Tools starting with A
Looking for new tools to extend your tool box? The top 100 list of best security tools is a great start.
A2SV
A2SV is short for Auto Scanning to SSL Vulnerability, a security tool to scan for SSL and TLS vulnerabilities. It can be used during security assessments.
AESKeyFinder
AESKeyFinder is a tool to find 128-bit and 256-bit AES keys in a memory image.
AIL framework
AIL is a framework to analyze potential information leaks from unstructured data sources. For example, this may include data from Pastebin and similar services.
APT2 (apt2)
APT2 is a tool written by Adam Compton and Austin Lane to help pentesters automate mundane scanning tasks. It leverages scan results from Nexpose, Nessus, or Nm
ATSCAN
ATSCAN is a security tool to perform a mass exploitation scan on search engines. It discovers targets that may be susceptible to exploitation.
AWSBucketDump
AWSBucketDump is a security tool to find interesting files in AWS S3 buckets that are part of Amazon cloud services.
Acra
Acra is a database encryption proxy that provides encryption and data leakage prevention to applications. Read how it works in this review.
Admin Page Finder (PHP)
Admin Page Finder is a tool written in PHP to find admin sections within a website. It can be used during pentesting and security assessments.
Agafi
Agafi is short for Advanced Gadget Finder. This security tool helps with finding gadgets in programs, modules, and running processes.
Albatar
Albatar is an alternative to tools like sqlmap to find and exploit SQL injection vulnerabilities. However, this tool focuses on the exploitation side.
Aletheia
Aletheia is a project to manage secrets in Google Cloud with CloudKMS and Cloud Storage. It can be used to store sensitive data like authentication details.
Algo VPN
Algo VPN is a set of Ansible scripts to configure a personal VPN using IPSEC. Read the review and see how it works.
Anchore Engine
Anchore is a toolkit to perform in-depth container analysis, inspection, and controlling them. Among security scanning, it can do a wide range of functions.
Anti-DDOS
Anti-DDOS is an open source software project developed to protect against DDoS attacks. The project consists of a shell script to set up iptables for traffic filtering. Additionally, it will configure kernel parameters to better withstand lots of network traffic.
Arachni
Web Application Security Scanner aimed towards helping users evaluate the security of web applications
Archery
Archery is a Django-based application to perform vulnerability assessments and do vulnerability management.
ArpON
ArpON is a host-based tool to improve the security of the Address Resolution Protocol (ARP).
Arpoison
Arpoison is a small utility to send custom ARP packets. It can be used during security assessments and pentests.
Assimilator
Assimilator is a firewall orchestration tool. It allows configuration and automation of firewall rules by proxy requests to different types of firewalls.
AutoNessus (autonessus)
The AutoNessus tool helps with automating vulnerability scans via the Nessus API. It lists policies and can configure the state of scans.
AutoSploit
AutoSploit is short for automatic exploitation. The open source tool helps pentesters and ethical hackers. Read this review on see how it works.
Azazel
Azazel is a Linux rootkit that uses the LD_PRELOAD technique to intercept system calls. Rootkits are a type of malicious software (malware).
acccheck
The acccheck tool performs a password guessing and dictionary attack on SMB services used to share files and printers.
addrwatch
Addrwatch is a tool similar to arpwatch to monitor IPv4/IPv6 and ethernet address pairing.
afl (American fuzzy lop)
American fuzzy lop, or afl, is a security-oriented fuzzer. It helps with testing software to find unexpected results within applications.
aiodnsbrute (Async DNS Brute)
Async DNS Brute, or aiodnsbrute, is a security tool to help with resolving many DNS entries and the related discovery.
aircrack-ng
Aircrack-ng is a security toolkit to perform WiFi auditing. It can be useful for security assessments to test the security of the wireless network.
airgeddon
Airgeddon is a toolkit to perform security assessments of wireless networks. It can perform different types of wireless attacks.
altdns
Altdns is a security tool to discover subdomains during pentesting. Read this review to learn how it works and how to use it.
angr
Angr is a security tool written in Python to allow analyzing binaries. It provides a combination of static and dynamic analysis.
arch-audit
Utility like pkg-audit for Arch Linux to find vulnerable packages on the system
arp-scan
arp-scan is a security tool that sends ARP packets to hosts on the local network. Any responses to the requests are displayed.
arpag
Arpag is a security tool to perform automatic exploiting of targets. It can be instructed to scan a set of ports and based on the outcome, it will search and active a related exploit.
arping
arping is a tool for the discovery of hosts on a computer network using the Address Resolution Protocol (ARP).
Recently reviewed
- Archery (vulnerability assessment and management)
- Wapiti (vulnerability scanner for web applications)
- Patator (multi-purpose brute-force tool)
- BleachBit (system cleaner and privacy tool)
- OpenSCAP (suite with tools and security data)
- Lynis (security scanner and compliance auditing tool)
- BlackBox (store secrets in Git/Mercurial/Subversion)
- salt-scanner (Linux vulnerability scanner)
- Infection Monkey (security testing for data centers and networks)
- Anchore Engine (container analysis and inspection)
- Zeek (network security monitoring tool)
- ZAP (web application analysis)
- Maltrail (malicious traffic detection system)
- tls-ca-manage
- Vuls (agentless vulnerability scanner)
- Cppcheck (static code analyzer)
- XSStrike (XSS detection and exploitation suite)
- Decentraleyes (local CDN emulation for privacy)
- RootHelper (script to retrieve exploitation tools)
- graudit (static code analysis tool)
- Suhosin7 (Suhosin security extension for PHP 7.x)
- gosec (Golang security checker)
- CMSeeK (CMS detection and exploitation)
- siemstress (basic SIEM solution)
- Malice (VirusTotal clone)