The database consists of 378 security tools. Looking for new tools? The top 100 list of best security tools is a great start.
By first letter
A - B - C - D - E - F - G - H - I - J - K - L - M - N - O - P - Q - R - S - T - U - V - W - X - Y - Z
WhatWeb is a security tool written in Ruby to fingerprint web applications. It helps with detecting what software is used for a particular web application.
Vallumd is a security tool using MQTT to provide centralized blacklists for multiple servers or systems.
Latest release: 0.1.3 [Feb. 10, 2017]
Nikto is an open source security scanner which tests web servers for potential vulnerabilities.
Metagoofil is an information gathering tool with focus extracting any metadata from public documents.
not24get helps with password quality checking in OpenLDAP and is to be used together with ppolicy. It provides both an API for ppolicy and executable.
OpenSSL is an open source project and provides a toolkit for Transport Layer Security (TLS) and Secure Sockets Layer (SSL) protocols.
SCUTUM is a security tool for Linux systems to filter network traffic. With this firewall functionality, it can allow only whitelisted network gateways.
Latest release: 2.4.2 [July 6, 2017]
Trawler is a platform for ingesting user phishing reports, processing, triage, and response. It provides a web interface to work the collected data.
VulnFeed is a tool that sorts through vulnerability reports, providing a single report that is organized by the applications and services you are interested in.
Exploit Pack is a penetration testing framework that works on Linux, macOS, and Windows. It focuses on automation of penetration testing assignments.
SSHsec scans a system running the SSH protocol and retrieves its configuration, host keys, and Diffie-Hellman groups.
Latest release: 1.4.0 [July 8, 2017]
The sslcaudit project helps with automated testing of SSL/TLS clients for resistance against MITM attacks.
The swap_digger tool helps with extracting sensitive data from a mounted swap partition. It can be used for forensics, post exploitation, or data discovery.
Latest release: 1.0 [Aug. 7, 2017]
Certigo is a security tool to find information about different types of digital certificates and validate them. It can be used in scripts or manually.
Latest release: 1.9.1 [May 16, 2017]
testssl.sh is a command line tool which checks a system on any port for the support of TLS/SSL ciphers, protocols, as well as some cryptographic flaws.
Latest release: 2.8 [May 10, 2017]
VHostScan is a security tool that performs reverse lookups, can be used with pivot tools, detect catch-all scenarios, aliases, and dynamic default pages.
Latest release: 1.5.2 [Oct. 4, 2017]
Oscanner is an Oracle assessment framework to perform enumeration on Oracle installations. It is written in Java and provides a graphical overview of findings.
Dionaea is a honeypot that can emulate a range of services like FTP, HTTP, MySQL, and SMB. It can be used to see and learn how attackers work.
Kube-Bench is a security tool to perform a configuration audit of Kubernetes installations. It can be used to find flaws and improve system hardening.
Latest release: 0.0.4 [Aug. 15, 2017]
NoSQLMap is a security tool to perform database enumeration and determine available exploits. It can audit or attack a given database instance.
Thug is a low-interaction honeyclient to test for client-side attacks. It mimics a client application, like a web browser and sees if attack code is fired.
Latest release: 0.9.4 [Aug. 29, 2017]
OpenVAS is a framework of several services and tools offering a vulnerability scanning and vulnerability management solution.
Latest release: 9 [March 8, 2017]
Tools by category
- Anti-tracking tools
- API security testing tools
- Application backdooring tools
- Application detection tools
- Application functionality testing tools
- Application layer scanners
- Application privilege restriction tools
- ARP poisoning tools
- ARP scan tools
- ARP spoofing tools
- Asset discovery tools
- Authentication libraries
- AWS security tools
- Database security audit tools
- Database security tools
- Data encryption tools
- Data excavation tools
- Data exfiltration tools
- Data integrity tools
- Data loss prevention tools
- Data sanitizing tools
- Data signing tools
- Data transfer tools
- Denial-of-Service tools
- DHCP security testing tools
- Digital forensics tools
- Directory traversal fuzzers
- Django security libraries
- Django security tools
- DNS enumeration tools
- DNS proxy tools
- DNS reconnaissance tools
- Docker security tools
- Domain reconnaissance tools
- Dork scanners
- Dynamic code analyzers
- LFI discovery tools
- LFI exploitation tools
- Linting tools
- Linux attack detection tools
- Linux DFIR tools
- Linux firewall software
- Linux hardening tools
- Linux malware analysis tools
- Linux malware detection tools
- Linux reverse engineering tools
- Linux rootkits
- Linux security audit tools
- Linux security defense tools
- Linux security scanners
- Linux static analysis tools
- Linux vulnerability scanning tools
- Network defense tools
- Network intrusion detection tools
- Network packet generation tools
- Network port scanners
- Network protocol testing tools
- Network security monitoring tools
- Network sniffing tools
- Network threat detection tools
- Network traffic analysis tools
- Network traffic filtering tools
- NFS security testing tools
- Password crackers
- Password managers
- Password security tools
- Password strength testers
- Payload injection tools
- Penetration testing frameworks
- Phishing tools
- PHP hardening tools
- PHP security scanners
- Ping sweep tools
- Port knocking tools
- Post exploitation tools
- Privacy tools
- Privilege escalation tools
- Python decompilers
- Python security tools
- Secrets management software
- Secure development frameworks
- Security automation tools
- Security awareness testing tools
- Security bypassing tools
- Security collaboration tools
- Security design tools
- Security event management tools
- Security log analysis tools
- Security monitoring tools
- Security reporting tools
- SIEM tools
- Smart meter testing tools
- SMB enumeration tools
- Social engineering attack tools
- Software enumeration tools
- Software stability testing tools
- Software version detection tools
- SQLi exploitation tools
- SQL vulnerability scanners
- SSH configuration scanners
- SSH honeypots
- SSH security audit tools
- SSL strippers
- SSL/TLS MitM detection tools
- SSL/TLS MitM tools
- SSL/TLS scanners
- SSL/TLS sniffers
- Static code analyzers
- Steganography tools
- Stress testing tools
- System backdooring tools
- WAF security tools
- Web application backdooring tools
- Web application fingerprinting tools
- Web application firewalls
- Web application honeypots
- Web application scanners
- Website reconnaissance tools
- Website security audit tools
- WiFi security analysis tools
- Wireless security testing tools
- WordPress exploiting tools
- WordPress fingerprinting tools
- WordPress security tools