Awesome Penetration Testing

A collection of awesome penetration testing and offensive cybersecurity resources.

Penetration testing is the practice of launching authorized, simulated attacks against computer systems and their physical infrastructure to expose potential security weaknesses and vulnerabilities. Should you discover a vulnerability, please follow this guidance to report it responsibly.

Your contributions and suggestions are heartily♥ welcome. (✿◕‿◕). Please check the Contributing Guidelines for more details. This work is licensed under a Creative Commons Attribution 4.0 International License.

This project is supported by Netsparker Web Application Security Scanner

Contents

• Android Utilities
• Anonymity Tools
  • Tor Tools
• Anti-virus Evasion Tools
• Books
  • Malware Analysis Books
• CTF Tools
• Cloud Platform Attack Tools
• Collaboration Tools
• Conferences and Events
  • Asia
  • Europe
  • North America
  • South America
  • Zealandia
• Exfiltration Tools
• Exploit Development Tools
• File Format Analysis Tools
• GNU/Linux Utilities
• Hash Cracking Tools
• Hex Editors
• Industrial Control and SCADA Systems
• Intentionally Vulnerable Systems
  • Intentionally Vulnerable Systems as Docker Containers
• Lock Picking
• macOS Utilities
• Multi-paradigm Frameworks
• Network Tools
  • DDoS Tools
  • Network Reconnaissance Tools
  • Protocol Analyzers and Sniffers
  • Network Traffic Replay and Editing Tools
  • Proxies and Machine-in-the-Middle (MITM) Tools
  • Transport Layer Security Tools
  • Wireless Network Tools
• Network Vulnerability Scanners
  • Web Vulnerability Scanners
• Open Sources Intelligence (OSINT)
  • Data broker and search engine services
  • Dorking tools
  • Email search and analysis tools
  • Metadata harvesting and analysis
  • Network device discovery tools
  • OSINT Online Resources
  • Source code repository searching tools
  • Web application and resource analysis tools
• Online Resources
  • Online Code Samples and Examples
  • Online Exploit Development Resources
  • Online Lock Picking Resources
  • Online Operating Systems Resources
  • Online Penetration Testing Resources
  • Other Lists Online
  • Penetration Testing Report Templates
• Operating System Distributions
• Periodicals
• Physical Access Tools
• Privilege Escalation Tools
  • Password Spraying Tools
• Reverse Engineering
  • Reverse Engineering Books
  • Reverse Engineering Tools
• Security Education Courses
• Shellcoding Guides and Tutorials
• Side-channel Tools
• Social Engineering
  • Social Engineering Books
  • Social Engineering Online Resources
  • Social Engineering Tools
• Static Analyzers
• Steganography Tools
• Vulnerability Databases
• Web Exploitation
  • Intercepting Web proxies
  • Web file inclusion tools
  • Web injection tools
  • Web path discovery and bruteforcing tools
  • Web shells and C2 frameworks
  • Web-accessible source code ripping tools
  • Web Exploitation Books
• Windows Utilities

Android Utilities

• cSploit - Advanced IT security professional toolkit on Android featuring an integrated Metasploit daemon and MITM capabilities.
• Fing - Network scanning and host enumeration app that performs NetBIOS, UPnP, Bonjour, SNMP, and various other advanced device fingerprinting techniques.

Anonymity Tools

• I2P - The Invisible Internet Project.
• Metadata Anonymization Toolkit (MAT) - Metadata removal tool, supporting a wide range of commonly used file formats, written in Python3.
• What Every Browser Knows About You - Comprehensive detection page to test your own Web browser's configuration for privacy and identity leaks.

Tor Tools

See also awesome-tor.

• Nipe - Script to redirect all traffic from the machine to the Tor network.
• OnionScan - Tool for investigating the Dark Web by finding operational security issues introduced by Tor hidden service operators.
• Tails - Live operating system aiming to preserve your privacy and anonymity.
• Tor - Free software and onion routed overlay network that helps you defend against traffic analysis.
• dos-over-tor - Proof of concept denial of service over Tor stress test tool.
• kalitorify - Transparent proxy through Tor for Kali Linux OS.

Anti-virus Evasion Tools

• AntiVirus Evasion Tool (AVET) - Post-process exploits containing executable files targeted for Windows machines to avoid being recognized by antivirus software.
• CarbonCopy - Tool that creates a spoofed certificate of any online website and signs an Executable for AV evasion.
• Hyperion - Runtime encryptor for 32-bit portable executables ("PE .exes").
• Shellter - Dynamic shellcode injection tool, and the first truly dynamic PE infector ever created.
• UniByAv - Simple obfuscator that takes raw shellcode and generates Anti-Virus friendly executables by using a brute-forcable, 32-bit XOR key.
• Veil - Generate metasploit payloads that bypass common anti-virus solutions.
• peCloakCapstone - Multi-platform fork of the peCloak.py automated malware antivirus evasion tool.

Books

See also DEF CON Suggested Reading.

• Advanced Penetration Testing by Wil Allsopp, 2017
• Advanced Penetration Testing for Highly-Secured Environments by Lee Allen, 2012
• Advanced Persistent Threat Hacking: The Art and Science of Hacking Any Organization by Tyler Wrightson, 2014
• Android Hacker's Handbook by Joshua J. Drake et al., 2014
• BTFM: Blue Team Field Manual by Alan J White & Ben Clark, 2017
• Black Hat Python: Python Programming for Hackers and Pentesters by Justin Seitz, 2014
• Bug Hunter's Diary by Tobias Klein, 2011
• Car Hacker's Handbook by Craig Smith, 2016
• Effective Software Testing, 2021
• Fuzzing: Brute Force Vulnerability Discovery by Michael Sutton et al., 2007
• Metasploit: The Penetration Tester's Guide by David Kennedy et al., 2011
• Penetration Testing: A Hands-On Introduction to Hacking by Georgia Weidman, 2014
• Penetration Testing: Procedures & Methodologies by EC-Council, 2010
• Professional Penetration Testing by Thomas Wilhelm, 2013
• RTFM: Red Team Field Manual by Ben Clark, 2014
• The Art of Exploitation by Jon Erickson, 2008
• The Art of Network Penetration Testing, 2020
• The Basics of Hacking and Penetration Testing by Patrick Engebretson, 2013
• The Database Hacker's Handbook, David Litchfield et al., 2005
• The Hacker Playbook by Peter Kim, 2014
• The Mac Hacker's Handbook by Charlie Miller & Dino Dai Zovi, 2009
• The Mobile Application Hacker's Handbook by Dominic Chell et al., 2015
• Unauthorised Access: Physical Penetration Testing For IT Security Teams by Wil Allsopp, 2010
• Violent Python by TJ O'Connor, 2012
• iOS Hacker's Handbook by Charlie Miller et al., 2012

Malware Analysis Books

See awesome-malware-analysis § Books.

CTF Tools

• CTF Field Guide - Everything you need to win your next CTF competition.
• Ciphey - Automated decryption tool using artificial intelligence and natural language processing.
• RsaCtfTool - Decrypt data enciphered using weak RSA keys, and recover private keys from public keys using a variety of automated attacks.
• ctf-tools - Collection of setup scripts to install various security research tools easily and quickly deployable to new machines.
• shellpop - Easily generate sophisticated reverse or bind shell commands to help you save time during penetration tests.

Cloud Platform Attack Tools

See also HackingThe.cloud.

• Cloud Container Attack Tool (CCAT) - Tool for testing security of container environments.
• CloudHunter - Looks for AWS, Azure and Google cloud storage buckets and lists permissions for vulnerable buckets.
• Cloudsplaining - Identifies violations of least privilege in AWS IAM policies and generates a pretty HTML report with a triage worksheet.
• Endgame - AWS Pentesting tool that lets you use one-liner commands to backdoor an AWS account's resources with a rogue AWS account.
• GCPBucketBrute - Script to enumerate Google Storage buckets, determine what access you have to them, and determine if they can be privilege escalated.

Collaboration Tools

• Dradis - Open-source reporting and collaboration tool for IT security professionals.
• Hexway Hive - Commercial collaboration, data aggregation, and reporting framework for red teams with a limited free self-hostable option.
• Lair - Reactive attack collaboration framework and web application built with meteor.
• Pentest Collaboration Framework (PCF) - Open source, cross-platform, and portable toolkit for automating routine pentest processes with a team.
• Reconmap - Open-source collaboration platform for InfoSec professionals that streamlines the pentest process.
• RedELK - Track and alarm about Blue Team activities while providing better usability in long term offensive operations.

Conferences and Events

• BSides - Framework for organising and holding security conferences.
• CTFTime.org - Directory of upcoming and archive of past Capture The Flag (CTF) competitions with links to challenge writeups.

Asia

• HITB - Deep-knowledge security conference held in Malaysia and The Netherlands.
• HITCON - Hacks In Taiwan Conference held in Taiwan.
• Nullcon - Annual conference in Delhi and Goa, India.
• SECUINSIDE - Security Conference in Seoul.

Europe

• 44Con - Annual Security Conference held in London.
• BalCCon - Balkan Computer Congress, annually held in Novi Sad, Serbia.
• BruCON - Annual security conference in Belgium.
• CCC - Annual meeting of the international hacker scene in Germany.
• DeepSec - Security Conference in Vienna, Austria.