A curated list of penetration testing and ethical hacking tools, organized by category. This compilation includes tools from Kali Linux and other notable sources.
-
Updated
Jun 27, 2026
A curated list of penetration testing and ethical hacking tools, organized by category. This compilation includes tools from Kali Linux and other notable sources.
AI-powered penetration testing assistant for automating recon, note-taking, and vulnerability analysis.
PolarDNS is a specialized authoritative DNS server suitable for penetration testing and vulnerability research.
Penetration Testing AI Assistant based on open source LLMs.
Moodle community-based vulnerability scanner
Barcha is your Swiss‑Army knife for SQL Injection reconnaissance 🔍. Written in Go, it automates: Shodan enumeration of SSL hosts 🕵️♂️ Liveness & redirect checks (ignores bad certs) 🔄 Automated Ghauri tests for each host 🛡️ SQLite logging of every scan 🔖
Aura-sec is a simple, fast, and extensible network port scanner built with Python. Designed for security professionals, students, and enthusiasts, Aura-sec makes it easy to scan network hosts for open ports and services. The tool is lightweight and user-friendly, making it ideal for both learning and practical network security tasks.
🆘 Precompiled binaries for Ghostpack and other for Windows and Linux.
Hunting Pro is a powerful subdomain enumeration and URL extraction tool designed for security professionals.
A collection of awesome penetration testing and offensive cybersecurity resources.
AI-powered automated penetration testing agent. Finds and exploits vulnerabilities in web apps, WordPress, and REST APIs using Claude AI with Tor routing.
reversync is a secure, asynchronous Python reverse shell framework using SSL and asyncio for remote command execution.
The Advanced Web Vulnerability Scanner is a modular, Python-based tool designed to scan websites for common application layer web vulnerabilities.
AI-driven autonomous penetration testing platform — unifies recon, vulnerability scanning, exploitation, and reporting into one CLI. Real agentic decision-making, not scripted automation. 100% free and open source.
Abdal JS2PDF Injector is a powerful tool for injecting JavaScript code into PDF files. Designed for penetration testers, PDF developers, and cybersecurity researchers to test, simulate, and manipulate client-side PDF behavior.
An autonomous, AI-powered offensive security framework. DrogonClaw uses an unrestricted ReAct engine to dynamically chain reconnaissance, exploitation, and post-exploitation workflows within isolated, ephemeral sandboxes.
A production-ready command-line assistant built in Python for security enthusiasts. It helps users perform basic reconnaissance, analyze logs, find hardcoded secrets, and learn penetration testing methodologies through intelligent tool recommendations.
Network Reconnaissance tool for enumerating services, protocols and ports.
A Python wrapper around impacket that runs multiple enumeration scripts against a target domain in a single command, with shared credentials, per-script extra flags, and an optional per-script timeout.
DOSTiger is a Python-based, configurable, command-line DOS tool for Denial of Service pentesting.
Add a description, image, and links to the penetration-testing-tool topic page so that developers can more easily learn about it.
To associate your repository with the penetration-testing-tool topic, visit your repo's landing page and select "manage topics."