Open Source BSD Software Testing Tools

Low Orbit Ion Cannon. The project only keeps and maintains (bug fixing) the code written by the original author - Praetox, but is not associated or related to it. DISCLAIMER: USE ON YOUR OWN RISK. THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDER OR CONTRIBUTORS "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES.

DirBuster is a multi threaded java application designed to brute force directories and files names on web/application servers.

PyLoris is a scriptable tool for testing a server's vulnerability to connection exhaustion denial of service (DoS) attacks. PyLoris can utilize SOCKS proxies and SSL connections, and can target protocols such as HTTP, FTP, SMTP, IMAP, and Telnet.

Wapiti is a vulnerability scanner for web applications. It currently search vulnerabilities like XSS, SQL and XPath injections, file inclusions, command execution, XXE injections, CRLF injections, Server Side Request Forgery, Open Redirects... It use the Python 3 programming language.

pamtester is a tiny utility program to test the pluggable authentication modules (PAM) facility, specifically designed to help PAM module authors to intensively test their own modules.

SSLScan queries SSL services, such as HTTPS, in order to determine the ciphers that are supported. SSLScan is designed to be easy, lean and fast. The output includes prefered ciphers of the SSL service, the certificate and is in Text and XML formats.

VoIPER is a VoIP security testing toolkit incorporating several VoIP fuzzers and auxilliary tools to assist the auditor. It can currently generate over 200,000 SIP tests and H.323/IAX modules are in development. It's also a damn cool project name ;)

PyKCS11: a complete PKCS#11 wrapper for Python, created using the SWIG compiler. API documentation: http://pkcs11wrap.sourceforge.net/api/

It's a tool for testing HTTP servers and Web applications. It supports HTTP/HTTPS protocols, GET,POST and HEAD methods, HTTP proxies, refferes and cookies. It's like HTTP Debugger in network tool AccessDiver or HAS.

Proxy Tester is a proxy list tester and then it generates a wpad.dat file you can use for your browser based on working servers. wpad.dat file selects a random proxy server from the list of provided working proxy servers with each connection request.

Syn Flood Attacks SYNFlood with static source port SYNFlood with random source port SYNFlood with static source ip address SYNFlood with random source address SynFlood with fragmented packets ACK Flood Attacks ACK Flood with static source port ACK Flood with random source port ACK Flood with static source ip address ACK Flood with random source address ACK Flood with fragmented packets FIN Flood Attacks FIN Flood with static source port FIN Flood with random source port FIN Flood with static source ip address FIN Flood with random source address FIN Flood with fragmented packets UDP Flood Attacs Static source port udp flood UDP flood with random source port UDP Flood with static source ip address UDP Flood with random source address UDP Flood with fragmented packets ICMP Flood ICMP Flood with all options random(source ip, icmp type, code) HTTP Flood ... More info: http://sf.net/p/netstressng/wiki/Home/

Bannergrab is a next generation network service banner grabbing tool. In addition to simple banner grabbing it can send triggers to various services such as FTP, SMTP and HTTP to enumerate additional information, including support for SSL services.

The BP-Tools set consist from applications supporting EFT testing, benchmarking and transaction service development. BP-Tools suite currently consists of following three components: - BP-CCALC: Cryptographic Calculator - BP-CardEdit: Thales P3 Input/Output file editor - BP-EMVT: EMV Tool - BP-HCMD: Thales HSM Commander

The csvdatamix project aims to randomize CSV input data files in order to conceal the original state of the data. Similar to data masking or data transformation. Also has mapping abilities to translate back to the original state of the data.

Pure-Java cryptographic calculator, featuring basic arithmetic operators, cryptographic operations, multiple key file formats and edition of ASN.1 object files.

Death Star is a 'multi-protocol stress testing' tool. Initially forked from LOIQ v0.3a, Death Star seeks to surpass LOIC and LOIQ in terms of performance, OS support and win.

This is is a modular, test driven website that tries to break web clients of all kind. If you are developing applications that interact with websites you might want to throw it at this website first and see if it survives.

Automated Fuzztests for JUnit

A simple and incredibly powerful tool for scripting and fuzzing arbitrary network protocols written using the Chicken Scheme-to-C compiler.

IdMUnit is an xUnit automated testing framework for Identity Management solutions.

Publish your junit test report in pdf format. Plug and Play integration. Home page: http://junitpdfreport.sourceforge.net/

A test framework for penetration testing Java classes and methods with randomized parameters and testing the results.

JAva Fault Injection and MONitoring tool

The project Jaulp is jet another utility library project written in Java. It contains utility classes for Date ,Calendar, Collections, Resources, Files, IO for Random data, and many more. This is the last version for this project.