Open Source Penetration Testing Tools

Browse free open source Penetration Testing tools and projects below. Use the toggles on the left to filter open source Penetration Testing tools by OS, license, language, programming language, and project status.

  • Managed MySQL, PostgreSQL, and SQL Databases on Google Cloud Icon
    Managed MySQL, PostgreSQL, and SQL Databases on Google Cloud

    Get back to your application and leave the database to us. Cloud SQL automatically handles backups, replication, and scaling.

    Cloud SQL is a fully managed relational database for MySQL, PostgreSQL, and SQL Server. We handle patching, backups, replication, encryption, and failover—so you can focus on your app. Migrate from on-prem or other clouds with free Database Migration Service. IDC found customers achieved 246% ROI. New customers get $300 in credits plus a 30-day free trial.
    Try Cloud SQL Free
  • Our Free Plans just got better! | Auth0 Icon
    Our Free Plans just got better! | Auth0

    With up to 25k MAUs and unlimited Okta connections, our Free Plan lets you focus on what you do best—building great apps.

    You asked, we delivered! Auth0 is excited to expand our Free and Paid plans to include more options so you can focus on building, deploying, and scaling applications without having to worry about your security. Auth0 now, thank yourself later.
    Try free now
  • 1
    A client-server multithreaded application for bruteforce cracking passwords. The more clients connected, the faster the cracking. Plugin-based. Supports only RAR passwords at the moment and only with encrypted filenames.
    Leader badge
    Downloads: 207 This Week
    Last Update:
    See Project
  • 2
    BerserkArch

    BerserkArch

    A bleeding-edge, security-centric Arch-based Linux distribution.

    BerserkArch is a security-focused, performance-tuned Linux operating system (OS) based on Arch Linux, designed for developers, hackers, and technical users. A bleeding-edge, security-centric Arch-based Linux distribution crafted for hackers, developers, and nerds alike. Following the Arch Linux philosophy, it is designed to be highly customizable, allowing users to build their environment with only the components they need, rather than having a lot of pre-installed software like some other security distributions (e.g., Kali Linux). As an Arch-based distribution, it benefits from the rolling release model, providing users with the latest software versions and kernel updates. BerserkArch is a dist "designed to make you powerful" for specific use cases like reverse-engineering binaries and automating exploits, rather than being an easy-to-use distribution for general beginners.
    Leader badge
    Downloads: 54 This Week
    Last Update:
    See Project
  • 3
    Inguma is a free penetration testing and vulnerability discovery toolkit entirely written in python. Framework includes modules to discover hosts, gather information about, fuzz targets, brute force usernames and passwords, exploits, and a disassembl
    Downloads: 6 This Week
    Last Update:
    See Project
  • 4
    Hash Cracker is an application developed in java swings that allows a user to crack MD2, MD5, SHA-1,SHA-256,SHA-384,SHA-512 hashes either using brute force or using wordlists of the user's choice based on the users choice.
    Downloads: 4 This Week
    Last Update:
    See Project
  • Enterprise-grade ITSM, for every business Icon
    Enterprise-grade ITSM, for every business

    Give your IT, operations, and business teams the ability to deliver exceptional services—without the complexity.

    Freshservice is an intuitive, AI-powered platform that helps IT, operations, and business teams deliver exceptional service without the usual complexity. Automate repetitive tasks, resolve issues faster, and provide seamless support across the organization. From managing incidents and assets to driving smarter decisions, Freshservice makes it easy to stay efficient and scale with confidence.
    Try it Free
  • 5
    CookieMonster that demonstrates HTTP session hijacking attacks. It sniff your network interface and hijack all cookie. The hijacked cookies can be edit and/or injected in your Firefox. It include a arp poisoning tool.
    Downloads: 2 This Week
    Last Update:
    See Project
  • 6
    Password Cracker
    Crack the encrypted passwords (MD5,SHA, etc....)
    Downloads: 4 This Week
    Last Update:
    See Project
  • 7
    Break The Security Linux

    Break The Security Linux

    Break The Security Linux is a Penetration testing OS based on Ubuntu

    Break The Security Linux is a Penetration testing OS based on Ubuntu 12.04. It has friendly user interface and latest penetration testing tools.
    Downloads: 2 This Week
    Last Update:
    See Project
  • 8

    Vigenere Dictionary Attack

    Vigenere brute force / dictionary cracking tool

    This is a tool that uses a combination between a brute force and dictionary attack on a Vigenere cipher. At present, keys are generated using brute force (will soon try passwords generated from a dictionary first). Each key is then used to decode the encoded message input. The output is analysed and then put into a ranking table. Outputs will be ranked on a variety of factors (at present, only number of dictionary words in output are counted). For the future: Better key generation, trying combinations of dictionary words with numbers. If that fails, brute force will be used. For all attempts of the dictionary attack, only keys within the known key length range will be generated. Better ranking system and analysis of possible decoded messages. Note: The version currently released, I made in an evening! It is nowhere near ready for release but is a fun project to think about and I need more ideas for improvements mentioned above. Discuss possible solutions and ideas!
    Downloads: 2 This Week
    Last Update:
    See Project
  • 9
    Brute is a brute force hash cracker, it allows the user to specify how many threads he want running simultaneously. It is fast, and modular, all the hash algorithm dependent code lies in a module (a shared library). Modules available: MD5; SHA256; SHA512
    Downloads: 2 This Week
    Last Update:
    See Project
  • MongoDB Atlas runs apps anywhere Icon
    MongoDB Atlas runs apps anywhere

    Deploy in 115+ regions with the modern database for every enterprise.

    MongoDB Atlas gives you the freedom to build and run modern applications anywhere—across AWS, Azure, and Google Cloud. With global availability in over 115 regions, Atlas lets you deploy close to your users, meet compliance needs, and scale with confidence across any geography.
    Start Free
  • 10
    Brute Force Search Cube Solver
    BFS-CS uses a brute force search to solve a given rubiks cube. It aims at finding the shortest solve possible. The tool provides a cube editor using OpenGL.
    Downloads: 1 This Week
    Last Update:
    See Project
  • 11
    cracking-actions

    cracking-actions

    a bruteforcer that can crack variety of files such as zip,rar & more

    cracking-actions is an open source software that allows you to crack passwords, files, etc... ,it targets windows and linux
    Downloads: 1 This Week
    Last Update:
    See Project
  • 12
    BRUTALIS - BRUTeforce ALternative Is Stupid. Brutalis generate brute force passwords. It can be integrated in any command line for an attack and support resume, character panel, minimum and maximum length, special separating characters and more.
    Downloads: 0 This Week
    Last Update:
    See Project
  • 13
    Corazones Web Toolbox es una compilación de herramientas para realizar auditorías de seguridad informática. Entre sus herramientas incluye: | MAC spoofing | Admin panel Finder | Port scanner | MD5 multi search | Metasploit web launcher | etc...
    Downloads: 0 This Week
    Last Update:
    See Project
  • 14

    CrunchPwn

    Lightweight Debian Based Pen Testing Linux Distro

    #Pwn Linux (pronounced CrunchPwn) is a penetration testing repository/addition for CrunchBang Linux. The packages also work with any Debian Wheezy compliant system. Default themes are built specifically for OpenBox, but feel free to submit themes for various windows managers. Pull requests are gladly accepted, and requests for tools can be made by opening an issue on github or on sourceforge.
    Downloads: 0 This Week
    Last Update:
    See Project
  • 15
    DENRIT

    DENRIT

    Perform anonymous and non-anonymous pentesting.

    DENRIT allows remote administration of anonymous networks (TOR, I2P and FreeNet). Also, contains a pentesting module to execute commands using a selected anonymous network, pentesting with TOR or TCP Follows a client/server model with well-defined communication interfaces. SSH is used to allow remote clients to access the machine and manage any anonymous network that is installed there, plus allows penetration testing anonymously (or non-anonymously) using tools such as Metasploit Framework, nmap, nikto, among others. The list of supported applications will grow as the project progresses. Until now, this project is under development and is very unstable (and some features aren't included). But I've been developing constantly and I think that soon this software will become stable and very useful to pentesters, hackers and researchers (I hope so!) Well, you can see the wiki page and the presentation exposed in the download section if you want more information about this project.
    Downloads: 0 This Week
    Last Update:
    See Project
  • 16
    DNScat is a "swiss-army knife" tool to tunnel traffic through DNS servers. It is a small, yet powerfull tool, similar to netcat. In conjunction with PPP server, it allows to build a VPN using DNS packets. DNScat is a useful tool for penetration testing.
    Downloads: 0 This Week
    Last Update:
    See Project
  • 17
    GPP is a General Purpose Proxy Java graphical application intended mainly for packet inspection and modification. It's main idea is to be a little user-friendly portable man-in-the-middle tool for security analysis. Later, some protocols should be added
    Downloads: 0 This Week
    Last Update:
    See Project
  • 18
    HTTPBrute is used to calculate HTTP Digest Access Authentication as per RFC 2617. The tool will be able to perform brute force attacks to retrieve a lost password for a given Authentication response. MD5 is the only hashing algorithm implemented.
    Downloads: 0 This Week
    Last Update:
    See Project
  • 19
    HumanSudokuSolver is intended to solve Sudoku puzzles in a way human beings would do (non brute force). It currently solves most of the puzzles I tried and can output a step-by-step solution. Developers who want to contribute are welcome!
    Downloads: 0 This Week
    Last Update:
    See Project
  • 20
    Hyenae.Net

    Hyenae.Net

    Advanced Data Generator

    Hyenae.Net is an advanced data generator and the successor of Hyenae. Hyenae.Net allows you to set up and dispatch custom data streams and can be used to simulate almost any network or data protocol including checksums and data field randomizaion.
    Downloads: 0 This Week
    Last Update:
    See Project
  • 21
    Brute Force traduction of alexandria to spanish
    Downloads: 0 This Week
    Last Update:
    See Project
  • 22
    The Leviathan Auditor is an enumeration and penetration testing tool which runs on and against Microsoft machines. It dumps Users, Groups, Services, Shares, Transport devices and MAC addresses over port 139 or 445. It enumerates RPC portmapper entries ove
    Downloads: 0 This Week
    Last Update:
    See Project
  • 23
    md5 hash bruteforce for MPI clusters with mpich2 architecture
    Downloads: 0 This Week
    Last Update:
    See Project
  • 24

    Mjolnir

    Java code for brute forcing keystore certificates

    Mjölnir is a a java-based brute force algorithm for obtaining keystore passwords by brute force. It is multi-threaded
    Downloads: 0 This Week
    Last Update:
    See Project
  • 25
    Our idea is to deploy a society of computational agents that collaborate in order to achieve the shared goal of decrypting a chunk of ciphertext or recovering a password from an hash by means of a dictionary-based attack.
    Downloads: 0 This Week
    Last Update:
    See Project
  • Previous
  • You're on page 1
  • 2
  • Next
MongoDB Logo MongoDB