## Upcoming: - AI/ML Pentesting - Threat Modeling
🌐 Language

English

简体中文

繁體中文

日本語

한국어

हिन्दी

ไทย

Français

Deutsch

Español

Itapano

Русский

Português

Nederlands

Polski

العربية

فارسی

Türkçe

Tiếng Việt

Bahasa Indonesia

## Table of Contents | No. | Types of Pentesting | No. | Directory Name | | --- | --------------------------------------------------------------------------------------------------------------------------- | --- | ---------------------------------------------------------------------------------------------------------------------- | | 1 | [Web Application Security](https://github.com/m14r41/PentestingEverything/tree/main/Web%20Applications) | 11 | [Active Directory Security](https://github.com/m14r41/PentestingEverything/tree/main/Active%20Directory%20Pentesting) | | 2 | [API Security](https://github.com/m14r41/PentestingEverything/tree/main/API%20Pentesting) | 12 | [Infrastructure Security](https://github.com/m14r41/PentestingEverything/tree/main/Infrastucture%20Pentesting) | | 3 | [Mobile Application Security](https://github.com/m14r41/PentestingEverything/tree/main/Mobile%20Pentesting) | 13 | [Threat Modeling](https://github.com/m14r41/PentestingEverything/tree/main/Threat%20Model) | | 4 | [Thick Client Application Security](https://github.com/m14r41/PentestingEverything/tree/main/Thick%20Client%20Pentesting) | 14 | [IoT Security](https://github.com/m14r41/PentestingEverything/tree/main/iOT%20Pentesting) | | 5 | [Source Code Review](https://github.com/m14r41/PentestingEverything/tree/main/Secure%20Code%20Review) | 15 | [OSINT (Open Source Intelligence)](https://github.com/m14r41/PentestingEverything/tree/main/OSINT) | | 6 | [Network Security](https://github.com/m14r41/PentestingEverything/tree/main/Network%20Pentesting) | 16 | [Blockchain Security](https://github.com/m14r41/PentestingEverything/tree/main/BlockChain%20Pentesting) | | 7 | [Wi-Fi Security](https://github.com/m14r41/PentestingEverything/tree/main/Wifi%20Pentesting) | 17 | [CI/CD Pipeline Security](https://github.com/m14r41/PentestingEverything/tree/main/CI-CD%20Pentesting) | | 8 | [Cloud Security](https://github.com/m14r41/PentestingEverything/tree/main/Cloud%20Pentesting) | 18 | [Docker Container Security](https://github.com/m14r41/PentestingEverything/tree/main/DockerContainer%20Pentesting) | | 9 | [DevSecOps](https://github.com/m14r41/PentestingEverything/tree/main/DevSecOps) | 19 | [Phishing Penetration Testing](https://github.com/m14r41/PentestingEverything/tree/main/Phishing%20Penetration%20Testing) | | 10 | [Configuration Review](https://github.com/m14r41/PentestingEverything/tree/main/Configuration%20Review) | 20 | [Forensic Analysis](https://github.com/m14r41/PentestingEverything/tree/main/Forensic) | --- | No. | Types of Pentesting | Description | | --- | ------------------------------------------------------------------------------------------------------------------------------- | ------------------------------------------------------------- | | 1 | [Web Application Security](https://github.com/m14r41/PentestingEverything/tree/main/Web%20Applications) | Assess and secure web applications for vulnerabilities. | | 2 | [API Security](https://github.com/m14r41/PentestingEverything/tree/main/API%20Pentesting) | Test and enhance the security of APIs and microservices. | | 3 | [Mobile Application Security](https://github.com/m14r41/PentestingEverything/tree/main/Mobile%20Pentesting) | Evaluate the security of mobile apps and devices. | | 4 | [Thick Client Application Security](https://github.com/m14r41/PentestingEverything/tree/main/Thick%20Client%20Pentesting) | Assess thick client applications for security issues. | | 5 | [Source Code Review](https://github.com/m14r41/PentestingEverything/tree/main/Secure%20Code%20Review) | Analyze source code to identify and rectify vulnerabilities. | | 6 | [Network Security](https://github.com/m14r41/PentestingEverything/tree/main/Network%20Pentesting) | Secure networks by identifying and addressing weaknesses. | | 7 | [Wi-Fi Network Security](https://github.com/m14r41/PentestingEverything/tree/main/Wifi%20Pentesting) | Evaluate the security of Wi-Fi networks and access points. | | 8 | [Cloud Security](https://github.com/m14r41/PentestingEverything/tree/main/Cloud%20Pentesting) | Assess the security of cloud-based systems and services. | | 9 | [Active Directory Security](https://github.com/m14r41/PentestingEverything/tree/main/Active%20Directory%20Pentesting) | Evaluate the security of Active Directory environments. | | 10 | [Infrastructure Security](https://github.com/m14r41/PentestingEverything/tree/main/Infrastucture%20Pentesting) | Secure the underlying IT infrastructure and assets. | | 11 | [Threat Modeling](https://github.com/m14r41/PentestingEverything/tree/main/Threat%20Model) | Model and assess threats to enhance system security. | | 12 | [IoT Security](https://github.com/m14r41/PentestingEverything/tree/main/iOT%20Pentesting) | Identify and mitigate vulnerabilities in IoT devices. | | 13 | [OSINT (Open Source Intelligence)](https://github.com/m14r41/PentestingEverything/tree/main/OSINT) | Gather intelligence from open sources for security analysis. | | 14 | [Blockchain Security](https://github.com/m14r41/PentestingEverything/tree/main/BlockChain%20Pentesting) | Assess blockchain systems for security and compliance. | | 15 | [CI/CD Pipeline Security](https://github.com/m14r41/PentestingEverything/tree/main/CI-CD%20Pentesting) | Evaluate the security of continuous integration pipelines. | | 16 | [Docker Container Security](https://github.com/m14r41/PentestingEverything/tree/main/DockerContainer%20Pentesting) | Secure Docker containers and containerized applications. | | 17 | [DevSecOps](https://github.com/m14r41/PentestingEverything/tree/main/DevSecOps) | Integrate security practices throughout the DevOps lifecycle. | | 18 | [Phishing Penetration Testing](https://github.com/m14r41/PentestingEverything/tree/main/Phishing%20Penetration%20Testing) | Simulate and analyze phishing attacks for awareness training. | | 19 | [Configuration Review](https://github.com/m14r41/PentestingEverything/tree/main/Configuration%20Review) | Examine and verify system configurations for security issues. | | 20 | [Forensic Analysis](https://github.com/m14r41/PentestingEverything/tree/main/Forensic) | Investigate and analyze digital evidence post-incident. | ---

🛡️ Pentesting & Tools 🛡️

40 Plus Type of Security Assessment Tools

--- # Penetration Testing and Tools | **Category** | **Tools** | | -------------------------------------- | ---------------------------------------------------------------------------------------------------------------------------------------------------------------- | | **Web Application Pentesting** | Acunetix, Burp Suite Professional, Dirb, FFUF, Nmap, Nikto, Nuclei, OWASP ZAP, SQLMap, WhatWeb, WPScan, Invicti (Netsparker), Fortify WebInspect | | **Android Security** | adb, APKTool, Apkscan, AndroBugs, Android Studio / Genymotion, AppMon, Dexter/Objection (Objection), Drozer, Frida, Magisk, MITMProxy, MobSF, Quark Engine, JADX | | **iOS Security** | checkra1n, Class-dump, Frida, iMazing, iOS-decrypt, iOS-Hook, MobSF, Needle, Objection, Palera1n, Passionfruit, SSL Kill Switch 2, Cycript | | **API Pentesting** | Burp Suite Professional, GraphQL Raider, GraphQL Voyager, Insomnia, Kite Runner, Postman, Swagger UI | | **Secure Code Review** | Bandit, Checkmarx, CodeQL, FindSecBugs, Gitleaks, Semgrep, SonarQube, Snyk, Veracode, Fortify Static (Workbench/Audit) | | **Thick-Client Security** | Burp Suite Professional, dnSpy, de4dot, Fiddler, Ghidra, IDA Pro, OllyDbg, Process Explorer, x64dbg, CFF Explorer, Sysinternals Suite, Wireshark | | **Network Pentesting** | Bettercap, CrackMapExec, Metasploit, Netcat, Nessus, Nmap, OpenVAS, Responder, Wireshark | # Extended version | **Category** | **Tools** | | --------------------------------- | ---------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | | **Active Directory Pentesting** | **BloodHound**, **Mimikatz**, **CrackMapExec**, **Impacket**, **Kerbrute**, **Rubeus**, **LDAPDomainDump**, **SharpHound**, **PowerView**, **ADRecon** | | **Cloud Security** | **Prowler**, **ScoutSuite**, **CloudSploit**, **Pacu**, **Steampipe**, **CloudMapper**, **NCC Scout**, **kube-bench**, **Terrascan**, **KICS** | | **IoT Security** | **Firmwalker**, **Binwalk**, **Firmware-Mod-Kit**, **Shodan**, **RIOT**, **JTAGulator**, **Qiling**, **Ghidra**, **Avatar2**, **Firmadyne** | | **Firewall Pentesting** | **hping3**, **NPing**, **Scapy**, **Zmap**, **firewalk**, **FTester**, **Nmap (Firewall Bypass)**, **Packet Sender**, **T50**, **Ettercap**, **TCPReplay** | | **Firmware Analysis** | **Binwalk**, **Firmware Analysis Toolkit (FAT)**, **QEMU**, **Ghidra**, **IDA Pro**, **Firmware-Mod-Kit**, **Radare2**, **Firmadyne** | | **Container Security** | **Trivy**, **Aqua Microscanner**, **Clair**, **Anchore**, **Docker Bench**, **kube-hunter**, **Falco**, **Sysdig**, **Snyk**, **Grype** | | **WiFi Pentesting** | **Aircrack-ng**, **Kismet**, **Bettercap**, **Reaver**, **Fluxion**, **Wireshark**, **hcxtools**, **Fern WiFi Cracker**, **Wifiphisher**, **Hashcat** | | **DevSecOps** | **GitHub Advanced Security**, **Trivy**, **Snyk**, **Anchore**, **OWASP Dependency-Check**, **Jenkins**, **Checkmarx**, **Veracode**, **Dagda**, **Sysdig Secure**, **Cloud Custodian**, **Bridgecrew**, **Kubescape** | | **OSINT** | **theHarvester**, **Maltego**, **SpiderFoot**, **Recon-ng**, **Shodan**, **FOCA**, **Google Dorks**, **OSINT Framework**, **GHunt**, **Sherlock**, **PhoneInfoga** | | **Configuration Review** | **Lynis**, **OpenSCAP**, **Auditd**, **Tripwire**, **cis-cat Pro**, **Chef InSpec**, **Prowler**, **Kubescape** | | **Phishing Simulation** | **GoPhish**, **SET**, **Evilginx2**, **Phishery**, **King Phisher**, **Modlishka**, **Phishing Frenzy** | | **Forensics** | **Autopsy**, **Volatility**, **Sleuth Kit**, **FTK Imager**, **Redline**, **Magnet AXIOM**, **X-Ways**, **Bulk Extractor**, **ExifTool** | | **Blockchain Security** | **Mythril**, **Slither**, **Manticore**, **Remix IDE**, **Oyente**, **SmartCheck**, **Echidna**, **Tenderly** | | **Threat Modeling** | **Microsoft TMT**, **OWASP Threat Dragon**, **IriusRisk**, **SeaSponge**, **Draw.io**, **Pytm** | | **Red Team Tools** | **Cobalt Strike**, **Sliver**, **Mythic**, **Empire**, **Metasploit**, **Brute Ratel**, **Koadic**, **FudgeC2**, **Nishang**, **PowerShell Empire** | | **Blue Team Tools** | **Velociraptor**, **Wazuh**, **OSQuery**, **GRR**, **Sysmon**, **CrowdStrike Falcon**, **Elastic Security**, **Sigma Rules** | | **SIEM & Log Analysis** | **Splunk**, **ELK Stack**, **Graylog**, **Wazuh**, **AlienVault OSSIM**, **SIEMonster**, **Logstash**, **Fluentd**, **Loki**, **Falco**, **Humio**, **Kibana**, **Loggly**, **Logz.io** | | **Password Cracking** | **Hashcat**, **John the Ripper**, **Hydra**, **CrackStation**, **Cain & Abel**, **Medusa**, **THC-Hydra** | | **Reverse Engineering** | **Ghidra**, **IDA Pro**, **x64dbg**, **OllyDbg**, **Binary Ninja**, **Radare2**, **Cutter** | | **Hardware Hacking** | **ChipWhisperer**, **Saleae Logic**, **OpenOCD**, **JTAGulator**, **Bus Pirate**, **Flashrom**, **Arduino**, **Raspberry Pi**, **RTL-SDR** | | **Social Engineering** | **SET**, **BeEF**, **King Phisher**, **Evilginx / Evilginx2**, **Modlishka**, **EyeWitness**, **PhishToolkit**, **PhishX**, **Psychological Frameworks (Pretexting, Elicitation)** | | **SCADA/ICS Security** | **Snort**, **Wireshark**, **ModScan**, **ModbusPal**, **Scadafence**, **OpenPLC**, **GasPot**, **Conpot**, **PLCScan** | | **Supply Chain Security** | **Snyk**, **OWASP Dependency-Check**, **Trivy**, **Syft**, **Grype**, **CycloneDX**, **Whitesource**, **Anchore Engine** | | **Email Security Testing** | **GoPhish**, **Modlishka**, **SMTPTester**, **MailSniper**, **Evilginx2**, **Phish5**, **Email Header Analyzer** | | **Mobile Malware Analysis** | **APKTool**, **MobSF**, **Jadx**, **Frida**, **VirusTotal Mobile**, **Droidbox**, **Bytecode Viewer**, **Drozer**, **Quark-Engine** | | **AI/ML Security** | **Adversarial Robustness Toolbox (ART)**, **TextAttack**, **Foolbox**, **IBM AI Explainability 360**, **CleverHans**, **Alibi Detect**, **SecML**, **DeepExploit** | | **Security Automation / SOAR** | **StackStorm**, **Cortex XSOAR**, **Shuffle**, **DFIR-IR-Playbook**, **Phantom Cyber**, **Tines** | | **Bug Bounty Toolkit** | **Amass**, **Sublist3r**, **Nuclei**, **HTTPX**, **Naabu**, **FFUF**, **GF**, **Dalfox**, **Kiterunner**, **Hakrawler**, **JSParser**, **ParamSpider** | | **Credential Dumping & Cracking** | **LaZagne**, **Mimikatz**, **Hashcat**, **John the Ripper**, **Windows Credential Editor**, **CrackMapExec**, **GetNPUsers.py** | | **Payload Generation** | **MSFVenom**, **Unicorn**, **Shellter**, **Veil**, **Nishang**, **Empire**, **Obfuscation.io**, **Metasploit**, **Donut** | | **Honeypots / Deception** | **Cowrie**, **Dionaea**, **Kippo**, **Honeyd**, **T-Pot**, **Conpot**, **Canarytokens**, **Artillery** | | **MacOS Security** | **KnockKnock**, **BlockBlock**, **OSXCollector**, **Objective-See Suite**, **MacMonitor**, **Little Snitch**, **Dylib Hijack Scanner** | | **Windows Post-Exploitation** | **PowerView**, **Seatbelt**, **SharpUp**, **WinPEAS**, **Sherlock**, **Empire**, **FireEye Red Team Tools**, **SharpHound** | | **Linux Post-Exploitation** | **LinPEAS**, **Linux Exploit Suggester**, **pspy**, **Chkrootkit**, **rkhunter**, **bashark**, **GTFOBins**, **Sudomy** | | **Browser Security Testing** | **BeEF**, **XSStrike**, **XSSer**, **Burp Collaborator**, **NoScript**, **uBlock Origin**, **Chrome Developer Tools** | --- ## 👨‍💻👩‍💻 Contributors ✨👨‍💻👩‍💻 >I appreciate your interest in contributing! please read [Contribution Guidelines](https://github.com/m14r41/PentestingEverything/blob/master/CONTRIBUTING.md). >A heartfelt thanks to the amazing individuals for their contributions to this project. You can view [emoji key](https://allcontributors.org/docs/en/emoji-key) to see the various ways you can contribute!
Marko Živanović
Marko Živanović
🔧		 Madhurendra kumar
Madhurendra kumar
💻		 0xanon
0xanon
💻		 InfoBugs
InfoBugs
💻		 Ratnesh kumar
Ratnesh kumar
💻		 Chandrabhushan Kumar
Chandrabhushan Kumar
💻		 Satya Prakash
Satya Prakash
💻 👀
Wei Lin
Wei Lin
🌍
--- ## Star History [![Star History Chart](https://api.star-history.com/svg?repos=m14r41/PentestingEverything&type=Timeline)](https://star-history.com/#m14r41/PentestingEverything&Timeline) ---

Support:

m14r41