Analysis updated 2026-07-03
Search a library of penetration testing commands by tool name or category and send the right one to your terminal with a target IP already filled in.
Add your own Markdown cheatsheet files so your internal or custom security tools appear alongside the built-in library.
Use tmux integration to search Arsenal in one pane and have selected commands execute automatically in a second pane.
| orange-cyberdefense/arsenal | wwwzhouhui/dify-for-dsl | marblexu/pythonplantsvszombies | |
|---|---|---|---|
| Stars | 3,727 | 3,727 | 3,728 |
| Language | Python | Python | Python |
| Setup difficulty | easy | easy | easy |
| Complexity | 2/5 | 2/5 | 2/5 |
| Audience | ops devops | pm founder | developer |
Figures from each repo's GitHub metadata at analysis time.
Install via pip or AUR, works with any shell and requires no additional configuration to get started.
Arsenal is a command-line tool built by and for security professionals who do penetration testing, which is the practice of legally testing computer systems for vulnerabilities. Penetration testing involves running many specialized tools, each with its own flags and options that are difficult to memorize. Arsenal acts as a searchable catalog and launcher for those commands so testers can find the right command, fill in their specific details, and send it directly to their terminal. The core mechanic is a fuzzy search interface where you type part of a tool name or category and Arsenal shows matching commands. When you select one, it is typed into your terminal as if you had typed it yourself, which means it works with any shell and the command appears in your shell history. You can also set global variables inside Arsenal so that repeated values, like a target IP address, are automatically filled in across any command that uses that value. Arsenal includes a library of cheatsheets covering a wide range of security tools, organized by category. These include tools for scanning networks, testing web applications, cracking passwords, exploiting database services, and working with Windows Active Directory environments. The cheatsheets are written in Markdown or reStructuredText, and you can add your own by placing files in a designated folder. The project also includes visual mindmaps for common Active Directory attack paths and Exchange server testing. The tool supports running inside tmux, a terminal multiplexer. In tmux mode, Arsenal can split your terminal window and send the selected command directly to a second pane, so you do not have to leave the Arsenal interface to run a command. Installation is available through pip, the Python package manager, or manually by cloning the repository. Arch Linux users can also install it from the AUR package repository. The project is written in Python and was created by Guillaume Muh and mayfly at Orange Cyberdefense.
A command-line search-and-launch tool for penetration testers that finds security tool commands from a built-in cheatsheet library and types them directly into your terminal with your target values pre-filled.
Mainly Python. The stack also includes Python.
Setup difficulty is rated easy, with roughly 5min to a first successful run.
Mainly ops devops.
This repo across BitVibe Labs
Verify against the repo before relying on details.