Looking for new tools to extend your tool box? The top 100 list of best security tools is a great start.
0d1n is a security tool to perform fuzzing of web applications and discover potential security issues. It is commonly used during security assignments.
0trace is a reconnaissance tool for pentesting that uses hop enumeration within an existing TCP connection. Read the review and how it works.
The 0trace.py utility is a rewrite of 0trace (by another author) to perform reconnaissance and bypass network firewalls.
A2SV is short for Auto Scanning to SSL Vulnerability, a security tool to scan for SSL and TLS vulnerabilities. It can be used during security assessments.
AESKeyFinder is a tool to find 128-bit and 256-bit AES keys in a memory image.
AIL is a framework to analyze potential information leaks from unstructured data sources. For example, this may include data from Pastebin and similar services.
APT2 is a tool written by Adam Compton and Austin Lane to help pentesters automate mundane scanning tasks. It leverages scan results from Nexpose, Nessus, or Nm
ATSCAN is a security tool to perform a mass exploitation scan on search engines. It discovers targets that may be susceptible to exploitation.
AWSBucketDump is a security tool to find interesting files in AWS S3 buckets that are part of Amazon cloud services.
Acra is a database encryption proxy that provides encryption and data leakage prevention to applications. Read how it works in this review.
Admin Page Finder (PHP)
Admin Page Finder is a tool written in PHP to find admin sections within a website. It can be used during pentesting and security assessments.
Agafi is short for Advanced Gadget Finder. This security tool helps with finding gadgets in programs, modules, and running processes.
Albatar is an alternative to tools like sqlmap to find and exploit SQL injection vulnerabilities. However, this tool focuses on the exploitation side.
Aletheia is a project to manage secrets in Google Cloud with CloudKMS and Cloud Storage. It can be used to store sensitive data like authentication details.
Algo VPN is a set of Ansible scripts to configure a personal VPN using IPSEC. Read the review and see how it works.
Anchore is a toolkit to perform in-depth container analysis, inspection, and controlling them. Among security scanning, it can do a wide range of functions.
Anti-DDOS is an open source software project developed to protect against DDoS attacks. The project consists of a shell script to set up iptables for traffic filtering. Additionally, it will configure kernel parameters to better withstand lots of network traffic.
Web Application Security Scanner aimed towards helping users evaluate the security of web applications
Archery is a Django-based application to perform vulnerability assessments and do vulnerability management.
ArpON is a host-based tool to improve the security of the Address Resolution Protocol (ARP).
Arpoison is a small utility to send custom ARP packets. It can be used during security assessments and pentests.
Assimilator is a firewall orchestration tool. It allows configuration and automation of firewall rules by proxy requests to different types of firewalls.
The AutoNessus tool helps with automating vulnerability scans via the Nessus API. It lists policies and can configure the state of scans.
AutoSploit is short for automatic exploitation. The open source tool helps pentesters and ethical hackers. Read this review on see how it works.
Azazel is a Linux rootkit that uses the LD_PRELOAD technique to intercept system calls. Rootkits are a type of malicious software (malware).
BAP (Binary Analysis Platform)
BAP is the abbreviation for Binary Analysis Platform, a toolkit created by the Carnegie Mellon University. It helps with reverse engineering and program analysis. As it focuses on the analysis of binaries, it does not require the source code. Supported hardware architectures include ARM, x86, x86-64, PowerPC, and MIPS.
BDA (Big Data Audit)
BDA is a vulnerability scanner for big data tools like Hadoop and Spark. It searches for configuration weaknesses and reports them. Read how it works in this review.
BTLE-Sniffer is a scanning tool that scans Bluetooth Low Energy (BLE) devices and tries to identify them. Read how it works in this tool review.
Bandit is an AST-based static analyzer for analyzing Python code. It helps with finding code flaws that could lead to security vulnerabilities.
Bash Scanner is a security tool that does a quick scan to see if there are vulnerable packages. It uses an external service to validate.
Bastille Linux was a popular tool to perform hardening of systems running Linux and other flavors. It has not received updates in the last years.
The Browser Exploitation Framework (or BeEF) is a penetration testing tool that focuses on the web browser.
Belati is security tool to collect public data and information and calls itself a Swiss army knife for OSINT purposes.
BetterCAP is a complete, modular, portable and easily extensible MitM tool and framework. It is maintained well and appreciated by many.
Binary Analysis Next Generation (BANG)
Binary Analysis Next Generation (BANG) or binaryanalysis-ng is a security tool to perform binary analysis by Armijn Hemel. Learn how the tool works.
Bitscout is a security tool that allows professionals performing digital forensics remotely. The toolkit creates a live-cd for this purpose.
BlackBox allows you to store secrets safely in a version control system (VCS) like Git, Mercurial, Subversion, or Perforce). The toolkit has several scripts to encrypt specific files in a repository by using GNU Privacy Guard (GPG).
Bleach is a library for Django that can sanitize HTML by escaping and stripping harmful content. Read how it works in this review.
BleachBit is an open source tool focused on maintaining your privacy by cleaning up sensitive data on the system.
BlindElephant is a security tool to perform fingerprinting of web applications. It can discover the name and version of known web applications.
BoopSuite a wireless pentesting suite to perform security auditing and test wireless networks. It can be used for penetration tests and security assignments.
Bowcaster is a framework to create exploits. It is written in Python and comes with a set of tool and modules to help exploit development.
Brakeman is a static code analysis tool for Ruby on Rails to perform a security review. Read how it works in this review.
Btlejack is a security tool that provides all options to sniff, jam, and hijack Bluetooth Low Energy (BLE) devices. Read how it works in this tool review.
BuQuikker is a security tool to scan the Amazon S3 storage service. Its goal is to find open and unprotected S3 buckets.
Bucket Finder is one of the available security tools to discover AWS S3 buckets. Read the review and how it works.
Bucket Stream is a security tool to find interesting Amazon S3 Buckets by watching certificate transparency logs. See our review and learn how it works.
Buttercup for desktop
Buttercup is a cross-platform, free, and open-source password manager based on Node.js. It helps to store your passwords and secrets safely.
CAIRIS is a tool to specify and model secure and usable systems. It helps to support the elements necessary for usability, requirements, and risk analysis.
- Archery (vulnerability assessment and management)
- Wapiti (vulnerability scanner for web applications)
- Patator (multi-purpose brute-force tool)
- BleachBit (system cleaner and privacy tool)
- OpenSCAP (suite with tools and security data)
- Lynis (security scanner and compliance auditing tool)
- BlackBox (store secrets in Git/Mercurial/Subversion)
- salt-scanner (Linux vulnerability scanner)
- Infection Monkey (security testing for data centers and networks)
- Anchore Engine (container analysis and inspection)
- Zeek (network security monitoring tool)
- ZAP (web application analysis)
- Maltrail (malicious traffic detection system)
- Vuls (agentless vulnerability scanner)
- Cppcheck (static code analyzer)
- XSStrike (XSS detection and exploitation suite)
- Decentraleyes (local CDN emulation for privacy)
- RootHelper (script to retrieve exploitation tools)
- graudit (static code analysis tool)
- Suhosin7 (Suhosin security extension for PHP 7.x)
- gosec (Golang security checker)
- Malice (VirusTotal clone)
- siemstress (basic SIEM solution)
- CMSeeK (CMS detection and exploitation)