{"id":"manisso-fsociety","name":"fsociety","homepage":null,"repo_url":"https://github.com/Manisso/fsociety","category":"security","subcategories":[],"tags":["ai-ml","devtools","security","penetration-testing","web-hacking","reconnaissance","cli","python"],"what_it_does":"Fsociety is a Python-based penetration testing “tools pack” bundling many third-party security utilities across reconnaissance, password attacks, wireless testing, exploitation, sniffing/spoofing, web hacking, and post-exploitation. The README describes it primarily as a collection/framework to install and run these tools.","use_cases":["Learning or practicing penetration testing workflows (with appropriate authorization)","Running reconnaissance and scanning steps (e.g., Nmap, WPScan, CMS scanner)","Executing common web and exploitation toolchains (e.g., sqlmap, Arachni, various CMS/Web exploit scanners)","Performing post-exploitation checks within an authorized assessment workflow","Packaging many security tools into a single installer/distro (including optional Docker usage)"],"not_for":["Production security monitoring/defense use cases","Any unauthorized hacking or targeting systems without explicit permission","Agent-to-service automation via stable APIs (the project is primarily a CLI/tool bundle)","Environments where Python 2 is unacceptable"],"best_when":null,"avoid_when":null,"alternatives":["Kali Linux (prebuilt offensive security toolsets)","Metasploit Framework (structured exploitation framework)","Wapiti/Burp Suite/ZAP (web-focused tools)","OpenVAS/Greenbone (defensive vulnerability scanning)","Custom curated toolchains via official upstream projects (Nmap, sqlmap, Arachni, etc.)"],"af_score":25.8,"security_score":11.8,"reliability_score":18.8,"package_type":"skill","discovery_source":["openclaw"],"priority":"high","status":"evaluated","version_evaluated":null,"last_evaluated":"2026-03-29T13:22:12.139429+00:00","interface":{"has_rest_api":false,"has_graphql":false,"has_grpc":false,"has_mcp_server":false,"mcp_server_url":null,"has_sdk":false,"sdk_languages":[],"openapi_spec_url":null,"webhooks":false},"auth":{"methods":[],"oauth":false,"scopes":false,"notes":"No service authentication is described. Tools are intended to be run locally/within a container and operate against targets; access control is therefore not presented as an API-layer concern in the README."},"pricing":{"model":null,"free_tier_exists":false,"free_tier_limits":null,"paid_tiers":[],"requires_credit_card":false,"estimated_workload_costs":null,"notes":"License is MIT, and no pricing/hosted service is described."},"requirements":{"requires_signup":false,"requires_credit_card":false,"domain_verification":false,"data_residency":[],"compliance":[],"min_contract":null},"agent_readiness":{"af_score":25.8,"security_score":11.8,"reliability_score":18.8,"mcp_server_quality":0.0,"documentation_accuracy":35.0,"error_message_quality":0.0,"error_message_notes":null,"auth_complexity":100.0,"rate_limit_clarity":0.0,"tls_enforcement":0.0,"auth_strength":10.0,"scope_granularity":0.0,"dependency_hygiene":35.0,"secret_handling":20.0,"security_notes":"Security posture can’t be fully assessed from the README alone. It bundles many external offensive tools; risk includes dependency/version drift and varying security quality across included components. No guidance is provided on safe handling of logs/outputs or secrets, and there is no API-level TLS/auth because it’s a local tool pack.","uptime_documented":0.0,"version_stability":35.0,"breaking_changes_history":20.0,"error_recovery":20.0,"idempotency_support":"false","idempotency_notes":null,"pagination_style":"none","retry_guidance_documented":false,"known_agent_gotchas":["Primarily a collection/bundle of offensive security tools; agent use via programmatic API is not supported","README indicates Python 2 support, which may be incompatible with modern environments and can cause runtime issues","Execution against targets may be disruptive; “idempotency” is generally not applicable to scanning/exploitation-style workflows","No rate-limit guidance exists because there is no API/service endpoint described","Bundled tools may have their own dependencies and update cadence; overall stability depends on the included sub-tools"]}}