Open Source Mac Penetration Testing Tools - Page 4
Sort By:
Penetration Testing Tools for Mac
View 12 business solutions-
MongoDB Atlas runs apps anywhereMongoDB Atlas gives you the freedom to build and run modern applications anywhere—across AWS, Azure, and Google Cloud. With global availability in over 115 regions, Atlas lets you deploy close to your users, meet compliance needs, and scale with confidence across any geography.
-
8 Monitoring Tools in One APM. Install in 5 Minutes.AppSignal works out of the box for Ruby, Elixir, Node.js, Python, and more. 30-day free trial, no credit card required.
-
1
PoshC2
C2 framework used to aid red teamers with post-exploitation
PoshC2 is a proxy-aware C2 framework used to aid penetration testers with red teaming, post-exploitation and lateral movement. PoshC2 is primarily written in Python3 and follows a modular format to enable users to add their own modules and tools, allowing an extendible and flexible C2 framework. Out-of-the-box PoshC2 comes PowerShell/C# and Python2/Python3 implants with payloads written in PowerShell v2 and v4, C++ and C# source code, a variety of executables, DLLs and raw shellcode in addition to a Python2/Python3 payload. These enable C2 functionality on a wide range of devices and operating systems, including Windows, *nix and OSX. Shellcode containing in-build AMSI bypass and ETW patching for a high success rate and stealth. Auto-generated Apache Rewrite rules for use in a C2 proxy, protecting your C2 infrastructure and maintaining good operational security. Fully encrypted communications, protecting the confidentiality and integrity of the C2 traffic. -
2
Retire.js
Scanner detecting the use of JavaScript libraries
There is a plethora of JavaScript libraries for use on the web and in node.js apps out there. This greatly simplifies, but we need to stay updated on security fixes. "Using Components with Known Vulnerabilities" is now a part of the OWASP Top 10 and insecure libraries can pose a huge risk for your web app. The goal of Retire.js is to help you detect the use of versions with known vulnerabilities. Scan a web app or node app for use of vulnerable JavaScript libraries and/or node modules. grunt-retire scans your grunt-enabled app for use of vulnerable JavaScript libraries and/or node modules. Scans visited sites for references to insecure libraries and puts warnings in the developer console. An icon on the address bar displays will also indicate if vulnerable libraries were loaded. Retire.js has been adapted as a plugin for the penetration testing tools Burp and OWASP ZAP. -
3
Shuttle
A web proxy in Golang with amazing features
Shuttle is a cross-platform network proxy tool based on Go. -
4
Armitage is a GUI frontend for Metasploit. Well known to Kali Linux fans, this is a port of it for Windows.. Tip: Enter these in the Armitage console: db_status if not connected enter: db_connect msf 127.0.0.1 4-19-26: Made a small tweak to the msfrpcd batch file that should help performance. 4-23-26: Upload speeds tend to be faster on the Linux version. 4-25-26: Better upload speeds with the Windows firewall disabled.
-
Full-stack observability with actually useful AI | Grafana CloudBuilt on open standards like Prometheus and OpenTelemetry, Grafana Cloud includes Kubernetes Monitoring, Application Observability, Incident Response, plus the AI-powered Grafana Assistant. Get started with our generous free tier today.
-
5
CSZ CMS
CSZ CMS is a open source content management system. With Codeigniter.
CSZ CMS is an open source web application that allows to manage all content and settings on the websites. CSZ CMS was built on the basis of Codeigniter and design the structure of Bootstrap, this should make your website fully responsive with ease. CSZ CMS is based on the server side script language PHP and uses a MySQL or MariaDB database for data storage. CSZ CMS is open-source Content Management System. And all is free under the Astian Develop Public License (ADPL). -
6
NodeZero is Ubuntu based linux designed as a complete system which can also be used for penetration testing. NodeZero uses Ubuntu repositories so your system will be always up to date.
-
7
Vulnerable Operating Systems
deliberately vulnerable operating systems
VulnOS are a series of deliberately vulnerable operating systems packed as virtual machines to teach Offensive IT Security and to enhance penetration testing skills. For educational purposes! -
8
netool toolkit 4.6
MitM pentesting opensource toolkit
Operative Systems Suported are: Linux-ubuntu, kali-linux, backtack-linux (un-continued), freeBSD, Mac osx (un-continued) Netool its a toolkit written using 'bash, python, ruby' that allows you to automate frameworks like Nmap, Driftnet, Sslstrip, Metasploit and Ettercap MitM attacks. this toolkit makes it easy tasks such as SNIFFING tcp/udp traffic, Man-In-The-Middle attacks, SSL-sniff, DNS-spoofing, D0S attacks in wan/lan networks, TCP/UDP packet manipulation using etter-filters, and gives you the ability to capture pictures of target webbrowser surfing (driftnet), also uses macchanger to decoy scans changing the mac address. Rootsector module allows you to automate some attacks over DNS_SPOOF + MitM (phishing - social engineering) using metasploit, apache2 and ettercap frameworks. Like the generation of payloads, shellcode, backdoors delivered using dns_spoof and MitM method to redirect a target to your phishing webpage. recent as introducted the scanner inurlbr (by cleiton) -
9
sqlmap is an open source penetration testing tool that automates the process of detecting and exploiting SQL injection flaws and taking over of database servers.
-
Custom VMs From 1 to 96 vCPUs With 99.95% UptimeLive migration and automatic failover keep workloads online through maintenance. One free e2-micro VM every month.
-
10
PwnPi
A Pen Test Drop Box distro for the Raspberry Pi
PwnPi is a Linux-based penetration testing dropbox distribution for the Raspberry Pi. It currently has 200+ network security tools pre-installed to aid the penetration tester. It is built a stripped down version of the Debian Wheezy image from the Raspberry Pi foundation's website and uses Openbox as the window manager. PwnPi can be easily setup to send reverse connections from inside a target network by editing a simple configuration file. -
11
cyborg hawk v 1.0
The World's most advanced penetration testing distribution ever
The most advanced, powerful and yet beautiful penetration testing distribution ever created.Lined up with ultimate collection of tools for pro Ethical Hackers and Cyber Security Experts. Simplify security in your IT infrastructure with Cyborg. Its real strength comes from the understanding that a tester requires a strong and efficient system,that benefits from a strong selection of tools, integrated with a stable linux environment. -
12
WebSploit Framework
WebSploit is a high level MITM Framework
WebSploit Advanced MITM Framework [+]Autopwn - Used From Metasploit For Scan and Exploit Target Service [+]wmap - Scan,Crawler Target Used From Metasploit wmap plugin [+]format infector - inject reverse & bind payload into file format [+]phpmyadmin Scanner [+]CloudFlare resolver [+]LFI Bypasser [+]Apache Users Scanner [+]Dir Bruter [+]admin finder [+]MLITM Attack - Man Left In The Middle, XSS Phishing Attacks [+]MITM - Man In The Middle Attack [+]Java Applet Attack [+]MFOD Attack Vector [+]ARP Dos Attack [+]Web Killer Attack [+]Fake Update Attack [+]Fake Access point Attack [+]Wifi Honeypot [+]Wifi Jammer [+]Wifi Dos [+]Wifi Mass De-Authentication Attack [+]Bluetooth POD Attack Project In Github : https://github.com/websploit -
13
SSL Diagnos
SSL Strength Evaluation and Test Utility
SSL Diagnos is used to test SSL strength; get information about SSL protocols (pct, ssl2, ssl3, tls, dtls) and cipher suites. It can also be used for testing and rating ciphers on SSL clients. It has also specific support for pop3s, sip, smtp and explicit ftps. Tests for heartbleed (including dtls). Furthermore a separate tool, SSLPressure, not using openssl can be used to check the whole spectrum of possible SSL protocols on a server. Can also be used for testing ssl for mssql-servers (was added since nessus did not support this) and contains mitm poc for stripping ssl from mssql-connections. -
14
True Brute Force Tool
It breaks 3 character alphanumerical passwords
This program works on everything that has a password. Takes 5 minutes to crack a 3 character password using an i5 4400. -
15
CyphyOS
CyphyOS is Debian-based Distro for Cyber Physical System Hackers
CyphyOS is Debian 10 x86_64 Based Distro Flavor, specifically for Cyber Physical System penetration testing. Powered with XFCE4. Out-Of-The-Box Dedicated to All Hardware Hackers. Especially for those who are still using the common pentesting tools and in need of hardware, Embedded System, IoT and SCADA tools as well. Also SDR tools are in place and configurations are made for HackRF, RTL-SDR and BladeRF. Tools Are Listed In Discussion Tab. Default Username : hackerman Default Password : cyphy -
16
Address_Decode
Decode various cryptocurrency addresses
Address to hash160 is an efficient multi-threaded tool designed to decode various cryptocurrency addresses (such as Bitcoin BTC,Bitcoin Cash BCH, Litecoin LTC, Bitcoin Gold BTG, etc.) to extract hash160 values. It is often used in research such as brainflayer, keyhunt, BitCrack, ecloop, keyhunt cuda, etc. -
17
LabMACOSX: Is a laboratory of applications written in Applescript language. Brutosx is brutus.pl remote login and password bruteforce cracker inserted inside the application Brutosx (need only of Net::Telnet Perl module are required get them at CPAN, while the list of users and passwords, and the service is inserted inside the application). SSHOSX is ssh application client to establish an ssh connection from client to server, Nmaposx is nmap port scanner invoked from the application Nmaposx (Syntax of nmap is inside the application). Packetstorm is all packet storm exploits database all inserted inside in the application Packetstorm, Shoppingosx an example of https connection. The application Ob open four browsers, Tesseract applications container, TAL, Chatosx, AndroMac, AndroEmu, MySMS, Shutdown, Updater, Search for, MyMaps, SOA, BLI, Xcoder, BasicProg, BasicProg2, VM, D,M&Z Suite Basic and D,M&Z Suite Advanced (POSIX based).
-
18
Ghost of Death is an app to spoof your OS. It's meant to spoof scanning apps, like nmap or Metasploit. You must be admin/root. 2-28-26: Addressed a couple of bugs. Totally reworked Linux version. This app won't get a perfect match in the spoof, but it won't let them know your OS. 3-1-26: Tweaked on the Linux version some more. 3-2-26: That last Linux version was messed up, new one works, theoretically. 3-3-26: After much labor it's done. It has Windows, Mac and Android now. Windows comes closest for the spoof, but none of the profiles will let them know your running Kali.
-
19
-
20
A Bluetooth penetration testing suite. It implements attacks like Bluebug, BlueSnarf, BlueSnarf++, BlueSmack and has features such as Bluetooth address spoofing, an AT and a RFCOMM socket shell and a L2CAP packetgenerator.
-
21
Matriux-VM
Matriux OS - Virtual Machine
Matriux is a GNU/Linux, Debian based security distribution designed for penetration testing and cyber forensic investigations. It is a distribution designed for security enthusiasts and professionals, can also be used normally as your default OS. It's Matriux VM, for ISO, please visit https://sourceforge.net/projects/matriux/ -
22
Networking Tools
This Program Contains Many Useful Network Tools
This programs contains the following programs: ------------------------------------------------------------------ 1-Wi-Fi Connector : Connects To Available Wi-Fi Network. 2-Router Password Cracker : To Crack Router's Gateway Password. 3-IP Trace : Trace The IP Address For Any Website. 4-IP Tracker : Gets Your WAN IP Address. 5-Lan Messenger : Chat Between Computers On Same LAN Network. 6-Email Sender : For Sending E-mails Using SMTP Server. 7-Email Viewer : For Receiving E-mails Using POP3 Server. 8-YouTube Downloader : For Downloading YouTube Videos. 9-File Downloader : For Downloading Files. -
23
HTTP Anti Flood/DoS Security Module
Detect Flooder IPs, Reduce Attack Surface against HTTP Flood Attacks
This module provides attack surface reduction enhancements against the HTTP Flood Attacks at the web application level. Massive crawling/scanning tools, HTTP Flood tools can be detected and blocked by this module via htaccess, firewall or iptables, etc. (like mod_evasive) You can use this module by including "iosec.php" to any PHP file which wants to be protected. You can test module here: http://www.iosec.org/test.php (demo) Watch the Proof of Concept video: http://goo.gl/dSiAL Hakin9 IT Security Magazine Article about IOSEC http://goo.gl/aQM4Di (different format -> http://goo.gl/JKMUPN) IJNSA Article at http://goo.gl/LLxRdX WP Plugin Page http://goo.gl/nF5nD CHANGES v.1.8.2 - Iptables Auto Ban Bash Script Included - Token Access via Implicit Deny - Reverse Proxy Support - reCAPTCHA Support Do you want more features? Check for third party addons http://sf.net/projects/iosecaddons Gökhan Muharremoğlu -
24
Wave Framework
Open Source API-centric PHP Micro-framework
Wave is a PHP micro-framework that is built loosely following model-view-control architecture and factory method design pattern. It is made for web services, websites and info-systems and is built to support a native API architecture, caching, user control and smart resource management. Wave is a compact framework that does not include bloated libraries and features and is developed keeping lightweight speed and optimizations in mind. While not necessary for using Wave Framework, it comes by default with a URL and View controllers intended for building websites by solving URL requests and loading views. Mercurial and Git repositories is available for developers who are interested in following the development. Official website and documentation: http://www.waveframework.com Social networks for latest news: Google+ - http://plus.google.com/106969835456865671988 Facebook - http://www.facebook.com/waveframework Twitter - http://www.twitter.com/WWWFramework -
25
CSVHashCrack Suite
Multi hash crack suite
This script is capable of cracking multiple hashes from a CSV-file like e.g. dumps from sqlmap. Over 17.000 md5-hashes in a CSV-file get cracked with a 14.300.000 lines wordlist in less then 1 min. Lines wich cant get cracked with the wordlist get stored in a .leftToCrack-File to further process with another Wordlist or the bruteforce-tool. In addition to the wordlist-cracker I created also a bruteforce-tool named CSVHashBrutforcer.
