Best Open Source pentesting Libraries
A curated list of the most popular GitHub repositories tagged with pentesting. Select any project to visualize its architecture and dive into the codebase using RepoMind's AI engine.
#1sherlock-project/sherlock
Hunt down social media accounts by username across social networks
#2sqlmapproject/sqlmap
Automatic SQL injection and database takeover tool
#3KeygraphHQ/shannon
Shannon Lite is an autonomous, white-box AI pentester for web applications and APIs. It analyzes your source code, identifies attack vectors, and executes real exploits to prove vulnerabilities before they reach production.
#4bee-san/RustScan
๐ค The Modern Port Scanner ๐ค
#5soxoj/maigret
๐ต๏ธโโ๏ธ Collect a dossier on a person by username from thousands of sites
#6promptfoo/promptfoo
Test your prompts, agents, and RAGs. Red teaming/pentesting/vulnerability scanning for AI. Compare performance of GPT, Claude, Gemini, Llama, and more. Simple declarative configs with command line and CI/CD integration.
#7smicallef/spiderfoot
SpiderFoot automates OSINT for threat intelligence and mapping your attack surface.
#8ffuf/ffuf
Fast web fuzzer written in Go
#9HackTricks-wiki/hacktricks
Welcome to the page where you will find each trick/technique/whatever I have learnt in CTFs, real life apps, and reading researches and news.
#10blacklanternsecurity/bbot
The recursive internet scanner for hackers. ๐งก
#111N3/Sn1per
Attack Surface Management Platform
#12dstotijn/hetty
An HTTP toolkit for security research.
#13OWASP/wstg
The Web Security Testing Guide is a comprehensive Open Source guide to testing the security of web applications and web services.
#14Ullaakut/cameradar
Cameradar hacks its way into RTSP videosurveillance cameras
#15jassics/security-study-plan
Complete Practical Study Plan to become a successful cybersecurity engineer based on roles like Pentest, AppSec, Cloud Security, DevSecOps and so on...
#16OWASP/Nettacker
Automated Penetration Testing Framework - Open-Source Vulnerability Scanner - Vulnerability Management
#17leebaird/discover
Custom bash scripts used to automate various penetration testing tasks including recon, scanning, enumeration, and malicious payload creation using Metasploit. For use with Kali Linux and Ubuntu.
#18PurpleAILAB/Decepticon
Autonomous Hacking Agent for Red Team
#19lord-alfred/ipranges
๐จ List all IP ranges from: Google (Cloud & GoogleBot), Bing (Bingbot), Amazon (AWS), Microsoft, Oracle (Cloud), GitHub, Facebook (Meta), OpenAI (GPTBot) and other with daily updates.
#20factionsecurity/faction
Pen Test Report Generation and Assessment Collaboration
#21H-mmer/pentest-agents
Bug bounty agent framework for Claude Code, Codex, Gemini, Cursor, Windsurf, Copilot, and OpenClaw โ 48 agents, 26 commands, 19 CLI tools, 2 MCP servers, autonomous hunt loops, exploit chain builder.
#22rix4uni/scope
An automated GitHub Actions-based crawler that fetches and updates public scopes from popular bug bounty platforms (like Hackerone/Bugcrowd/Intigriti/etc) (updates every 10 minutes)