Open Source ChromeOS Penetration Testing Tools - Page 2

This software uses a genetic algorithm to "evolve" reactor designs for Schema's space-simulation game, Star-Made (http://star-made.org/). One of the more unique aspects of the game is that ship power management is not as simple as filling a cube with power generation blocks. This mechanism leads to difficulties in getting maximal power generation out of such reactors. This program rectifies this issue by using a self-organizing variant of brute force search. Much of the search space is pruned early on by a user-selectable fitness function. Within a few epochs, reactor output quickly converges to several sub-optimal, yet high-output reactors. Given enough time, the idea is that the optimal reactor configuration will be yielded.

AESTextCrypt is an easy-to-use open source tool for text encryption and decryption. Primarily intended for use with email, use it wherever you need to protect text from prying eyes. The encrypted text can be copy/pasted into any text-handling application (e.g. email) instead of plain text. Convenience buttons are provided for clipboard operations. AESTextCrypt uses AES-256 bit encryption which is the strongest available encryption scheme. It also employs bcrypt, which implements key-stretching and an adaptive key setup phase, the complexity (number of rounds) of which is automatically set to match the processing power of the encrypting computer. This makes it highly resistant to dictionary attack. AESTextCrypt is written in Java, so can be run on all desktop platforms - Windows, Mac and Linux.

Alan Framework is a post-exploitation framework useful during red-team activities. You can run your preferred tool directly in-memory. JavaScript script execution (in-memory without third party dependency) Fully compliant SOCKS5 proxy. Supported agent types: Powershell (x86/x64), DLL (x86/x64), Executable (x86/x64), Shellcode (x86/x64). Server.exe can be executed in Linux (via dotnet core) The network communication is fully encrypted with a session key not recoverable from the agent binary or from a traffic dump. Communication performed via HTTP/HTTPS. No external dependencies or libraries need to be installed. A powerful command shell. The agent configuration can be updated on the fly (you can change port and protocol too).

Generic clustering/load-balancing platform (over a LAN or internet) using java based P2P Aorta workers that execute java "tasklets". Various tasklets can be implemented to solve fractals, process images, render webpages, crack RSA "brute force".

Black Mamba is a Command and Control (C2) that works with multiple connections at same time. It was developed with Python and with Qt Framework and have multiple features for a post-exploitation step.

A shell script which determines by brute force the best compression format (bzip2, gzip, Z, zip, etc.) and which compression level to use in order to archive a file the smallest possible.

Questo software permette di decrittografare testi crittografati con il cifrario di Cesare tentando tutte le combinazioni possibili.

CryptoHelper is a Java program designed to aid in the decryption of classical ciphers, ie pre WWII ciphers. It brings together tools like frequency analysis, friedman tests, enciphering/deciphering for several clasical ciphers, and brute force algorithm

DES Cracker is a small perl script that cracks DES encrypted passwords.Currently there is only a brute force implementation where phrases are generated. Later version will have a possibility to use word lists for cracking.

Defensive Tools For The Blind (DTFTB) is a collection of Windows and Linux tools that automate: post exploitation, backdoor, and rouge access discovery, for defenders. DTFTB allows a system defender to quickly and precisely locate common backdoor tendencies and system misconfigurations used by an attacker to maintain access. Additionally DTFTB provide automated access-denial tools, that prohibit the introduction of new backdoors to a system. DTFTB is primarily geared towards CTF or other competitive environments.

Simple CGI script which allows you to transfer sensitive ascii data (passwords, hashes, pem keys) via HTTPS. SSL MUST BE implemented by webserver. Algorithm: - Paste new data into textarea, submit. You get link Link consists of three md5 hashes from salt. File, containing your data, named that way. So, it is hard to bruteforce links/files. - Whenever link being opened, script reads file and prints its content into brower in text/plain content-type. Afterthat, script removes file. So one link doesn't work twice and you can securely paste it everywhere. Prefered deployment schema: Nginx + SSL as front Apache + CGI + script as backend

GPP is a General Purpose Proxy Java graphical application intended mainly for packet inspection and modification. It's main idea is to be a little user-friendly portable man-in-the-middle tool for security analysis. Later, some protocols should be added

HTTPBrute is used to calculate HTTP Digest Access Authentication as per RFC 2617. The tool will be able to perform brute force attacks to retrieve a lost password for a given Authentication response. MD5 is the only hashing algorithm implemented.

Hash Cracker is an application developed in java swings that allows a user to crack MD2, MD5, SHA-1,SHA-256,SHA-384,SHA-512 hashes either using brute force or using wordlists of the user's choice based on the users choice.

Hexjector is an Opensource,Cross Platform PHP script to automate Site Pentest for SQL Injection Vulnerabilties.

HumanSudokuSolver is intended to solve Sudoku puzzles in a way human beings would do (non brute force). It currently solves most of the puzzles I tried and can output a step-by-step solution. Developers who want to contribute are welcome!

InsecureWebApp is a web app that includes common web application vulnerabilities including SQL&Html Injection- see owasp.org. It is a target for automated and manual penetration testing, source code analysis, vulnerability assessments and threat modeling.

A test framework for penetration testing Java classes and methods with randomized parameters and testing the results.

Java implementation of the most commonly used algorithms for exact string matching, where the pattern is given first.

Kubesploit is a cross-platform post-exploitation HTTP/2 Command & Control server and agent dedicated for containerized environments written in Golang and built on top of Merlin project by Russel Van Tuyl. While researching Docker and Kubernetes, we noticed that most of the tools available today are aimed at passive scanning for vulnerabilities in the cluster, and there is a lack of more complex attack vector coverage. They might allow you to see the problem but not exploit it. It is important to run the exploit to simulate a real-world attack that will be used to determine corporate resilience across the network. When running an exploit, it will practice the organization's cyber event management, which doesn't happen when scanning for cluster issues. It can help the organization learn how to operate when real attacks happen, see if its other detection system works as expected and what changes should be made.

md5 hash bruteforce for MPI clusters with mpich2 architecture

A tool to dump the login password from the current linux desktop user. Adapted from the idea behind the popular Windows tool mimikatz. Takes advantage of cleartext credentials in memory by dumping the process and extracting lines that have a high probability of containing passwords. Will attempt to calculate each word's probability by checking hashes in memory, and regex searches. 2.0 introduces a clean port that aims to increase the speed of execution and portability

Mock in the Middle is a Java Proxy designed for testing network applications. It serves as a mock proxy between a client and a server. By recording and replaying network conversations, the client can later be tested without a live server.

The Zed Attack Proxy (ZAP) is an easy to use integrated penetration testing tool for finding vulnerabilities in web applications. Note that this project is no longer used for hosting the ZAP downloads. You should download ZAP via https://github.com/zaproxy/zaproxy/wiki/Downloads Please see the homepage for more information about OWASP ZAP

Simple UI to test the effectiveness of a heuristic algorithm against the brute force method for path finding among an arbitrary number of arbitrarily placed points on a grid. This is an educational project, don't expect new and better methods.