A comprehensive, step-by-step penetration testing checklist for ethical hackers. Covers pre-engagement, information gathering, analysis, exploitation, reporting, and more. Ideal for both beginners and pros.
☆126Nov 19, 2024Updated last year
Alternatives and similar repositories for awesome-pentest-checklist
Users that are interested in awesome-pentest-checklist are comparing it to the libraries listed below. We may earn a commission when you buy through links labeled 'Ad' on this page.
Sorting:
- A OWASP Based Checklist With 500+ Test Cases☆863Oct 26, 2022Updated 3 years ago
- A Checklist for Offsec PEN-200 EXAM OSCP+ 2024☆61Oct 31, 2024Updated last year
- Pentest report writing guide☆18Sep 24, 2023Updated 2 years ago
- Excel parser for various pentesting tools.☆31Jun 13, 2023Updated 2 years ago
- Web Help Desk Hardcoded Credential Vulnerability (CVE-2024-28987)☆12Sep 5, 2024Updated last year
- Simple, predictable pricing with DigitalOcean hosting • AdAlways know what you'll pay with monthly caps and flat pricing. Enterprise-grade infrastructure trusted by 600k+ customers.
- Uzbek cyrillic/latin alphabetic, upper/lower/capital-case, name/surname/patronymic wordlists (dictionaries) and their combinations☆12Aug 4, 2022Updated 3 years ago
- checklist for testing the web applications☆285Feb 25, 2023Updated 3 years ago
- Pentest report framework without data send☆19Sep 23, 2025Updated 6 months ago
- Fire-AV is a collection of lists that you can use to block av providers and bad ips☆21Mar 22, 2026Updated last week
- ☆14Aug 9, 2021Updated 4 years ago
- These are the scripts & methodologies that can be used in Buffer Over Flow Fuzzing and Exploitation☆18Oct 3, 2021Updated 4 years ago
- A collection of Windows x32 exploits created while preparing for the OSED certification exam☆25Jun 29, 2021Updated 4 years ago
- CMSC389R course at UMD☆11Oct 2, 2019Updated 6 years ago
- This repo offers notes and resources on ethical hacking, covering information gathering, scanning, web hacking, exploitation, and Windows…☆216Apr 5, 2025Updated 11 months ago
- NordVPN Threat Protection Pro™ • AdTake your cybersecurity to the next level. Block phishing, malware, trackers, and ads. Lightweight app that works with all browsers.
- Apuntes Pentesting a ActiveDirectory PentesterAcademy☆21Jun 9, 2019Updated 6 years ago
- A small utility to generate a word security report by using a knowledge base(XLSX).☆12Nov 25, 2023Updated 2 years ago
- ☆34Oct 25, 2023Updated 2 years ago
- An intentionally vulnerable web application for learning penetration testing techniques.☆31Feb 2, 2026Updated last month
- SecLists is the security tester's companion. It is a collection of multiple types of lists used during security assessments. List types i…☆18Sep 12, 2017Updated 8 years ago
- Kali Nethunter for any android device since from kitkat and upper☆15Aug 10, 2017Updated 8 years ago
- ohmyzsh theme to match HTB PwnBox shell☆13Mar 26, 2023Updated 3 years ago
- ☆10Oct 1, 2023Updated 2 years ago
- Work in progress...☆798Mar 22, 2026Updated last week
- Managed hosting for WordPress and PHP on Cloudways • AdManaged hosting with the flexibility to host WordPress, Magento, Laravel, or PHP apps, on multiple cloud providers. Cloudways by DigitalOcean.
- Collection of hacking tools, and ideas you might need to practice ethical hacking.☆30Apr 29, 2022Updated 3 years ago
- Python package dependency confusion vulnerability POC. Impact this vulnerability is Remote code execution (RCE)☆12Apr 29, 2025Updated 11 months ago
- This repository is made to create your own pentesting reports based on the following templates.☆27Feb 5, 2025Updated last year
- 👋 Welcome to the Cyber Library your ultimate resource for everything cybersecurity.☆32Updated this week
- Common password lists, filtered by complexity and length policy.☆16Sep 22, 2021Updated 4 years ago
- This is an Active Directory Pentesting Lab created by me which includes attacks like IPV6 DNS takeover, Smb relay, unconstrained delegati…☆22Jan 23, 2024Updated 2 years ago
- ☆17May 22, 2024Updated last year
- stream-of-consciousness experience of an AI's thinking process, complete with creative tangents and unexpected connections.☆14Jan 29, 2025Updated last year
- Source code of the Chaos Ransomware, also known as Ryuk and Yashma.☆18Dec 21, 2024Updated last year
- Virtual machines for every use case on DigitalOcean • AdGet dependable uptime with 99.99% SLA, simple security tools, and predictable monthly pricing with DigitalOcean's virtual machines, called Droplets.
- A cheatsheet I made while taking OSCP+/PEN-200 in 2024-2025☆36Apr 1, 2025Updated 11 months ago
- Educational Chrome extensions simulating real-world attacker behavior in the browser. Built for Red Team demos, threat emulation, and adv…☆20Dec 18, 2025Updated 3 months ago
- This is a complete set of HTB academy CBBH path cheatsheets and skills assesment solutions☆10May 10, 2024Updated last year
- Used to get NTLMv2 Hashes from SMB☆23Oct 24, 2024Updated last year
- A GUI program that injects dylib or deb into ipa☆31Feb 20, 2025Updated last year
- I was searching for such resource to work as cheat sheet series and guide me through different attack scenarios for API attacks, didn’t f…☆15May 5, 2025Updated 10 months ago
- Obsidian Templates for OSCP, CPTS, and Training labs☆114Nov 19, 2025Updated 4 months ago