Awesome Penetration Testing Awesome

A collection of awesome penetration testing and offensive cybersecurity resources.

Penetration testing is the practice of launching authorized, simulated attacks against computer systems and their physical infrastructure to expose potential security weaknesses and vulnerabilities. Should you discover a vulnerability, please follow this guidance to report it responsibly.

Your contributions and suggestions are heartily♥ welcome. (✿◕‿◕). Please check the Contributing Guidelines for more details. This work is licensed under a Creative Commons Attribution 4.0 International License.

This project is supported by Netsparker Web Application Security Scanner

Contents

Android Utilities

Anonymity Tools

Tor Tools

See also awesome-tor.

Anti-virus Evasion Tools

Books

See also DEF CON Suggested Reading.

Malware Analysis Books

See awesome-malware-analysis § Books.

CTF Tools

Cloud Platform Attack Tools

See also HackingThe.cloud.

Collaboration Tools

Conferences and Events

Asia

Europe

North America

South America

Zealandia

Exfiltration Tools

Exploit Development Tools

See also Reverse Engineering Tools.

File Format Analysis Tools

GNU/Linux Utilities

Hash Cracking Tools

Hex Editors

Industrial Control and SCADA Systems

See also awesome-industrial-control-system-security.

Intentionally Vulnerable Systems

See also awesome-vulnerable.

Intentionally Vulnerable Systems as Docker Containers

Lock Picking

See awesome-lockpicking.

macOS Utilities

Multi-paradigm Frameworks

Network Tools

DDoS Tools

Network Reconnaissance Tools

Protocol Analyzers and Sniffers

See also awesome-pcaptools.

Network Traffic Replay and Editing Tools

Proxies and Machine-in-the-Middle (MITM) Tools

See also Intercepting Web proxies.

Transport Layer Security Tools

Wireless Network Tools

Network Vulnerability Scanners

Web Vulnerability Scanners

Online Resources

Online Operating Systems Resources

Online Penetration Testing Resources

Other Lists Online

Penetration Testing Report Templates

Open Sources Intelligence (OSINT)

See also awesome-osint.

Data Broker and Search Engine Services

Dorking tools

Email search and analysis tools

Metadata harvesting and analysis

Network device discovery tools

OSINT Online Resources

Source code repository searching tools

See also Web-accessible source code ripping tools.

Web application and resource analysis tools

Operating System Distributions

Periodicals

Physical Access Tools

Privilege Escalation Tools

Password Spraying Tools

Reverse Engineering

See also awesome-reversing, Exploit Development Tools.

Reverse Engineering Books

Reverse Engineering Tools

Security Education Courses

Shellcoding Guides and Tutorials

Side-channel Tools

Social Engineering

See also awesome-social-engineering.

Social Engineering Books

Social Engineering Online Resources

Social Engineering Tools

Static Analyzers

Steganography Tools

Vulnerability Databases

Web Exploitation

Intercepting Web proxies

See also Proxies and Machine-in-the-Middle (MITM) Tools.

Web file inclusion tools

Web injection tools

Web path discovery and bruteforcing tools

Web shells and C2 frameworks

Web-accessible source code ripping tools

Web Exploitation Books

Windows Utilities

License

CC-BY

This work is licensed under a Creative Commons Attribution 4.0 International License.