Tools starting with C
Looking for new tools to extend your tool box? The top 100 list of best security tools is a great start.
CAIRIS is a tool to specify and model secure and usable systems. It helps to support the elements necessary for usability, requirements, and risk analysis.
Google's Certificate Transparency project audits the way SSL/TLS certificates are used and its underlying cryptographic system.
Certigo is a security tool to find information about different types of digital certificates and validate them. It can be used in scripts or manually.
The tool changeme is a credential scanner for default usernames and passwords, or common combinations of these.
Chiron is a security assessment framework for IPv6 testing. It can be used during penetration testing or analysis of network devices. Read how it works in this review.
CHIRON is a tool to provide network analytics based on the ELK stack with threat detection. Learn how it works in this review.
chkrootkit is a malware scanner to locally check for signs of a rootkit. It is written in shell script and runs on the host system itself.
Cipherscan is a tool to test the ordering of SSL/TLS ciphers on a given target. It tests the major versions of SSL, TLS, and any extensions of these protocols.
CIRCLean is a hardware solution to clean documents from untrusted USB drives and sticks. The device automatically disarms harmful documents.
Clair is an open source container analyzer. It performs static analysis of container images and correlates their contents with public vulnerability databases.
ClamAV is an open source antivirus engine. It can detect malicious software (malware) like trojans, viruses, backdoors and other related threats.
Cloud Security Suite (CS Suite)
CS Suite is a security toolkit that allows scanning Amazon, Google, and Azure cloud platforms. Read how it works in this review.
CloudSploit scans is an open source software project to test security risks related to an AWS account. It runs tests against your Amazon account and aims to discover any potential misconfigured setting or other risks.
CMSeeK is a security scanner for content management systems (CMS) and used for security assessments. Read how it works in this review.
CMSmap is a security tool to perform reconnaissance on a web target. It helps with the detection of several popular content management systems (CMS).
Commit is a security tool to test web applications and find vulnerabilities related to command injection attacks. It can be used during security assignments.
Confidant is an open source secret manager developed by Lyft. Read our review about what it does and how it works.
Conpot is an ICS honeypot to collect intelligence and information about attacks against industrial control systems. It is written in Python.
Cowrie is a honeypot to emulate SSH and telnet services. It can be used to learn attack methods and as an additional layer for security monitoring.
Cppcheck is a static code analysis tool for C and C++ code. It helps to discover bugs that would not be picked up by compilers, yet avoid any false positives.
Crowbar is a brute forcing tool that can be used during penetration tests. Unlike other similar tools it uses different methods to achieve its goal.
Cryptomator is a multi-platform tool for transparent client-side encryption of your files. It is used together with cloud services to ensure you are the only one who can access the data.
Cuckoo Sandbox (cuckoo)
Cuckoo Sandbox is a malware analysis system. By feeding it suspicious files, Cuckoo can provide detailed findings on what a file did and how it behaved.
Cutter is a graphical user interface for radare2, the well-known reverse engineering framework. Read how it works in this review.
cve-search is a security tool to import CVE and CPE data and enable it to be searched. It can be used to detect vulnerabilities on the system.
Cyphon is an incident management and response platform to deal with incoming alerts and messages. It is multi-purpose and can be used for information security.
- Wapiti (vulnerability scanner for web applications)
- Vuls (agentless vulnerability scanner)
- Cppcheck (static code analyzer)
- Zeek (network security monitoring tool)
- XSStrike (XSS detection and exploitation suite)
- Decentraleyes (local CDN emulation for privacy)
- RootHelper (script to retrieve exploitation tools)
- graudit (static code analysis tool)
- Suhosin7 (Suhosin security extension for PHP 7.x)
- gosec (Golang security checker)
- siemstress (basic SIEM solution)
- CMSeeK (CMS detection and exploitation)
- Malice (VirusTotal clone)
- Bleach (sanitizing library for Django)
- SQLMate (a friend of SQLMap with additional features)
- Termineter (smart meter security framework)
- tlsenum (enumeration tool for TLS)
- hBlock (ad blocking and tracker/malware protection)
- Malscan (malware scanner for web servers)
- massh-enum (OpenSSH user enumeration)
- BDA (vulnerability scan for Hadoop and Spark)
- SubFinder (subdomain scanner)
- Prowler (AWS benchmark tool)
- GitMiner (Git data miner)
- Hash Buster (find cleartext of hash)