enaqx/awesome-pentest

Awesome Penetration Testing is a large, community-maintained directory of tools and resources used in penetration testing, the practice of deliberately attacking computer systems (with permission) to find security weaknesses before malicious hackers do. Think of it as a comprehensive toolkit catalog for cybersecurity professionals. This is primarily aimed at security researchers, ethical hackers, and IT professionals who are learning or practicing offensive security, meaning they study how attacks work in order to build better defenses. It's not for casual users, and it's important to note that many of these tools should only be used on systems you own or have explicit authorization to test. The list covers an enormous breadth of the security field: network scanning and vulnerability analysis tools, web application attack tools (for finding SQL injection, cross-site scripting, and other common vulnerabilities), tools for password cracking, social engineering resources (tricking people rather than systems), malware analysis techniques, reverse engineering tools for understanding how software works at a low level, mobile security utilities for Android and iOS, physical security tools including lock picking, and anonymity tools. It also includes educational resources, books, online courses, security conferences to attend, and deliberately vulnerable practice systems you can set up to safely practice attack techniques in a legal environment. For founders building security products or developers wanting to understand what attackers look for, this is a useful map of the security landscape. For anyone building web applications, the web exploitation and vulnerability scanner sections alone give a clear picture of what threats your product needs to be hardened against.