Search Results for "pentest-lab"
Sort By:
Showing 44 open source projects for "pentest-lab"
View related business solutions-
MongoDB Atlas runs apps anywhereMongoDB Atlas gives you the freedom to build and run modern applications anywhere—across AWS, Azure, and Google Cloud. With global availability in over 115 regions, Atlas lets you deploy close to your users, meet compliance needs, and scale with confidence across any geography.
-
$300 in Free Credit Towards Top Cloud ServicesStart your project in minutes. After credits run out, 20+ products include free monthly usage. Only pay when you're ready to scale.
-
1
Internal All The Things
Active Directory and Internal Pentest Cheatsheets
...It covers a broad range of topics; AD certificate services, Kerberos attacks, lateral movement, tooling, post-exploitation techniques, and networking. The content is designed to help both learners and experienced red-teamers fill gaps in their internal pentest knowledge, especially for environments where AD and internal tooling dominate. Because internal engagements often have more complexity and fewer online guides compared to internet-facing web apps, this repo serves as a converging point for best practices, write-ups, and cheat sheets. The repository is structured, continuously updated, and encourages contributions, so its value grows over time. ... -
2
nbcelltests
Cell-by-cell testing for production Jupyter notebooks in JupyterLab
...Note that you must have node.js installed (as for any lab extension). -
3
GOAD (Game of Active Directory)
game of active directory
GOAD (Gather Open Attack Data) is a security reconnaissance framework for collecting, enriching, and visualizing open-source intelligence (OSINT) around hosts, domains, and certificates. It automates queries to certificate transparency logs, passive DNS, subdomain enumeration, web endpoints, and other public threat feeds. The tool aggregates results into structured formats and can produce interactive graphs to highlight relationships between entities (e.g. domain → IP → cert → ASN). Analysts... -
4
Mobile Verification Toolkit
Helps with conducting forensics of mobile devices
Mobile Verification Toolkit (MVT) is a collection of utilities to simplify and automate the process of gathering forensic traces helpful to identify a potential compromise of Android and iOS devices. It has been developed and released by the Amnesty International Security Lab in July 2021 in the context of the Pegasus project along with a technical forensic methodology and forensic evidence. MVT is a forensic research tool intended for technologists and investigators. Using it requires understanding the basics of forensic analysis and using command-line tools. This is not intended for end-user self-assessment. ... -
Earn up to 16% annual interest with Nexo.Put idle assets to work with competitive interest rates, borrow without selling, and trade with precision. All in one platform. Geographic restrictions, eligibility, and terms apply.
-
5
BadUSB
Flipper Zero badusb payload library
...The codebase is frequently intended for security research and defensive testing: defenders and red teams use it to validate endpoint controls, USB whitelisting, and user training. Due to the dual-use nature of such techniques, responsible repositories emphasize lab-only experiments, consent-based testing, and mitigations like disabling autorun, enforcing device policies, and using endpoint detection. -
6
Splunk Attack Range
A tool that allows you to create vulnerable environments
The Splunk Attack Range is an open-source project maintained by the Splunk Threat Research Team. It builds instrumented cloud (AWS, Azure) and local environments (Virtualbox), simulates attacks, and forwards the data into a Splunk instance. This environment can then be used to develop and test the effectiveness of detections. -
7
ICS Sensor Sim Lab
ICS Sensor Traffic Simulator
This tool simulates network traffic typical of an Industrial Control System (ICS) environment. It generates synthetic Modbus/TCP packets to help test monitoring and intrusion detection systems. Quick Start To use this tool, run the simulator: bash # Run for 30 seconds and save to traffic.log python lab_runner.py ics-sim --duration 30 --output traffic.log -
8
Ultramarker
Ultramarker assessment criteria, marking and report generation system
...Multiple weighted criteria can be included in the assessment and the same criteria used for multiple sessions. Sessions may be used to assess typically laboratory based work where common criteria are used to assess a number of similar lab sessions. Defined criteria can be used to assess systems or students and a feedback report generated that can contain a number of items including specific feedback comments. A summary of marks for a group can also be generated. See Files for help on installation and additional support files to download. See: https://youtube.com/playlist?... -
9
Ultimate AppLocker Bypass List
The most common techniques to bypass AppLocker
...It is aimed primarily at defenders, incident responders, and security researchers who need a consolidated reference to understand common bypass vectors and to validate detection logic. The repository emphasizes defensive use—helping blue teams craft allow-list policies, create detection rules, and test policy hardening in isolated lab environments—rather than offensive exploitation. -
Auth0 B2B Essentials: SSO, MFA, and RBAC Built InAuth0's B2B Essentials plan gives you everything you need to ship secure multi-tenant apps. Unlimited orgs, enterprise SSO, RBAC, audit log streaming, and higher auth and API limits included. Add on M2M tokens, enterprise MFA, or additional SSO connections as you scale.
-
10
Pentest-Tools
A collection of custom security tools for quick needs.
Pentest-Tools is a collection of penetration testing scripts and utilities designed to help security professionals and ethical hackers perform vulnerability assessments. It includes a wide range of tools for tasks like web scraping, reconnaissance, data extraction, and network analysis. The suite is modular, allowing users to choose the tools that best fit their specific pentesting needs, from web application analysis to network penetration testing. -
11
SM4Crypt
Command-line GM/T 0002-2012 SM4-GCM Encryption Tool
This project is licensed under the ISC License. Copyright © 2020-2021 ALBANESE Research Lab Source code: https://github.com/pedroalbanese/sm4crypt Visit: http://albanese.atwebpages.com -
12
Ascon
Command-line Ascon v1.2 Encryption Tool written in Go
...The Ascon family was designed to be lightweight and easy to implement, even with added countermeasures against side-channel attacks. This project is licensed under the ISC License. Copyright © 2020-2022 ALBANESE Research Lab Source code: https://github.com/pedroalbanese/ascon Visit: http://albanese.atwebpages.com -
13
vulnerable-AD
Create a vulnerable active directory
...The project can create user objects with default or weak passwords, inject passwords into object descriptions, disable SMB signing, and manipulate ACLs to reproduce real-world privilege escalation and persistence scenarios. A convenience wrapper and examples make it straightforward to deploy in a local lab: you can install AD services, run the script on a domain controller, and generate hundreds of vulnerable accounts and conditions for testing. The repository emphasizes full coverage of the listed attack types and includes options to randomize which weakness -
14
EncryptCLI
Open Source Commandline Encryption Tool written in AutoIt3
Fully OpenSSL compliant File Encryption Tool - ALBANESE Lab © 2018-2023 Algorithms: 3DES, AES-128, AES-192, AES-256, DES, RC2, RC4 Copyright © 2018-2020 Pedro F. Albanese Source: https://github.com/pedroalbanese/encryptcli Visit: http://albanese.atwebpages.com -
15
LEACrypt
TTAK.KO-12.0223 Lightweight Encryption Algorithm Tool
...LEA is included in the ISO/IEC 29192-2:2019 standard (Information security - Lightweight cryptography - Part 2: Block ciphers). This project is licensed under the ISC License. Copyright © 2020-2021 ALBANESE Research Lab Source code: https://github.com/pedroalbanese/leacrypt Visit: http://albanese.atwebpages.com -
16
GOSTCrypt ☭
GOST R 34.10-2015 Kuznechik Block Cipher Encryption Tool
GOST R 34.12-2015 Kuznechik block cipher (RFC 7801) with Multilinear Galois Mode (RFC 9058). This project is licensed under the ISC License. Copyright © 2020-2021 ALBANESE Research Lab Source code: https://github.com/pedroalbanese/gostcrypt Visit: http://albanese.atwebpages.com -
17
GMSM Toolkit ☭
Cross-platform GMSM Security Suite written in Go
...Cryptographic Functions: • Asymmetric Encryption/Decryption • Symmetric Encryption/Decryption • Digital Signature (ECDSA) • Shared Key Agreement (ECDH) • Recursive Hash Digest + Check • CMAC (Cipher-based message authentication code) • HMAC (Hash-based message authentication code) • PBKDF2 (Password-based key derivation function 2) • TLS Copyright (c) 2020-2021 Pedro Albanese - ALBANESE Lab. Source code: https://github.com/pedroalbanese/gmsmtk Visit: http://albanese.atwebpages.com -
18
Abdal 404 PenTest
Best tools for 404 WebApp stress
Abdal 404 PenTest tool is a powerful software with multi-thread processing capability to generate 404 errors on the target server or site that can check the level of security of the target. Be sure to watch this tool to better understand the tutorial. -
19
Abdal FTP BruteForce
FTP BruteForce tool For real Pentest
Abdal FTP BruteForce tool is a powerful software with zero error rate to test the intrusion of servers that work with FTP protocol, this tool supports proxy for attacks and can transfer all your traffic in the hacking process to the proxy Slowly -
20
KISA Toolkit
Korea Internet & Security Agency's Cipher Suite written in Go
...Cryptographic Functions: • Symmetric Encryption/Decryption • Hash Digest • CMAC (Cipher-based message authentication code) • HMAC (Hash-based message authentication code) • PBKDF2 (Password-based key derivation function 2) Copyright (c) 2020-2021 Pedro Albanese - ALBANESE Lab Visit: http://albanese.atwebpages.com -
21
Zynix-Fusion
zynix-Fusion is a framework for hacking
zynix-Fusion is a framework that aims to centralize, standardizeand simplify the use of various security tools for pentest professionals.zynix-Fusion (old name: Linux evil toolkit) has few simple commands, one of which is theinit function that allows you to define a target, and thus use all the toolswithout typing anything else. -
22
Active Directory Exploitation
A cheat sheet that contains common enumeration and attack methods
...The repository is organized as a stepwise kill-chain: recon, domain enumeration, local privilege escalation, user hunting, BloodHound guidance, lateral movement, persistence, domain-admin takeover, cross-trust attacks, data exfiltration, and a toolbox of payloads and helper scripts. It aggregates short, copy-ready PowerShell, C, .NET and Python snippets as well as command examples so operators can quickly run checks or reproduce techniques in lab environments. The content also includes .NET payload patterns, reverse PowerShell helpers, notes on privileged accounts and groups, and practical tips for hunting or protecting high-value targets. -
23
Hackingtool
ALL IN ONE Hacking Tool For Hackers
...A menu interface offering categories: reconnaissance, payload creation, wireless attacks, reverse engineering, exploit frameworks, etc. Users can pick which tool to run. It is intended more for “ethical / lab / educational” hacking contexts rather than production or stealth scenarios. It depends a lot on external tools, grants, and root privileges in many cases. -
24
PivotSuite
Network Pivoting Toolkit
...Using this we can reach different subnet hosts from our pentest machine, which was only accessible from the compromised machine. -
25
sjcl
Stanford Javascript Crypto Library
The Stanford Javascript Crypto Library is a project by the Stanford Computer Security Lab to build a secure, powerful, fast, small, easy-to-use, cross-browser library for cryptography in Javascript. SJCL is small but powerful. The minified version of the library is under 6.4KB compressed, and yet it posts impressive speed results. SJCL is secure. It uses the industry-standard AES algorithm at 128, 192 or 256 bits; the SHA256 hash function; the HMAC authentication code; the PBKDF2 password strengthener; and the CCM and OCB authenticated-encryption modes. ...
