Security Tools (Top 100)
Based on reviews and automated analysis, the best security tools are collected on this page. This list is populated with tools that are publicly available (open source software). It is updated and ranked weekly. There is also the full list of security tools.
CIRCLean (USB stick and drives cleaner)
CIRCLean is a hardware solution to clean documents from untrusted USB drives and sticks. The device automatically disarms harmful documents.
MISP (Malware Information Sharing Platform)
MISP is short for Malware Information Sharing Platform. It helps with sharing threat data which can be used by defenders and malware researchers.
Buttercup for desktop (cross-platform password manager)
Buttercup is a cross-platform, free, and open-source password manager based on Node.js. It helps to store your passwords and secrets safely.
Anchore (container analysis and inspection)
Anchore is a toolkit to perform in-depth container analysis, inspection, and controlling them. Among security scanning, it can do a wide range of functions.
Lynis (audit tool and security scanner)
Security auditing tool for systems running Linux, mac OS, or Unix, to perform an in-depth health check.
osquery (operating system query tool)
The osquery tool allows querying your Linux, Windows, and macOS infrastructure. It can help with intrusion detection, infrastructure reliability, or compliance.
BetterCAP (MitM tool and framework)
BetterCAP is a complete, modular, portable and easily extensible MitM tool and framework. It is maintained well and appreciated by many.
Cyphon (incident management and response platform)
Cyphon is an incident management and response platform to deal with incoming alerts and messages. It is multi-purpose and can be used for information security.
Faraday (collaboration tool for penetration testing)
Faraday is collaboration tool for pentest assignments and vulnerability management. It allows integration with a number of other security tools.
Nmap (network and vulnerability scanner)
Nmap is a security scanner that can perform a port scan, network exploration, and determine vulnerabilities
Suricata (network IDS, IPS and monitoring)
Network threat detection engine that acts as intrusion detection (IDS), inline intrusion prevention (IPS), and network security monitoring (NSM)
Privacy Badger (privacy protection for browsers)
Privacy Badger is a tool to enhance your privacy and protect against web resources like trackers that spy on your web behavior.
Social-Engineer Toolkit (social engineering toolkit)
The Social-Engineer Toolkit (SET) is an open source penetration testing framework. It helps with assignments that require social engineering.
THC Hydra (password discovery)
THC Hydra is a brute-force cracking tool for remote authentication services. It supports many protocols, including telnet, FTP, LDAP, SSH, SNMP, and others.
WPScan (WordPress vulnerability scanner)
WPScan is a security tool to perform black box WordPress vulnerability scans, including enumeration of used plugins
IVRE (reconnaissance for network traffic)
IVRE is a framework to perform reconnaissance for network traffic. It leverages other tools to pull in the data and show it in the web interface.
vFeed (vulnerability database and query engine)
vFeed is a set of tools around correlated vulnerability and threat intelligence. It provides a database, API, and supporting tools to store vulnerability data.
Hashcat (password recovery tool)
Hashcat is a well-known tool to crack passwords. It has advanced features to improve performance, allow session resumption, and more.
Veil Framework (Metasploit payload generator)
Veil is a security tool designed to generate payloads for Metasploit that help in bypassing common anti-virus solutions.
radare2 (reverse engineering tool and binary analysis)
radare2 is a tool to perform reverse engineering on files of all types. It can be used to analyze malware, firmware, or any other type of binary files.
FireHOL (firewall config creator and manager)
FireHOL is promoted as an iptables stateful packet filtering firewall for humans. It also comes with FireQOS, which a bandwidth shaper based on tc.
Seccubus (automation of vulnerability scanning)
Seccubus automates vulnerability scanning with support for Nessus, OpenVAS, NMap, SSLyze, Medusa, SkipFish, OWASP ZAP, and SSLlabs.
pick (password manager)
The pick tool provides a minimal password manager on the terminal for systems running macOS and Linux.
Cuckoo Sandbox (malware analysis tool)
Cuckoo Sandbox is a malware analysis system. By feeding it suspicious files, Cuckoo can provide detailed findings on what a file did and how it behaved.
detectem (software enumeration)
Detectem can scan web applications and detect used software components like jQuery, Apache middleware, and others.
Vault (storage of secrets)
Vault is a tool created by HashiCorp to store secrets like keys and passwords. These secrets are typically used by other software components and scripts.
Thug (low-interaction honeyclient)
Thug is a low-interaction honeyclient to test for client-side attacks. It mimics a client application, like a web browser and sees if attack code is fired.
Decentraleyes (local CDN emulation for privacy)
Decentraleyes is a small browser extension. It increases your privacy by blocking specific requests to content delivery networks.
SpiderFoot (OSINT tool)
SpiderFoot is an open source intelligence automation tool (OSINT). It automates the process of gathering intelligence, like IP addresses, domains, and networks.
Fail2ban (log parser and blocking utility)
Fail2Ban is an intrusion prevention software framework that protects computer servers from brute-force attacks
The Sleuth Kit (toolkit for forensics)
The Sleuth Kit is a toolkit to investigate disk images and do forensic analysis on them.
O-Saft (OWASP SSL audit for testers)
O-Saft is a security tool to show information about SSL certificates. It tests the SSL connection with the given list of ciphers and configuration.
Commix (command injection tool for web applications)
Commit is a security tool to test web applications and find vulnerabilities related to command injection attacks. It can be used during security assignments.
LMD (malware detection tool)
Linux Malware Detect (LMD) is a malware scanner for systems running Linux. The open source software project is released with the GPLv2 license.
YARA (malware identification and classification)
YARA is a security tool to help malware researchers to identify and classify malware samples. For example by defining malware families based on patterns.
LIEF (library for analysis of executable formats)
LIEF is a library to analyze executable formats like ELF, MachO, and PE. It can be used during reverse engineering, binary analysis, and malware research.
django-guardian (per object permissions for Django)
Django-guardian extends the default Django permissions model. It does this by allowing permissions on each database object, adding fine-grained control.
Bro (network security monitoring tool)
Bro is a network security monitoring tool (NSM) and helps with monitoring. It can also play an active rol in performing forensics and incident response.
KeePassXC (cross-platform password manager)
KeePassXC is a cross-platform platform to store sensitive data like passwords, keys, and other secrets. It has a graphical user interface and is written in C++.
DocBleach (data sanitizing tool for documents)
DocBleach sanitizes your documents by disarming harmful content. It can be used as an additional security layer for dealing with unknown documents.
OpenStego (steganography tool)
OpenStego is a free steganography solution to hide data in other files like images, or add a watermark to them.
Brakeman (static code analyzer for Ruby on Rails)
Brakeman is a static code analysis tool for Ruby on Rails to perform a security review. It comes as an open source project with optional commercial support.
Yersinia (network attack and testing tool)
Yersinia is a framework to perform layer 2 attacks. It can be used for pentests and security assessments to test network safeguards.
WordPress Exploit Framework (WordPress exploiting toolkit)
The WordPress Exploit Framework (WPXF) is a framework written in Ruby. As the name implies, it aids in pentesting WordPress installations.
Loki (file scanner to detect indicators or compromise)
Loki is security tool to find so-called indicators of compromise (IOC). It does this by scanning files and then uses pattern matching.
subuser (run Linux commands with restrictions)
Subuser is a tool that allows commands to be executed with restrictions. It works on Linux and can increase security by lowering access levels.
Cowrie (SSH/telnet honeypot)
Cowrie is a honeypot to emulate SSH and telnet services. It can be used to learn attack methods and as an additional layer for security monitoring.
SNARE (web application honeypot)
SNARE is a reactive honeypot for security research, detecting attacks, and respond to possible flaws within your environment. It is the successor of Glastopf.
ntopng is the successor of the original ntop utility. It shows network usage by capturing traffic and provide insights on the usage.
Wifiphisher (phishing attack tool for WiFi)
Wifiphisher is a security tool to perform automated and victim-customized phishing attacks against WiFi clients. It is useful for security assessments.
ZAP (web application analysis)
The OWASP Zed Attack Proxy (ZAP) helps to find security vulnerabilities in web applications during development and testing.
jSQL Injection (automatic SQL database injection)
jSQL Injection is a security tool to test web applications. It can be used to discover if an application is vulnerable to SQL injection attacks.
ATSCAN (search (dork) scanner for mass exploitation)
ATSCAN is a security tool to perform a mass exploitation scan on search engines. It discovers targets that may be susceptible to exploitation.
OpenSCAP (suite with tools and security data)
Tools to assist administrators and auditors with assessment, measurement and enforcement of security baselines
Vuls (agentless vulnerability scanner)
Vuls is a vulnerability scanner for Linux and FreeBSD. It is written in Go, agentless, and does a remote login to find any software vulnerabilities.
Wireshark (network traffic analyzer)
Wireshark is the well-known network protocol analyzer. It allows you to see what is happening on the network and zoom into the details of the network protocols.
UPX (executable packer)
UPX is tool to pack several executable formats. It is free, portable, and extendable, and well-known.
ClamAV (malware scanner)
ClamAV is an open source antivirus engine. It can detect malicious software (malware) like trojans, viruses, backdoors and other related threats.
Pocsuite (vulnerability testing and development framework)
Pocsuite is a remote vulnerability testing and development framework. It can be used by penetration testers and vulnerability researchers.
ScanSSH (SSH and open proxy scanner)
ScanSSH is a security tool to perform scans on SSH to detect open proxies and available services. It retrieves version information and related details.
SearchSploit (exploit search tool)
Exploit-DB's CLI search tool to find any exploits from the database. The tool is written in shell script and maintained by Offensive Security.
The sqlmap performs automatic SQL injection and can take over a database. It is a valued tool for pentesters and those who want to test their web applications.
Arachni (web application scanner)
Web Application Security Scanner aimed towards helping users evaluate the security of web applications
mongoaudit (audit tool for MongoDB databases)
Mongoaudit performs a security audit on MongoDB instances. It can be used to test if the right security measures are taken and detect room for improvement.
mitmproxy (TLS/SSL traffic interception)
The mitmproxy tool allows to intercept, inspect, modify, and replay traffic flows. It may be used for pentesting, troubleshooting, or learning about SSL/TLS.
DataSploit (OSINT framework)
DataSploit is a framework to perform intelligence gather to discover credentials, domain information, and other information related to the target.
VHostScan (virtual host scanner)
VHostScan is a security tool that performs reverse lookups, can be used with pivot tools, detect catch-all scenarios, aliases, and dynamic default pages.
Prowler (AWS CIS Benchmark Tool)
Prowler is a security tool to perform security audits on AWS configurations. It helps to find configuration flaws and improve system hardening.
Wordpresscan (WordPress vulnerability scanner)
Wordpresscan is a security scanner for WordPress installations. It is based on the work of WPScan with some ideas inspired by the WPSeku project.
jak (git encryption)
Jak is a security tool to encrypt and decrypt sensitive data in Git repositories, like application secrets.
PassGen (password dictionary attack tool)
PassGen is a tool to help with password dictionary attacks to guess a password. It does not perform the attack but creates the related database.
SSLyze (SSL/TLS server scanning library)
SSLyze provides a library for scanning services that use SSL/TLS for encrypted communications. It can be used to test their implementation.
siemstress (basic SIEM solution)
Siemstress describes itself as a very basic Security Information and Event Management system (SIEM).
ssh_scan (SSH configuration scanner)
The ssh_scan utility is a SSH configuration and policy scanner maintained by the Mozilla Foundation. It helps to secure Linux systems running the OpenSSH.
DHCPwn (DHCP IP exhaustion attack testing)
DHCPwn is a security tool used for testing DHCP IP exhaustion attacks. It can also be used to sniff local DHCP traffic, useful for penetration tests.
RemoteRecon (post-exploitation framework)
RemoteRecon is a post-exploitation framework. It can be used to maintain access to a system without the need to have a whole toolkit on the target system.
Scirius (Suricata rule management)
Scirius is a web application to do Suricata ruleset management. There is both a community version as paid version available.
boofuzz (fuzzing framework)
Boofuzz is a fork of Sulley fuzzing framework after its maintenance dropped. Besides numerous bug fixes, boofuzz aims for extensibility.
Manticore (dynamic binary analysis tool)
Manticore is a binary analysis tool. It uses dynamic analysis, meaning parts of the binary will be executed and tested.
Kube-Bench (security benchmark testing for Kubernetes)
Kube-Bench is a security tool to perform a configuration audit of Kubernetes installations. It can be used to find flaws and improve system hardening.
yarGen (YARA rule generator)
The yarGen utility helps with creating YARA rules for malware detection. It can combine both 'goodware' and 'malware', to properly craft the right rules.
BoopSuite (wireless security testing tool)
BoopSuite a wireless pentesting suite to perform security auditing and test wireless networks. It can be used for penetration tests and security assignments.
Ruler (Exchange pentest tool)
Ruler is a security tool that interacts with Exchange servers remotely. It uses either the MAPI/HTTP or RPC/HTTP protocol, with the goal to gain a remote shell.
jchroot (chroot with additional isolation)
Jchroot defines isolation capabilities like chroot with a more granular set of permissions. It can be used to secure and restrict the resources of a process.
swap_digger (data excavation tool for Linux swap)
The swap_digger tool helps with extracting sensitive data from a mounted swap partition. It can be used for forensics, post exploitation, or data discovery.
eapmd5pass (offline EAP-MD5 dictionary attack tool)
Eapmd5pass is a password attack tool for EAP-MD5 authentication traffic. It uses an offline attack, meaning it deals with captured network data.
TANNER (intelligence engine for SNARE tool)
TANNER is the 'brain' of the SNARE tool. It evaluates its events and alters the responses to incoming requests depending on the type of attacks.
HoneyPy is a low interaction honeypot written in Python, yet has additional capabilities. Plugins can be created to emulate services that run on UDP or TCP.
dirsearch (directory fuzzer for web applications)
Dirsearch is a tool to guide security professionals to find possible information leaks or sensitive data. It does this by looking for directory and file names.
CAIRIS (tool to model secure and usable systems)
CAIRIS is a tool to specify and model secure and usable systems. It helps to support the elements necessary for usability, requirements, and risk analysis.
BleachBit (system cleaner and privacy tool)
BleachBit is an open source tool focused on maintaining your privacy by cleaning up sensitive data on the system.
Xplico (network traffic analyzer)
Xplico is a forensics analysis tool to investigate the traffic patterns in a pcap file. It is released as a GPL project, with some scripts under a CC license.
Assimilator (firewall orchestration tool)
Assimilator is a firewall orchestration tool. It allows configuration and automation of firewall rules by proxy requests to different types of firewalls.
Detective (detect information disclosure and data exposure)
Detective helps to find information that you are not supposed to see. It focuses on information disclosure and sensitive data exposure vulnerabilities.
django-axes (track failed login attempts for Django)
Django-axes is a reusable app for Django to limit the brute force login attempts for your web application.
HoneyPi (honeypot on the Raspberry Pi)
HoneyPi is a tool to turn a Raspberry Pi into a honeypot. It can be used to learn about any network scanning activity and take actions.
MongoSanitizer (defense against MongoDB injection attacks)
MongoSanitizer is a software component sanitizes MongoDB queries to prevent injection attacks as much as possible.
arping (ARP scanner)
arping is a tool for the discovery of hosts on a computer network using the Address Resolution Protocol (ARP).
SSHsec (SSH configuration scanner)
SSHsec scans a system running the SSH protocol and retrieves its configuration, host keys, and Diffie-Hellman groups.
SCUTUM (ARP filtering)
SCUTUM is a security tool for Linux systems to filter network traffic. With this firewall functionality, it can allow only whitelisted network gateways.