Search Results for "attack tools"
Sort By:
Showing 89 open source projects for "attack tools"
View related business solutions-
AI-generated apps that pass security reviewRetool lets you generate dashboards, admin panels, and workflows directly on your data. Type something like “Build me a revenue dashboard on my Stripe data” and get a working app with security, permissions, and compliance built in from day one. Whether on our cloud or self-hosted, create the internal software your team needs without compromising enterprise standards or control.
-
MongoDB Atlas runs apps anywhereMongoDB Atlas gives you the freedom to build and run modern applications anywhere—across AWS, Azure, and Google Cloud. With global availability in over 115 regions, Atlas lets you deploy close to your users, meet compliance needs, and scale with confidence across any geography.
-
1
Xteam
All-in-one command-line toolkit for security testing and OSINT tools
Xteam is a command-line security toolkit designed to provide multiple penetration testing and information-gathering utilities in a single interface. It combines several modules and external tools to help users perform security research tasks related to mobile devices, wireless networks, and online services. It acts as a centralized launcher that integrates scripts and third-party tools, allowing users to access different testing functions through a menu-based command line workflow. Xteam includes features such as Instagram information gathering, phishing utilities, wireless attack tools, and Android security testing capabilities. ... -
2
CyberStrikeAI
CyberStrikeAI is an AI-native security testing platform built in Go
CyberStrikeAI is an AI-native security testing platform built in Go that brings autonomous penetration testing, vulnerability discovery, and attack chain analysis into a unified interface. The platform integrates over 100 security tools out of the box and pairs them with an intelligent orchestration engine that can be directed via natural language or policy definitions, allowing users to automate reconnaissance, scanning, exploitation, and reporting without manual sequencing of tools. -
3
PentestAgent
AI agent framework for black-box security testing
PentestAgent is an open-source autonomous security testing platform designed to help organizations identify vulnerabilities and assess security posture by simulating real-world attack scenarios without manual intervention. It brings a modular and automated approach to penetration testing by orchestrating a suite of tools and scripts that can emulate common exploitation techniques, reconnaissance workflows, and post-exploitation activities across targets. Users configure rules, policies, and environments, and the agent continuously probes for weaknesses, prioritizes findings, and generates contextual reports that help both technical and non-technical stakeholders understand risk exposure. ... -
4
OWASP Amass
In-depth attack surface mapping and asset discovery
The OWASP Amass Project has developed a tool to help information security professionals perform network mapping of attack surfaces and perform external asset discovery using open source information gathering and active reconnaissance techniques. The Open Web Application Security Project (OWASP) is a nonprofit foundation that works to improve the security of software. All of our projects ,tools, documents, forums, and chapters are free and open to anyone interested in improving application security. ... -
AI-powered service management for IT and enterprise teamsGive your IT, operations, and business teams the ability to deliver exceptional services—without the complexity. Maximize operational efficiency with refreshingly simple, AI-powered Freshservice.
-
5
RedAmon
AI-powered framework for automated penetration testing and red teaming
...RedAmon then uses an AI agent orchestrator to analyze this data, select appropriate tools, and perform exploitation steps such as credential brute forcing or CVE-based attacks. All discovered assets, relationships, and vulnerabilities are stored in a Neo4j knowledge graph, allowing the system to reason about the environment and make informed decisions during the attack process. -
6
VIPER
AI-powered red team platform for adversary simulation toolkit
Viper is a comprehensive red teaming and adversary simulation platform designed to support cybersecurity professionals in conducting advanced security assessments. It integrates a wide range of tools and capabilities required for penetration testing, post-exploitation, and attack simulation workflows into a unified environment. Viper emphasizes ease of use through a graphical interface, allowing users to manage complex operations without relying solely on command-line tools. It includes a large collection of built-in modules that cover multiple stages of the MITRE ATT&CK framework, enabling realistic and structured attack simulations. ... -
7
Impacket
A collection of Python classes for working with network protocols
Impacket is a collection of Python classes designed for working with network protocols. It was primarily created in the hopes of alleviating some of the hindrances associated with the implementation of networking protocols and stacks, and aims to speed up research and educational activities. It provides low-level programmatic access to packets, and the protocol implementation itself for some of the protocols, like SMB1-3 and MSRPC. It features several protocols, including Ethernet, IP, TCP,... -
8
ZAP
The OWASP ZAP core project
The OWASP Zed Attack Proxy (ZAP) is one of the world’s most popular free security tools and is actively maintained by a dedicated international team of volunteers. It can help you automatically find security vulnerabilities in your web applications while you are developing and testing your applications. It's also a great tool for experienced pentesters to use for manual security testing. -
9
Claw Hunter
MDM-ready scripts for detecting and monitoring OpenClaw
Claw Hunter is an open-source security tool designed to detect, analyze, and mitigate risks associated with autonomous AI agents, specifically those built on platforms like OpenClaw. As agentic AI systems gain popularity, they introduce a new class of security challenges because they can execute commands, access files, and interact with external systems with minimal human oversight. Claw-Hunter addresses this emerging threat landscape by providing visibility into these agents, helping... -
Forever Free Full-Stack Observability | Grafana CloudBuilt on open standards like Prometheus and OpenTelemetry, Grafana Cloud includes Kubernetes Monitoring, Application Observability, Incident Response, plus the AI-powered Grafana Assistant. Get started with our generous free tier today.
-
10
Proxyman
Web Debugging Proxy for macOS, iOS, and Android
Don't let cumbersome web debugging tools hold you back. With Proxyman's native macOS app, you can capture, inspect, and manipulate HTTP(s) traffic with ease. Intuitive, thoughtful, built with meticulous attention to detail. Comprehensive Guideline to set up with iOS simulator and iOS and Android devices. Proxyman acts as a man-in-the-middle server that capture the traffic between your applications and SSL Web Server. With built-in macOS setup, so you can inspect your HTTP/HTTPS Request and... -
11
Atlantis iOS
A lightweight and powerful iOS framework for intercepting HTTP/HTTPS
Don't let cumbersome web debugging tools hold you back. With Proxyman's native macOS app, you can capture, inspect, and manipulate HTTP(s) traffic with ease. Intuitive, thoughtful, and built with meticulous attention to detail. Dive into the network level to diagnose and fix problems with reliable and powerful tools. Proxyman acts as a man-in-the-middle server that captures the traffic between your applications and SSL Web Server. With a built-in macOS setup, so you can inspect your... -
12
airgeddon
This is a multi-use bash script for Linux systems
airgeddon is an alive project growing day by day. Interface mode switcher (Monitor-Managed) keeping selection even on interface name changing. DoS over wireless networks using different methods (mdk3, mdk4, aireplay-ng). "DoS Pursuit mode" is available to avoid AP channel hopping (available also on DoS performed on Evil Twin attacks). Full support for 2.4Ghz and 5Ghz bands. Assisted WPA/WPA2 personal networks Handshake file and PMKID capturing. Cleaning and optimizing Handshake captured... -
13
Firecracker
Secure and fast microVMs for serverless computing
Firecracker is an open-source virtualization technology developed by AWS for deploying secure micro-VMs (microVMs) that offer strong isolation with minimal overhead. Designed for serverless workloads (e.g., AWS Lambda, Fargate), it combines VM-level security with container-like performance and startup speed. -
14
GOAD (Game of Active Directory)
game of active directory
...Analysts can filter, cluster, and explore these relationships to identify infrastructure patterns, potential subdomains, or attack surfaces. Integrations may include metadata like geolocation, WHOIS, and risk scoring to prioritize leads. GOAD helps teams transition from fragmented OSINT tools to a unified reconnaissance dashboard where exploration and filtering are first-class. -
15
rep+
Burp-style HTTP Repeater for Chrome DevTools with built‑in AI
rep+ is a lightweight browser extension for Chrome DevTools that brings a Burp Suite-style HTTP repeater directly into the developer console, enhanced with built-in AI to help explain requests and suggest tests. It captures HTTP traffic from the inspected page without needing a proxy, allowing users to replay, modify, and analyze individual requests with fine-grained control over headers, bodies, and methods. The tool offers hierarchical grouping, tagging, and filtering of captured requests... -
16
Kubernetes Goat
Kubernetes Goat is a "Vulnerable by Design" cluster environment
Learn to attack or find security issues, misconfigurations, and real-world hacks within containers, Kubernetes, and cloud-native environments. Enumerate, exploit, and gain access to the workloads right from your browser. Understand how attackers think, work, and exploit security issues, and apply these learnings to detect and defend them. Also, learn best practices, defenses, and tools to mitigate, and detect in the real world. -
17
NextDNS
NextDNS CLI client (DoH Proxy)
NextDNS protects you from all kinds of security threats, blocks ads and trackers on websites and in apps and provides a safe and supervised Internet for kids, on all devices and on all networks. Determine your threat model and fine-tune your security strategy by enabling 10+ different types of protections. Use the most trusted threat intelligence feeds containing millions of malicious domains, all updated in real-time. Go beyond the domain, we analyze DNS questions and answers on-the-fly (in... -
18
FISSURE
The RF and reverse engineering framework for everyone
FISSURE is an open-source radio frequency analysis and signal intelligence framework built to support software-defined radio research, wireless security experimentation, and protocol reverse engineering. The project brings together tools for capturing, inspecting, decoding, replaying, and analyzing RF signals across a wide range of wireless technologies. It is designed as a practical environment for researchers and operators who need to move from raw spectrum observation to structured investigation without stitching together too many separate utilities by hand. The platform supports workflows related to signal discovery, demodulation, packet inspection, fuzzing, and attack simulation, making it useful for both defensive research and controlled lab testing. ... -
19
In-The-Wild Jailbreak Prompts on LLMs
A dataset consists of 15,140 ChatGPT prompts from Reddit
...Researchers analyze these prompts to identify patterns, attack strategies, and techniques commonly used to trick language models into producing restricted or harmful outputs. The dataset includes thousands of prompts collected across multiple platforms and represents one of the largest collections of jailbreak attempts available for research. -
20
thc-hydra
Shows how easy it would be to gain unauthorized access to a system
...This tool is a proof of concept code, to give researchers and security consultants the possibility to show how easy it would be to gain unauthorized access from remote to a system. There are already several login hacker tools available, however, none does either support more than one protocol to attack or support parallelized connects. It was tested to compile cleanly on Linux, Windows/Cygwin, Solaris, FreeBSD/OpenBSD, QNX (Blackberry 10) and MacOS. However the module engine for new services is very easy so it won't take a long time until even more services are supported. ... -
21
Mantis
Automated framework for asset discovery and vulnerability scanning
...It integrates both open source and custom security tools to automate multiple phases of a security assessment in a single workflow. -
22
Hermit for Rust
Hermit for Rust
Hermit-RS is a Rust-based unikernel designed for high-performance and cloud computing applications. By combining the safety and concurrency features of Rust with the minimalistic approach of unikernels, Hermit-RS offers a secure and efficient runtime environment. It is particularly suited for running single-tenant applications directly on hypervisors or bare-metal hardware, reducing overhead and improving performance. -
23
Superagent
Superagent protects your AI applications
...It embeds real-time safety directly into AI workflows, helping teams secure models before threats cause damage. Superagent provides guardrails that block jailbreaks, prompt manipulation, and sensitive data exfiltration. It includes redaction tools to remove PII, PHI, and secrets automatically from text. The platform also scans code repositories to detect AI-specific attack vectors like repo poisoning. Superagent is designed for low-latency production environments and works with any major LLM provider. It enables teams to prove compliance with modern AI security and regulatory standards. -
24
A.I.G
Full-stack AI Red Teaming platform
AI-Infra-Guard is a powerful open-source security platform from Tencent’s Zhuque Lab designed to assess the safety and resilience of AI infrastructures, codebases, and components through automated scanning and evaluation tools. It brings together AI infrastructure vulnerability scanning, MCP server risk analysis, and jailbreak evaluation into a unified workflow so that enterprises and individuals can identify critical security issues without relying on external services. Users can deploy it via Docker or scripts to get a modern web UI that guides them through tasks like scanning third-party frameworks for known CVEs and experimenting with prompt security against attack vectors. ... -
25
reNgine
Automated framework for web application reconnaissance and scanning
reNgine is an automated reconnaissance framework designed to simplify and enhance the process of gathering information about web applications during security assessments. It provides a streamlined workflow for penetration testers, bug bounty hunters, and security teams who need to perform reconnaissance efficiently and at scale. The platform integrates multiple open-source reconnaissance tools into a unified environment with a configurable scanning engine and an intuitive web interface....
