Tools starting with L
Looking for new tools to extend your tool box? The top 100 list of best security tools is a great start.
LFI Freak is a tool to help finding and exploiting local file inclusions (LFI). It has a particular focus on using PHP Input, PHP Filter, and Data URI methods.
LFI Suite is a security tool to automate the scanning and exploitation of Local File Inclusion vulnerabilities. It uses a wide range of attack methods to achieve this goal. This tool would be useful to penetration testers for security assignments.
LIEF is a library to analyze executable formats like ELF, MachO, and PE. It can be used during reverse engineering, binary analysis, and malware research.
Linux Malware Detect (LMD) is a malware scanner for systems running Linux. The open source software project is released with the GPLv2 license.
LPFW (LeoPard FloWer)
LUNAR is a security scanner that runs on a Linux system or other flavors of Unix. It provides insights on what can be done to harden the system.
The LaZagne project is an open source tool to retrieve passwords stored on a local system. It uses different techniques to obtain passwords from well-known applications.
Lemur manages TLS certificate creation and the underlying process that is required. It acts as a broker between a certificate authority (CA) and the environment
Leviathan is a security tool to provide a wide range of services including service discovery, brute force, SQL injection detection, and exploit capabilities.
LinEnum can be used during penetration tests to perform scripted local Linux enumeration and check for privilege escalations.
LogonTracer is a tool to investigate malicious logins from Windows event logs with visualization capabilities. Read how it works in this review.
Loki is security tool to find so-called indicators of compromise (IOC). It does this by scanning files and then uses pattern matching.
Lynis is a security auditing tool for systems running Linux, macOS, or Unix. It can be used for security assessments and configuration audits.
Larp is a tool to perform ARP poisoning on the network. It is written in Python and can be used for security assessments.
The libewf library provides access to files in the Expert Witness Format (EWF). This allows toolkits using the libewf library to read or create disk images. An analyst can use this for further investigation during a forensics assignment.
- Archery (vulnerability assessment and management)
- Wapiti (vulnerability scanner for web applications)
- Patator (multi-purpose brute-force tool)
- BleachBit (system cleaner and privacy tool)
- OpenSCAP (suite with tools and security data)
- Lynis (security scanner and compliance auditing tool)
- BlackBox (store secrets in Git/Mercurial/Subversion)
- salt-scanner (Linux vulnerability scanner)
- Infection Monkey (security testing for data centers and networks)
- Anchore Engine (container analysis and inspection)
- Zeek (network security monitoring tool)
- ZAP (web application analysis)
- Maltrail (malicious traffic detection system)
- Vuls (agentless vulnerability scanner)
- Cppcheck (static code analyzer)
- XSStrike (XSS detection and exploitation suite)
- Decentraleyes (local CDN emulation for privacy)
- RootHelper (script to retrieve exploitation tools)
- graudit (static code analysis tool)
- Suhosin7 (Suhosin security extension for PHP 7.x)
- gosec (Golang security checker)
- siemstress (basic SIEM solution)
- CMSeeK (CMS detection and exploitation)
- Bleach (sanitizing library for Django)