Open Source Penetration Testing Tools

DirBuster is a multi threaded java application designed to brute force directories and files names on web/application servers.

The WiFi-Pumpkin is a rogue AP framework to easily create these fake networks, all while forwarding legitimate traffic to and from the unsuspecting target. It comes stuffed with features, including rogue Wi-Fi access points, deauth attacks on client APs, a probe request and credentials monitor, transparent proxy, Windows update attack, phishing manager, ARP Poisoning, DNS Spoofing, Pumpkin-Proxy, and image capture on the fly. moreover, the WiFi-Pumpkin is a very complete framework for auditing Wi-Fi security check the list of features is quite broad.

Cross-platform high-level cryptographic library. Themis helps to build simple and complex cryptographic features easily, quickly, and securely. It’s a perfect fit for multi-platform apps. Themis hides cryptographic details and eliminates popular mistakes. Themis provides ready-made building blocks (“cryptosystems”) for secure data storage, message exchange, socket connections, and authentication. Secure Cell is a multi-mode cryptographic container suitable for storing anything from encrypted files to database records. Use Secure Cell to encrypt data at rest. Secure Cell is built around AES-256-GCM, and AES-256-CTR. Secure Message is a simple encrypted messaging solution for the widest scope of applications. Use Secure Message to send encrypted and signed data from one user to another, from client to server, to prevent MITM attacks and avoid single secret leakage. Based on ECC + ECDSA / RSA + PSS + PKCS#7.

Don't let cumbersome web debugging tools hold you back. With Proxyman's native macOS app, you can capture, inspect, and manipulate HTTP(s) traffic with ease. Intuitive, thoughtful, and built with meticulous attention to detail. Dive into the network level to diagnose and fix problems with reliable and powerful tools. Proxyman acts as a man-in-the-middle server that captures the traffic between your applications and SSL Web Server. With a built-in macOS setup, so you can inspect your HTTP/HTTPS Request and Responses in plain text with just one click. Narrow down your search with Proxyman's Multiple Filters. You can combine complex filtered criteria like Protocol, Content-Type, URL, Request Header, Response Header, Body, etc that find exact what you're looking for.

The Password Guessing Framework is an open source tool to provide an automated and reliable way to compare password guessers. It can help to identify individual strengths and weaknesses of a guesser, its modes of operation or even the underlying guessing strategies. Therefor, it gathers information about how many passwords from an input file (password leak) have been cracked in relation to the amount of generated guesses. Subsequent to the guessing process an analysis of the cracked passwords is performed. In general though, any guesser that prints the password candidates via STDOUT can be used with the framework. The aforementioned password guessing / password cracking software is not part nor shipped with the framework and need to be installed separately.

HconSTF is Open Source Penetration Testing Framework based on different browser technologies, Which helps any security professional to assists in the Penetration testing or vulnerability scanning assessments.contains webtools which are powerful in doing xss(cross site scripting), Sql injection, siXSS, CSRF, Trace XSS, RFI, LFI, etc. Even useful to anybody interested in information security domain - students, Security Professionals,web developers, manual vulnerability assessments and much more.

Fills a rectangle using given tetris shapes (tetraminos) using an optimized brute force algorithm. A puzzle can have many different solutions; this solver will stop at the first one. Not all puzzles are solveable. Created to solve the annoying tetris puzzles in The Talos Principle and Sigils of Elohim.

Hexjector is an Opensource,Cross Platform PHP script to automate Site Pentest for SQL Injection Vulnerabilties.

A test framework for penetration testing Java classes and methods with randomized parameters and testing the results.

Java implementation of the most commonly used algorithms for exact string matching, where the pattern is given first.

Vulnerawa stands for vulnerable web application, though I think it should be renamed Vulnerable website. Unlike other vulnerable web apps, this application strives to be close to reality as possible. To know more about Vulnerawa, go here https://www.hackercoolmagazine.com/vulnerawa-vulnerable-web-app-for-practice/ See how to setup Vulnerawa in Wamp server. https://www.hackercoolmagazine.com/how-to-setup-vulnerawa-in-wamp-server/ To see how to set up a web app pen testing lab with Vulnerawa. https://www.hackercoolmagazine.com/how-to-create-a-web-application-pentest-lab/

Enables a user to view & alter all aspects of comunications with a web site via a proxy. Primarily used for security based penetration testing of web sites, it can also be used for debugging during development. Seen as part of a hacker toolkit.