Pentesting Labs
Open, no-nonsense tooling and datasets for penetration testers, CTF players, and security researchers. Fast, searchable, and free to use — with an API behind everything.
Tools
What's live
Each tool is a standalone project with its own open dataset and public API. More are in the works.
Default Credentials Live
A searchable database and open JSON API of public default credentials for network devices and software — sourced from a community dataset, with vendor-doc citations on verified entries.
Open the catalog →More tools Soon
Additional datasets and utilities for offensive security are on the roadmap. Want to suggest one? Reach out via the contact on the Impressum.
About
Practical resources, openly shared
Pentesting Labs is an independent project that collects and publishes practical resources for offensive security work. The goal is simple: take the lookups and datasets pentesters and CTF players actually reach for, and make them fast, searchable, and machine-readable.
Everything is open. The data lives in public repositories, the apps are deployed statically, and every tool exposes a JSON API so you can wire it into your own workflow. Use it on authorized engagements, in CTFs, or to harden systems you operate.
- Open by defaultDatasets and source are public on GitHub. No sign-ups, no paywalls, no tracking-for-resale.
- Authorized use onlyEverything here is built for engagements, CTFs, and research on systems you're permitted to test.
- Cited & verifiedWhere it matters, entries are backed by primary sources — vendor docs, not hearsay.