Security tools
Introduction
When it comes to security tooling for Linux and other platforms, there is enough to choose from. Unfortunately, many tools and scripts are outdated or lack high-quality documentation. We are volunteering to index and categorize all security tools with an open source license.
Top 100
The database currently consists of 521 security tools. Looking for new tools? The top 100 tools is a great start.
Developer
Are you involved in the development of an open source security project? Have a look if we already indexed yours. If not, please submit a tool suggestion.
Find the right tool
Top 10 tools
Every week the list of tools is ranked. This is the current top 10 of tools, based on manual reviews and automatic project health measurements.
1. Vuls (agentless vulnerability scanner)
system hardening, vulnerability scanning
Vuls is a vulnerability scanner for Linux and FreeBSD. It is written in Go, agentless, and can use a remote login to find any software vulnerabilities. It has multiple levels of scanning, from a fast scan up to a deep scan with extensive analysis.
2. Frida (reverse engineering tool)
black-box testing, reverse engineering
Frida allows developers and researchers to inject custom scripts into black box processes. This way it can provide a hook into any function, allowing to trace executed instructions. The source code is not needed. Frida even allows direct manipulation and see the results. The tool comes with bindings for different programming languages, allowing to interact with processes. Example of the bindings that Frida provides include Python, Swift, .NET, Qt/Qml, and C API.
3. Faraday (collaboration tool for penetration testing)
collaboration, penetration testing, security assessment, vulnerability scanning
Faraday helps teams to collaborate when working on penetration tests or vulnerability management. It stores related security information in one place, which can be easily tracked and tested by other colleagues.
4. mitmproxy (TLS/SSL traffic interception)
network analysis, penetration testing, security assessment
The mitmproxy tool allows to intercept, inspect, modify, and replay traffic flows. It may be used for pentesting, troubleshooting, or learning about SSL/TLS.
5. Cryptomator (client-side encryption for cloud services)
data encryption
Cryptomator is a multi-platform tool for transparent client-side encryption of your files. It is used together with cloud services to ensure you are the only one who can access the data.
6. Buttercup for desktop (cross-platform password manager)
password management
The typical users have at least a multitude of ten when it comes to passwords. Ensuring that every website has a unique password and remembering, is almost impossible. Passwords managers like Buttercup help with the generation and secure storage of these secrets. It is freely available and open source, making it a good alternative for commercial options.
7. Privacy Badger (privacy protection for browsers)
privacy enhancement
Privacy Badger provides protection against website visitor trackers. These trackers come in the form of beacons or invisible pixels and have the goal to collect information about the browser. This data is often shared by third parties and used to create a profile of a particular browser. As minor differences for each user may lead to an individual user, these third parties may even link some of the data to the related individual. Tools like Privacy Badger do not provide guar…
8. MISP (Malware Information Sharing Platform)
fraud detection, information gathering, threat hunting
MISP collects, stores, and distributes security indicators and discovered threats. This makes the platform useful for those involved with security incidents and malware research. Users benefit from having a well-tested platform to structure the vast number of data points available when it comes to security threats. The tooling allows interaction with other tools, like security incident and event management (SIEM) and intrusion detection systems (IDS).
9. Zeek (network security monitoring tool)
security monitoring
Zeek helps to perform security monitoring by looking into the network's activity. It can find suspicious data streams. Based on the data, it alert, react, and integrate with other tools.
10. GRR Rapid Response (remote live forensics for incident response)
digital forensics, intrusion detection, threat hunting
The goal of the GRR tooling is to support digital forensics and investigations. By using a fast and scalable model, analysts can quickly perform their analysis. One of the main features is the ability to search for particular information or details. This process is called hunting.
Like to see more tools? Have a look at the top 100 list.
Recently reviewed
New and existing security tools are reviewed on a weekly basis.
Archery
Wapiti
Patator
BleachBit
OpenSCAP
Lynis
BlackBox
salt-scanner
Infection Monkey
By first letter
If you know the name, select the first character to see an overview for the related projects.
A - B - C - D - E - F - G - H - I - J - K - L - M - N - O - P - Q - R - S - T - U - V - W - X - Y - ZTools by category
- LFI discovery tools
- LFI exploitation tools
- Linux DFIR tools
- Linux attack detection tools
- Linux debugging tools
- Linux firewall software
- Linux forensic investigation tools
- Linux hardening tools
- Linux hardware security tools
- Linux malware analysis tools
- Linux malware detection tools
- Linux malware scanners
- Linux privilege management tools
- Linux reverse engineering tools
- Linux rootkit scanners
- Linux rootkits
- Linux security audit tools
- Linux security defense tools
- Linux security scanners
- Linux static analysis tools
- Linux vulnerability scanning tools
- Admin page scanners
- Anti-tracking tools
- Application backdooring tools
- Application detection tools
- Application fingerprinting tools
- Application firewalls
- Application functionality testing tools
- Application layer scanners
- Application privilege restriction tools
- Asset discovery tools
- Authentication libraries
- Authorization management tools
- Automatic exploitation tools
- Centralized and distributed firewall tools
- Certificate management tools
- Cipher scan tools
- Client honeypots
- Cloud security scanners
- Code security testing tools
- Command injection tools
- Company reconnaissance tools
- Compliance testing tools
- Compliance tools
- Configuration audit tools
- Container security tools
- Cross-site scripting scanners
- Cryptography libraries
- Data encryption tools
- Data enrichment tools
- Data excavation tools
- Data exfiltration tools
- Data integrity tools
- Data leak prevention tools
- Data leak scanners
- Data loss prevention tools
- Data sanitizing tools
- Data signing tools
- Data transfer tools
- Database security audit tools
- Database security tools
- Database vulnerability scanners
- Digital forensics tools
- Directory traversal fuzzers
- Domain reconnaissance tools
- Dork scanners
- Dorking tools
- Dynamic code analyzers
- Network defense tools
- Network intrusion detection tools
- Network packet generation tools
- Network port scanners
- Network protocol testing tools
- Network reconnaissance tools
- Network security monitoring tools
- Network sniffing tools
- Network threat detection tools
- Network traffic analysis tools
- Network traffic filtering tools
- Password crackers
- Password managers
- Password recovery tools
- Password security tools
- Password sniffing tools
- Password strength testers
- Payload injection tools
- Penetration testing frameworks
- Phishing tools
- Ping sweep tools
- Port knocking tools
- Post exploitation tools
- Privacy tools
- Privilege escalation tools
- Protocol multiplexers
- Secrets management software
- Secure development frameworks
- Secure file sharing tools
- Security automation tools
- Security awareness testing tools
- Security bypassing tools
- Security canaries
- Security collaboration tools
- Security design tools
- Security event management tools
- Security log analysis tools
- Security monitoring tools
- Security reporting tools
- Session hijacking tools
- Smart meter testing tools
- Social engineering attack tools
- Software enumeration tools
- Software identification tools
- Software stability testing tools
- Software version detection tools
- Spam scanners
- Static code analyzers
- Steganography tools
- Stress testing tools
- Subdomain enumeration tools
- Subdomain scanners
- Subdomain takeover tools
- System backdooring tools
- System enumeration tools
- System reconnaissance tools
- Web application backdooring tools
- Web application fingerprinting tools
- Web application firewalls
- Web application honeypots
- Web application information gathering tools
- Web application reconnaissance tools
- Web application scanners
- Web application security scanners
- Web application security tools
- Website reconnaissance tools
- Website security audit tools
- Wireless security testing tools
- Wordlist generators