12 Open Source Penetration Testing Tools
Back in the day, hacking was incredibly difficult and required a lot of manual work. Today, however, a suite of automated testing tools allows penetration testers to accomplish more testing with greater ease than ever before.
Here are 12 open source penetration testing tools that help penetration testers do their jobs faster, better and smarter.
AutoFunkt
AutoFunkt is a Python script for automating the creation of serverless cloud redirectors from Cobalt Strike's extensible C2 profile.
https://github.com/RedSiege/AutoFunkt
C2concealer
C2concealer is a command line tool that generates randomized C2 scalable profiles for use in Cobalt Strike.
https://github.com/RedSiege/C2concealer
Dig Dug
Dig Dug works by appending words from a dictionary to an executable file. The dictionary is appended repeatedly until the final desired executable size is reached. Some AV and EDR engines may measure entropy to determine if the executable is worth executing. Other vendor tools check the executable for signs of empty byte padding.
https://github.com/RedSiege/DigDug
dumpCake
dumpCake dumps password authentication attempts to the SSH daemon. Each SSHD child process will be attached to that process and the attempted password and connection logs will be dumped to the script when the process completes.
https://github.com/brandonscholet/dumpCake
EyeWitness
EyeWitness takes screenshots of websites, collects server header information, and identifies default credentials where possible. In large tests, this tool can save penetration testers a lot of time in their website categorization efforts. Penetration testers often use this tool when sifting through a long list of websites.
https://github.com/RedSiege/EyeWitness
EDD-Enumerate Domain Data
EDD (Enumerate Domain Data) is similar in design to PowerView, but it runs in a . PowerView is essentially the ultimate domain enumeration tool. The tool does this in large part by looking at different implementations of functionality in existing projects and combining them into EDD.
https://github.com/RedSiege/EDD
GPP Deception
The GPP Deception script generates a groups.xml file that can mimic a real GPP in order to create new users on computers joining the domain. Blue team testers can use this file as a honeypot file. By monitoring access to the honeysource file, Blue Team can detect GPP files containing usernames and cpasswords scanned by penetration testers or malicious actors as they move laterally.
https://github.com/RedSiege/GPPDeception
Just-Metadata
Just-Metadata is a tool that collects and analyzes metadata about IP addresses. It attempts to find relationships between systems in a large dataset. It is used to passively gather large amounts of IP address-related intelligence information and attempt to infer hidden relationships.
https://github.com/RedSiege/Just-Metadata
ProxmarkWrapper
ProxmarkWrapper is a wrapper around the Proxmark3 client that will send text alerts and/or emails if RFID cards are captured.
https://github.com/RedSiege/ProxmarkWrapper
Wappybird
Wappybird is a multi-threaded Wappalyzer command line tool for finding web technologies with optional CSV output. Users can also set up a directory to save all crawled data in subfolders on each host.
https://github.com/brandonscholet/wappybird
WMIplant
WMImplant is a PowerShell-based tool that utilizes WMI to perform operations on a target computer and also acts as a C2 channel for issuing commands and receiving results. WMImplant requires local administrator privileges on the target computer.
https://github.com/RedSiege/WMImplant
WMIOps
WMIOps is a powershell script that uses WMI to perform various operations on a local or remote host in a Windows environment. It is primarily used for penetration testing or red team engagements.
https://github.com/RedSiege/WMIOps
