Open Source Projects

Contribute to our Open-Source Security Projects on Github!

We believe in the power of the security community to come together and collaborate on ambitious, purposeful and exciting projects! Browse our open source projects to see if you would like to contribute or contact us to launch a joint project!

Contact Us


VM Linux Distro

The Samurai Web Testing Framework is a virtualized lab environment containing local vulnerable targets. SamuraiWTF is meant to be a training ground for application security penetration testers and developers to better understand application vulnerabilities.


Burp Extension

The purpose of this Burp extension is to improve efficiency of manual parameter analysis for web penetration tests of either complex or numerous applications. This can assist in tasks such as identifying sensitive data, identifying hash algorithms, decoding parameters, and determining which parameters are reflected in the response. This extension performs an in-depth and intelligent parameter analysis of all in-scope Burp traffic. Results are displayed in an interactive table and can be sent directly to other Burp tools such as Repeater.


Burp Extension

The CO2 Burp extension includes a variety of functionality to enhance certain web penetration test tasks, such as an interface to make interacting with SQLMap more efficient and less error-prone, various tools for generating lists of users, a Laudanum exploitation shell implementation, and even a word masher for generating passwords. CO2 is available in the BApp Store and works with both the free and pro version of Burp.


VM Distro

Pequod is a VM lab environment designed to experiment with container hacking.

Bloodhound Elementary

Bloodhound CLI

Command line tool for analyzing .json files generated by or sharphound for use in Bloodhound.


Node-based lab

A set of Node applications for demonstrating web security concepts. Created for use in Samurai WTF.


Collection of Injectable Files

Laudanum is a collection of injectable files, in multiple languages for different environments, designed for use in a penetration test when SQL injection flaws are discovered. This collection of injectable files provides functionality such as shell, DNS query, LDAP retrieval, and others.

Note: This project is stale and has not been updated in some time.

Weaponized Flash

RIA Object Creation

Weaponized Flash is an open source project focused around creating RIA objects for use during penetration tests. These objects are designed to use the feature sets of the client platforms to perform the attacks.

Note: This project is stale and has not been updated in some time.


VM Linux Distro

The MobiSec Mobile Testing Framework project is a Virtual Machine Linux distribution for testing mobile environments, including devices, applications, and supporting infrastructure. The purpose is to provide attackers and defenders the ability to test their mobile environments to identify design weaknesses and vulnerabilities. The MobiSec distribution provides a single environment for testers to leverage the best of all available open source mobile testing tools, as well as the ability to install additional tools and platforms, that will aid the penetration tester through the testing process as the environment is structured and organized based on an industry-proven testing framework.

Note: This project is stale and has not been updated in some time.


Resource Kit

The Sh5Ark, or Securing HTML5 Assessment Resource Kit, open project is a repository containing code and information about HTML5 vulnerable features, proof-of-concept attacks, and filtering rules for blocking the exploitable HTML5 features and attacks.

Note: This project is stale and has not been updated in some time.

Want to

Get Involved?