Tools starting with C
Looking for new tools to extend your tool box? The top 100 list of best security tools is a great start.
CAIRIS
CAIRIS is a tool to specify and model secure and usable systems. It helps to support the elements necessary for usability, requirements, and risk analysis.
CHIRON ELK
CHIRON is a tool to provide network analytics based on the ELK stack with threat detection. Learn how it works in this review.
CIRCLean
CIRCLean is a hardware solution to clean documents from untrusted USB drives and sticks. The device automatically disarms harmful documents.
CMSeeK
CMSeeK is a security scanner for content management systems (CMS) and used for security assessments. Read how it works in this review.
CMSmap
CMSmap is a security tool to perform reconnaissance on a web target. It helps with the detection of several popular content management systems (CMS).
Certificate Transparency
Google's Certificate Transparency project audits the way SSL/TLS certificates are used and its underlying cryptographic system.
Certigo
Certigo is a security tool to find information about different types of digital certificates and validate them. It can be used in scripts or manually.
Chiron
Chiron is a security assessment framework for IPv6 testing. It can be used during penetration testing or analysis of network devices. Read how it works in this review.
Clair
Clair is an open source container analyzer. It performs static analysis of container images and correlates their contents with public vulnerability databases.
ClamAV
ClamAV is an open source antivirus engine. It can detect malicious software (malware) like trojans, viruses, backdoors and other related threats.
Cloud Security Suite (CS Suite)
CS Suite is a security toolkit that allows scanning Amazon, Google, and Azure cloud platforms. Read how it works in this review.
CloudSploit scans
CloudSploit scans is an open source software project to test security risks related to an AWS account. It runs tests against your Amazon account and aims to discover any potential misconfigured setting or other risks.
Commix
Commit is a security tool to test web applications and find vulnerabilities related to command injection attacks. It can be used during security assignments.
Confidant
Confidant is an open source secret manager developed by Lyft. Read our review about what it does and how it works.
Conpot
Conpot is an ICS honeypot to collect intelligence and information about attacks against industrial control systems. It is written in Python.
Cowrie
Cowrie is a honeypot to emulate SSH and telnet services. It can be used to learn attack methods and as an additional layer for security monitoring.
Cppcheck
Cppcheck is a static code analysis tool for C and C++ code. It helps to discover bugs that would not be picked up by compilers, yet avoid any false positives.
Crowbar
Crowbar is a brute forcing tool that can be used during penetration tests. Unlike other similar tools it uses different methods to achieve its goal.
Cryptomator
Cryptomator is a multi-platform tool for transparent client-side encryption of your files. It is used together with cloud services to ensure you are the only one who can access the data.
Cuckoo Sandbox (cuckoo)
Cuckoo Sandbox is a malware analysis system. By feeding it suspicious files, Cuckoo can provide detailed findings on what a file did and how it behaved.
Cutter
Cutter is a graphical user interface for radare2, the well-known reverse engineering framework. Read how it works in this review.
Cyphon
Cyphon is an incident management and response platform to deal with incoming alerts and messages. It is multi-purpose and can be used for information security.
changeme
The tool changeme is a credential scanner for default usernames and passwords, or common combinations of these.
chkrootkit
chkrootkit is a malware scanner to locally check for signs of a rootkit. It is written in shell script and runs on the host system itself.
cipherscan
Cipherscan is a tool to test the ordering of SSL/TLS ciphers on a given target. It tests the major versions of SSL, TLS, and any extensions of these protocols.
cve-search
cve-search is a security tool to import CVE and CPE data and enable it to be searched. It can be used to detect vulnerabilities on the system.
Recently reviewed
- Archery (vulnerability assessment and management)
- Wapiti (vulnerability scanner for web applications)
- Patator (multi-purpose brute-force tool)
- BleachBit (system cleaner and privacy tool)
- OpenSCAP (suite with tools and security data)
- Lynis (security scanner and compliance auditing tool)
- BlackBox (store secrets in Git/Mercurial/Subversion)
- salt-scanner (Linux vulnerability scanner)
- Infection Monkey (security testing for data centers and networks)
- Anchore Engine (container analysis and inspection)
- Zeek (network security monitoring tool)
- ZAP (web application analysis)
- Maltrail (malicious traffic detection system)
- tls-ca-manage
- Vuls (agentless vulnerability scanner)
- Cppcheck (static code analyzer)
- XSStrike (XSS detection and exploitation suite)
- Decentraleyes (local CDN emulation for privacy)
- RootHelper (script to retrieve exploitation tools)
- graudit (static code analysis tool)
- Suhosin7 (Suhosin security extension for PHP 7.x)
- gosec (Golang security checker)
- Bleach (sanitizing library for Django)
- siemstress (basic SIEM solution)
- CMSeeK (CMS detection and exploitation)