├── Readme.md
├── logo.png
└── svg
├── Docker.svg
├── Windows.svg
├── chrome.svg
├── linux.svg
└── mac.svg
/Readme.md:
--------------------------------------------------------------------------------
1 | # Pentest Tools
2 |
3 | 
4 |
5 | The tools listed below are commonly used in penetration testing, and the tool catalog is referenced from Kali Tools, most of which are open source software. The project long-term supplementary update QAQ
6 |
7 |
8 | ## TODO
9 |
10 | * [x] Directory
11 | * [ ] Browser bookmarks
12 | * [ ] Tools Usage
13 | * [x] Virtual machine - [Windows11 Penetration Suite Toolkit](https://github.com/arch3rPro/Pentest-Windows)
14 |
15 | ## List
16 | * [Information Gathering](#information-gathering)
17 | * [Vulnerability Analysis](#vulnerability-analysis)
18 | * [Web Applications](#web-applications)
19 | * [Database Assessment](#database-assessment)
20 | * [Password Attacks](#password-attacks)
21 | * [Wireless Attacks](#Wireless-Attacks)
22 | * [Reverse Engineering](#Reverse-Engineering)
23 | * [Exploitation Tools](#exploitation-tools)
24 | * [Sniffing & Spoofing](#Sniffing--Spoofing)
25 | * [Maintaining Access](#maintaining-access)
26 | * [Golang Sec Tools](#Golang-Sec-Tools)
27 | * [Reporting & Collaboration](#reporting--collaboration)
28 | * [Social Engineering](#Social-Engineering)
29 | * [Code Audit](#code-audit)
30 | * [Port Forwarding & Proxies](#port-forwarding--proxies)
31 | * [DevSecOps](#DevSecOps)
32 | * [RootKit](#RootKit)
33 | * [Pentesting Distribution](#Pentesting-Distribution)
34 | * [Cyber Range](#Cyber-Range)
35 |
36 | ### Information Gathering
37 |
38 | #### Domain Name
39 |
40 | * [whois](https://docs.microsoft.com/en-us/sysinternals/downloads/whois) - Windows Whois performs the registration record for the domain name or IP address that you specify. 
41 | * [DNSrecon-gui](https://github.com/micro-joan/DNSrecon-gui) - DNSrecon tool with GUI for Kali Linux
42 | * [Dnsx](https://github.com/projectdiscovery/dnsx) - dnsx is a fast and multi-purpose DNS toolkit allow to run multiple DNS queries of your choice with a list of user-supplied resolvers.
43 |
44 | #### Subdomain
45 |
46 | * [subDomainsBrute](https://github.com/lijiejie/subDomainsBrute) - A fast sub domain brute tool for pentesters 
47 | * [ksubdomain](https://github.com/boy-hack/ksubdomain) - Subdomain enumeration tool, asynchronous dns packets, use pcap to scan 1600,000 subdomains in 1 second 
48 | * [Sublist3r](https://github.com/aboul3la/Sublist3r) - Fast subdomains enumeration tool for penetration testers 
49 | * [OneForAll](https://github.com/shmilylty/OneForAll) - 👊 OneForAll is a powerful subdomain integration tool 
50 | * [LayerDomainFinder](https://github.com/euphrat1ca/LayerDomainFinder) - a subdomains enumeration tool by Layer 
51 | * [ct](https://github.com/knownsec/ct) - Collect information tools about the target domain.
52 | * [Subfinder](https://github.com/projectdiscovery/subfinder) - Subfinder is a subdomain discovery tool that discovers valid subdomains for websites. Designed as a passive framework to be useful for bug bounties and safe for penetration testing.
53 | * [Probable_subdomains](https://github.com/zzzteph/probable_subdomains) - Subdomains analysis and generation tool. Reveal the hidden!
54 | * [domains](https://weakpass.com/generate/domains) - Generate subdomains and wordlists Online.
55 | * [MassDNS](https://github.com/blechschmidt/massdns) - High-performance DNS stub resolver targeting those who seek to resolve a massive amount of domain names in the order of millions or even billions.
56 | * [altdns](https://github.com/infosec-au/altdns) - Altdns takes in words that could be present in subdomains under a domain (such as test, dev, staging) as well as takes in a list of subdomains that you know of.
57 | * [dnscan](https://github.com/rbsec/dnscan) - Fast and lightweight dns bruteforcer with built-in wordlist and zone transfer checks.
58 |
59 | #### Google Hacking
60 |
61 | * [GHDB](https://www.exploit-db.com/google-hacking-database/) - Google Hack Database 
62 | * [SearchDiggity](http://www.bishopfox.com/resources/tools/google-hacking-diggity/attack-tools/) - SearchDiggity 3.1 is the primary attack tool of the Google Hacking Diggity Project 
63 | * [Katana](https://github.com/adnane-X-tebbaa/Katana) - A Python Tool For google Hacking 
64 | * [GooFuzz](https://github.com/m3n0sd0n4ld/GooFuzz) - GooFuzz is a tool to perform fuzzing with an OSINT approach, managing to enumerate directories, files, subdomains or parameters without leaving evidence on the target's server and by means of advanced Google searches (Google Dorking). 
65 | * [Pagodo](https://github.com/opsdisk/pagodo) - pagodo (Passive Google Dork) - Automate Google Hacking Database scraping and searching . 
66 | * [Google-Dorks](https://github.com/Proviesec/google-dorks) - Useful Google Dorks for WebSecurity and Bug Bounty
67 |
68 | #### Github
69 |
70 | * [GitHacker](https://github.com/WangYihang/GitHacker) - 🕷️ A Git source leak exploit tool that restores the entire Git repository, including data from stash, for white-box auditing and analysis of developers' mind. 
71 | * [GitGraber](https://github.com/hisxo/gitGraber) - gitGraber is a tool developed in Python3 to monitor GitHub to search and find sensitive data in real time for different online services. 
72 | * [GitHound](https://github.com/tillson/git-hound) - Use GitHub Code Search API to find exposed API keys across all of GitHub, not just known repos and orgs. Comes with a web dashboard for filtering and tracking your results 
73 | * [GitMiner](https://github.com/UnkL4b/GitMiner) - Tool for advanced mining for content on Github. 
74 | * [Gitrob](https://github.com/michenriksen/gitrob) - Reconnaissance tool for GitHub organizations. 
75 | * [GitGot](https://github.com/BishopFox/GitGot) Semi-automated, feedback-driven tool to rapidly search through troves of public data on GitHub for sensitive secrets.
76 | * [GitDump](https://github.com/Ebryx/GitDump) - A pentesting tool that dumps the source code from .git even when the directory traversal is disabled
77 |
78 | #### SVN
79 |
80 | * [svnExploit](https://github.com/admintony/svnExploit) - Support for SVN source code disclosure of full version and Dump it. 
81 | * [SvnHack](https://github.com/callmefeifei/SvnHack) - SvnHack is a SVN folder disclosure exploit. :lock:
82 |
83 | #### Port Scan
84 |
85 | * [Nmap | Zenmap](https://nmap.org/) - Free and open source utility for network discovery and security auditing
86 | * [Masscan](https://github.com/robertdavidgraham/masscan) - TCP port scanner, spews SYN packets asynchronously
87 | * [Ports](https://github.com/nixawk/pentest-wiki/blob/master/3.Exploitation-Tools/Network-Exploitation/ports_number.md) - Common service ports and exploitations
88 | * [Goby](https://gobies.org/) - Attack surface mapping
89 | * [Gobyu-POC](https://github.com/20142995/Goby) - The POC of Goby .
90 | * [Goscan](https://github.com/marco-lancini/goscan) - Interactive Network Scanner
91 | * [NimScan](https://github.com/elddy/NimScan) - 🚀 Fast Port Scanner 🚀
92 | * [RustScan](https://github.com/RustScan/RustScan) - 🤖 The Modern Port Scanner 🤖
93 | * [TXPortMap](https://github.com/4dogs-cn/TXPortMap) - Port Scanner & Banner Identify From TianXiang
94 | * [Scaninfo](https://github.com/redtoolskobe/scaninfo) - fast scan for redtools
95 | * [SX](https://github.com/v-byte-cpu/sx) - 🖖 Fast, modern, easy-to-use network scanner 
96 | * [Yujianportscan](https://github.com/foryujian/yujianportscan) A Fast Port Scanner GUI Tools Build by VB.NET + IOCP
97 | * [Naabu](https://github.com/projectdiscovery/naabu) - A fast port scanner written in go with a focus on reliability and simplicity.
98 |
99 | #### OSINT
100 |
101 | * [theHarvester](https://github.com/laramies/theHarvester)- E-mails, subdomains and names Harvester - OSINT
102 | * [SpiderFoot](https://github.com/smicallef/spiderfoot) - SpiderFoot automates OSINT for threat intelligence and mapping your attack surface.
103 | * [Recon-ng](https://github.com/lanmaster53/recon-ng) - Open Source Intelligence gathering tool aimed at reducing the time spent harvesting information from open sources. 
104 | * [FOCA](https://github.com/ElevenPaths/FOCA) - Tool to find metadata and hidden information in the documents.
105 | * [Amass](https://github.com/OWASP/Amass) - In-depth Attack Surface Mapping and Asset Discovery
106 | * [Censys-subdomain-finder](https://github.com/christophetd/censys-subdomain-finder) - Perform subdomain enumeration using the certificate transparency logs from Censys.
107 | * [EmailHarvester](https://github.com/maldevel/EmailHarvester) - Email addresses harvester
108 | * [Finalrecon](https://github.com/thewhiteh4t/FinalRecon) - The Last Web Recon Tool You'll Need.
109 | * [LittleBrother](https://github.com/lulz3xploit/LittleBrother) - Information gathering (OSINT) on a person (EU)
110 | * [Octosuite](https://github.com/rly0nheart/octosuite) - Advanced Github OSINT Framework
111 | * [Kunyu](https://github.com/knownsec/Kunyu) - Kunyu, more efficient corporate asset collection
112 | * [Glass](https://github.com/s7ckTeam/Glass) - OSINT Framework with Fofa/ZoomEye/Shodan/360 API
113 | * [BBOT](https://github.com/blacklanternsecurity/bbot) - OSINT automation for hackers.
114 | * [octosuite](https://github.com/bellingcat/octosuite) - Advanced Github OSINT Framework
115 | * [GHunt](https://github.com/mxrch/GHunt) - 🕵️♂️ Offensive Google framework.
116 |
117 |
118 | ### Phishing
119 | * [gophish](https://github.com/gophish/gophish) - Open-Source Phishing Toolkit
120 | * [AdvPhishing](https://github.com/Ignitetch/AdvPhishing) - This is Advance Phishing Tool ! OTP PHISHING
121 | * [SocialFish](https://github.com/UndeadSec/SocialFish) - Educational Phishing Tool & Information Collector
122 | * [Zphisher](https://github.com/htr-tech/zphisher) - An automated phishing tool with 30+ templates. This Tool is made for educational purpose only ! Author will not be responsible for any misuse of this toolkit !
123 | * [Nexphisher](https://github.com/htr-tech/nexphisher) - Advanced Phishing tool for Linux & Termux
124 |
125 | ### Vulnerability Analysis
126 |
127 | #### Fuzzing
128 |
129 | * [httpX](https://github.com/projectdiscovery/httpx) -httpx is a fast and multi-purpose HTTP toolkit that allows running multiple probes using the retryablehttp library.
130 |
131 | #### Vulnerability Scanner
132 | * [Struts-Scan](https://github.com/Lucifer1993/struts-scan) - Struts2 vulnerability detection and utilization tools
133 | * [Nikto](https://github.com/sullo/nikto) - Nikto is an Open Source (GPL) web server scanner which performs comprehensive tests against web servers for multiple items
134 | * [W3af](https://github.com/andresriancho/w3af/) - Web application attack and audit framework, the open source web vulnerability scanner
135 | * [Openvas](http://www.openvas.org/) - The world's most advanced Open Source vulnerability scanner and manager
136 | * [Openvas Docker](https://github.com/mikesplain/openvas-docker)
137 | * [Archery](https://github.com/archerysec/archerysec) - Open Source Vulnerability Assessment and Management helps developers and pentesters to perform scans and manage vulnerabilities
138 | * [Taipan](https://github.com/enkomio/Taipan) - Web application vulnerability scanner
139 | * [Arachni](https://github.com/Arachni/arachni) - Web Application Security Scanner Framework
140 | * [Nuclei](https://github.com/projectdiscovery/nuclei) - Fast and customizable vulnerability scanner based on simple YAML based DSL.
141 | * [Xray](https://github.com/chaitin/xray) - A passive-vulnerability-scanner Tool. 
142 | * [Super-Xray](https://github.com/4ra1n/super-xray) - Web Vulnerability Scanner XRAY GUI Starter 
143 | * [SiteScan](https://github.com/kracer127/SiteScan) - AllinOne Website Information Gathering Tools for pentest.
144 | * [Banli](https://github.com/Goqi/Banli) - High-risk asset identification and high-risk vulnerability scanner. 
145 | * [vscan](https://github.com/veo/vscan) - Open Source Vulnerability Scanner. 
146 | * [Wapiti](https://github.com/wapiti-scanner/wapiti) - Web vulnerability scanner written in Python3.
147 | * [Scaninfo](https://github.com/redtoolskobe/scaninfo) - fast scan for redtools
148 | * [osv-scanner](https://github.com/google/osv-scanner) - Vulnerability scanner written in Go which uses the data provided by https://osv.dev
149 | * [Afrog](https://github.com/zan8in/afrog) - A Vulnerability Scanning Tools For Penetration Testing
150 | * [OpalOPC](https://opalopc.com/) - A vulnerability and misconfiguration scanner for OPC UA applications
151 | * [ZeroThreat](https://zerothreat.ai/) - An Ai-Powered Web App & API Vulnerability Scanning and Pentesting Platform.
152 |
153 | ### Web Applications
154 |
155 | #### CMS & Framwork Identification
156 |
157 | * [AngelSword](https://github.com/Lucifer1993/AngelSword) - CMS vulnerability detection framework :lock:
158 | * [WhatWeb](https://github.com/urbanadventurer/WhatWeb) - Next generation web scanner 
159 | * [Wappalyzer](https://github.com/AliasIO/Wappalyzer) - Cross-platform utility that uncovers the technologies used on websites 
160 | * [Whatruns](https://www.whatruns.com/) - A free browser extension that helps you identify technologies used on any website at the click of a button (Just for chrome)
161 | * [WhatCMS](https://github.com/HA71/WhatCMS) - CMS Detection and Exploit Kit based on Whatcms.org API
162 | * [CMSeeK](https://github.com/Tuhinshubhra/CMSeeK) - CMS Detection and Exploitation suite - Scan WordPress, Joomla, Drupal and over 180 other CMSs
163 | * [EHole](https://github.com/EdgeSecurityTeam/EHole) - CMS Detection for RedTeam 
164 | * [ObserverWard](https://github.com/0x727/ObserverWard) - Cross platform community web fingerprint identification tool
165 | * [FingerprintHub](https://github.com/0x727/FingerprintHub) - The Database of ObserverWard
166 |
167 | > Online Tools
168 |
169 | * [Yunsee](http://www.yunsee.cn/) - Online website for to find the CMS footprint 
170 | * [Bugscaner](http://whatweb.bugscaner.com/look/) - A simple online fingerprint identification system that supports hundreds of cms source code recognition 
171 | * [WhatCMS online](https://whatcms.org/) - CMS Detection and Exploit Kit website Whatcms.org 
172 | * [TideFinger](http://finger.tidesec.com/) - Fingerprinter Tool from TideSec Team :lock: 
173 | * [360finger-p](https://fp.shuziguanxing.com/) - Fingerprinter Tool from 360 Team 
174 |
175 | #### Web Applications Proxies
176 | * [Burpsuite](https://portswigger.net/) - Burpsuite is a graphical tool for testing Web application security 
177 | * [ZAP](https://github.com/zaproxy/zaproxy) One of the world’s most popular free security tools 
178 | * [Mitmproxy](https://github.com/mitmproxy/mitmproxy) - An interactive TLS-capable intercepting HTTP proxy for penetration testers and software developers. 
179 | * [Broxy](https://github.com/rhaidiz/broxy) - An HTTP/HTTPS intercept proxy written in Go. 
180 | * [Hetty](https://github.com/dstotijn/hetty) - An HTTP toolkit for security research. 
181 | * [Proxify](https://github.com/projectdiscovery/proxify) - Swiss Army knife Proxy tool for HTTP/HTTPS traffic capture, manipulation, and replay on the go.
182 |
183 | #### web browser extension
184 |
185 | * [Hack-Tools](https://github.com/LasCC/Hack-Tools) - The all-in-one Red Team extension for Web Pentester 🛠
186 |
187 | #### Web Crawlers & Directory Brute Force
188 |
189 | * [Dirbrute](https://github.com/Xyntax/DirBrute) - Multi-thread WEB directory blasting tool (with dics inside) :lock:
190 | * [Dirb](https://dirb.sourceforge.net/) - DIRB is a Web Content Scanner. It looks for existing (and/or hidden) Web Objects. It basically works by launching a dictionary based attack against a web server and analyzing the responses. 
191 | * [ffuf](https://github.com/ffuf/ffuf) - Fast web fuzzer written in Go. 
192 | * [Dirbuster](https://sourceforge.net/projects/dirbuster/) - DirBuster is a multi threaded java application designed to brute force directories and files names on web/application servers. 
193 | * [Dirsearch](https://github.com/maurosoria/dirsearch) - Web path scanner. 
194 | * [Gobuster](https://github.com/OJ/gobuster) Directory/File, DNS and VHost busting tool written in Go. 
195 | * [WebPathBrute](https://github.com/7kbstorm/7kbscan-WebPathBrute) - Web path Bruter. 
196 | * [wfuzz](https://github.com/xmendez/wfuzz) - Web application fuzzer 
197 | * [Dirmap](https://github.com/H4ckForJob/dirmap) - An advanced web directory & file scanning tool that will be more powerful than DirBuster, Dirsearch, cansina, and Yu Jian.
198 | * [YJdirscan](https://github.com/foryujian/yjdirscan) - Yujian dirscan Gui Pro
199 |
200 |
201 | #### Docker Scanners
202 |
203 | * [Fuxi-Scanner](https://github.com/jeffzh3ng/Fuxi-Scanner) - open source network security vulnerability scanner, it comes with multiple functions. 
204 | * [Xunfeng](https://github.com/ysrc/xunfeng) - The patrol is a rapid emergency response and cruise scanning system for enterprise intranets. 
205 | * [WebMap](https://github.com/SabyasachiRana/WebMap) - Nmap Web Dashboard and Reporting. 
206 | * [Pentest-Collaboration-Framework](https://gitlab.com/invuls/pentest-projects/pcf) - Opensource, cross-platform and portable toolkit for automating routine processes when carrying out various works for testing!
207 |
208 |
209 | ### Database Assessment
210 |
211 | * [Enumdb](https://github.com/m8sec/enumdb) - Relational database brute force and post exploitation tool for MySQL and MSSQL
212 | * [MDUT](https://github.com/SafeGroceryStore/MDUT) - Multiple Database Utilization Tools
213 | * [Sylas](https://github.com/Ryze-T/Sylas) - Multiple Database Exploitation Tools
214 | * [ODAT](https://github.com/quentinhardy/odat) - Oracle Database Attacking Tool
215 | * [MSDAT](https://github.com/quentinhardy/msdat) - Microsoft SQL Database Attacking Tool
216 |
217 | ### Password Attacks
218 |
219 | * [Hydra](https://github.com/vanhauser-thc/thc-hydra) - Hydra is a parallelized login cracker which supports numerous protocols to attack
220 | * [Medusa](http://foofus.net/goons/jmk/medusa/medusa.html) - Medusa is intended to be a speedy, massively parallel, modular, login brute-forcer
221 | * [Sparta](https://github.com/SECFORCE/sparta) - Network Infrastructure Penetration Testing Tool. 
222 | * [Hashcat](https://github.com/hashcat/hashcat) - World's fastest and most advanced password recovery utility
223 | * [Patator](https://github.com/lanjelot/patator) - Patator is a multi-purpose brute-forcer, with a modular design and a flexible usage.
224 | * [HackBrowserDat](https://github.com/moonD4rk/HackBrowserData) - Decrypt passwords/cookies/history/bookmarks from the browser
225 | * [John](https://github.com/openwall/john) - John the Ripper jumbo - advanced offline password cracker, which supports hundreds of hash and cipher types, and runs on many operating systems, CPUs, GPUs, and even some FPGAs.
226 | * [crowbar](https://github.com/galkan/crowbar) - brute forcing tool that can be used during penetration tests. Supports OpenVPN, RDP (with NLA), ssh and VNC.
227 |
228 | #### Wordlists
229 |
230 | * [wordlists](https://github.com/trickest/wordlists/) - Real-world infosec wordlists, updated regularly
231 | * [psudohash](https://github.com/t3l3machus/psudohash) - Password list generator that focuses on keywords mutated by commonly used password creation patterns
232 | * [wister](https://github.com/cycurity/wister) - A wordlist generator tool, that allows you to supply a set of words, giving you the possibility to craft multiple variations from the given words, creating a unique and ideal wordlist to use regarding a specific target.
233 | * [Rockyou](https://gitlab.com/kalilinux/packages/wordlists) - wordlists packaging for Kali Linux.
234 | * [Weakpass](https://weakpass.com/) - For any kind of bruteforce find wordlists.
235 |
236 | ### Wireless Attacks
237 |
238 | #### Wireless Tools
239 |
240 | * [Fern Wifi cracker](https://github.com/savio-code/fern-wifi-cracker) - Fern-Wifi-Cracker is designed to be used in testing and discovering flaws in ones own network with the aim of fixing the flaws detected
241 | * [EAPHammer](https://github.com/s0lst1c3/eaphammer) - EAPHammer is a toolkit for performing targeted evil twin attacks against WPA2-Enterprise networks.
242 | * [Wifite2](https://github.com/derv82/wifite2) - Wifite is designed to use all known methods for retrieving the password of a wireless access point.
243 | * [JackIt](https://github.com/insecurityofthings/jackit) - Implementation of Bastille's MouseJack exploit. Easy entry point through wireless keyboards and mices during redteam engagement.
244 |
245 | ### Reverse Engineering
246 |
247 | * [Ollydbg](http://www.ollydbg.de/) - OllyDbg is a 32-bit assembler level analysing debugger for Microsoft Windows
248 |
249 | ### Exploitation Tools
250 |
251 | #### Vulnerability Search
252 |
253 | * [SPLOITUS](https://sploitus.com) - Sploitus is а convenient central place for identifying the newest exploits and finding attacks that exploit known vulnerabilities
254 | * [SearchSploit](https://github.com/offensive-security/exploitdb) - The official Exploit Database repository
255 | * [Getsploit](https://github.com/vulnersCom/getsploit) - Command line utility for searching and downloading exploits
256 | * [Houndsploit](https://github.com/nicolas-carolo/houndsploit) - An advanced graphical search engine for Exploit-DB
257 | * [OSV](https://osv.dev/) - Open source vulnerability DB and triage service.
258 |
259 | #### Cross-site Scripting(XSS)
260 |
261 | * [BeeF](https://github.com/beefproject/beef) - The Browser Exploitation Framework Project
262 | * [BlueLotus_XSSReceiver](https://github.com/firesunCN/BlueLotus_XSSReceiver) - XSS Receiver platform without SQL
263 | * [XSStrike](https://github.com/s0md3v/XSStrike) - Most advanced XSS scanner.
264 | * [xssor2](https://github.com/evilcos/xssor2) - XSS'OR - Hack with JavaScript.
265 | * [Xsser-Varbaek](https://github.com/Varbaek/xsser) - From XSS to RCE 2.75 - Black Hat Europe Arsenal 2017 + Extras
266 | * [Xsser-Epsylon](https://github.com/epsylon/xsser) - Cross Site "Scripter" (aka XSSer) is an automatic framework to detect, exploit and report XSS vulnerabilities in web-based applications.
267 | * [Xenotix](https://github.com/ajinabraham/OWASP-Xenotix-XSS-Exploit-Framework) - An advanced Cross Site Scripting (XSS) vulnerability detection and exploitation framework
268 | * [PwnXSS](https://github.com/pwn0sec/PwnXSS) - PwnXSS: Vulnerability (XSS) scanner exploit
269 | * [dalfox](https://github.com/hahwul/dalfox) - 🌙🦊 DalFox is an powerful open source XSS scanning tool and parameter analyzer, utility
270 | * [ezXSS](https://github.com/ssl/ezXSS) - ezXSS is an easy way for penetration testers and bug bounty hunters to test (blind) Cross Site Scripting.
271 |
272 | #### Sql Injection
273 |
274 | * [Sqlmap](https://github.com/sqlmapproject/sqlmap) - Automatic SQL injection and database takeover tool
275 | * [SSQLInjection](https://github.com/shack2/SuperSQLInjectionV1) - SSQLInjection is a SQL injection tool , support Access/MySQL/SQLServer/Oracle/PostgreSQL/DB2/SQLite/Informix Database.
276 | * [Jsql-injection](https://github.com/ron190/jsql-injection) jSQL Injection is a Java application for automatic SQL database injection.
277 | * [NoSQLMap](https://github.com/codingo/NoSQLMap) - Automated NoSQL database enumeration and web application exploitation tool.
278 | * [Sqlmate](https://github.com/s0md3v/sqlmate) - A friend of SQLmap which will do what you always expected from SQLmap
279 | * [SQLiScanner](https://github.com/0xbug/SQLiScanner) - Automatic SQL injection with Charles and sqlmap api
280 | * [sql-injection-payload-list](https://github.com/payloadbox/sql-injection-payload-list) - 🎯 SQL Injection Payload List
281 | * [Advanced-SQL-Injection-Cheatsheet](https://github.com/kleiton0x00/Advanced-SQL-Injection-Cheatsheet) - A cheat sheet that contains advanced queries for SQL Injection of all types.
282 |
283 | #### Command Injection
284 |
285 | * [Commix](https://github.com/commixproject/commix) - Automated All-in-One OS command injection and exploitation tool
286 |
287 | #### File Include
288 |
289 | * [LFIsuite](https://github.com/D35m0nd142/LFISuite) - Totally Automatic LFI Exploiter (+ Reverse Shell) and Scanner
290 | * [Lfi-Space](https://github.com/capture0x/Lfi-Space) - Lfi Scan Tool
291 | * [Kadimus](https://github.com/P0cL4bs/Kadimus) - Kadimus is a tool to check sites to lfi vulnerability , and also exploit it
292 | * [Shellfire](https://github.com/unix-ninja/shellfire) - Exploitation shell for exploiting LFI, RFI, and command injection vulnerabilities
293 | * [LFIter2](https://github.com/3mrgnc3/LFIter2) - LFIter2 Local File Include (LFI) Tool - Auto File Extractor & Username Bruteforcer
294 | * [FDsploit](https://github.com/chrispetrou/FDsploit) - File Inclusion & Directory Traversal fuzzing, enumeration & exploitation tool.
295 |
296 | #### File Upload vulnerability
297 |
298 | * [Fuxploider](https://github.com/almandin/fuxploider) - File upload vulnerability scanner and exploitation tool
299 |
300 | #### XML External Entity Attack(XXE)
301 |
302 | * [XXEinjector](https://github.com/enjoiz/XXEinjector) - Tool for automatic exploitation of XXE vulnerability using direct and different out of band methods
303 | * [Oxml_xxe](https://github.com/BuffaloWill/oxml_xxe) - A tool for embedding XXE/XML exploits into different filetypes
304 |
305 | #### Cross-site request forgery (CSRF)
306 |
307 | * [Deemon](https://github.com/tgianko/deemon/) - Deemon is a tool to detect CSRF in web application
308 |
309 | #### Deserialization exploit framework
310 |
311 | * [Ysomap](https://github.com/wh1t3p1g/ysomap) - A helpful Java Deserialization exploit framework.
312 |
313 | #### Exploit Framework
314 |
315 | * [POC-T](https://github.com/Xyntax/POC-T) - Pentest Over Concurrent Toolkit
316 | * [Pocsuite3](https://github.com/knownsec/pocsuite3) - pocsuite3 is an open-sourced remote vulnerability testing framework developed by the Knownsec 404 Team.
317 | * [Metasploit](https://github.com/rapid7/metasploit-framework) - The world’s most used penetration testing framework
318 | * [Venom](https://github.com/r00t-3xp10it/venom) - Shellcode generator/compiler/handler (metasploit)
319 | * [Empire](https://github.com/BC-SECURITY/Empire) - Empire is a PowerShell and Python post-exploitation agent
320 | * [Starkiller](https://github.com/BC-SECURITY/Starkiller) - Starkiller is a Frontend for PowerShell Empire.
321 | * [Koadic](https://github.com/zerosum0x0/koadic) - Koadic C3 COM Command & Control - JScript RAT
322 | * [Viper](https://github.com/FunnyWolf/Viper) - metasploit-framework UI manager Tools
323 | * [MSFvenom-gui](https://github.com/ssooking/msfvenom-gui) - gui tool to create normal payload by msfvenom
324 | * [MYExploit](https://github.com/achuna33/MYExploit) - A GUI Tools for Scanning OA vulnerabilities
325 | * [ronin-exploits](https://github.com/ronin-rb/ronin-exploits#readme) - A Ruby micro-framework for writing and running exploits and payloads.
326 |
327 | #### Machine Learning
328 |
329 | * [DeepExploit](https://github.com/13o-bbr-bbq/machine_learning_security/tree/master/DeepExploit) - Fully automatic penetration test tool using Machine Learning
330 | * [GyoiThon](https://github.com/gyoisamurai/GyoiThon) - GyoiThon is a growing penetration test tool using Machine Learning
331 | * [Generator](https://github.com/13o-bbr-bbq/machine_learning_security/tree/master/Generator) - Fully automatically generate numerous injection codes for web application assessment
332 |
333 | #### Automate
334 | * [AutoSploit](https://github.com/NullArray/AutoSploit) - Automated Mass Exploiter
335 | * [WinPwn](https://github.com/SecureThisShit/WinPwn) - Automation for internal Windows Penetrationtest / AD-Security
336 |
337 | ### Sniffing & Spoofing
338 |
339 | * [WireShark](https://github.com/wireshark/wireshark) - Wireshark is a network traffic analyzer, or "sniffer", for Unix and Unix-like operating systems.
340 | * [Cain & abel](http://www.oxid.it/cain.html) - Cain & Abel is a password recovery tool for Microsoft Operating Systems.
341 | * [Responder](https://github.com/lgandx/Responder) - Responder is an LLMNR, NBT-NS and MDNS poisoner.
342 | * [bettercap](https://github.com/bettercap/bettercap) - ARP, DNS, NDP and DHCPv6 spoofers for MITM attacks on IPv4 and IPv6 based networks
343 | * [EvilFOCA](https://github.com/ElevenPaths/EvilFOCA) - Evil Foca is a tool for security pentesters and auditors whose purpose it is to test security in IPv4 and IPv6 data networks.
344 |
345 | ### Maintaining Access
346 |
347 | #### Shell
348 |
349 | * [Goshell](https://github.com/eze-kiel/goshell) - Generate reverse shells in command line with Go !
350 | * [Print-My-Shell](https://github.com/sameera-madushan/Print-My-Shell) - Python script wrote to automate the process of generating various reverse shells.
351 | * [Reverse-shell-generator](https://github.com/0dayCTF/reverse-shell-generator) - Hosted Reverse Shell generator with a ton of functionality. -- (Great for CTFs)
352 | * [Girsh](https://github.com/nodauf/Girsh) - Automatically spawn a reverse shell fully interactive for Linux or Windows victim
353 | * [Blueshell](https://github.com/whitehatnote/BlueShell) - Generate a reverse shells for RedTeam
354 | * [Clink](http://mridgers.github.io/clink/) - Powerful Bash-style command line editing for cmd.exe
355 | * [Natpass](https://github.com/jkstack/natpass) - A new RAT Tools, Support Web VNC and Webshell
356 | * [Platypus](https://github.com/WangYihang/Platypus) 🔨 A modern multiple reverse shell sessions manager written in go
357 | * [shells](https://github.com/4ndr34z/shells/) - Script for generating revshells
358 | * [Reverse_ssh](https://github.com/NHAS/reverse_ssh) - SSH based reverse shell
359 | * [Hoaxshell](https://github.com/t3l3machus/hoaxshell) - A Windows reverse shell payload generator and handler that abuses the http(s) protocol to establish a beacon-like reverse shell.
360 |
361 | #### Listener
362 |
363 | * [Netcat](https://netcat.sourceforge.net/) - Netcat is a featured networking utility which reads and writes data across network connections, using the TCP/IP protocol.
364 | * [Rustcat](https://github.com/robiot/rustcat) - Rustcat(rcat) - The modern Port listener and Reverse shell.
365 | * [Rlwrap](https://github.com/hanslub42/rlwrap) - A readline wrapper.
366 | * [Pwncat](https://github.com/calebstewart/pwncat) - Fancy reverse and bind shell handler.
367 | * [Powercat](https://github.com/besimorhino/powercat) - netshell features all in version 2 powershell.
368 | * [Socat](https://repo.or.cz/socat.git) - Socat is a flexible, multi-purpose relay tool.
369 |
370 | #### Web Shell
371 |
372 | * Chopper
373 | > Tips: The tool comes from the network, no backdoor verification, please choose it on yourself......
374 |
375 | > Link: https://pan.baidu.com/s/1VnXkoQU-srSllG6JaY0nTA Password: v71d
376 |
377 | * [AntSword](https://github.com/AntSwordProject/antSword) : [Document](https://doc.u0u.us/zh-hans/index.html) - AntSword is a cross-platform website management toolkit
378 |
379 | * [CKnife](https://github.com/Chora10/Cknife) - The cross platform webshell tool in java
380 | > Tips: The tool comes from the network, no backdoor verification, please choose it on yourself......
381 |
382 | > Link: https://pan.baidu.com/s/1QZrnWU7DUuJhiXl7u1kELw Password: hjrh
383 |
384 | * [Behinder](https://github.com/rebeyond/Behinder) - dynamic binary encryption webshell management client
385 | * [Godzilla](https://github.com/BeichenDream/Godzilla) - a Java tool to encrypt network traffic
386 | * [Skyscorpion](https://github.com/shack2/skyscorpion) - Modified version of Behinder.
387 | * [PyShell](https://github.com/JoelGMSec/PyShell) - Multiplatform Python WebShell.
388 | * [Weevely3](https://github.com/epinna/weevely3) - Weaponized web shell.
389 | * [Bantam](https://github.com/gellin/bantam) - A PHP backdoor management and generation tool/C2 featuring end to end encrypted payload streaming designed to bypass WAF, IDS, SIEM systems.
390 | * [Awsome-Webshells](https://github.com/abhinavprasad47/Awsome-Webshells) - Collection of reverse shells.
391 | * [php-reverse-shell](https://github.com/pentestmonkey/php-reverse-shell) - Simple php reverse shell implemented using binary.
392 | * [Webshell_Generate](https://github.com/cseroad/Webshell_Generate) - Generate kind of Webshells bypass AV
393 |
394 | #### Privilege Escalation Auxiliary
395 |
396 | * [windows-exploit-suggester](https://github.com/GDSSecurity/Windows-Exploit-Suggester) - This tool compares a targets patch levels against the Microsoft vulnerability database in order to detect potential missing patches on the target
397 | * [Windows-kernel-exploits](https://github.com/SecWiki/windows-kernel-exploits) - windows-kernel-exploits
398 | * [linux-exploit-suggester-2](https://github.com/jondonas/linux-exploit-suggester-2) - Next-Generation Linux Kernel Exploit Suggester
399 | * [Linux-kernel-exploits](https://github.com/SecWiki/linux-kernel-exploits) - linux-kernel-exploits Linux
400 | * [BeRoot](https://github.com/AlessandroZ/BeRoot) - Privilege Escalation Project - Windows / Linux / Mac
401 | * [PE-Linux](https://github.com/WazeHell/PE-Linux) - Linux Privilege Escalation Tool By WazeHell
402 | * [Portia](https://github.com/SpiderLabs/portia) - Portia aims to automate a number of techniques commonly performed on internal network penetration tests after a low privileged account has been compromised.
403 | * [PEASS-ng](https://github.com/carlospolop/PEASS-ng) - PEASS - Privilege Escalation Awesome Scripts SUITE (with colors)
404 | * [GTFOBins](https://gtfobins.github.io/) - GTFOBins is a curated list of Unix binaries that can be used to bypass local security restrictions in misconfigured systems.
405 | * [LOLBAS](https://lolbas-project.github.io/) - Living Off The Land Binaries, Scripts and Libraries.
406 | * [WADComs](https://wadcoms.github.io/) - WADComs is an interactive cheat sheet, containing a curated list of offensive security tools and their respective commands, to be used against Windows/AD environments.
407 | * [HijackLibs](https://hijacklibs.net/) - DLL Hijacking is, in the broadest sense, tricking a legitimate/trusted application into loading an arbitrary DLL.
408 | * [GTFOBLookup](https://github.com/nccgroup/GTFOBLookup) - Offline command line lookup utility for GTFOBins、LOLBAS and WADComs.
409 | * [PrintNotifyPotato](https://github.com/BeichenDream/PrintNotifyPotato) - PrintNotifyPotato
410 |
411 | #### C2
412 |
413 | * [DeimosC2](https://github.com/DeimosC2/DeimosC2) - DeimosC2 is a Golang command and control framework for post-exploitation.
414 | * [Sliver](https://github.com/BishopFox/sliver) - Implant framework
415 | * [PHPSploit](https://github.com/nil0x42/phpsploit) - Full-featured C2 framework which silently persists on webserver via evil PHP oneliner 😈
416 | * [Shad0w](https://github.com/bats3c/shad0w) - A post exploitation framework designed to operate covertly on heavily monitored environments (Win8、Win10)
417 | * [Covenant](https://github.com/cobbr/Covenant) - Covenant is a collaborative .NET C2 framework for red teamers.
418 | * [Emp3r0r](https://github.com/jm33-m0/emp3r0r) - linux post-exploitation framework made by linux user
419 | * [C3](https://github.com/FSecureLABS/C3) - Custom Command and Control (C3). A framework for rapid prototyping of custom C2 channels, while still providing integration with existing offensive toolkits.
420 | * [byob](https://github.com/malwaredllc/byob) - An open-source post-exploitation framework for students, researchers and developers.
421 | * [Havoc](https://github.com/HavocFramework/Havoc) - Havoc is a modern and malleable post-exploitation command and control framework.
422 | * [Villain](https://github.com/t3l3machus/Villain) - Villain is a Windows & Linux backdoor generator and multi-session handler that allows users to connect with sibling servers (other machines running Villain) and share their backdoor sessions, handy for working as a team.
423 |
424 | #### Bypass AV
425 |
426 | * [Shellcodeloader](https://github.com/knownsec/shellcodeloader) - ShellcodeLoader of windows can bypass AV.
427 | * [AV_Evasion_Tool](https://github.com/1y0n/AV_Evasion_Tool) - AntiVirus Shellcode generation tool.
428 | * [BypassAntiVirus](https://github.com/TideSec/BypassAntiVirus) - Remote control anti-kill series articles and supporting tools.
429 | * [MateuszEx](https://github.com/sairson/MateuszEx) - Bypass AV generation tool
430 | * [FourEye](https://github.com/lengjibo/FourEye) - AV Evasion Tool For Red Team Ops
431 | * [Phantom-Evasion](https://github.com/oddcod3/Phantom-Evasion) - Python antivirus evasion tool
432 | * [Terminator](https://github.com/ZeroMemoryEx/Terminator) - Terminating all EDR/XDR/AVs processes by abusing the zam64.sys driver
433 | * [foolavc](https://github.com/hvqzao/foolavc) - Obscures your executable for file checks and executes it in memory.
434 |
435 |
436 | ### Golang Sec Tools
437 | > Tips: Golang is a excellent cross platform language for security.
438 |
439 | * [Naabu](https://github.com/projectdiscovery/naabu) - A fast port scanner written in go with focus on reliability and simplicity.
440 | * [ServerScan](https://github.com/Adminisme/ServerScan) - A high concurrency network scanning and service detection tool developed by golang.
441 |
442 | ### Reporting & Collaboration
443 |
444 | * [Vulnreport](https://github.com/salesforce/vulnreport) - Open-source pentesting management and automation platform by Salesforce Product Security
445 | * [Pentest-Collaboration-Framework](https://gitlab.com/invuls/pentest-projects/pcf) - Opensource, cross-platform and portable toolkit for automating routine processes when carrying out various works for testing!
446 | * [CervantesSec](https://github.com/CervantesSec/cervantes) - Cervantes is an opensource collaborative platform for pentesters or red teams who want to save time to manage their projects, clients, vulnerabilities and reports in one place.
447 | * [Hexway Hive](https://hexway.io/hive/) - Self hosted pentest collaboration, multi-source data aggregation and reporting framework with customizable templatess, methodologies and cats 🙀
448 |
449 | ### Social Engineering Tools
450 |
451 |
452 | ### Code Audit
453 |
454 | * [Cloc](https://github.com/AlDanial/cloc) - cloc counts blank lines, comment lines, and physical lines of source code in many programming languages
455 | * [Cobra](https://github.com/WhaleShark-Team/cobra) - Source Code Security Audit
456 | * [Cobra-W](https://github.com/LoRexxar/Cobra-W) - Cobra for white hat
457 | * [Graudit](https://github.com/wireghoul/graudit) - Grep rough audit - source code auditing tool
458 | * [Rips](https://github.com/ripsscanner/rips) - A static source code analyser for vulnerabilities in PHP scripts
459 | * [Kunlun-M](https://github.com/LoRexxar/Kunlun-M) - KunLun-M is a static code analysis system that automates the detecting vulnerabilities and security issue.
460 | * [Semgrep](https://semgrep.dev/) - Semgrep is a fast, open-source, static analysis engine for finding bugs, detecting vulnerabilities in third-party dependencies, and enforcing code standards.
461 |
462 | ### Intranet penetration
463 |
464 | #### Service Detection
465 |
466 | * [Netspy](https://github.com/shmilylty/netspy) - A tool to quickly detect the reachable network segments of the intranet.
467 | * [Cube](https://github.com/JKme/cube) - Intranet penetration testing tools, weak password blasting, information collection and vulnerability scanning.
468 |
469 | #### Port Forwarding & Proxies
470 |
471 | * [EarthWorm](https://github.com/rootkiter/EarthWorm) - Tool for tunnel
472 | * [Termite](https://github.com/rootkiter/Termite/) - Tool for tunnel (Version 2)
473 | * [Frp](https://github.com/fatedier/frp) - A fast reverse proxy to help you expose a local server behind a NAT or firewall to the internet
474 | * [Nps](https://github.com/ehang-io/nps/) - A lightweight, high-performance, powerful intranet penetration proxy server, with a powerful web management terminal.
475 | * [Goproxy](https://github.com/snail007/goproxy) - A high-performance, full-featured, cross platform proxy server
476 | * [ReGeorg](https://github.com/sensepost/reGeorg) - The successor to reDuh, pwn a bastion webserver and create SOCKS proxies through the DMZ. Pivot and pwn
477 | * [Neo-reGeorg](https://github.com/L-codes/Neo-reGeorg) - Neo-reGeorg is a project that seeks to aggressively refactor reGeorg
478 | * [Venom](https://github.com/Dliv3/Venom) - A Multi-hop Proxy for Penetration Testers
479 | * [Stowaway](https://github.com/ph4ntonn/Stowaway) - 👻 Stowaway -- Multi-hop Proxy Tool for pentesters
480 | * [rport](https://github.com/cloudradar-monitoring/rport) - Manage remote systems with ease.
481 | * [PortForward](https://github.com/knownsec/PortForward) - The port forwarding tool developed by Golang solves the problem that the internal and external networks cannot communicate in certain scenarios.
482 | * [Suo5](https://github.com/zema1/suo5) - A high-performance http proxy tunneling tool
483 |
484 |
485 | ### DevSecOps
486 |
487 | ### RootKit
488 |
489 | * [Beurk](https://github.com/unix-thrust/beurk) - BEURK Experimental Unix RootKit
490 | * [Bedevil](https://github.com/naworkcaj/bdvl) - LD_PRELOAD Linux rootkit (x86 & ARM)
491 |
492 | ### Audit Tools
493 |
494 | * [DevAudit](https://github.com/OSSIndex/DevAudit) - Open-source, cross-platform, multi-purpose security auditing tool
495 |
496 | ### Pentesting Distribution
497 |
498 | * [Backbox Linux](https://linux.backbox.org) - penetration testing and security assessment oriented Linux distribution
499 | * [Kali Linux](https://www.kali.org) - Debian-based pentesting distribution
500 | * [BlackArch Linux](https://blackarch.org) - Arch Linux-based penetration testing distribution
501 | * [Parrot Security](https://parrotlinux.org) - The ultimate framework for your Cyber Security operations
502 | * [ArchStrike](https://archstrike.org) - Arch Linux respository for security professionals
503 |
504 | ### Cyber Range
505 |
506 | #### Vulnerability application
507 |
508 | * [DVWA](https://github.com/ethicalhack3r/DVWA) - Damn Vulnerable Web Application (DVWA)
509 | * [WebGoat](https://github.com/WebGoat/WebGoat) - WebGoat is a deliberately insecure web application maintained by OWASP designed to teach web application security lessons
510 | * [DSVW](https://github.com/stamparm/DSVW) - DSVW is a deliberately vulnerable web application written in under 100 lines of code, created for educational purposes
511 | * [DVWS](https://github.com/snoopysecurity/dvws) - Damn Vulnerable Web Services is an insecure web application with multiple vulnerable web service components that can be used to learn real world web service vulnerabilities
512 | * [XVWA](https://github.com/s4n7h0/xvwa) - XVWA is a badly coded web application written in PHP/MySQL that helps security enthusiasts to learn application security
513 | * [BWAPP](http://www.mmebvba.com/sites/bwapp/index.htm) - A buggy web application whit more than 100 vulnerabilities
514 | * [Sqli-lab](https://github.com/Audi-1/sqli-labs) - SQLI labs to test error based, Blind boolean based, Time based
515 | * [HackMe-SQL-Injection-Challenges](https://github.com/breakthenet/HackMe-SQL-Injection-Challenges) - Hack your friend's online MMORPG game - specific focus, sql injection opportunities
516 | * [XSS-labs](https://github.com/paralax/xss-labs) - Small set of scripts to practice exploit XSS and CSRF vulnerabilities
517 | * [SSRF-lab](https://github.com/m6a-UdS/ssrf-lab) - Lab for exploring SSRF vulnerabilities
518 | * [SSRF_Vulnerable_Lab](https://github.com/incredibleindishell/SSRF_Vulnerable_Lab) - This Lab contain the sample codes which are vulnerable to Server-Side Request Forgery attack
519 | * [LFI-labs](https://github.com/paralax/lfi-labs) - Small set of PHP scripts to practice exploiting LFI, RFI and CMD injection vulns
520 | * [Commix-testbed](https://github.com/commixproject/commix-testbed) - A collection of web pages, vulnerable to command injection flaws
521 | * [File-Upload-Lab](https://github.com/LunaM00n/File-Upload-Lab) - Damn Vulnerable File Upload V 1.1
522 | * [Upload-labs](https://github.com/c0ny1/upload-labs) - A summary of all types of uploading vulnerabilities for you
523 | * [XXE-Lab](https://github.com/c0ny1/xxe-lab) - A XXE vulnerability Demo containing language versions such as PHP, Java, python, C#, etc
524 | * [Vulnerable-Flask-App](https://github.com/anil-yelken/Vulnerable-Flask-App) - Erlik2 Vulnerable-Flask-App provided by [anil-yelken](https://github.com/anil-yelken).
525 |
526 | #### Simulation Range
527 |
528 | * [Fopnp](https://github.com/brandon-rhodes/fopnp/tree/m/playground) - A Network Playground for
529 | 《Foundations of Python Network Programming》
530 |
531 | * [CyberRange](https://github.com/secdevops-cuse/CyberRange) - The Open-Source AWS Cyber Range
532 |
533 | * [Pentest-Ground](https://pentest-ground.com/) - Pentest-Ground is a free playground with deliberately vulnerable web applications and network services.
534 |
535 | #### Honeyhots
536 |
537 | * [DecoyMini](https://github.com/decoymini/DecoyMini/) - A highly scalable, safe, free enterprise honeypots
538 |
539 | #### CTF challenges
540 | * [Vulnhub](https://www.vulnhub.com/) - VulnHub provides materials allowing anyone to gain practical hands-on experience with digital security, computer applications and network administration
541 | * [TryHackMe](https://tryhackme.com/) - TryHackMe is a free online platform for learning cyber security, using hands-on exercises and labs, all through your browser!
542 | * [Hackthebox](https://www.hackthebox.com/) - Hack The Box is a massive, online cybersecurity training platform, allowing individuals, companies, universities and all kinds of organizations around the world to level up their hacking skills.
543 | * [Root Me](https://www.root-me.org/) - Root Me allows everyone to test and improve their knowledge in computer security and hacking.
544 | * [Pentestit](https://lab.pentestit.ru/) - Penetration testing laboratories "Test lab" emulate an IT infrastructure of real companies and are created for a legal pen testing and improving penetration testing skills
545 | * [Pentesterlab](https://pentesterlab.com/) - Learn Web Penetration Testing: The Right Way
546 | * [Cyberseclabs](https://www.cyberseclabs.co.uk/) - At CyberSecLabs, we aim to provide secure, high-quality training services that allow information security students the opportunity to safely learn and practice penetration testing skills.
547 | * [Web Security Academy](https://portswigger.net/web-security) - Free, online web security training from the creators of Burp Suite
548 | * [Vulnmachines](https://www.vulnmachines.com/) - A place to learn and improve penetration testing/ethical hacking skills for FREE
549 |
550 | ### Excellent project
551 | * [Rawsec's CyberSecurity Inventory](https://inventory.raw.pm/tools.html#title-tools-osint-and-reconnaissance) - An inventory of tools and resources about CyberSecurity.
552 | * [All-Defense-Tool](https://github.com/guchangan1/All-Defense-Tool) - A List for Defense Tools.
553 | * [Awesome-POC](https://github.com/Threekiii/Awesome-POC) - A POC knowledge base of various vulnerabilities.
554 |
--------------------------------------------------------------------------------
/logo.png:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/arch3rPro/PentestTools/7a87b83a48f92ed644d7a173ff1fc5633ef34fec/logo.png
--------------------------------------------------------------------------------
/svg/Docker.svg:
--------------------------------------------------------------------------------
1 |
3 |
--------------------------------------------------------------------------------
/svg/Windows.svg:
--------------------------------------------------------------------------------
1 |
--------------------------------------------------------------------------------
/svg/chrome.svg:
--------------------------------------------------------------------------------
1 |
--------------------------------------------------------------------------------
/svg/linux.svg:
--------------------------------------------------------------------------------
1 |
--------------------------------------------------------------------------------
/svg/mac.svg:
--------------------------------------------------------------------------------
1 |
--------------------------------------------------------------------------------