P

pentest

C.A.R.P. is a pentest tool that delivers a remote, browser-in-the-browser experience for multi-campaign phishing, credential capture, and session hijacking (bypassing MFA). A target user visits a campaign URL they see a full-screen browser (noVNC + Firefox) that loads a target site you configure (e.g. a login page). Each visitor gets their own isolated Docker container, so sessions don’t mix. Keystrokes are logged per session, and you manage everything (campaigns, sessions, keylogs, idle timeouts) from a single Admin UI.

Natas teaches the basics of serverside web-security. Each level of natas consists of its own website located at http://natasX.natas.labs.overthewire.org, where X is the level number. There is no SSH login. To access a level, enter the username for that level (e.g. natas0 for level 0) and its password.

Lab Docker dựng CMS Made Simple 2.2.5 (Wawa) và tái hiện CVE-2018-1000094 (authenticated RCE). Bao gồm hướng dẫn setup, PoC, và tài liệu kiểm thử.

Simple project using JS using front-end and back-end to check JWT tokens for vulnerable JWT (HMAC-SHA tokens with weak passwords) with dictionary attacks

Uso de VANTS e Drones para Pentest de Wireless

Un script avancé d’audit de sécurité et de pentesting alliant furtivité, détection adaptative, intelligence de vulnérabilités et analyses OS pour une évaluation réseau exhaustive. Conçu pour les professionnels, il allie automatisation et précision pour répondre aux environnements les plus complexes.

Ce projet documente les étapes d'installation et de configuration d'Exegol et de Portainer avec Docker sur un environnement Arch Linux, spécialement adapté pour Hyprland. Il fournit un script automatisé et des instructions détaillées pour simplifier l'installation sur cette distribution, avec des captures d'écran à chaque étape clé.

PyPortBot - is a simple port scanner based on nmap that anylyzes open ports with Ollama

Pentesting workshops - https://sansnom.org/ateliers-pentest/

Donut is a Python 3 app for SECURITY TESTING PURPOSES ONLY!

Donut is an HTTP DoS Test Tool

Attack Vector exploited: HTTP Keep Alive + NoCache

XSS is a simple shell tool developed to test Cross-Site Scripting (XSS) vulnerabilities on websites.

MagicArch is a comprehensive post-installation script built with Ansible, designed to transform a basic Arch Linux installation into a fully equipped Pentesting Distro customized for pentesting and performance. With a focus on security assessments, customization, and performance optimization, MagicArch simplifies the setup process and ensures a tailored environment for pentesting tasks.

List of template vulnerability reports for web pentesting.

A ToolKit that automatically installs & configures all the Tools needed to turn your Daily Driver Linux Distro into a Pentesting Machine

Repositório sobre estudos, pesquisas e desenvolvimento para PenTest.

Documentation and cheatsheets about CTF and pentest.