Search Results for "penetration testing tools"
Sort By:
Showing 313 open source projects for "penetration testing tools"
View related business solutions-
Custom VMs From 1 to 96 vCPUs With 99.95% UptimeLive migration and automatic failover keep workloads online through maintenance. One free e2-micro VM every month.
-
AI-generated apps that pass security reviewRetool lets you generate dashboards, admin panels, and workflows directly on your data. Type something like “Build me a revenue dashboard on my Stripe data” and get a working app with security, permissions, and compliance built in from day one. Whether on our cloud or self-hosted, create the internal software your team needs without compromising enterprise standards or control.
-
1
ZAP
The OWASP ZAP core project
The OWASP Zed Attack Proxy (ZAP) is one of the world’s most popular free security tools and is actively maintained by a dedicated international team of volunteers. It can help you automatically find security vulnerabilities in your web applications while you are developing and testing your applications. It's also a great tool for experienced pentesters to use for manual security testing. ZAP is an easy to use integrated penetration testing tool for finding vulnerabilities in web applications. ... -
2
PEASS-ng
Privilege Escalation Awesome Scripts SUITE
These tools search for possible local privilege escalation paths that you could exploit and print them to you with nice colors so you can recognize the misconfigurations easily. All the scripts/binaries of the PEAS suite should be used for authorized penetration testing and/or educational purposes only. Any misuse of this software will not be the responsibility of the author or of any other collaborator. -
3
Commando VM
Complete Mandiant Offensive VM (Commando VM)
Commando VM (by Mandiant) is a Windows-based offensive security / red-team distribution built to turn a fresh Windows installation into a fully featured penetration testing environment. It provides an automated installer (PowerShell script) that uses Chocolatey, Boxstarter, and MyGet package feeds to download, install, and configure dozens (100+ / 170+ depending on version) of offensive, fuzzing, enumeration, and exploitation tools. The idea is to spare testers the repetitive work of hand-installing dozens of windows tools, dependencies, and configurations. ... -
4
Pacu
The AWS exploitation framework, designed for testing security
Pacu (named after a type of Piranha in the Amazon) is a comprehensive AWS security-testing toolkit designed for offensive security practitioners. While several AWS security scanners currently serve as the proverbial “Nessus” of the cloud, Pacu is designed to be the Metasploit equivalent. Written in Python 3 with a modular architecture, Pacu has tools for every step of the pen testing process, covering the full cyber kill chain. -
Gemini 3 and 200+ AI Models on One PlatformBuild generative AI apps with Vertex AI. Switch between models without switching platforms.
-
5
CDK
Make security testing of K8s, Docker, and Containerd easier
CDK is an open-sourced container penetration toolkit, designed for offering stable exploitation in different slimmed containers without any OS dependency. It comes with useful net-tools and many powerful PoCs/EXPs and helps you to escape container and take over K8s cluster easily. -
6
Hoverfly
Lightweight service virtualization/ API simulation / API mocking tool
Hoverfly is a lightweight, open source API simulation tool. Using Hoverfly, you can create realistic simulations of the APIs your application depends on. Replace unreliable test systems and restrictive API sandboxes with high-performance simulations in seconds. Run on MacOS, Windows or Linux, or use native Java or Python language bindings to get started quickly. Simulate API latency or failure when required by writing custom scripts in the language of your choice. -
7
One-Lin3r
Gives you one-liners that aids in penetration testing operations
One-Lin3r is a modular and lightweight penetration testing framework designed to provide security professionals with a centralized collection of one-liner commands for a wide range of offensive security tasks. It focuses on simplifying the execution of complex commands by organizing them into categorized modules, allowing users to quickly access and deploy payloads without manually searching or crafting them. -
8
sqlmap
Automatic SQL injection and database takeover tool
sqlmap is a powerful, feature-filled, open source penetration testing tool. It makes detecting and exploiting SQL injection flaws and taking over the database servers an automated process. sqlmap comes with a great range of features that along with its powerful detection engine make it the ultimate penetration tester. It offers full support for MySQL, Oracle, PostgreSQL, Microsoft SQL Server, Microsoft Access, IBM DB2, SQLite, Firebird, and many other database management systems. ... -
9
Allure Report
Flexible, lightweight multi-language test reporting tool
Allure Report is a flexible, lightweight multi-language test reporting tool. It provides clear graphical reports and allows everyone involved in the development process to extract the maximum of information from the everyday testing process. Allure Report is a flexible multi-language test report tool to show you a detailed representation of what has been tested end extract max from the everyday execution of tests. Allure Report is capable to build unified reports for dozens of testing tools across eleven programming languages on several CI/CD systems. -
Fully Managed MySQL, PostgreSQL, and SQL ServerCloud SQL handles your database ops end to end, so you can focus on your app.
-
10
K8tools
Security- and exploitation-oriented utilities and proof-of-concepts
K8tools is a large, curated GitHub repository collecting dozens (hundreds) of security- and exploitation-oriented utilities, proof-of-concepts, and payloads aimed at penetration testing, privilege escalation, and vulnerability exploitation. The project bundles exploits for many well-known CVEs, remote get-shell scripts, local privilege-escalation helpers, credential-harvesting utilities, scanning and brute-force tools, and a variety of platform-specific binaries and archives organized into folders for quick browsing. ... -
11
SANTETIN
Santetin is a website stress test and DDOS simulation tool
Santetin is a powerful desktop application built with Electron to perform website stress tests, penetration testing simulations, DDOS attacks, and traffic jingling for testing and educational purposes. ⚠️ Disclaimer: This tool is intended for educational and testing purposes only. Do not use it against any website without explicit permission from the owner. -
12
Terratest
Go library that makes it easier to write automated tests
Terratest is a Go library that provides patterns and helper functions for testing infrastructure, with 1st-class support for Terraform, Packer, Docker, Kubernetes, AWS, GCP, and more. Create a file ending in _test.go and run tests with the go test command. E.g., go test my_test.go. Use Terratest to execute your real IaC tools (e.g., Terraform, Packer, etc.) to deploy real infrastructure (e.g., servers) in a real environment (e.g., AWS). -
13
KIF
An iOS functional testing framework
...It allows for easy automation of iOS apps by leveraging the accessibility attributes that the OS makes available for those with visual disabilities. KIF builds and performs the tests using a standard XCTest testing target. Testing is conducted synchronously in the main thread (running the run loop to force the passage of time) allowing for more complex logic and composition. This also allows KIF to take advantage of the Xcode Test Navigator, command line build tools, and Bot test reports. KIF uses undocumented Apple APIs. This is true of most iOS testing frameworks, and is safe for testing purposes, but it's important that KIF does not make it into production code, as it will get your app submission denied by Apple. ... -
14
Ansible Molecule
Molecule aids in the development and testing of Ansible roles
Molecule project is designed to aid in the development and testing of Ansible roles. Molecule provides support for testing with multiple instances, operating systems and distributions, virtualization providers, test frameworks and testing scenarios. Molecule encourages an approach that results in consistently developed roles that are well-written, easily understood and maintained. Molecule supports only the latest two major versions of Ansible (N/N-1), meaning that if the latest version is... -
15
KeepingYouAwake
Prevents your Mac from going to sleep
KeepingYouAwake is a small menu bar utility for macOS (Version 10.12 and newer) that can prevent your Mac from entering sleep mode for a predefined duration or as long as it is activated. The app is a small wrapper around Apple's caffeinate command line utility. All current versions of macOS ship with this tool by default. On a MacBook this only works as long as the lid is open. This utility will not harm your Mac because it is based on an official command line tool by Apple. Version 1.5.2... -
16
Angular CLI
Development tools and libraries specialized for Angular
Angular CLI consists of development tools and libraries specialized for Angular, allowing you to create, manage, build and test Angular projects. It is built on top of the Angular DevKit, which provides a broad set of libraries for managing, developing, deploying and analyzing your code. -
17
Fortio
Fortio load testing library, command line tool, advanced echo server
Fortio (Φορτίο) started as, and is, Istio’s load testing tool and later (2018) graduated to be its own open-source project. Fortio runs at a specified query per second (qps) and records an histogram of execution time and calculates percentiles (e.g. p99 ie the response time such as 99% of the requests take less than that number (in seconds, SI unit)). It can run for a set duration, for a fixed number of calls, or until interrupted (at a constant target QPS, or max speed/load per... -
18
Loki
Visual Regression Testing for Storybook
There are a few visual regression tools for the web, but most either cannot be run headless or use phantomjs which is deprecated and a browser nobody is actually using. They usually also require you to maintain fixtures. With react-native it's now possible to target multiple platforms with a single code base, but there's no single tool to test all to my knowledge. Loki aims to have easy setup, no to low maintenance cost, reproducible tests independent of which OS they are run on, runnable on... -
19
Appium
Automation for iOS, Android, and Windows Apps
...It drives iOS, Android, and Windows apps using the WebDriver protocol. Is native app automation missing from your tool belt? Problem solved. Appium is built on the idea that testing native apps shouldn't require including an SDK or recompiling your app. And that you should be able to use your preferred test practices, frameworks, and tools. Appium is an open source project and has made design and tool decisions to encourage a vibrant contributing community. Appium aims to automate any mobile app from any language and any test framework, with full access to back-end APIs and DBs from test code. ... -
20
Kotest
Powerful, elegant and flexible test framework for Kotlin
Kotest is a flexible and comprehensive testing tool for Kotlin with multiplatform support. Powerful, elegant, and flexible test framework for Kotlin with additional assertions, property testing, and data-driven testing. The Kotest test framework enables tests to be laid out in a fluid way and execute them on JVM, Javascript, or native platforms. With built-in coroutine support at every level, the ability to use functions such as test lifecycle callbacks, extensive extension points, advanced... -
21
Docker-Android
Android in docker solution with noVNC supported and video recording
Docker-Android is a docker image built to be used for everything related to mobile website testing and Android project. You can use cadvisor combined with influxdb / Prometheus and grafana if needed to monitor each running container. Docker-Android are being used by 100+ countries around the world. noVNC to see what happen inside docker container. Emulator for different devices/skins, such as Samsung Galaxy S6, LG Nexus 4, HTC Nexus One and more. Ability to connect to Selenium Grid. Ability... -
22
Concurrent Ruby
Modern concurrency tools including agents, futures, promises, etc.
Modern concurrency tools including agents, futures, promises, thread pools, supervisors, and more. Inspired by Erlang, Clojure, Scala, Go, Java, JavaScript, and classic concurrency patterns. Concurrent Ruby is an 'unopinionated' toolbox that provides useful utilities without debating which is better or why. It remains free of external gem dependencies. It stays true to the spirit of the languages providing inspiration, but implements in a way that makes sense for Ruby. Keeps the semantics as... -
23
gotests
Automatically generate Go test boilerplate from your source code
gotests makes writing Go tests easy. It's a Golang command line tool that generates table-driven tests based on its target source files' function and method signatures. Any new dependencies in the test files are automatically imported. From the commandline, gotests can generate Go tests for specific source files or an entire directory. By default, it prints its output to stdout. -
24
Playbook
A library for isolated developing UI components
...This allows you to not only review UI quickly but also deliver more robust designs by separating business logics out of components. Besides, snapshots of each component can be automatically generated by unit tests, and visual regression testing can be performed using arbitrary third-party tools. For complex modern app development, it’s important to catch UI changes more sensitively and keep improving them faster. With the Playbook, you don't have to struggle through preparing the data and spend human resources for manual testings. -
25
Exegol
Fully featured and community-driven hacking environment
Exegol is a community-driven hacking environment, powerful and yet simple enough to be used by anyone in day-to-day engagements. Exegol is the best solution to deploy powerful hacking environments securely, easily, and professionally. No more unstable, not-so-security-focused systems lacking major offensive tools. Kali Linux (and similar alternatives) are great toolboxes for learners, students, and junior pentesters. However professionals have different needs, and their context requires a...
