Zaproxy - An easy to use integrated penetration testing tool for finding vulnerabilities

•    Java

The OWASP Zed Attack Proxy (ZAP) is an easy to use integrated penetration testing tool for finding vulnerabilities in web applications. It is designed to be used by people with a wide range of security experience and as such is ideal for developers and functional testers who are new to penetration testing as well as being a useful addition to an experienced pen testers toolbox.

redsnarf - RedSnarf is a pen-testing / red-teaming tool for Windows environments

•    PowerShell

RedSnarf is a pen-testing / red-teaming tool by Ed Williams for retrieving hashes and credentials from Windows workstations, servers and domain controllers using OpSec Safe Techniques. Retrieve Local Hashes from a single machine using local administrator credentials ./redsnarf.py -H ip=10.0.0.50 -u administrator -p Password01 -d .

SniffAir - A framework for wireless pentesting.

•    Python

SniffAir is an open-source wireless security framework which provides the ability to easily parse passively collected wireless data as well as launch sophisticated wireless attacks. SniffAir takes care of the hassle associated with managing large or multiple pcap files while thoroughly cross-examining and analyzing the traffic, looking for potential security flaws. Along with the prebuilt queries, SniffAir allows users to create custom queries for analyzing the wireless data stored in the backend SQL database. SniffAir is built on the concept of using these queries to extract data for wireless penetration test reports. The data can also be leveraged in setting up sophisticated wireless attacks included in SniffAir as modules. Tested and supported on Kali Linux, Debian and Ubuntu.

Infosec_Reference - An Information Security Reference That Doesn't Suck

•    Python

An Information Security Reference That Doesn't Suck

EvilOSX - An evil RAT (Remote Administration Tool) for macOS / OS X.

•    Python

Warning: Because payloads are created unique to the target system (automatically by the server), the server must be running when any bot connects for the first time. For more information on SemVer, please visit https://semver.org/.

Raccoon - A high performance offensive security tool for reconnaissance and vulnerability scanning

•    Python

Raccoon is a tool made for reconnaissance and information gathering with an emphasis on simplicity. It will do everything from fetching DNS records, retrieving WHOIS information, obtaining TLS data, detecting WAF presence and up to threaded dir busting and subdomain enumeration. Every scan outputs to a corresponding file. As most of Raccoon's scans are independent and do not rely on each other's results, it utilizes Python's asyncio to run most scans asynchronously.

gobuster - Directory/file & DNS busting tool written in Go

•    Go

All funds that are donated to this project will be donated to charity. A full log of charity donations will be available in this repository as they are processed. Since this tool is written in Go you need install the Go language/compiler/etc. Full details of installation and set up can be found on the Go language website. Once installed you have two options.

CrackMapExec - A swiss army knife for pentesting networks

•    Python

Please see the installation wiki page here.

DeathStar - Automate getting Domain Admin using Empire

•    Python

DeathStar is a Python script that uses Empire's RESTful API to automate gaining Domain Admin rights in Active Directory environments using a variety of techniques.

airgeddon - This is a multi-use bash script for Linux systems to audit wireless networks.

•    Shell

This is a multi-use bash script for Linux systems to audit wireless networks. All the needed info about how to "install | use | enjoy" airgeddon is present at Github's Wiki.

Sn1per - Automated Pentest Recon Scanner

•    PHP

Sn1per Community Edition is an automated scanner that can be used during a penetration test to enumerate and scan for vulnerabilities. Sn1per Professional is Xero Security's premium reporting addon for Professional Penetration Testers, Bug Bounty Researchers and Corporate Security teams to manage large environments and pentest scopes. For more information regarding Sn1per Professional, go to https://xerosecurity.com. To obtain a Sn1per Professional license, go to https://xerosecurity.com.

xunfeng - 巡风是一款适用于企业内网的漏洞快速应急，巡航扫描系统。

•    Python

巡风是一款适用于企业内网的漏洞快速应急，巡航扫描系统。

mitmAP - 📡 A python program to create a fake AP and sniff data.

•    Python

I'm not responsible for anything you do with this program, so please only use it for good and educational purposes.

Red-Teaming-Toolkit - A collection of open source and commercial tools that aid in red team operations

A collection of open source and commercial tools that aid in red team operations. This repository will help you during red team engagement. If you want to contribute to this list send me a pull request.

juice-shop - OWASP Juice Shop is an intentionally insecure webapp for security trainings written entirely in Javascript which encompasses the entire OWASP Top Ten and other severe security flaws

•    Javascript

OWASP Juice Shop is an intentionally insecure web application written entirely in JavaScript which encompasses the entire range of OWASP Top Ten and other severe security flaws. Each packaged distribution includes some binaries for SQLite bound to the OS and node.js version which npm install was executed on.

archerysec - Open Source Vulnerability Assessment and Management helps developers and pentesters to perform scans and manage vulnerabilities

•    HTML

Archery is an opensource vulnerability assessment and management tool which helps developers and pentesters to perform scans and manage vulnerabilities. Archery uses popular opensource tools to perform comprehensive scanning for web application and network. It also performs web application dynamic authenticated scanning and covers the whole applications by using selenium. The developers can also utilize the tool for implementation of their DevOps CI/CD environment.

Cr3dOv3r - Know the dangers of credential reuse attacks.

•    Python

Your best friend in credential reuse attacks.

scanless - online port scan scraper

•    Python

Command-line utility for using websites that can perform port scans on your behalf.

drozer - The Leading Security Assessment Framework for Android.

•    Python

drozer (formerly Mercury) is the leading security testing framework for Android. drozer allows you to search for security vulnerabilities in apps and devices by assuming the role of an app and interacting with the Dalvik VM, other apps' IPC endpoints and the underlying OS.

needle - The iOS Security Testing Framework

•    Python

Needle is an open source, modular framework to streamline the process of conducting security assessments of iOS apps. Assessing the security of an iOS application typically requires a plethora of tools, each developed for a specific need and all with different modes of operation and syntax. The Android ecosystem has tools like "drozer" that have solved this problem and aim to be a ‘one stop shop’ for the majority of use cases, however iOS does not have an equivalent.