#framework

sulley
sulley

A pure-python fully automated and unattended fuzzing framework.

OSINT-Framework
OSINT-Framework

OSINT Framework.

boofuzz
boofuzz

Network protocol fuzzing for humans.

rekall
rekall

Rekall Memory Forensic Framework.

Havoc
Havoc

Modern and malleable post-exploitation command and control framework.

pwntools
pwntools

CTF framework and exploit development library.

pupy
pupy

Opensource, cross-platform C2 and post-exploitation framework written in python and C.

Xenotix
Xenotix

An advanced Cross Site Scripting vulnerability detection and exploitation framework.

sliver
sliver

Adversary emulation framework.

Built With
Built With

Find out what websites are Built With.

octosuite
octosuite

An all-in-one GitHub open-source intelligence framework.

Sirius
Sirius

Truly open-source general purpose vulnerability scanner.

PurpleOps
PurpleOps

An open-source self-hosted purple team management web application.

SharpC2
SharpC2

Command and Control Framework written in C#.

evilgophish
evilgophish

Combination of evilginx3 and GoPhish.

Empire
Empire

Post-exploitation and adversary emulation framework that is used to aid Red Teams and pentesters.

Starkiller
Starkiller

Starkiller is a frontend for Empire.

Caldera
Caldera

Automated adversary emulation platform.

P4wnP1 A.L.O.A.
P4wnP1 A.L.O.A.

Turn a Rapsberry Pi Zero W into a flexible, low-cost platform for pentesting, red teaming or PE.

HardHat C2
HardHat C2

A cross-platform, collaborative, Command & Control framework.

badsecrets
badsecrets

A library for detecting known secrets across many web frameworks.

The PenTesters Framework
The PenTesters Framework

The Penetration Testers Framework (PTF) is a way for modular support for up-to-date tools.

Nimbo-C2
Nimbo-C2

Yet another (simple and lightweight) C2 framework.

Evilginx3
Evilginx3

Standalone MITM attack framework allowing for the bypass of 2-factor authentication.

bbrf
bbrf

Help you coordinate your reconnaissance workflows across multiple devices.

CTFd
CTFd

A Capture The Flag framework focusing on ease of use and customizability.

phpsploit
phpsploit

Full-featured C2 framework which silently persists on webserver with a single-line PHP backdoor.

PoshC2
PoshC2

A proxy aware C2 framework used to aid with post-exploitation and lateral movement.

R3C0Nizer
R3C0Nizer

The first ever CLI based menu-driven web application B-Tier recon framework.

ScareCrow
ScareCrow

Payload creation framework designed around EDR bypass.

WiFi-Pumpkin
WiFi-Pumpkin

Framework for rogue Wi-Fi access point attack.

FiercePhish
FiercePhish

Full-fledged phishing framework to manage all phishing engagements.

Samurai WTF
Samurai WTF

The best security training environment for developers and AppSec professionals.

SimplyEmail
SimplyEmail

Email recon made fast and easy, with a framework to build on.

PhoneInfoga
PhoneInfoga

Information gathering framework for phone numbers.

Nosql-Exploitation-Framework
Nosql-Exploitation-Framework

A Python Framework For NoSQL Scanning and Exploitation.

WiFi Exploitation Framework
WiFi Exploitation Framework

WiFi exploitation framework.

wifiphisher
wifiphisher

The rogue access point framework.

WebScarab
WebScarab

Framework for analysing applications that communicate using the HTTP and HTTPS protocols.

jok3r
jok3r

Network and Web Pentest Automation Framework.

Canvas
Canvas

Assessment tool that allows penetration testing and hostile attack simulations.

Legion
Legion

Aids in discovery, reconnaissance and exploitation of information systems.

DroneSploit
DroneSploit

Drone pentesting framework console.

pown.js
pown.js

Security testing and exploitation toolkit.

LazyHunter
LazyHunter

A framework that provides a web UI to commonly used Bug Hunting/Pentesting tools.

wifipumpkin3
wifipumpkin3

Powerful framework for rogue access point attack.

AllAboutBugBounty
AllAboutBugBounty

Bug Bounty notes gathered from various sources.

Covenant
Covenant

Collaborative C2 framework for red teamers.

barq
barq

The AWS Cloud Post Exploitation framework!

RouterSploit
RouterSploit

Exploitation framework for embedded devices.

GraphQL Threat Matrix
GraphQL Threat Matrix

Threat framework to research security gaps in GraphQL implementations.

Hackingtool
Hackingtool

ALL IN ONE Hacking Tool For Hackers.

Arachni
Arachni

Web Application Security Scanner Framework.

Sleepy Puppy
Sleepy Puppy

Sleepy Puppy XSS Payload Management Framework.

XSSer
XSSer

Automatic framework to detect, exploit and report XSS vulnerabilities in web-based applications.

RacePWN
RacePWN

Race Condition framework.

Wappalyzer
Wappalyzer

Identify technologies on websites.

brutesubs
brutesubs

Automation framework for running multiple open sourced subdomain bruteforcing tools in parallel.

Maryam
Maryam

Open-source Intelligence Framework.

The Social-Engineer Toolkit
The Social-Engineer Toolkit

Open-source penetration testing framework designed for social engineering.

Maltego
Maltego

Open source intelligence and forensics application.

BeEF
BeEF

The Browser Exploitation Framework is a penetration testing tool that focuses on the web browser.

Recon-ng
Recon-ng

OSINT tool aimed at reducing the time spent harvesting information from open sources.

Rengine
Rengine

Automated reconnaissance framework for webapps, highly configurable streamlined recon process.

Metasploit
Metasploit

The world’s most used penetration testing framework.

w3af
w3af

Web Application Attack and Audit Framework.

Osmedeus
Osmedeus

A Workflow Engine for Offensive Security

Jaeles
Jaeles

The Swiss Army knife for automated Web Application Testing

ReconNess
ReconNess

Continuous recon and pipeline tools setup.