Linux security tools (top 100)

Supporting image for top 100 of Linux security tools displaying a bookcase

Hunting the best security tools

There is a wide range of security tools available for Linux and other platforms. To make them easier to find, we started an extensive review process to gather and document them. The goal of this top 100 is to showcase the best Linux security tools. By best there is an implied level of quality, healthy community and good governance of the project.

Requirements for listing

  • The project has a license that qualifies as open source software
  • The software is being maintained by one or more developers
  • The source code of the software is available

Ranking factors

The rankings of the list is determined by a combination of manual reviews and automated analysis. The list is updated weekly and then sorted based on a quality score. The score itself is measured by several ranking factors.

  • Availability of basic project details such as a defined license
  • Quality of documentation
  • Last release and release interval

Tips to find the right tool

As there are so many open source security tools available, it can be hard to find the best one for the job. All the reviewed tools include tags and one or more categories. This way you can easily find alternatives. If you want to quickly find a specific category, such as vulnerability scanners, type in the word vulnerability or scan in the search bar.

Free versus paid

Although paid tools might benefit from commercial support, there are many freely alternatives available. Depending on your task, it can be useful to run two or more similar tools. One of them can be paid, while the other is free. By running multiple tools you benefit from having some overlap, but also what each of the tools might have missed.

New tools

Another interesting area is searching on GitHub for tools that are early in their development cycle. They might be still immature and even lack documentation, but at the same time include new techniques or types of attacks. This area is useful for recently discovered vulnerabilities where proof-of-concept code snippets might be available via these coding platforms.

Security tools ranked

5 ▴

1. MISP (Malware Information Sharing Platform)

fraud detection, information gathering, threat hunting

MISP collects, stores, and distributes security indicators and discovered threats. This makes the platform useful for those involved with security incidents and malware research. Users benefit from having a well-tested platform to structure the vast number of data points available when it comes to security threats. The tooling allows interaction with other tools, like security incident and event management (SIEM) and intrusion detection systems (IDS).

1 ▾

2. Frida (reverse engineering tool)

black-box testing, reverse engineering

Frida allows developers and researchers to inject custom scripts into black box processes. This way it can provide a hook into any function, allowing to trace executed instructions. The source code is not needed. Frida even allows direct manipulation and see the results. The tool comes with bindings for different programming languages, allowing to interact with processes. Example of the bindings that Frida provides include Python, Swift, .NET, Qt/Qml, and C API.

1 ▾

3. Faraday (collaboration tool for penetration testing)

collaboration, penetration testing, security assessment, vulnerability scanning

Faraday helps teams to collaborate when working on penetration tests or vulnerability management. It stores related security information in one place, which can be easily tracked and tested by other colleagues.

1 ▾

4. Cryptomator (client-side encryption for cloud services)

data encryption

Cryptomator is a multi-platform tool for transparent client-side encryption of your files. It is used together with cloud services to ensure you are the only one who can access the data.

1 ▾

5. Suricata (network IDS, IPS and monitoring)

information gathering, intrusion detection, network analysis, threat discovery

Suricata can be used as part of a Network Security Monitoring (NSM) ecosystem. You could use it to log HTTP requests, log and store TLS certificates, extract files from flows and store them to disk.

1 ▾

6. Vuls (agentless vulnerability scanner)

system hardening, vulnerability scanning

Vuls is a vulnerability scanner for Linux and FreeBSD. It is written in Go, agentless, and can use a remote login to find any software vulnerabilities. It has multiple levels of scanning, from a fast scan up to a deep scan with extensive analysis.

7. Privacy Badger (privacy protection for browsers)

privacy enhancement

Privacy Badger provides protection against website visitor trackers. These trackers come in the form of beacons or invisible pixels and have the goal to collect information about the browser. This data is often shared by third parties and used to create a profile of a particular browser. As minor differences for each user may lead to an individual user, these third parties may even link some of the data to the related individual. Tools like Privacy Badger do not provide guar…

8. ClamAV (malware scanner)

malware analysis, malware detection, malware scanning

ClamAV is a popular tool to detect malicious software or malware. While it calls itself an antivirus engine, it probably won't encounter many viruses, as they have become rare. It is more likely to find other forms of malware like worms, backdoors, and ransomware. ClamAV can be used in a few ways, from doing an occasional scan up to scanning in batch. ClamAV does not do on-access scanning but can be combined with other tools to obtain similar functionality. ClamAV is often u…

9. Buttercup for desktop (cross-platform password manager)

password management

The typical users have at least a multitude of ten when it comes to passwords. Ensuring that every website has a unique password and remembering, is almost impossible. Passwords managers like Buttercup help with the generation and secure storage of these secrets. It is freely available and open source, making it a good alternative for commercial options.

10. Brakeman (static code analyzer for Ruby on Rails)

code analysis

Brakeman is a static code analysis tool for Ruby on Rails to perform a security review. It comes as an open source project with optional commercial support.

11. Zeek (network security monitoring tool)

security monitoring

Zeek helps to perform security monitoring by looking into the network's activity. It can find suspicious data streams. Based on the data, it alert, react, and integrate with other tools.

12. mitmproxy (TLS/SSL traffic interception)

network analysis, penetration testing, security assessment

The mitmproxy tool allows to intercept, inspect, modify, and replay traffic flows. It may be used for pentesting, troubleshooting, or learning about SSL/TLS.

13. osquery (operating system query tool)

compliance testing, information gathering, security monitoring

The osquery tool allows querying your Linux, Windows, and macOS infrastructure. It can help with intrusion detection, infrastructure reliability, or compliance.

14. GRR Rapid Response (remote live forensics for incident response)

digital forensics, intrusion detection, threat hunting

The goal of the GRR tooling is to support digital forensics and investigations. By using a fast and scalable model, analysts can quickly perform their analysis. One of the main features is the ability to search for particular information or details. This process is called hunting.

15. ZAP (web application analysis)

penetration testing, security assessment, software testing, web application analysis

The OWASP Zed Attack Proxy (ZAP) helps to find security vulnerabilities in web applications during development and testing.

16. WPScan (WordPress vulnerability scanner)

penetration testing, security assessment, vulnerability scanning

WPScan can scan WordPress installations and determine if there are vulnerabilities in a particular installation.

17. Infection Monkey (security testing for data centers and networks)

password discovery, service exploitation, system exploitation

This tool is useful for security assessments to test for weaknesses within the network. By automating the exploitation phase as much as possible, it will help finding any weak targets within the boundaries of the data center.

3 ▴

18. Moloch (network security monitoring)

network security monitoring, security monitoring

Tools like Moloch are a great addition to everyone working with network data. One common use-case is that of network security monitoring (NSM). Here is can help with making all data more accessible and finding anomalies in the data.

1 ▾

19. YARA (malware identification and classification)

malware analysis, malware detection, malware scanning

YARA is a tool to identify and classify malware samples. It uses textual or binary patterns to match data, combined with a boolean expression to define a match. YARA is multi-platform, can be used via a command-line interface or via Python scripts using the yara-python extension.

1 ▾

20. LIEF (library for analysis of executable formats)

binary analysis, malware analysis, reverse engineering

In several occasions, it may be useful to perform analysis on binary file formats. Such occasion could be incident response, digital forensics, or as part of reverse engineering tasks. In these cases, a toolkit like LIEF can help to perform this job. It allows you to parse and modify the files. LIEF also will make information available an application programmable interface (API) for automated processing.

1 ▾

21. OpenSnitch (application firewall)

network traffic filtering

OpenSnitch is a tool based on Little Snitch, a macOS application level firewall. All outgoing connections are monitored and the user is alerted when a new outgoing connection occurs. This allows the user to detect and block any unwanted connections.

22. OpenSSL (TLS and SSL toolkit)

certificate management, data encryption

This popular toolkit is used by many systems. It provides options like encryption and hashing of data, integrity testing, and digital certificates and signatures. Many software applications use the toolkit to provide support for these functions. OpenSSL also has a client utility that can be used on the command line to test, decrypt and encrypt data, and create certificates.

23. O-Saft (OWASP SSL audit for testers)

information gathering, penetration testing, security assessment, vulnerability scanning, web application analysis

O-Saft is a command-line tool and can be used offline and in closed environments. There is also a graphical user interface available (based on Tcl/Tk). It can even be turned into an online CGI-tool. With just basic parameters it can provide useful information about an SSL configuration. With limited tuning of the tool, it can perform more specialized tests.

24. hBlock (ad blocking and tracker/malware protection)

malware protection, privacy enhancement, provide anonymity

For the privacy-aware users, tools like hBlock can be helpful to block malicious domains, malware, advertisements, and trackers. Trackers could be pixels added to websites to track which pages you visited, which might invade your privacy.

25. Safety (vulnerability scanner for software dependencies)

penetration testing, security assessment, security monitoring, vulnerability scanning

When having applications deployed in your environment, not all of those may be installed via a package manager. When your infrastructure grows, it becomes even harder to know which tools are properly patched and which ones are not. For Python applications, this is where Safety comes in that can help scan installed software components via pip. It will also look at any of the dependencies that are installed.

26. Commix (command injection tool for web applications)

With Commix it becomes easier to find and exploit a command injection vulnerability in a vulnerable parameter or related HTTP header.

27. CloudSploit scans (AWS account scanner)

IT audit, configuration audit, security assessment

CloudSploit scans is an open source software project to test security risks related to an AWS account. It runs tests against your Amazon account and aims to discover any potential misconfigured setting or other risks.

28. Nikto (web application scanner)

penetration testing, security assessment, web application analysis

Nikto helps with performing security scans against web servers and to search for vulnerabilities in web applications.

29. OpenVAS (vulnerability scanner)

penetration testing, security assessment, vulnerability scanning

OpenVAS is a framework of several services and tools offering a vulnerability scanning and vulnerability management solution.

30. Thug (low-interaction honeyclient)

learning, malware analysis, threat discovery

The honeypot concept is a well-known technique to collect attack patterns on servers and systems. Tools like Thug are considered to be a honeyclient, or client honeypot. These tools collect attacks against client applications. For example by mimicking a web application and visit a malicious page to see if any code is attacking the application.

31. Vault (storage of secrets)

password management, secrets management, secure storage

Vault is a secret management tool created by HashiCorp. It allows storing secrets, such as key/value pairs, AWS IAM/STS credentials, SQL/NoSQL databases, X.509 certificates, SSH credentials, and other sensitive details. These secrets are typically used by software components and scripts. The benefit of using a secret management tool is that they no longer need to be stored in configuration files. Main features include leasing, key revocation, key rolling, and auditing.

1 ▴

32. cve-search (local CVE and CPE database)

password strength testing, security assessment, vulnerability management, vulnerability scanning

The primary objective of this software is to avoid doing direct lookups into public CVE databases. This reduces leaking sensitive queries and improves performance.

1 ▴

33. Cppcheck (static code analyzer)

code analysis

Cppcheck is a static code analysis tool for C and C++ code. It helps to discover bugs that would not be picked up by compilers, yet avoid any false positives.

1 ▴

34. angr (binary analysis framework)

binary analysis, malware analysis

Tools like angr are great for performing in-depth analysis of binaries. This could be the analysis of an unknown binary, like a collected malware sample.

1 ▴

35. BleachBit (system cleaner and privacy tool)

BleachBit is an open source tool focused on maintaining your privacy by cleaning up sensitive data on the system.

1 ▴

36. ntopng

network analysis, troubleshooting

ntopng is the successor of the original ntop utility. It shows network usage by capturing traffic and provide insights on the usage.

1 ▴

37. Wappalyzer (discovery of technology stack)

information gathering, reconnaissance, software identification

Wappalyzer can be a useful asset when performing reconnaissance on a particular target like a web application or website. It helps to find what software is used to run a particular page. Components that can be detected are the content management system (CMS), JavaScript framework, e-commerce software, web server, and more.

1 ▴

38. Lynis (security scanner and compliance auditing tool)

IT audit, penetration testing, security assessment, system hardening, vulnerability scanning

Lynis can detect vulnerabilities and configuration flaws. Where a typical vulnerability scanner will just point out vulnerabilities, Lynis aims for an in-depth audit and continuous improvement. For this reason, it needs to be executed on the host system itself. By seeing the system from the inside out, it can provide more specific details than the average vulnerability scanner.

1 ▴

39. THC Hydra (password discovery)

penetration testing, security assessment

THC Hydra is a brute-force cracking tool for remote authentication services. It supports many protocols, including telnet, FTP, LDAP, SSH, SNMP, and others.

1 ▴

40. UPX (executable packer)

UPX is the abbreviation for "Ultimate Packer for eXecutables". It is considered to be a tool with a good compression ratio and fast decompression. It can be used to compress executables, making them smaller, while still having a low overhead of memory due to in-place decompression.

1 ▴

41. Lemur (certificate management)

certificate management

Lemur manages TLS certificate creation and the underlying process that is required. It acts as a broker between a certificate authority (CA) and the environment

10 ▾

42. The Sleuth Kit (toolkit for forensics)

criminal investigations, digital forensics, file system analysis

The Sleuth Kit is a forensics tool to analyze volume and file system data on disk images. With its modular design, it can be used to carve out the right data, find evidence, and use it for digital forensics.

43. KeePassXC (cross-platform password manager)

password management, secure storage

KeePassXC is a cross-platform platform to store sensitive data like passwords, keys, and other secrets. It has a graphical user interface and is written in C++.

44. jSQL Injection (automatic SQL database injection)

database security

jSQL Injection is a security tool to test web applications. It can be used to discover if an application is vulnerable to SQL injection attacks.

45. OpenSCAP (suite with tools and security data)

security assessment, vulnerability scanning

Tools to assist administrators and auditors with assessment, measurement and enforcement of security baselines

46. Maltrail (malicious traffic detection system)

intrusion detection, network analysis, security monitoring

Maltrail monitors for traffic on the network that might indicate system compromise or other bad behavior. It is great for intrusion detection and monitoring.

2 ▴

47. Prowler (AWS benchmark tool)

compliance testing, security assessment, system hardening

Prowler is a security tool to check systems on AWS against the related CIS benchmark. This benchmark provides a set of best practices for AWS. The primary usage for this tool is system hardening and compliance checking.

1 ▾

48. airgeddon (wireless security assessment tool)

network analysis

Tools like Airgeddon can be used to test the security of wireless networks. It is flexible and written in shell script, making it fairly easy to understand what is does and how it works.

1 ▾

49. gosec (Golang security checker)

code analysis, safe software development

Gosec is a security tool that performs a static code analysis for Golang projects for security flaws. The scan is performed on the so-called abstract syntax tree (AST). Gosec checks for common flaws that may be part of the selected project.

50. gitleaks (repository search for secrets and keys)

security assessment

Gitleaks scans the repository, including history, for secrets and other sensitive data. This can be useful for both developers as security professionals to discover any leaks.

51. Kube-Bench (security benchmark testing for Kubernetes)

Tools like Kube-Bench help with quickly checking configuration weaknesses or discovering bad defaults.

52. Bandit (Python static code analyzer)

code analysis

Bandit is a tool that can be used during development or afterward. Typically this is used by developers to find common security issues in Python code before putting the code in production. Another use-case would be to use this tool to analyze existing projects and find possible flaws.

53. arping (ARP scanner)

network analysis

arping is a tool for the discovery of hosts on a computer network using the Address Resolution Protocol (ARP).

54. django-axes (track failed login attempts for Django)

application security

This tool may be used by developers that work with the Django framework. It adds a security layer on top of the application by looking at login attempts and track them.

55. pshtt (domain scanner for HTTPS usage)

security assessment, web application analysis

Pshtt was developed to push organizations, including government departments, to adopt HTTPS across the enterprise.

56. Docker Bench for Security (Docker security scanner)

application security, configuration audit, security assessment

Docker Bench for Security is a small security scanner to perform several tests that are part of the Docker CIS benchmark.

57. kubeaudit (Kubernetes security scanner)

configuration audit, security awareness

Kubeaudit is a command line tool to audit Kubernetes clusters. It helps to test on various security risks, that may be introduced during deployment.

1 ▴

58. Archery (vulnerability assessment and management)

penetration testing, vulnerability management, vulnerability scanning, vulnerability testing

Archery is a tool that helps to collect data about vulnerabilities within an environment. Instead of focusing on the actual scanning, it allows managing findings in a web-based interface. This includes options like reporting, searching, and dashboards. It can interact with other tools, including the well-known vulnerability scanners.

1 ▴

59. Acra (database encryption proxy)

data encryption, data leak prevention, data security, vulnerability mitigation

Acra is a database encryption proxy that provides encryption and data leakage prevention to applications. It provides selective encryption, access control, database and data leak prevention, and even intrusion detection capabilities. It is focused on developers and supports most popular programming languages such as Go, PHP, Python, Ruby.

2 ▾

60. SMBMap (SMB enumeration tool)

data leak detection, information gathering, penetration testing

SMBMap allows scanning of file resources that are shared with the SMB protocol. The tool will list share drives, drive permissions, the share contents, upload/download functionality, file name auto-download pattern matching, and even execute remote commands. The tool was created for pentesters to simplify finding sensitive data, or at least test for it.

61. LogonTracer (visualize Windows authentication events)

criminal investigations, digital forensics, learning

LogonTracer is a tool to investigate malicious logins from Windows event logs with visualization capabilities.

62. Patator (multi-purpose brute-force tool)

password discovery, penetration testing, reconnaissance, vulnerability scanning

Patator is based on similar tools like Hydra, yet with the goal to avoid the common flaws these tools have like performance limitations. The tool is modular and supports different types of brute-force attacks or enumeration of information.

63. EAPHammer (evil twin attack against WPA2-Enterprise network)

credential stealing, network security assessment, network spoofing

EAPHammer is a toolkit to perform a targeted evil twin attack against WPA2-Enterprise networks. It can be used during security assessments of the wireless network. The focus of EAPHammer is to provide a powerful interface while still being easy to use.

The attacks and features that EAPHammer supports are evil twin and karma attack, SSID cloaking, steal RADIUS credentials (WPA-EAP and WPA2-EAP), and hostile portal attacks to capture Active Directory credentials or perform in…

64. boofuzz (fuzzing framework)

application fuzzing, vulnerability scanning

Boofuzz is a framework written in Python that allows hackers to specify protocol formats and perform fuzzing. It does the heavy lifting of the fuzzing process. It builds on its predecessor Sulley and promises to be much better. Examples include the online documentation, support to extend the tooling, easier installation, and far fewer bugs. It comes with built-in support for serial fuzzing, the ethernet and IP layers, and UDP broadcasts.

65. Bleach (sanitizing library for Django)

data sanitizing

Bleach is a library for Django that can sanitize HTML by escaping and stripping harmful content. It provides a filter for untrusted content and disarms potential unwanted scripts from the input. This may be useful to apply to data that is transmitted via HTML forms or otherwise.

66. S3Scanner (AWS S3 bucket scanner)

information gathering, information leak detection, penetration testing, storage security testing

The aptly named S3Scanner is to be used to detect AWS S3 buckets. Discovered buckets are displayed, together with the related objects in the bucket.

67. SSLyze (SSL/TLS server scanning library)

penetration testing, security assessment, web application analysis

SSLyze provides a library for scanning services that use SSL/TLS for encrypted communications. It can be used to test their implementation.

68. PCILeech (Direct Memory Access (DMA) attack)

hardware security

This type of tooling could be used to attack a system via the hardware itself. It can be used to disable authentication mechanisms or implant nefarious software components.

69. pyelftools (ELF parsing toolkit)

binary analysis, malware analysis

This toolkit is used by other software, or standalone. Its main purpose is to parse binary ELF files and DWARF debugging information. This can be useful during malware analysis or troubleshooting issues with programs.

70. Douane (application firewall)

network traffic filtering

Douane is an application firewall that blocks unknown or unwanted traffic. It provides a more fine-grained filtering as it looks at the combination of application and used network ports. This is useful when allowing common browse traffic on port 80 and 443. Instead of all applications being able to use this port, only the ones that are granted access will be able to do so. When a new connection is not trusted yet, Douane will ask to allow or deny the traffic stream.

71. ScanSSH (SSH and open proxy scanner)

information gathering, reconnaissance

ScanSSH is a security tool to perform scans on SSH to detect open proxies and available services. It retrieves version information and related details.

72. LMD (malware detection tool)

malware scanning

Linux Malware Detect (LMD) is a malware scanner for systems running Linux. The open source software project is released with the GPLv2 license.

73. Wapiti (vulnerability scanner for web applications)

application fuzzing, vulnerability scanning, web application analysis

Wapiti is typically used to audit web applications.

74. r2frida (bridge between Radare2 and Frida)

application testing, binary analysis, memory analysis

Both Radare2 and Frida have their own area of expertise. This project combines both, to allow a more extensive analysis of files and processes.

75. sslsniff (SSL traffic sniffing)

network analysis

The sslsniff tool helps with performing man-in-the-middle (MitM) attacks on SSL/TLS traffic. It can be used for security assignments.

76. Exploit Pack (penetration testing framework)

penetration testing

Penetration testing has a lot of repeating tasks, especially when doing similar assignments for clients. For this reason, tools like Exploit Pack help with automating repeating activities. This framework contains over 38.000 exploits, probably much more than one might ever need.

77. XSS Hunter (Cross-site scripting scanner)

penetration testing, software testing, vulnerability scanning

XSS Hunter helps with finding XSS attacks and trigger a warning when one is succesful. It exists as an online service, or self-hosted installation.

78. vulscan (vulnerability scanning with Nmap)

penetration testing, security assessment, vulnerability scanning, vulnerability testing

Vulscan is a vulnerability scanner which uses the well-known Nmap tool. By enhancing it with offline data from VulDB, it allows for detecting vulnerabilities. The database itself based on information from multiple sources.

1 ▴

79. PyREBox (Python scriptable Reverse Engineering Sandbox)

binary analysis, malware analysis, reverse engineering

PyREBox is short for Python scriptable Reverse Engineering Sandbox. It provides dynamic analysis and debugging capabilities of a running QEMU virtual machine. The primary usage is the analysis of running processes to perform reverse engineering. PyREBox can change parts of the running system by changing data in memory or within processor registers.

1 ▾

80. SSMA (malware analysis tool)

malware analysis, malware detection, malware scanning, reverse engineering

SSMA is short for Simple Static Malware Analyzer. The tool can perform a set of tests against a malware sample and retrieve metadata from it. SSMA can analyze ELF and PE and analyze its structure. For example, it can retrieve the PE file header information and its sections. Other pieces it can analyze is the usage of packers, anti-debugging techniques, cryptographic algorithms, domains, email addresses, and IP addresses. It can also check if the sample is already detected or…

81. Prowler (vuln) (distributed vulnerability scanner)

security assessment, vulnerability scanning, vulnerability testing

A vulnerability scanner like Prowler can be used to scan the network for vulnerabilities. Prowler can perform active network scanning and uses fingerprinting. Part of the process it to test for default or weak credentials.

82. OSHP (HTTP header usage data collection and awareness)

data extraction, information gathering, information sharing, security awareness

OSHP is short for OWASP SecureHeaders Project. The project publishes reports on the usage of HTTP headers. This includes usage stats, developments, and changes. It provides awareness on HTTP headers and has the goal to improve the adoption rate.

83. DarkJPEG (open source steganography web service)

data hiding, privacy enhancement, provide anonymity

DarkJPEG can help people to hide sensitive data in places where internet censorship is enforced. The service takes additional measures to even hide the fact that it has data embedded in the output file.

84. vuLnDAP (vulnerable web application based on LDAP)

application security, learning, penetration testing

VuLnDAP is a tool to show what can happen when a web application becomes vulnerable due to the business logic behind it. This tool uses LDAP, a common authentication protocol, to show such weaknesses. This tool helps penetration testers more about LDAP. At the same time, it provides useful insights to web and software developers to create more secure software.

85. Suhosin7 (Suhosin security extension for PHP 7.x)

application security

Suhosin7 is the security extension for PHP 7 versions. It protects a PHP installation by preventing different types of attacks.

86. Veil Framework (Metasploit payload generator)

Veil is a security tool designed to generate payloads for Metasploit that help in bypassing common anti-virus solutions.

87. Social-Engineer Toolkit (social engineering toolkit)

social engineering

The Social-Engineer Toolkit (SET) is an open source penetration testing framework. SET is written in Python and helps with assignments that require social engineering. The toolkit has been presented at large-scale conferences like Black Hat and DEF CON and covered in several books. This publicity definitely helped to make it more familiar in the information security community.

88. CIRCLean (USB stick and drives cleaner)

data sanitizing, data transfers

Malware regularly uses USB sticks to infect victims. This solution can convert documents with potentially harmful code into disarmed data formats. This converted data is then stored on a trusted device.

89. Cyphon (incident management and response platform)

event management

Cyphon is an incident management and response platform to deal with incoming alerts and messages. It is multi-purpose and can be used for information security.

90. Pocsuite (vulnerability testing and development framework)

vulnerability development, vulnerability testing

Pocsuite is a remote vulnerability testing and development framework. It can be used by penetration testers and vulnerability researchers.

91. JoomScan (vulnerability scanner for Joomla CMS)

vulnerability scanning, vulnerability testing

JoomScan could be used to test your Joomla installation or during security assessments. As it has a primary focus on Joomla, it may provide better results than generic vulnerability scanners.

92. Nmap (network and vulnerability scanner)

network scanning, vulnerability scanning

Nmap is a security scanner that can perform a port scan, network exploration, and determine vulnerabilities

93. Wifiphisher (phishing attack tool for WiFi)

WiFi security analysis, phishing attacks

Wifiphisher would have a good usage in security assessments to obtain credentials. In that regard it is considered to be an offensive tool, especially considering it could be used to infect the systems of victims with malware. Wifiphisher is not a brute forcing tool, but more focused to perform a social engineering attack.

94. vFeed (vulnerability database and query engine)

security assessment, vulnerability scanning

vFeed is a set of tools around correlated vulnerability and threat intelligence. It provides a database, API, and supporting tools to store vulnerability data.

95. Loki (file scanner to detect indicators or compromise)

digital forensics, intrusion detection, security monitoring

Loki is security tool to find so-called indicators of compromise (IOC). It does this by scanning files and then uses pattern matching.

96. IVRE (reconnaissance for network traffic)

digital forensics, information gathering, intrusion detection, network analysis

IVRE is a framework to perform reconnaissance for network traffic. It leverages other tools to pull in the data and show it in the web interface.

97. TheHive (security incident response platform)

digital forensics, incident response, intrusion detection

TheHive is scalable and a complete platform to deal with security incidents. It allows for collaboration between those responsible for dealing with such incidents and related events. It can even use the data of the MISP project, making it easier to start analyzing from there.

98. hashcat (password recovery tool)

password discovery

Hashcat can be used to discover lost passwords, or as part of a security assignment. For example, it could be trying to crack a password from a password file that was obtained during a penetration test.

99. PTF (manage your pentesting toolbox)

penetration testing, security assessment, software management, software testing

PTF or the PenTesters Framework is a Python script to keep your penetration testing toolkit up-to-date. It is designed for distributions running Debian, Ubuntu, Arch Linux, or related clones. PTF will do the retrieval, compilation, and installation of the tools that you use. As it is a modular framework, you can use many of the common pentesting tools or add your own tools.

100. aircrack-ng (WiFi auditing toolkit)

hardware security, network scanning, security assessment

Aircrack-ng is a security toolkit to perform WiFi auditing. It can be useful for security assessments to test the security of the wireless network.

More tools by category

There is also the full list of security tools. These are grouped and categorized to make discovery easier.

Want to receive updates and learn about new tools? Subscribe to the RSS feed or follow @LSELabs.

Was this top 100 of security tools useful?


Share with friends:
Share on Twitter