Search Results for "attack tools"
Sort By:
Showing 73 open source projects for "attack tools"
View related business solutions-
Outgrown Windows Task Scheduler?Windows Task Scheduler wasn't built for complex, cross-platform automation. Get a free diagnostic that shows exactly where things are failing and provides remediation recommendations. Interactive HTML report delivered in minutes.
-
Our Free Plans just got better! | Auth0You asked, we delivered! Auth0 is excited to expand our Free and Paid plans to include more options so you can focus on building, deploying, and scaling applications without having to worry about your security. Auth0 now, thank yourself later.
-
1
OWASP Amass
In-depth attack surface mapping and asset discovery
The OWASP Amass Project has developed a tool to help information security professionals perform network mapping of attack surfaces and perform external asset discovery using open source information gathering and active reconnaissance techniques. The Open Web Application Security Project (OWASP) is a nonprofit foundation that works to improve the security of software. All of our projects ,tools, documents, forums, and chapters are free and open to anyone interested in improving application security. ... -
2
PentestAgent
AI agent framework for black-box security testing
PentestAgent is an open-source autonomous security testing platform designed to help organizations identify vulnerabilities and assess security posture by simulating real-world attack scenarios without manual intervention. It brings a modular and automated approach to penetration testing by orchestrating a suite of tools and scripts that can emulate common exploitation techniques, reconnaissance workflows, and post-exploitation activities across targets. Users configure rules, policies, and environments, and the agent continuously probes for weaknesses, prioritizes findings, and generates contextual reports that help both technical and non-technical stakeholders understand risk exposure. ... -
3
CyberStrikeAI
CyberStrikeAI is an AI-native security testing platform built in Go
CyberStrikeAI is an AI-native security testing platform built in Go that brings autonomous penetration testing, vulnerability discovery, and attack chain analysis into a unified interface. The platform integrates over 100 security tools out of the box and pairs them with an intelligent orchestration engine that can be directed via natural language or policy definitions, allowing users to automate reconnaissance, scanning, exploitation, and reporting without manual sequencing of tools. -
4
Impacket
A collection of Python classes for working with network protocols
Impacket is a collection of Python classes designed for working with network protocols. It was primarily created in the hopes of alleviating some of the hindrances associated with the implementation of networking protocols and stacks, and aims to speed up research and educational activities. It provides low-level programmatic access to packets, and the protocol implementation itself for some of the protocols, like SMB1-3 and MSRPC. It features several protocols, including Ethernet, IP, TCP,... -
Atera - The depth of a full-stack IT platform, with the power of AI.Atera prioritizes security and compliance through robust protections that align with industry standards. Our AI-driven features were built on responsible AI principles and empower IT teams to work efficiently while maintaining trust and compliance.
-
5
Atlantis iOS
A lightweight and powerful iOS framework for intercepting HTTP/HTTPS
Don't let cumbersome web debugging tools hold you back. With Proxyman's native macOS app, you can capture, inspect, and manipulate HTTP(s) traffic with ease. Intuitive, thoughtful, and built with meticulous attention to detail. Dive into the network level to diagnose and fix problems with reliable and powerful tools. Proxyman acts as a man-in-the-middle server that captures the traffic between your applications and SSL Web Server. With a built-in macOS setup, so you can inspect your... -
6
Proxyman
Web Debugging Proxy for macOS, iOS, and Android
Don't let cumbersome web debugging tools hold you back. With Proxyman's native macOS app, you can capture, inspect, and manipulate HTTP(s) traffic with ease. Intuitive, thoughtful, built with meticulous attention to detail. Comprehensive Guideline to set up with iOS simulator and iOS and Android devices. Proxyman acts as a man-in-the-middle server that capture the traffic between your applications and SSL Web Server. With built-in macOS setup, so you can inspect your HTTP/HTTPS Request and... -
7
Firecracker
Secure and fast microVMs for serverless computing
Firecracker is an open-source virtualization technology developed by AWS for deploying secure micro-VMs (microVMs) that offer strong isolation with minimal overhead. Designed for serverless workloads (e.g., AWS Lambda, Fargate), it combines VM-level security with container-like performance and startup speed. -
8
ZAP
The OWASP ZAP core project
The OWASP Zed Attack Proxy (ZAP) is one of the world’s most popular free security tools and is actively maintained by a dedicated international team of volunteers. It can help you automatically find security vulnerabilities in your web applications while you are developing and testing your applications. It's also a great tool for experienced pentesters to use for manual security testing. -
9
rep+
Burp-style HTTP Repeater for Chrome DevTools with built‑in AI
rep+ is a lightweight browser extension for Chrome DevTools that brings a Burp Suite-style HTTP repeater directly into the developer console, enhanced with built-in AI to help explain requests and suggest tests. It captures HTTP traffic from the inspected page without needing a proxy, allowing users to replay, modify, and analyze individual requests with fine-grained control over headers, bodies, and methods. The tool offers hierarchical grouping, tagging, and filtering of captured requests... -
Grafana: The open and composable observability platformGrafana is the open source analytics & monitoring solution for every database.
-
10
airgeddon
This is a multi-use bash script for Linux systems
airgeddon is an alive project growing day by day. Interface mode switcher (Monitor-Managed) keeping selection even on interface name changing. DoS over wireless networks using different methods (mdk3, mdk4, aireplay-ng). "DoS Pursuit mode" is available to avoid AP channel hopping (available also on DoS performed on Evil Twin attacks). Full support for 2.4Ghz and 5Ghz bands. Assisted WPA/WPA2 personal networks Handshake file and PMKID capturing. Cleaning and optimizing Handshake captured... -
11
Kubernetes Goat
Kubernetes Goat is a "Vulnerable by Design" cluster environment
Learn to attack or find security issues, misconfigurations, and real-world hacks within containers, Kubernetes, and cloud-native environments. Enumerate, exploit, and gain access to the workloads right from your browser. Understand how attackers think, work, and exploit security issues, and apply these learnings to detect and defend them. Also, learn best practices, defenses, and tools to mitigate, and detect in the real world. -
12
NextDNS
NextDNS CLI client (DoH Proxy)
NextDNS protects you from all kinds of security threats, blocks ads and trackers on websites and in apps and provides a safe and supervised Internet for kids, on all devices and on all networks. Determine your threat model and fine-tune your security strategy by enabling 10+ different types of protections. Use the most trusted threat intelligence feeds containing millions of malicious domains, all updated in real-time. Go beyond the domain, we analyze DNS questions and answers on-the-fly (in... -
13
GOAD (Game of Active Directory)
game of active directory
...Analysts can filter, cluster, and explore these relationships to identify infrastructure patterns, potential subdomains, or attack surfaces. Integrations may include metadata like geolocation, WHOIS, and risk scoring to prioritize leads. GOAD helps teams transition from fragmented OSINT tools to a unified reconnaissance dashboard where exploration and filtering are first-class. -
14
Superagent
Superagent protects your AI applications
...It embeds real-time safety directly into AI workflows, helping teams secure models before threats cause damage. Superagent provides guardrails that block jailbreaks, prompt manipulation, and sensitive data exfiltration. It includes redaction tools to remove PII, PHI, and secrets automatically from text. The platform also scans code repositories to detect AI-specific attack vectors like repo poisoning. Superagent is designed for low-latency production environments and works with any major LLM provider. It enables teams to prove compliance with modern AI security and regulatory standards. -
15
thc-hydra
Shows how easy it would be to gain unauthorized access to a system
...This tool is a proof of concept code, to give researchers and security consultants the possibility to show how easy it would be to gain unauthorized access from remote to a system. There are already several login hacker tools available, however, none does either support more than one protocol to attack or support parallelized connects. It was tested to compile cleanly on Linux, Windows/Cygwin, Solaris, FreeBSD/OpenBSD, QNX (Blackberry 10) and MacOS. However the module engine for new services is very easy so it won't take a long time until even more services are supported. ... -
16
Hermit for Rust
Hermit for Rust
Hermit-RS is a Rust-based unikernel designed for high-performance and cloud computing applications. By combining the safety and concurrency features of Rust with the minimalistic approach of unikernels, Hermit-RS offers a secure and efficient runtime environment. It is particularly suited for running single-tenant applications directly on hypervisors or bare-metal hardware, reducing overhead and improving performance. -
17
ContainerSSH
ContainerSSH: Launch containers on demand
...ContainerSSH solves this by providing dynamic SSH access with APIs, automatic cleanup on logout using ephemeral containers, and persistent volumes for storing data. Perfect for vendor and student labs. Provide production access to your developers, give them their usual tools while logging all changes. Authorize their access and create short-lived credentials for the database using simple webhooks. Clean up the environment on disconnect. Study SSH attack patterns up close. Drop attackers safely into network-isolated containers or even virtual machines, and capture their every move using the audit logging ContainerSSH provides. ... -
18
gVisor
Application Kernel for Containers
...Unlike traditional virtual machines or lightweight syscall filters, gVisor follows a third approach that offers many of the security benefits of virtualization while maintaining the speed, resource efficiency, and flexibility of containers. Its key runtime, runsc, integrates seamlessly with container ecosystems such as Docker and Kubernetes, making it easy to deploy sandboxed workloads using familiar tools. By intercepting and safely handling syscalls from applications, gVisor reduces the attack surface of the host kernel, mitigating risks associated with running untrusted or potentially malicious code in containerized environments. -
19
Middleman
Hand-crafted frontend development
Middleman is a Ruby-powered static site generator that emphasizes clean templates, flexible layouts, and a great developer experience. It supports common templating languages (ERB, Haml, Slim) and content formats (Markdown, AsciiDoc), plus front-matter metadata to drive layouts, navigation, and per-page behavior. A built-in dev server with live reload keeps iteration fast, while an asset pipeline handles fingerprinting, minification, and cache-friendly builds. Extensions cover blogging,... -
20
ufonet
UFONet - Denial of Service Toolkit
UFONet - Is a set of hacktivist tools that allow launching coordinated DDoS and DoS attacks and combine both in a single offensive. It also works as an encrypted DarkNET to publish and receive content by creating a global client/server network based on a direct-connect P2P architecture. + FAQ: https://ufonet.03c8.net/FAQ.html -------------------------------------------- -> UFONet-v1.8 [DPh] "DarK-PhAnT0m!" (.zip) -> md5 = [ c8ab016f6370c8391e2e6f9a7cbe990a ] -> UFONet-v1.8... -
21
Hardened Slarpx
Experimental hardened Linux based on Xennytsu and Poison engine
...Beyond passive hardening, Slarpx focuses on active intervention, sabotage, and destruction of attack paths when necessary. -
22
TinyPaw-Linux
Passive & Aggressive WiFi attack distro
Linux WiFi pentesting distribution built off Tiny Core Linux and inspired by the Xiaopan OS project. Lightweight with some new tools and updates to tools that have stood the test of time. Unfortunately at this time the TinyPaw-Linux project has been retired. This SourceForge will remain up, thank you for all the support and communities this project drew inspiration from. -
23
GmSSL
Password toolbox that supports national secret
GmSSL is an open source library of domestic commercial ciphers independently developed by Peking University. It realizes comprehensive functional coverage of national secret algorithms, standards, and secure communication protocols. It supports mainstream operating systems and processors including mobile terminals, and supports cryptographic keys, Cipher cards and other typical domestic cryptographic hardware provide feature-rich command line tools and multiple compiled language programming... -
24
COVA
Context-aware on-premise app for AI-resistant face anonymization
COVA is an on-premise desktop app that automatically anonymizes faces in videos and images while preserving as much visual quality as possible. It analyzes each face's pose and brightness, then picks the minimum blur or mosaic strength that still prevents re-identification, even against AI restoration tools like Real-ESRGAN and GFPGAN. Built with Python, PyQt5 and OpenCV, COVA runs fully on your local machine, making it ideal for CCTV, medical recordings, research datasets and broadcast content. Features include live Original/Anonymized preview, support for images and video, adjustable risk levels and attack models, and timeline graphs showing angle, brightness and anonymization strength. -
25
Penetration Testing Tools
A collection of more than 170+ tools, scripts, cheatsheets
Penetration-Testing-Tools is a curated collection of tools, scripts, cheatsheets and reference materials assembled to help security researchers, red-teamers, and students perform hands-on penetration testing across multiple domains. The repository groups resources by discipline — reconnaissance, web application testing, network exploitation, privilege escalation, post-exploitation and reporting — so users can quickly find relevant utilities and walkthroughs. Many entries include short usage...
