Open Source Java Penetration Testing Tools

Java Penetration Testing Tools

View 121 business solutions

Browse free open source Java Penetration Testing Tools and projects below. Use the toggles on the left to filter open source Java Penetration Testing Tools by OS, license, language, programming language, and project status.

  • Our Free Plans just got better! | Auth0 Icon
    Our Free Plans just got better! | Auth0

    With up to 25k MAUs and unlimited Okta connections, our Free Plan lets you focus on what you do best—building great apps.

    You asked, we delivered! Auth0 is excited to expand our Free and Paid plans to include more options so you can focus on building, deploying, and scaling applications without having to worry about your security. Auth0 now, thank yourself later.
    Try free now
  • MongoDB 8.0 on Atlas | Run anywhere Icon
    MongoDB 8.0 on Atlas | Run anywhere

    Now available in even more cloud regions across AWS, Azure, and Google Cloud.

    MongoDB 8.0 brings enhanced performance and flexibility to Atlas—with expanded availability across 125+ regions globally. Build modern apps anywhere your users are, with the power of a modern database behind you.
    Learn More
  • 1
    ophcrack

    ophcrack

    A Windows password cracker based on rainbow tables

    Ophcrack is a Windows password cracker based on a time-memory trade-off using rainbow tables. This is a new variant of Hellman's original trade-off, with better performance. It recovers 99.9% of alphanumeric passwords in seconds.
    Leader badge
    Downloads: 3,010 This Week
    Last Update:
    See Project
  • 2
    ZAP

    ZAP

    The OWASP ZAP core project

    The OWASP Zed Attack Proxy (ZAP) is one of the world’s most popular free security tools and is actively maintained by a dedicated international team of volunteers. It can help you automatically find security vulnerabilities in your web applications while you are developing and testing your applications. It's also a great tool for experienced pentesters to use for manual security testing. ZAP is an easy to use integrated penetration testing tool for finding vulnerabilities in web applications. It is designed to be used by people with a wide range of security experience and as such is ideal for developers and functional testers who are new to penetration testing. ZAP provides automated scanners as well as a set of tools that allow you to find security vulnerabilities manually. It stands between the tester’s browser and the web application so that it can intercept and inspect messages sent between browser and web application.
    Downloads: 109 This Week
    Last Update:
    See Project
  • 3
    DirBuster
    DirBuster is a multi threaded java application designed to brute force directories and files names on web/application servers.
    Leader badge
    Downloads: 344 This Week
    Last Update:
    See Project
  • 4
    Web Security Dojo

    Web Security Dojo

    Virtual training environment to learn web app ethical hacking.

    Web Security Dojo is a virtual machine that provides the tools, targets, and documentation to learn and practice web application security testing. A preconfigured, stand-alone training environment ideal for classroom and conferences. No Internet required to use. Ideal for those interested in getting hands-on practice for ethical hacking, penetration testing, bug bounties, and capture the flag (CTF). A single OVA file will import into VirtualBox and VMware. There is also an Ansible script for those brave souls that want transform their stock Ubuntu into a virtual dojo. Bow to your sensei! username: dojo password: dojo
    Leader badge
    Downloads: 101 This Week
    Last Update:
    See Project
  • Picsart Enterprise Background Removal API for Stunning eCommerce Visuals Icon
    Picsart Enterprise Background Removal API for Stunning eCommerce Visuals

    Instantly remove the background from your images in just one click.

    With our Remove Background API tool, you can access the transformative capabilities of automation , which will allow you to turn any photo asset into compelling product imagery. With elevated visuals quality on your digital platforms, you can captivate your audience, and therefore achieve higher engagement and sales.
    Learn More
  • 5
    JPassword Recovery Tool

    JPassword Recovery Tool

    Password recovery tool for compressed archives and md5, sha-1/2 hashes

    This is a simple but sophisticated open source password recovery tool for M$ Windows, it can effectively 'crack' any password protected archive that can be decompressed by 7zip given enough time and resources. It can also bruteforce MD2, MD5, SHA-1 and SHA-2 hashes (SHA-256, SHA-384, SHA-512), CRC16, CRC32, CRC64 and Adler32 hashed passwords for both Windows, and Linux. It requires java 7u4 and above, and 7-zip v9.20 and up for archive recovery. Keeping these above applications up to date ensures peak performance. if you have any ideas, bugs, tips/improvements and/or suggestions please dont hesitate to contact me NB AS OF V1.07 PLEASE MAKE SURE 'resources' FOLDER IS IN THE SAME DIRECTORY AS THE JPasswordRecoveryTool.jar Known Bugs(v1.09): -although md2 was selceted by default for hash recovery if you did not slected another value and reselect md2 it would use md5 by default
    Leader badge
    Downloads: 102 This Week
    Last Update:
    See Project
  • 6
    Proxyee

    Proxyee

    HTTP proxy server,support HTTPS & websocket

    Proxyee is a JAVA-written HTTP proxy server library that supports HTTP, HTTPS, and WebSocket protocols, and supports MITM (Man-in-the-middle), which can capture and tamper with HTTP, and HTTPS packets. The CA certificate (src/resources/ca.crt) from the project needs to be imported to a trusted root certificate authority. The CA certificate (src/resources/ca.crt) from the project needs to be imported to a trusted root certificate authority. You can use the CertDownIntercept interceptor to enable the web certificate download feature.
    Downloads: 3 This Week
    Last Update:
    See Project
  • 7
    Cracx

    Cracx

    simple and light-weight archive password cracker

    Cracx allows you to crack archive passwords of any encryption using 7-zip, WinRAR or a custom command, via Brute Force or Dictionary attack. Note: You must NOT use this program with files you don't have the rights to extract/open/use them! Currently, the program requires a current version of either 7-zip or WinRAR to be installed, but you can also use it to bruteforce basically anything that is executably via command-line with custom parameters. On an i7 CPU, it runs approximately 30 combination tests per second. Feel free to make suggestions or contribute by implementing features and translating the tool into your native language!
    Downloads: 17 This Week
    Last Update:
    See Project
  • 8
    Hcon Security Testing Framework

    Hcon Security Testing Framework

    Open Source Penetration Testing / Ethical Hacking Framework

    HconSTF is Open Source Penetration Testing Framework based on different browser technologies, Which helps any security professional to assists in the Penetration testing or vulnerability scanning assessments.contains webtools which are powerful in doing xss(cross site scripting), Sql injection, siXSS, CSRF, Trace XSS, RFI, LFI, etc. Even useful to anybody interested in information security domain - students, Security Professionals,web developers, manual vulnerability assessments and much more.
    Downloads: 29 This Week
    Last Update:
    See Project
  • 9
    Droid Pentest help you to find all android apps for penetration testing and hacking so you can make complete penetration test platform .
    Downloads: 4 This Week
    Last Update:
    See Project
  • Secure remote access solution to your private network, in the cloud or on-prem. Icon
    Secure remote access solution to your private network, in the cloud or on-prem.

    Deliver secure remote access with OpenVPN.

    OpenVPN is here to bring simple, flexible, and cost-effective secure remote access to companies of all sizes, regardless of where their resources are located.
    Get started — no credit card required.
  • 10
    jsql-injection

    jsql-injection

    jSQL Injection is a Java application for automatic SQL database injec

    jSQL project has moved to https://github.com/ron190/jsql-injection jSQL Injection is a lightweight application used to find database information from a distant server. It is free, open source and cross-platform (Windows, Linux, Mac OS X). Kali Linux logo jSQL Injection is also part of the official penetration testing distribution Kali Linux and is included in distributions like Pentest Box, Parrot Security OS, ArchStrike or BlackArch Linux.
    Downloads: 11 This Week
    Last Update:
    See Project
  • 11
    InsecureWebApp is a web app that includes common web application vulnerabilities including SQL&Html Injection- see owasp.org. It is a target for automated and manual penetration testing, source code analysis, vulnerability assessments and threat modeling.
    Leader badge
    Downloads: 8 This Week
    Last Update:
    See Project
  • 12
    Password Cracker
    Crack the encrypted passwords (MD5,SHA, etc....)
    Downloads: 7 This Week
    Last Update:
    See Project
  • 13
    AESTextCrypt

    AESTextCrypt

    Encrypt and decrypt text using AES 256 bit encryption

    AESTextCrypt is an easy-to-use open source tool for text encryption and decryption. Primarily intended for use with email, use it wherever you need to protect text from prying eyes. The encrypted text can be copy/pasted into any text-handling application (e.g. email) instead of plain text. Convenience buttons are provided for clipboard operations. AESTextCrypt uses AES-256 bit encryption which is the strongest available encryption scheme. It also employs bcrypt, which implements key-stretching and an adaptive key setup phase, the complexity (number of rounds) of which is automatically set to match the processing power of the encrypting computer. This makes it highly resistant to dictionary attack. AESTextCrypt is written in Java, so can be run on all desktop platforms - Windows, Mac and Linux.
    Downloads: 2 This Week
    Last Update:
    See Project
  • 14
    mystic-crypt is designed as a Java library that can be used for simple and complex encryption and decryption. The source code for the library is available under https://github.com/astrapi69/mystic-crypt For demonstration what the library can do there is a graphical client: The source code for the ui is available under https://github.com/astrapi69/mystic-crypt-ui
    Downloads: 2 This Week
    Last Update:
    See Project
  • 15
    Hash Cracker is an application developed in java swings that allows a user to crack MD2, MD5, SHA-1,SHA-256,SHA-384,SHA-512 hashes either using brute force or using wordlists of the user's choice based on the users choice.
    Downloads: 1 This Week
    Last Update:
    See Project
  • 16
    Generic clustering/load-balancing platform (over a LAN or internet) using java based P2P Aorta workers that execute java "tasklets". Various tasklets can be implemented to solve fractals, process images, render webpages, crack RSA "brute force".
    Downloads: 1 This Week
    Last Update:
    See Project
  • 17
    CryptoHelper is a Java program designed to aid in the decryption of classical ciphers, ie pre WWII ciphers. It brings together tools like frequency analysis, friedman tests, enciphering/deciphering for several clasical ciphers, and brute force algorithm
    Downloads: 1 This Week
    Last Update:
    See Project
  • 18
    DNScat is a "swiss-army knife" tool to tunnel traffic through DNS servers. It is a small, yet powerfull tool, similar to netcat. In conjunction with PPP server, it allows to build a VPN using DNS packets. DNScat is a useful tool for penetration testing.
    Downloads: 1 This Week
    Last Update:
    See Project
  • 19
    GPP is a General Purpose Proxy Java graphical application intended mainly for packet inspection and modification. It's main idea is to be a little user-friendly portable man-in-the-middle tool for security analysis. Later, some protocols should be added
    Downloads: 1 This Week
    Last Update:
    See Project
  • 20
    HTTPBrute is used to calculate HTTP Digest Access Authentication as per RFC 2617. The tool will be able to perform brute force attacks to retrieve a lost password for a given Authentication response. MD5 is the only hashing algorithm implemented.
    Downloads: 1 This Week
    Last Update:
    See Project
  • 21
    JBrute

    JBrute

    Open Source Security tool to audit hashed passwords.

    JBrute is an open source tool written in Java to audit security and stronghold of stored password for several open source and commercial apps. It is focused to provide multi-platform support and flexible parameters to cover most of the possible password-auditing scenarios. Java Runtime version 1.7 or higher is required for running JBrute. Supported algorithms: MD5 MD4 SHA-256 SHA-512 MD5CRYPT SHA1 ORACLE-10G ORACLE-11G NTLM LM MSSQL-2000 MSSQL-2005 MSSQL-2012 MYSQL-322 MYSQL-411 POSTGRESQL SYBASE-ASE1502 INFORMIX-1170 To see syntax examples: https://sourceforge.net/p/jbrute/wiki/Examples To see last news: https://sourceforge.net/p/jbrute/blog FAQ: https://sourceforge.net/p/jbrute/wiki/FAQ/ General questions: jbrute-users@lists.sourceforge.net (you can suscribe to mailing list at https://lists.sourceforge.net/lists/listinfo/jbrute-users) Author: Gonzalo L. Camino Icon Art: Ivan Zubillaga Made in: Argentina :)
    Downloads: 1 This Week
    Last Update:
    See Project
  • 22
    Password strength testing Java API utilizes Java platform independence and threading mechanisms. Provides a way to conduct custom brute force and dictionary stregth tests.
    Downloads: 1 This Week
    Last Update:
    See Project
  • 23
    Mock in the Middle is a Java Proxy designed for testing network applications. It serves as a mock proxy between a client and a server. By recording and replaying network conversations, the client can later be tested without a live server.
    Downloads: 1 This Week
    Last Update:
    See Project
  • 24
    OWASP Security Shepherd

    OWASP Security Shepherd

    Web and mobile application security awareness/training platform

    The OWASP Security Shepherd project enables users to learn or to improve upon existing manual penetration testing skills. Utilizing the OWASP top ten as a challenge test bed, common security vulnerabilities can be explored and their impact on a system understood. The by-product of this challenge game is the acquired skill to harden a player's own environment from OWASP top ten security risks. The modules have been crafted to provide not only a challenge for a security novice, but security professionals as well. If you'd like to download the V3.0 VM, you can download it from github: https://github.com/OWASP/SecurityShepherd/releases/tag/v3.0 Try it live: https://owasp.securityshepherd.eu Raise issues here: https://github.com/markdenihan/owaspSecurityShepherd/issues More Info here: https://www.owasp.org/index.php/OWASP_Security_Shepherd
    Downloads: 1 This Week
    Last Update:
    See Project
  • 25
    SNames is a threaded java dns scanner. It uses patterns to provide good bruteforce strength when trying to resolve hostnames.
    Downloads: 1 This Week
    Last Update:
    See Project
  • Previous
  • You're on page 1
  • 2
  • Next
Want the latest updates on software, tech news, and AI?
Get latest updates about software, tech news, and AI from SourceForge directly in your inbox once a month.