Analysis updated 2026-07-03
Look up techniques for any penetration testing phase, info gathering, exploitation, or privilege escalation, in one organized reference
Find OWASP-aligned web application testing checklists and database vulnerability notes for MySQL, PostgreSQL, MongoDB, and SQLite
Discover curated CTF platforms and security books for learning penetration testing and reverse engineering
Contribute your own notes or guides to expand the community knowledge base on testing techniques you specialize in
| nixawk/pentest-wiki | suanmosuanyangtechnology/memorybear | flasgger/flasgger | |
|---|---|---|---|
| Stars | 3,745 | 3,744 | 3,742 |
| Language | Python | Python | Python |
| Setup difficulty | easy | moderate | easy |
| Complexity | 1/5 | 3/5 | 2/5 |
| Audience | researcher | developer | developer |
Figures from each repo's GitHub metadata at analysis time.
Pentest-Wiki is a free, community-maintained knowledge library focused on security testing and research. It collects notes, guides, and references organized around the stages of a penetration test, which is the practice of trying to find and exploit weaknesses in a system with permission, in order to help the owner fix those weaknesses before a malicious attacker finds them. The content is structured around a typical testing workflow. It starts with information gathering, which covers techniques for learning about a target: looking up domain and DNS records, identifying live systems on a network, fingerprinting web applications, and using open-source intelligence methods. From there, it moves into vulnerability assessment, with sections on scanning tools, web application testing following OWASP guidelines, and database-specific weaknesses across MySQL, MongoDB, PostgreSQL, and SQLite. Later sections cover exploitation techniques for networks, operating systems, web applications, and wireless systems, followed by material on privilege escalation (getting higher levels of access once inside a system) and maintaining access. There is also a section on reporting, which is the formal write-up produced at the end of a penetration test. Beyond techniques, the repository includes a curated reading list: books on penetration testing, reverse engineering, malware analysis, network analysis, social engineering, and lock picking. There are also references to capture-the-flag (CTF) challenges, which are structured security puzzles used for practice and learning. The project welcomes contributions. Anyone can fork it and submit a pull request to add notes, correct information, or expand existing sections. It is positioned as a shared reference for security researchers and testers rather than a tool or piece of software to run.
Pentest-Wiki is a free community knowledge base covering the full penetration testing workflow, from information gathering and vulnerability scanning through exploitation, privilege escalation, and formal reporting.
Mainly Python. The stack also includes Python, Markdown.
License terms are not described in the explanation, check the repository directly before use.
Setup difficulty is rated easy, with roughly 5min to a first successful run.
Mainly researcher.
This repo across BitVibe Labs
Verify against the repo before relying on details.