Powered by

# Penetration Testing: Tools and Resources

# Phishing

  • gophish - Open-Source Phishing Toolkit
  • AdvPhishing - This is Advance Phishing Tool! OTP PHISHING
  • SocialFish - Educational Phishing Tool & Information Collector
  • Zphisher *An automated phishing tool with 30+ templates. This Tool is made for educational purposes only! The author will not be responsible for any misuse of this toolkit.
  • Nexphisher *Advanced Phishing tool for Linux & Termux### Vulnerability Analysis

# Vulnerability Analysis

# Fuzzing

  • httpX *httpx is a fast and multi-purpose HTTP toolkit that allows running multiple probes using the retryablehttp library.

# Vulnerability Scanner

  • Struts-Scan *Struts2 vulnerability detection and utilization tools
  • Nikto *Nikto is an Open Source (GPL) web server scanner that performs comprehensive tests against web servers for multiple items
  • W3af *Web application attack and audit framework, the open source web vulnerability scanner
  • Openvas *The world's most advanced Open Source vulnerability scanner and manager
  • Openvas Docker
  • Archery - Open Source Vulnerability Assessment and Management helps developers and pentesters perform scans and manage vulnerabilities
  • Taipan - Web application vulnerability scanner
  • Arachni - Web Application Security Scanner Framework
  • Nuclei - Fast and customizable vulnerability scanner based on simple YAML-based DSL.
  • Xray - A passive-vulnerability-scanner Tool.
  • Super-Xray - Web Vulnerability Scanner XRAY GUI Starter
  • SiteScan - All-in-One Website Information Gathering Tools for pentest.
  • Banli - High-risk asset identification and high-risk vulnerability scanner.
  • vscan - Open Source Vulnerability Scanner.
  • Wapiti - Web vulnerability scanner written in Python3.
  • Scaninfo - Fast scan for red tools.
  • osv-scanner - Vulnerability scanner written in Go which uses the data provided by https://osv.dev
  • Afrog - A Vulnerability Scanning Tools For Penetration Testing
  • OpalOPC - A vulnerability and misconfiguration scanner for OPC UA applications

Introducing SharpWSUS

Pentest Ad Dark SVG

Scapy Cheat Sheet

ParrotOS Vulnerability Analysis in Linux (Google Play)

Active Directory Basics

Sub3Suite - Open Source Cross-Platform Intelligence Gathering Tool

CrowdStrike Community Tools

Clever malvertising attack uses Punycode to look like KeePass's official website - Clever malvertising attack uses Punycode to look like KeePass's official website

10 Cybersecurity Startups To Watch From Black Hat 2023 - 10 Cybersecurity Startups To Watch From Black Hat 2023

# Penetration Testing: Resources

PTF - Pentest Tools Framework - A framework for penetration testing tools.

Vulscan - Advanced Vulnerability Scanning with Nmap NSE - A tool for advanced vulnerability scanning using Nmap NSE.

LIFARS - Python Penetration Testing Cheat Sheet - A Python penetration testing cheat sheet.

Network Share Permissions PowerHuntShares - Information about network share permissions and PowerHuntShares.

Offensive Security - Macro Weaponization - Resources related to macro weaponization in penetration testing.

OpenCTI - Cyber Threat Intelligence Platform - Information about the OpenCTI Cyber Threat Intelligence Platform.

P&CT - Securing OT Systems Against Cyber Attacks - Information about securing OT systems against cyber attacks.

SecurityWeek - Adobe Releases Open Source Anomaly Detection Tool (OSAS) - Details about Adobe's open source anomaly detection tool.

US-CERT CISA - ICS Advisories - ICS advisories from US-CERT CISA.

GitHub - PenTesting Bible

Vulscan - Advanced Vulnerability Scanning with Nmap NSE

Overlord - Red Teaming Tool - An article on the Overlord tool for red teaming.

© Copyright 2025. All rights reserved Romane Devezeaux de Lavergne