Nous sélectionnons les dépôts GitHub open-source correspondant à « hack ». Les résultats sont classés par pertinence par rapport à votre recherche — utilisez les filtres ci-dessous pour affiner, ou utilisez l'IA.
This project is a WPA Wi-Fi cracking toolkit designed for capturing authentication handshakes and recovering WPA/WPA2 passwords. It provides specialized utilities for scanning wireless networks, obfuscating hardware addresses, and generating password lists to facilitate security audits. The toolkit differentiates itself through a focused workflow that combines handshake capture tools with a password wordlist generator. It enables the interception of the four-way authentication process between wireless clients and access points and utilizes these captured credentials for recovery via dictionar
This Wi-Fi cracking toolkit is a specialized penetration testing tool for wireless security and password cracking, but it does not cover the broader features like network scanning, vulnerability exploitation, or web application testing that the search expects.
The framework is a comprehensive penetration testing platform designed for the development, testing, and execution of security exploits. It serves as a research toolkit and automated assessment environment, enabling security professionals to identify and validate vulnerabilities within networked systems and infrastructure through repeatable, standardized procedures. The platform distinguishes itself through a modular architecture that supports reflective payload injection, allowing for the execution of code directly in memory without writing to disk. It utilizes an asynchronous event loop to
Metasploit is the industry-standard penetration testing framework, providing exploit development, vulnerability scanning, and automated assessment capabilities that exactly match your need for an offensive security toolkit.
Modlishka is a man-in-the-middle reverse proxy framework designed for automated phishing campaigns. It dynamically generates valid TLS certificates for target domains, aggregates traffic from multiple domains through a single proxy, and injects custom scripts into proxied responses. The framework operates transparently without requiring client-side certificate installation and relays two-factor authentication steps to capture secondary verification tokens. What sets Modlishka apart is its ability to automate the entire credential theft process. It logs all form submissions, headers, and cooki
Modlishka is a focused MITM phishing framework for credential theft and social engineering campaigns, making it a valid offensive security toolkit even though it does not cover the broader set of penetration testing features like network scanning or vulnerability exploitation.
Hijacker is a Wi-Fi security auditing suite designed for scanning wireless networks, capturing traffic, and recovering credentials. It provides a set of tools for detecting nearby access points and clients, intercepting WPA handshakes, and recovering WPA and WEP passwords. The project features a visual security audit interface that allows for the execution of specialized tools without using a command-line terminal. It includes a dedicated WPS pin recovery tool for extracting access point pins using pixie-dust attacks via external adapters. The toolkit covers network reconnaissance, including
Hijacker is a dedicated Wi-Fi security auditing suite that handles wireless network scanning, handshake capture, and credential recovery (WPA/WEP), fitting your need for an offensive security tool but limited to wireless testing rather than a comprehensive penetration testing framework.
fsociety is a penetration testing framework and security tool orchestrator designed to conduct full security audits. It functions as a wrapper that integrates external security binaries into a unified, menu-driven interface, providing a centralized system for command-line parameter mapping and execution. The project distinguishes itself by organizing specialized utilities into domain-specific collections for structured navigation. It automates the transition between different phases of an audit by chaining reconnaissance and exploitation tools through sequential workflow automation. The fram
fsociety is a penetration testing framework that orchestrates a wide range of security tools for network scanning, exploitation, web and wireless testing, and password cracking, directly matching the intent for a comprehensive offensive security toolkit.
Wifiphisher is a modular security framework designed for wireless penetration testing and social engineering auditing. It functions as a platform for security professionals to assess the resilience of Wi-Fi networks by simulating unauthorized access, performing man-in-the-middle interceptions, and executing credential-harvesting scenarios. The tool distinguishes itself through its ability to combine rogue access point deployment with dynamic phishing interfaces. By forcing wireless clients to associate with deceptive infrastructure, the framework can capture network metadata and inject it int
Wifiphisher is a modular framework purpose-built for wireless penetration testing and social engineering auditing, so it is an offensive security toolkit, but its focus is limited to Wi-Fi attack and phishing rather than covering the broader set of penetration testing features you listed.
AllHackingTools is a security tool orchestrator and suite designed to install, update, and manage a wide array of third-party hacking and security utilities from a single command interface. It functions as a centralized hub for network analysis, open source intelligence, penetration testing, and social engineering tools. The project provides specialized frameworks for gathering open source intelligence and searching for user profiles across social platforms. It includes toolkits for network reconnaissance, vulnerability scanning, and the execution of security exploits, as well as a social eng
AllHackingTools is a centralized installer and manager for a wide range of hacking and security utilities, covering network scanning, exploitation, password cracking, web testing, wireless attacks, and social engineering — exactly the kind of toolkit this search is after.
Wifiphisher is a Python wireless attack framework and rogue access point toolkit designed for wireless network interception and the deployment of phishing gateways. It functions as a wireless deauthentication tool and a phishing system that serves deceptive web pages to capture user credentials. The framework is distinguished by a modular attack scenario system that allows the integration of custom Python modules to implement specialized phishing workflows. It employs adaptive phishing interfaces that use user-agent headers and environment data to render pages that mimic specific operating sy
Wifiphisher is a wireless attack framework focused on phishing and rogue access points, which fits the penetration testing and social engineering aspects of your query, but it is a specialized tool rather than a comprehensive framework covering all requested features.
This project is a comprehensive cybersecurity tool collection designed to support security research, penetration testing, and vulnerability assessment. It functions as a unified penetration testing suite, providing a centralized environment where professionals can access a wide range of offensive security utilities to identify system weaknesses and study attack vectors. The platform distinguishes itself through a modular architecture that aggregates disparate security scripts into a single, hierarchical command-line interface. It simplifies the management of these utilities by integrating ext
z4nzu/hackingtool is a modular cybersecurity toolkit that bundles a wide range of offensive security utilities—covering web, wireless, and password attacks—into a unified command-line interface, making it a practical resource for penetration testing, though it functions more as a tool aggregator than a standalone framework.
The Social-Engineer Toolkit is a social engineering framework and penetration testing suite designed to simulate human-centric security attacks. It serves as a phishing simulation tool and credential harvesting utility to evaluate personnel awareness and organizational resilience. The toolkit provides specialized tooling for phishing campaign testing and credential theft simulation. It enables the creation of deceptive emails and landing pages to identify vulnerabilities in how users handle sensitive account information. The system includes capabilities for security awareness training and br
The Social-Engineer Toolkit is a penetration testing framework specialized in social engineering attacks like phishing and credential harvesting, making it a valid tool for ethical hacking but limited to human-centric testing rather than the full range of network scanning, exploitation, or web application testing you need.
Fscan is an automated penetration testing tool designed for internal network reconnaissance and vulnerability assessment. It functions as a comprehensive security framework that maps network infrastructure, identifies active hosts and services, and detects security weaknesses across internal environments. The tool distinguishes itself through a modular plugin architecture that allows for extensible security checks and a stateful asset tracking system that maintains an in-memory registry of discovered infrastructure. It incorporates a dedicated credential brute-force engine for testing passwor
Fscan is an automated penetration testing framework focused on internal network reconnaissance, vulnerability detection, and credential brute-forcing, which fits your search for an offensive security toolkit but is narrower in scope — lacking wireless security testing and social engineering tools.
This project is a wireless network security toolkit designed for monitoring wireless traffic and exploiting vulnerabilities in network authentication protocols. It provides a suite of tools for scanning networks, capturing authentication handshakes, and testing the security of wireless access points. The toolkit includes a password wordlist generator to create custom lists for offline key recovery and a handshake cracker to recover encrypted keys using brute-force methods. It also features a vulnerability scanner specifically for testing the security of the Wireless Protected Setup pin system
This is a wireless network security toolkit that covers Wi-Fi scanning, handshake capture, and WPS testing, fitting the ethical hacking category but limited to one attack surface rather than the full penetration testing scope you're looking for.
Seeker is a social engineering location tool and browser geolocation capture system. It provides a framework for capturing precise GPS coordinates and device metadata by hosting deceptive webpages that prompt users for location permissions. The project includes an HTML phishing template engine for deploying custom or predefined website clones designed to trick users into granting sensitive permissions. It further utilizes a device fingerprinting tool to collect hardware specifications, operating system details, and screen resolution from visiting clients. The system incorporates network reco
Seeker is a focused social engineering tool for GPS location phishing and device fingerprinting, which fits your need for ethical hacking tools, though it is limited to that single attack vector rather than covering the full range of penetration testing features you listed.
airgeddon is a bash-based wireless network audit suite and security toolkit for Linux. It serves as a framework for testing wireless vulnerabilities and verifying network configurations across various encryption standards, including WPA, WEP, and WPS. The project functions as an orchestration layer that integrates a collection of third-party wireless security tools. It features a modular approach to attack vectorization, coordinating tasks such as evil twin simulations with captive portals, WPA handshake interception, and the execution of WPS vulnerability tests. Its capabilities cover a bro
Airgeddon is a Bash-based wireless network audit suite and security toolkit that focuses on testing wireless vulnerabilities (WPA/WEP/WPS) and includes features like evil twin attacks and handshake capture, making it a targeted penetration testing tool for wireless security, but it does not cover broader features like network scanning, web application testing, or social engineering.
BeEF is a modular security testing environment designed for browser exploitation and web application auditing. It functions as a platform for security professionals to evaluate client-side defenses by injecting persistent scripts into web browsers, establishing a bidirectional communication channel for remote command execution and data exfiltration. The framework distinguishes itself through its ability to use compromised browser sessions as proxies to conduct internal network reconnaissance, effectively bypassing perimeter security controls. It utilizes an event-driven control interface and
BeEF is a browser-focused penetration testing framework that excels at client-side exploitation and social engineering, making it a valid offensive security toolkit, though it does not cover network scanning, password cracking, or wireless testing.
Nmap is a command-line network security scanner and reconnaissance framework designed for infrastructure mapping and security auditing. It functions as a packet crafting utility that probes target systems to identify active hosts, detect open ports, and determine the services and operating systems running on a network. The tool distinguishes itself through its ability to perform raw socket packet injection and stateful connection tracking, allowing it to bypass standard operating system networking stacks. It utilizes an asynchronous concurrency model to manage large-scale network scans and em
Nmap is a network scanning and reconnaissance tool that is a staple in ethical hacking and penetration testing, but it focuses exclusively on network discovery and does not directly address vulnerability exploitation, password cracking, or web application testing.
RouterSploit is an embedded device exploitation framework and vulnerability scanner designed to identify and exploit security flaws in networked embedded hardware and firmware. It provides a centralized toolkit for scanning for known weaknesses and common misconfigurations to gain unauthorized system access. The framework includes an architecture-specific payload generator to create custom binary payloads tailored to the target hardware. It also features an automated brute force tool that uses dictionary-based credential guessing to bypass authentication on hardware devices. The tool covers
RouterSploit is a specialized penetration testing framework focused on exploiting vulnerabilities in embedded devices and routers, making it a genuine but narrow fit for your security-assessment toolkit search—it covers exploitation and credential brute-forcing well, but lacks broader web, wireless, and social-engineering features.
Maskphish is a comprehensive security toolkit that integrates capabilities for digital forensics, network vulnerability scanning, open-source intelligence, penetration testing, and social engineering. It functions as a multi-purpose framework for automating reconnaissance and executing security audits across diverse network environments. The project features a specialized phishing and social engineering toolkit used for cloning websites, masking URLs, and deploying deceptive pages to capture user credentials. It also includes a remote access Trojan builder for generating platform-specific exe
Maskphish is a specialized security toolkit that bundles phishing, social engineering, and basic scanning capabilities, making it a valid offensive security tool for ethical hacking, but it lacks the breadth of network scanning, exploitation, and wireless testing that a full penetration testing framework would offer.
Bjorn is a penetration testing framework that automates network scanning, credential brute-forcing, vulnerability assessment, and data exfiltration, all coordinated through an event-driven task pipeline and controlled via a web-based dashboard. Its modular plugin architecture allows independent security modules to be loaded and chained together, with an asynchronous network scanner discovering live hosts and open ports without blocking the main execution flow. The framework distinguishes itself by integrating a credential brute-force engine that systematically attempts login combinations agai
Bjorn is a Python-based penetration testing framework that automates network scanning, credential brute-forcing, and vulnerability assessment through an event-driven pipeline and web dashboard, squarely matching the offensive security toolkit category, though it does not explicitly cover web application testing, wireless testing, or social engineering tools.
Lockdoor-Framework is a modular penetration testing suite designed to facilitate comprehensive security assessments through a centralized command-line interface. It functions as an integrated platform for reconnaissance, vulnerability scanning, and the exploitation of target systems, providing a unified environment for managing complex security workflows. The framework distinguishes itself through a modular plugin architecture that allows for the extension of core capabilities without modifying the underlying codebase. It incorporates an automated reconnaissance pipeline to map attack surface
Lockdoor Framework is a Python-based penetration testing framework that bundles offensive security tools and resources, directly matching the search for open-source pentesting frameworks, though the description does not detail coverage of every specified feature like password cracking or wireless testing.
Kali NetHunter is a mobile penetration testing platform designed to run security assessment and network auditing tools directly on Android hardware. It provides a specialized environment for performing vulnerability research, wireless network analysis, and security testing on both local and remote systems. The platform functions by deploying a full Linux distribution alongside the host mobile operating system, utilizing filesystem isolation and overlay integration to maintain access to system resources. It enables direct interaction with mobile hardware by bypassing standard application restr
Kali NetHunter is a mobile penetration testing platform built on Kali Linux, providing a comprehensive suite of security testing tools for Android devices, which fits the requirement for an offensive security framework.
Empire is a post-exploitation command-and-control (C2) framework designed for red team operations. It deploys and manages agents written in PowerShell, Python, C#, Go, and C across Windows, Linux, and macOS, using encrypted communication channels over HTTP, HTTPS, and SMB. The framework executes over 400 built-in modules for reconnaissance, privilege escalation, credential theft, and lateral movement, and provides a modular engine for authoring custom attack modules. What sets Empire apart is its multi-language agent deployment system, which allows operators to choose implants that suit each
Empire is a post-exploitation C2 framework used in red team operations, which places it in the penetration testing / offensive security category, but its focus on post-exploitation means it does not cover the broader range of assessment features like network scanning, web testing, or social engineering.
Havoc is a post-exploitation framework used for red team operations. It provides a centralized command and control system for managing remote agents through persistent network connections and customizable communication profiles. The framework focuses on security evasion and stealth, utilizing indirect syscall execution, return address spoofing, and hardware-breakpoint patching to bypass endpoint detection and response tools. It includes a payload generation workflow to create executable shellcode or DLLs for initial remote access. The system covers a broad range of operational capabilities,
Havoc is a dedicated post-exploitation and command-and-control framework for red team operations, fitting the offensive security toolkit category, but it is specialized in the later phases of a penetration test and does not cover the broader set of features like network scanning, exploitation, or web application testing you are looking for.
w3af is a web penetration testing suite and security audit framework designed to identify and exploit vulnerabilities in web applications. It functions as a vulnerability scanner that crawls targets to find injection points and a fuzzer used to discover hidden endpoints and test input validation. The project distinguishes itself by providing an intercepting HTTP proxy for capturing and modifying traffic, combined with a knowledge-base driven exploitation system. It enables the execution of security exploits to gain remote shell access and supports post-exploitation activities, such as routing
w3af is a web application penetration testing framework that focuses on identifying and exploiting vulnerabilities in web applications, making it a genuine but narrower fit for the desired offensive security toolkit—it covers web testing and exploitation well but lacks explicit network scanning, password cracking, wireless, or social engineering tools.
CrackMapExec is a network penetration testing framework and automated security scanner designed to assess security postures across large IP ranges. It functions as a multi-protocol security scanner and network protocol auditor used to identify vulnerabilities and misconfigurations. The tool provides capabilities for Active Directory auditing to enumerate users and permissions, as well as post-exploitation enumeration to gather system metadata and discover lateral movement paths. It includes a framework for credential spraying and harvesting across various network services. The system utilize
CrackMapExec is a specialized network penetration testing framework for Active Directory environments, credential auditing, and lateral movement, which directly serves the ethical hacking and security assessment intent, though it lacks built-in web application, wireless, or social engineering features.
This project is a post-exploitation framework and privilege escalation script suite designed to scan local system configurations for security gaps. It serves as a system enumeration toolset used to identify paths for gaining higher administrative privileges on a target host. The suite incorporates capabilities for security penetration testing and vulnerability assessment reporting. It uses shell-based system enumeration and pattern-based vulnerability matching to detect misconfigurations, while employing heuristic-based permission analysis to evaluate system flags. Findings are gathered thro
This privilege escalation script suite is a focused post-exploitation tool for system enumeration and gaining higher privileges, directly relevant to security assessment but limited to local privilege escalation rather than the broad coverage of network scanning, web app testing, or wireless testing.
Empire is a command and control framework and post-exploitation toolkit used for network penetration testing. It serves as a centralized platform for coordinating remote agent communication and automating the delivery of security testing payloads to target systems. The project provides a suite of modules for host reconnaissance, lateral movement, and credential harvesting across corporate environments. It functions as a remote administration tool to maintain persistence and execute commands on compromised hosts. The framework incorporates capabilities for agent orchestration and the executio
Empire is a command-and-control framework and post-exploitation toolkit designed for network penetration testing, making it a genuine offensive security tool—though it specializes in post-exploitation rather than covering every feature like network scanning or web app testing directly.
Viper is a command and control infrastructure manager and post-exploitation framework designed for adversary attack simulation and security assessment. It functions as an orchestrator for penetration testing, combining a system for managing compromised hosts across multiple operating systems with tools for security workflow automation. The platform is distinguished by its use of large language model agents to coordinate red team tasks, automate data processing, and provide intelligent decision support. It includes a network pivot visualizer that uses directional graphs to map relationships an
Viper is a command-and-control and post-exploitation framework for red team operations, fitting the penetration testing category, but it focuses on orchestration and post-exploitation rather than the broad range of features like network scanning, exploitation, or wireless testing you listed.