnerability infosec pentesting vulnerabilities cve software-security red-team security-tools software-vulnerability software-vulnerabilities latest-cve cve-poc

UpdatedOct 7, 2025
HTML

Mr-xn /Penetration_Testing_POC

Star7.1k

渗透测试有关的POC、EXP、脚本、提权、小工具等---About penetration-testing python-script poc getshell csrf xss cms php-getshell domainmod-xss csrf-webshell cobub-razor cve rce sql sql-poc poc-exp bypass oa-getshell cve-cms