Open Source ChromeOS Penetration Testing Tools
Sort By:
Penetration Testing Tools for ChromeOS
Browse free open source Penetration Testing tools and projects for ChromeOS below. Use the toggles on the left to filter open source Penetration Testing tools by OS, license, language, programming language, and project status.
-
Outgrown Windows Task Scheduler?Windows Task Scheduler wasn't built for complex, cross-platform automation. Get a free diagnostic that shows exactly where things are failing and provides remediation recommendations. Interactive HTML report delivered in minutes.
-
Our Free Plans just got better! | Auth0You asked, we delivered! Auth0 is excited to expand our Free and Paid plans to include more options so you can focus on building, deploying, and scaling applications without having to worry about your security. Auth0 now, thank yourself later.
-
1
PentestGPT
Automated Penetration Testing Agentic Framework Powered by LLMs
PentestGPT is an AI-powered autonomous penetration testing agent designed to perform intelligent, end-to-end security assessments using large language models. Published at USENIX Security 2024, it combines advanced reasoning with an agentic workflow to automate tasks traditionally handled by human pentesters. The platform supports multiple penetration testing categories, including web security, cryptography, reversing, forensics, privilege escalation, and binary exploitation. PentestGPT runs in a Docker-first environment, providing a secure, reproducible setup with built-in tooling and session persistence. It offers real-time feedback and live walkthroughs, allowing users to observe each step of the testing process as it unfolds. Built with a modular and extensible architecture, PentestGPT supports cloud and local LLMs, making it suitable for research, education, and authorized security testing. -
2
DirBuster is a multi threaded java application designed to brute force directories and files names on web/application servers.
-
3
Ligolo-ng
An advanced, yet simple, tunneling/pivoting tool
Ligolo-ng is a simple, lightweight and fast tool that allows pentesters to establish tunnels from a reverse TCP/TLS connection using a tun interface (without the need of SOCKS). When running the relay/proxy server, a tun interface is used, packets sent to this interface are translated and then transmitted to the agent's remote network. You need to download the Wintun driver (used by WireGuard) and place the wintun.dll in the same folder as Ligolo. You can listen to ports on the agent and redirect connections to your control/proxy server. You can easily hit more than 100 Mbits/sec. Here is a test using iperf from a 200Mbits/s server to a 200Mbits/s connection. -
4
WiFi-Pumpkin
WiFi-Pumpkin - Framework for Rogue Wi-Fi Access Point Attack
The WiFi-Pumpkin is a rogue AP framework to easily create these fake networks, all while forwarding legitimate traffic to and from the unsuspecting target. It comes stuffed with features, including rogue Wi-Fi access points, deauth attacks on client APs, a probe request and credentials monitor, transparent proxy, Windows update attack, phishing manager, ARP Poisoning, DNS Spoofing, Pumpkin-Proxy, and image capture on the fly. moreover, the WiFi-Pumpkin is a very complete framework for auditing Wi-Fi security check the list of features is quite broad. -
AI-powered service management for IT and enterprise teamsGive your IT, operations, and business teams the ability to deliver exceptional services—without the complexity. Maximize operational efficiency with refreshingly simple, AI-powered Freshservice.
-
5
Atlantis iOS
A lightweight and powerful iOS framework for intercepting HTTP/HTTPS
Don't let cumbersome web debugging tools hold you back. With Proxyman's native macOS app, you can capture, inspect, and manipulate HTTP(s) traffic with ease. Intuitive, thoughtful, and built with meticulous attention to detail. Dive into the network level to diagnose and fix problems with reliable and powerful tools. Proxyman acts as a man-in-the-middle server that captures the traffic between your applications and SSL Web Server. With a built-in macOS setup, so you can inspect your HTTP/HTTPS Request and Responses in plain text with just one click. Narrow down your search with Proxyman's Multiple Filters. You can combine complex filtered criteria like Protocol, Content-Type, URL, Request Header, Response Header, Body, etc that find exact what you're looking for. -
6
Chromepass
Hacking Chrome Saved Passwords
Chromepass is a python-based console application that generates a windows executable with the following features. Decrypt Google Chrome, Chromium, Edge, Brave, Opera and Vivaldi saved paswords and cookies. Send a file with the login/password combinations and cookies remotely (http server or email) Undetectable by AV if done correctly. Custom icon, custom error message, customize port. The new client build methodology practically ensures a 0% detection rate, even without AV-evasion tactics. If this becomes false in the future, some methods will be implemented to improve AV evasion. The dependencies are checked and installed automatically, so you can just skip to Usage. It's recommended that you use a clean VM, just to make sure there are no conflicts. If you don't have the dependencies and your internet isn't fast, this will take a while. -
7
VENOM C2 shellcode
C2 shellcode generator/compiler/handler
The script will use msfvenom (metasploit) to generate shellcode in different formats ( C# | python | ruby | dll | msi | hta-psh | doc | apk | macho | elf | deb | mp4 | etc ) injects the shellcode generated into one template (example: python) "the python function will execute the shellcode into ram" and uses compilers like gcc (gnu cross compiler) or mingw32 or pyinstaller to build the executable file. It also starts a handler to receive the remote connection (shell or meterpreter) venom 1.0.11 (malicious_server) was build to take advantage of apache2 webserver to deliver payloads (LAN) using a fake webpage writen in html to be hable to trigger payload downloads, the user just needs to send the link provided to target host. -
8
Password Guessing Framework
A Framework for Comparing Password Guessing Strategies
The Password Guessing Framework is an open source tool to provide an automated and reliable way to compare password guessers. It can help to identify individual strengths and weaknesses of a guesser, its modes of operation or even the underlying guessing strategies. Therefor, it gathers information about how many passwords from an input file (password leak) have been cracked in relation to the amount of generated guesses. Subsequent to the guessing process an analysis of the cracked passwords is performed. In general though, any guesser that prints the password candidates via STDOUT can be used with the framework. The aforementioned password guessing / password cracking software is not part nor shipped with the framework and need to be installed separately. -
9
Splunk Attack Range
Tool to simulate attacks and collect the data
Attack Range Log The Splunk Attack Range is an open-source project maintained by the Splunk Threat Research Team. It builds instrumented cloud (AWS, Azure) and local environments (Virtualbox), simulates attacks, and forwards the data into a Splunk instance. This environment can then be used to develop and test the effectiveness of detections. -
Easy-to-Use Website Accessibility WidgetAll in One Accessibility is an AI based accessibility tool that helps organizations to enhance the accessibility and usability of websites quickly.
-
10
Teardroid
It's easy to use android botnet work without port forwarding
It's easy to use Android botnet work without port forwarding, VPS, and Android Studio. Run Shell Command ( use findphno command in a run shell command to get the device phone number and use findx:pdf to find all the pdf files on the device ) It will prompt you with your Control Panel url enter your deta space control panel url without /v4 or your own server URL (without/at the end of the URL). You will also be prompted for the title and text of the notification. Enter what you want to display on the notification. Using your own keystore it's not recommended to use the default keystore you can modify the values in the Config.py file to use your own keystore with Teardroid v4. -
11
Hyenae is a highly flexible platform independent network packet generator. It allows you to reproduce several MITM, DoS and DDoS attack scenarios, comes with a clusterable remote daemon and an interactive attack assistant. *** Hyenae is back *** Hyenae will be continued here: https://sourceforge.net/p/hyenae-ng
-
12
JPassword Recovery Tool
Password recovery tool for compressed archives and md5, sha-1/2 hashes
This is a simple but sophisticated open source password recovery tool for M$ Windows, it can effectively 'crack' any password protected archive that can be decompressed by 7zip given enough time and resources. It can also bruteforce MD2, MD5, SHA-1 and SHA-2 hashes (SHA-256, SHA-384, SHA-512), CRC16, CRC32, CRC64 and Adler32 hashed passwords for both Windows, and Linux. It requires java 7u4 and above, and 7-zip v9.20 and up for archive recovery. Keeping these above applications up to date ensures peak performance. if you have any ideas, bugs, tips/improvements and/or suggestions please dont hesitate to contact me NB AS OF V1.07 PLEASE MAKE SURE 'resources' FOLDER IS IN THE SAME DIRECTORY AS THE JPasswordRecoveryTool.jar Known Bugs(v1.09): -although md2 was selceted by default for hash recovery if you did not slected another value and reselect md2 it would use md5 by default -
13
sqlmap is an open source penetration testing tool that automates the process of detecting and exploiting SQL injection flaws and taking over of database servers.
-
14
HTTP Anti Flood/DoS Security Module
Detect Flooder IPs, Reduce Attack Surface against HTTP Flood Attacks
This module provides attack surface reduction enhancements against the HTTP Flood Attacks at the web application level. Massive crawling/scanning tools, HTTP Flood tools can be detected and blocked by this module via htaccess, firewall or iptables, etc. (like mod_evasive) You can use this module by including "iosec.php" to any PHP file which wants to be protected. You can test module here: http://www.iosec.org/test.php (demo) Watch the Proof of Concept video: http://goo.gl/dSiAL Hakin9 IT Security Magazine Article about IOSEC http://goo.gl/aQM4Di (different format -> http://goo.gl/JKMUPN) IJNSA Article at http://goo.gl/LLxRdX WP Plugin Page http://goo.gl/nF5nD CHANGES v.1.8.2 - Iptables Auto Ban Bash Script Included - Token Access via Implicit Deny - Reverse Proxy Support - reCAPTCHA Support Do you want more features? Check for third party addons http://sf.net/projects/iosecaddons Gökhan Muharremoğlu -
15
Address_Decode
Decode various cryptocurrency addresses
Address to hash160 is an efficient multi-threaded tool designed to decode various cryptocurrency addresses (such as Bitcoin BTC,Bitcoin Cash BCH, Litecoin LTC, Bitcoin Gold BTG, etc.) to extract hash160 values. It is often used in research such as brainflayer, keyhunt, BitCrack, ecloop, keyhunt cuda, etc. -
16
Hash Cracker is an application developed in java swings that allows a user to crack MD2, MD5, SHA-1,SHA-256,SHA-384,SHA-512 hashes either using brute force or using wordlists of the user's choice based on the users choice.
-
17
Crack the encrypted passwords (MD5,SHA, etc....)
-
18
CryptoHelper is a Java program designed to aid in the decryption of classical ciphers, ie pre WWII ciphers. It brings together tools like frequency analysis, friedman tests, enciphering/deciphering for several clasical ciphers, and brute force algorithm
-
19
BRUTALIS - BRUTeforce ALternative Is Stupid. Brutalis generate brute force passwords. It can be integrated in any command line for an attack and support resume, character panel, minimum and maximum length, special separating characters and more.
-
20
DNScat is a "swiss-army knife" tool to tunnel traffic through DNS servers. It is a small, yet powerfull tool, similar to netcat. In conjunction with PPP server, it allows to build a VPN using DNS packets. DNScat is a useful tool for penetration testing.
-
21
JBrute
Open Source Security tool to audit hashed passwords.
JBrute is an open source tool written in Java to audit security and stronghold of stored password for several open source and commercial apps. It is focused to provide multi-platform support and flexible parameters to cover most of the possible password-auditing scenarios. Java Runtime version 1.7 or higher is required for running JBrute. Supported algorithms: MD5 MD4 SHA-256 SHA-512 MD5CRYPT SHA1 ORACLE-10G ORACLE-11G NTLM LM MSSQL-2000 MSSQL-2005 MSSQL-2012 MYSQL-322 MYSQL-411 POSTGRESQL SYBASE-ASE1502 INFORMIX-1170 To see syntax examples: https://sourceforge.net/p/jbrute/wiki/Examples To see last news: https://sourceforge.net/p/jbrute/blog FAQ: https://sourceforge.net/p/jbrute/wiki/FAQ/ General questions: jbrute-users@lists.sourceforge.net (you can suscribe to mailing list at https://lists.sourceforge.net/lists/listinfo/jbrute-users) Author: Gonzalo L. Camino Icon Art: Ivan Zubillaga Made in: Argentina :) -
22
Netstorm is a highly flexible, fast and plattform independent network security and reliability tester which allows you to setup real world low level flood attack scenarios (such as MITM, DoS and DDoS) within a local area network and on the internet.
-
23
Reactor Breeder
A Genetic Algorithm for Reactors in StarMade
This software uses a genetic algorithm to "evolve" reactor designs for Schema's space-simulation game, Star-Made (http://star-made.org/). One of the more unique aspects of the game is that ship power management is not as simple as filling a cube with power generation blocks. This mechanism leads to difficulties in getting maximal power generation out of such reactors. This program rectifies this issue by using a self-organizing variant of brute force search. Much of the search space is pruned early on by a user-selectable fitness function. Within a few epochs, reactor output quickly converges to several sub-optimal, yet high-output reactors. Given enough time, the idea is that the optimal reactor configuration will be yielded. -
24
Inguma is a free penetration testing and vulnerability discovery toolkit entirely written in python. Framework includes modules to discover hosts, gather information about, fuzz targets, brute force usernames and passwords, exploits, and a disassembl
-
25
AESTextCrypt
Encrypt and decrypt text using AES 256 bit encryption
AESTextCrypt is an easy-to-use open source tool for text encryption and decryption. Primarily intended for use with email, use it wherever you need to protect text from prying eyes. The encrypted text can be copy/pasted into any text-handling application (e.g. email) instead of plain text. Convenience buttons are provided for clipboard operations. AESTextCrypt uses AES-256 bit encryption which is the strongest available encryption scheme. It also employs bcrypt, which implements key-stretching and an adaptive key setup phase, the complexity (number of rounds) of which is automatically set to match the processing power of the encrypting computer. This makes it highly resistant to dictionary attack. AESTextCrypt is written in Java, so can be run on all desktop platforms - Windows, Mac and Linux.
