P

pentest

Arducky - Arduino Ducky Script Interpreter

Engagement Tool Set

This is a project with scirpts for Kali Linux, Parrot OS and other pentesting systems

ISAF aims to be a framework that provides the necessary tools for the correct security audit of industrial (OT) environments.

Donut is a Python 3 app for SECURITY TESTING PURPOSES ONLY!

Donut is an HTTP DoS Test Tool

Attack Vector exploited: HTTP Keep Alive + NoCache

MagicArch is a comprehensive post-installation script built with Ansible, designed to transform a basic Arch Linux installation into a fully equipped Pentesting Distro customized for pentesting and performance. With a focus on security assessments, customization, and performance optimization, MagicArch simplifies the setup process and ensures a tailored environment for pentesting tasks.

PyPortBot - is a simple port scanner based on nmap that anylyzes open ports with Ollama

Un script avancé d’audit de sécurité et de pentesting alliant furtivité, détection adaptative, intelligence de vulnérabilités et analyses OS pour une évaluation réseau exhaustive. Conçu pour les professionnels, il allie automatisation et précision pour répondre aux environnements les plus complexes.

Repositório sobre estudos, pesquisas e desenvolvimento para PenTest.

Uso de VANTS e Drones para Pentest de Wireless

Lab Docker dựng CMS Made Simple 2.2.5 (Wawa) và tái hiện CVE-2018-1000094 (authenticated RCE). Bao gồm hướng dẫn setup, PoC, và tài liệu kiểm thử.

Natas teaches the basics of serverside web-security. Each level of natas consists of its own website located at http://natasX.natas.labs.overthewire.org, where X is the level number. There is no SSH login. To access a level, enter the username for that level (e.g. natas0 for level 0) and its password.

Opensource, cross-platform and portable toolkit for automating routine processes when carrying out various works for testing!

A lightweight Python library for binary exploitation. Simplifies local/remote process interaction, payload crafting, cyclic patterns, and debugging. Perfect for CTFs, learning exploitation, and fast Termux-friendly scripts.

C.A.R.P. is a pentest tool that delivers a remote, browser-in-the-browser experience for multi-campaign phishing, credential capture, and session hijacking (bypassing MFA). A target user visits a campaign URL they see a full-screen browser (noVNC + Firefox) that loads a target site you configure (e.g. a login page). Each visitor gets their own isolated Docker container, so sessions don’t mix. Keystrokes are logged per session, and you manage everything (campaigns, sessions, keylogs, idle timeouts) from a single Admin UI.

CryptoLyzer is a fast, flexible, and comprehensive server cryptographic protocol (TLS, SSL, SSH, DNSSEC) and related setting (HTTP headers, DNS records) analyzer and fingerprint (JA3, HASSH tag) generator with Python API and CLI.

Cryptographic protocol and security-related protocol piece parser.

This repository is just a mirror.