RSS feed icon for Linux security tools

Tools

Looking for new tools to extend your tool box? The top 100 list of best Linux security tools is a great start.

0d1n


0d1n is a security tool to perform fuzzing of web applications and discover potential security issues. It is commonly used during security assignments.

Latest release: 2.3 [Jan. 14, 2017]

0trace


0trace is a reconnaissance tool to enable hop enumeration within an existing TCP connection. It can be used to bypass firewalls.

0trace.py


The 0trace.py utility is a rewrite of 0trace (by another author) to perform reconnaissance and bypass network firewalls.

addrwatch


Addrwatch is a tool similar to arpwatch to monitor IPv4/IPv6 and ethernet address pairing.

Latest release: 1.0.1 [May 17, 2017]

Admin Page Finder (PHP)


Admin Page Finder is a tool written in PHP to find admin sections within a website. It can be used during pentesting and security assessments.
Recently reviewed

AESKeyFinder


AESKeyFinder is a tool to find 128-bit and 256-bit AES keys in a memory image.

afl (American fuzzy lop)


American fuzzy lop, or afl, is a security-oriented fuzzer. It helps with testing software to find unexpected results within applications.

AIL framework


AIL is a framework to analyze potential information leaks from unstructured data sources. For example, this may include data from Pastebin and similar services.

Albatar


Albatar is an alternative to tools like sqlmap to find and exploit SQL injection vulnerabilities. However, this tool focuses on the exploitation side.
Recently reviewed

Anchore



Latest release: 1.1.4 [Aug. 8, 2017]

APT2 (apt2)


APT2 is a tool written by Adam Compton and Austin Lane to help pentesters automate mundane scanning tasks. It leverages scan results from Nexpose, Nessus, or Nm

Latest release: 1.0-20170613 [June 14, 2017]

Arachni


Web Application Security Scanner aimed towards helping users evaluate the security of web applications

Latest release: 1.5.1 [March 29, 2017]

arch-audit


Utility like pkg-audit for Arch Linux to find vulnerable packages on the system

Latest release: 0.1.8 [Feb. 16, 2017]

arping


arping is a tool for the discovery of hosts on a computer network using the Address Resolution Protocol (ARP).

Latest release: arping-2.19 [July 9, 2017]

Arpoison


Arpoison is a small utility to send custom ARP packets. It can be used during security assessments and pentests.

ArpON


ArpON is a host-based tool to improve the security of the Address Resolution Protocol (ARP).

arp-scan


arp-scan is a security tool that sends ARP packets to hosts on the local network. Any responses to the requests are displayed.

Assimilator


Assimilator is a firewall orchestration tool. It allows configuration and automation of firewall rules by proxy requests to different types of firewalls.

Latest release: 1.2.3 [July 21, 2017]

ATSCAN


ATSCAN is a security tool to perform a mass exploitation scan on search engines. It discovers targets that may be susceptible to exploitation.

Latest release: 12.2.1 [Aug. 3, 2017]
Recently reviewed

AutoNessus (autonessus)


The AutoNessus tool helps with automating vulnerability scans via the Nessus API. It lists policies and can configure the state of scans.

bane


The bane tool is an AppArmor profile generator for Docker containers. It helps with creating the appropriate profile for confinement on system level.

Latest release: 0.2.2 [June 7, 2017]

BeEF


The Browser Exploitation Framework (or BeEF) is a penetration testing tool that focuses on the web browser.

Belati


Belati is security tool to collect public data and information and calls itself a Swiss army knife for OSINT purposes.

Latest release: 0.2.2-dev [June 20, 2017]

BetterCAP


BetterCAP is a complete, modular, portable and easily extensible MitM tool and framework. It is maintained well and appreciated by many.

Latest release: 1.6.2 [Aug. 21, 2017]

bingrep


Bingrep is a utility that can be described as the 'grep for binaries'. It runs on Linux and helps with reverse engineering and malware analysis.

Bitscout


Bitscout is a security tool that allows professionals performing digital forensics remotely. The toolkit creates a live-cd for this purpose.

BleachBit


BleachBit is an open source tool focused on maintaining your privacy by cleaning up sensitive data on the system.

Latest release: 1.17 [Feb. 22, 2017]

BlindElephant


BlindElephant is a security tool to perform fingerprinting of web applications. It can discover the name and version of known web applications.
Recently reviewed

boofuzz


Boofuzz is a fork of Sulley fuzzing framework after its maintenance dropped. Besides numerous bug fixes, boofuzz aims for extensibility.

Latest release: 0.0.8 [May 7, 2017]

BoopSuite


BoopSuite a wireless pentesting suite to perform security auditing and test wireless networks. It can be used for penetration tests and security assignments.

Latest release: v.1 [Aug. 13, 2017]
Recently reviewed

Brakeman


Brakeman is a static code analysis tool for Ruby on Rails to perform a security review. It comes as an open source project with optional commercial support.

Latest release: 3.7.1 [Aug. 14, 2017]

Bro


Bro is a network security monitoring tool (NSM) and helps with monitoring. It can also play an active rol in performing forensics and incident response.

Latest release: 2.5.1 [June 26, 2017]

CAIRIS


CAIRIS is a tool to specify and model secure and usable systems. It helps to support the elements necessary for usability, requirements, and risk analysis.

Latest release: 1.2.16 [April 22, 2017]
Recently reviewed

Certificate Transparency


Google's Certificate Transparency project audits the way SSL/TLS certificates are used and its underlying cryptographic system.

changeme


The tool changeme is a credential scanner for default usernames and passwords, or common combinations of these.

Latest release: 0.6.0 [March 26, 2017]

chkrootkit


chkrootkit is a malware scanner to locally check for signs of a rootkit. It is written in shell script and runs on the host system itself.

Latest release: 0.52 [March 15, 2017]

cipherscan


Cipherscan is a tool to test the ordering of SSL/TLS ciphers on a given target. It tests the major versions of SSL, TLS, and any extensions of these protocols.

Clair


Clair is an open source container analyzer. It performs static analysis of container images and correlates their contents with public vulnerability databases.

Latest release: 2.0.1 [June 20, 2017]

ClamAV


ClamAV is an open source antivirus engine. It can detect malicious software (malware) like trojans, viruses, backdoors and other related threats.

Latest release: 0.99.2 [May 3, 2017]

CMSmap


CMSmap is a security tool to perform reconnaissance on a web target. It helps with the detection of several popular content management systems (CMS).

Commix


Commit is a security tool to test web applications and find vulnerabilities related to command injection attacks. It can be used during security assignments.

Latest release: 2.0.post20170714 [July 14, 2017]

Confidant



Latest release: 1.10.0 [May 9, 2017]

Conpot


Conpot is an ICS honeypot to collect intelligence and information about attacks against industrial control systems. It is written in Python.

Cowrie


Cowrie is a honeypot to emulate SSH and telnet services. It can be used to learn attack methods and as an additional layer for security monitoring.

Latest release: 1.2.0 [July 10, 2017]

Cppcheck


Cppcheck is a static code analysis tool for C and C++ code. It helps to discover bugs that would not be picked up by compilers, yet avoid any false positives.

Latest release: 1.79 [May 13, 2017]

Cuckoo Sandbox (cuckoo)


Cuckoo Sandbox is a malware analysis system. By feeding it suspicious files, Cuckoo can provide detailed findings on what a file did and how it behaved.

Latest release: 2.0.3 [May 19, 2017]

cve-search


cve-search is a security tool to import CVE and CPE data and enable it to be searched. It can be used to detect vulnerabilities on the system.

Cyphon


Cyphon is an incident management and response platform to deal with incoming alerts and messages. It is multi-purpose and can be used for information security.

Latest release: 1.4.1 [Aug. 14, 2017]

DarkJPEG


DarkJPEG is an open source steganography web service. It can hide data, which gets hidden in a JPEG. All with anonymity and plausible deniability in mind.

DataSploit


DataSploit is a framework to perform intelligence gather to discover credentials, domain information, and other information related to the target.

Latest release: 1.0 [June 30, 2017]

DbDat


DbDat is a security tool to perform several checks on a database to evaluate its security level. It includes configuration checks, privileges, and account detai

DBShield


DBShield is a gateway between an application and actual database engine. Its goal is to protect against SQL injections and other database attacks.

Latest release: 1.0b0 [Oct. 15, 2016]

DET


DET is a proof of concept to perform data exfiltration using either single or multiple channels at the same time.

Detective


Detective helps to find information that you are not supposed to see. It focuses on information disclosure and sensitive data exposure vulnerabilities.

Latest release: 1.0.1 [July 20, 2017]

Diamorphine


Diamorphine is a so-called LKM rootkit for Linux. It runs on different kernels in the 2.6, 3.x, and 4.x branch.

dirsearch


Dirsearch is a tool to guide security professionals to find possible information leaks or sensitive data. It does this by looking for directory and file names.

DirSearch (Go)


DirSearch is a scanning tool to find directories and files on web applications. It is a remake of the dirsearch tool that was created by Mauro Soria.

django-axes


Django-axes is a reusable app for Django to limit the brute force login attempts for your web application.

Latest release: 2.3.3 [July 20, 2017]

django-defender (Django Defender)


Django-defender is a reusable app for Django that blocks people from performing brute forcing login attempts.

Latest release: 0.4.3 [April 14, 2017]

DNSChef


DNSChef is a highly configurable DNS proxy for penetration testers and malware analysts

dnsteal


The dnsteal tool can be used to stealthily send data over DNS requests. It may be used to test data loss prevention (DLP) tools.

Docker Bench for Security


Docker Bench for Security is a small security scanner to perform several tests that are part of the Docker CIS benchmark.

Latest release: 1.3.2 [March 30, 2017]

Dockerscan


Dockerscan is a Docker toolkit for security analysis which includes attacking tools. It is more focused on side of the offensive than defensive.

DorkNet


DorkNet helps with the discovery of vulnerable web apps. It is a script written in Python that leverages Selenium.

Douane


Douane is an application firewall that interacts with the user to allow or deny new network connections.

DVIA (Damn Vulnerable iOS Application)


DVIA is short for Damn Vulnerable iOS Application, which provides an example to learn about vulnerabilities in iOS applications.

elf2json


The elf2json converts an ELF binary into JSON output and helping with reverse engineering and malware analysis.

evilredis


The evilredis tool is an offensive security program for pentesting Redis databases. It can scan the target and perform different actions on it.

Fail2ban


Fail2Ban is an intrusion prevention software framework that protects computer servers from brute-force attacks

Latest release: 0.10.0 [Aug. 9, 2017]

Faraday


Faraday is collaboration tool for pentest assignments and vulnerability management. It allows integration with a number of other security tools.

Latest release: 2.6.2 [Aug. 9, 2017]
Recently reviewed

fimap


fimap is a tool written in Python to find, prepare, audit, exploit local and remote file inclusion bugs in web applications.

Findsploit


Findsploit is a simple script to search both local and online exploit databases. Typically this is used by penetration testers during a security assignment.

Latest release: 1.5 [June 19, 2017]

flunym0us


Flunym0us is a security scanner for WordPress and Moodle installations. The tool tests the security of the installation by performing enumeration attempts.

Fuzzapi


Fuzzapi is a security tool to test a REST API using fuzzing. It can be used for security assessments and penetration tests.

Gitem


Gitem is a reconnaissance tool to extract information about organizations on GitHub. It can be used to find the leaking of sensitive data.

Latest release: 0.5.1 [Nov. 30, 2016]

Gitrob


Gitrob is a security tool to find sensitive information on GitHub. During the audit, it may detect passwords, API keys, or other secrets.

Latest release: 1.1.2 [April 9, 2017]

Glastopf


Glastopf is a honeypot for web applications. It is written in Python and collects all kind of attacks against it for further analysis.

Hashcat


Hashcat is a well-known tool to crack passwords. It has advanced features to improve performance, allow session resumption, and more.

Latest release: 3.6.0 [June 9, 2017]

HoneyPi


HoneyPi is a tool to turn a Raspberry Pi into a honeypot. It can be used to learn about any network scanning activity and take actions.

Latest release: 2 [July 18, 2017]

Honeyprint


A proof-of-concept honeypot to mimic a printer. May be used to detect attacks against printers and better understand the related risks or required defenses.

HoneyPy


HoneyPy is a low interaction honeypot written in Python, yet has additional capabilities. Plugins can be created to emulate services that run on UDP or TCP.

Latest release: 0.6.3 [July 25, 2017]

HonTel


HonTel is a honeypot that emulates the telnet service within a chroot environment. It can be used to learn about enumeration activities or new attack methods.

hping


hping is a tool to assemble and analyze TCP/IP packets. The interface is looks like the common ping command, yet allows more than just ICMP echo requests.

hsecscan (hsecscan)


hsecscan performs a security scan of a website and analyses any discovered HTTP headers. For each header, it will provide details and recommendations.

Latest release: None [June 13, 2017]

ident-user-enum


ident-user-enum is a Perl script to query the ident service, which runs on TCP port 113. It tries to figure out the owner of running processes on the target.

IKEForce


IKEForce is a command line utility to brute force VPN connections (IPSEC) that allow group name/ID enumeration and XAUTH.

Infoga


Infoga is a tool to gather email information from different public sources (search engines, pgp key servers, etc).

InstaRecon


InstaRecon is a security tool that can help with the reconnaissance phase of a penetration test. It can collect a number of data points with limited input.

IVRE


IVRE is a framework to perform reconnaissance for network traffic. It leverages other tools to pull in the data and show it in the web interface.

Latest release: 0.9.6 [June 26, 2017]

Jackhammer


Jackhammer is a collaboration tool to get security and developer teams together. Focus is on static code analysis and dynamic analysis vulnerability discovery.

Jawfish


Jawfish is a security tool to test web applications. It can find related exploits and update according to an internal database.

JBoss Autopwn


JBoss Autopwn is an exploitation tool for JBoss installations. To deploy its payload, the tool uses Metasploit, Netcat, and cURL.

JexBoss


JexBoss is a security tool to verify and exploit vulnerabilities in JBoss applications. It can be used for security assignments and pentests.

John the Ripper


John the Ripper is a mature password cracker to find weak or known passwords.

JShielder


JShielder is a security tool for Linux systems to make them more secure by adding system hardening measures.

Karn


Karn is a tool to create AppArmor and seccomp profiles. This can be useful to restrict what applications can do for increased security.

KeePassX


KeePassX is a cross platform application to store sensitive information like usernames, passwords, and other secret.

Latest release: 2.0.3 [Oct. 8, 2016]

KeePassXC


KeePassXC is a cross-platform platform to store sensitive data like passwords, keys, and other secrets. It has a graphical user interface and is written in C++.

Latest release: 2.2.0 [June 25, 2017]

keimpx


The keimpx security tool can be used to check for valid credentials across a network. It uses the SMB protocol, typically used on Microsoft Windows and others.

Kippo


Kippo is a honeypot for SSH connections and written in Python. It can be used to learn about the scripts and attacks that are commonly used against SSH.

Kitty


Kitty is a modular and extensible fuzzing framework written in Python. It is inspired by OpenRCE's Sulley and Michael Eddington's Peach Fuzzer tool.

Latest release: 0.7.1 [March 31, 2017]

Knock


A port knocking implementation to make network ports to become stealth or trigger events based on a port knocking sequence.

Kwetza


Kwetza is a Python script to inject existing Android applications with a Meterpreter payload. It can be used during penetrating testing or security assessments.

larp


Larp is a tool to perform ARP poisoning on the network. It is written in Python and can be used for security assessments.
New tool!

Lemur


Lemur manages TLS certificate creation and the underlying process that is required. It acts as a broker between a certificate authority (CA) and the environment

Latest release: 0.5.0 [April 8, 2017]

Leviathan Framework


Leviathan is a security tool to provide a wide range of services including service discovery, brute force, SQL injection detection, and exploit capabilities.

Latest release: 0.1.2 [April 29, 2017]

LFI Freak


LFI Freak is a tool to help finding and exploiting local file inclusions (LFI). It has a particular focus on using PHP Input, PHP Filter, and Data URI methods.

LIEF


LIEF is a library to analyze executable formats like ELF, MachO, and PE. It can be used during reverse engineering, binary analysis, and malware research.

Latest release: 0.7.0 [July 1, 2017]

LMD


Linux Malware Detect (LMD) is a malware scanner for systems running Linux. The open source software project is released with the GPLv2 license.

Latest release: 1.6.2 [July 14, 2017]

Loki


Loki is security tool to find so-called indicators of compromise (IOC). It does this by scanning files and then uses pattern matching.

Latest release: 0.24.1 [Aug. 15, 2017]

LPFW (LeoPard FloWer)


LUNAR


LUNAR is a security scanner that runs on a Linux system or other flavors of Unix. It provides insights on what can be done to harden the system.

Lynis


Security auditing tool for systems running Linux or Unix-based to perform an in-depth health check.

Latest release: 2.5.3 [Aug. 17, 2017]

Malscan


Malscan is a tool that sells itself as the robust ClamAV-based malware scanner for web servers. It can use signatures from multiple sources to perform scanning.

Maltrail


Maltrail monitors for traffic on the network that might indicate system compromise or other bad behavior. It is great for intrusion detection and monitoring.

MassBleed


MassBleed is a SSL vulnerability scanner to check for several known vulnerabilities and attacks like DROWN, POODLE, and ShellShock.

Masscan


Masscan is a security tool to perform a network scan for many systems at once. It is optimized asynchronous transmissions to achieve its performance.

Latest release: 1.0.4 [June 6, 2017]

MAT (Metadata Anonymisation Toolkit)


MAT is a privacy tool to remove metadata from files. This enhances your privacy levels by removing those bits of data that may store sensitive information.

Metagoofil


Metagoofil is an information gathering tool with focus extracting any metadata from public documents.

Metasploit Framework


Metasploit is a framework that consists of tools to perform security assignments. It focuses on the offensive side of security and leverages exploit modules.

mimipenguin


The mimipenguin tools extracts and dumps discovered login passwords for an active Linux user. It is inspired by the mimikatz tool for Windows.

mimipy


The mimipy tool is based on the work of mimipenguin and ported to Python. It can extract passwords from memory or overwrite them to prevent capture.

mitmproxy (mitmproxy)


The mitmproxy tool allows to intercept, inspect, modify, and replay traffic flows. It may be used for pentesting, troubleshooting, or learning about SSL/TLS.

Latest release: 2.0.2 [April 25, 2017]

mongoaudit


Mongoaudit performs a security audit on MongoDB instances. It can be used to test if the right security measures are taken and detect room for improvement.

Latest release: 0.0.3 [Feb. 16, 2017]

mount


Mount is a common Linux utility to attach file systems to the system. The tool is usually preinstalled and can be run as root or normal users.

Netcat


Netcat can be used to set up network connections via TCP or UDP and have roles like port scanning, transferring files, port listening, or even as a backdoor.

nftables


nftables is a subsystem of the Linux kernel to filter and classify network traffic and supposed to replace netfilter.

Latest release: 0.7 [Dec. 20, 2016]

Nikto


Nikto is an open source security scanner which tests web servers for potential vulnerabilities.

Nix-Auditor


Nix-Auditor is a tool to help with scanning Linux systems and test them against CIS benchmarks.

Latest release: 1.1 [May 18, 2017]

Nmap


Nmap is a security scanner that can perform a port scan, network exploration, and determine vulnerabilities

Latest release: 7.60 [Aug. 1, 2017]

not24get


not24get helps with password quality checking in OpenLDAP and is to be used together with ppolicy. It provides both an API for ppolicy and executable.

ntopng


ntopng is the successor of the original ntop utility. It shows network usage by capturing traffic and provide insights on the usage.

Latest release: 3.0 [June 1, 2017]

OpenSCAP


Tools to assist administrators and auditors with assessment, measurement and enforcement of security baselines

Latest release: 1.2.14 [March 21, 2017]

OpenSnitch


OpenSnitch is a Linux port of the popular macOS Little Snitch application firewall

OpenSSH


OpenSSH is the much-used connectivity tool for remote administration. It uses the SSH protocol and encrypts all traffic to eliminate attacks like eavesdropping.

OpenSSL


OpenSSL is an open source project and provides a toolkit forTransport Layer Security (TLS) and Secure Sockets Layer (SSL) protocols.

OpenStego


OpenStego is a free steganography solution to hide data in other files like images, or add a watermark to them.

Latest release: 0.7.1 [April 29, 2017]

OpenVAS


OpenVAS is a framework of several services and tools offering a vulnerability scanning and vulnerability management solution.

Latest release: 9 [March 8, 2017]

orthrus


Orthrus is a security framework and auditing tool. It allows monitoring and analyzing security configurations across multiple environments.

O-Saft


O-Saft is a security tool to show information about SSL certificates. It tests the SSL connection with the given list of ciphers and configuration.

Latest release: 17.7.17 [July 25, 2017]

Oscanner


Oscanner is an Oracle assessment framework to perform enumeration on Oracle installations. It is written in Java and provides a graphical overview of findings.

OSHP (OWASP Secure Headers Project)


The OSHP project collects data regarding HTTP headers and their usage. It tries to inform adoption rates and increase usage.

osquery


The osquery tool allows querying your Linux, Windows, and macOS infrastructure. It can help with intrusion detection, infrastructure reliability, or compliance.

Latest release: 2.6.0 [July 24, 2017]

OSRFramework


OSRFramework is an open source research framework. The project helps with information gathering and can be classified as an OSINT tool.

OSSEC


OSSEC is an open source host-based intrusion detection system (HIDS). It performs log analysis, integrity checking, rootkit detection, and more.

Latest release: 2.9.1 [June 19, 2017]

OWTF (Offensive Web Testing Framework)


The OWTF project (Offensive Web Testing Framework) unites tools for penetrating testing. Most parts are written in Python.

Latest release: 2.1a0 [April 25, 2017]

p0f


P0f is a security tool that utilizes passive traffic fingerprinting mechanisms to identify the systems behind any incidental TCP/IP communications.

Pacman


Pacman is the default package manager for Arch Linux. The main focus of this tool is on a binary package format and the underlying build system for software.

Pangu


Pangu is a small toolset to mess around with debugging-related tools from the GNU project like GDB.

Panoptic


Panoptic is a tool that automates the process of search and retrieval of content for common log and config files through path traversal vulnerabilities.

Parse


Parse is a security scanner to perform static analysis on PHP code potential security-related issues. As it is a static scanner, no code is executed.

Parsero


Parsero is a Python script to analyze robots.txt on web servers. It specifically looks for the Disallow entries and checks which entries might be accessible.

pas


Pas is a tool to store secrets like passwords, API keys and other sensitive data.

pass (password-store)


The pass utility is also known as password-store. It uses GPG and Unix directories to store passwords and others secrets.

Latest release: 1.7.1 [April 13, 2017]

passhport


With passhport SSH access can be done via a centralized system. There is support for roles, accounting, and authorizations of what commands can be used.

Passmgr


Passmgr is a simple portable password manager written in Go. It helps with storing secrets, like passwords and API keys.

Latest release: 1.0.1 [July 1, 2017]

pass-rotate


pass-rotate is a library and command-line tool to rotate password on various web services. It allows for bulk changing your passwords.

Patator


Patator is a security tool to perform enumeration or brute-force attempts to discover authentication details. It can be used during penetration testing.

PCredz


PCredz is a tool to extract sensitive data from pcap files like credit card numbers, session information, and authentication details.

peepdf


peepdf is a tool to explore a PDF file in order to find out if the file can be harmful or not. It helps security researchers in simplifying the analysis of PDF

PHP Malware Finder


PHP Malware Finder is a tool to find malicious PHP scripts. This threat is common for most web hosters and websites of their customers.

Latest release: 0.3.4 [Nov. 4, 2016]

pick


The pick tool provides a minimal password manager on the terminal for systems running macOS and Linux.

Latest release: 0.4.0 [Feb. 26, 2017]

Plecost


Plecost is a security tool to fingerprint WordPress installations and find available vulnerabilities.

Pompem


Pompem is an open source security tool to automate the search for exploits and vulnerabilities in public databases.

Portspoof


Portspoof is a small utility with the goal to make port scanning by other much harder by showing all TCP ports as 'open' and emulating actual services.

Postfix


Postfix is one of the most used mail transfer agents (MTA) on Linux systems

Prowler


Prowler is a security tool to perform security audits on AWS configurations. It helps to find configuration flaws and improve system hardening.

Latest release: 1.3 [July 18, 2017]

pshtt


pshtt is a security tool to scan domains for the usage of HTTPS and applying best practices in their web configuration.

Latest release: 0.1.6 [May 20, 2017]

Pupy


Pupy is an open source remote administration and post-exploitation tool. It is mainly written in Python and works Androi, Linux, macOS, and Windows.

pwdlyser


The pwdlyser tool can help during penetration tests and security assignments to analyze cracked passwords and their strength.

Latest release: 2.5.1 [June 23, 2017]

Pyersinia


Pyersinia is a tool like Yersinia and can perform network attacks such as spoofing ARP, DHCP DoS , STP DoS, and more. It is written in Python and uses Scapy.

pysap


Pysap is a Python library to craft SAP network protocol packets. It can be used for analysis and security assessments.

Latest release: 0.1.13 [Feb. 16, 2017]

PyT (Python Taint)


Python Taint (or PyT) is a static code analyzer for Python scripts and applications. It tries to discover vulnerabilities or other possible weaknesses.

Pytbull (pytbull)


r2m2



Latest release: 0.2 [Jan. 27, 2017]

radare2


radare2 is a tool to perform reverse engineering on files of all types. It can be used to analyze malware, firmware, or any other type of binary files.

Latest release: 1.6.0 [July 11, 2017]

rdr


Rdr is a cross-platform library to perform binary analysis and reverse engineering. It utilizes a unique symbol map for global analysis.

Recon-ng


Recon-ng is a full-featured web reconnaissance framework. It is written in Python and modular, useful for penetrating tests and security assessments.

Rootkit Hunter (rkhunter)


Security tool to search for traces of rootkits, backdoors, and other malicious components on systems running Linux and other flavors of Unix

Latest release: 1.4.4 [June 29, 2017]

RouterSploit


RouterSploit is a framework to test exploitation of embedded devices. It can be used as part of penetrating testing assignments or security assessments.
Recently reviewed

Ruler


Ruler is a security tool that interacts with Exchange servers remotely. It uses either the MAPI/HTTP or RPC/HTTP protocol, with the goal to gain a remote shell.

Latest release: 2.1.8 [Aug. 10, 2017]

salt-scanner


Salt-scanner is Linux vulnerability scanner based on Salt Open and Vulners audit API. It has Slack notifications and JIRA integration.

Samba


Makes Windows interoperability possible for systems running Linux or other flavors of Linux by sharing file and print services.

Latest release: tevent-0.9.33 [July 21, 2017]

Samba-VirusFilter


On-access antivirus filter for Samba to detect malware threats and prevent them from investing file shares.

Samhain


Host-based intrusion detection system (HIDS) providing file integrity checking and log file monitoring

Scapy


Scapy is an interactive packet manipulation program. It is able to forge or decode packets of a wide number of protocols and send and capture them.

Latest release: 2.3.3 [Oct. 18, 2016]

Scout2


Scout2 is a security tool to assess the security of an AWS environment. It can be used for system hardening and IT audits.

Latest release: 3.0.3 [May 10, 2017]

SearchSploit


Exploit-DB's CLI search tool to find any exploits from the database. The tool is written in shell script and maintained by Offensive Security.

Latest release: 3.7.5 [April 21, 2017]

seccheck


Seccheck is a security scanner for Linux systems. It is originally written for SuSE Linux by Marc Heuse.

Seccubus


Seccubus automates vulnerability scanning with support for Nessus, OpenVAS, NMap, SSLyze, Medusa, SkipFish, OWASP ZAP, and SSLlabs.

Latest release: 2.38 [Aug. 7, 2017]

Security Monkey


Security Monkey monitors AWS and GCP accounts for policy changes and alerts on insecure configurations.

Latest release: 0.9.2 [May 25, 2017]

SFTPfuzzer (Simple FTP Fuzzer)


siemstress


Siemstress describes itself as a very basic Security Information and Event Management system (SIEM).
New tool!

SIMP


SIMP is short for System Integrity Management Platform. It is a project maintained by the NSA and released as an open source project.

Latest release: 5.2.1-0 [Dec. 23, 2016]

SIPVicious


SIPVicious suite is a set of tools that can be used to audit SIP based VoIP systems. It can be useful during penetrating testing and security assignments.

Sn1per


Sn1per is security scanner that can be used during a penetration test to enumerate and scan for vulnerabilities.

Latest release: 2.5 [May 30, 2017]

SNARE


SNARE is a reactive honeypot for security research, detecting attacks, and respond to possible flaws within your environment. It is the successor of Glastopf.

Latest release: 0.2 [June 8, 2017]

Snort


Snort is a network intrusion detection system (NIDS) that runs on Linux and other platforms.

Latest release: 2.9.9.0 [Nov. 7, 2016]

Social-Engineer Toolkit (SET)


The Social-Engineer Toolkit (SET) is an open source penetration testing framework. It helps with assignments that require social engineering.

Latest release: 7.7.1 [July 23, 2017]

SpiderFoot


SpiderFoot is an open source intelligence automation tool (OSINT). It automates the process of gathering intelligence, like IP addresses, domains, and networks.

Latest release: v2.11.0-final [Aug. 12, 2017]

sqhunter


Sqhunter performs threat hunting in your environment. It runs on the salt master node and queries open network sockets, among other information.

sqlmap


The sqlmap performs automatic SQL injection and can take over a database. It is a valued tool for pentesters and those who want to test their web applications.

Latest release: 1.1 [April 7, 2017]

ssh-audit


The ssh-audit tool helps to perform a security assessment of SSH servers and their configuration. It can be used for security testing and penetration tests.

Latest release: 1.7.0 [Oct. 26, 2016]
Recently reviewed

ssh_scan


The ssh_scan utility is a SSH configuration and policy scanner maintained by the Mozilla Foundation. It helps to secure Linux systems running the OpenSSH.

Latest release: 0.0.26 [July 20, 2017]

SSHsec


SSHsec scans a system running the SSH protocol and retrieves its configuration, host keys, and Diffie-Hellman groups.

Latest release: 1.4.0 [July 8, 2017]

sslcaudit


The sslcaudit project helps with automated testing of SSL/TLS clients for resistance against MITM attacks.

ssldump


ssldump is protocol analyzer for SSLv3/TLS network traffic. It identifies TCP connections on the chosen network interface and tries to interpret it.

SSLMap


SSLMap is a TLS/SSL cipher suite scanner. It provides a way to detect weak ciphers enabled on SSL endpoints and can be used during security assessments.

Latest release: 0.2.0 [Nov. 16, 2016]

sslsniff


The sslsniff tool helps with performing man-in-the-middle (MitM) attacks on SSL/TLS traffic. It can be used for security assignments.

SSLsplit


SSLsplit is a security tool to perform transparent SSL/TLS interception by using a so-called man-in-the-middle (MitM) attack.

sslstrip


The sslstrip tool can guide in performing a man-in-the-middle (Mitm) attack on SSL connections.

SSLyze


SSLyze provides a library for scanning services that use SSL/TLS for encrypted communications. It can be used to test their implementation.

Latest release: 1.1.2 [July 22, 2017]

SubBrute (subdomain-bruteforcer)


SubBrute is a DNS meta-query spider that enumerates DNS records and subdomains. This can be useful during penetration tests and security assessments.

Suhosin


Suhosin is a security extension for PHP and consists of two parts that enhance PHP. It helps with protecting against known and unknown attacks.

Suhosin7


Suhosin7 is the security extension for PHP 7 versions. It protects a PHP installation by preventing different types of attacks.

Sulley


Sulley is an automated fuzzing framework that can be used during penetration tests and security assessments.

Suricata


Network threat detection engine that acts as intrusion detection (IDS), inline intrusion prevention (IPS), and network security monitoring (NSM)

Latest release: suricata-4.0.0 [July 27, 2017]

Susanoo


Susanoo is a security tool to test the security of a REST API. With this focus, it goes beyond the typical attack surface of a web application.

swap_digger


The swap_digger tool helps with extracting sensitive data from a mounted swap partition. It can be used for forensics, post exploitation, or data discovery.

Latest release: 1.0 [Aug. 7, 2017]

TANNER


TANNER is the 'brain' of the SNARE tool. It evaluates its events and alters the responses to incoming requests depending on the type of attacks.

Latest release: 0.4 [July 31, 2017]

testssl.sh


testssl.sh is a command line tool which checks a system on any port for the support of TLS/SSL ciphers, protocols, as well as some cryptographic flaws.

Latest release: 2.8 [May 10, 2017]

THC Hydra (thc-hydra)


THC Hydra is a brute-force cracking tool for remote authentication services. It supports many protocols, including telnet, FTP, LDAP, SSH, SNMP, and others.

Latest release: 8.6 [July 21, 2017]

THC IPv6 Attack Toolkit (thc-ipv6)


THC IPv6 attack toolkit a set of utilities. It can be used for penetrating testing and security assessments of correct network implementations.

Latest release: 3.2 [Jan. 18, 2017]

theHarvester


theHarvester is a tool to gather email accounts, subdomains, virtual hosts, open ports, banners, and employee names. It uses different public sources.

The Sleuth Kit


The Sleuth Kit is a toolkit to investigate disk images and do forensic analysis on them.

Latest release: sleuthkit-4.4.2 [Aug. 7, 2017]

ThreatPinch Lookup


ThreatPinch is a Chrome extension to perform information lookups on data artifacts like domain names, hashes, IP addresses, and more.

Tiger


Tiger a security audit and intrusion detection tool for flavors of Unix

TLS-Attacker


TLS-Attacker is a framework to analyze TLS libraries. It is written in Java and developed by the Ruhr University Bochum and Hackmanit GmbH.

Latest release: 1.2 [Oct. 19, 2016]

tlsenum


The CLI tool tlsenum attempts to enumerate what TLS cipher suites a server supports and then list them in order of priority.

UPX


UPX is tool to pack several executable formats. It is free, portable, and extendable, and well-known.

Latest release: 3.94 [May 12, 2017]

USB Canary


USB Canary monitors the devices on a system for the addition or removal of USB devices. On such an event, then an alert will be sent.

Latest release: 1.0.4 [April 4, 2017]

Vane


Vane is a forked project of the now non-free popular WordPress vulnerability scanner WPScan.

Vault


Vault is a tool created by HashiCorp to store secrets like keys and passwords. These secrets are typically used by other software components and scripts.

Latest release: 0.8.1 [Aug. 16, 2017]

Veil Framework


Veil is a security tool designed to generate payloads for Metasploit that help in bypassing common anti-virus solutions.

Latest release: 3.1.1 [May 28, 2017]

vFeed


vFeed is a set of tools around correlated vulnerability and threat intelligence. It provides a database, API, and supporting tools to store vulnerability data.

Latest release: 0.7.2 [June 16, 2017]

Viper


Viper is a binary analysis and management framework for security researchers. It provides a way to organization your collection of malware samples and exploits.

Viproy (viproy-voipkit)


Viproy is a VoIP penetration testing and exploitation kit. It helps with testing VoIP protocols like SIP and Cisco Skinny and related IP phone services.

Volatility


Volatile memory framework used for forensics and analysis purposes. The framework is written in Python and runs on almost all platforms.

Latest release: 2.6 [Dec. 29, 2016]

vulnerable-node


Vulnerable-node is a vulnerable website with identified vulnerabilities. It can be used to test the quality of tools and is written in Node.js.

vulnix


Vulnix is a security scanner for NixOS. It specifically looks for vulnerabilities in available packages and comes with a command line interface (CLI).

Vulnreport


Vulnreport is a tool to automate and manage all the data involved security reviews. In particular, it focuses on discovered vulnerabilities.

Latest release: 3.0.3 [Oct. 14, 2016]

Vuls


Vuls is a vulnerability scanner for Linux and FreeBSD. It is written in Go, agentless, and does a remote login to find any software vulnerabilities.

Latest release: 0.3.0 [March 24, 2017]

wafw00f


wafw00f is a security tool to perform fingerprinting on web applications and detect any web application firewall in use.

web-hunter


Web-hunter is a tool to crawl search engines like Google and Bing to find emails, sub domains, and URLs associated with a specified target domain.

weblocator


The weblocator security tool performs a discovery search to find directories and files. This can be useful for penetration tests to find sensitive data.

Wireshark


Wireshark is the well-known network protocol analyzer. It allows you to see what is happening on the network and zoom into the details of the network protocols.

Latest release: 2.2.7 [June 1, 2017]

WordPress Exploit Framework (WPXF)


The WordPress Exploit Framework (WPXF) is a framework written in Ruby. As the name implies, it aids in pentesting WordPress installations.

Latest release: 1.7 [Aug. 18, 2017]

Wordstress


Wordstress is a security scanner for WordPress installations. It uses a white-box approach in scanning, which makes it different than most other scanners.

wp_enum


The wp_enum tool helps with the discovery of WordPress users and accounts.

Latest release: No version [March 5, 2017]

WPForce


WPForce is a suite of tools to attack Wordpress installations. One part focuses on brute forcing logins, the other to upload a shell upon finding credentials.

Latest release: v.1.0.0 [June 6, 2017]

WPScan


WPScan is a security tool to perform black box WordPress vulnerability scans, including enumeration of used plugins

Latest release: 2.9.3 [July 19, 2017]

WPSeku


WPSeku is a WordPress vulnerability scanner that can be used to scan remote WordPress installations.

Latest release: 0.2 [May 25, 2017]

wpsik


The wpsik tool is used to perform security scans on a wireless network.

wpvulndb_cmd


wpvulndb_cmd is a command-line security tool to perform a vulnerability scan on WordPress installations. It uses WP-CLI and the WPScan vulnerability database.

Xplico


Xplico is a forensics analysis tool to investigate the traffic patterns in a pcap file. It is released as a GPL project, with some scripts under a CC license.

Latest release: 1.2.0 [Feb. 1, 2017]

XSSER


XXSER leverages the execution of arbitrary code on the web server when an administrative user inadvertently triggers a hidden XSS payload.

Latest release: 2.5.1 [Nov. 13, 2016]

XSS Hunter


XSS Hunter helps with finding XSS attacks and trigger a warning when one is succesful. It exists as an online service, or self-hosted installation.

YARA


YARA is a security tool to help malware researchers to identify and classify malware samples. For example by defining malware families based on patterns.

Latest release: 3.6.3 [July 5, 2017]

YASAT


YASAT describes itself as another simple stupid audit tool to test Linux systems. It has many tests for checking the security configuration of the system.

Latest release: 848 [Aug. 30, 2016]

Yasuo


Yasuo is a Ruby script that scans for vulnerable and exploitable third-party web applications.

Yersinia


Yersinia is a framework to perform layer 2 attacks. It can be used for pentests and security assessments to test network safeguards.

Latest release: 0.8.0b1 [Aug. 11, 2017]

Yosai


Yosai is security framework for Python applications and adds authentication, authorization, and session management capabilities.

Latest release: 0.3.0 [Nov. 24, 2016]

ZAP (zaproxy)


The OWASP Zed Attack Proxy (ZAP) helps to find security vulnerabilities in web applications during development and testing.

Latest release: 2.6.0 [March 29, 2017]

Zenmap


The graphical user interface for the well-known network and vulnerability scanner nmap.

Latest release: 7.4.0 [Dec. 20, 2016]

Zeus


Zeus is a security tool to provide security audits on AWS environments. It is written in shell script and can be used for security audits.
Recently reviewed

ZGrap


ZGrap is a TLS banner grabber and written in Go. It works together with the ZMap utility.

Recently reviewed