Search Results for "pen testing tools"
Sort By:
Showing 299 open source projects for "pen testing tools"
View related business solutions-
$300 Free Credits for Your Google Cloud ProjectsLaunch your next project with $300 in free Google Cloud credits—no strings attached. Test, build, and deploy without risk. Use your credits across the entire Google Cloud platform to find what works best for your needs. After your credits are used, continue with always-free tier services. Only pay when you're ready to scale. Sign up in minutes and start exploring.
-
Secure File Transfer for Windows with Cerberus by RedwoodCerberus supports unlimited users and connections on a single IP, with built-in encryption, 2FA, and a browser-based web client — all deployable in under 15 minutes with a 25-day free trial.
-
1
ZAP
The OWASP ZAP core project
The OWASP Zed Attack Proxy (ZAP) is one of the world’s most popular free security tools and is actively maintained by a dedicated international team of volunteers. It can help you automatically find security vulnerabilities in your web applications while you are developing and testing your applications. It's also a great tool for experienced pentesters to use for manual security testing. ZAP is an easy to use integrated penetration testing tool for finding vulnerabilities in web applications. ... -
2
Pacu
The AWS exploitation framework, designed for testing security
Pacu (named after a type of Piranha in the Amazon) is a comprehensive AWS security-testing toolkit designed for offensive security practitioners. While several AWS security scanners currently serve as the proverbial “Nessus” of the cloud, Pacu is designed to be the Metasploit equivalent. Written in Python 3 with a modular architecture, Pacu has tools for every step of the pen testing process, covering the full cyber kill chain. -
3
PEASS-ng
Privilege Escalation Awesome Scripts SUITE
These tools search for possible local privilege escalation paths that you could exploit and print them to you with nice colors so you can recognize the misconfigurations easily. All the scripts/binaries of the PEAS suite should be used for authorized penetration testing and/or educational purposes only. Any misuse of this software will not be the responsibility of the author or of any other collaborator. -
4
Commando VM
Complete Mandiant Offensive VM (Commando VM)
Commando VM (by Mandiant) is a Windows-based offensive security / red-team distribution built to turn a fresh Windows installation into a fully featured penetration testing environment. It provides an automated installer (PowerShell script) that uses Chocolatey, Boxstarter, and MyGet package feeds to download, install, and configure dozens (100+ / 170+ depending on version) of offensive, fuzzing, enumeration, and exploitation tools. The idea is to spare testers the repetitive work of hand-installing dozens of windows tools, dependencies, and configurations. ... -
Our Free Plans just got better! | Auth0You asked, we delivered! Auth0 is excited to expand our Free and Paid plans to include more options so you can focus on building, deploying, and scaling applications without having to worry about your security. Auth0 now, thank yourself later.
-
5
Allure Report
Flexible, lightweight multi-language test reporting tool
Allure Report is a flexible, lightweight multi-language test reporting tool. It provides clear graphical reports and allows everyone involved in the development process to extract the maximum of information from the everyday testing process. Allure Report is a flexible multi-language test report tool to show you a detailed representation of what has been tested end extract max from the everyday execution of tests. Allure Report is capable to build unified reports for dozens of testing tools across eleven programming languages on several CI/CD systems. -
6
Terratest
Go library that makes it easier to write automated tests
Terratest is a Go library that provides patterns and helper functions for testing infrastructure, with 1st-class support for Terraform, Packer, Docker, Kubernetes, AWS, GCP, and more. Create a file ending in _test.go and run tests with the go test command. E.g., go test my_test.go. Use Terratest to execute your real IaC tools (e.g., Terraform, Packer, etc.) to deploy real infrastructure (e.g., servers) in a real environment (e.g., AWS). -
7
KeepingYouAwake
Prevents your Mac from going to sleep
KeepingYouAwake is a small menu bar utility for macOS (Version 10.12 and newer) that can prevent your Mac from entering sleep mode for a predefined duration or as long as it is activated. The app is a small wrapper around Apple's caffeinate command line utility. All current versions of macOS ship with this tool by default. On a MacBook this only works as long as the lid is open. This utility will not harm your Mac because it is based on an official command line tool by Apple. Version 1.5.2... -
8
KIF
An iOS functional testing framework
...It allows for easy automation of iOS apps by leveraging the accessibility attributes that the OS makes available for those with visual disabilities. KIF builds and performs the tests using a standard XCTest testing target. Testing is conducted synchronously in the main thread (running the run loop to force the passage of time) allowing for more complex logic and composition. This also allows KIF to take advantage of the Xcode Test Navigator, command line build tools, and Bot test reports. KIF uses undocumented Apple APIs. This is true of most iOS testing frameworks, and is safe for testing purposes, but it's important that KIF does not make it into production code, as it will get your app submission denied by Apple. ... -
9
Ansible Molecule
Molecule aids in the development and testing of Ansible roles
Molecule project is designed to aid in the development and testing of Ansible roles. Molecule provides support for testing with multiple instances, operating systems and distributions, virtualization providers, test frameworks and testing scenarios. Molecule encourages an approach that results in consistently developed roles that are well-written, easily understood and maintained. Molecule supports only the latest two major versions of Ansible (N/N-1), meaning that if the latest version is... -
Ship Agents FasterGemini Enterprise Agent Platform lets you rapidly build, scale, govern and optimize production-ready agents grounded in your organization's data. The platform enables developers to build custom or pre-built agents for virtually any use case. New customers get $300 in free credits.
-
10
Fortio
Fortio load testing library, command line tool, advanced echo server
Fortio (Φορτίο) started as, and is, Istio’s load testing tool and later (2018) graduated to be its own open-source project. Fortio runs at a specified query per second (qps) and records an histogram of execution time and calculates percentiles (e.g. p99 ie the response time such as 99% of the requests take less than that number (in seconds, SI unit)). It can run for a set duration, for a fixed number of calls, or until interrupted (at a constant target QPS, or max speed/load per... -
11
CDK
Make security testing of K8s, Docker, and Containerd easier
CDK is an open-sourced container penetration toolkit, designed for offering stable exploitation in different slimmed containers without any OS dependency. It comes with useful net-tools and many powerful PoCs/EXPs and helps you to escape container and take over K8s cluster easily. -
12
Angular CLI
Development tools and libraries specialized for Angular
Angular CLI consists of development tools and libraries specialized for Angular, allowing you to create, manage, build and test Angular projects. It is built on top of the Angular DevKit, which provides a broad set of libraries for managing, developing, deploying and analyzing your code. -
13
Kotest
Powerful, elegant and flexible test framework for Kotlin
Kotest is a flexible and comprehensive testing tool for Kotlin with multiplatform support. Powerful, elegant, and flexible test framework for Kotlin with additional assertions, property testing, and data-driven testing. The Kotest test framework enables tests to be laid out in a fluid way and execute them on JVM, Javascript, or native platforms. With built-in coroutine support at every level, the ability to use functions such as test lifecycle callbacks, extensive extension points, advanced... -
14
test.vim
Run your tests at the speed of thought
vim-test is a flexible testing runner for Vim and Neovim that provides a unified interface to execute tests across many languages and frameworks from inside the editor. It abstracts differences between tools so you can run nearest test, current file, last test, or entire suite with consistent commands and mappings. The plugin auto-detects supported test frameworks based on project files and adapts its strategy accordingly. -
15
OWASP Mobile Application Security
Manual for mobile app security testing and reverse engineering
The OWASP Mobile Application Security (MAS) flagship project provides a security standard for mobile apps (OWASP MASVS) and a comprehensive testing guide (OWASP MASTG) that covers the processes, techniques, and tools used during a mobile app security test, as well as an exhaustive set of test cases that enables testers to deliver consistent and complete results. MAS Advocates are industry adopters of the OWASP MASVS and MASTG who have invested a significant and consistent amount of resources to push the project forward by providing consistent high-impact contributions and continuously spreading the word. -
16
Appium
Automation for iOS, Android, and Windows Apps
...It drives iOS, Android, and Windows apps using the WebDriver protocol. Is native app automation missing from your tool belt? Problem solved. Appium is built on the idea that testing native apps shouldn't require including an SDK or recompiling your app. And that you should be able to use your preferred test practices, frameworks, and tools. Appium is an open source project and has made design and tool decisions to encourage a vibrant contributing community. Appium aims to automate any mobile app from any language and any test framework, with full access to back-end APIs and DBs from test code. ... -
17
Concurrent Ruby
Modern concurrency tools including agents, futures, promises, etc.
Modern concurrency tools including agents, futures, promises, thread pools, supervisors, and more. Inspired by Erlang, Clojure, Scala, Go, Java, JavaScript, and classic concurrency patterns. Concurrent Ruby is an 'unopinionated' toolbox that provides useful utilities without debating which is better or why. It remains free of external gem dependencies. It stays true to the spirit of the languages providing inspiration, but implements in a way that makes sense for Ruby. Keeps the semantics as... -
18
Loki
Visual Regression Testing for Storybook
There are a few visual regression tools for the web, but most either cannot be run headless or use phantomjs which is deprecated and a browser nobody is actually using. They usually also require you to maintain fixtures. With react-native it's now possible to target multiple platforms with a single code base, but there's no single tool to test all to my knowledge. Loki aims to have easy setup, no to low maintenance cost, reproducible tests independent of which OS they are run on, runnable on... -
19
Docker-Android
Android in docker solution with noVNC supported and video recording
Docker-Android is a docker image built to be used for everything related to mobile website testing and Android project. You can use cadvisor combined with influxdb / Prometheus and grafana if needed to monitor each running container. Docker-Android are being used by 100+ countries around the world. noVNC to see what happen inside docker container. Emulator for different devices/skins, such as Samsung Galaxy S6, LG Nexus 4, HTC Nexus One and more. Ability to connect to Selenium Grid. Ability... -
20
gh-ost
GitHub's online schema migrations for MySQL
gh-ost is a triggerless online schema migration solution for MySQL. It is testable and provides pausability, dynamic control/reconfiguration, auditing, and many operational perks. gh-ost produces a light workload on the master throughout the migration, decoupled from the existing workload on the migrated table. It has been designed based on years of experience with existing solutions, and changes the paradigm of table migrations. All existing online-schema-change tools operate in similar... -
21
Trivy
Find vulnerabilities, misconfigurations, secrets, SBOM in containers
Trivy is the most popular open source security scanner, reliable, fast, and easy to use. Use Trivy to find vulnerabilities & IaC misconfigurations, SBOM discovery, Cloud scanning, Kubernetes security risks,and more. Trivy is praised by professionals from organizations worldwide. Are you a Trivy fan as well? We’d love to hear from you! Trivy detects vulnerabilities from a wide array of operating systems and programming languages, across different versions, and vulnerability sources. Detect... -
22
Playbook
A library for isolated developing UI components
...This allows you to not only review UI quickly but also deliver more robust designs by separating business logics out of components. Besides, snapshots of each component can be automatically generated by unit tests, and visual regression testing can be performed using arbitrary third-party tools. For complex modern app development, it’s important to catch UI changes more sensitively and keep improving them faster. With the Playbook, you don't have to struggle through preparing the data and spend human resources for manual testings. -
23
gotests
Automatically generate Go test boilerplate from your source code
gotests makes writing Go tests easy. It's a Golang command line tool that generates table-driven tests based on its target source files' function and method signatures. Any new dependencies in the test files are automatically imported. From the commandline, gotests can generate Go tests for specific source files or an entire directory. By default, it prints its output to stdout. -
24
Cucumber
Cucumber for Ruby
It’s simple. Whether open source or commercial, our collaboration tools will boost your engineering team's performance by employing Behavior-Driven Development (BDD). And with our world-class training, take it to places it’s never been. Cucumber is a tool for running automated tests written in plain language. Because they're written in plain language, they can be read by anyone on your team. Because they can be read by anyone, you can use them to help improve communication, collaboration and... -
25
APIAuto
The most advanced tool for HTTP API
The most powerful and easy-to-use HTTP interface tool for agile development, machine learning zero-code testing, code generation and static inspection, document generation and cursor suspension comments. A one-stop experience integrating documentation, testing, mocking, debugging, and management, as well as efficient and easy-to-use shortcut keys such as one-key formatting, commenting/uncommenting, etc. In terms of common functions, it far exceeds Postman, Swagger, YApi and other open-source and commercial API documentation/testing tools, and can import use cases and documents with one click. ...
