Linux Security Tools
Looking for new tools to extend your tool box? The top 100 list of best Linux security tools is a great start.
- API security testing tools
- Application detection tools
- ARP poisoning tools
- ARP scan tools
- AWS security tools
- Binary analysis tools
- Certificate management tools
- Cipher scan tools
- Command injection tools
- Compliance testing tools
- Configuration audit tools
- Database security tools
- Data excavation tools
- Data loss prevention tools
- Digital forensics tools
- DNS proxy tools
- Docker security tools
- Domain reconnaissance tools
- ELF parser tools
- Exchange security testing tools
- File integrity monitoring tools
- Firewall management tools
- Fuzzing frameworks
- HTTPS scanning tools
- Information leaks monitoring tools
- Intelligence gathering tools
- IOC tools
- LFI discovery tools
- LFI exploitation tools
- Linux DFIR tools
- Linux firewall software
- Linux hardening tools
- Linux malware analysis tools
- Linux malware detection tools
- Linux reverse engineering tools
- Linux security audit tools
- Linux security defense tools
- Linux security scanners
- Linux static analysis tools
- Linux vulnerability scanning tools
- Mass audit tools
- Metasploit payload generators
- MitM protection tools
- Network intrusion detection tools
- Network packet generation tools
- Network port scanners
- Network protocol testing tools
- Network sniffing tools
- Network threat detection tools
- Network traffic filtering tools
- Open source intelligence tools
- OS fingerprinting tools
- Password crackers
- Payload injection tools
- PHP hardening tools
- PHP security scanners
- Ping sweep tools
- Port knocking tools
- Post exploitation tools
- Secrets management software
- Security automation tools
- Security collaboration tools
- Security design tools
- Security event management tools
- Security log analysis tools
- Security reporting tools
- SIEM tools
- SMB enumeration tools
- SQLi exploitation tools
- SSH configuration scanners
- SSH security audit tools
- SSL strippers
- SSL/TLS MitM tools
- SSL/TLS scanners
- SSL/TLS sniffers
- Steganography tools
- Stress testing tools
- Threat hunting tools
- Vulnerability scanners
- Web application fingerprinting tools
- Web application honeypots
- Website reconnaissance tools
- Website security audit tools
- Wireless security testing tools
- WordPress exploiting tools
- WordPress fingerprinting tools
- WordPress security tools
By first letter
A - B - C - D - E - F - G - H - I - J - K - L - M - N - O - P - Q - R - S - T - U - V - W - X - Y - Z
0d1n is a security tool to perform fuzzing of web applications and discover potential security issues. It is commonly used during security assignments.
Latest release: 2.3 [Jan. 14, 2017]
0trace is a reconnaissance tool to enable hop enumeration within an existing TCP connection. It can be used to bypass firewalls.
The 0trace.py utility is a rewrite of 0trace (by another author) to perform reconnaissance and bypass network firewalls.
Addrwatch is a tool similar to arpwatch to monitor IPv4/IPv6 and ethernet address pairing.
Latest release: 1.0.1 [May 17, 2017]
Admin Page Finder is a tool written in PHP to find admin sections within a website. It can be used during pentesting and security assessments.
AESKeyFinder is a tool to find 128-bit and 256-bit AES keys in a memory image.
afl (American fuzzy lop)
American fuzzy lop, or afl, is a security-oriented fuzzer. It helps with testing software to find unexpected results within applications.
AIL is a framework to analyze potential information leaks from unstructured data sources. For example, this may include data from Pastebin and similar services.
Albatar is an alternative to tools like sqlmap to find and exploit SQL injection vulnerabilities. However, this tool focuses on the exploitation side.
Latest release: 1.1.4 [Aug. 8, 2017]
APT2 is a tool written by Adam Compton and Austin Lane to help pentesters automate mundane scanning tasks. It leverages scan results from Nexpose, Nessus, or Nm
Latest release: 1.0-20170613 [June 14, 2017]
Web Application Security Scanner aimed towards helping users evaluate the security of web applications
Latest release: 1.5.1 [March 29, 2017]
Utility like pkg-audit for Arch Linux to find vulnerable packages on the system
Latest release: 0.1.8 [Feb. 16, 2017]
arping is a tool for the discovery of hosts on a computer network using the Address Resolution Protocol (ARP).
Latest release: arping-2.19 [July 9, 2017]
Arpoison is a small utility to send custom ARP packets. It can be used during security assessments and pentests.
ArpON is a host-based tool to improve the security of the Address Resolution Protocol (ARP).
arp-scan is a security tool that sends ARP packets to hosts on the local network. Any responses to the requests are displayed.
Assimilator is a firewall orchestration tool. It allows configuration and automation of firewall rules by proxy requests to different types of firewalls.
Latest release: 1.2.3 [July 21, 2017]
ATSCAN is a security tool to perform a mass exploitation scan on search engines. It discovers targets that may be susceptible to exploitation.
Latest release: 12.2.1 [Aug. 3, 2017]
The AutoNessus tool helps with automating vulnerability scans via the Nessus API. It lists policies and can configure the state of scans.
The bane tool is an AppArmor profile generator for Docker containers. It helps with creating the appropriate profile for confinement on system level.
Latest release: 0.2.2 [June 7, 2017]
The Browser Exploitation Framework (or BeEF) is a penetration testing tool that focuses on the web browser.
Belati is security tool to collect public data and information and calls itself a Swiss army knife for OSINT purposes.
Latest release: 0.2.2-dev [June 20, 2017]
BetterCAP is a complete, modular, portable and easily extensible MitM tool and framework. It is maintained well and appreciated by many.
Latest release: 1.6.1 [June 29, 2017]
Bingrep is a utility that can be described as the 'grep for binaries'. It runs on Linux and helps with reverse engineering and malware analysis.
Bitscout is a security tool that allows professionals performing digital forensics remotely. The toolkit creates a live-cd for this purpose.
BleachBit is an open source tool focused on maintaining your privacy by cleaning up sensitive data on the system.
Latest release: 1.17 [Feb. 22, 2017]
BlindElephant is a security tool to perform fingerprinting of web applications. It can discover the name and version of known web applications.
Boofuzz is a fork of Sulley fuzzing framework after its maintenance dropped. Besides numerous bug fixes, boofuzz aims for extensibility.
Latest release: 0.0.8 [May 7, 2017]
BoopSuite a wireless pentesting suite to perform security auditing and test wireless networks. It can be used for penetration tests and security assignments.
Latest release: v.1 [Aug. 13, 2017]
Brakeman is a static code analysis tool for Ruby on Rails to perform a security review. It comes as an open source project with optional commercial support.
Latest release: 3.7.1 [Aug. 14, 2017]
Bro is a network security monitoring tool (NSM) and helps with monitoring. It can also play an active rol in performing forensics and incident response.
Latest release: 2.5.1 [June 26, 2017]
CAIRIS is a tool to specify and model secure and usable systems. It helps to support the elements necessary for usability, requirements, and risk analysis.
Latest release: 1.2.16 [April 22, 2017]
Google's Certificate Transparency project audits the way SSL/TLS certificates are used and its underlying cryptographic system.
The tool changeme is a credential scanner for default usernames and passwords, or common combinations of these.
Latest release: 0.6.0 [March 26, 2017]
chkrootkit is a malware scanner to locally check for signs of a rootkit. It is written in shell script and runs on the host system itself.
Latest release: 0.52 [March 15, 2017]
Cipherscan is a tool to test the ordering of SSL/TLS ciphers on a given target. It tests the major versions of SSL, TLS, and any extensions of these protocols.
Clair is an open source container analyzer. It performs static analysis of container images and correlates their contents with public vulnerability databases.
Latest release: 2.0.1 [June 20, 2017]
ClamAV is an open source antivirus engine. It can detect malicious software (malware) like trojans, viruses, backdoors and other related threats.
Latest release: 0.99.2 [May 3, 2017]
CMSmap is a security tool to perform reconnaissance on a web target. It helps with the detection of several popular content management systems (CMS).
Commit is a security tool to test web applications and find vulnerabilities related to command injection attacks. It can be used during security assignments.
Latest release: 2.0.post20170714 [July 14, 2017]
Latest release: 1.10.0 [May 9, 2017]
Conpot is an ICS honeypot to collect intelligence and information about attacks against industrial control systems. It is written in Python.
Cowrie is a honeypot to emulate SSH and telnet services. It can be used to learn attack methods and as an additional layer for security monitoring.
Latest release: 1.2.0 [July 10, 2017]
Cppcheck is a static code analysis tool for C and C++ code. It helps to discover bugs that would not be picked up by compilers, yet avoid any false positives.
Latest release: 1.79 [May 13, 2017]
Cuckoo Sandbox (cuckoo)
Cuckoo Sandbox is a malware analysis system. By feeding it suspicious files, Cuckoo can provide detailed findings on what a file did and how it behaved.
Latest release: 2.0.3 [May 19, 2017]
cve-search is a security tool to import CVE and CPE data and enable it to be searched. It can be used to detect vulnerabilities on the system.
Cyphon is an incident management and response platform to deal with incoming alerts and messages. It is multi-purpose and can be used for information security.
Latest release: 1.4.1 [Aug. 14, 2017]
Damn Small FI Scanner (DSFS)
Damn Small JS Scanner (DSJS)
Damn Small SQLi Scanner (DSSS)
Damn Small Vulnerable Web (DSVW)
Damn Small XSS Scanner (DSXS)
DarkJPEG is an open source steganography web service. It can hide data, which gets hidden in a JPEG. All with anonymity and plausible deniability in mind.
DataSploit is a framework to perform intelligence gather to discover credentials, domain information, and other information related to the target.
Latest release: 1.0 [June 30, 2017]
DbDat is a security tool to perform several checks on a database to evaluate its security level. It includes configuration checks, privileges, and account detai
DBShield is a gateway between an application and actual database engine. Its goal is to protect against SQL injections and other database attacks.
Latest release: 1.0b0 [Oct. 15, 2016]
DET is a proof of concept to perform data exfiltration using either single or multiple channels at the same time.
Detective helps to find information that you are not supposed to see. It focuses on information disclosure and sensitive data exposure vulnerabilities.
Latest release: 1.0.1 [July 20, 2017]
Diamorphine is a so-called LKM rootkit for Linux. It runs on different kernels in the 2.6, 3.x, and 4.x branch.
Dirsearch is a tool to guide security professionals to find possible information leaks or sensitive data. It does this by looking for directory and file names.
DirSearch is a scanning tool to find directories and files on web applications. It is a remake of the dirsearch tool that was created by Mauro Soria.
Django-axes is a reusable app for Django to limit the brute force login attempts for your web application.
Latest release: 2.3.3 [July 20, 2017]
django-defender (Django Defender)
Django-defender is a reusable app for Django that blocks people from performing brute forcing login attempts.
Latest release: 0.4.3 [April 14, 2017]
DNSChef is a highly configurable DNS proxy for penetration testers and malware analysts
The dnsteal tool can be used to stealthily send data over DNS requests. It may be used to test data loss prevention (DLP) tools.
Docker Bench for Security is a small security scanner to perform several tests that are part of the Docker CIS benchmark.
Latest release: 1.3.2 [March 30, 2017]
Dockerscan is a Docker toolkit for security analysis which includes attacking tools. It is more focused on side of the offensive than defensive.
DorkNet helps with the discovery of vulnerable web apps. It is a script written in Python that leverages Selenium.
Douane is an application firewall that interacts with the user to allow or deny new network connections.
DVIA (Damn Vulnerable iOS Application)
DVIA is short for Damn Vulnerable iOS Application, which provides an example to learn about vulnerabilities in iOS applications.
The elf2json converts an ELF binary into JSON output and helping with reverse engineering and malware analysis.
The evilredis tool is an offensive security program for pentesting Redis databases. It can scan the target and perform different actions on it.
Fail2Ban is an intrusion prevention software framework that protects computer servers from brute-force attacks
Latest release: 0.10.0 [Aug. 9, 2017]
fimap is a tool written in Python to find, prepare, audit, exploit local and remote file inclusion bugs in web applications.
Findsploit is a simple script to search both local and online exploit databases. Typically this is used by penetration testers during a security assignment.
Latest release: 1.5 [June 19, 2017]
Flunym0us is a security scanner for WordPress and Moodle installations. The tool tests the security of the installation by performing enumeration attempts.
Fuzzapi is a security tool to test a REST API using fuzzing. It can be used for security assessments and penetration tests.
Gitem is a reconnaissance tool to extract information about organizations on GitHub. It can be used to find the leaking of sensitive data.
Latest release: 0.5.1 [Nov. 30, 2016]
Gitrob is a security tool to find sensitive information on GitHub. During the audit, it may detect passwords, API keys, or other secrets.
Latest release: 1.1.2 [April 9, 2017]
Glastopf is a honeypot for web applications. It is written in Python and collects all kind of attacks against it for further analysis.
Hashcat is a well-known tool to crack passwords. It has advanced features to improve performance, allow session resumption, and more.
Latest release: 3.6.0 [June 9, 2017]
HoneyPi is a tool to turn a Raspberry Pi into a honeypot. It can be used to learn about any network scanning activity and take actions.
Latest release: 2 [July 18, 2017]
A proof-of-concept honeypot to mimic a printer. May be used to detect attacks against printers and better understand the related risks or required defenses.
HoneyPy is a low interaction honeypot written in Python, yet has additional capabilities. Plugins can be created to emulate services that run on UDP or TCP.
Latest release: 0.6.3 [July 25, 2017]
HonTel is a honeypot that emulates the telnet service within a chroot environment. It can be used to learn about enumeration activities or new attack methods.
hping is a tool to assemble and analyze TCP/IP packets. The interface is looks like the common ping command, yet allows more than just ICMP echo requests.
hsecscan performs a security scan of a website and analyses any discovered HTTP headers. For each header, it will provide details and recommendations.
Latest release: None [June 13, 2017]
ident-user-enum is a Perl script to query the ident service, which runs on TCP port 113. It tries to figure out the owner of running processes on the target.
IKEForce is a command line utility to brute force VPN connections (IPSEC) that allow group name/ID enumeration and XAUTH.
Infoga is a tool to gather email information from different public sources (search engines, pgp key servers, etc).
InstaRecon is a security tool that can help with the reconnaissance phase of a penetration test. It can collect a number of data points with limited input.
IVRE is a framework to perform reconnaissance for network traffic. It leverages other tools to pull in the data and show it in the web interface.
Latest release: 0.9.6 [June 26, 2017]
Jackhammer is a collaboration tool to get security and developer teams together. Focus is on static code analysis and dynamic analysis vulnerability discovery.
Jawfish is a security tool to test web applications. It can find related exploits and update according to an internal database.
JBoss Autopwn is an exploitation tool for JBoss installations. To deploy its payload, the tool uses Metasploit, Netcat, and cURL.
JexBoss is a security tool to verify and exploit vulnerabilities in JBoss applications. It can be used for security assignments and pentests.
John the Ripper is a mature password cracker to find weak or known passwords.
JShielder is a security tool for Linux systems to make them more secure by adding system hardening measures.
Karn is a tool to create AppArmor and seccomp profiles. This can be useful to restrict what applications can do for increased security.
KeePassX is a cross platform application to store sensitive information like usernames, passwords, and other secret.
Latest release: 2.0.3 [Oct. 8, 2016]
KeePassXC is a cross-platform platform to store sensitive data like passwords, keys, and other secrets. It has a graphical user interface and is written in C++.
Latest release: 2.2.0 [June 25, 2017]
The keimpx security tool can be used to check for valid credentials across a network. It uses the SMB protocol, typically used on Microsoft Windows and others.
Kippo is a honeypot for SSH connections and written in Python. It can be used to learn about the scripts and attacks that are commonly used against SSH.
Kitty is a modular and extensible fuzzing framework written in Python. It is inspired by OpenRCE's Sulley and Michael Eddington's Peach Fuzzer tool.
Latest release: 0.7.1 [March 31, 2017]
A port knocking implementation to make network ports to become stealth or trigger events based on a port knocking sequence.
Kwetza is a Python script to inject existing Android applications with a Meterpreter payload. It can be used during penetrating testing or security assessments.
Larp is a tool to perform ARP poisoning on the network. It is written in Python and can be used for security assessments.
Lemur manages TLS certificate creation and the underlying process that is required. It acts as a broker between a certificate authority (CA) and the environment
Latest release: 0.5.0 [April 8, 2017]
Leviathan is a security tool to provide a wide range of services including service discovery, brute force, SQL injection detection, and exploit capabilities.
Latest release: 0.1.2 [April 29, 2017]
LFI Freak is a tool to help finding and exploiting local file inclusions (LFI). It has a particular focus on using PHP Input, PHP Filter, and Data URI methods.
LIEF is a library to analyze executable formats like ELF, MachO, and PE. It can be used during reverse engineering, binary analysis, and malware research.
Latest release: 0.7.0 [July 1, 2017]
Linux Malware Detect (LMD) is a malware scanner for systems running Linux. The open source software project is released with the GPLv2 license.
Latest release: 1.6.2 [July 14, 2017]
Loki is security tool to find so-called indicators of compromise (IOC). It does this by scanning files and then uses pattern matching.
Latest release: 0.24.1 [Aug. 15, 2017]
LPFW (LeoPard FloWer)
LUNAR is a security scanner that runs on a Linux system or other flavors of Unix. It provides insights on what can be done to harden the system.
Security auditing tool for systems running Linux or Unix-based to perform an in-depth health check.
Latest release: 2.5.3 [Aug. 17, 2017]
Malscan is a tool that sells itself as the robust ClamAV-based malware scanner for web servers. It can use signatures from multiple sources to perform scanning.
Maltrail monitors for traffic on the network that might indicate system compromise or other bad behavior. It is great for intrusion detection and monitoring.
MassBleed is a SSL vulnerability scanner to check for several known vulnerabilities and attacks like DROWN, POODLE, and ShellShock.
Masscan is a security tool to perform a network scan for many systems at once. It is optimized asynchronous transmissions to achieve its performance.
Latest release: 1.0.4 [June 6, 2017]
MAT (Metadata Anonymisation Toolkit)
MAT is a privacy tool to remove metadata from files. This enhances your privacy levels by removing those bits of data that may store sensitive information.
Metagoofil is an information gathering tool with focus extracting any metadata from public documents.
Metasploit is a framework that consists of tools to perform security assignments. It focuses on the offensive side of security and leverages exploit modules.
The mimipenguin tools extracts and dumps discovered login passwords for an active Linux user. It is inspired by the mimikatz tool for Windows.
The mimipy tool is based on the work of mimipenguin and ported to Python. It can extract passwords from memory or overwrite them to prevent capture.
The mitmproxy tool allows to intercept, inspect, modify, and replay traffic flows. It may be used for pentesting, troubleshooting, or learning about SSL/TLS.
Latest release: 2.0.2 [April 25, 2017]
Mongoaudit performs a security audit on MongoDB instances. It can be used to test if the right security measures are taken and detect room for improvement.
Latest release: 0.0.3 [Feb. 16, 2017]
Netcat can be used to set up network connections via TCP or UDP and have roles like port scanning, transferring files, port listening, or even as a backdoor.
nftables is a subsystem of the Linux kernel to filter and classify network traffic and supposed to replace netfilter.
Latest release: 0.7 [Dec. 20, 2016]
Nikto is an open source security scanner which tests web servers for potential vulnerabilities.
Nix-Auditor is a tool to help with scanning Linux systems and test them against CIS benchmarks.
Latest release: 1.1 [May 18, 2017]
Nmap is a security scanner that can perform a port scan, network exploration, and determine vulnerabilities
Latest release: 7.60 [Aug. 1, 2017]
not24get helps with password quality checking in OpenLDAP and is to be used together with ppolicy. It provides both an API for ppolicy and executable.
ntopng is the successor of the original ntop utility. It shows network usage by capturing traffic and provide insights on the usage.
Latest release: 3.0 [June 1, 2017]
Tools to assist administrators and auditors with assessment, measurement and enforcement of security baselines
Latest release: 1.2.14 [March 21, 2017]
OpenSnitch is a Linux port of the popular macOS Little Snitch application firewall
OpenSSH is the much-used connectivity tool for remote administration. It uses the SSH protocol and encrypts all traffic to eliminate attacks like eavesdropping.
OpenSSL is an open source project and provides a toolkit forTransport Layer Security (TLS) and Secure Sockets Layer (SSL) protocols.
OpenStego is a free steganography solution to hide data in other files like images, or add a watermark to them.
Latest release: 0.7.1 [April 29, 2017]
OpenVAS is a framework of several services and tools offering a vulnerability scanning and vulnerability management solution.
Latest release: 9 [March 8, 2017]
Orthrus is a security framework and auditing tool. It allows monitoring and analyzing security configurations across multiple environments.
O-Saft is a security tool to show information about SSL certificates. It tests the SSL connection with the given list of ciphers and configuration.
Latest release: 17.7.17 [July 25, 2017]
Oscanner is an Oracle assessment framework to perform enumeration on Oracle installations. It is written in Java and provides a graphical overview of findings.
OSHP (OWASP Secure Headers Project)
The OSHP project collects data regarding HTTP headers and their usage. It tries to inform adoption rates and increase usage.
The osquery tool allows querying your Linux, Windows, and macOS infrastructure. It can help with intrusion detection, infrastructure reliability, or compliance.
Latest release: 2.6.0 [July 24, 2017]
OSRFramework is an open source research framework. The project helps with information gathering and can be classified as an OSINT tool.
OSSEC is an open source host-based intrusion detection system (HIDS). It performs log analysis, integrity checking, rootkit detection, and more.
Latest release: 2.9.1 [June 19, 2017]
OWTF (Offensive Web Testing Framework)
The OWTF project (Offensive Web Testing Framework) unites tools for penetrating testing. Most parts are written in Python.
Latest release: 2.1a0 [April 25, 2017]
P0f is a security tool that utilizes passive traffic fingerprinting mechanisms to identify the systems behind any incidental TCP/IP communications.
Pangu is a small toolset to mess around with debugging-related tools from the GNU project like GDB.
Panoptic is a tool that automates the process of search and retrieval of content for common log and config files through path traversal vulnerabilities.
Parse is a security scanner to perform static analysis on PHP code potential security-related issues. As it is a static scanner, no code is executed.
Parsero is a Python script to analyze robots.txt on web servers. It specifically looks for the Disallow entries and checks which entries might be accessible.
The pass utility is also known as password-store. It uses GPG and Unix directories to store passwords and others secrets.
Latest release: 1.7.1 [April 13, 2017]
With passhport SSH access can be done via a centralized system. There is support for roles, accounting, and authorizations of what commands can be used.
Passmgr is a simple portable password manager written in Go. It helps with storing secrets, like passwords and API keys.
Latest release: 1.0.1 [July 1, 2017]
pass-rotate is a library and command-line tool to rotate password on various web services. It allows for bulk changing your passwords.
Patator is a security tool to perform enumeration or brute-force attempts to discover authentication details. It can be used during penetration testing.
PCredz is a tool to extract sensitive data from pcap files like credit card numbers, session information, and authentication details.
peepdf is a tool to explore a PDF file in order to find out if the file can be harmful or not. It helps security researchers in simplifying the analysis of PDF
PHP Malware Finder is a tool to find malicious PHP scripts. This threat is common for most web hosters and websites of their customers.
Latest release: 0.3.4 [Nov. 4, 2016]
The pick tool provides a minimal password manager on the terminal for systems running macOS and Linux.
Latest release: 0.4.0 [Feb. 26, 2017]
Plecost is a security tool to fingerprint WordPress installations and find available vulnerabilities.
Pompem is an open source security tool to automate the search for exploits and vulnerabilities in public databases.
Portspoof is a small utility with the goal to make port scanning by other much harder by showing all TCP ports as 'open' and emulating actual services.
Prowler is a security tool to perform security audits on AWS configurations. It helps to find configuration flaws and improve system hardening.
Latest release: 1.3 [July 18, 2017]
pshtt is a security tool to scan domains for the usage of HTTPS and applying best practices in their web configuration.
Latest release: 0.1.6 [May 20, 2017]
Pupy is an open source remote administration and post-exploitation tool. It is mainly written in Python and works Androi, Linux, macOS, and Windows.
The pwdlyser tool can help during penetration tests and security assignments to analyze cracked passwords and their strength.
Latest release: 2.5.1 [June 23, 2017]
Pyersinia is a tool like Yersinia and can perform network attacks such as spoofing ARP, DHCP DoS , STP DoS, and more. It is written in Python and uses Scapy.
Pysap is a Python library to craft SAP network protocol packets. It can be used for analysis and security assessments.
Latest release: 0.1.13 [Feb. 16, 2017]
PyT (Python Taint)
Python Taint (or PyT) is a static code analyzer for Python scripts and applications. It tries to discover vulnerabilities or other possible weaknesses.
radare2 is a tool to perform reverse engineering on files of all types. It can be used to analyze malware, firmware, or any other type of binary files.
Latest release: 1.6.0 [July 11, 2017]
Recon-ng is a full-featured web reconnaissance framework. It is written in Python and modular, useful for penetrating tests and security assessments.
Rootkit Hunter (rkhunter)
Security tool to search for traces of rootkits, backdoors, and other malicious components on systems running Linux and other flavors of Unix
Latest release: 1.4.4 [June 29, 2017]
RouterSploit is a framework to test exploitation of embedded devices. It can be used as part of penetrating testing assignments or security assessments.
Ruler is a security tool that interacts with Exchange servers remotely. It uses either the MAPI/HTTP or RPC/HTTP protocol, with the goal to gain a remote shell.
Latest release: 2.1.8 [Aug. 10, 2017]
Salt-scanner is Linux vulnerability scanner based on Salt Open and Vulners audit API. It has Slack notifications and JIRA integration.
On-access antivirus filter for Samba to detect malware threats and prevent them from investing file shares.
Host-based intrusion detection system (HIDS) providing file integrity checking and log file monitoring
Scapy is an interactive packet manipulation program. It is able to forge or decode packets of a wide number of protocols and send and capture them.
Latest release: 2.3.3 [Oct. 18, 2016]
Scout2 is a security tool to assess the security of an AWS environment. It can be used for system hardening and IT audits.
Latest release: 3.0.3 [May 10, 2017]
Exploit-DB's CLI search tool to find any exploits from the database. The tool is written in shell script and maintained by Offensive Security.
Latest release: 3.7.5 [April 21, 2017]
Seccubus automates vulnerability scanning with support for Nessus, OpenVAS, NMap, SSLyze, Medusa, SkipFish, OWASP ZAP, and SSLlabs.
Latest release: 2.38 [Aug. 7, 2017]
Security Monkey monitors AWS and GCP accounts for policy changes and alerts on insecure configurations.
Latest release: 0.9.2 [May 25, 2017]
SFTPfuzzer (Simple FTP Fuzzer)
Siemstress describes itself as a very basic Security Information and Event Management system (SIEM).
SIMP is short for System Integrity Management Platform. It is a project maintained by the NSA and released as an open source project.
Latest release: 5.2.1-0 [Dec. 23, 2016]
SIPVicious suite is a set of tools that can be used to audit SIP based VoIP systems. It can be useful during penetrating testing and security assignments.
Sn1per is security scanner that can be used during a penetration test to enumerate and scan for vulnerabilities.
Latest release: 2.5 [May 30, 2017]
SNARE is a reactive honeypot for security research, detecting attacks, and respond to possible flaws within your environment. It is the successor of Glastopf.
Latest release: 0.2 [June 8, 2017]
Snort is a network intrusion detection system (NIDS) that runs on Linux and other platforms.
Latest release: 22.214.171.124 [Nov. 7, 2016]
Social-Engineer Toolkit (SET)
The Social-Engineer Toolkit (SET) is an open source penetration testing framework. It helps with assignments that require social engineering.
Latest release: 7.7.1 [July 23, 2017]
SpiderFoot is an open source intelligence automation tool (OSINT). It automates the process of gathering intelligence, like IP addresses, domains, and networks.
Latest release: v2.11.0-final [Aug. 12, 2017]
Sqhunter performs threat hunting in your environment. It runs on the salt master node and queries open network sockets, among other information.
The sqlmap performs automatic SQL injection and can take over a database. It is a valued tool for pentesters and those who want to test their web applications.
Latest release: 1.1 [April 7, 2017]
The ssh-audit tool helps to perform a security assessment of SSH servers and their configuration. It can be used for security testing and penetration tests.
Latest release: 1.7.0 [Oct. 26, 2016]
The ssh_scan utility is a SSH configuration and policy scanner maintained by the Mozilla Foundation. It helps to secure Linux systems running the OpenSSH.
Latest release: 0.0.26 [July 20, 2017]
SSHsec scans a system running the SSH protocol and retrieves its configuration, host keys, and Diffie-Hellman groups.
Latest release: 1.4.0 [July 8, 2017]
The sslcaudit project helps with automated testing of SSL/TLS clients for resistance against MITM attacks.
ssldump is protocol analyzer for SSLv3/TLS network traffic. It identifies TCP connections on the chosen network interface and tries to interpret it.
SSLMap is a TLS/SSL cipher suite scanner. It provides a way to detect weak ciphers enabled on SSL endpoints and can be used during security assessments.
Latest release: 0.2.0 [Nov. 16, 2016]
The sslsniff tool helps with performing man-in-the-middle (MitM) attacks on SSL/TLS traffic. It can be used for security assignments.
SSLsplit is a security tool to perform transparent SSL/TLS interception by using a so-called man-in-the-middle (MitM) attack.
The sslstrip tool can guide in performing a man-in-the-middle (Mitm) attack on SSL connections.
SSLyze provides a library for scanning services that use SSL/TLS for encrypted communications. It can be used to test their implementation.
Latest release: 1.1.2 [July 22, 2017]
SubBrute is a DNS meta-query spider that enumerates DNS records and subdomains. This can be useful during penetration tests and security assessments.
Suhosin is a security extension for PHP and consists of two parts that enhance PHP. It helps with protecting against known and unknown attacks.
Suhosin7 is the security extension for PHP 7 versions. It protects a PHP installation by preventing different types of attacks.
Sulley is an automated fuzzing framework that can be used during penetration tests and security assessments.
Network threat detection engine that acts as intrusion detection (IDS), inline intrusion prevention (IPS), and network security monitoring (NSM)
Latest release: suricata-4.0.0 [July 27, 2017]
Susanoo is a security tool to test the security of a REST API. With this focus, it goes beyond the typical attack surface of a web application.
The swap_digger tool helps with extracting sensitive data from a mounted swap partition. It can be used for forensics, post exploitation, or data discovery.
Latest release: 1.0 [Aug. 7, 2017]
TANNER is the 'brain' of the SNARE tool. It evaluates its events and alters the responses to incoming requests depending on the type of attacks.
Latest release: 0.4 [July 31, 2017]
testssl.sh is a command line tool which checks a system on any port for the support of TLS/SSL ciphers, protocols, as well as some cryptographic flaws.
Latest release: 2.8 [May 10, 2017]
THC Hydra (thc-hydra)
THC Hydra is a brute-force cracking tool for remote authentication services. It supports many protocols, including telnet, FTP, LDAP, SSH, SNMP, and others.
Latest release: 8.6 [July 21, 2017]
THC IPv6 Attack Toolkit (thc-ipv6)
THC IPv6 attack toolkit a set of utilities. It can be used for penetrating testing and security assessments of correct network implementations.
Latest release: 3.2 [Jan. 18, 2017]
theHarvester is a tool to gather email accounts, subdomains, virtual hosts, open ports, banners, and employee names. It uses different public sources.
The Sleuth Kit is a toolkit to investigate disk images and do forensic analysis on them.
Latest release: sleuthkit-4.4.2 [Aug. 7, 2017]
ThreatPinch is a Chrome extension to perform information lookups on data artifacts like domain names, hashes, IP addresses, and more.
Tiger a security audit and intrusion detection tool for flavors of Unix
TLS-Attacker is a framework to analyze TLS libraries. It is written in Java and developed by the Ruhr University Bochum and Hackmanit GmbH.
Latest release: 1.2 [Oct. 19, 2016]
The CLI tool tlsenum attempts to enumerate what TLS cipher suites a server supports and then list them in order of priority.
UPX is tool to pack several executable formats. It is free, portable, and extendable, and well-known.
Latest release: 3.94 [May 12, 2017]
USB Canary monitors the devices on a system for the addition or removal of USB devices. On such an event, then an alert will be sent.
Latest release: 1.0.4 [April 4, 2017]
Vane is a forked project of the now non-free popular WordPress vulnerability scanner WPScan.
Vault is a tool created by HashiCorp to store secrets like keys and passwords. These secrets are typically used by other software components and scripts.
Latest release: 0.8.1 [Aug. 16, 2017]
Veil is a security tool designed to generate payloads for Metasploit that help in bypassing common anti-virus solutions.
Latest release: 3.1.1 [May 28, 2017]
vFeed is a set of tools around correlated vulnerability and threat intelligence. It provides a database, API, and supporting tools to store vulnerability data.
Latest release: 0.7.2 [June 16, 2017]
Viper is a binary analysis and management framework for security researchers. It provides a way to organization your collection of malware samples and exploits.
Viproy is a VoIP penetration testing and exploitation kit. It helps with testing VoIP protocols like SIP and Cisco Skinny and related IP phone services.
Volatile memory framework used for forensics and analysis purposes. The framework is written in Python and runs on almost all platforms.
Latest release: 2.6 [Dec. 29, 2016]
Vulnerable-node is a vulnerable website with identified vulnerabilities. It can be used to test the quality of tools and is written in Node.js.
Vulnix is a security scanner for NixOS. It specifically looks for vulnerabilities in available packages and comes with a command line interface (CLI).
Vulnreport is a tool to automate and manage all the data involved security reviews. In particular, it focuses on discovered vulnerabilities.
Latest release: 3.0.3 [Oct. 14, 2016]
Vuls is a vulnerability scanner for Linux and FreeBSD. It is written in Go, agentless, and does a remote login to find any software vulnerabilities.
Latest release: 0.3.0 [March 24, 2017]
wafw00f is a security tool to perform fingerprinting on web applications and detect any web application firewall in use.
Web-hunter is a tool to crawl search engines like Google and Bing to find emails, sub domains, and URLs associated with a specified target domain.
The weblocator security tool performs a discovery search to find directories and files. This can be useful for penetration tests to find sensitive data.
Wireshark is the well-known network protocol analyzer. It allows you to see what is happening on the network and zoom into the details of the network protocols.
Latest release: 2.2.7 [June 1, 2017]
WordPress Exploit Framework (WPXF)
The WordPress Exploit Framework (WPXF) is a framework written in Ruby. As the name implies, it aids in pentesting WordPress installations.
Latest release: 1.7 [Aug. 18, 2017]
Wordstress is a security scanner for WordPress installations. It uses a white-box approach in scanning, which makes it different than most other scanners.
The wp_enum tool helps with the discovery of WordPress users and accounts.
Latest release: No version [March 5, 2017]
WPForce is a suite of tools to attack Wordpress installations. One part focuses on brute forcing logins, the other to upload a shell upon finding credentials.
Latest release: v.1.0.0 [June 6, 2017]
WPScan is a security tool to perform black box WordPress vulnerability scans, including enumeration of used plugins
Latest release: 2.9.3 [July 19, 2017]
WPSeku is a WordPress vulnerability scanner that can be used to scan remote WordPress installations.
Latest release: 0.2 [May 25, 2017]
The wpsik tool is used to perform security scans on a wireless network.
wpvulndb_cmd is a command-line security tool to perform a vulnerability scan on WordPress installations. It uses WP-CLI and the WPScan vulnerability database.
Xplico is a forensics analysis tool to investigate the traffic patterns in a pcap file. It is released as a GPL project, with some scripts under a CC license.
Latest release: 1.2.0 [Feb. 1, 2017]
XXSER leverages the execution of arbitrary code on the web server when an administrative user inadvertently triggers a hidden XSS payload.
Latest release: 2.5.1 [Nov. 13, 2016]
XSS Hunter helps with finding XSS attacks and trigger a warning when one is succesful. It exists as an online service, or self-hosted installation.
YARA is a security tool to help malware researchers to identify and classify malware samples. For example by defining malware families based on patterns.
Latest release: 3.6.3 [July 5, 2017]
YASAT describes itself as another simple stupid audit tool to test Linux systems. It has many tests for checking the security configuration of the system.
Latest release: 848 [Aug. 30, 2016]
Yasuo is a Ruby script that scans for vulnerable and exploitable third-party web applications.
Yersinia is a framework to perform layer 2 attacks. It can be used for pentests and security assessments to test network safeguards.
Latest release: 0.8.0b1 [Aug. 11, 2017]
Yosai is security framework for Python applications and adds authentication, authorization, and session management capabilities.
Latest release: 0.3.0 [Nov. 24, 2016]
The OWASP Zed Attack Proxy (ZAP) helps to find security vulnerabilities in web applications during development and testing.
Latest release: 2.6.0 [March 29, 2017]
The graphical user interface for the well-known network and vulnerability scanner nmap.
Latest release: 7.4.0 [Dec. 20, 2016]
Zeus is a security tool to provide security audits on AWS environments. It is written in shell script and can be used for security audits.
ZGrap is a TLS banner grabber and written in Go. It works together with the ZMap utility.
- RouterSploit (router exploitation and testing tool)
- larp (ARP poisoning tool)
- ssh-audit (SSH auditing tool)
- Zeus (AWS auditing and hardening tool)
- siemstress (basic SIEM solution)
- CAIRIS (tool to model secure and usable systems)
- Admin Page Finder (PHP) (admin page discovery tool)
- Albatar (SQL injection exploit tool)
- BlindElephant (web application fingerprinting)
- BoopSuite (wireless security testing tool)
- Lynis (system security scan)
- Suhosin (PHP security extension)
- Vault (storage of secrets)
- Vulnreport (security review and reporting platform)
- Fuzzapi (REST API fuzzing tool)
- Veil Framework (Metasploit payload generator)
- DET (data loss prevention testing)
- ssh_scan (SSH configuration scanner)
- WordPress Exploit Framework (WordPress exploiting toolkit)
- nftables (network traffic filtering)
- Nix-Auditor (system auditing tools)
- OWTF (offensive web testing framework)
- Cowrie (SSH/telnet honeypot)
- DVIA (vulnerable iOS app)
- DNSChef (DNS proxy)