Find the right tool
The database consists of 405 security tools. Looking for new tools? The top 100 list of best security tools is a great start.
By first letterA - B - C - D - E - F - G - H - I - J - K - L - M - N - O - P - Q - R - S - T - U - V - W - X - Y - Z
Tools by category
- Amazon S3 bucket scanners
- Anti-tracking tools
- API security testing tools
- Application backdooring tools
- Application detection tools
- Application functionality testing tools
- Application layer scanners
- Application privilege restriction tools
- ARP poisoning tools
- ARP scan tools
- ARP spoofing tools
- Asset discovery tools
- Authentication libraries
- AWS security tools
- Database security audit tools
- Database security tools
- Data encryption tools
- Data excavation tools
- Data exfiltration tools
- Data integrity tools
- Data loss prevention tools
- Data sanitizing tools
- Data signing tools
- Data transfer tools
- Denial-of-Service tools
- DHCP security testing tools
- Digital forensics tools
- Directory traversal fuzzers
- Django security libraries
- Django security tools
- DNS enumeration tools
- DNS proxy tools
- DNS reconnaissance tools
- Docker security tools
- Domain reconnaissance tools
- Dork scanners
- Drupal security scanners
- Dynamic code analyzers
- LFI discovery tools
- LFI exploitation tools
- Linting tools
- Linux attack detection tools
- Linux DFIR tools
- Linux firewall software
- Linux forensic investigation tools
- Linux hardening tools
- Linux malware analysis tools
- Linux malware detection tools
- Linux malware scanners
- Linux reverse engineering tools
- Linux rootkits
- Linux rootkit scanners
- Linux security audit tools
- Linux security defense tools
- Linux security scanners
- Linux static analysis tools
- Linux vulnerability scanning tools
- Live forensics tools
- Network defense tools
- Network intrusion detection tools
- Network packet generation tools
- Network port scanners
- Network protocol testing tools
- Network reconnaissance tools
- Network security monitoring tools
- Network sniffing tools
- Network threat detection tools
- Network traffic analysis tools
- Network traffic filtering tools
- NFS security testing tools
- Password crackers
- Password managers
- Password security tools
- Password strength testers
- Payload injection tools
- Penetration testing frameworks
- Phishing tools
- PHP hardening tools
- PHP security scanners
- Ping sweep tools
- Port knocking tools
- Post exploitation tools
- Privacy tools
- Privilege escalation tools
- Python decompilers
- Python security tools
- Secrets management software
- Secure development frameworks
- Security automation tools
- Security awareness testing tools
- Security bypassing tools
- Security collaboration tools
- Security design tools
- Security event management tools
- Security log analysis tools
- Security monitoring tools
- Security reporting tools
- SIEM tools
- Smart meter testing tools
- SMB enumeration tools
- Social engineering attack tools
- Software enumeration tools
- Software stability testing tools
- Software version detection tools
- SQLi exploitation tools
- SQL vulnerability scanners
- SSH configuration scanners
- SSH honeypots
- SSH security audit tools
- SSL analyzer tools
- SSL strippers
- SSL/TLS MitM detection tools
- SSL/TLS MitM tools
- SSL/TLS scanners
- SSL/TLS sniffers
- Static code analyzers
- Steganography tools
- Stress testing tools
- Subdomain enumeration tools
- Subdomain scanners
- Subdomain takeover tools
- System backdooring tools
- System enumeration tools
- System reconnaissance tools
- WAF security tools
- Web application backdooring tools
- Web application fingerprinting tools
- Web application firewalls
- Web application honeypots
- Web application information gathering tools
- Web application reconnaissance tools
- Web application scanners
- Web application security scanners
- Web application security tools
- Website reconnaissance tools
- Website security audit tools
- WiFi security analysis tools
- Wireless security testing tools
- WordPress exploiting tools
- WordPress fingerprinting tools
- WordPress security tools
GRR is a security tool for live forensics on remote systems. It uses a client-server model to obtain information from the systems and store them centrally.
Latest release: 18.104.22.168 [March 12, 2018]
Lynis is a security auditing tool for systems running Linux, macOS, or Unix. It can be used for security assessments and configuration audits.
Latest release: 2.6.3 [March 7, 2018]
MIG (Mozilla InvestiGator)
MIG, or Mozilla InvestiGator, is a security tool to perform forensic investigation in real-time on Linux, macOS, and Windows systems.
Kubeaudit is a command line tool to audit Kubernetes clusters. It helps to test on various security risks, that may be introduced during deployment.
Latest release: 0.2.0 [Nov. 6, 2017]
chkrootkit is a malware scanner to locally check for signs of a rootkit. It is written in shell script and runs on the host system itself.
Kube-Bench is a security tool to perform a configuration audit of Kubernetes installations. It can be used to find flaws and improve system hardening.
Latest release: 0.0.14 [April 4, 2018]
SubFinder is a subdomain discovery tool. This can be useful to learn more about a particular target and available subdomains.
Docker Bench for Security is a small security scanner to perform several tests that are part of the Docker CIS benchmark.
Latest release: 1.3.3 [Oct. 6, 2017]
K8Guard is an accounting or monitoring system for Kubernetes clusters. It monitors resources and warns those who misbehave according to the defined rules.
Latest release: 1.0.1 [July 22, 2017]
Rootkit Hunter (rkhunter)
Security tool to search for traces of rootkits, backdoors, and other malicious components on systems running Linux and other flavors of Unix
Latest release: 1.4.4 [June 29, 2017]
SubOver is a security tool to with the goal to take over subdomains. This can be used as part of security assessment or obtaining bug bounties.
Th3inspector is an information gathering tool to collect information about domains, DNS, web applications, and more. It may be used for security assessments.
Sublist3r is a security tool to scan a domain and attempt the discovery of underlying subdomains. This can be used during pentesting and security assessments.
Aircrack-ng is a security toolkit to perform WiFi auditing. It can be useful for security assessments to test the security of the wireless network.
Latest release: 1.2 [April 15, 2018]
BuQuikker is a security tool to scan the Amazon S3 storage service. Its goal is to find open and unprotected S3 buckets.
Archery is a Django-based application to perform vulnerability assessments and do vulnerability management.
Latest release: ARCHERY-v1.0-beta [March 19, 2018]
ssldump is protocol analyzer for SSLv3/TLS network traffic. It identifies TCP connections on the chosen network interface and tries to interpret it.
LUNAR is a security scanner that runs on a Linux system or other flavors of Unix. It provides insights on what can be done to harden the system.
AWSBucketDump is a security tool to find interesting files in AWS S3 buckets that are part of Amazon cloud services.
GitMiner is a security tool to scan a Git repository for data leaks that may reveal sensitive information like authentication details.
The sqlmap performs automatic SQL injection and can take over a database. It is a valued tool for pentesters and those who want to test their web applications.
Latest release: 1.2 [Jan. 8, 2018]
s3-fuzzer is a security tool to find sensitive data stored in Amazon S3 buckets. It can be used during security assessments.
Latest release: 0.0.1 [July 16, 2017]
Gitrob is a security tool to find sensitive information on GitHub. During the audit, it may detect passwords, API keys, or other secrets.