Home/Blogs/9 Free & Opensource Security Tool

9 Free & Opensource Security Tool

Created at November 9, 2025 • Updated 11/9/2025

Open-source penetration testing tools are freely available software solutions that help pentest teams identify system and network weaknesses. Teams often need a variety of tools to perform a full penetration test, so using open source pentesting tools can help keep costs down.

https://www.21oss.com//curated/9-free-and-opensource-security-tool

Link Copied!

Curated by

BroKarim

@BroKarim

#1

Hashcat

Hashcat is an advanced password recovery utility that supports cracking over 300 highly-optimized hashing algorithms including MD5, SHA-family, bcrypt, and many others. It leverages CPU and GPU power to perform high-speed password attacks using various methods like brute-force, dictionary, combinator, and rule-based attacks. Widely used by security professionals, penetration testers, and forensic analysts for password auditing and recovery operations.

Tech Stack:

cuda

C

opencl

openmp

Visit Hashcat View Details

1 / 2

Details:

Stars
25,109
Forks
3,333
Last commit
2 months ago
Repository age
10 years

View Repository

Fetched from GitHub 5 days ago.

#2

Strix

Strix is a lightweight and intuitive state management library designed specifically for React applications. It provides a simple API for managing global and local state without the complexity of traditional solutions, offering features like automatic re-rendering optimization, TypeScript support, and minimal boilerplate. Ideal for developers seeking a modern alternative to Redux or Context API, Strix enables efficient state handling in both small projects and large-scale applications with its developer-friendly approach and performance-focused architecture.

Tech Stack:

jinja

python

ai-sdk

react

typescript

Visit Strix View Details

1 / 3

Details:

Stars
18,773
Forks
1,953
Last commit
5 days ago
Repository age
5 months
License
Apache-2.0

View Repository

Fetched from GitHub 5 days ago.

#3

Metasploit

Metasploit Framework is an open-source penetration testing platform that enables security professionals to find, exploit, and validate vulnerabilities in systems and networks. It provides a comprehensive suite of tools for security assessments, including exploit development, payload generation, vulnerability scanning, and post-exploitation capabilities. The framework contains thousands of exploits, auxiliary modules, and payloads that help security teams identify weaknesses before malicious actors can exploit them. Widely used by penetration testers, security researchers, and ethical hackers, Metasploit streamlines the process of testing security defenses and demonstrating the impact of vulnerabilities. It supports multiple platforms and protocols, making it an essential tool for both offensive security operations and defensive security training.

Tech Stack:

ruby

python

bash

postgresql

linux

docker

Visit Metasploit View Details

1 / 2

Details:

Stars
37,229
Forks
14,693
Last commit
5 days ago
Repository age
14 years

View Repository

Fetched from GitHub 5 days ago.

#4

Aircrack-ng

Aircrack-ng is a comprehensive suite of tools designed for assessing WiFi network security. It focuses on monitoring, attacking, testing, and cracking wireless networks, supporting WEP, WPA/WPA2-PSK, and WPA3 protocols. The toolkit includes packet capture and export capabilities, replay attacks, deauthentication, fake access point creation, and password cracking through dictionary and brute-force methods. Widely used by security professionals, penetration testers, and network administrators for vulnerability assessment and security auditing of wireless networks.

Tech Stack:

assembly

python

wireless

C

pcap

c++

linux

Visit Aircrack-ng View Details

1 / 2

Details:

Stars
6,755
Forks
1,200
Last commit
6 months ago
Repository age
8 years
License
GPL-2.0

View Repository

Fetched from GitHub 5 days ago.

#5

Wireshark

Wireshark is a free and open-source packet analyzer used for network troubleshooting, analysis, software and protocol development, and education. It captures and interactively displays network traffic at a microscopic level, allowing users to inspect hundreds of protocols with deep packet inspection capabilities. Widely used by network administrators, security professionals, and developers for diagnosing network issues, analyzing security vulnerabilities, and understanding network behavior in real-time or from captured files.

Tech Stack:

python

lua

gtk

C

cmake

glib

pcap

c++

qt

libpcap

Visit Wireshark View Details

1 / 2

Details:

Stars
8,868
Forks
2,082
Last commit
5 days ago
Repository age
12 years
License
GPL-2.0

View Repository

Fetched from GitHub 5 days ago.

#6

Nmap

Nmap (Network Mapper) is a free and open-source network scanner used to discover hosts and services on a computer network by sending packets and analyzing responses. It provides features for network inventory, managing service upgrade schedules, and monitoring host or service uptime. Security professionals, system administrators, and network engineers use Nmap for vulnerability scanning, penetration testing, network mapping, and security auditing across diverse operating systems and network infrastructures.

Tech Stack:

python

lua

C

nse

c++

Visit Nmap View Details

1 / 2

Details:

Stars
12,137
Forks
2,702
Last commit
13 days ago
Repository age
14 years

View Repository

Fetched from GitHub 5 days ago.

#7

OpenVAS Scanner

OpenVAS Scanner is a powerful open-source vulnerability scanning engine that performs comprehensive security assessments of networks and systems. It detects security vulnerabilities, misconfigurations, and potential threats by executing thousands of Network Vulnerability Tests (NVTs). As part of the Greenbone Vulnerability Management solution, it provides enterprise-grade vulnerability detection capabilities for security professionals, penetration testers, and IT administrators who need to identify and remediate security weaknesses in their infrastructure.

Tech Stack:

gvm-libs

openssl

ssh

C

cmake

gnutls

pcap

redis

Visit OpenVAS Scanner View Details

1 / 2

Details:

Stars
4,337
Forks
751
Last commit
6 days ago
Repository age
8 years
License
GPL-2.0

View Repository

Fetched from GitHub 5 days ago.

#8

Gophish

Gophish is a powerful open-source phishing framework designed for businesses and penetration testers to test and train their organizations against phishing attacks. It provides an easy-to-use web interface for creating and managing phishing campaigns, tracking results in real-time, and generating comprehensive reports. The platform enables security teams to send simulated phishing emails, capture credentials on fake landing pages, and measure employee susceptibility to social engineering attacks, helping organizations improve their security awareness and reduce human-related vulnerabilities.

Tech Stack:

javascript

mysql

go

sqlite

html

Visit Gophish View Details

1 / 2

Details:

Stars
13,456
Forks
2,811
Last commit
1 year ago
Repository age
12 years

View Repository

Fetched from GitHub 5 days ago.

#9

SQLMap

SQLMap is an open-source penetration testing tool that automates the process of detecting and exploiting SQL injection vulnerabilities in web applications. It features a powerful detection engine, supports a wide range of database management systems including MySQL, Oracle, PostgreSQL, Microsoft SQL Server, and many others. The tool can enumerate users, password hashes, privileges, databases, dump entire database tables, and even establish out-of-band connections to take over the underlying operating system. Designed for security professionals, penetration testers, and ethical hackers to assess database security and identify vulnerabilities before malicious actors can exploit them.

Tech Stack:

mysql

python

oracle

postgresql

mssql

sql

Visit SQLMap View Details

Details:

Stars
36,277
Forks
6,156
Last commit
5 days ago
Repository age
14 years

View Repository

Fetched from GitHub 5 days ago.