Open Source Linux Performance Testing Software

The OWASP Zed Attack Proxy (ZAP) is one of the world’s most popular free security tools and is actively maintained by a dedicated international team of volunteers. It can help you automatically find security vulnerabilities in your web applications while you are developing and testing your applications. It's also a great tool for experienced pentesters to use for manual security testing. ZAP is an easy to use integrated penetration testing tool for finding vulnerabilities in web applications. It is designed to be used by people with a wide range of security experience and as such is ideal for developers and functional testers who are new to penetration testing. ZAP provides automated scanners as well as a set of tools that allow you to find security vulnerabilities manually. It stands between the tester’s browser and the web application so that it can intercept and inspect messages sent between browser and web application.

PyLoris is a scriptable tool for testing a server's vulnerability to connection exhaustion denial of service (DoS) attacks. PyLoris can utilize SOCKS proxies and SSL connections, and can target protocols such as HTTP, FTP, SMTP, IMAP, and Telnet.

Maltrail is a malicious traffic detection system, utilizing publicly available (black)lists containing malicious and/or generally suspicious trails, along with static trails compiled from various AV reports and custom user-defined lists, where trail can be anything from domain name, URL, IP address (e.g. 185.130.5.231 for the known attacker) or HTTP User-Agent header value (e.g. sqlmap for automatic SQL injection and database takeover tool). Also, it uses (optional) advanced heuristic mechanisms that can help in the discovery of unknown threats (e.g. new malware). Sensor(s) is a standalone component running on the monitoring node (e.g. Linux platform connected passively to the SPAN/mirroring port or transparently inline on a Linux bridge) or at the standalone machine (e.g. Honeypot) where it "monitors" the passing Traffic for blacklisted items/trails (i.e. domain names, URLs and/or IPs).

BP-Sim allows users to perform an extensive range of tests across the chain of payment services and thus identify potential causes of failures before launching payment systems into production. BP-Sim consists of following modules: BP-Source, BP-Host, BP-HSM and BP-SeeEMV. BP-Source and BP-Host are payment transaction simulators supporting formats as: APACS30, AS2805, many ISO8583 dialects, IFSF, SPDH, TCMP. Together with industry-standard cryptography, multi-platform support, configurable transaction load up to 2000 TPS. BP-Sim HSM module provides an adequate TCP/IP simulation of the Thales Hardware Security Mod. BP-SeeEMV simulates the steps involved in an EMV transaction that take place in the EMV terminal and the Issuer Server (when conducted online). Module can process a transaction one step at a time in step-by-step mode or to certain break-point.

Proxy Tester is a proxy list tester and then it generates a wpad.dat file you can use for your browser based on working servers. wpad.dat file selects a random proxy server from the list of provided working proxy servers with each connection request.