Search Results for "penetration testing tools"
Sort By:
Showing 179 open source projects for "penetration testing tools"
View related business solutions-
MongoDB Atlas runs apps anywhereMongoDB Atlas gives you the freedom to build and run modern applications anywhere—across AWS, Azure, and Google Cloud. With global availability in over 115 regions, Atlas lets you deploy close to your users, meet compliance needs, and scale with confidence across any geography.
-
Forever Free Full-Stack Observability | Grafana CloudBuilt on open standards like Prometheus and OpenTelemetry, Grafana Cloud includes Kubernetes Monitoring, Application Observability, Incident Response, plus the AI-powered Grafana Assistant. Get started with our generous free tier today.
-
1
PEASS-ng
Privilege Escalation Awesome Scripts SUITE
These tools search for possible local privilege escalation paths that you could exploit and print them to you with nice colors so you can recognize the misconfigurations easily. All the scripts/binaries of the PEAS suite should be used for authorized penetration testing and/or educational purposes only. Any misuse of this software will not be the responsibility of the author or of any other collaborator. -
2
ZAP
The OWASP ZAP core project
The OWASP Zed Attack Proxy (ZAP) is one of the world’s most popular free security tools and is actively maintained by a dedicated international team of volunteers. It can help you automatically find security vulnerabilities in your web applications while you are developing and testing your applications. It's also a great tool for experienced pentesters to use for manual security testing. ZAP is an easy to use integrated penetration testing tool for finding vulnerabilities in web applications. ... -
3
Pacu
The AWS exploitation framework, designed for testing security
Pacu (named after a type of Piranha in the Amazon) is a comprehensive AWS security-testing toolkit designed for offensive security practitioners. While several AWS security scanners currently serve as the proverbial “Nessus” of the cloud, Pacu is designed to be the Metasploit equivalent. Written in Python 3 with a modular architecture, Pacu has tools for every step of the pen testing process, covering the full cyber kill chain. -
4
CDK
Make security testing of K8s, Docker, and Containerd easier
CDK is an open-sourced container penetration toolkit, designed for offering stable exploitation in different slimmed containers without any OS dependency. It comes with useful net-tools and many powerful PoCs/EXPs and helps you to escape container and take over K8s cluster easily. -
MyQ Print Management SoftwareBoost your digital or traditional workplace with MyQ’s secure print and scan solutions that respect your time and help you focus on what you do best.
-
5
Hoverfly
Lightweight service virtualization/ API simulation / API mocking tool
Hoverfly is a lightweight, open source API simulation tool. Using Hoverfly, you can create realistic simulations of the APIs your application depends on. Replace unreliable test systems and restrictive API sandboxes with high-performance simulations in seconds. Run on MacOS, Windows or Linux, or use native Java or Python language bindings to get started quickly. Simulate API latency or failure when required by writing custom scripts in the language of your choice. -
6
One-Lin3r
Gives you one-liners that aids in penetration testing operations
One-Lin3r is a modular and lightweight penetration testing framework designed to provide security professionals with a centralized collection of one-liner commands for a wide range of offensive security tasks. It focuses on simplifying the execution of complex commands by organizing them into categorized modules, allowing users to quickly access and deploy payloads without manually searching or crafting them. -
7
sqlmap
Automatic SQL injection and database takeover tool
sqlmap is a powerful, feature-filled, open source penetration testing tool. It makes detecting and exploiting SQL injection flaws and taking over the database servers an automated process. sqlmap comes with a great range of features that along with its powerful detection engine make it the ultimate penetration tester. It offers full support for MySQL, Oracle, PostgreSQL, Microsoft SQL Server, Microsoft Access, IBM DB2, SQLite, Firebird, and many other database management systems. ... -
8
Terratest
Go library that makes it easier to write automated tests
Terratest is a Go library that provides patterns and helper functions for testing infrastructure, with 1st-class support for Terraform, Packer, Docker, Kubernetes, AWS, GCP, and more. Create a file ending in _test.go and run tests with the go test command. E.g., go test my_test.go. Use Terratest to execute your real IaC tools (e.g., Terraform, Packer, etc.) to deploy real infrastructure (e.g., servers) in a real environment (e.g., AWS). -
9
Allure Report
Flexible, lightweight multi-language test reporting tool
Allure Report is a flexible, lightweight multi-language test reporting tool. It provides clear graphical reports and allows everyone involved in the development process to extract the maximum of information from the everyday testing process. Allure Report is a flexible multi-language test report tool to show you a detailed representation of what has been tested end extract max from the everyday execution of tests. Allure Report is capable to build unified reports for dozens of testing tools across eleven programming languages on several CI/CD systems. -
AI-generated apps that pass security reviewRetool lets you generate dashboards, admin panels, and workflows directly on your data. Type something like “Build me a revenue dashboard on my Stripe data” and get a working app with security, permissions, and compliance built in from day one. Whether on our cloud or self-hosted, create the internal software your team needs without compromising enterprise standards or control.
-
10
Kotest
Powerful, elegant and flexible test framework for Kotlin
Kotest is a flexible and comprehensive testing tool for Kotlin with multiplatform support. Powerful, elegant, and flexible test framework for Kotlin with additional assertions, property testing, and data-driven testing. The Kotest test framework enables tests to be laid out in a fluid way and execute them on JVM, Javascript, or native platforms. With built-in coroutine support at every level, the ability to use functions such as test lifecycle callbacks, extensive extension points, advanced... -
11
KeepingYouAwake
Prevents your Mac from going to sleep
KeepingYouAwake is a small menu bar utility for macOS (Version 10.12 and newer) that can prevent your Mac from entering sleep mode for a predefined duration or as long as it is activated. The app is a small wrapper around Apple's caffeinate command line utility. All current versions of macOS ship with this tool by default. On a MacBook this only works as long as the lid is open. This utility will not harm your Mac because it is based on an official command line tool by Apple. Version 1.5.2... -
12
Angular CLI
Development tools and libraries specialized for Angular
Angular CLI consists of development tools and libraries specialized for Angular, allowing you to create, manage, build and test Angular projects. It is built on top of the Angular DevKit, which provides a broad set of libraries for managing, developing, deploying and analyzing your code. -
13
Ansible Molecule
Molecule aids in the development and testing of Ansible roles
Molecule project is designed to aid in the development and testing of Ansible roles. Molecule provides support for testing with multiple instances, operating systems and distributions, virtualization providers, test frameworks and testing scenarios. Molecule encourages an approach that results in consistently developed roles that are well-written, easily understood and maintained. Molecule supports only the latest two major versions of Ansible (N/N-1), meaning that if the latest version is... -
14
Fortio
Fortio load testing library, command line tool, advanced echo server
Fortio (Φορτίο) started as, and is, Istio’s load testing tool and later (2018) graduated to be its own open-source project. Fortio runs at a specified query per second (qps) and records an histogram of execution time and calculates percentiles (e.g. p99 ie the response time such as 99% of the requests take less than that number (in seconds, SI unit)). It can run for a set duration, for a fixed number of calls, or until interrupted (at a constant target QPS, or max speed/load per... -
15
Docker-Android
Android in docker solution with noVNC supported and video recording
Docker-Android is a docker image built to be used for everything related to mobile website testing and Android project. You can use cadvisor combined with influxdb / Prometheus and grafana if needed to monitor each running container. Docker-Android are being used by 100+ countries around the world. noVNC to see what happen inside docker container. Emulator for different devices/skins, such as Samsung Galaxy S6, LG Nexus 4, HTC Nexus One and more. Ability to connect to Selenium Grid. Ability... -
16
gotests
Automatically generate Go test boilerplate from your source code
gotests makes writing Go tests easy. It's a Golang command line tool that generates table-driven tests based on its target source files' function and method signatures. Any new dependencies in the test files are automatically imported. From the commandline, gotests can generate Go tests for specific source files or an entire directory. By default, it prints its output to stdout. -
17
Exegol
Fully featured and community-driven hacking environment
Exegol is a community-driven hacking environment, powerful and yet simple enough to be used by anyone in day-to-day engagements. Exegol is the best solution to deploy powerful hacking environments securely, easily, and professionally. No more unstable, not-so-security-focused systems lacking major offensive tools. Kali Linux (and similar alternatives) are great toolboxes for learners, students, and junior pentesters. However professionals have different needs, and their context requires a... -
18
APIAuto
The most advanced tool for HTTP API
The most powerful and easy-to-use HTTP interface tool for agile development, machine learning zero-code testing, code generation and static inspection, document generation and cursor suspension comments. A one-stop experience integrating documentation, testing, mocking, debugging, and management, as well as efficient and easy-to-use shortcut keys such as one-key formatting, commenting/uncommenting, etc. In terms of common functions, it far exceeds Postman, Swagger, YApi and other open-source and commercial API documentation/testing tools, and can import use cases and documents with one click. ... -
19
sitespeed.io
Monitor, analyze and optimize your website speed and performance
Sitespeed.io is an open source tool that helps you monitor, analyze and optimize your website speed and performance, based on performance best practices advices from the coach and collecting browser metrics using the Navigation Timing API, User Timings and Visual Metrics (FirstVisualChange, SpeedIndex & LastVisualChange). Measuring performance shouldn’t be hard, you should be able to have full control of your metrics, own your own data and you should be able to do it without paying top... -
20
Testinfra
Testinfra test your infrastructures
With Testinfra you can write unit tests in Python to test the actual state of your servers configured by management tools like Salt, Ansible, Puppet, Chef and so on. Testinfra aims to be a Serverspec equivalent in python and is written as a plugin to the powerful Pytest test engine. By default Testinfra launches tests on the local machines, but you can also test remotes systems using paramiko. If you have a lot of tests, you can use the pytest-xdist plugin to run tests using multiple... -
21
Trivy
Find vulnerabilities, misconfigurations, secrets, SBOM in containers
Trivy is the most popular open source security scanner, reliable, fast, and easy to use. Use Trivy to find vulnerabilities & IaC misconfigurations, SBOM discovery, Cloud scanning, Kubernetes security risks,and more. Trivy is praised by professionals from organizations worldwide. Are you a Trivy fan as well? We’d love to hear from you! Trivy detects vulnerabilities from a wide array of operating systems and programming languages, across different versions, and vulnerability sources. Detect... -
22
gh-ost
GitHub's online schema migrations for MySQL
gh-ost is a triggerless online schema migration solution for MySQL. It is testable and provides pausability, dynamic control/reconfiguration, auditing, and many operational perks. gh-ost produces a light workload on the master throughout the migration, decoupled from the existing workload on the migrated table. It has been designed based on years of experience with existing solutions, and changes the paradigm of table migrations. All existing online-schema-change tools operate in similar... -
23
Cucumber
Cucumber for Ruby
It’s simple. Whether open source or commercial, our collaboration tools will boost your engineering team's performance by employing Behavior-Driven Development (BDD). And with our world-class training, take it to places it’s never been. Cucumber is a tool for running automated tests written in plain language. Because they're written in plain language, they can be read by anyone on your team. Because they can be read by anyone, you can use them to help improve communication, collaboration and... -
24
AWS SAM CLI
CLI tool to build, test, debug, and deploy Serverless applications
The AWS Serverless Application Model (SAM) CLI is an open-source CLI tool that helps you develop serverless applications containing Lambda functions, Step Functions, API Gateway, EventBridge, SQS, SNS and more. The AWS Serverless Application Model (SAM) is an open-source framework for building serverless applications. It provides shorthand syntax to express functions, APIs, databases, and event source mappings. With just a few lines per resource, you can define the application you want and... -
25
PureJS-Tools
A Javascript library to make unit test and multiple onload events
PureJS-Tools is a lightweight library to simplify some aspect code of pure javascript like the written of unit test or the manage of the onload event. Thanks to this library, you can make easily unit test to your JS code. This is a free library under the GNU General Public License version 3.0 (GPLv3). This means that you can use the PureJS-Tools in your own project, redistribute it and/or modify it under the terms of the GNU General Public License as published by the Free Software...
