explaingit

orange-cyberdefense/arsenal

Analysis updated 2026-07-03

3,727PythonAudience · ops devopsComplexity · 2/5Setup · easy

TLDR

A command-line search-and-launch tool for penetration testers that finds security tool commands from a built-in cheatsheet library and types them directly into your terminal with your target values pre-filled.

Mindmap

mindmap
  root((arsenal))
    What it does
      Search commands
      Launch to terminal
      Fill global variables
    Cheatsheet library
      Network scanning
      Web app testing
      Password cracking
      Active Directory
    Features
      Fuzzy search
      Tmux support
      Custom cheatsheets
    Audience
      Pen testers
      Security pros
Click or tap to explore — scroll the page freely

Code map

Detail Auto

An interactive map of this repo's files and how they connect — its source is parsed live in your browser. Click Visualize to build it.

filefunction / class

What do people build with it?

USE CASE 1

Search a library of penetration testing commands by tool name or category and send the right one to your terminal with a target IP already filled in.

USE CASE 2

Add your own Markdown cheatsheet files so your internal or custom security tools appear alongside the built-in library.

USE CASE 3

Use tmux integration to search Arsenal in one pane and have selected commands execute automatically in a second pane.

What is it built with?

Python

How does it compare?

orange-cyberdefense/arsenalwwwzhouhui/dify-for-dslmarblexu/pythonplantsvszombies
Stars3,7273,7273,728
LanguagePythonPythonPython
Setup difficultyeasyeasyeasy
Complexity2/52/52/5
Audienceops devopspm founderdeveloper

Figures from each repo's GitHub metadata at analysis time.

How do you get it running?

Difficulty · easy Time to first run · 5min

Install via pip or AUR, works with any shell and requires no additional configuration to get started.

In plain English

Arsenal is a command-line tool built by and for security professionals who do penetration testing, which is the practice of legally testing computer systems for vulnerabilities. Penetration testing involves running many specialized tools, each with its own flags and options that are difficult to memorize. Arsenal acts as a searchable catalog and launcher for those commands so testers can find the right command, fill in their specific details, and send it directly to their terminal. The core mechanic is a fuzzy search interface where you type part of a tool name or category and Arsenal shows matching commands. When you select one, it is typed into your terminal as if you had typed it yourself, which means it works with any shell and the command appears in your shell history. You can also set global variables inside Arsenal so that repeated values, like a target IP address, are automatically filled in across any command that uses that value. Arsenal includes a library of cheatsheets covering a wide range of security tools, organized by category. These include tools for scanning networks, testing web applications, cracking passwords, exploiting database services, and working with Windows Active Directory environments. The cheatsheets are written in Markdown or reStructuredText, and you can add your own by placing files in a designated folder. The project also includes visual mindmaps for common Active Directory attack paths and Exchange server testing. The tool supports running inside tmux, a terminal multiplexer. In tmux mode, Arsenal can split your terminal window and send the selected command directly to a second pane, so you do not have to leave the Arsenal interface to run a command. Installation is available through pip, the Python package manager, or manually by cloning the repository. Arch Linux users can also install it from the AUR package repository. The project is written in Python and was created by Guillaume Muh and mayfly at Orange Cyberdefense.

Copy-paste prompts

Prompt 1
Show me how to install Arsenal and set a global target IP variable so it auto-fills into every command I select.
Prompt 2
How do I create a custom Arsenal cheatsheet file for a tool my team uses internally, and where do I place it?
Prompt 3
Set up Arsenal inside a tmux session so I can browse commands in one split and run them in another without switching windows.
Prompt 4
Which Arsenal cheatsheet categories cover Active Directory attacks and what commands are included for Kerberoasting?
Prompt 5
Walk me through using Arsenal to find, customize, and run an nmap scan command from the built-in network scanning cheatsheets.

Frequently asked questions

What is arsenal?

A command-line search-and-launch tool for penetration testers that finds security tool commands from a built-in cheatsheet library and types them directly into your terminal with your target values pre-filled.

What language is arsenal written in?

Mainly Python. The stack also includes Python.

How hard is arsenal to set up?

Setup difficulty is rated easy, with roughly 5min to a first successful run.

Who is arsenal for?

Mainly ops devops.

Open on GitHub → Explain another repo

This repo across BitVibe Labs

Scan in gitsafehub Deploy in gitdeployhub orange-cyberdefense on gitmyhub

Verify against the repo before relying on details.