SecLists is the security tester's companion. It's a collection of multiple types of lists used during security assessments, collected in one place. List types include usernames, passwords, URLs, se…

PHP 66,800 24,752 Updated Nov 8, 2025

WerWolv / ImHex

🔍 A Hex Editor for Reverse Engineers, Programmers and people who value their retinas when working at 3 AM.

C++ 51,114 2,264 Updated Nov 1, 2025

rapid7 / metasploit-framework

Metasploit Framework

Ruby 36,853 14,611 Updated Nov 6, 2025

robertdavidgraham / masscan

TCP port scanner, spews SYN packets asynchronously, scanning entire Internet in under 5 minutes.

C 25,043 3,178 Updated Jun 5, 2025

bettercap / bettercap

The Swiss Army knife for 802.11, BLE, HID, CAN-bus, IPv4 and IPv6 networks reconnaissance and MITM attacks.

Go 18,345 1,586 Updated Oct 27, 2025

jpillora / chisel

A fast TCP/UDP tunnel over HTTP

Go 15,225 1,539 Updated Sep 14, 2025

laramies / theHarvester

E-mails, subdomains and names Harvester - OSINT

Python 14,891 2,338 Updated Nov 6, 2025

juice-shop / juice-shop

OWASP Juice Shop: Probably the most modern and sophisticated insecure web application

TypeScript 11,949 15,010 Updated Nov 6, 2025

redcanaryco / atomic-red-team

Small and highly portable detection tests based on MITRE's ATT&CK.

C 11,181 2,991 Updated Nov 6, 2025

HackTricks-wiki / hacktricks

Welcome to the page where you will find each trick/technique/whatever I have learnt in CTFs, real life apps, and reading researches and news.

JavaScript 10,503 2,930 Updated Nov 9, 2025

BishopFox / sliver

Adversary Emulation Framework

Go 10,198 1,393 Updated Nov 3, 2025

nccgroup / ScoutSuite

Multi-Cloud Security Auditing Tool

Python 7,413 1,158 Updated Sep 23, 2025

hfiref0x / UACME

Defeating Windows User Account Control

C 7,116 1,397 Updated Jul 8, 2025

KathanP19 / HowToHunt

Collection of methodology and test case for various web vulnerabilities.

6,792 1,864 Updated Jun 25, 2025

daffainfo / AllAboutBugBounty

All about bug bounty (bypasses, payloads, and etc)

6,498 1,233 Updated Sep 8, 2023

S1ckB0y1337 / Active-Directory-Exploitation-Cheat-Sheet

A cheat sheet that contains common enumeration and attack methods for Windows Active Directory.

6,370 1,308 Updated Mar 21, 2025

mandiant / capa

The FLARE team's open-source tool to identify capabilities in executable files.

Python 5,641 627 Updated Nov 7, 2025

vavkamil / awesome-bugbounty-tools

A curated list of various bug bounty tools

5,502 865 Updated Sep 19, 2025

rapid7 / metasploitable3

Metasploitable3 is a VM that is built from the ground up with a large amount of security vulnerabilities.

HTML 5,288 1,222 Updated Feb 13, 2025

lanmaster53 / recon-ng

Open Source Intelligence gathering tool aimed at reducing the time spent harvesting information from open sources.

Python 5,144 799 Updated Nov 1, 2024

opnsense / core

OPNsense GUI, API and systems backend

PHP 4,063 871 Updated Nov 7, 2025

nicocha30 / ligolo-ng

An advanced, yet simple, tunneling/pivoting tool that uses a TUN interface.

Go 4,029 393 Updated May 24, 2025

0x90n / InfoSec-Black-Friday

All the deals for InfoSec related software/tools this Black Friday

3,872 436 Updated Nov 29, 2024

leebaird / discover

Custom bash scripts used to automate various penetration testing tasks including recon, scanning, enumeration, and malicious payload creation using Metasploit. For use with Kali Linux.

Shell 3,758 867 Updated Nov 7, 2025

arainho / awesome-api-security

A collection of awesome API Security tools and resources. The focus goes to open-source tools and resources that benefit all the community.

Travis Fritz w0rm53r

Starred repositories

webapp-pentesting

advanced-web-application-pentesting

pentest-webapp

web-penetration-testing

penetration-testing

pentesting-windows

pentesters

mobile-pentest

pentest-scripts

pentesting-tools