Security Tools (Top 100)
Based on reviews and automated analysis, the best security tools are collected on this page. This list is populated with tools that are publicly available (open source software). It is updated and ranked weekly. There is also the full list of security tools.
Suricata (network IDS, IPS and monitoring)
Network threat detection engine that acts as intrusion detection (IDS), inline intrusion prevention (IPS), and network security monitoring (NSM)
MISP (Malware Information Sharing Platform)
MISP is short for Malware Information Sharing Platform. It helps with sharing threat data which can be used by defenders and malware researchers.
Buttercup for desktop (cross-platform password manager)
Buttercup is a cross-platform, free, and open-source password manager based on Node.js. It helps to store your passwords and secrets safely.
ZAP (web application analysis)
The OWASP Zed Attack Proxy (ZAP) helps to find security vulnerabilities in web applications during development and testing.
vFeed (vulnerability database and query engine)
vFeed is a set of tools around correlated vulnerability and threat intelligence. It provides a database, API, and supporting tools to store vulnerability data.
Privacy Badger (privacy protection for browsers)
Privacy Badger is a tool to enhance your privacy and protect against web resources like trackers that spy on your web behavior.
Faraday (collaboration tool for penetration testing)
Faraday is collaboration tool for pentest assignments and vulnerability management. It allows integration with a number of other security tools.
osquery (operating system query tool)
The osquery tool allows querying your Linux, Windows, and macOS infrastructure. It can help with intrusion detection, infrastructure reliability, or compliance.
Hashcat (password recovery tool)
Hashcat is a well-known tool to crack passwords. It has advanced features to improve performance, allow session resumption, and more.
Anchore (container analysis and inspection)
Anchore is a toolkit to perform in-depth container analysis, inspection, and controlling them. Among security scanning, it can do a wide range of functions.
Lynis (audit tool and security scanner)
Security auditing tool for systems running Linux, mac OS, or Unix, to perform an in-depth health check.
CIRCLean (USB stick and drives cleaner)
CIRCLean is a hardware solution to clean documents from untrusted USB drives and sticks. The device automatically disarms harmful documents.
Cyphon (incident management and response platform)
Cyphon is an incident management and response platform to deal with incoming alerts and messages. It is multi-purpose and can be used for information security.
BetterCAP (MitM tool and framework)
BetterCAP is a complete, modular, portable and easily extensible MitM tool and framework. It is maintained well and appreciated by many.
Nmap (network and vulnerability scanner)
Nmap is a security scanner that can perform a port scan, network exploration, and determine vulnerabilities
Social-Engineer Toolkit (social engineering toolkit)
The Social-Engineer Toolkit (SET) is an open source penetration testing framework. It helps with assignments that require social engineering.
THC Hydra (password discovery)
THC Hydra is a brute-force cracking tool for remote authentication services. It supports many protocols, including telnet, FTP, LDAP, SSH, SNMP, and others.
WPScan (WordPress vulnerability scanner)
WPScan is a security tool to perform black box WordPress vulnerability scans, including enumeration of used plugins
IVRE (reconnaissance for network traffic)
IVRE is a framework to perform reconnaissance for network traffic. It leverages other tools to pull in the data and show it in the web interface.
hBlock (ad blocking and tracker/malware protection)
hBlock is a security tool to protect against advertisements, trackers, and malware. It does so by altering the /etc/hosts file and block bad or malicious hosts.
Thug (low-interaction honeyclient)
Thug is a low-interaction honeyclient to test for client-side attacks. It mimics a client application, like a web browser and sees if attack code is fired.
SIMP (system integrity and configuration enforcement)
SIMP is short for System Integrity Management Platform. It is a project maintained by the NSA and released as an open source project.
radare2 (reverse engineering tool and binary analysis)
radare2 is a tool to perform reverse engineering on files of all types. It can be used to analyze malware, firmware, or any other type of binary files.
O-Saft (OWASP SSL audit for testers)
O-Saft is a security tool to show information about SSL certificates. It tests the SSL connection with the given list of ciphers and configuration.
WhatWeb (website fingerprinter)
WhatWeb is a security tool written in Ruby to fingerprint web applications. It helps with detecting what software is used for a particular web application.
Decentraleyes (local CDN emulation for privacy)
Decentraleyes is a small browser extension. It increases your privacy by blocking specific requests to content delivery networks.
Seccubus (automation of vulnerability scanning)
Seccubus automates vulnerability scanning with support for Nessus, OpenVAS, NMap, SSLyze, Medusa, SkipFish, OWASP ZAP, and SSLlabs.
Vault (storage of secrets)
Vault is a tool created by HashiCorp to store secrets like keys and passwords. These secrets are typically used by other software components and scripts.
YARA (malware identification and classification)
YARA is a security tool to help malware researchers to identify and classify malware samples. For example by defining malware families based on patterns.
LIEF (library for analysis of executable formats)
LIEF is a library to analyze executable formats like ELF, MachO, and PE. It can be used during reverse engineering, binary analysis, and malware research.
KeePassXC (cross-platform password manager)
KeePassXC is a cross-platform platform to store sensitive data like passwords, keys, and other secrets. It has a graphical user interface and is written in C++.
Bro (network security monitoring tool)
Bro is a network security monitoring tool (NSM) and helps with monitoring. It can also play an active rol in performing forensics and incident response.
The Sleuth Kit (toolkit for forensics)
The Sleuth Kit is a toolkit to investigate disk images and do forensic analysis on them.
Fail2ban (log parser and blocking utility)
Fail2Ban is an intrusion prevention software framework that protects computer servers from brute-force attacks
Commix (command injection tool for web applications)
Commit is a security tool to test web applications and find vulnerabilities related to command injection attacks. It can be used during security assignments.
testssl.sh (TLS/SSL configuration scanner)
testssl.sh is a command line tool which checks a system on any port for the support of TLS/SSL ciphers, protocols, as well as some cryptographic flaws.
Pocsuite (vulnerability testing and development framework)
Pocsuite is a remote vulnerability testing and development framework. It can be used by penetration testers and vulnerability researchers.
FireHOL (firewall config creator and manager)
FireHOL is promoted as an iptables stateful packet filtering firewall for humans. It also comes with FireQOS, which a bandwidth shaper based on tc.
SpiderFoot (OSINT tool)
SpiderFoot is an open source intelligence automation tool (OSINT). It automates the process of gathering intelligence, like IP addresses, domains, and networks.
LMD (malware detection tool)
Linux Malware Detect (LMD) is a malware scanner for systems running Linux. The open source software project is released with the GPLv2 license.
django-guardian (per object permissions for Django)
Django-guardian extends the default Django permissions model. It does this by allowing permissions on each database object, adding fine-grained control.
DocBleach (data sanitizing tool for documents)
DocBleach sanitizes your documents by disarming harmful content. It can be used as an additional security layer for dealing with unknown documents.
pick (password manager)
The pick tool provides a minimal password manager on the terminal for systems running macOS and Linux.
Cuckoo Sandbox (malware analysis tool)
Cuckoo Sandbox is a malware analysis system. By feeding it suspicious files, Cuckoo can provide detailed findings on what a file did and how it behaved.
detectem (software enumeration)
Detectem can scan web applications and detect used software components like jQuery, Apache middleware, and others.
CAIRIS (tool to model secure and usable systems)
CAIRIS is a tool to specify and model secure and usable systems. It helps to support the elements necessary for usability, requirements, and risk analysis.
ntopng is the successor of the original ntop utility. It shows network usage by capturing traffic and provide insights on the usage.
Loki (file scanner to detect indicators or compromise)
Loki is security tool to find so-called indicators of compromise (IOC). It does this by scanning files and then uses pattern matching.
WordPress Exploit Framework (WordPress exploiting toolkit)
The WordPress Exploit Framework (WPXF) is a framework written in Ruby. As the name implies, it aids in pentesting WordPress installations.
Xplico (network traffic analyzer)
Xplico is a forensics analysis tool to investigate the traffic patterns in a pcap file. It is released as a GPL project, with some scripts under a CC license.
Brakeman (static code analyzer for Ruby on Rails)
Brakeman is a static code analysis tool for Ruby on Rails to perform a security review. It comes as an open source project with optional commercial support.
Yersinia (network attack and testing tool)
Yersinia is a framework to perform layer 2 attacks. It can be used for pentests and security assessments to test network safeguards.
subuser (run Linux commands with restrictions)
Subuser is a tool that allows commands to be executed with restrictions. It works on Linux and can increase security by lowering access levels.
Cowrie (SSH/telnet honeypot)
Cowrie is a honeypot to emulate SSH and telnet services. It can be used to learn attack methods and as an additional layer for security monitoring.
Veil Framework (Metasploit payload generator)
Veil is a security tool designed to generate payloads for Metasploit that help in bypassing common anti-virus solutions.
Wifiphisher (phishing attack tool for WiFi)
Wifiphisher is a security tool to perform automated and victim-customized phishing attacks against WiFi clients. It is useful for security assessments.
Vuls (agentless vulnerability scanner)
Vuls is a vulnerability scanner for Linux and FreeBSD. It is written in Go, agentless, and does a remote login to find any software vulnerabilities.
ATSCAN (search (dork) scanner for mass exploitation)
ATSCAN is a security tool to perform a mass exploitation scan on search engines. It discovers targets that may be susceptible to exploitation.
OpenSCAP (suite with tools and security data)
Tools to assist administrators and auditors with assessment, measurement and enforcement of security baselines
jSQL Injection (automatic SQL database injection)
jSQL Injection is a security tool to test web applications. It can be used to discover if an application is vulnerable to SQL injection attacks.
OpenStego (steganography tool)
OpenStego is a free steganography solution to hide data in other files like images, or add a watermark to them.
mitmproxy (TLS/SSL traffic interception)
The mitmproxy tool allows to intercept, inspect, modify, and replay traffic flows. It may be used for pentesting, troubleshooting, or learning about SSL/TLS.
ScanSSH (SSH and open proxy scanner)
ScanSSH is a security tool to perform scans on SSH to detect open proxies and available services. It retrieves version information and related details.
SearchSploit (exploit search tool)
Exploit-DB's CLI search tool to find any exploits from the database. The tool is written in shell script and maintained by Offensive Security.
The sqlmap performs automatic SQL injection and can take over a database. It is a valued tool for pentesters and those who want to test their web applications.
Arachni (web application scanner)
Web Application Security Scanner aimed towards helping users evaluate the security of web applications
DataSploit (OSINT framework)
DataSploit is a framework to perform intelligence gather to discover credentials, domain information, and other information related to the target.
Confidant (storage of secrets)
airgeddon (wireless security assessment tool)
Airgeddon is a toolkit to perform security assessments of wireless networks. It can perform different types of wireless attacks.
vulnerability-alerter (retrieve vulnerability data from NIST)
Vulnerability-alerter is a security tool to retrieve vulnerability data from NIST's database (NVD). This data can be used to discover recent vulnerabilities.
TLS-Attacker (analyzer for TLS libraries)
TLS-Attacker is a framework to analyze TLS libraries. It is written in Java and developed by the Ruhr University Bochum and Hackmanit GmbH.
SSLyze (SSL/TLS server scanning library)
SSLyze provides a library for scanning services that use SSL/TLS for encrypted communications. It can be used to test their implementation.
boofuzz (fuzzing framework)
Boofuzz is a fork of Sulley fuzzing framework after its maintenance dropped. Besides numerous bug fixes, boofuzz aims for extensibility.
django-axes (track failed login attempts for Django)
Django-axes is a reusable app for Django to limit the brute force login attempts for your web application.
King Phisher (Phishing campaign toolkit)
Kube-Bench (security benchmark testing for Kubernetes)
Kube-Bench is a security tool to perform a configuration audit of Kubernetes installations. It can be used to find flaws and improve system hardening.
Scout2 (Security auditing tool for AWS)
Scout2 is a security tool to assess the security of an AWS environment. It can be used for system hardening and IT audits.
bane (AppArmor profile generator)
The bane tool is an AppArmor profile generator for Docker containers. It helps with creating the appropriate profile for confinement on system level.
Certigo (certificate validator tool)
Certigo is a security tool to find information about different types of digital certificates and validate them. It can be used in scripts or manually.
passhport (OpenSSH proxy gateway)
With passhport SSH access can be done via a centralized system. There is support for roles, accounting, and authorizations of what commands can be used.
pyknock (port knocking tool)
Pyknock is a tool to perform UDP port knocking with HMAC-PSK authentication. It can be used to harden systems and limit access to specific network ports.
changeme (credential scanner)
The tool changeme is a credential scanner for default usernames and passwords, or common combinations of these.
Findsploit (exploit search tool)
Findsploit is a simple script to search both local and online exploit databases. Typically this is used by penetration testers during a security assignment.
pshtt (domain scanner for HTTPS usage)
pshtt is a security tool to scan domains for the usage of HTTPS and applying best practices in their web configuration.
VHostScan (virtual host scanner)
VHostScan is a security tool that performs reverse lookups, can be used with pivot tools, detect catch-all scenarios, aliases, and dynamic default pages.
Manticore (dynamic binary analysis tool)
Manticore is a binary analysis tool. It uses dynamic analysis, meaning parts of the binary will be executed and tested.
Ruler (Exchange pentest tool)
Ruler is a security tool that interacts with Exchange servers remotely. It uses either the MAPI/HTTP or RPC/HTTP protocol, with the goal to gain a remote shell.
USB Canary (device monitoring)
USB Canary monitors the devices on a system for the addition or removal of USB devices. On such an event, then an alert will be sent.
pysap (SAP network protocol package generator)
Pysap is a Python library to craft SAP network protocol packets. It can be used for analysis and security assessments.
ssh_scan (SSH configuration scanner)
The ssh_scan utility is a SSH configuration and policy scanner maintained by the Mozilla Foundation. It helps to secure Linux systems running the OpenSSH.
Spaghetti (web vulnerability scanner)
Spaghetti is a web vulnerability scanner to find flaws in common web applications and frameworks. It can perform fingerprinting and vulnerability discovery.
larp (ARP poisoning tool)
Larp is a tool to perform ARP poisoning on the network. It is written in Python and can be used for security assessments.
Nili (tool for network scans, MitM, and fuzzing)
Nili is a security tool with a wide range of goals, including network scanning, MitM attacks, protocol reverse engineering and application fuzzing.
Scirius (Suricata rule management)
Scirius is a web application to do Suricata ruleset management. There is both a community version as paid version available.
BoopSuite (wireless security testing tool)
BoopSuite a wireless pentesting suite to perform security auditing and test wireless networks. It can be used for penetration tests and security assignments.
Prowler (AWS CIS Benchmark Tool)
Prowler is a security tool to perform security audits on AWS configurations. It helps to find configuration flaws and improve system hardening.
SNARE (web application honeypot)
SNARE is a reactive honeypot for security research, detecting attacks, and respond to possible flaws within your environment. It is the successor of Glastopf.
Wordpresscan (WordPress vulnerability scanner)
Wordpresscan is a security scanner for WordPress installations. It is based on the work of WPScan with some ideas inspired by the WPSeku project.
jak (git encryption)
Jak is a security tool to encrypt and decrypt sensitive data in Git repositories, like application secrets.
PassGen (password dictionary attack tool)
PassGen is a tool to help with password dictionary attacks to guess a password. It does not perform the attack but creates the related database.