12 Open Source Penetration Testing Tools
Back in the day, hacking was incredibly difficult and required a lot of manual work.
Today, however, a suite of automated testing tools allows penetration testers to
accomplish more testing with greater ease than ever before.
Here are 12 open
source penetration testing tools that help penetration testers do their jobs faster,
better and smarter.
AutoFunkt
AutoFunkt is
a Python script for automating the creation of serverless cloud redirectors from
Cobalt Strike's extensible C2 profile.
https://github.com/RedSiege/AutoFunkt
C2concealer
C2concealer is a command line
tool that generates randomized C2 scalable profiles for use in Cobalt Strike.
https://github.com/RedSiege/C2concealer
Dig Dug
Dig Dug works by appending words
from a dictionary to an executable file. The dictionary is appended repeatedly until
the final desired executable size is reached. Some AV and EDR engines may measure
entropy to determine if the executable is worth executing. Other vendor tools check
the executable for signs of empty byte padding.
https://github.com/RedSiege/DigDug
dumpCake
dumpCake dumps password
authentication attempts to the SSH daemon. Each SSHD child process will be attached
to that process and the attempted password and connection logs will be dumped to the
script when the process completes.
https://github.com/brandonscholet/dumpCake
EyeWitness
EyeWitness takes screenshots of
websites, collects server header information, and identifies default credentials
where possible. In large tests, this tool can save penetration testers a lot of time
in their website categorization efforts. Penetration testers often use this tool
when sifting through a long list of websites.
https://github.com/RedSiege/EyeWitness
EDD-Enumerate Domain Data
EDD (Enumerate
Domain Data) is similar in design to PowerView, but it runs in a . PowerView is
essentially the ultimate domain enumeration tool. The tool does this in large part
by looking at different implementations of functionality in existing projects and
combining them into EDD.
https://github.com/RedSiege/EDD
GPP Deception
The GPP Deception script
generates a groups.xml file that can mimic a real GPP in order to create new users
on computers joining the domain. Blue team testers can use this file as a honeypot
file. By monitoring access to the honeysource file, Blue Team can detect GPP files
containing usernames and cpasswords scanned by penetration testers or malicious
actors as they move laterally.
https://github.com/RedSiege/GPPDeception
Just-Metadata
Just-Metadata is a tool that
collects and analyzes metadata about IP addresses. It attempts to find relationships
between systems in a large dataset. It is used to passively gather large amounts of
IP address-related intelligence information and attempt to infer hidden
relationships.
https://github.com/RedSiege/Just-Metadata
ProxmarkWrapper
ProxmarkWrapper is a
wrapper around the Proxmark3 client that will send text alerts and/or emails if RFID
cards are captured.
https://github.com/RedSiege/ProxmarkWrapper
Wappybird
Wappybird is a multi-threaded
Wappalyzer command line tool for finding web technologies with optional CSV output.
Users can also set up a directory to save all crawled data in subfolders on each
host.
https://github.com/brandonscholet/wappybird
WMIplant
WMImplant is a PowerShell-based
tool that utilizes WMI to perform operations on a target computer and also acts as a
C2 channel for issuing commands and receiving results. WMImplant requires local
administrator privileges on the target computer.
https://github.com/RedSiege/WMImplant
WMIOps
WMIOps is a powershell script that
uses WMI to perform various operations on a local or remote host in a Windows
environment. It is primarily used for penetration testing or red team engagements.
https://github.com/RedSiege/WMIOps