Showing 76 open source projects for "model based testing tool"

View related business solutions
  • Stop Cyber Threats with VM-Series Next-Gen Firewall on Azure Icon
    Stop Cyber Threats with VM-Series Next-Gen Firewall on Azure

    Native application identity and user-based security for your Azure cloud

    Gain integrated visibility across all traffic in a single pass. Deploy Palo Alto Networks VM-Series to determine application identity and content while automating security policy updates via rich APIs.
    Get a free trial
  • MongoDB Atlas runs apps anywhere Icon
    MongoDB Atlas runs apps anywhere

    Deploy in 115+ regions with the modern database for every enterprise.

    MongoDB Atlas gives you the freedom to build and run modern applications anywhere—across AWS, Azure, and Google Cloud. With global availability in over 115 regions, Atlas lets you deploy close to your users, meet compliance needs, and scale with confidence across any geography.
    Start Free
  • 1
    PentestGPT

    PentestGPT

    Automated Penetration Testing Agentic Framework Powered by LLMs

    PentestGPT is an AI-powered autonomous penetration testing agent designed to perform intelligent, end-to-end security assessments using large language models. Published at USENIX Security 2024, it combines advanced reasoning with an agentic workflow to automate tasks traditionally handled by human pentesters. The platform supports multiple penetration testing categories, including web security, cryptography, reversing, forensics, privilege escalation, and binary exploitation. PentestGPT runs...
    Downloads: 563 This Week
    Last Update:
    See Project
  • 2
    lynis

    lynis

    Security auditing tool for Linux, macOS, and UNIX-based system

    Lynis is a battle-tested security tool for systems running Linux, macOS, or Unix-based operating system. It performs an extensive health scan of your systems to support system hardening and compliance testing. The project is open source software with the GPL license and available since 2007. Since Lynis is flexible, it is used for several different purposes. Typical use cases for Lynis include security auditing, compliance testing (e.g.
    Downloads: 1 This Week
    Last Update:
    See Project
  • 3
    thc-hydra

    thc-hydra

    Shows how easy it would be to gain unauthorized access to a system

    Number one of the biggest security holes are passwords, as every password security study shows. This tool is a proof of concept code, to give researchers and security consultants the possibility to show how easy it would be to gain unauthorized access from remote to a system. There are already several login hacker tools available, however, none does either support more than one protocol to attack or support parallelized connects. It was tested to compile cleanly on Linux, Windows/Cygwin,...
    Downloads: 40 This Week
    Last Update:
    See Project
  • 4
    RedAmon

    RedAmon

    AI-powered framework for automated penetration testing and red teaming

    RedAmon is an AI-powered red team framework designed to automate offensive cybersecurity operations from reconnaissance to exploitation and post-exploitation. It combines artificial intelligence with traditional penetration testing tools to create a fully autonomous pipeline capable of discovering vulnerabilities and executing security assessments without human intervention. It begins with a multi-phase reconnaissance engine that maps the entire attack surface of a target, collecting...
    Downloads: 7 This Week
    Last Update:
    See Project
  • Enterprise-grade ITSM, for every business Icon
    Enterprise-grade ITSM, for every business

    Give your IT, operations, and business teams the ability to deliver exceptional services—without the complexity.

    Freshservice is an intuitive, AI-powered platform that helps IT, operations, and business teams deliver exceptional service without the usual complexity. Automate repetitive tasks, resolve issues faster, and provide seamless support across the organization. From managing incidents and assets to driving smarter decisions, Freshservice makes it easy to stay efficient and scale with confidence.
    Try it Free
  • 5
    nuclei

    nuclei

    Fast and customizable vulnerability scanner based on simple YAML

    Nuclei is used to send requests across targets based on a template, leading to zero false positives and providing fast scanning on a large number of hosts. Nuclei offers scanning for a variety of protocols, including TCP, DNS, HTTP, SSL, File, Whois, Websocket, Headless etc. With powerful and flexible templating, Nuclei can be used to model all kinds of security checks. We have a dedicated repository that houses various type of vulnerability templates contributed by more than 300 security...
    Downloads: 60 This Week
    Last Update:
    See Project
  • 6
    mitmproxy

    mitmproxy

    A free and open source interactive HTTPS proxy

    mitmproxy is an open source, interactive SSL/TLS-capable intercepting HTTP proxy, with a console interface fit for HTTP/1, HTTP/2, and WebSockets. It's the ideal tool for penetration testers and software developers, able to debug, test, and make privacy measurements. It can intercept, inspect, modify and replay web traffic, and can even prettify and decode a variety of message types. Its web-based interface mitmweb gives you a similar experience as Chrome's DevTools, with the addition of...
    Downloads: 16 This Week
    Last Update:
    See Project
  • 7
    Sippts

    Sippts

    Set of tools to audit SIP based VoIP Systems

    Sippts is a set of tools to audit VoIP servers and devices using SIP protocol. Sippts is programmed in Python and it allows us to check the security of a VoIP server using SIP protocol. You can freely use, modify and distribute. If modified, please put a reference to this site. Most security tools can be used for illegal purposes, but the purpose of this tool is to check the security of your own servers and not to use to do bad things. I am not responsible for the misuse of this tool. Sippts...
    Downloads: 3 This Week
    Last Update:
    See Project
  • 8
    sqlmap

    sqlmap

    Automatic SQL injection and database takeover tool

    sqlmap is a powerful, feature-filled, open source penetration testing tool. It makes detecting and exploiting SQL injection flaws and taking over the database servers an automated process. sqlmap comes with a great range of features that along with its powerful detection engine make it the ultimate penetration tester. It offers full support for MySQL, Oracle, PostgreSQL, Microsoft SQL Server, Microsoft Access, IBM DB2, SQLite, Firebird, and many other database management systems. It also...
    Downloads: 6 This Week
    Last Update:
    See Project
  • 9
    Qtum

    Qtum

    Qtum Core Wallet

    Qtum is a decentralized blockchain project built on Bitcoin's UTXO model, with support for Ethereum Virtual Machine-based smart contracts, and secured by a proof of stake consensus model. It achieves this through the revolutionary Account Abstraction Layer which allows the EVM to communicate with Qtum's Bitcoin-like UTXO blockchain. Welcome to the Qtum Ignition Main Network. This is the main network where the tokens hold value and should be guarded very carefully. ...
    Downloads: 0 This Week
    Last Update:
    See Project
  • $300 Free Credits for Your Google Cloud Projects Icon
    $300 Free Credits for Your Google Cloud Projects

    Start building on Google Cloud with $300 in free credits. No commitment, no credit card required until you're ready to scale.

    Launch your next project with $300 in free Google Cloud credits—no strings attached. Test, build, and deploy without risk. Use your credits across the entire Google Cloud platform to find what works best for your needs. After your credits are used, continue with always-free tier services. Only pay when you're ready to scale. Sign up in minutes and start exploring.
    Start Free Trial
  • 10
    Modlishka

    Modlishka

    Powerful and flexible HTTP reverse proxy

    Modlishka is a powerful and flexible HTTP reverse proxy. It implements an entirely new and interesting approach of handling browser-based HTTP traffic flow, which allows to transparently proxy of multi-domain destination traffic, both TLS and non-TLS, over a single domain, without the requirement of installing any additional certificate on the client. What exactly does this mean? In short, it simply has a lot of potential, that can be used in many use case scenarios. Modlishka was written as...
    Downloads: 1 This Week
    Last Update:
    See Project
  • 11
    YARA

    YARA

    The pattern matching swiss knife for malware researchers

    YARA is a tool aimed at (but not limited to) helping malware researchers to identify and classify malware samples. With YARA you can create descriptions of malware families (or whatever you want to describe) based on textual or binary patterns. Each description, a.k.a rule, consists of a set of strings and a boolean expression which determines its logic.
    Downloads: 41 This Week
    Last Update:
    See Project
  • 12
    Username Anarchy

    Username Anarchy

    Username generator for penetration testing and user enumeration

    Username Anarchy is an open source command line tool designed to generate possible usernames for use in penetration testing and security assessments. It focuses on solving one of the common challenges in authentication attacks: identifying valid usernames before attempting password attacks. It generates large sets of potential usernames based on a person’s name and common naming conventions used in corporate or online systems.
    Downloads: 0 This Week
    Last Update:
    See Project
  • 13
    GooFuzz

    GooFuzz

    OSINT fuzzing tool using Google dorks to find exposed resources

    GooFuzz is an open source security tool designed to perform fuzzing using an OSINT-based approach by leveraging advanced Google search techniques. It is written in Bash and automates the use of Google Dorking queries to discover publicly accessible information related to a target domain. Instead of directly sending requests to the target server, GooFuzz gathers results through search engine indexing, allowing enumeration without leaving traces in the target’s server logs. ...
    Downloads: 0 This Week
    Last Update:
    See Project
  • 14
    cloud_enum

    cloud_enum

    Multi-cloud OSINT tool for discovering public cloud resources

    cloud_enum is an open source reconnaissance and OSINT tool designed to discover publicly accessible cloud resources across major cloud providers. It focuses on enumerating assets in Amazon Web Services (AWS), Microsoft Azure, and Google Cloud Platform using keyword-based discovery techniques. It works by taking user-provided keywords and generating variations through mutation wordlists, then testing these combinations against common cloud service naming patterns. cloud_enum performs both HTTP probing and DNS lookups to identify resources such as storage buckets, cloud applications, and databases that may be exposed or accessible. cloud_enum uses concurrent processing to speed up scanning, enabling efficient enumeration of large numbers of possible resource names. ...
    Downloads: 0 This Week
    Last Update:
    See Project
  • 15
    Tomb

    Tomb

    the Crypto Undertaker

    Tomb is a minimalistic command-line tool for creating and managing encrypted “tombs,” which are files that act as mountable, private storage vaults. Under the hood it uses Linux dm-crypt with LUKS for strong, disk-level encryption, and separates the key material from the vault itself to improve security workflows. Keys can be protected with passphrases and even hidden via steganography inside innocuous files, giving you options for concealment and off-device storage. The interface is...
    Downloads: 0 This Week
    Last Update:
    See Project
  • 16
    linkedin2username

    linkedin2username

    Generate probable usernames from LinkedIn company employee lists

    linkedin2username is an open source OSINT (Open Source Intelligence) tool designed to generate lists of potential usernames by scraping employee information from a company’s LinkedIn page. It logs into LinkedIn using valid user credentials and collects publicly visible employee names associated with a specified organization. Using these names, it automatically generates multiple possible username formats that organizations commonly use for accounts or email addresses. This process helps...
    Downloads: 0 This Week
    Last Update:
    See Project
  • 17
    Archanoxy

    Archanoxy

    Arch, Blackarch based pentest distro for power users

    Archanoxy is a penetration testing focused GNU/Linux distribution built directly on top of Arch Linux and BlackArch Linux repositories. The operating system utilizes a lightweight, minimal Openbox Window Manager (WM), completely stripped of non-essential background processes to maximize hardware performance and user control. With a strong focus on terminal-centric workflows, Archanoxy provides a clean, raw environment where users can choose to install only the packages they need during or...
    Leader badge
    Downloads: 22 This Week
    Last Update:
    See Project
  • 18
    Mnemonic-Recovery-CUDA

    Mnemonic-Recovery-CUDA

    Written in C/CUDA, this tool recovers lost mnemonics and passphrases f

    Written in C/CUDA, this tool recovers lost mnemonics and passphrases for BTC, ETH, TRX, DOGE, LTC, DASH, ZEC, BCH, and BTG. Supports BIP32/44/49/84 derivation paths. Features partial phrase recovery and a built-in dictionary for fast, efficient results. Compliant with wallet standards.
    Downloads: 22 This Week
    Last Update:
    See Project
  • 19
    BerserkArch

    BerserkArch

    A bleeding-edge, security-centric Arch-based Linux distribution.

    BerserkArch is a security-focused, performance-tuned Linux operating system (OS) based on Arch Linux, designed for developers, hackers, and technical users. A bleeding-edge, security-centric Arch-based Linux distribution crafted for hackers, developers, and nerds alike. Following the Arch Linux philosophy, it is designed to be highly customizable, allowing users to build their environment with only the components they need, rather than having a lot of pre-installed software like some other...
    Downloads: 44 This Week
    Last Update:
    See Project
  • 20
    Digna Web Scanner

    Digna Web Scanner

    A tool to check web apps for vulnerabilty

    This web application scanner is a powerful tool designed to identify potential security vulnerabilities in websites with full GUI (no need to cli). It currently performs checks for: SQL Injection (SQLi): Detects vulnerabilities that could allow attackers to inject malicious SQL code and manipulate the database. XSS Cross-site-scripting: Detect vulnerability that allow attackers to inject client-side scripts into web pages Cross-Site Request Forgery (CSRF): Helps discover...
    Downloads: 1 This Week
    Last Update:
    See Project
  • 21
    MrFish

    MrFish

    A anti-phishing Python script with headers and proxies!

    MrFish is a powerful tool designed to automate the creation of fake account submissions for phishing tests and vulnerability assessments. With the ability to generate random usernames, passwords, and even credit card data, it simulates real user behavior to help test the security of online forms. Featuring customizable settings for proxy support, user inputs (email or username), and multiple threads for speed, MrFish provides an efficient way to stress-test web servers and form-handling...
    Downloads: 2 This Week
    Last Update:
    See Project
  • 22
    pH7 Social Dating CMS (pH7Builder)❤️

    pH7 Social Dating CMS (pH7Builder)❤️

    🚀 Professional Social Dating Web App Builder (formerly pH7CMS)

    pH7Builder is a Professional, Free & Open Source PHP Social Dating Builder Software (primarily designed for developers ...). This Social Dating Web App is fully coded in object-oriented PHP (OOP) with the MVC pattern (Model-View-Controller). It is low resource-intensive, extremely powerful and highly secure. pH7Builder is included with over 42 native modules and is based on its homemade pH7 Framework which includes more than 52 packages To summarize, pH7Builder Social Dating Script...
    Downloads: 42 This Week
    Last Update:
    See Project
  • 23
    DeathStar

    DeathStar

    RESTful API to automate gaining Domain Enterprise Admin rights

    DeathStar is a Python-based red-team automation project that integrates with the Empire REST API for Active Directory security assessment. Its main purpose is to demonstrate how common Active Directory misconfigurations can be chained together in automated attack-path scenarios. The project focuses on controlled assessment workflows that model privilege escalation paths in enterprise Windows environments.
    Downloads: 0 This Week
    Last Update:
    See Project
  • 24
    belch
    BELCH Password List Generator is a simple tool to generate password lists based on a given pattern. You can specify the password pattern and generate multiple unique passwords.
    Downloads: 0 This Week
    Last Update:
    See Project
  • 25
    KubiScan

    KubiScan

    A tool to scan Kubernetes cluster for risky permissions

    A tool for scanning Kubernetes cluster for risky permissions in Kubernetes's Role-based access control (RBAC) authorization model. KubiScan helps cluster administrators identify permissions that attackers could potentially exploit to compromise the clusters. This can be especially helpful on large environments where there are lots of permissions that can be challenging to track.
    Downloads: 0 This Week
    Last Update:
    See Project
  • Previous
  • You're on page 1
  • 2
  • 3
  • 4
  • Next
Auth0 Logo