| No. | Types of Pentesting | No. | Directory Name |
|---|---|---|---|
| 1 | Web Application Security | 11 | Active Directory Security |
| 2 | API Security | 12 | Infrastructure Security |
| 3 | Mobile Application Security | 13 | Threat Modeling |
| 4 | Thick Client Application Security | 14 | IoT Security |
| 5 | Source Code Review | 15 | OSINT (Open Source Intelligence) |
| 6 | Network Security | 16 | Blockchain Security |
| 7 | Wi-Fi Security | 17 | CI/CD Pipeline Security |
| 8 | Cloud Security | 18 | Docker Container Security |
| 9 | DevSecOps | 19 | Phishing Penetration Testing |
| 10 | Configuration Review | 20 | Forensic Analysis |
| No. | Types of Pentesting | Description |
|---|---|---|
| 1 | Web Application Security | Assess and secure web applications for vulnerabilities. |
| 2 | API Security | Test and enhance the security of APIs and microservices. |
| 3 | Mobile Application Security | Evaluate the security of mobile apps and devices. |
| 4 | Thick Client Application Security | Assess thick client applications for security issues. |
| 5 | Source Code Review | Analyze source code to identify and rectify vulnerabilities. |
| 6 | Network Security | Secure networks by identifying and addressing weaknesses. |
| 7 | Wi-Fi Network Security | Evaluate the security of Wi-Fi networks and access points. |
| 8 | Cloud Security | Assess the security of cloud-based systems and services. |
| 9 | Active Directory Security | Evaluate the security of Active Directory environments. |
| 10 | Infrastructure Security | Secure the underlying IT infrastructure and assets. |
| 11 | Threat Modeling | Model and assess threats to enhance system security. |
| 12 | IoT Security | Identify and mitigate vulnerabilities in IoT devices. |
| 13 | OSINT (Open Source Intelligence) | Gather intelligence from open sources for security analysis. |
| 14 | Blockchain Security | Assess blockchain systems for security and compliance. |
| 15 | CI/CD Pipeline Security | Evaluate the security of continuous integration pipelines. |
| 16 | Docker Container Security | Secure Docker containers and containerized applications. |
| 17 | DevSecOps | Integrate security practices throughout the DevOps lifecycle. |
| 18 | Phishing Penetration Testing | Simulate and analyze phishing attacks for awareness training. |
| 19 | Configuration Review | Examine and verify system configurations for security issues. |
| 20 | Forensic Analysis | Investigate and analyze digital evidence post-incident. |
| Category | Tools |
|---|---|
| Web Application Pentesting | Burp Suite Pro π, Acunetix π, HCL-AppScan π, Invicti Netsparker π, Fortify WebInspect π, WPScan π, Nikto π, Nuclei π, SQLMap π, OWASP ZAP π, Nmap π, Dirb π, FFUF π, WhatWeb π |
| Android Security | MobSF π±, Frida π±, APKTool π±, JADX-gui π±, Android Studio/Genymotion π±, Drozer π±, Magisk Root π±, Xposed Framework π±, APKX π±, mitmproxy π±, Objection π±, adb π±, AndroBugs π±, Quark Engine π±, AppMon π±, ApkScan π± |
| iOS Security | MobSF π², Frida π², Objection π², Chakar1n π², palera1n π², Cycript π², iOS Hook π², Needle π², Class-dump π², SSL Kill Switch 2 π², iMazing π², Passionfruit π², ios-decrypt π² |
| API Pentesting | Postman π‘, Burp Suite Pro π‘, Swagger UI π‘, Kite Runner π‘, Insomnia π‘, GraphQL Voyager π‘, GraphQL Raider π‘ |
| Secure Code Review | SonarQube π, Snyk π, Semgrep π, Fortify-Workbench Audit π, Checkmarx π, Veracode π, CodeQL π, Bandit π, FindSecBugs π, Gitleaks π |
| Thick Client Pentesting | Fiddler π», Sysinternals Suite π», dnSpy π», de4dot π», IDA Pro π», Process Explorer π», CFF Explorer π», OllyDbg π», x64dbg π», Ghidra π», Burp Suite Pro π», Wireshark π» |
| Network Pentesting | Nmap π, Wireshark π, Metasploit π, Nessus π, OpenVAS π, Responder π, CrackMapExec π, Netcat π, Bettercap π |
| Category | Tools |
|---|---|
| Active Directory Pentesting | BloodHound π’, Mimikatz π, CrackMapExec π’, Impacket π, Kerbrute π, Rubeus π, LDAPDomainDump π, SharpHound π΅οΈ, PowerView π, ADRecon π |
| Cloud Security | Prowler βοΈ, ScoutSuite βοΈ, CloudSploit βοΈ, Pacu βοΈ, Steampipe βοΈ, CloudMapper βοΈ, NCC Scout βοΈ, kube-bench βοΈ, Terrascan βοΈ, KICS βοΈ |
| IoT Security | Firmwalker π, Binwalk π, Firmware-Mod-Kit π, Shodan π, RIOT π, JTAGulator π, Qiling π, Ghidra π, Avatar2 π, Firmadyne π |
| Firewall Pentesting | hping3 π₯, NPing π₯, Scapy π₯, Zmap π₯, firewalk π₯, FTester π₯, Nmap (Firewall Bypass) π₯, Packet Sender π₯, T50 π₯, ETTERCAP π₯, TCPReplay π₯ |
| Firmware Analysis | Binwalk π, Firmware Analysis Toolkit (FAT) π, QEMU π, Ghidra π, IDA Pro π, Firmware-Mod-Kit π, Radare2 π, Firmadyne π |
| Container Security | Trivy π³, Aqua Microscanner π³, Clair π³, Anchore π³, Docker Bench π³, kube-hunter π³, Falco π³, Sysdig π³, Snyk π³, Grype π³ |
| WiFi Pentesting | Aircrack-ng πΆ, Kismet πΆ, Bettercap πΆ, Reaver πΆ, Fluxion πΆ, Wireshark πΆ, hcxtools πΆ, Fern WiFi Cracker πΆ, Wifiphisher πΆ, Hashcat πΆ |
| DevSecOps | GitHub Advanced Security π§, Trivy π§, Snyk π§, Anchore π§, OWASP DC π§, Jenkins π§, Checkmarx π§, Veracode π§, Dagda π§, Sysdig Secure π§, Cloud Custodian π§, Bridgecrew π§, Kubescape π§ |
| OSINT | theHarvester π΅οΈ, Maltego π΅οΈ, SpiderFoot π΅οΈ, Recon-ng π΅οΈ, Shodan π΅οΈ, FOCA π΅οΈ, Google Dorks π΅οΈ, OSINT Framework π΅οΈ, GHunt π΅οΈ, Sherlock π΅οΈ, PhoneInfoga π΅οΈ |
| Configuration Review | Lynis βοΈ, OpenSCAP βοΈ, Auditd βοΈ, Tripwire βοΈ, cis-cat Pro βοΈ, Chef InSpec βοΈ, Prowler βοΈ, Kubescape βοΈ |
| Phishing Simulation | GoPhish π―, SET π―, Evilginx2 π―, Phishery π―, King Phisher π―, Modlishka π―, Phishing Frenzy π― |
| Forensics | Autopsy π, Volatility π, Sleuth Kit π, FTK Imager π, Redline π, Magnet AXIOM π, X-Ways π, Bulk Extractor π, ExifTool π |
| Blockchain Security | Mythril βοΈ, Slither βοΈ, Manticore βοΈ, Remix IDE βοΈ, Oyente βοΈ, SmartCheck βοΈ, Echidna βοΈ, Tenderly βοΈ |
| Threat Modeling | Microsoft TMT π§ , OWASP Threat Dragon π§ , IriusRisk π§ , SeaSponge π§ , Draw.io π§ , Pytm π§ |
| Red Team Tools | Cobalt Strike π£, Sliver π£, Mythic π£, Empire π£, Metasploit π£, Brute Ratel π£, Koadic π£, FudgeC2 π£, Nishang π£, PowerShell Empire π£ |
| Blue Team Tools | Velociraptor π‘οΈ, Wazuh π‘οΈ, OSQuery π‘οΈ, GRR π‘οΈ, Sysmon π‘οΈ, CrowdStrike Falcon π‘οΈ, Elastic Security π‘οΈ, Sigma Rules π‘οΈ |
| SIEM & Log Analysis | Splunk π, ELK Stack π, Graylog π, Wazuh π, AlienVault OSSIM π, SIEMonster π |
| Password Cracking | Hashcat π, John the Ripper π, Hydra π, CrackStation π, Cain & Abel π, Medusa π, THC-Hydra π |
| Reverse Engineering | Ghidra π§¬, IDA Pro π§¬, x64dbg π§¬, OllyDbg π§¬, Binary Ninja π§¬, Radare2 π§¬, Cutter 𧬠|
| Hardware Hacking | ChipWhisperer π, Saleae Logic π, OpenOCD π, JTAGulator π, Bus Pirate π, Flashrom π, Arduino π, Raspberry Pi π, RTL-SDR π |
| Social Engineering | SET π, BeEF π, King Phisher π, Evilginx π, MSF Social Engineering Toolkit π, Psychological Frameworks (Pretexting, Elicitation) π |
| SCADA/ICS Security | Snort βοΈ, Wireshark βοΈ, ModScan βοΈ, ModbusPal βοΈ, Scadafence βοΈ, OpenPLC βοΈ, GasPot βοΈ, Conpot βοΈ, PLCScan βοΈ |
| Social Engineering (Extended) | SET π, BeEF π, King Phisher π, Modlishka π, Evilginx2 π, EyeWitness π, PhishToolkit π, PhishX π |
| Supply Chain Security | Snyk π οΈ, OWASP Dependency-Check π οΈ, Trivy π οΈ, Syft π οΈ, Grype π οΈ, CycloneDX π οΈ, Whitesource π οΈ, Anchore Engine π οΈ |
| Email Security Testing | GoPhish π§, Modlishka π§, SMTPTester π§, MailSniper π§, Evilginx2 π§, Phish5 π§, Email Header Analyzer π§ |
| Mobile Malware Analysis | APKTool π, MobSF π, Jadx π, Frida π, VirusTotal Mobile π, Droidbox π, Bytecode Viewer π, Drozer π, Quark-Engine π |
| AI/ML Security | Adversarial Robustness Toolbox (ART) π€, TextAttack π€, Foolbox π€, IBM AI Explainability 360 π€, CleverHans π€, Alibi Detect π€, SecML π€, DeepExploit π€ |
| Security Automation / SOAR | StackStorm π€, Cortex XSOAR π€, Shuffle π€, DFIR-IR-Playbook π€, Phantom Cyber π€, Tines π€ |
| Bug Bounty Toolkit | Amass πͺ², Sublist3r πͺ², Nuclei πͺ², HTTPX πͺ², Naabu πͺ², FFUF πͺ², GF πͺ², Dalfox πͺ², Kiterunner πͺ², Hakrawler πͺ², JSParser πͺ², ParamSpider πͺ² |
| Credential Dumping & Cracking | LaZagne π, Mimikatz π, Hashcat π, JohnTheRipper π, Windows Credential Editor π, CrackMapExec π, GetNPUsers.py π |
| Payload Generation | MSFVenom π, Unicorn π, Shellter π, Veil π, Nishang π, Empire π, Obfuscation.io π, Metasploit π, Donut π |
| Honeypots / Deception | Cowrie π, Dionaea π, Kippo π, Honeyd π, T-Pot π, Conpot π, Canarytokens π, Artillery π |
| MacOS Security | KnockKnock π, BlockBlock π, OSXCollector π, Objective-See Suite π, MacMonitor π, Little Snitch π, Dylib Hijack Scanner π |
| SIEM/Log Analysis (More) | Logstash π, Fluentd π, Loki π, Graylog π, Falco π, Humio π, Kibana π, Loggly π, Logz.io π |
| Windows Post-Exploitation | PowerView πͺ, Seatbelt πͺ, SharpUp πͺ, WinPEAS πͺ, Sherlock πͺ, Empire πͺ, FireEye Red Team Tools πͺ, SharpHound πͺ |
| Linux Post-Exploitation | LinPEAS π§, Linux Exploit Suggester π§, pspy π§, Chkrootkit π§, rkhunter π§, bashark π§, GTFOBins π§, Sudomy π§ |
| Browser Security Testing | BeEF π, XSStrike π, XSSer π, Burp Collaborator π, NoScript π, Ublock Origin π, Chrome Developer Tools π |
I appreciate your interest in contributing! please read Contribution Guidelines.
A heartfelt thank you to these amazing individuals for their contributions to this project. You can view emoji key to see the various ways you can contribute!
 Marko Ε½ivanoviΔ π§ |
 Madhurendra kumar π» |
 0xanon π» |
 InfoBugs π» |
 Ratnesh kumar π» |
 Chandrabhushan Kumar π» |
 Satya Prakash π» π |
