Open Source Java Penetration Testing Tools
Sort By:
Java Penetration Testing Tools
View 121 business solutionsBrowse free open source Java Penetration Testing Tools and projects below. Use the toggles on the left to filter open source Java Penetration Testing Tools by OS, license, language, programming language, and project status.
-
Passwordless Authentication and Passwordless SecurityIt’s no secret — passwords can be a real headache, both for the people who use them and the people who manage them. Over time, we’ve created hundreds of passwords, it’s easy to lose track of them and they’re easily compromised. Fortunately, passwordless authentication is becoming a feasible reality for many businesses. Duo can help you get there.
-
Comprehensive Cybersecurity to Safeguard Your Organization | SOCRadarProtect your organization from cyber threats with SOCRadar’s cutting-edge threat intelligence. Gain 360° visibility into your digital assets, monitor the dark web, and stay ahead of hackers with real-time insights. Start for free and transform your cybersecurity today.
-
1
ophcrack
A Windows password cracker based on rainbow tables
Ophcrack is a Windows password cracker based on a time-memory trade-off using rainbow tables. This is a new variant of Hellman's original trade-off, with better performance. It recovers 99.9% of alphanumeric passwords in seconds. -
2
ZAP
The OWASP ZAP core project
The OWASP Zed Attack Proxy (ZAP) is one of the world’s most popular free security tools and is actively maintained by a dedicated international team of volunteers. It can help you automatically find security vulnerabilities in your web applications while you are developing and testing your applications. It's also a great tool for experienced pentesters to use for manual security testing. ZAP is an easy to use integrated penetration testing tool for finding vulnerabilities in web applications. It is designed to be used by people with a wide range of security experience and as such is ideal for developers and functional testers who are new to penetration testing. ZAP provides automated scanners as well as a set of tools that allow you to find security vulnerabilities manually. It stands between the tester’s browser and the web application so that it can intercept and inspect messages sent between browser and web application. -
3
DirBuster is a multi threaded java application designed to brute force directories and files names on web/application servers.
-
4
Web Security Dojo
Virtual training environment to learn web app ethical hacking.
Web Security Dojo is a virtual machine that provides the tools, targets, and documentation to learn and practice web application security testing. A preconfigured, stand-alone training environment ideal for classroom and conferences. No Internet required to use. Ideal for those interested in getting hands-on practice for ethical hacking, penetration testing, bug bounties, and capture the flag (CTF). A single OVA file will import into VirtualBox and VMware. There is also an Ansible script for those brave souls that want transform their stock Ubuntu into a virtual dojo. Bow to your sensei! username: dojo password: dojo -
Our Free Plans just got better! | Auth0 by OktaYou asked, we delivered! Auth0 is excited to expand our Free and Paid plans to include more options so you can focus on building, deploying, and scaling applications without having to worry about your security. Auth0 now, thank yourself later.
-
5
JPassword Recovery Tool
Password recovery tool for compressed archives and md5, sha-1/2 hashes
This is a simple but sophisticated open source password recovery tool for M$ Windows, it can effectively 'crack' any password protected archive that can be decompressed by 7zip given enough time and resources. It can also bruteforce MD2, MD5, SHA-1 and SHA-2 hashes (SHA-256, SHA-384, SHA-512), CRC16, CRC32, CRC64 and Adler32 hashed passwords for both Windows, and Linux. It requires java 7u4 and above, and 7-zip v9.20 and up for archive recovery. Keeping these above applications up to date ensures peak performance. if you have any ideas, bugs, tips/improvements and/or suggestions please dont hesitate to contact me NB AS OF V1.07 PLEASE MAKE SURE 'resources' FOLDER IS IN THE SAME DIRECTORY AS THE JPasswordRecoveryTool.jar Known Bugs(v1.09): -although md2 was selceted by default for hash recovery if you did not slected another value and reselect md2 it would use md5 by default -
6
Proxyee
HTTP proxy server,support HTTPS & websocket
Proxyee is a JAVA-written HTTP proxy server library that supports HTTP, HTTPS, and WebSocket protocols, and supports MITM (Man-in-the-middle), which can capture and tamper with HTTP, and HTTPS packets. The CA certificate (src/resources/ca.crt) from the project needs to be imported to a trusted root certificate authority. The CA certificate (src/resources/ca.crt) from the project needs to be imported to a trusted root certificate authority. You can use the CertDownIntercept interceptor to enable the web certificate download feature. -
7
Cracx
simple and light-weight archive password cracker
Cracx allows you to crack archive passwords of any encryption using 7-zip, WinRAR or a custom command, via Brute Force or Dictionary attack. Note: You must NOT use this program with files you don't have the rights to extract/open/use them! Currently, the program requires a current version of either 7-zip or WinRAR to be installed, but you can also use it to bruteforce basically anything that is executably via command-line with custom parameters. On an i7 CPU, it runs approximately 30 combination tests per second. Feel free to make suggestions or contribute by implementing features and translating the tool into your native language! -
8
Droid Pentest help you to find all android apps for penetration testing and hacking so you can make complete penetration test platform .
-
9
jsql-injection
jSQL Injection is a Java application for automatic SQL database injec
jSQL project has moved to https://github.com/ron190/jsql-injection jSQL Injection is a lightweight application used to find database information from a distant server. It is free, open source and cross-platform (Windows, Linux, Mac OS X). Kali Linux logo jSQL Injection is also part of the official penetration testing distribution Kali Linux and is included in distributions like Pentest Box, Parrot Security OS, ArchStrike or BlackArch Linux. -
Our Free Plans just got better! | Auth0 by OktaYou asked, we delivered! Auth0 is excited to expand our Free and Paid plans to include more options so you can focus on building, deploying, and scaling applications without having to worry about your security. Auth0 now, thank yourself later.
-
10
Hcon Security Testing Framework
Open Source Penetration Testing / Ethical Hacking Framework
HconSTF is Open Source Penetration Testing Framework based on different browser technologies, Which helps any security professional to assists in the Penetration testing or vulnerability scanning assessments.contains webtools which are powerful in doing xss(cross site scripting), Sql injection, siXSS, CSRF, Trace XSS, RFI, LFI, etc. Even useful to anybody interested in information security domain - students, Security Professionals,web developers, manual vulnerability assessments and much more. -
11
OWASP Security Shepherd
Web and mobile application security awareness/training platform
The OWASP Security Shepherd project enables users to learn or to improve upon existing manual penetration testing skills. Utilizing the OWASP top ten as a challenge test bed, common security vulnerabilities can be explored and their impact on a system understood. The by-product of this challenge game is the acquired skill to harden a player's own environment from OWASP top ten security risks. The modules have been crafted to provide not only a challenge for a security novice, but security professionals as well. If you'd like to download the V3.0 VM, you can download it from github: https://github.com/OWASP/SecurityShepherd/releases/tag/v3.0 Try it live: https://owasp.securityshepherd.eu Raise issues here: https://github.com/markdenihan/owaspSecurityShepherd/issues More Info here: https://www.owasp.org/index.php/OWASP_Security_Shepherd -
12
WSFuzzer is a fuzzing penetration testing tool used against HTTP SOAP based web services. It tests numerous aspects (input validation, XML Parser, etc) of the SOAP target. It is only to be used against targets that have granted permission to be teste
-
13
Tetris Puzzle Solver
Fills a rectangle using given tetris shapes
Fills a rectangle using given tetris shapes (tetraminos) using an optimized brute force algorithm. A puzzle can have many different solutions; this solver will stop at the first one. Not all puzzles are solveable. Created to solve the annoying tetris puzzles in The Talos Principle and Sigils of Elohim. -
14
InsecureWebApp is a web app that includes common web application vulnerabilities including SQL&Html Injection- see owasp.org. It is a target for automated and manual penetration testing, source code analysis, vulnerability assessments and threat modeling.
-
15
Hash Cracker is an application developed in java swings that allows a user to crack MD2, MD5, SHA-1,SHA-256,SHA-384,SHA-512 hashes either using brute force or using wordlists of the user's choice based on the users choice.
-
16
Crack the encrypted passwords (MD5,SHA, etc....)
-
17
Our idea is to deploy a society of computational agents that collaborate in order to achieve the shared goal of decrypting a chunk of ciphertext or recovering a password from an hash by means of a dictionary-based attack.
-
18
Java based webapp that utilizes TCP Wrappers to grant an IP access to a ssh server. Brute force attacks can be avoided while still allowing password based ssh access from multiple, changing IP values.
-
19
codeZ
A program to en/decrypt texts that are only crackable using bruteforce
codeZ is a program that can encrypt/decrypt texts that are not crackable without using brute-force attacks. It supports loads of characters, including symbols like brackets. -
20
AESTextCrypt
Encrypt and decrypt text using AES 256 bit encryption
AESTextCrypt is an easy-to-use open source tool for text encryption and decryption. Primarily intended for use with email, use it wherever you need to protect text from prying eyes. The encrypted text can be copy/pasted into any text-handling application (e.g. email) instead of plain text. Convenience buttons are provided for clipboard operations. AESTextCrypt uses AES-256 bit encryption which is the strongest available encryption scheme. It also employs bcrypt, which implements key-stretching and an adaptive key setup phase, the complexity (number of rounds) of which is automatically set to match the processing power of the encrypting computer. This makes it highly resistant to dictionary attack. AESTextCrypt is written in Java, so can be run on all desktop platforms - Windows, Mac and Linux. -
21
Generic clustering/load-balancing platform (over a LAN or internet) using java based P2P Aorta workers that execute java "tasklets". Various tasklets can be implemented to solve fractals, process images, render webpages, crack RSA "brute force".
-
22
CryptoHelper is a Java program designed to aid in the decryption of classical ciphers, ie pre WWII ciphers. It brings together tools like frequency analysis, friedman tests, enciphering/deciphering for several clasical ciphers, and brute force algorithm
-
23
DENRIT
Perform anonymous and non-anonymous pentesting.
DENRIT allows remote administration of anonymous networks (TOR, I2P and FreeNet). Also, contains a pentesting module to execute commands using a selected anonymous network, pentesting with TOR or TCP Follows a client/server model with well-defined communication interfaces. SSH is used to allow remote clients to access the machine and manage any anonymous network that is installed there, plus allows penetration testing anonymously (or non-anonymously) using tools such as Metasploit Framework, nmap, nikto, among others. The list of supported applications will grow as the project progresses. Until now, this project is under development and is very unstable (and some features aren't included). But I've been developing constantly and I think that soon this software will become stable and very useful to pentesters, hackers and researchers (I hope so!) Well, you can see the wiki page and the presentation exposed in the download section if you want more information about this project. -
24
DNScat is a "swiss-army knife" tool to tunnel traffic through DNS servers. It is a small, yet powerfull tool, similar to netcat. In conjunction with PPP server, it allows to build a VPN using DNS packets. DNScat is a useful tool for penetration testing.
-
25
GPP is a General Purpose Proxy Java graphical application intended mainly for packet inspection and modification. It's main idea is to be a little user-friendly portable man-in-the-middle tool for security analysis. Later, some protocols should be added
