- FuzzDB - Dictionary of attack patterns and primitives for black-box application fault injection and resource discovery.
- Offensive Web Testing Framework (OWTF) - Python-based framework for pentesting Web applications based on the OWASP Testing Guide.
- Raccoon - High performance offensive security tool for reconnaissance and vulnerability scanning.
- WPSploit - Exploit WordPress-powered websites with Metasploit.
- autochrome - Chrome browser profile preconfigured with appropriate settings needed for web application testing.
- badtouch - Scriptable network authentication cracker.
- sslstrip2 - SSLStrip version to defeat HSTS.
- sslstrip - Demonstration of the HTTPS stripping attacks.