Open-Source Offensive & Recon Tools — A Curated Collection

A curated, categorized list of offensive-security, reconnaissance, fuzzing, exploitation, post‑exploit and tooling repositories you can reference for research, testing, or lab exercises. Each entry keeps the original link.

 

Table of Contents

1. Recon & Info Gathering

2. Scanners & Large-Scale Discovery

3. Fuzzing & Parameter Testing

4. Web Application & API Tools

5. Exploitation & PoC Collections

6. Post-Exploitation & RATs

7. Internal Network / Lateral Movement

8. Evasion, Persistence & Bypass

9. Mobile & Frida

10. Containers, Cloud & DevTools

11. Utilities, Frameworks & Misc

 

1. Recon & Info Gathering

1. Findomain — Good domain discovery tool.
   https://github.com/Findomain/Findomain

2. blackbird — Search users across 130 sites.
   https://github.com/p1ngul1n0/blackbird

3. zpscan — Recon / information-gathering tool.
   https://github.com/niudaii/zpscan

4. cvetrends — Crawler & push program for real-time vulnerability trends.
   https://github.com/VulnTotal-Team/cvetrends

5. gvision — Reverse image search to detect landmarks / locations.
   https://github.com/GONZOsint/gvision

6. DarkScrape — Darkweb intelligence data-scraper.
   https://github.com/itsmehacker/DarkScrape

7. AppInfoScanner — Mobile app information collection.
   https://github.com/kelvinBen/AppInfoScanner

8. blackbird (duplicate note) — listed above.

 

2. Scanners & Large-Scale Discovery

1. ATSCAN — Search & large-scale exploitation scanner.
   https://github.com/AlisamTechnology/ATSCAN

2. afrog — Vulnerability scanner with 600+ PoCs; high-performance customizable scanner.
   https://github.com/zan8in/afrog

3. kscan — Pure-Go all-in-one scanner.
   https://github.com/lcvvvv/kscan

4. fscan — Internal network comprehensive scanner.
   https://github.com/shadow1ng/fscan

5. Antenna — Vulnerability scanning tool by 58.com security team.
   https://github.com/wuba/Antenna

6. NucleiTP — Automatic PoC updater.
   https://github.com/ExpLangcn/NucleiTP

7. Banli (Bnali) — High‑risk asset identification & high‑risk vulnerability scanning.
   https://github.com/Goqi/Banli

8. Dirscan — High‑concurrency directory scanner in Go.
   https://github.com/corunb/Dirscan

9. tlsx — TLS information grabber.
   https://github.com/projectdiscovery/tlsx

 

3. Fuzzing & Parameter Testing

1. GooFuzz — Fuzzing tool.
   https://github.com/m3n0sd0n4ld/GooFuzz

2. Scalpel — Web/API complex-parameter fuzzing.
   https://github.com/StarCrossPortal/scalpel

3. XSStrike — XSS scanner & fuzzing for cross-site scripting.
   https://github.com/s0md3v/XSStrike

4. fuxploider — File upload vulnerability scanner & exploitation tool.
   https://github.com/almandin/fuxploider

 

4. Web Application & API Tools

1. sqlmap-gtk — Graphical sqlmap frontend.
   https://github.com/needle-wang/sqlmap-gtk.git

2. Serein — Graphical automated vulnerability scanning & exploitation tool.
   https://github.com/W01fh4cker/Serein

3. Sec-Tools — Multifunctional web application penetration system.
   https://github.com/jwt1399/Sec-Tools

4. swagger-exp — API information-leak exploitation tool.
   https://github.com/lijiejie/swagger-exp

5. web-brutator — Middleware endpoint brute-forcer.
   https://github.com/koutto/web-brutator

6. scalpel — (listed in fuzzing) complex parameter fuzzing for web/API.
   https://github.com/StarCrossPortal/scalpel

7. sucker — Add fake vulnerabilities to any HTTP service to deceive scanners.
   https://github.com/Ciyfly/sucker

 

5. Exploitation & PoC Collections

1. 0day — Collections of various vulnerability exps & PoCs.
   https://github.com/helloexp/0day

2. Advanced-SQL-Injection-Cheatsheet — Advanced SQL injection notes & cheatsheet.
   https://github.com/kleiton0x00/Advanced-SQL-Injection-Cheatsheet

3. blenny — Embed payloads into executable icon resources.
   https://github.com/frank2/blenny

4. Jsleak — Source-code sensitive-information scanner.
   https://github.com/channyein1337/jsleak

 

6. Post-Exploitation & RATs

1. Behinder (Ice Scorpion) — Webshell/backdoor framework.
   https://github.com/rebeyond/Behinder

2. AhMyth — GUI remote access tool (Android RAT, aesthetic UI).
   https://github.com/Morsmalleo/AhMyth

3. BlackNET — Web-based remote control framework.
   https://github.com/BlackHacker511/BlackNET

4. AIRAVAT — Web-based remote control (RAT).
   https://github.com/Th30neAnd0nly/AIRAVAT

5. Tele-Rat — Telegram-bot remote control RAT.
   https://github.com/TeamDarkAnon/Tele-Rat

6. Telegram-RAT — Telegram-bot remote control RAT (alt).
   https://github.com/Bainky/Telegram-RAT

7. ToRat — Remote control over Tor.
   https://github.com/lu4p/ToRat

8. DRat — Decentralized remote control tool.
   https://github.com/SpenserCai/DRat

9. Pandora — Open-source botnet.
   https://github.com/swagkarna/Pandora

10. Grabcam — Terminal webcam grabber.
    https://github.com/noob-hackers/grabcam

11. CppWeixinHunter — Obtain phone numbers / WeChat IDs logged in on a computer.
    https://github.com/baiyies/CppWeixinHunter

12. SMSBoom — Python short-burst SMS program.
    https://github.com/OpenEthan/SMSBoom

 

7. Internal Network / Lateral Movement

1. Aopo — Internal network automated reconnaissance (auto "dotting" / mapping).
   https://github.com/ExpLangcn/Aopo

2. WMIHACKER — Evasion & lateral-movement command testing tool (WMI).
   https://github.com/rootclay/WMIHACKER

3. RequestTemplate — Minimal-packet post-exploitation internal network tool.
   https://github.com/1n7erface/RequestTemplate

4. nps — Lightweight internal network tunneling / proxy server.
   https://github.com/ehang-io/nps

5. pierced — DingTalk internal network tunneling (punch-through).
   https://github.com/open-dingtalk/pierced

 

8. Evasion, Persistence & Bypass

1. av_evasion_tool — AV evasion / packer / bypass generator.
   https://github.com/1y0n/av_evasion_tool

2. schtask-bypass — Task-scheduler persistence bypass for stealthy privilege maintenance.
   https://github.com/H4de5-7/schtask-bypass

3. WMIHACKER — (listed above) lateral movement / evasion testing.
   https://github.com/rootclay/WMIHACKER

4. waf-bypass — WAF bypass tools.
   https://github.com/nemesida-waf/waf-bypass

 

9. Mobile & Frida

1. frida-skeleton — Frida-based Android hooking framework.
   https://github.com/Margular/frida-skeleton

2. Cutter (rizin) — Open-source reverse-engineering platform.
   https://github.com/rizinorg/cutter

3. i-Haklab — Termux hacker experiment kit.
   https://github.com/ivam3/i-Haklab

 

10. Containers, Cloud & DevOps Tools

1. veinmind-tools — Container security toolkit.
   https://github.com/chaitin/veinmind-tools

2. siusiu — Common pentest tools packaged in Docker.
   https://github.com/ShangRui-hash/siusiu

3. Scrapy — Fast web-crawling framework in Python (useful for reconnaissance).
   https://github.com/scrapy/scrapy

4. Savior — Penetration test report auto-generator.
   https://github.com/Mustard404/Savior

 

11. Utilities, Frameworks & Misc

1. Viper — Graphical penetration tool.
   https://github.com/FunnyWolf/Viper

2. YAKIT — Single-operator (soldier) toolkit.
   https://github.com/yaklang/yakit

3. SocialEngineeringDictionaryGenerator — Social engineering password dictionary generator.
   https://github.com/zgjx6/SocialEngineeringDictionaryGenerator

4. PrintNotifyPotato — Potato-style privilege escalation (PrintNotifyPotato).
   https://github.com/BeichenDream/PrintNotifyPotato

5. AttackSurfaceMapper — Automated penetration testing mapper.
   https://github.com/superhedgy/AttackSurfaceMapper

6. All-Defense-Tool — Aggregated offensive/defensive tool collection.
   https://github.com/guchangan1/All-Defense-Tool

7. PhoenixC2 — Open-source C2 framework.
   https://github.com/screamz2k/PhoenixC2

8. Advanced SQL & other references — assorted cheatsheets and notes listed above.