RSS feed icon for Linux security tools

Security Tools

The database consists of 378 security tools. Looking for new tools? The top 100 list of best security tools is a great start.

Search

By first letter

Recently reviewed

WhatWeb


WhatWeb is a security tool written in Ruby to fingerprint web applications. It helps with detecting what software is used for a particular web application.

vallumd


Vallumd is a security tool using MQTT to provide centralized blacklists for multiple servers or systems.

Latest release: 0.1.3 [Feb. 10, 2017]

Nikto


Nikto is an open source security scanner which tests web servers for potential vulnerabilities.

Metagoofil


Metagoofil is an information gathering tool with focus extracting any metadata from public documents.

not24get


not24get helps with password quality checking in OpenLDAP and is to be used together with ppolicy. It provides both an API for ppolicy and executable.

OpenSSL


OpenSSL is an open source project and provides a toolkit for Transport Layer Security (TLS) and Secure Sockets Layer (SSL) protocols.

SCUTUM


SCUTUM is a security tool for Linux systems to filter network traffic. With this firewall functionality, it can allow only whitelisted network gateways.

Latest release: 2.4.2 [July 6, 2017]

Trawler


Trawler is a platform for ingesting user phishing reports, processing, triage, and response. It provides a web interface to work the collected data.

VulnFeed


VulnFeed is a tool that sorts through vulnerability reports, providing a single report that is organized by the applications and services you are interested in.

Exploit Pack


Exploit Pack is a penetration testing framework that works on Linux, macOS, and Windows. It focuses on automation of penetration testing assignments.

SSHsec


SSHsec scans a system running the SSH protocol and retrieves its configuration, host keys, and Diffie-Hellman groups.

Latest release: 1.4.0 [July 8, 2017]

sslcaudit


The sslcaudit project helps with automated testing of SSL/TLS clients for resistance against MITM attacks.

swap_digger


The swap_digger tool helps with extracting sensitive data from a mounted swap partition. It can be used for forensics, post exploitation, or data discovery.

Latest release: 1.0 [Aug. 7, 2017]

Certigo


Certigo is a security tool to find information about different types of digital certificates and validate them. It can be used in scripts or manually.

Latest release: 1.9.1 [May 16, 2017]

testssl.sh


testssl.sh is a command line tool which checks a system on any port for the support of TLS/SSL ciphers, protocols, as well as some cryptographic flaws.

Latest release: 2.8 [May 10, 2017]

VHostScan


VHostScan is a security tool that performs reverse lookups, can be used with pivot tools, detect catch-all scenarios, aliases, and dynamic default pages.

Latest release: 1.5.2 [Oct. 4, 2017]

Oscanner


Oscanner is an Oracle assessment framework to perform enumeration on Oracle installations. It is written in Java and provides a graphical overview of findings.

Dionaea


Dionaea is a honeypot that can emulate a range of services like FTP, HTTP, MySQL, and SMB. It can be used to see and learn how attackers work.

Kube-Bench


Kube-Bench is a security tool to perform a configuration audit of Kubernetes installations. It can be used to find flaws and improve system hardening.

Latest release: 0.0.4 [Aug. 15, 2017]

NoSQLMap


NoSQLMap is a security tool to perform database enumeration and determine available exploits. It can audit or attack a given database instance.

Thug


Thug is a low-interaction honeyclient to test for client-side attacks. It mimics a client application, like a web browser and sees if attack code is fired.

Latest release: 0.9.4 [Aug. 29, 2017]

OpenVAS


OpenVAS is a framework of several services and tools offering a vulnerability scanning and vulnerability management solution.

Latest release: 9 [March 8, 2017]

Tools by category