Explore a comprehensive collection of resources and tools for penetration testing. Covering various domains, including web applications, network infrastructure, IoT, and more, this repository is your one-stop destination to enhance your penetration testing skills.
Whether you're a novice or an experienced professional, these resources will empower you to secure diverse systems effectively.
| No. | DevSecOps Aspect | No. | Directory Name |
|---|---|---|---|
| 1 | Web Application Security | 09 | Active Directory Security |
| 2 | API Security | 10 | Infrastructure Security |
| 3 | Mobile Application Security | 11 | Threat Modeling |
| 4 | Thick Client Application Security | 12 | IoT Security |
| 5 | Source Code Review | 13 | OSINT (Open Source Intelligence) |
| 6 | Network Security | 14 | Blockchain Security |
| 7 | Wi-Fi Security | 15 | CI/CD Pipeline Security |
| 8 | Cloud Security | 16 | Docker Container Security |
| 9 | DevSecOps |
| No. | DevSecOps Aspect | Description |
|---|---|---|
| 1 | Web Application Security | Assess and secure web applications for vulnerabilities. |
| 2 | API Security | Test and enhance the security of APIs and microservices. |
| 3 | Mobile Application Security | Evaluate the security of mobile apps and devices. |
| 4 | Thick Client Application Security | Assess thick client applications for security issues. |
| 5 | Source Code Review | Analyze source code to identify and rectify vulnerabilities. |
| 6 | Network Security | Secure networks by identifying and addressing weaknesses. |
| 7 | Wi-Fi Network Security | Evaluate the security of Wi-Fi networks and access points. |
| 8 | Cloud Security | Assess the security of cloud-based systems and services. |
| 9 | Active Directory Security | Evaluate the security of Active Directory environments. |
| 10 | Infrastructure Security | Secure the underlying IT infrastructure and assets. |
| 11 | Threat Modeling | Model and assess threats to enhance system security. |
| 12 | IoT Security | Identify and mitigate vulnerabilities in IoT devices. |
| 13 | OSINT (Open Source Intelligence) | Gather intelligence from open sources for security analysis. |
| 14 | Blockchain Security | Assess blockchain systems for security and compliance. |
| 15 | CI/CD Pipeline Security | Evaluate the security of continuous integration pipelines. |
| 16 | Docker Container Security | Secure Docker containers and containerized applications. |
| 17 | DevSecOps | Integrate security practices throughout the DevOps lifecycle. |
| Category | Tools |
|---|---|
| Web App Pentesting | Burp Suite Pro 🌐, OWASP ZAP 🌐, Nmap 🌐, Nikto 🌐, Acunetix, HCL-AppScan 🌐, Wfuzz 🌐, SQLMap 🌐, Amass 🌐, NetSparker 🌐, Fortify-WebInspect 🌐 |
| Mobile App Pentesting | Android:: MobSF 📱, Frida 📱, APKTool 📱, JADX 📱, AndroidStudio/Genymotion 📱, Drozer 📱, Magisk Root 📱, APKX 📱, mitmproxy 📱, Objection 📱, adb 📱 iOS:: MobSF 📱, Frida 📱, Objection 📱, Cycript 📱, iOS Hook 📱, Needle 📱, Class-dump 📱, Burp Suite Mobile Assistant 📱, SSL Kill Switch 2 📱, iMazing 📱 |
| API Pentesting | Postman 📡, Insomnia 📡, Burp Suite Pro 📡, OWASP Amass 📡, 42Crunch API Security 📡, Swagger Inspector 📡, Kite Runner 📡, SecApps Intercept 📡 |
| Secure Code Review | SonarQube 🔐, Snyk 📡,Semgrep 🔐, Checkmarx 🔐, Veracode 🔐, Fortify-WorkbencAudit 🔐, CodeQL 🔐, Bandit 🔐, FindSecBugs 🔐, Gitleaks 🔐 |
| Thick Client Pentesting | Fiddler 💻, Burp Suite Pro 💻, dnSpy 💻, IDA Pro 💻, Ghidra 💻, Process Explorer 💻, CFF Explorer 💻, OllyDbg 💻, x64dbg 💻, Wireshark 💻 |
| Network Pentesting | Nmap 🌐, Wireshark 🌐, Metasploit Framework 🌐, Nessus 🌐, OpenVAS 🌐, Responder 🌐, CrackMapExec 🌐, BloodHound 🌐, Netcat 🌐, Bettercap 🌐 |
| Cloud Security | Prowler ☁️, ScoutSuite ☁️, CloudSploit ☁️, Pacu ☁️, Steampipe ☁️, CloudMapper ☁️, NCC Group Scout ☁️, kube-bench ☁️ |
| Container Security | Trivy 🐳, Aqua Microscanner 🐳, Clair 🐳, Anchore 🐳, Docker Bench 🐳, kube-hunter 🐳, Falco 🐳, Sysdig 🐳, Snyk 🐳 |
Following are the list of contributors who have contributed to this project.
Read for Contribution CONTRIBUTING.md.
