AI Summary: PE-bear is a multiplatform reversing tool designed for analyzing PE (Portable Executable) files, focusing on providing a quick and flexible initial inspection for malware analysts. It supports handling malformed PE files and comes equipped with an updated signature database from PEiD, enhancing its detection capabilities. Additionally, PE-bear can be easily installed on various platforms, including Windows and Linux, and is compatible with multiple package managers.

README

PE-bear

AI Summary: PE-sieve is a lightweight malware detection tool that scans individual processes for malicious implants such as injected PEs, shellcodes, and various in-memory modifications. It effectively identifies techniques like Process Hollowing and Reflective DLL Injection, allowing for the extraction and analysis of detected threats. Additionally, PE-sieve can be integrated as a DLL with a simple API for use in other applications, enhancing its versatility in malware analysis workflows.

README

AI Summary: Penelope is a modern shell handler designed to replace netcat for remote code execution (RCE) exploitation, focusing on enhancing post-exploitation workflows. It supports multiple listeners, session management, and dynamic interaction with target systems through modules, facilitating features such as file transfers, logging, and shell activity management. Built entirely in Python, it offers a standalone operation mode and compatibility across Unix-like systems, thereby streamlining the exploitation process for security professionals.

AI Summary: Penetration_Testing_POC is a comprehensive collection of proof of concepts (POCs), scripts, tools, and articles related to penetration testing, intended to serve as a reference resource. It systematically categorizes vulnerabilities across various domains such as IoT, mobile devices, web applications, and privilege escalation methods, providing users with essential insights and practical exploitation techniques. Notable features include organized documentation and links to external resources, ensuring that users can easily navigate and leverage the provided information for security assessments.

AI Summary: The Penetration Testing Cheat Sheet is a comprehensive checklist designed to assist cybersecurity professionals in performing penetration testing tasks. It aggregates various tools and techniques for phases such as reconnaissance, scanning, and vulnerability exploitation, while emphasizing the importance of complementarity among tools for better results. Noteworthy features include automation of certain tasks and links to crucial resources for penetration testing methodologies.

README

Penetration Testing Cheat Sheet

This is more of a checklist for myself. May contain useful tips and tricks.

AI Summary: The Penetration Testing Tools repository is a comprehensive collection of over 160 scripts, utilities, and cheatsheets designed for Penetration Testing and IT security audits. It encompasses a wide range of categories including cloud assessments, network protocols, web security, and red teaming, enabling practitioners to increase efficiency and improve technical assurance in their engagements. Notable features include modular organization by function, a focus on real-world applicability, and the absence of sensitive client-specific information.

AI Summary: PentAGI is an AI-powered penetration testing framework that automates security assessments for information security professionals and researchers. Notable features include a fully autonomous AI agent capable of executing penetration test steps, integration with over 20 professional tools, a smart memory system for storing results, and comprehensive monitoring and reporting capabilities. The tool operates within a secure Docker environment and includes a modern web interface along with APIs for automation and integration, making it a flexible solution for advanced cybersecurity testing.

AI Summary: The “pentest” tool is designed for network reconnaissance and vulnerability assessment, facilitating tasks such as ping sweeping and port scanning across specified IP ranges. It offers automation scripts for performing comprehensive scans and generating organized results, making it an essential utility for penetration testers and security professionals. Key features include various scanning scripts that leverage target lists for efficient and systematic reconnaissance operations.

README

So, You Want to be a Rock Star?

Follow instructions, it`s very easy!

$ git clone https://github.com/jivoi/pentest.git ./offsecfw && cd offsecfw
$ mix_ping_sweep.py 192.168.56.1-254 ./results
$ mix_port_scan.sh -t ./results/targets.txt -p all
$ mix_recon.py ./results/targets.txt

AI Summary: The Pentest Book is a comprehensive resource for penetration testers, offering a collection of information, scripts, and methodologies gathered during various pentests. It serves as a practical guide for conducting recon, exploring vulnerabilities in web and cloud services, and utilizing tools like Burp Suite, complemented by cheat sheets and checklists. Key features include easy navigation, a searchable interface, and continuous updates to ensure relevance and accuracy in the fast-evolving cybersecurity landscape.

AI Summary: pentest-tools is a collection of customizable security scripts designed for quick penetration testing needs, facilitating various tasks in security assessments. Notable features include domain enumeration, CORS vulnerability testing, subdomain extraction, and DNS requests handling, all provided in multiple programming languages such as Bash, Python, and PHP for versatile usability. This toolkit streamlines common pentesting workflows with efficient tools aimed at both novice and experienced security professionals.

README

pentest-tools

A collection of custom security tools for quick needs.

AI Summary: Pentest-Windows11 v3.2 is a Windows penetration testing environment tailored for deployment on Mac M series chips and other platforms, integrating over 400 commonly used security tools and scripts. Notable features include support for multiple virtualization formats (VMware, Parallels Desktop, Hyper-V), optimized tool management, and a user-friendly interface, enabling efficient vulnerability assessment and penetration testing workflows. The environment is designed to be ready-to-use, allowing security professionals to conduct testing with minimal setup.

AI Summary: PentestAgent is an AI-driven penetration testing tool designed to assist cybersecurity professionals in conducting thorough security assessments. It features multiple operational modes, including single-task assistance, autonomous task execution, and multi-agent orchestration, allowing users to adapt their approach based on project complexity. The tool supports integration with platforms like OpenAI and Anthropic, and can be run in Docker for enhanced isolation and access to a suite of pre-installed pentesting tools.

AI Summary: Pentest Tools is a comprehensive catalog of penetration testing resources, referencing tools primarily from Kali Linux, and featuring both open-source and readily accessible software. It includes a wide array of categories such as information gathering, vulnerability analysis, and exploitation tools, aimed at facilitating various aspects of security assessments. Notable features include a curated list of essential tools, categorized functionalities, and a long-term commitment to updates and supplementary resources.

AI Summary: 🔒 A compiled checklist of 300+ tips for protecting digital security and privacy in 2026

🔒 A compiled checklist of 300+ tips for protecting digital security and privacy in 2026

AI Summary: Phishing Catcher is a tool designed to identify potentially phishing domains in real-time by analyzing suspicious TLS certificate issuances reported to the Certificate Transparency Log via the CertStream API. It utilizes a configurable scoring system to evaluate domain names based on specific keywords and thresholds, allowing users to customize the sensitivity of detection. Notable features include a YAML configuration for adjustable scoring properties, support for both Python versions, and the ability to run in a Docker container for simplified deployment.

AI Summary: Phishing Frenzy is a Ruby on Rails-based framework designed for creating and managing phishing campaigns. Its primary use case is to facilitate penetration testing by simulating phishing attacks, allowing security professionals to assess and improve their organization’s defenses against such threats. Notable features include user-friendly documentation and tools for managing phishing emails and tracking user interactions.

README

Phishing Frenzy

Ruby on Rails Phishing Framework

Documentation & Info

Relevant up to date documentation can be found on the official Phishing Frenzy website located below

AI Summary: PhoneInfoga is an advanced information-gathering framework specifically designed for scanning international phone numbers. Its primary use case involves collecting detailed information such as country, area, carrier, and line type, while employing various OSINT techniques to uncover more about the phone number in question. Notable features include a graphical user interface for scans, programmatic access through a REST API, and the ability to check for the existence of a number and its associated reputation across different platforms.

AI Summary: PhoneSploit is a Python3 tool designed for remote exploitation through ADB (Android Debug Bridge), enabling users to perform a variety of actions on victim devices. Its notable features include the ability to access the device shell, capture screenshots and screen recordings, uninstall applications, and obtain system information in real time, along with file management capabilities such as pulling folders and sending files. The framework serves primarily as a penetration testing tool for assessing the security of Android devices, but it contains mandatory ethical usage disclaimers.

AI Summary: PhoneSploit Pro is an advanced Python-based tool designed for penetration testing and exploiting Android devices remotely through the Android Debug Bridge (ADB) and Metasploit Framework integration. It automates the process of creating, installing, and launching payloads to gain a Meterpreter session in a single click, along with extensive ADB functionalities for managing connected devices, such as file transfers, device control, and data extraction. Notable features include remote screen recording, SMS management, and capabilities for controlling device operations, making it a comprehensive toolkit for security assessments on Android platforms.

AI Summary: PHP Antimalware Scanner is a PHP-based tool designed to scan projects for malicious code embedded within PHP files. Its primary use case is to detect potential malware through an interactive console interface or in a reporting mode that generates results in HTML or text. Notable features include customizable scanning options for file paths, action prompts upon detection of malware, and compatibility with various PHP configurations.

README

AI Summary: SPX (Simple Profiling eXtension) is a lightweight PHP profiling tool designed to enhance performance analysis without external dependencies, ensuring data privacy on user infrastructure. It offers seamless profiling activation, requiring minimal setup, and supports multiple metrics like execution time, memory usage, and object tracking. Its integrated web UI enables interactive visualizations, including timelines and Flamegraphs, to facilitate detailed performance insights and troubleshooting.

README

SPX - A simple profiler for PHP

AI Summary: PhpSploit is a full-featured Command and Control (C2) framework that maintains a persistent presence on web servers using a polymorphic PHP one-liner. Its primary use case is for penetration testing and exploitation, enabling users to execute commands, manage files remotely, interact with a SQL console, and escalate privileges through over 20 available plugins. Notable features include obfuscated communication via HTTP headers and seamless file upload/download capabilities, facilitating robust interactions with target systems while bypassing standard PHP security measures.

AI Summary: Phunter is a sophisticated tool designed for information retrieval related to phone numbers, enabling users to identify details such as the operator, potential locations, line type, and reputation. It features several capabilities including checks for spam activity, Amazon account linkage, and ownership verification, with functionality for both single-number queries and bulk processing from files. The tool is intended for educational purposes and offers a command-line interface with various output options.

AI Summary: Pi-PwnBox is a headless Raspberry Pi-based Rogue Access Point (RogueAP) designed for conducting Red Team engagements and WiFi security assessments. It leverages Alfa WiFi USB adapters for a variety of WiFi attacks and includes features such as remote access, a comprehensive setup process, and associated WiFi hacking resources. This tool is particularly suited for on-site testing and learning environments focused on WiFi security.

README

Pi-PwnBox :rocket: -RogueAP :satellite:

Homemade (headless) PwnBox / RogueAP based on Raspberry Pi & Alfa WiFi USB Adapters.

AI Summary: Pikachu Volleyball is a reimplementation of a classic 1997 Windows game, now developed in JavaScript for web play. Its primary use case is to provide a nostalgic gaming experience by enabling users to play volleyball with Pikachu characters while utilizing a physics engine and AI derived from reverse-engineered original machine code. Notable features include a customizable local server setup for gameplay and an extended AI vs. AI match time, allowing for continuous observation of the computer-controlled players.