The OWASP Mobile Application Security Testing Guide (MASTG) is a comprehensive manual for mobile app security testing and reverse engineering. It describes technical processes for verifying the OWA…

Python 12,874 2,733 Updated May 10, 2026

aboul3la / Sublist3r

Fast subdomains enumeration tool for penetration testers

Python 10,918 2,203 Updated Aug 2, 2024

AlessandroZ / LaZagne

Credentials recovery project

Python 10,812 2,113 Updated Sep 18, 2025

yutiansut / QUANTAXIS

QUANTAXIS 支持任务调度分布式部署的股票/期货/期权数据/回测/模拟/交易/可视化/多账户纯本地量化解决方案

Python 10,454 3,345 Updated Feb 28, 2026

malwaredllc / byob

An open-source post-exploitation framework for students, researchers and developers.

Python 9,467 2,159 Updated May 9, 2026

n1nj4sec / pupy

Pupy is an opensource, cross-platform (Windows, Linux, OSX, Android) C2 and post-exploitation framework written in python and C

Python 8,975 1,856 Updated Mar 22, 2024

TheKingOfDuck / fuzzDicts

You Know, For WEB Fuzzing !

Python 8,290 2,480 Updated Nov 13, 2023

Jrohy / multi-v2ray

v2ray/xray多用户管理部署程序

Python 6,994 2,364 Updated Feb 24, 2024

trustedsec / ptf

The Penetration Testers Framework (PTF) is a way for modular support for up-to-date tools.

Python 5,511 1,283 Updated Sep 22, 2024

rootphantomer / Blasting_dictionary

爆破字典

Python 5,269 2,857 Updated Mar 21, 2022

zhzyker / exphub

Exphub[漏洞利用脚本库] 包括Webloigc、Struts2、Tomcat、Nexus、Solr、Jboss、Drupal的漏洞利用脚本，最新添加CVE-2020-14882、CVE-2020-11444、CVE-2020-10204、CVE-2020-10199、CVE-2020-1938、CVE-2020-2551、CVE-2020-2555、CVE-2020-2883、CVE-…

Python 4,279 1,091 Updated Apr 4, 2021

RUB-NDS / PRET

Printer Exploitation Toolkit - The tool that made dumpster diving obsolete.

Python 4,246 648 Updated Aug 2, 2024

guelfoweb / knockpy

Knock Subdomain Scan

Python 4,162 880 Updated Feb 19, 2026

knownsec / pocsuite3

pocsuite3 is an open-sourced remote vulnerability testing framework developed by the Knownsec 404 Team.

Python 3,841 780 Updated Feb 28, 2025

LandGrey / pydictor

A powerful and useful hacker dictionary builder for a brute-force attack

Python 3,626 649 Updated Dec 5, 2024

lijiejie / subDomainsBrute

A fast sub domain brute tool for pentesters

Python 3,609 1,007 Updated Sep 15, 2022

nathanlopez / Stitch

Python Remote Administration Tool (RAT)

Python 3,597 706 Updated Jan 4, 2024

swisskyrepo / SSRFmap

Automatic SSRF fuzzer and exploitation tool

Python 3,542 564 Updated Sep 4, 2025

H4ckForJob / dirmap

An advanced web directory & file scanning tool that will be more powerful than DirBuster, Dirsearch, cansina, and Yu Jian.一个高级web目录、文件扫描工具，功能将会强于DirBuster、Dirsearch、cansina、御剑。

Python 3,361 557 Updated Oct 21, 2025

Threezh1 / JSFinder

JSFinder is a tool for quickly extracting URLs and subdomains from JS files on a website.

Python 2,929 422 Updated Nov 24, 2021

flipkart-incubator / Astra

Automated Security Testing For REST API's

Python 2,646 412 Updated Jun 5, 2024

coffeehb / Some-PoC-oR-ExP

各种漏洞poc、Exp的收集或编写

Python 2,497 967 Updated Jun 24, 2025

lijiejie / BBScan

A fast vulnerability scanner helps pentesters pinpoint possibly vulnerable targets from a large number of web servers

Python 2,368 582 Updated Dec 31, 2024

0xn0ne / weblogicScanner

weblogic 漏洞扫描工具。目前包含对以下漏洞的检测能力：CVE-2014-4210、CVE-2016-0638、CVE-2016-3510、CVE-2017-3248、CVE-2017-3506、CVE-2017-10271、CVE-2018-2628、CVE-2018-2893、CVE-2018-2894、CVE-2018-3191、CVE-2018-3245、CVE-2018-32…

Python 2,070 334 Updated Nov 24, 2023

yzddmr6 / WebCrack

WebCrack是一款web后台弱口令/万能密码批量检测工具，在工具中导入后台地址即可进行自动化检测。

Python 2,046 332 Updated Sep 7, 2021

easy-p Underwood12

Starred repositories

reverse-shell

C