Open Source Software Testing Tools

Low Orbit Ion Cannon. The project only keeps and maintains (bug fixing) the code written by the original author - Praetox, but is not associated or related to it. DISCLAIMER: USE ON YOUR OWN RISK. THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDER OR CONTRIBUTORS "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES.

DirBuster is a multi threaded java application designed to brute force directories and files names on web/application servers.

Wapiti is a vulnerability scanner for web applications. It currently search vulnerabilities like XSS, SQL and XPath injections, file inclusions, command execution, XXE injections, CRLF injections, Server Side Request Forgery, Open Redirects... It use the Python 3 programming language.

PyLoris is a scriptable tool for testing a server's vulnerability to connection exhaustion denial of service (DoS) attacks. PyLoris can utilize SOCKS proxies and SSL connections, and can target protocols such as HTTP, FTP, SMTP, IMAP, and Telnet.

The csvdatamix project aims to randomize CSV input data files in order to conceal the original state of the data. Similar to data masking or data transformation. Also has mapping abilities to translate back to the original state of the data.

PyKCS11: a complete PKCS#11 wrapper for Python, created using the SWIG compiler. API documentation: http://pkcs11wrap.sourceforge.net/api/

The BP-Tools set consist from applications supporting EFT testing, benchmarking and transaction service development. BP-Tools suite currently consists of following three components: - BP-CCALC: Cryptographic Calculator - BP-CardEdit: Thales P3 Input/Output file editor - BP-EMVT: EMV Tool - BP-HCMD: Thales HSM Commander

Pure-Java cryptographic calculator, featuring basic arithmetic operators, cryptographic operations, multiple key file formats and edition of ASN.1 object files.

Death Star is a 'multi-protocol stress testing' tool. Initially forked from LOIQ v0.3a, Death Star seeks to surpass LOIC and LOIQ in terms of performance, OS support and win.

This is is a modular, test driven website that tries to break web clients of all kind. If you are developing applications that interact with websites you might want to throw it at this website first and see if it survives.

Automated Fuzztests for JUnit

IdMUnit is an xUnit automated testing framework for Identity Management solutions.

Publish your junit test report in pdf format. Plug and Play integration. Home page: http://junitpdfreport.sourceforge.net/

A test framework for penetration testing Java classes and methods with randomized parameters and testing the results.

JAva Fault Injection and MONitoring tool

The project Jaulp is jet another utility library project written in Java. It contains utility classes for Date ,Calendar, Collections, Resources, Files, IO for Random data, and many more. This is the last version for this project.

LeakTrack provides memory leak tracking and out-of-range access checks for acquired memory blocks for you C/C++ applications on each platform.

PHPCentaur is a PHP5 driven exploit scanner for webservers. Scope of the project: -SQL exploits, Cros site scripting vulnerabilities, Remote code injection, Encoding vulnerabilities, Session based attacks. And more...

PTestUnt is a unit based framework for testing web application vulnerabiltites. Requires ANT, JUnit and HttpUnit.

Proxy Tester is a proxy list tester and then it generates a wpad.dat file you can use for your browser based on working servers. wpad.dat file selects a random proxy server from the list of provided working proxy servers with each connection request.

SPIZD stands for Stress Probing Invasive Zap Destructor; it's a command-line stress test tool used to determine how many simultaneous (concurrent) connections servers can handle. Protocols: http, pop3, pop3s, imap, imaps, smtp, smtps, ssh, radius.

SecFlow - Secure Flow Analyzation for Java and .NET

VoIPER is a VoIP security testing toolkit incorporating several VoIP fuzzers and auxilliary tools to assist the auditor. It can currently generate over 200,000 SIP tests and H.323/IAX modules are in development. It's also a damn cool project name ;)

Vulnerawa stands for vulnerable web application, though I think it should be renamed Vulnerable website. Unlike other vulnerable web apps, this application strives to be close to reality as possible. To know more about Vulnerawa, go here https://www.hackercoolmagazine.com/vulnerawa-vulnerable-web-app-for-practice/ See how to setup Vulnerawa in Wamp server. https://www.hackercoolmagazine.com/how-to-setup-vulnerawa-in-wamp-server/ To see how to set up a web app pen testing lab with Vulnerawa. https://www.hackercoolmagazine.com/how-to-create-a-web-application-pentest-lab/