Open Source Penetration Testing Tools

A client-server multithreaded application for bruteforce cracking passwords. The more clients connected, the faster the cracking. Plugin-based. Supports only RAR passwords at the moment and only with encrypted filenames.

BerserkArch is a security-focused, performance-tuned Linux operating system (OS) based on Arch Linux, designed for developers, hackers, and technical users. A bleeding-edge, security-centric Arch-based Linux distribution crafted for hackers, developers, and nerds alike. Following the Arch Linux philosophy, it is designed to be highly customizable, allowing users to build their environment with only the components they need, rather than having a lot of pre-installed software like some other security distributions (e.g., Kali Linux). As an Arch-based distribution, it benefits from the rolling release model, providing users with the latest software versions and kernel updates. BerserkArch is a dist "designed to make you powerful" for specific use cases like reverse-engineering binaries and automating exploits, rather than being an easy-to-use distribution for general beginners.

Inguma is a free penetration testing and vulnerability discovery toolkit entirely written in python. Framework includes modules to discover hosts, gather information about, fuzz targets, brute force usernames and passwords, exploits, and a disassembl

Hash Cracker is an application developed in java swings that allows a user to crack MD2, MD5, SHA-1,SHA-256,SHA-384,SHA-512 hashes either using brute force or using wordlists of the user's choice based on the users choice.

CookieMonster that demonstrates HTTP session hijacking attacks. It sniff your network interface and hijack all cookie. The hijacked cookies can be edit and/or injected in your Firefox. It include a arp poisoning tool.

Crack the encrypted passwords (MD5,SHA, etc....)

Break The Security Linux is a Penetration testing OS based on Ubuntu 12.04. It has friendly user interface and latest penetration testing tools.

This is a tool that uses a combination between a brute force and dictionary attack on a Vigenere cipher. At present, keys are generated using brute force (will soon try passwords generated from a dictionary first). Each key is then used to decode the encoded message input. The output is analysed and then put into a ranking table. Outputs will be ranked on a variety of factors (at present, only number of dictionary words in output are counted). For the future: Better key generation, trying combinations of dictionary words with numbers. If that fails, brute force will be used. For all attempts of the dictionary attack, only keys within the known key length range will be generated. Better ranking system and analysis of possible decoded messages. Note: The version currently released, I made in an evening! It is nowhere near ready for release but is a fun project to think about and I need more ideas for improvements mentioned above. Discuss possible solutions and ideas!

Brute is a brute force hash cracker, it allows the user to specify how many threads he want running simultaneously. It is fast, and modular, all the hash algorithm dependent code lies in a module (a shared library). Modules available: MD5; SHA256; SHA512

BFS-CS uses a brute force search to solve a given rubiks cube. It aims at finding the shortest solve possible. The tool provides a cube editor using OpenGL.

cracking-actions is an open source software that allows you to crack passwords, files, etc... ,it targets windows and linux

BRUTALIS - BRUTeforce ALternative Is Stupid. Brutalis generate brute force passwords. It can be integrated in any command line for an attack and support resume, character panel, minimum and maximum length, special separating characters and more.

Corazones Web Toolbox es una compilación de herramientas para realizar auditorías de seguridad informática. Entre sus herramientas incluye: | MAC spoofing | Admin panel Finder | Port scanner | MD5 multi search | Metasploit web launcher | etc...

#Pwn Linux (pronounced CrunchPwn) is a penetration testing repository/addition for CrunchBang Linux. The packages also work with any Debian Wheezy compliant system. Default themes are built specifically for OpenBox, but feel free to submit themes for various windows managers. Pull requests are gladly accepted, and requests for tools can be made by opening an issue on github or on sourceforge.

DENRIT allows remote administration of anonymous networks (TOR, I2P and FreeNet). Also, contains a pentesting module to execute commands using a selected anonymous network, pentesting with TOR or TCP Follows a client/server model with well-defined communication interfaces. SSH is used to allow remote clients to access the machine and manage any anonymous network that is installed there, plus allows penetration testing anonymously (or non-anonymously) using tools such as Metasploit Framework, nmap, nikto, among others. The list of supported applications will grow as the project progresses. Until now, this project is under development and is very unstable (and some features aren't included). But I've been developing constantly and I think that soon this software will become stable and very useful to pentesters, hackers and researchers (I hope so!) Well, you can see the wiki page and the presentation exposed in the download section if you want more information about this project.

DNScat is a "swiss-army knife" tool to tunnel traffic through DNS servers. It is a small, yet powerfull tool, similar to netcat. In conjunction with PPP server, it allows to build a VPN using DNS packets. DNScat is a useful tool for penetration testing.

GPP is a General Purpose Proxy Java graphical application intended mainly for packet inspection and modification. It's main idea is to be a little user-friendly portable man-in-the-middle tool for security analysis. Later, some protocols should be added

HTTPBrute is used to calculate HTTP Digest Access Authentication as per RFC 2617. The tool will be able to perform brute force attacks to retrieve a lost password for a given Authentication response. MD5 is the only hashing algorithm implemented.

HumanSudokuSolver is intended to solve Sudoku puzzles in a way human beings would do (non brute force). It currently solves most of the puzzles I tried and can output a step-by-step solution. Developers who want to contribute are welcome!

Hyenae.Net is an advanced data generator and the successor of Hyenae. Hyenae.Net allows you to set up and dispatch custom data streams and can be used to simulate almost any network or data protocol including checksums and data field randomizaion.

Brute Force traduction of alexandria to spanish

The Leviathan Auditor is an enumeration and penetration testing tool which runs on and against Microsoft machines. It dumps Users, Groups, Services, Shares, Transport devices and MAC addresses over port 139 or 445. It enumerates RPC portmapper entries ove

md5 hash bruteforce for MPI clusters with mpich2 architecture

Mjölnir is a a java-based brute force algorithm for obtaining keystore passwords by brute force. It is multi-threaded

Our idea is to deploy a society of computational agents that collaborate in order to achieve the shared goal of decrypting a chunk of ciphertext or recovering a password from an hash by means of a dictionary-based attack.