penetration-testing-tools

Next generation web scanner

Modlishka. Reverse Proxy.

📦 Make security testing of K8s, Docker, and Containerd easier.

Villain is a high level stage 0/1 C2 framework that can handle multiple reverse TCP & HoaxShell-based shells, enhance their functionality with additional features (commands, utilities) and share them ...

#安卓#一款适用于以HW行动/红队/渗透测试团队为场景的移动端(Android、iOS、WEB、H5、静态网站)信息收集扫描工具，可以帮助渗透测试工程师、攻击队成员、红队成员快速收集到移动端或者静态WEB站点中关键的资产信息并提供基本的信息输出,如：Title、Domain、CDN、指纹信息、状态信息等。

Automating situational awareness for cloud penetration tests.

DudeSuite Web Security Tools

SSH based reverse shell

Automatic SSTI detection tool with interactive interface

Web Cache Vulnerability Scanner is a Go-based CLI tool for testing for web cache poisoning. It is developed by Hackmanit GmbH (http://hackmanit.de/).

An HTTP/HTTPS intercept proxy written in Go.

Statically-linked ssh server with reverse shell functionality for CTFs and such

Dangerously fast DNS/network/port scanner

JustTryHarder, a cheat sheet which will aid you through the PWK course & the OSCP Exam. (Inspired by PayloadAllTheThings)

🍉一款基于Python-Django的多功能Web安全渗透测试工具，包含漏洞扫描，端口扫描，指纹识别，目录扫描，旁站扫描，域名扫描等功能。

Spoofy is a program that checks if a list of domains can be spoofed based on SPF and DMARC records.

A rapid API for the Project Sonar dataset

新一代Webshell管理器，兼容蚁剑与冰蝎的PHP webshell

A command-line utility designed to discover URLs for a given domain in a simple, efficient way. It works by gathering information from a variety of passive sources, meaning it doesn't interact directl...