RSS feed icon for Linux security tools

Security Tools

The database consists of 379 security tools. Looking for new tools? The top 100 list of best security tools is a great start.


By first letter

Recently reviewed


Heralding is a simple honeypot to collect credentials. It supports common protocols like FTP, SSH, HTTP, etc.

Latest release: Release_1.0.0 [Dec. 28, 2017]
New tool!


ZGrab is a TLS banner grabber and written in Go. It works together with the ZMap utility. is a command line tool which checks a system on any port for the support of TLS/SSL ciphers, protocols, as well as some cryptographic flaws.

Latest release: 2.9.5.post1 [Sept. 20, 2017]


WhatWeb is a security tool written in Ruby to fingerprint web applications. It helps with detecting what software is used for a particular web application.

Latest release: 0.4.9 [Nov. 23, 2017]


Vallumd is a security tool using MQTT to provide centralized blacklists for multiple servers or systems.

Latest release: 0.1.3 [Feb. 10, 2017]


Nikto is an open source security scanner which tests web servers for potential vulnerabilities.


Certigo is a security tool to find information about different types of digital certificates and validate them. It can be used in scripts or manually.

Latest release: 1.9.2 [Nov. 8, 2017]

Exploit Pack

Exploit Pack is a penetration testing framework that works on Linux, macOS, and Windows. It focuses on automation of penetration testing assignments.


Metagoofil is an information gathering tool with focus extracting any metadata from public documents.


SSHsec scans a system running the SSH protocol and retrieves its configuration, host keys, and Diffie-Hellman groups.

Latest release: 1.4.0 [July 8, 2017]


SCUTUM is a security tool for Linux systems to filter network traffic. With this firewall functionality, it can allow only whitelisted network gateways.

Latest release: 2.4.2 [July 6, 2017]


Trawler is a platform for ingesting user phishing reports, processing, triage, and response. It provides a web interface to work the collected data.


not24get helps with password quality checking in OpenLDAP and is to be used together with ppolicy. It provides both an API for ppolicy and executable.


VulnFeed is a tool that sorts through vulnerability reports, providing a single report that is organized by the applications and services you are interested in.


The sslcaudit project helps with automated testing of SSL/TLS clients for resistance against MITM attacks.


VHostScan is a security tool that performs reverse lookups, can be used with pivot tools, detect catch-all scenarios, aliases, and dynamic default pages.

Latest release: 1.8 [Oct. 23, 2017]


OpenSSL is an open source project and provides a toolkit for Transport Layer Security (TLS) and Secure Sockets Layer (SSL) protocols.


Oscanner is an Oracle assessment framework to perform enumeration on Oracle installations. It is written in Java and provides a graphical overview of findings.


The swap_digger tool helps with extracting sensitive data from a mounted swap partition. It can be used for forensics, post exploitation, or data discovery.

Latest release: 1.0 [Aug. 7, 2017]


Dionaea is a honeypot that can emulate a range of services like FTP, HTTP, MySQL, and SMB. It can be used to see and learn how attackers work.


Kube-Bench is a security tool to perform a configuration audit of Kubernetes installations. It can be used to find flaws and improve system hardening.

Latest release: 0.0.7 [Jan. 11, 2018]


Thug is a low-interaction honeyclient to test for client-side attacks. It mimics a client application, like a web browser and sees if attack code is fired.

Latest release: 0.9.15 [Jan. 17, 2018]

Tools by category