12 Open Source Penetration Testing Tools

Back in the day, hacking was incredibly difficult and required a lot of manual work. Today, however, a suite of automated testing tools allows penetration testers to accomplish more testing with greater ease than ever before.

Here are 12 open source penetration testing tools that help penetration testers do their jobs faster, better and smarter.


AutoFunkt is a Python script for automating the creation of serverless cloud redirectors from Cobalt Strike's extensible C2 profile.


C2concealer is a command line tool that generates randomized C2 scalable profiles for use in Cobalt Strike.

Dig Dug

Dig Dug works by appending words from a dictionary to an executable file. The dictionary is appended repeatedly until the final desired executable size is reached. Some AV and EDR engines may measure entropy to determine if the executable is worth executing. Other vendor tools check the executable for signs of empty byte padding.


dumpCake dumps password authentication attempts to the SSH daemon. Each SSHD child process will be attached to that process and the attempted password and connection logs will be dumped to the script when the process completes.


EyeWitness takes screenshots of websites, collects server header information, and identifies default credentials where possible. In large tests, this tool can save penetration testers a lot of time in their website categorization efforts. Penetration testers often use this tool when sifting through a long list of websites.

EDD-Enumerate Domain Data

EDD (Enumerate Domain Data) is similar in design to PowerView, but it runs in a . PowerView is essentially the ultimate domain enumeration tool. The tool does this in large part by looking at different implementations of functionality in existing projects and combining them into EDD.

GPP Deception

The GPP Deception script generates a groups.xml file that can mimic a real GPP in order to create new users on computers joining the domain. Blue team testers can use this file as a honeypot file. By monitoring access to the honeysource file, Blue Team can detect GPP files containing usernames and cpasswords scanned by penetration testers or malicious actors as they move laterally.


Just-Metadata is a tool that collects and analyzes metadata about IP addresses. It attempts to find relationships between systems in a large dataset. It is used to passively gather large amounts of IP address-related intelligence information and attempt to infer hidden relationships.


ProxmarkWrapper is a wrapper around the Proxmark3 client that will send text alerts and/or emails if RFID cards are captured.


Wappybird is a multi-threaded Wappalyzer command line tool for finding web technologies with optional CSV output. Users can also set up a directory to save all crawled data in subfolders on each host.


WMImplant is a PowerShell-based tool that utilizes WMI to perform operations on a target computer and also acts as a C2 channel for issuing commands and receiving results. WMImplant requires local administrator privileges on the target computer.


WMIOps is a powershell script that uses WMI to perform various operations on a local or remote host in a Windows environment. It is primarily used for penetration testing or red team engagements.