11 रिपॉजिटरी
Tools for automating the discovery and exploitation of security weaknesses.
Distinguishing note: Focuses on network-facing application security.
Explore 11 awesome GitHub repositories matching security & cryptography · Penetration Testing Frameworks. Refine with filters or upvote what's useful.
This project is an automated security testing suite designed to detect and exploit database vulnerabilities. It functions as a command-line utility that streamlines the identification, verification, and exploitation of web application flaws by automating the injection of malicious payloads into input parameters. The tool provides a comprehensive framework for database enumeration, allowing users to extract schema information, user data, and system configurations from identified injection points. What distinguishes this tool is its sophisticated engine for dynamic payload adaptation and heuris
Streamlines the discovery and exploitation of security weaknesses in network-facing applications.
Zphisher is a security testing framework designed for conducting authorized social engineering assessments and penetration testing. It functions as a credential harvesting simulator that enables security professionals to evaluate organizational defenses and user awareness by deploying deceptive login interfaces. The platform automates the creation of realistic web pages through dynamic template rendering and provides tools to mask destination addresses. It integrates reverse proxy tunneling to expose local testing services to the public internet, allowing for remote access during security aud
Automates the deployment of deceptive web interfaces and link redirection tools for security control evaluation.
OWASP ZAP is a dynamic application security testing tool and intercepting HTTP proxy used to find vulnerabilities in web applications. It functions as a penetration testing framework that enables both automated security scanning and manual security testing of running web services. The tool provides a suite of capabilities for analyzing web applications from the outside in, including the ability to capture and modify traffic between a browser and a target application. It is designed to integrate into DevSecOps pipelines to provide consistent security checks across different environments.
Provides a comprehensive framework for automating the discovery and exploitation of web security weaknesses.
Routersploit is a penetration testing framework designed for the security assessment of embedded network devices and routers. It functions as a comprehensive tool for auditing hardware configurations and testing network protocols to identify and verify security vulnerabilities. The framework utilizes a modular plugin architecture that allows for the dynamic loading of exploit and scanner modules. It provides a centralized command interface that manages target state and executes controlled payloads, enabling the automation of security testing across diverse network hardware. The platform cove
Acts as a comprehensive penetration testing framework for automating the discovery and verification of exploits across network hardware.
PentestGPT is an autonomous security testing framework that leverages large language models to plan, execute, and coordinate end-to-end penetration testing engagements. By functioning as an autonomous agent, the system automates the entire testing lifecycle, from initial reconnaissance and vulnerability analysis to the generation of custom exploits and the execution of post-exploitation tasks. The platform distinguishes itself through a multi-agent orchestration system that coordinates specialized AI agents to collaborate on complex, multi-stage attack chains. It integrates multimodal context
Automates the entire penetration testing lifecycle by interpreting tool output and generating context-aware exploitation strategies.
CrackMapExec is a network penetration testing framework and automated security scanner designed to assess security postures across large IP ranges. It functions as a multi-protocol security scanner and network protocol auditor used to identify vulnerabilities and misconfigurations. The tool provides capabilities for Active Directory auditing to enumerate users and permissions, as well as post-exploitation enumeration to gather system metadata and discover lateral movement paths. It includes a framework for credential spraying and harvesting across various network services. The system utilize
Provides a comprehensive framework for automating the discovery and exploitation of security weaknesses in internal networks.
Commix is an automated tool for detecting and exploiting OS command injection vulnerabilities in web applications. It probes user-supplied input vectors with heuristic test payloads, analyzes response differences to identify injection points, and then automates the execution of arbitrary operating system commands on the target server. The tool distinguishes itself through a multi-layer filter bypass engine that evaluates input constraints independently per filter type and composes tailored evasion strategies into a single payload. A modular payload tamper pipeline transforms raw injection str
Enumerates system information, reads and writes files, and manages session-persistent exploitation state on target servers.
Bjorn is a penetration testing framework that automates network scanning, credential brute-forcing, vulnerability assessment, and data exfiltration, all coordinated through an event-driven task pipeline and controlled via a web-based dashboard. Its modular plugin architecture allows independent security modules to be loaded and chained together, with an asynchronous network scanner discovering live hosts and open ports without blocking the main execution flow. The framework distinguishes itself by integrating a credential brute-force engine that systematically attempts login combinations agai
An automated security assessment tool that scans networks, exploits vulnerabilities, and exfiltrates data.
w3af is a web penetration testing suite and security audit framework designed to identify and exploit vulnerabilities in web applications. It functions as a vulnerability scanner that crawls targets to find injection points and a fuzzer used to discover hidden endpoints and test input validation. The project distinguishes itself by providing an intercepting HTTP proxy for capturing and modifying traffic, combined with a knowledge-base driven exploitation system. It enables the execution of security exploits to gain remote shell access and supports post-exploitation activities, such as routing
Provides a comprehensive suite for automating the discovery and exploitation of web security weaknesses.
Exphub एक CVE एक्सप्लॉइट स्क्रिप्ट लाइब्रेरी और एंटरप्राइज़ सॉफ़्टवेयर वल्नेरेबिलिटी सूट है, जिसे WebLogic, Struts2, Tomcat और JBoss जैसे सर्वर एनवायरनमेंट में ज्ञात सुरक्षा खामियों को सत्यापित और एक्सप्लॉइट करने के लिए डिज़ाइन किया गया है। यह रिमोट कोड एक्जीक्यूशन टूलकिट और वेब शेल डिप्लॉयमेंट फ्रेमवर्क के रूप में कार्य करता है, जिसका उपयोग अनधिकृत कमांड एक्जीक्यूशन को ट्रिगर करने और रिमोट सिस्टम पर पर्सिस्टेंट एक्सेस स्थापित करने के लिए किया जाता है। इस प्रोजेक्ट में आंतरिक नेटवर्क टोही (reconnaissance) के लिए विशेष यूटिलिटीज शामिल हैं, विशेष रूप से ओपन पोर्ट्स और सेवाओं को स्कैन करने के लिए सर्वर-साइड रिक्वेस्ट फोर्जरी का उपयोग करना। यह एक्सेस कंट्रोल को बायपास करने और अनधिकृत फ़ाइल रीड और अपलोड करने के लिए मैकेनिज्म भी प्रदान करता है। यह सूट वल्नेरेबिलिटी असेसमेंट, पेनेट्रेशन टेस्टिंग और सुरक्षा खामियों की उपस्थिति की पुष्टि करने के लिए प्रूफ-ऑफ़-कॉन्सेप्ट स्क्रिप्ट के निष्पादन सहित व्यापक क्षमता क्षेत्रों को कवर करता है।
Provides an automated framework for discovering and exploiting security weaknesses in enterprise software.
Maskphish is a comprehensive security toolkit that integrates capabilities for digital forensics, network vulnerability scanning, open-source intelligence, penetration testing, and social engineering. It functions as a multi-purpose framework for automating reconnaissance and executing security audits across diverse network environments. The project features a specialized phishing and social engineering toolkit used for cloning websites, masking URLs, and deploying deceptive pages to capture user credentials. It also includes a remote access Trojan builder for generating platform-specific exe
Functions as a comprehensive security toolkit for automating reconnaissance, vulnerability scanning, and exploitation across diverse network environments.