Linux security tools (top 100)

Supporting image for top 100 of Linux security tools displaying a bookcase

Hunting the best security tools

There is a wide range of security tools available for Linux and other platforms. To make them easier to find, we started an extensive review process to gather and document them. The goal of this top 100 is to showcase the best Linux security tools. By best there is an implied level of quality, healthy community and good governance of the project.

Requirements for listing

  • The project has a license that qualifies as open source software
  • The software is being maintained by one or more developers
  • The source code of the software is available

Ranking factors

The rankings of the list is determined by a combination of manual reviews and automated analysis. The list is updated weekly and then sorted based on a quality score. The score itself is measured by several ranking factors.

  • Availability of basic project details such as a defined license
  • Quality of documentation
  • Last release and release interval

Tips to find the right tool

As there are so many open source security tools available, it can be hard to find the best one for the job. All the reviewed tools include tags and one or more categories. This way you can easily find alternatives. If you want to quickly find a specific category, such as vulnerability scanners, type in the word vulnerability or scan in the search bar.

Free versus paid

Although paid tools might benefit from commercial support, there are many freely alternatives available. Depending on your task, it can be useful to run two or more similar tools. One of them can be paid, while the other is free. By running multiple tools you benefit from having some overlap, but also what each of the tools might have missed.

New tools

Another interesting area is searching on GitHub for tools that are early in their development cycle. They might be still immature and even lack documentation, but at the same time include new techniques or types of attacks. This area is useful for recently discovered vulnerabilities where proof-of-concept code snippets might be available via these coding platforms.

Security tools ranked

8 ▴

1. mitmproxy (TLS/SSL traffic interception)

network analysis, penetration testing, security assessment

The mitmproxy tool allows to intercept, inspect, modify, and replay traffic flows. It may be used for pentesting, troubleshooting, or learning about SSL/TLS.

1 ▾

2. Faraday (collaboration tool for penetration testing)

collaboration, penetration testing, security assessment, vulnerability scanning

Faraday helps teams to collaborate when working on penetration tests or vulnerability management. It stores related security information in one place, which can be easily tracked and tested by other colleagues.

1 ▾

3. MISP (Malware Information Sharing Platform)

fraud detection, information gathering, threat hunting

MISP collects, stores, and distributes security indicators and discovered threats. This makes the platform useful for those involved with security incidents and malware research. Users benefit from having a well-tested platform to structure the vast number of data points available when it comes to security threats. The tooling allows interaction with other tools, like security incident and event management (SIEM) and intrusion detection systems (IDS).

1 ▾

4. Cryptomator (client-side encryption for cloud services)

data encryption

Cryptomator is a multi-platform tool for transparent client-side encryption of your files. It is used together with cloud services to ensure you are the only one who can access the data.

1 ▾

5. Zeek (network security monitoring tool)

security monitoring

Zeek helps to perform security monitoring by looking into the network's activity. It can find suspicious data streams. Based on the data, it alert, react, and integrate with other tools.

1 ▾

6. Frida (reverse engineering tool)

black-box testing, reverse engineering

Frida allows developers and researchers to inject custom scripts into black box processes. This way it can provide a hook into any function, allowing to trace executed instructions. The source code is not needed. Frida even allows direct manipulation and see the results. The tool comes with bindings for different programming languages, allowing to interact with processes. Example of the bindings that Frida provides include Python, Swift, .NET, Qt/Qml, and C API.

1 ▾

7. osquery (operating system query tool)

compliance testing, information gathering, security monitoring

The osquery tool allows querying your Linux, Windows, and macOS infrastructure. It can help with intrusion detection, infrastructure reliability, or compliance.

1 ▾

8. Brakeman (static code analyzer for Ruby on Rails)

code analysis

Brakeman is a static code analysis tool for Ruby on Rails to perform a security review. It comes as an open source project with optional commercial support.

1 ▾

9. Vuls (agentless vulnerability scanner)

system hardening, vulnerability scanning

Vuls is a vulnerability scanner for Linux and FreeBSD. It is written in Go, agentless, and can use a remote login to find any software vulnerabilities. It has multiple levels of scanning, from a fast scan up to a deep scan with extensive analysis.

10. Suricata (network IDS, IPS and monitoring)

information gathering, intrusion detection, network analysis, threat discovery

Suricata can be used as part of a Network Security Monitoring (NSM) ecosystem. You could use it to log HTTP requests, log and store TLS certificates, extract files from flows and store them to disk.

11. Lynis (security scanner and compliance auditing tool)

IT audit, penetration testing, security assessment, system hardening, vulnerability scanning

Lynis can detect vulnerabilities and configuration flaws. Where a typical vulnerability scanner will just point out vulnerabilities, Lynis aims for an in-depth audit and continuous improvement. For this reason, it needs to be executed on the host system itself. By seeing the system from the inside out, it can provide more specific details than the average vulnerability scanner.

12. IVRE (reconnaissance for network traffic)

digital forensics, information gathering, intrusion detection, network analysis

IVRE is a framework to perform reconnaissance for network traffic. It leverages other tools to pull in the data and show it in the web interface.

13. BetterCAP (MitM tool and framework)

bypassing security measures, penetration testing, security assessment

BetterCAP is often used by those who perform penetration testing and security assessments. This tool and framework is in particular useful for attempting man-in-the-middle attacks (MitM).

14. Acra (database encryption proxy)

data encryption, data leak prevention, data security, vulnerability mitigation

Acra is a database encryption proxy that provides encryption and data leakage prevention to applications. It provides selective encryption, access control, database and data leak prevention, and even intrusion detection capabilities. It is focused on developers and supports most popular programming languages such as Go, PHP, Python, Ruby.

15. Buttercup for desktop (cross-platform password manager)

password management

The typical users have at least a multitude of ten when it comes to passwords. Ensuring that every website has a unique password and remembering, is almost impossible. Passwords managers like Buttercup help with the generation and secure storage of these secrets. It is freely available and open source, making it a good alternative for commercial options.

16. WPScan (WordPress vulnerability scanner)

penetration testing, security assessment, vulnerability scanning

WPScan can scan WordPress installations and determine if there are vulnerabilities in a particular installation.

17. ClamAV (malware scanner)

malware analysis, malware detection, malware scanning

ClamAV is a popular tool to detect malicious software or malware. While it calls itself an antivirus engine, it probably won't encounter many viruses, as they have become rare. It is more likely to find other forms of malware like worms, backdoors, and ransomware. ClamAV can be used in a few ways, from doing an occasional scan up to scanning in batch. ClamAV does not do on-access scanning but can be combined with other tools to obtain similar functionality. ClamAV is often u…

18. Privacy Badger (privacy protection for browsers)

privacy enhancement

Privacy Badger provides protection against website visitor trackers. These trackers come in the form of beacons or invisible pixels and have the goal to collect information about the browser. This data is often shared by third parties and used to create a profile of a particular browser. As minor differences for each user may lead to an individual user, these third parties may even link some of the data to the related individual. Tools like Privacy Badger do not provide guar…

19. GRR Rapid Response (remote live forensics for incident response)

digital forensics, intrusion detection, threat hunting

The goal of the GRR tooling is to support digital forensics and investigations. By using a fast and scalable model, analysts can quickly perform their analysis. One of the main features is the ability to search for particular information or details. This process is called hunting.

4 ▴

20. Wapiti (vulnerability scanner for web applications)

application fuzzing, vulnerability scanning, web application analysis

Wapiti is typically used to audit web applications.

21. OpenVAS (vulnerability scanner)

penetration testing, security assessment, vulnerability scanning

OpenVAS is a framework of several services and tools offering a vulnerability scanning and vulnerability management solution.

22. Moloch (network security monitoring)

network security monitoring, security monitoring

Tools like Moloch are a great addition to everyone working with network data. One common use-case is that of network security monitoring (NSM). Here is can help with making all data more accessible and finding anomalies in the data.

23. Safety (vulnerability scanner for software dependencies)

penetration testing, security assessment, security monitoring, vulnerability scanning

When having applications deployed in your environment, not all of those may be installed via a package manager. When your infrastructure grows, it becomes even harder to know which tools are properly patched and which ones are not. For Python applications, this is where Safety comes in that can help scan installed software components via pip. It will also look at any of the dependencies that are installed.

1 ▴

24. OpenSSL (TLS and SSL toolkit)

certificate management, data encryption

This popular toolkit is used by many systems. It provides options like encryption and hashing of data, integrity testing, and digital certificates and signatures. Many software applications use the toolkit to provide support for these functions. OpenSSL also has a client utility that can be used on the command line to test, decrypt and encrypt data, and create certificates.

1 ▴

25. hBlock (ad blocking and tracker/malware protection)

malware protection, privacy enhancement, provide anonymity

For the privacy-aware users, tools like hBlock can be helpful to block malicious domains, malware, advertisements, and trackers. Trackers could be pixels added to websites to track which pages you visited, which might invade your privacy.

1 ▴

26. Confidant (storage of secrets)

secrets management, secure storage

Most applications with a connection to a database or other software component, need some form of authentication. Often the related credentials are stored in a configuration file. A secret manager like Confidant will provide an alternative, by storing the details in a database. Only applications that need to access the secrets are allowed to obtain them. Often system administrators are denied access to them.

1 ▴

27. O-Saft (OWASP SSL audit for testers)

information gathering, penetration testing, security assessment, vulnerability scanning, web application analysis

O-Saft is a command-line tool and can be used offline and in closed environments. There is also a graphical user interface available (based on Tcl/Tk). It can even be turned into an online CGI-tool. With just basic parameters it can provide useful information about an SSL configuration. With limited tuning of the tool, it can perform more specialized tests.

1 ▴

28. CloudSploit scans (AWS account scanner)

IT audit, configuration audit, security assessment

CloudSploit scans is an open source software project to test security risks related to an AWS account. It runs tests against your Amazon account and aims to discover any potential misconfigured setting or other risks.

1 ▴

29. YARA (malware identification and classification)

malware analysis, malware detection, malware scanning

YARA is a tool to identify and classify malware samples. It uses textual or binary patterns to match data, combined with a boolean expression to define a match. YARA is multi-platform, can be used via a command-line interface or via Python scripts using the yara-python extension.

1 ▴

30. Vault (storage of secrets)

password management, secrets management, secure storage

Vault is a secret management tool created by HashiCorp. It allows storing secrets, such as key/value pairs, AWS IAM/STS credentials, SQL/NoSQL databases, X.509 certificates, SSH credentials, and other sensitive details. These secrets are typically used by software components and scripts. The benefit of using a secret management tool is that they no longer need to be stored in configuration files. Main features include leasing, key revocation, key rolling, and auditing.

1 ▴

31. Thug (low-interaction honeyclient)

learning, malware analysis, threat discovery

The honeypot concept is a well-known technique to collect attack patterns on servers and systems. Tools like Thug are considered to be a honeyclient, or client honeypot. These tools collect attacks against client applications. For example by mimicking a web application and visit a malicious page to see if any code is attacking the application.

1 ▴

32. django-security (Security add-ons for Django)

application security

Django-security is an extension for developers seeking more security measures in their Django project. The toolkit can set or activate particular settings improving security. Examples of these settings include the use of particular HTTP headers that increase the security defenses of the web application.

Part of the toolkit is middleware to enforce password strength, set the do-not-track header, enable content security policy (CSP), enable privacy policy (P3P), limit session…

1 ▴

33. LIEF (library for analysis of executable formats)

binary analysis, malware analysis, reverse engineering

In several occasions, it may be useful to perform analysis on binary file formats. Such occasion could be incident response, digital forensics, or as part of reverse engineering tasks. In these cases, a toolkit like LIEF can help to perform this job. It allows you to parse and modify the files. LIEF also will make information available an application programmable interface (API) for automated processing.

1 ▴

34. OpenSnitch (application firewall)

network traffic filtering

OpenSnitch is a tool based on Little Snitch, a macOS application level firewall. All outgoing connections are monitored and the user is alerted when a new outgoing connection occurs. This allows the user to detect and block any unwanted connections.

1 ▴

35. KeePassXC (cross-platform password manager)

password management, secure storage

KeePassXC is a cross-platform platform to store sensitive data like passwords, keys, and other secrets. It has a graphical user interface and is written in C++.

1 ▴

36. USBGuard (USB device whitelisting)

hardware security, system hardening

USBGuard would be used to define what devices are welcome and lock out the others. It uses a whitelist to define which devices are allowed and defines what they can do.

129 ▴

37. Cowrie (SSH/telnet honeypot)

information gathering, learning, security monitoring, threat discovery

Cowrie is a honeypot to emulate SSH and telnet services. It can be used to learn attack methods and as an additional layer for security monitoring.

38. Scapy (network packet generator and analyzer)

network analysis, security assessment

Scapy can handle tasks like network scanning, tracerouting, probing, unit tests, attacks or network discovery. Due to its manipulation possibilities, Scapy can send invalid frames. It allows you also to inject custom 802.11 frames, or combine other attacking techniques.

39. Cppcheck (static code analyzer)

code analysis

Cppcheck is a static code analysis tool for C and C++ code. It helps to discover bugs that would not be picked up by compilers, yet avoid any false positives.

40. BleachBit (system cleaner and privacy tool)

BleachBit is an open source tool focused on maintaining your privacy by cleaning up sensitive data on the system.

41. angr (binary analysis framework)

binary analysis, malware analysis

Tools like angr are great for performing in-depth analysis of binaries. This could be the analysis of an unknown binary, like a collected malware sample.

42. ntopng

network analysis, troubleshooting

ntopng is the successor of the original ntop utility. It shows network usage by capturing traffic and provide insights on the usage.

43. cve-search (local CVE and CPE database)

password strength testing, security assessment, vulnerability management, vulnerability scanning

The primary objective of this software is to avoid doing direct lookups into public CVE databases. This reduces leaking sensitive queries and improves performance.

24 ▾

44. Archery (vulnerability assessment and management)

penetration testing, vulnerability management, vulnerability scanning, vulnerability testing

Archery is a tool that helps to collect data about vulnerabilities within an environment. Instead of focusing on the actual scanning, it allows managing findings in a web-based interface. This includes options like reporting, searching, and dashboards. It can interact with other tools, including the well-known vulnerability scanners.

1 ▾

45. ZAP (web application analysis)

penetration testing, security assessment, software testing, web application analysis

The OWASP Zed Attack Proxy (ZAP) helps to find security vulnerabilities in web applications during development and testing.

1 ▾

46. r2frida (bridge between Radare2 and Frida)

application testing, binary analysis, memory analysis

Both Radare2 and Frida have their own area of expertise. This project combines both, to allow a more extensive analysis of files and processes.

1 ▾

47. Fail2ban (log parser and blocking utility)

network traffic filtering, security monitoring

Fail2Ban is an intrusion prevention software framework that protects computer servers from brute-force attacks

1 ▾

48. itsdangerous (sign data to ensure integrity)

application security, data integrity

You may need to send some data to untrusted environments. To do this safely, the data needs to be signed. The receiver can check if the signature is correct, while the sender is the only one who can create the appropriate signature.

1 ▾

49. OnionShare (secure sharing of files)

file sharing

This tool is useful for sharing sensitive data, including information to be shared with journalists where you rather stay anonymously. It can also be helpful for sharing bigger amounts of data, without having to use a typical cloud service like Dropbox.

1 ▾

50. OpenSCAP (suite with tools and security data)

security assessment, vulnerability scanning

Tools to assist administrators and auditors with assessment, measurement and enforcement of security baselines

1 ▾

51. jSQL Injection (automatic SQL database injection)

database security

jSQL Injection is a security tool to test web applications. It can be used to discover if an application is vulnerable to SQL injection attacks.

1 ▾

52. Lemur (certificate management)

certificate management

Lemur manages TLS certificate creation and the underlying process that is required. It acts as a broker between a certificate authority (CA) and the environment

1 ▾

53. Maltrail (malicious traffic detection system)

intrusion detection, network analysis, security monitoring

Maltrail monitors for traffic on the network that might indicate system compromise or other bad behavior. It is great for intrusion detection and monitoring.

54. Prowler (AWS benchmark tool)

compliance testing, security assessment, system hardening

Prowler is a security tool to check systems on AWS against the related CIS benchmark. This benchmark provides a set of best practices for AWS. The primary usage for this tool is system hardening and compliance checking.

5 ▴

55. Bandit (Python static code analyzer)

code analysis

Bandit is a tool that can be used during development or afterward. Typically this is used by developers to find common security issues in Python code before putting the code in production. Another use-case would be to use this tool to analyze existing projects and find possible flaws.

3 ▾

56. Kube-Bench (security benchmark testing for Kubernetes)

Tools like Kube-Bench help with quickly checking configuration weaknesses or discovering bad defaults.

2 ▾

57. Bleach (sanitizing library for Django)

data sanitizing

Bleach is a library for Django that can sanitize HTML by escaping and stripping harmful content. It provides a filter for untrusted content and disarms potential unwanted scripts from the input. This may be useful to apply to data that is transmitted via HTML forms or otherwise.

2 ▾

58. gitleaks (repository search for secrets and keys)

security assessment

Gitleaks scans the repository, including history, for secrets and other sensitive data. This can be useful for both developers as security professionals to discover any leaks.

2 ▾

59. TLS-Attacker (analyzer for TLS libraries)

TLS-Attacker is a framework to analyze TLS libraries. It is written in Java and developed by the Ruhr University Bochum and Hackmanit GmbH.

2 ▾

60. django-axes (track failed login attempts for Django)

application security

This tool may be used by developers that work with the Django framework. It adds a security layer on top of the application by looking at login attempts and track them.

2 ▾

61. gosec (Golang security checker)

code analysis, safe software development

Gosec is a security tool that performs a static code analysis for Golang projects for security flaws. The scan is performed on the so-called abstract syntax tree (AST). Gosec checks for common flaws that may be part of the selected project.

1 ▾

62. EAPHammer (evil twin attack against WPA2-Enterprise network)

credential stealing, network security assessment, network spoofing

EAPHammer is a toolkit to perform a targeted evil twin attack against WPA2-Enterprise networks. It can be used during security assessments of the wireless network. The focus of EAPHammer is to provide a powerful interface while still being easy to use.

The attacks and features that EAPHammer supports are evil twin and karma attack, SSID cloaking, steal RADIUS credentials (WPA-EAP and WPA2-EAP), and hostile portal attacks to capture Active Directory credentials or perform in…

1 ▾

63. Termineter (smart meter security framework)

hardware security

Termineter is a framework written in Python to assist with testing the security of smart meters. It can be used during development or afterward to test supported devices.

1 ▾

64. S3Scanner (AWS S3 bucket scanner)

information gathering, information leak detection, penetration testing, storage security testing

The aptly named S3Scanner is to be used to detect AWS S3 buckets. Discovered buckets are displayed, together with the related objects in the bucket.

1 ▾

65. SMBMap (SMB enumeration tool)

data leak detection, information gathering, penetration testing

SMBMap allows scanning of file resources that are shared with the SMB protocol. The tool will list share drives, drive permissions, the share contents, upload/download functionality, file name auto-download pattern matching, and even execute remote commands. The tool was created for pentesters to simplify finding sensitive data, or at least test for it.

1 ▾

66. airgeddon (wireless security assessment tool)

network analysis

Tools like Airgeddon can be used to test the security of wireless networks. It is flexible and written in shell script, making it fairly easy to understand what is does and how it works.

67. graudit (static code analysis tool)

code analysis

Analysis of source code helps to find programming flaws including those that can lead to software vulnerabilities. Graudit helps to uncover these by searching through the files and discover possible flaws. The tool supports languages like ASP, C, Perl, PHP, Python, and others.

2 ▾

68. Fierce (DNS reconnaissance tool)

information gathering, reconnaissance, security assessment

Fierce is a security tool that helps with DNS reconnaissance. It can locate non-contiguous IP space, but using DNS information.

1 ▾

69. kubeaudit (Kubernetes security scanner)

configuration audit, security awareness

Kubeaudit is a command line tool to audit Kubernetes clusters. It helps to test on various security risks, that may be introduced during deployment.

1 ▾

70. arping (ARP scanner)

network analysis

arping is a tool for the discovery of hosts on a computer network using the Address Resolution Protocol (ARP).

1 ▾

71. LaZagne (password retrieval and recovery tool)

data extraction, information gathering, password discovery, password recovery

The LaZagne tool can be a good addition to the toolkit of pentesters or forensic specialists to recover sensitive details from systems. For a pentester, this typically means that limited access has been gained. By trying to find passwords from local applications, the step to other applications or privilege level might be possible. For example, a password that is shared among multiple services, or even finding an administrator password.

1 ▾

72. PCILeech (Direct Memory Access (DMA) attack)

hardware security

This type of tooling could be used to attack a system via the hardware itself. It can be used to disable authentication mechanisms or implant nefarious software components.

1 ▾

73. Douane (application firewall)

network traffic filtering

Douane is an application firewall that blocks unknown or unwanted traffic. It provides a more fine-grained filtering as it looks at the combination of application and used network ports. This is useful when allowing common browse traffic on port 80 and 443. Instead of all applications being able to use this port, only the ones that are granted access will be able to do so. When a new connection is not trusted yet, Douane will ask to allow or deny the traffic stream.

1 ▾

74. UPX (executable packer)

UPX is the abbreviation for "Ultimate Packer for eXecutables". It is considered to be a tool with a good compression ratio and fast decompression. It can be used to compress executables, making them smaller, while still having a low overhead of memory due to in-place decompression.

1 ▾

75. Commix (command injection tool for web applications)

With Commix it becomes easier to find and exploit a command injection vulnerability in a vulnerable parameter or related HTTP header.

76. sslsniff (SSL traffic sniffing)

network analysis

The sslsniff tool helps with performing man-in-the-middle (MitM) attacks on SSL/TLS traffic. It can be used for security assignments.

77. Exploit Pack (penetration testing framework)

penetration testing

Penetration testing has a lot of repeating tasks, especially when doing similar assignments for clients. For this reason, tools like Exploit Pack help with automating repeating activities. This framework contains over 38.000 exploits, probably much more than one might ever need.

78. XSS Hunter (Cross-site scripting scanner)

penetration testing, software testing, vulnerability scanning

XSS Hunter helps with finding XSS attacks and trigger a warning when one is succesful. It exists as an online service, or self-hosted installation.

79. vulscan (vulnerability scanning with Nmap)

penetration testing, security assessment, vulnerability scanning, vulnerability testing

Vulscan is a vulnerability scanner which uses the well-known Nmap tool. By enhancing it with offline data from VulDB, it allows for detecting vulnerabilities. The database itself based on information from multiple sources.

80. PyREBox (Python scriptable Reverse Engineering Sandbox)

binary analysis, malware analysis, reverse engineering

PyREBox is short for Python scriptable Reverse Engineering Sandbox. It provides dynamic analysis and debugging capabilities of a running QEMU virtual machine. The primary usage is the analysis of running processes to perform reverse engineering. PyREBox can change parts of the running system by changing data in memory or within processor registers.

81. SSMA (malware analysis tool)

malware analysis, malware detection, malware scanning, reverse engineering

SSMA is short for Simple Static Malware Analyzer. The tool can perform a set of tests against a malware sample and retrieve metadata from it. SSMA can analyze ELF and PE and analyze its structure. For example, it can retrieve the PE file header information and its sections. Other pieces it can analyze is the usage of packers, anti-debugging techniques, cryptographic algorithms, domains, email addresses, and IP addresses. It can also check if the sample is already detected or…

82. Prowler (vuln) (distributed vulnerability scanner)

security assessment, vulnerability scanning, vulnerability testing

A vulnerability scanner like Prowler can be used to scan the network for vulnerabilities. Prowler can perform active network scanning and uses fingerprinting. Part of the process it to test for default or weak credentials.

83. OSHP (HTTP header usage data collection and awareness)

data extraction, information gathering, information sharing, security awareness

OSHP is short for OWASP SecureHeaders Project. The project publishes reports on the usage of HTTP headers. This includes usage stats, developments, and changes. It provides awareness on HTTP headers and has the goal to improve the adoption rate.

84. DarkJPEG (open source steganography web service)

data hiding, privacy enhancement, provide anonymity

DarkJPEG can help people to hide sensitive data in places where internet censorship is enforced. The service takes additional measures to even hide the fact that it has data embedded in the output file.

85. vuLnDAP (vulnerable web application based on LDAP)

application security, learning, penetration testing

VuLnDAP is a tool to show what can happen when a web application becomes vulnerable due to the business logic behind it. This tool uses LDAP, a common authentication protocol, to show such weaknesses. This tool helps penetration testers more about LDAP. At the same time, it provides useful insights to web and software developers to create more secure software.

86. Suhosin7 (Suhosin security extension for PHP 7.x)

application security

Suhosin7 is the security extension for PHP 7 versions. It protects a PHP installation by preventing different types of attacks.

87. Veil Framework (Metasploit payload generator)

Veil is a security tool designed to generate payloads for Metasploit that help in bypassing common anti-virus solutions.

88. Social-Engineer Toolkit (social engineering toolkit)

social engineering

The Social-Engineer Toolkit (SET) is an open source penetration testing framework. SET is written in Python and helps with assignments that require social engineering. The toolkit has been presented at large-scale conferences like Black Hat and DEF CON and covered in several books. This publicity definitely helped to make it more familiar in the information security community.

89. CIRCLean (USB stick and drives cleaner)

data sanitizing, data transfers

Malware regularly uses USB sticks to infect victims. This solution can convert documents with potentially harmful code into disarmed data formats. This converted data is then stored on a trusted device.

90. Cyphon (incident management and response platform)

event management

Cyphon is an incident management and response platform to deal with incoming alerts and messages. It is multi-purpose and can be used for information security.

91. Pocsuite (vulnerability testing and development framework)

vulnerability development, vulnerability testing

Pocsuite is a remote vulnerability testing and development framework. It can be used by penetration testers and vulnerability researchers.

92. JoomScan (vulnerability scanner for Joomla CMS)

vulnerability scanning, vulnerability testing

JoomScan could be used to test your Joomla installation or during security assessments. As it has a primary focus on Joomla, it may provide better results than generic vulnerability scanners.

93. Nmap (network and vulnerability scanner)

network scanning, vulnerability scanning

Nmap is a security scanner that can perform a port scan, network exploration, and determine vulnerabilities

94. Wifiphisher (phishing attack tool for WiFi)

WiFi security analysis, phishing attacks

Wifiphisher would have a good usage in security assessments to obtain credentials. In that regard it is considered to be an offensive tool, especially considering it could be used to infect the systems of victims with malware. Wifiphisher is not a brute forcing tool, but more focused to perform a social engineering attack.

95. vFeed (vulnerability database and query engine)

security assessment, vulnerability scanning

vFeed is a set of tools around correlated vulnerability and threat intelligence. It provides a database, API, and supporting tools to store vulnerability data.

96. Clair (container vulnerability scanner and analyzer)

security assessment, vulnerability scanning

Clair is an open source container analyzer. It performs static analysis of container images and correlates their contents with public vulnerability databases.

97. Infection Monkey (security testing for data centers and networks)

password discovery, service exploitation, system exploitation

This tool is useful for security assessments to test for weaknesses within the network. By automating the exploitation phase as much as possible, it will help finding any weak targets within the boundaries of the data center.

98. Wappalyzer (discovery of technology stack)

information gathering, reconnaissance, software identification

Wappalyzer can be a useful asset when performing reconnaissance on a particular target like a web application or website. It helps to find what software is used to run a particular page. Components that can be detected are the content management system (CMS), JavaScript framework, e-commerce software, web server, and more.

99. THC Hydra (password discovery)

penetration testing, security assessment

THC Hydra is a brute-force cracking tool for remote authentication services. It supports many protocols, including telnet, FTP, LDAP, SSH, SNMP, and others.

100. radare2 (reverse engineering tool and binary analysis)

digital forensics, reverse engineering, software exploitation, troubleshooting

Radare2 is a popular framework to perform reverse engineering on many different file types. It can be used to analyze malware, firmware, or any other type of binary files. Besides reverse engineering, it can be used for forensics on filesystems and do data carving. Tasks can be scripted and support languages like JavaScript, Go, and Python. Even software exploitation is one of the functions it can be used in.

More tools by category

There is also the full list of security tools. These are grouped and categorized to make discovery easier.

Want to receive updates and learn about new tools? Subscribe to the RSS feed or follow @LSELabs.

Was this top 100 of security tools useful?

Yes!

Share with friends:
Share on Twitter