Tools starting with G

Looking for new tools to extend your tool box? The top 100 list of best security tools is a great start.


GasMask is an open source intelligence gathering tool (OSINT). It can be used to discover more information about a particular target. The sources it uses include search engines like Bing, Google, and Yandex. Additionally it retrieves information from GitHub, YouTube, and social media platforms like Twitter.

Latest release: v2.0_morpheus [June 16, 2020]


Gauntlt is a security toolkit that allows attacking your code. Its purpose is to be mean and test as many types of attacks and see if it can withstand them. The project is available under the MIT license and exists since 2012.

GGRC (Google Governance, Risk and Compliance)

Governance, Risk Management, and Compliance are activities necessary for any organization with regulatory or contractual obligations. The GGRC tooling helps with storing all related information and interconnecting the pieces.


Git-crypt enables encryption and decryption of files in a Git repository. It is transparent to the user and can be used to freely share a repository containing both public and private information.


Gitem is a reconnaissance tool to extract information about organizations on GitHub. It can be used to find the leaking of sensitive data.


Gitleaks is a security tool written in Golang to perform an audit on a Git software repository. Read this review to see how it works.

Latest release: 7.4.0 [April 9, 2021]


Gitmails is a tool that explores git commits and extracts email addresses. This harvesting tool can be used to perform information gathering about individuals and companies. It may be used for penetration tests and security assessments.


GitMiner is a security tool to scan a Git repository for data leaks that may reveal sensitive information like authentication details.


Gitrob is a security tool to find sensitive information on GitHub. During the audit, it may detect passwords, API keys, or other secrets.


Git-secrets is a tool to prevent your secrets, like authentication details or otherwise specified patterns, to end up in a Git. This way these details won't end up in your version control system by accident.


Glastopf is a honeypot for web applications. It is written in Python and collects all kind of attacks against it for further analysis.


Gophish is an open source phishing toolkit. Its focus is on businesses and penetration testers to test security awareness and security policies.

Latest release: 0.11.0 [Aug. 28, 2020]


Gosec is a security tool that performs a static code analysis for Golang projects for security flaws. Read how it works in this review.

Latest release: 2.7.0 [March 4, 2021]


Graudit is a security tool to perform static code analysis by using the grep tool. It is a lightweight solution to find common issues in code.

Latest release: 2.9 [April 9, 2021]

GRR Rapid Response

GRR is a security tool for live forensics on remote systems. It uses a client-server model to obtain information from the systems and store them centrally.

Latest release: v3.4.2.4-release [Oct. 15, 2020]
RSS feed icon for Linux security tools

Recently reviewed

  • ZAP (web application analysis)
  • Maltrail (malicious traffic detection system)
  • tls-ca-manage
  • Wapiti (vulnerability scanner for web applications)
  • Vuls (agentless vulnerability scanner)
  • Cppcheck (static code analyzer)
  • Zeek (network security monitoring tool)
  • XSStrike (XSS detection and exploitation suite)
  • Decentraleyes (local CDN emulation for privacy)
  • RootHelper (script to retrieve exploitation tools)
  • graudit (static code analysis tool)
  • Suhosin7 (Suhosin security extension for PHP 7.x)
  • gosec (Golang security checker)
  • Bleach (sanitizing library for Django)
  • siemstress (basic SIEM solution)
  • Malice (VirusTotal clone)
  • CMSeeK (CMS detection and exploitation)
  • Cutter (graphical user interface for radare2)
  • massh-enum (OpenSSH user enumeration)
  • radare2 (reverse engineering tool and binary analysis)
  • nftables (network traffic filtering)
  • Malscan (malware scanner for web servers)
  • Prowler (AWS benchmark tool)
  • BDA (vulnerability scan for Hadoop and Spark)
  • Tulpar (web vulnerability scanner)