Linux security tools (top 100)
Hunting the best security tools
There is a wide range of security tools available for Linux and other platforms. To make them easier to find, we started an extensive review process to gather and document them. The goal of this top 100 is to showcase the best Linux security tools. By best there is an implied level of quality, healthy community and good governance of the project.
Requirements for listing
- The project has a license that qualifies as open source software
- The software is being maintained by one or more developers
- The source code of the software is available
The rankings of the list is determined by a combination of manual reviews and automated analysis. The list is updated weekly and then sorted based on a quality score. The score itself is measured by several ranking factors.
- Availability of basic project details such as a defined license
- Quality of documentation
- Last release and release interval
Tips to find the right tool
As there are so many open source security tools available, it can be hard to find the best one for the job. All the reviewed tools include tags and one or more categories. This way you can easily find alternatives. If you want to quickly find a specific category, such as vulnerability scanners, type in the word vulnerability or scan in the search bar.
Free versus paid
Although paid tools might benefit from commercial support, there are many freely alternatives available. Depending on your task, it can be useful to run two or more similar tools. One of them can be paid, while the other is free. By running multiple tools you benefit from having some overlap, but also what each of the tools might have missed.
Another interesting area is searching on GitHub for tools that are early in their development cycle. They might be still immature and even lack documentation, but at the same time include new techniques or types of attacks. This area is useful for recently discovered vulnerabilities where proof-of-concept code snippets might be available via these coding platforms.
Security tools ranked
1. WPScan (WordPress vulnerability scanner)
penetration testing, security assessment, vulnerability scanning
WPScan can scan WordPress installations and determine if there are vulnerabilities in a particular installation.
2. MISP (Malware Information Sharing Platform)
fraud detection, information gathering, threat hunting
MISP collects, stores, and distributes security indicators and discovered threats. This makes the platform useful for those involved with security incidents and malware research. Users benefit from having a well-tested platform to structure the vast number of data points available when it comes to security threats. The tooling allows interaction with other tools, like security incident and event management (SIEM) and intrusion detection systems (IDS).
3. mitmproxy (TLS/SSL traffic interception)
network analysis, penetration testing, security assessment
The mitmproxy tool allows to intercept, inspect, modify, and replay traffic flows. It may be used for pentesting, troubleshooting, or learning about SSL/TLS.
4. Vuls (agentless vulnerability scanner)
system hardening, vulnerability scanning
Vuls is a vulnerability scanner for Linux and FreeBSD. It is written in Go, agentless, and can use a remote login to find any software vulnerabilities. It has multiple levels of scanning, from a fast scan up to a deep scan with extensive analysis.
5. Cryptomator (client-side encryption for cloud services)
Cryptomator is a multi-platform tool for transparent client-side encryption of your files. It is used together with cloud services to ensure you are the only one who can access the data.
6. Infection Monkey (security testing for data centers and networks)
password discovery, service exploitation, system exploitation
This tool is useful for security assessments to test for weaknesses within the network. By automating the exploitation phase as much as possible, it will help finding any weak targets within the boundaries of the data center.
7. Suricata (network IDS, IPS and monitoring)
information gathering, intrusion detection, network analysis, threat discovery
Suricata can be used as part of a Network Security Monitoring (NSM) ecosystem. You could use it to log HTTP requests, log and store TLS certificates, extract files from flows and store them to disk.
8. Privacy Badger (privacy protection for browsers)
Privacy Badger provides protection against website visitor trackers. These trackers come in the form of beacons or invisible pixels and have the goal to collect information about the browser. This data is often shared by third parties and used to create a profile of a particular browser. As minor differences for each user may lead to an individual user, these third parties may even link some of the data to the related individual. Tools like Privacy Badger do not provide guar…
9. Zeek (network security monitoring tool)
Zeek helps to perform security monitoring by looking into the network's activity. It can find suspicious data streams. Based on the data, it alert, react, and integrate with other tools.
10. Faraday (collaboration tool for penetration testing)
collaboration, penetration testing, security assessment, vulnerability scanning
Faraday helps teams to collaborate when working on penetration tests or vulnerability management. It stores related security information in one place, which can be easily tracked and tested by other colleagues.
11. Frida (reverse engineering tool)
black-box testing, reverse engineering
Frida allows developers and researchers to inject custom scripts into black box processes. This way it can provide a hook into any function, allowing to trace executed instructions. The source code is not needed. Frida even allows direct manipulation and see the results. The tool comes with bindings for different programming languages, allowing to interact with processes. Example of the bindings that Frida provides include Python, Swift, .NET, Qt/Qml, and C API.
12. ClamAV (malware scanner)
malware analysis, malware detection, malware scanning
ClamAV is a popular tool to detect malicious software or malware. While it calls itself an antivirus engine, it probably won't encounter many viruses, as they have become rare. It is more likely to find other forms of malware like worms, backdoors, and ransomware. ClamAV can be used in a few ways, from doing an occasional scan up to scanning in batch. ClamAV does not do on-access scanning but can be combined with other tools to obtain similar functionality. ClamAV is often u…
13. Wappalyzer (discovery of technology stack)
information gathering, reconnaissance, software identification
14. Lynis (security scanner and compliance auditing tool)
IT audit, penetration testing, security assessment, system hardening, vulnerability scanning
Lynis can detect vulnerabilities and configuration flaws. Where a typical vulnerability scanner will just point out vulnerabilities, Lynis aims for an in-depth audit and continuous improvement. For this reason, it needs to be executed on the host system itself. By seeing the system from the inside out, it can provide more specific details than the average vulnerability scanner.
15. ZAP (web application analysis)
penetration testing, security assessment, software testing, web application analysis
The OWASP Zed Attack Proxy (ZAP) helps to find security vulnerabilities in web applications during development and testing.
16. osquery (operating system query tool)
compliance testing, information gathering, security monitoring
The osquery tool allows querying your Linux, Windows, and macOS infrastructure. It can help with intrusion detection, infrastructure reliability, or compliance.
17. THC Hydra (password discovery)
penetration testing, security assessment
THC Hydra is a brute-force cracking tool for remote authentication services. It supports many protocols, including telnet, FTP, LDAP, SSH, SNMP, and others.
18. Buttercup for desktop (cross-platform password manager)
The typical users have at least a multitude of ten when it comes to passwords. Ensuring that every website has a unique password and remembering, is almost impossible. Passwords managers like Buttercup help with the generation and secure storage of these secrets. It is freely available and open source, making it a good alternative for commercial options.
19. Brakeman (static code analyzer for Ruby on Rails)
Brakeman is a static code analysis tool for Ruby on Rails to perform a security review. It comes as an open source project with optional commercial support.
20. Archery (vulnerability assessment and management)
penetration testing, vulnerability management, vulnerability scanning, vulnerability testing
Archery is a tool that helps to collect data about vulnerabilities within an environment. Instead of focusing on the actual scanning, it allows managing findings in a web-based interface. This includes options like reporting, searching, and dashboards. It can interact with other tools, including the well-known vulnerability scanners.
21. OpenSSL (TLS and SSL toolkit)
certificate management, data encryption
This popular toolkit is used by many systems. It provides options like encryption and hashing of data, integrity testing, and digital certificates and signatures. Many software applications use the toolkit to provide support for these functions. OpenSSL also has a client utility that can be used on the command line to test, decrypt and encrypt data, and create certificates.
22. CloudSploit scans (AWS account scanner)
IT audit, configuration audit, security assessment
CloudSploit scans is an open source software project to test security risks related to an AWS account. It runs tests against your Amazon account and aims to discover any potential misconfigured setting or other risks.
23. Moloch (network security monitoring)
network security monitoring, security monitoring
Tools like Moloch are a great addition to everyone working with network data. One common use-case is that of network security monitoring (NSM). Here is can help with making all data more accessible and finding anomalies in the data.
24. OpenVAS (vulnerability scanner)
penetration testing, security assessment, vulnerability scanning
OpenVAS is a framework of several services and tools offering a vulnerability scanning and vulnerability management solution.
25. The Sleuth Kit (toolkit for forensics)
criminal investigations, digital forensics, file system analysis
The Sleuth Kit is a forensics tool to analyze volume and file system data on disk images. With its modular design, it can be used to carve out the right data, find evidence, and use it for digital forensics.
26. OpenSnitch (application firewall)
network traffic filtering
OpenSnitch is a tool based on Little Snitch, a macOS application level firewall. All outgoing connections are monitored and the user is alerted when a new outgoing connection occurs. This allows the user to detect and block any unwanted connections.
27. KeePassXC (cross-platform password manager)
password management, secure storage
KeePassXC is a cross-platform platform to store sensitive data like passwords, keys, and other secrets. It has a graphical user interface and is written in C++.
28. Commix (command injection tool for web applications)
With Commix it becomes easier to find and exploit a command injection vulnerability in a vulnerable parameter or related HTTP header.
29. Vault (storage of secrets)
password management, secrets management, secure storage
Vault is a secret management tool created by HashiCorp. It allows storing secrets, such as key/value pairs, AWS IAM/STS credentials, SQL/NoSQL databases, X.509 certificates, SSH credentials, and other sensitive details. These secrets are typically used by software components and scripts. The benefit of using a secret management tool is that they no longer need to be stored in configuration files. Main features include leasing, key revocation, key rolling, and auditing.
30. Thug (low-interaction honeyclient)
learning, malware analysis, threat discovery
The honeypot concept is a well-known technique to collect attack patterns on servers and systems. Tools like Thug are considered to be a honeyclient, or client honeypot. These tools collect attacks against client applications. For example by mimicking a web application and visit a malicious page to see if any code is attacking the application.
31. LIEF (library for analysis of executable formats)
binary analysis, malware analysis, reverse engineering
In several occasions, it may be useful to perform analysis on binary file formats. Such occasion could be incident response, digital forensics, or as part of reverse engineering tasks. In these cases, a toolkit like LIEF can help to perform this job. It allows you to parse and modify the files. LIEF also will make information available an application programmable interface (API) for automated processing.
32. YARA (malware identification and classification)
malware analysis, malware detection, malware scanning
YARA is a tool to identify and classify malware samples. It uses textual or binary patterns to match data, combined with a boolean expression to define a match. YARA is multi-platform, can be used via a command-line interface or via Python scripts using the yara-python extension.
33. hBlock (ad blocking and tracker/malware protection)
malware protection, privacy enhancement, provide anonymity
For the privacy-aware users, tools like hBlock can be helpful to block malicious domains, malware, advertisements, and trackers. Trackers could be pixels added to websites to track which pages you visited, which might invade your privacy.
34. O-Saft (OWASP SSL audit for testers)
information gathering, penetration testing, security assessment, vulnerability scanning, web application analysis
O-Saft is a command-line tool and can be used offline and in closed environments. There is also a graphical user interface available (based on Tcl/Tk). It can even be turned into an online CGI-tool. With just basic parameters it can provide useful information about an SSL configuration. With limited tuning of the tool, it can perform more specialized tests.
35. ScanSSH (SSH and open proxy scanner)
information gathering, reconnaissance
ScanSSH is a security tool to perform scans on SSH to detect open proxies and available services. It retrieves version information and related details.
36. Cppcheck (static code analyzer)
Cppcheck is a static code analysis tool for C and C++ code. It helps to discover bugs that would not be picked up by compilers, yet avoid any false positives.
37. cve-search (local CVE and CPE database)
password strength testing, security assessment, vulnerability management, vulnerability scanning
The primary objective of this software is to avoid doing direct lookups into public CVE databases. This reduces leaking sensitive queries and improves performance.
38. angr (binary analysis framework)
binary analysis, malware analysis
Tools like angr are great for performing in-depth analysis of binaries. This could be the analysis of an unknown binary, like a collected malware sample.
39. Loki (file scanner to detect indicators or compromise)
digital forensics, intrusion detection, security monitoring
Loki is security tool to find so-called indicators of compromise (IOC). It does this by scanning files and then uses pattern matching.
40. GRR Rapid Response (remote live forensics for incident response)
digital forensics, intrusion detection, threat hunting
The goal of the GRR tooling is to support digital forensics and investigations. By using a fast and scalable model, analysts can quickly perform their analysis. One of the main features is the ability to search for particular information or details. This process is called hunting.
41. Acra (database encryption proxy)
data encryption, data leak prevention, data security, vulnerability mitigation
Acra is a database encryption proxy that provides encryption and data leakage prevention to applications. It provides selective encryption, access control, database and data leak prevention, and even intrusion detection capabilities. It is focused on developers and supports most popular programming languages such as Go, PHP, Python, Ruby.
42. IVRE (reconnaissance for network traffic)
digital forensics, information gathering, intrusion detection, network analysis
IVRE is a framework to perform reconnaissance for network traffic. It leverages other tools to pull in the data and show it in the web interface.
43. UPX (executable packer)
UPX is the abbreviation for "Ultimate Packer for eXecutables". It is considered to be a tool with a good compression ratio and fast decompression. It can be used to compress executables, making them smaller, while still having a low overhead of memory due to in-place decompression.
44. jSQL Injection (automatic SQL database injection)
jSQL Injection is a security tool to test web applications. It can be used to discover if an application is vulnerable to SQL injection attacks.
45. OpenSCAP (suite with tools and security data)
security assessment, vulnerability scanning
Tools to assist administrators and auditors with assessment, measurement and enforcement of security baselines
46. Lemur (certificate management)
Lemur manages TLS certificate creation and the underlying process that is required. It acts as a broker between a certificate authority (CA) and the environment
47. LMD (malware detection tool)
Linux Malware Detect (LMD) is a malware scanner for systems running Linux. The open source software project is released with the GPLv2 license.
48. Wapiti (vulnerability scanner for web applications)
application fuzzing, vulnerability scanning, web application analysis
Wapiti is typically used to audit web applications.
49. CAIRIS (tool to model secure and usable systems)
Tools like CAIRIS can be used to build security into your software and system designs. It allows the user to track interactions between objects, data points, and related risks.
50. OpenStego (steganography tool)
data hiding, watermarking
OpenStego is a free steganography solution to hide data in other files like images, or add a watermark to them.
51. r2frida (bridge between Radare2 and Frida)
application testing, binary analysis, memory analysis
Both Radare2 and Frida have their own area of expertise. This project combines both, to allow a more extensive analysis of files and processes.
52. Maltrail (malicious traffic detection system)
intrusion detection, network analysis, security monitoring
Maltrail monitors for traffic on the network that might indicate system compromise or other bad behavior. It is great for intrusion detection and monitoring.
53. S3Scanner (AWS S3 bucket scanner)
information gathering, information leak detection, penetration testing, storage security testing
The aptly named S3Scanner is to be used to detect AWS S3 buckets. Discovered buckets are displayed, together with the related objects in the bucket.
54. SSLyze (SSL/TLS server scanning library)
penetration testing, security assessment, web application analysis
SSLyze provides a library for scanning services that use SSL/TLS for encrypted communications. It can be used to test their implementation.
55. PCILeech (Direct Memory Access (DMA) attack)
This type of tooling could be used to attack a system via the hardware itself. It can be used to disable authentication mechanisms or implant nefarious software components.
56. SMBMap (SMB enumeration tool)
data leak detection, information gathering, penetration testing
SMBMap allows scanning of file resources that are shared with the SMB protocol. The tool will list share drives, drive permissions, the share contents, upload/download functionality, file name auto-download pattern matching, and even execute remote commands. The tool was created for pentesters to simplify finding sensitive data, or at least test for it.
57. airgeddon (wireless security assessment tool)
Tools like Airgeddon can be used to test the security of wireless networks. It is flexible and written in shell script, making it fairly easy to understand what is does and how it works.
58. pyelftools (ELF parsing toolkit)
binary analysis, malware analysis
This toolkit is used by other software, or standalone. Its main purpose is to parse binary ELF files and DWARF debugging information. This can be useful during malware analysis or troubleshooting issues with programs.
59. django-axes (track failed login attempts for Django)
This tool may be used by developers that work with the Django framework. It adds a security layer on top of the application by looking at login attempts and track them.
60. Docker Bench for Security (Docker security scanner)
application security, configuration audit, security assessment
Docker Bench for Security is a small security scanner to perform several tests that are part of the Docker CIS benchmark.
61. Prowler (AWS benchmark tool)
compliance testing, security assessment, system hardening
Prowler is a security tool to check systems on AWS against the related CIS benchmark. This benchmark provides a set of best practices for AWS. The primary usage for this tool is system hardening and compliance checking.
62. gitleaks (repository search for secrets and keys)
Gitleaks scans the repository, including history, for secrets and other sensitive data. This can be useful for both developers as security professionals to discover any leaks.
63. gosec (Golang security checker)
code analysis, safe software development
Gosec is a security tool that performs a static code analysis for Golang projects for security flaws. The scan is performed on the so-called abstract syntax tree (AST). Gosec checks for common flaws that may be part of the selected project.
64. Kube-Bench (security benchmark testing for Kubernetes)
Tools like Kube-Bench help with quickly checking configuration weaknesses or discovering bad defaults.
65. django-defender (defender against brute force login attempts)
Django-defender is a reusable app for Django that blocks people from performing brute forcing login attempts.
66. TLS-Attacker (analyzer for TLS libraries)
TLS-Attacker is a framework to analyze TLS libraries. It is written in Java and developed by the Ruhr University Bochum and Hackmanit GmbH.
network analysis, troubleshooting
ntopng is the successor of the original ntop utility. It shows network usage by capturing traffic and provide insights on the usage.
68. Cowrie (SSH/telnet honeypot)
information gathering, learning, security monitoring, threat discovery
Cowrie is a honeypot to emulate SSH and telnet services. It can be used to learn attack methods and as an additional layer for security monitoring.
69. Douane (application firewall)
network traffic filtering
Douane is an application firewall that blocks unknown or unwanted traffic. It provides a more fine-grained filtering as it looks at the combination of application and used network ports. This is useful when allowing common browse traffic on port 80 and 443. Instead of all applications being able to use this port, only the ones that are granted access will be able to do so. When a new connection is not trusted yet, Douane will ask to allow or deny the traffic stream.
70. Safety (vulnerability scanner for software dependencies)
penetration testing, security assessment, security monitoring, vulnerability scanning
When having applications deployed in your environment, not all of those may be installed via a package manager. When your infrastructure grows, it becomes even harder to know which tools are properly patched and which ones are not. For Python applications, this is where Safety comes in that can help scan installed software components via pip. It will also look at any of the dependencies that are installed.
71. Fail2ban (log parser and blocking utility)
network traffic filtering, security monitoring
Fail2Ban is an intrusion prevention software framework that protects computer servers from brute-force attacks
72. OnionShare (secure sharing of files)
This tool is useful for sharing sensitive data, including information to be shared with journalists where you rather stay anonymously. It can also be helpful for sharing bigger amounts of data, without having to use a typical cloud service like Dropbox.
73. sslsniff (SSL traffic sniffing)
The sslsniff tool helps with performing man-in-the-middle (MitM) attacks on SSL/TLS traffic. It can be used for security assignments.
74. Exploit Pack (penetration testing framework)
Penetration testing has a lot of repeating tasks, especially when doing similar assignments for clients. For this reason, tools like Exploit Pack help with automating repeating activities. This framework contains over 38.000 exploits, probably much more than one might ever need.
75. XSS Hunter (Cross-site scripting scanner)
penetration testing, software testing, vulnerability scanning
XSS Hunter helps with finding XSS attacks and trigger a warning when one is succesful. It exists as an online service, or self-hosted installation.
76. vulscan (vulnerability scanning with Nmap)
penetration testing, security assessment, vulnerability scanning, vulnerability testing
Vulscan is a vulnerability scanner which uses the well-known Nmap tool. By enhancing it with offline data from VulDB, it allows for detecting vulnerabilities. The database itself based on information from multiple sources.
77. PyREBox (Python scriptable Reverse Engineering Sandbox)
binary analysis, malware analysis, reverse engineering
PyREBox is short for Python scriptable Reverse Engineering Sandbox. It provides dynamic analysis and debugging capabilities of a running QEMU virtual machine. The primary usage is the analysis of running processes to perform reverse engineering. PyREBox can change parts of the running system by changing data in memory or within processor registers.
78. SSMA (malware analysis tool)
malware analysis, malware detection, malware scanning, reverse engineering
SSMA is short for Simple Static Malware Analyzer. The tool can perform a set of tests against a malware sample and retrieve metadata from it. SSMA can analyze ELF and PE and analyze its structure. For example, it can retrieve the PE file header information and its sections. Other pieces it can analyze is the usage of packers, anti-debugging techniques, cryptographic algorithms, domains, email addresses, and IP addresses. It can also check if the sample is already detected or…
79. Prowler (vuln) (distributed vulnerability scanner)
security assessment, vulnerability scanning, vulnerability testing
A vulnerability scanner like Prowler can be used to scan the network for vulnerabilities. Prowler can perform active network scanning and uses fingerprinting. Part of the process it to test for default or weak credentials.
80. OSHP (HTTP header usage data collection and awareness)
data extraction, information gathering, information sharing, security awareness
OSHP is short for OWASP SecureHeaders Project. The project publishes reports on the usage of HTTP headers. This includes usage stats, developments, and changes. It provides awareness on HTTP headers and has the goal to improve the adoption rate.
81. DarkJPEG (open source steganography web service)
data hiding, privacy enhancement, provide anonymity
DarkJPEG can help people to hide sensitive data in places where internet censorship is enforced. The service takes additional measures to even hide the fact that it has data embedded in the output file.
82. vuLnDAP (vulnerable web application based on LDAP)
application security, learning, penetration testing
VuLnDAP is a tool to show what can happen when a web application becomes vulnerable due to the business logic behind it. This tool uses LDAP, a common authentication protocol, to show such weaknesses. This tool helps penetration testers more about LDAP. At the same time, it provides useful insights to web and software developers to create more secure software.
83. Suhosin7 (Suhosin security extension for PHP 7.x)
Suhosin7 is the security extension for PHP 7 versions. It protects a PHP installation by preventing different types of attacks.
84. Veil Framework (Metasploit payload generator)
Veil is a security tool designed to generate payloads for Metasploit that help in bypassing common anti-virus solutions.
85. Social-Engineer Toolkit (social engineering toolkit)
The Social-Engineer Toolkit (SET) is an open source penetration testing framework. SET is written in Python and helps with assignments that require social engineering. The toolkit has been presented at large-scale conferences like Black Hat and DEF CON and covered in several books. This publicity definitely helped to make it more familiar in the information security community.
86. CIRCLean (USB stick and drives cleaner)
data sanitizing, data transfers
Malware regularly uses USB sticks to infect victims. This solution can convert documents with potentially harmful code into disarmed data formats. This converted data is then stored on a trusted device.
87. Cyphon (incident management and response platform)
Cyphon is an incident management and response platform to deal with incoming alerts and messages. It is multi-purpose and can be used for information security.
88. Pocsuite (vulnerability testing and development framework)
vulnerability development, vulnerability testing
Pocsuite is a remote vulnerability testing and development framework. It can be used by penetration testers and vulnerability researchers.
89. JoomScan (vulnerability scanner for Joomla CMS)
vulnerability scanning, vulnerability testing
JoomScan could be used to test your Joomla installation or during security assessments. As it has a primary focus on Joomla, it may provide better results than generic vulnerability scanners.
90. Nmap (network and vulnerability scanner)
network scanning, vulnerability scanning
Nmap is a security scanner that can perform a port scan, network exploration, and determine vulnerabilities
91. Wifiphisher (phishing attack tool for WiFi)
WiFi security analysis, phishing attacks
Wifiphisher would have a good usage in security assessments to obtain credentials. In that regard it is considered to be an offensive tool, especially considering it could be used to infect the systems of victims with malware. Wifiphisher is not a brute forcing tool, but more focused to perform a social engineering attack.
92. vFeed (vulnerability database and query engine)
security assessment, vulnerability scanning
vFeed is a set of tools around correlated vulnerability and threat intelligence. It provides a database, API, and supporting tools to store vulnerability data.
93. Clair (container vulnerability scanner and analyzer)
security assessment, vulnerability scanning
Clair is an open source container analyzer. It performs static analysis of container images and correlates their contents with public vulnerability databases.
94. Sn1per (automated pentest recon scanner)
penetration testing, reconnaissance
Sn1per is security scanner that can be used during a penetration test to enumerate and scan for vulnerabilities.
95. Scapy (network packet generator and analyzer)
network analysis, security assessment
Scapy can handle tasks like network scanning, tracerouting, probing, unit tests, attacks or network discovery. Due to its manipulation possibilities, Scapy can send invalid frames. It allows you also to inject custom 802.11 frames, or combine other attacking techniques.
96. graudit (static code analysis tool)
Analysis of source code helps to find programming flaws including those that can lead to software vulnerabilities. Graudit helps to uncover these by searching through the files and discover possible flaws. The tool supports languages like ASP, C, Perl, PHP, Python, and others.
97. TheHive (security incident response platform)
digital forensics, incident response, intrusion detection
TheHive is scalable and a complete platform to deal with security incidents. It allows for collaboration between those responsible for dealing with such incidents and related events. It can even use the data of the MISP project, making it easier to start analyzing from there.
98. hashcat (password recovery tool)
Hashcat can be used to discover lost passwords, or as part of a security assignment. For example, it could be trying to crack a password from a password file that was obtained during a penetration test.
99. PTF (manage your pentesting toolbox)
penetration testing, security assessment, software management, software testing
PTF or the PenTesters Framework is a Python script to keep your penetration testing toolkit up-to-date. It is designed for distributions running Debian, Ubuntu, Arch Linux, or related clones. PTF will do the retrieval, compilation, and installation of the tools that you use. As it is a modular framework, you can use many of the common pentesting tools or add your own tools.
100. aircrack-ng (WiFi auditing toolkit)
hardware security, network scanning, security assessment
Aircrack-ng is a security toolkit to perform WiFi auditing. It can be useful for security assessments to test the security of the wireless network.
More tools by category
There is also the full list of security tools. These are grouped and categorized to make discovery easier.