A - B - C - D - E - F - G - H - I - J - K - L - M - N - O - P - Q - R - S - T - U - V - W - X - Y - Z
Looking for new tools to extend your tool box? The top 100 list of best security tools is a great start.
0d1n is a security tool to perform fuzzing of web applications and discover potential security issues. It is commonly used during security assignments.
0trace is a reconnaissance tool to enable hop enumeration within an existing TCP connection. It can be used to bypass firewalls.
The 0trace.py utility is a rewrite of 0trace (by another author) to perform reconnaissance and bypass network firewalls.
A2SV is short for Auto Scanning to SSL Vulnerability, a security tool to scan for SSL and TLS vulnerabilities. It can be used during security assessments.
The acccheck tool performs a password guessing and dictionary attack on SMB services used to share files and printers.
Addrwatch is a tool similar to arpwatch to monitor IPv4/IPv6 and ethernet address pairing.
Latest release: 1.0.1 [May 17, 2017]
Admin Page Finder is a tool written in PHP to find admin sections within a website. It can be used during pentesting and security assessments.
AESKeyFinder is a tool to find 128-bit and 256-bit AES keys in a memory image.
afl (American fuzzy lop)
American fuzzy lop, or afl, is a security-oriented fuzzer. It helps with testing software to find unexpected results within applications.
Agafi is short for Advanced Gadget Finder. This security tool helps with finding gadgets in programs, modules, and running processes.
AIL is a framework to analyze potential information leaks from unstructured data sources. For example, this may include data from Pastebin and similar services.
aiodnsbrute (Async DNS Brute)
Async DNS Brute, or aiodnsbrute, is a security tool to help with resolving many DNS entries and the related discovery.
Airgeddon is a toolkit to perform security assessments of wireless networks. It can perform different types of wireless attacks.
Latest release: 7.23 [Dec. 2, 2017]
Albatar is an alternative to tools like sqlmap to find and exploit SQL injection vulnerabilities. However, this tool focuses on the exploitation side.
Aletheia is a project to manage secrets in Google Cloud with CloudKMS and Cloud Storage. It can be used to store sensitive data like authentication details.
Anchore is a toolkit to perform in-depth container analysis, inspection, and controlling them. Among security scanning, it can do a wide range of functions.
Latest release: 1.1.7 [Oct. 31, 2017]
Angr is a security tool written in Python to allow analyzing binaries. It provides a combination of static and dynamic analysis.
APT2 is a tool written by Adam Compton and Austin Lane to help pentesters automate mundane scanning tasks. It leverages scan results from Nexpose, Nessus, or Nm
Latest release: 1.0-20170613 [June 14, 2017]
Web Application Security Scanner aimed towards helping users evaluate the security of web applications
Latest release: 1.5.1 [March 29, 2017]
Utility like pkg-audit for Arch Linux to find vulnerable packages on the system
Latest release: 0.1.9 [Nov. 14, 2017]
arping is a tool for the discovery of hosts on a computer network using the Address Resolution Protocol (ARP).
Latest release: arping-2.19 [July 9, 2017]
Arpoison is a small utility to send custom ARP packets. It can be used during security assessments and pentests.
ArpON is a host-based tool to improve the security of the Address Resolution Protocol (ARP).
arp-scan is a security tool that sends ARP packets to hosts on the local network. Any responses to the requests are displayed.
Assimilator is a firewall orchestration tool. It allows configuration and automation of firewall rules by proxy requests to different types of firewalls.
Latest release: 1.2.3 [July 21, 2017]
ATSCAN is a security tool to perform a mass exploitation scan on search engines. It discovers targets that may be susceptible to exploitation.
Latest release: 12.4.5 [Nov. 20, 2017]
The AutoNessus tool helps with automating vulnerability scans via the Nessus API. It lists policies and can configure the state of scans.
Azazel is a Linux rootkit that uses the LD_PRELOAD technique to intercept system calls. Rootkits are a type of malicious software (malware).
Bandit is an AST-based static analyzer for analyzing Python code. It helps with finding code flaws that could lead to security vulnerabilities.
The bane tool is an AppArmor profile generator for Docker containers. It helps with creating the appropriate profile for confinement on system level.
Latest release: 0.3.0 [Jan. 2, 2018]
Bash Scanner is a security tool that does a quick scan to see if there are vulnerable packages. It uses an external service to validate.
Bastille Linux was a popular tool to perform hardening of systems running Linux and other flavors. It has not received updates in the last years.
BDA (Big Data Audit)
BDA is a security tool to test installations of Hadoop and Spark, often used to store big data sets. Configuration weaknesses and other issues can be detected.
Latest release: 0.1.1 [Feb. 3, 2017]
The Browser Exploitation Framework (or BeEF) is a penetration testing tool that focuses on the web browser.
Belati is security tool to collect public data and information and calls itself a Swiss army knife for OSINT purposes.
Latest release: 0.2.2-dev [June 20, 2017]
BetterCAP is a complete, modular, portable and easily extensible MitM tool and framework. It is maintained well and appreciated by many.
Latest release: 1.6.2 [Aug. 21, 2017]
Bingrep is a utility that can be described as the 'grep for binaries'. It runs on Linux and helps with reverse engineering and malware analysis.
Bitscout is a security tool that allows professionals performing digital forensics remotely. The toolkit creates a live-cd for this purpose.
Blackman is a tool for the BlackArch Linux distribution to install packages. It is similar to Emerge, the package manager that builds from sources.
BleachBit is an open source tool focused on maintaining your privacy by cleaning up sensitive data on the system.
Latest release: 1.19 [Dec. 28, 2017]
BlindElephant is a security tool to perform fingerprinting of web applications. It can discover the name and version of known web applications.
Boofuzz is a fork of Sulley fuzzing framework after its maintenance dropped. Besides numerous bug fixes, boofuzz aims for extensibility.
Latest release: 0.0.11 [Nov. 23, 2017]
BoopSuite a wireless pentesting suite to perform security auditing and test wireless networks. It can be used for penetration tests and security assignments.
Latest release: 2.0.1 [Dec. 11, 2017]
Brakeman is a static code analysis tool for Ruby on Rails to perform a security review. It comes as an open source project with optional commercial support.
Latest release: 4.1.1 [Dec. 19, 2017]
Bro is a network security monitoring tool (NSM) and helps with monitoring. It can also play an active rol in performing forensics and incident response.
Latest release: 2.5.2 [Oct. 16, 2017]
Buttercup is a cross-platform, free, and open-source password manager based on Node.js. It helps to store your passwords and secrets safely.
Latest release: 0.25.2 [Dec. 17, 2017]
- Heralding (honeypot to catch credentials)
- ZGrab (banner grabbing tool)
- testssl.sh (TLS/SSL configuration scanner)
- WhatWeb (website fingerprinter)
- vallumd (distributed ipset blacklist for iptables)
- Nikto (web application scanner)
- Exploit Pack (penetration testing framework)
- Metagoofil (information gathering tool)
- sslcaudit (auditing tool for SSL/TLS clients)
- Certigo (certificate validator tool)
- SCUTUM (ARP filtering)
- OpenSSL (TLS and SSL toolkit)
- not24get (password quality checker)
- Trawler (data collection framework for phishing results)
- VulnFeed (vulnerability feed parser)
- VHostScan (virtual host scanner)
- swap_digger (data excavation tool for Linux swap)
- Oscanner (Oracle assessment framework)
- SSHsec (SSH configuration scanner)
- Dionaea (honeypot)
- Kube-Bench (security benchmark testing for Kubernetes)
- Thug (low-interaction honeyclient)
- NoSQLMap (database enumeration and exploitation)