RSS feed icon for Linux security tools

Security tools

Introduction

When it comes to security tooling for Linux and other platforms, there is enough to choose from. Unfortunately, many tools and scripts are outdated or lack high-quality documentation. We are volunteering to index and categorize all security tools with an open source license.

Top 100

The database currently consists of 521 security tools. Looking for new tools? The top 100 tools is a great start.

Developer

Are you involved in the development of an open source security project? Have a look if we already indexed yours. If not, please submit a tool suggestion.

Find the right tool

Top 10 tools

Every week the list of tools is ranked. This is the current top 10 of tools, based on manual reviews and automatic project health measurements.

1. Frida (reverse engineering tool)

black-box testing, reverse engineering

Frida allows developers and researchers to inject custom scripts into black box processes. This way it can provide a hook into any function, allowing to trace executed instructions. The source code is not needed. Frida even allows direct manipulation and see the results. The tool comes with bindings for different programming languages, allowing to interact with processes. Example of the bindings that Frida provides include Python, Swift, .NET, Qt/Qml, and C API.

8 ▴

2. Faraday (collaboration tool for penetration testing)

collaboration, penetration testing, security assessment, vulnerability scanning

Faraday helps teams to collaborate when working on penetration tests or vulnerability management. It stores related security information in one place, which can be easily tracked and tested by other colleagues.

4 ▴

3. Privacy Badger (privacy protection for browsers)

privacy enhancement

Privacy Badger provides protection against website visitor trackers. These trackers come in the form of beacons or invisible pixels and have the goal to collect information about the browser. This data is often shared by third parties and used to create a profile of a particular browser. As minor differences for each user may lead to an individual user, these third parties may even link some of the data to the related individual. Tools like Privacy Badger do not provide guar…

2 ▾

4. GRR Rapid Response (remote live forensics for incident response)

digital forensics, intrusion detection, threat hunting

The goal of the GRR tooling is to support digital forensics and investigations. By using a fast and scalable model, analysts can quickly perform their analysis. One of the main features is the ability to search for particular information or details. This process is called hunting.

2 ▾

5. Suricata (network IDS, IPS and monitoring)

information gathering, intrusion detection, network analysis, threat discovery

Suricata can be used as part of a Network Security Monitoring (NSM) ecosystem. You could use it to log HTTP requests, log and store TLS certificates, extract files from flows and store them to disk.

2 ▾

6. Cryptomator (client-side encryption for cloud services)

data encryption

Cryptomator is a multi-platform tool for transparent client-side encryption of your files. It is used together with cloud services to ensure you are the only one who can access the data.

2 ▾

7. Vuls (agentless vulnerability scanner)

system hardening, vulnerability scanning

Vuls is a vulnerability scanner for Linux and FreeBSD. It is written in Go, agentless, and can use a remote login to find any software vulnerabilities. It has multiple levels of scanning, from a fast scan up to a deep scan with extensive analysis.

2 ▾

8. MISP (Malware Information Sharing Platform)

fraud detection, information gathering, threat hunting

MISP collects, stores, and distributes security indicators and discovered threats. This makes the platform useful for those involved with security incidents and malware research. Users benefit from having a well-tested platform to structure the vast number of data points available when it comes to security threats. The tooling allows interaction with other tools, like security incident and event management (SIEM) and intrusion detection systems (IDS).

1 ▾

9. mitmproxy (TLS/SSL traffic interception)

network analysis, penetration testing, security assessment

The mitmproxy tool allows to intercept, inspect, modify, and replay traffic flows. It may be used for pentesting, troubleshooting, or learning about SSL/TLS.

1 ▾

10. Archery (vulnerability assessment and management)

penetration testing, vulnerability management, vulnerability scanning, vulnerability testing

Archery is a tool that helps to collect data about vulnerabilities within an environment. Instead of focusing on the actual scanning, it allows managing findings in a web-based interface. This includes options like reporting, searching, and dashboards. It can interact with other tools, including the well-known vulnerability scanners.

Like to see more tools? Have a look at the top 100 list.

Recently reviewed

New and existing security tools are reviewed on a weekly basis.

Archery


Archery is a Django-based application to perform vulnerability assessments and do vulnerability management.

Latest release: 2.0.6 [May 31, 2024]

Wapiti


Wapiti is a security tool to perform vulnerability scans on web applications. It uses fuzzing to detect known and unknown paths, among other tests.

Latest release: 3.1.8 [May 16, 2024]

Patator


Patator is a security tool to perform enumeration or brute-force attempts to discover authentication details. It can be used during penetration testing.

Latest release: 1.0 [Oct. 9, 2023]

BleachBit


BleachBit is an open source tool focused on maintaining your privacy by cleaning up sensitive data on the system.

Latest release: 4.6.0 [Nov. 6, 2023]

OpenSCAP


Tools to assist administrators and auditors with assessment, measurement and enforcement of security baselines

Latest release: 1.3.10 [March 18, 2024]

Lynis


Lynis is a security auditing tool for systems running Linux, macOS, or Unix. It can be used for security assessments and configuration audits.

Latest release: 3.1.1 [March 17, 2024]

BlackBox


BlackBox allows you to store secrets safely in a version control system (VCS) like Git, Mercurial, Subversion, or Perforce). The toolkit has several scripts to encrypt specific files in a repository by using GNU Privacy Guard (GPG).

salt-scanner


Salt-scanner is Linux vulnerability scanner based on Salt Open and Vulners audit API. It has Slack notifications and JIRA integration.

Infection Monkey


The Infection Monkey is a security tool to test the resiliency of a data center or network. It tries to breach the perimeter and infect any internal server. Upon success, it reports the status to the centralized Monkey Island server. This tool can help with automating security assessments or perform a self-assessment.

Latest release: 2.3.0 [Sept. 19, 2023]

By first letter

If you know the name, select the first character to see an overview for the related projects.

 A  - B  - C  - D  - E  - F  - G  - H  - I  - J  - K  - L  - M  - N  - O  - P  - Q  - R  - S  - T  - U  - V  - W  - X  - Y  - Z 

Tools by category

A
B
C
D
E
G
H
I
J
K
L
M
N
O
P
S
T
U
V
W
X
A
B
C
D
E
F
G
H
I
L
M
N
O
P
R
S
T
U
V
W