Open Source Linux Penetration Testing Tools - Page 11
Sort By:
Penetration Testing Tools for Linux
View 19 business solutions-
MongoDB Atlas runs apps anywhereMongoDB Atlas gives you the freedom to build and run modern applications anywhere—across AWS, Azure, and Google Cloud. With global availability in over 115 regions, Atlas lets you deploy close to your users, meet compliance needs, and scale with confidence across any geography.
-
AI-generated apps that pass security reviewRetool lets you generate dashboards, admin panels, and workflows directly on your data. Type something like “Build me a revenue dashboard on my Stripe data” and get a working app with security, permissions, and compliance built in from day one. Whether on our cloud or self-hosted, create the internal software your team needs without compromising enterprise standards or control.
-
1
Java implementation of the most commonly used algorithms for exact string matching, where the pattern is given first.
-
2
A collection of pure Java payloads to be used for post-exploitation from pure Java exploits or from common misconfigurations (like not password protected Tomcat manager or debugger port).
-
3
The John Darm project aims at developping a software that can tests a brute force attack on weak UNIX passwords. It s a multi-client application that dispatches the calculations between the different clients.
-
4
JoinFinder
Help to find join between two table on MS SQL
JoinFinder is a useful tool that helps you to find join between two tables by foreign keys defined into tables or by a brute-force method. It is a Java8 project and it uses jna library for autocompletition feature. At the moment JoinFinder is in Italian and supports only MS SQL server, but I hope to add soon other DB support and English translation. -
Forever Free Full-Stack Observability | Grafana CloudBuilt on open standards like Prometheus and OpenTelemetry, Grafana Cloud includes Kubernetes Monitoring, Application Observability, Incident Response, plus the AI-powered Grafana Assistant. Get started with our generous free tier today.
-
5
Khembalancer
Software to balance a chemical equation (redox too)
Balacing a chemical equation using the Laplace's rule to solve a system of linear equations or using the brute-force method. Khembalancer 2.5.5 received the "100% Free" award and that means Khembalancer does not contain any viruses, spyware, trojans and backdoors. For more information see: http://www.softpedia.com/progClean/Khembalancer-Clean-207422.html -
6
Kubesploit
Kubesploit is a cross-platform post-exploitation HTTP/2 Command
Kubesploit is a cross-platform post-exploitation HTTP/2 Command & Control server and agent dedicated for containerized environments written in Golang and built on top of Merlin project by Russel Van Tuyl. While researching Docker and Kubernetes, we noticed that most of the tools available today are aimed at passive scanning for vulnerabilities in the cluster, and there is a lack of more complex attack vector coverage. They might allow you to see the problem but not exploit it. It is important to run the exploit to simulate a real-world attack that will be used to determine corporate resilience across the network. When running an exploit, it will practice the organization's cyber event management, which doesn't happen when scanning for cluster issues. It can help the organization learn how to operate when real attacks happen, see if its other detection system works as expected and what changes should be made. -
7
LFI ExplOiter is an open source penetration testing tool that automates the process of detecting and exploiting Local FIle Inclusion.
-
8
-
9
A web application penetration testing tool that can extract data from SQL Server, MySQL, DB2, Oracle, Sybase, Informix, and Postgres. Further, it can crawl a website as a vulnerability scanner looking for sql injection vulnerabilities.
-
Earn up to 16% annual interest with Nexo.Generate interest, access liquidity without selling, and execute trades seamlessly. All in one platform. Geographic restrictions, eligibility, and terms apply.
-
10
brute-force attack is a technique of computer security systems by using the trial of all possible keys.
-
11
MITMf
Framework for Man-In-The-Middle attacks
MITMf aims to provide a one-stop-shop for Man-In-The-Middle and network attacks while updating and improving existing attacks and techniques. Originally built to address the significant shortcomings of other tools (e.g Ettercap, Mallory), it's been almost completely rewritten from scratch to provide a modular and easily extendible framework that anyone can use to implement their own MITM attack. The framework contains a built-in SMB, HTTP and DNS server that can be controlled and used by the various plugins, it also contains a modified version of the SSLStrip proxy that allows for HTTP modification and a partial HSTS bypass. As of version 0.9.8, MITMf supports active packet filtering and manipulation (basically what better filters did, only better), allowing users to modify any type of traffic or protocol. The configuration file can be edited on-the-fly while MITMf is running, the changes will be passed down through the framework. -
12
-
13
MimiPenguin
A tool to dump the login password from the current linux user
A tool to dump the login password from the current linux desktop user. Adapted from the idea behind the popular Windows tool mimikatz. Takes advantage of cleartext credentials in memory by dumping the process and extracting lines that have a high probability of containing passwords. Will attempt to calculate each word's probability by checking hashes in memory, and regex searches. 2.0 introduces a clean port that aims to increase the speed of execution and portability -
14
Mini md5 Cracker, como su nombre lo dice es un software para Windows de Crackeo de hash MD5 por Wordlist y Brute Force, escrito en C#, con GUI, sencillo, pequeño, rapido.
-
15
MkPasswd-Chrome_Extension
Password Generator which creates passwords they can't brute force
MkPasswd will create easy to remember passwords with a combination of 48 Billion Trillion easily remembered possibilities (or more!!). So stop using passwords that are hard for you to remember and easy for a computer to brute force guess. Start using SMART passwords today! -
16
Mock in the Middle is a Java Proxy designed for testing network applications. It serves as a mock proxy between a client and a server. By recording and replaying network conversations, the client can later be tested without a live server.
-
17
ModRWLBF stands for ModRW Logical Brute Force. It's a tool designed to help penetration testers identify rewrite rules used by webservers using logical methods as well as pure bruteforce.
-
18
Our idea is to deploy a society of computational agents that collaborate in order to achieve the shared goal of decrypting a chunk of ciphertext or recovering a password from an hash by means of a dictionary-based attack.
-
19
Motinha
Information Gathering and Network Exploitation Framework
Motinha is a Simple Information Gathering and Network Exploitation Framework coded in Python. Here we have a bridge between the final user and the most futurists’ tools on the Internet to find juice info around any network, website, domain, company or persons and in some cases exploit some features to have fun , now let’s Shut Up And Hack! -
20
NBTView is a 'NetBIOS Swiss Army Knife' written in C, and usable under several UNIX-like systems. NBTView allows you to passively monitor NetBIOS intelligence (users logged in, shares, etc.), run queries against machines, and brute-force share passwords.
-
21
NetBox is a software programmed in C for testing vulnerabilities in the network. Using this software you can attack your network using a combination of differents known attacks (ARP or DNS Spoofing, MITM, ...) and detect bugs of security.
-
22
Node.js express.js MongoDB JWT REST API
Node.js express.js MongoDB JWT REST API - Basic Project Skeleton
This is a basic API REST skeleton written on JavaScript using async/await. Great for building a starter web API for your front-end (Android, iOS, Vue, react, angular, or anything that can consume an API) This project is created to help other developers create a basic REST API in an easy way with Node.js. This basic example shows how powerful and simple JavaScript can be. Do you want to contribute? Pull requests are always welcome to show more features. Custom email/password user system with basic security and blocking for preventing brute force attacks. Login access log with IP, browser and country location (for country it looks for the header cf-ipcountry that CloudFlare creates when protecting your website). NPM script for keeping good source code formatting using prettier and ESLint. JWT Tokens, make requests with a token after login with the Authorization header with value Bearer yourToken where yourToken is the signed and encrypted token given in the response. -
23
OWASP Security Shepherd
Web and mobile application security awareness/training platform
The OWASP Security Shepherd project enables users to learn or to improve upon existing manual penetration testing skills. Utilizing the OWASP top ten as a challenge test bed, common security vulnerabilities can be explored and their impact on a system understood. The by-product of this challenge game is the acquired skill to harden a player's own environment from OWASP top ten security risks. The modules have been crafted to provide not only a challenge for a security novice, but security professionals as well. If you'd like to download the V3.0 VM, you can download it from github: https://github.com/OWASP/SecurityShepherd/releases/tag/v3.0 Try it live: https://owasp.securityshepherd.eu Raise issues here: https://github.com/markdenihan/owaspSecurityShepherd/issues More Info here: https://www.owasp.org/index.php/OWASP_Security_Shepherd -
24
OWASP Zed Attack Proxy
Find web application vulnerabilities the easy way!
The Zed Attack Proxy (ZAP) is an easy to use integrated penetration testing tool for finding vulnerabilities in web applications. Note that this project is no longer used for hosting the ZAP downloads. You should download ZAP via https://github.com/zaproxy/zaproxy/wiki/Downloads Please see the homepage for more information about OWASP ZAP -
25
Offensive Web Testing Framework
Offensive Web Testing Framework (OWTF), is a framework
OWASP OWTF is a project focused on penetration testing efficiency and alignment of security tests to security standards like the OWASP Testing Guide (v3 and v4), the OWASP Top 10, PTES and NIST so that pentesters will have more time to see the big picture and think out of the box. More efficiently find, verify and combine vulnerabilities. Have time to investigate complex vulnerabilities like business logic/architectural flaws or virtual hosting sessions. Perform more tactical/targeted fuzzing on seemingly risky areas. Demonstrate true impact despite the short timeframes we are typically given to test. The tool is highly configurable and anybody can trivially create simple plugins or add new tests in the configuration files without having any development experience. OWTF is developed on KaliLinux and macOS but it is made for Kali Linux (or other Debian derivatives).
