Open Source ChromeOS Penetration Testing Tools - Page 3
Sort By:
Penetration Testing Tools for ChromeOS
-
Gemini 3 and 200+ AI Models on One PlatformBuild generative AI apps with Vertex AI. Switch between models without switching platforms.
-
Try Google Cloud Risk-Free With $300 in CreditUse your credit across every product. Compute, storage, AI, analytics. When it runs out, 20+ products stay free. You only pay when you choose to.
-
1
PivotSuite
Network Pivoting Toolkit
PivotSuite is a portable, platform-independent and powerful network pivoting toolkit, Which helps Red Teamers / Penetration Testers to use a compromised system to move around inside a network. It is a Standalone Utility, Which can use as a Server or as a Client. If the compromised host is directly accessible (Forward Connection) from Our pentest machine, Then we can run pivotsuite as a server on the compromised machine and access the different subnet hosts from our pentest machine, Which was only accessible from the compromised machine. If the compromised host is behind a Firewall / NAT and isn't directly accessible from our pentest machine, Then we can run pivotsuite as a server on pentest machine and pivotsuite as a client on the compromised machine for creating a reverse tunnel (Reverse Connection). Using this we can reach different subnet hosts from our pentest machine, which was only accessible from the compromised machine. -
2
A java application for creating, playing and solving SuDoku puzzles of various types. Features both a Swing GUI and command-line operation. The automatic solving of puzzles uses "smart" techniques rather than a brute force search of every possibility.
-
3
PyExfil
A Python Package for Data Exfiltration
PyExfil was born as a PoC and kind of a playground and grew to be something a bit more. In my eyes it’s still a messy PoC that needs a lot more work and testing to become stable. The purpose of PyExfil is to set as many exfiltrations, and now also communication, techniques that CAN be used by various threat actors/malware around to bypass various detection and mitigation tools and techniques. You can track changes at the official GitHub page. Putting it simply, it’s meant to be used as a testing tool rather than an actual Red Teaming tool. Although most techniques and methods should be easily ported and compiled to various operating systems, some stable some experimental, the transmission mechanism should be stable on all techniques. Clone it, deploy on a node in your organization and see which systems can catch which techniques. -
4
Computer chess engine written using Qt4, which works under Knights, Jose, Arena and other chess board GUI games. Uses bitboard game representation and alpha beta brute-force search to analyse chess positions.
-
MongoDB Atlas runs apps anywhereMongoDB Atlas gives you the freedom to build and run modern applications anywhere—across AWS, Azure, and Google Cloud. With global availability in over 115 regions, Atlas lets you deploy close to your users, meet compliance needs, and scale with confidence across any geography.
-
5
RTCP is a network man-in-the-middle service for protecting TCP, enabling fault-tolerant servers to recover their connections when restarting.
-
6
Reactor Breeder
A Genetic Algorithm for Reactors in StarMade
This software uses a genetic algorithm to "evolve" reactor designs for Schema's space-simulation game, Star-Made (http://star-made.org/). One of the more unique aspects of the game is that ship power management is not as simple as filling a cube with power generation blocks. This mechanism leads to difficulties in getting maximal power generation out of such reactors. This program rectifies this issue by using a self-organizing variant of brute force search. Much of the search space is pruned early on by a user-selectable fitness function. Within a few epochs, reactor output quickly converges to several sub-optimal, yet high-output reactors. Given enough time, the idea is that the optimal reactor configuration will be yielded. -
7
SMTPA is a penetration testing and email compliance tool. Want to know if a renamed, encrypted MS word document with a wrongly set content-type header fools your Content Security infrastructure? Check this out!
-
8
Setra
Password protected zip file cracker.
Setra is a cross-platform command line utility used to brute-force password protected zip file. It is written in the Python programming language. -
9
Shennina
Automating Host Exploitation with AI
Shennina is an automated host exploitation framework. The mission of the project is to fully automate the scanning, vulnerability scanning/analysis, and exploitation using Artificial Intelligence. Shennina is integrated with Metasploit and Nmap for performing the attacks, as well as being integrated with an in-house Command-and-Control Server for exfiltrating data from compromised machines automatically. Shennina scans a set of input targets for available network services, uses its AI engine to identify recommended exploits for the attacks, and then attempts to test and attack the targets. If the attack succeeds, Shennina proceeds with the post-exploitation phase. The AI engine is initially trained against live targets to learn reliable exploits against remote services. Shennina also supports a "Heuristics" mode for identfying recommended exploits. -
Full-stack observability with actually useful AI | Grafana CloudBuilt on open standards like Prometheus and OpenTelemetry, Grafana Cloud includes Kubernetes Monitoring, Application Observability, Incident Response, plus the AI-powered Grafana Assistant. Get started with our generous free tier today.
-
10
This is a simple app, created around an original sudoku solver based only on heuristics, not brute force. It's coded in Java/SWT(GUI toolkit). It's an example of MVC and of Visitor, Observer, Strategy, Abstract Factory, Singleton Design Patterns.
-
11
Tetris Puzzle Solver
Fills a rectangle using given tetris shapes
Fills a rectangle using given tetris shapes (tetraminos) using an optimized brute force algorithm. A puzzle can have many different solutions; this solver will stop at the first one. Not all puzzles are solveable. Created to solve the annoying tetris puzzles in The Talos Principle and Sigils of Elohim. -
12
TSeep is a local network proxy used to MITM SSL and other standard/non-standard TCP based protocols.
-
13
WiFi-Pumpkin
WiFi-Pumpkin - Framework for Rogue Wi-Fi Access Point Attack
The WiFi-Pumpkin is a rogue AP framework to easily create these fake networks, all while forwarding legitimate traffic to and from the unsuspecting target. It comes stuffed with features, including rogue Wi-Fi access points, deauth attacks on client APs, a probe request and credentials monitor, transparent proxy, Windows update attack, phishing manager, ARP Poisoning, DNS Spoofing, Pumpkin-Proxy, and image capture on the fly. moreover, the WiFi-Pumpkin is a very complete framework for auditing Wi-Fi security check the list of features is quite broad. -
14
distributedPHP client
A simple script for distributed computing through PHP:
distributedPHP client is a simple PHP script that can simultaneously activate/send data to as many web scripts as you want. You must open and configure the distributedPHP .php file prior to running it. ditributedPHP client supports activating scripts without data, sending the same data to all scripts, sending unique data to each script or sending user input to each script. Examples of use include: distributed math computation, encryption breaking, SETI@home/folding@home (well, if they made the projects in php..) distributed bruteforce attacks, ddos attacks, distributed processing, etc.. distributedPHP client can be configured to distribute computing to scripts written in a language other than php as long as the script supports html form input (or doesn't require input at all). -
15
A Python re-write and extension of the (apparently abandoned) Hackbot script. It is designed to assist in the footprinting and enumeration phases of penetration testing.
-
16
ISR-evilgrade: is a modular framework that allow us to take advantage of poor upgrade implementations by injecting fake updates.
-
17
A distributed and dynamically threaded password cracker. Completely cross-platform using Qt 4.3. Utilizes 1 server and N clients to distribute password cracking across N machines, each of which can utilize N CPUs.
-
18
mssqlproxy
Toolkit aimed to perform lateral movement in restricted environments
mssqlproxy is a toolkit aimed to perform lateral movement in restricted environments through a compromised Microsoft SQL Server via socket reuse. The client requires impacket and sysadmin privileges on the SQL server. The first step is to execute code in the SQL Server process context. As extended stored procedures are going to be deprecated in future versions of MSSQL, we pay attention to Microsoft recommendations and thus, use CLR assemblies instead. -
19
Strength in numbers. Existing products we're involved in include port to Linux of Tony Forbes' MFAC for brute-force factorization of MM61 for relatively small factors, and further development and improvement of Tim Charron's ECMnet distributed computing f
-
20
phpsploit
Full-featured C2 framework which silently persists on webserver
Full-featured C2 framework which silently persists on webserver via polymorphic PHP oneliner. The obfuscated communication is accomplished using HTTP headers under standard client requests and web server's relative responses, tunneled through a tiny polymorphic backdoor. Detailed help for any option (help command) Cross-platform on both client and server. CLI supports auto-completion & multi-command. Session saving/loading feature & persistent history. Multi-request support for large payloads (such as uploads) Provides a powerful, highly configurable settings engine. Each setting, such as user-agent has a polymorphic mode. Customizable environment variables for plugin interaction. Provides a complete plugin development API. -
21
pngacidbath is the one true PNG image brute force compressor. While other tools simply run down a list of "intelligent" compressor algorithms (some known as zlib methods), pngacidbath tries every byte combination to come up with THE smallest file.
-
22
An attempt to send a full flagged MIME based email using open relay mail servers (authentication not required). Written in Python3. Using smtplib and email liabraries TODO: Bruteforce the SMTP authentication. Support TLS.
-
23
sectest
Security & Penetration Testing Suite
Open source Penetration Testing Suite for IT professionals and penetration testers. SecTest automates the boring repetitive procedures of penetration testing. -
24
swap_digger
swap_digger is a tool used to automate Linux swap analysis
swap_digger is a bash script used to automate Linux swap analysis for post-exploitation or forensics purpose. It automates swap extraction and searches for Linux user credentials, Web form credentials, Web form emails, HTTP basic authentication, WiFi SSID and keys, etc. swap_digger is a tool used to automate Linux swap analysis during post-exploitation or forensics. It automates swap extraction and searches for Linux user credentials, web forms credentials, web forms emails, http basic authentication, Wifi SSID and keys, etc. -
25
A non-brute-force sudoku solver. Ukodos is sodoku backwards; According to wikipedia, Sodoku is a bacterial zoonotic disease.
