Tools starting with M

Looking for new tools to extend your tool box? The top 100 list of best security tools is a great start.

Magic Unicorn

Magic Unicorn is a tool to perform a PowerShell downgrade attack and inject shellcode into memory. Read the review and how it works.

Latest release: 3.8.1 [June 27, 2019]


Malice is a malware analysis that wants to provide a free and open source version of VirusTotal. Read how the framework works in this review.

Latest release: 0.3.28 [Dec. 2, 2018]


MalPipe is a modular malware and indicator collection and processing framework. It is designed to pull information about malware, domains, URLs, and IP addresses from multiple feeds. Finally, it will enrich the collected data and export the results.


Malscan is a tool that sells itself as the robust ClamAV-based malware scanner for web servers. It can use signatures from multiple sources to perform scanning.

Latest release: 1.8.1 [Nov. 26, 2018]

Mal Tindex

Mal Tindex is an open source security tool to index binaries with the goal to attribute them to malware campaigns. Read in this review how it works.


Maltrail monitors for traffic on the network that might indicate system compromise or other bad behavior. It is great for intrusion detection and monitoring.

Latest release: 0.14 [July 9, 2019]


Manticore is a binary analysis tool. It uses dynamic analysis, meaning parts of the binary will be executed and tested.

Latest release: 0.3.1 [Aug. 6, 2019]


MassBleed is a SSL vulnerability scanner to check for several known vulnerabilities and attacks like DROWN, POODLE, and ShellShock.


Masscan is a security tool to perform a network scan for many systems at once. It is optimized asynchronous transmissions to achieve its performance.


Massh-enum is a user enumeration tool for OpenSSH with the goal to find valid usernames. Read how it works in this review.

MAT (Metadata Anonymisation Toolkit)

MAT is a privacy tool to remove metadata from files. This enhances your privacy levels by removing those bits of data that may store sensitive information.


Mehrai is a honeypot written in Python to simulate telnet traffic. Like most honeypots, it captures information about the actions taken by the attackers.


Metagoofil is an information gathering tool with focus extracting any metadata from public documents.

Metasploit Framework

Metasploit is a framework that consists of tools to perform security assignments. It focuses on the offensive side of security and leverages exploit modules.

MIG (Mozilla InvestiGator)

MIG, or Mozilla InvestiGator, is a security tool to perform forensic investigation in real-time on Linux, macOS, and Windows systems.


The mimipenguin tools extracts and dumps discovered login passwords for an active Linux user. It is inspired by the mimikatz tool for Windows.

Latest release: beta-1.0_RC1 [Aug. 22, 2019]


The mimipy tool is based on the work of mimipenguin and ported to Python. It can extract passwords from memory or overwrite them to prevent capture.


MISP is short for Malware Information Sharing Platform. It helps with sharing threat data which can be used by defenders and malware researchers.

Latest release: 2.4.115 [Sept. 10, 2019]

mitmproxy (mitmproxy)

The mitmproxy tool allows to intercept, inspect, modify, and replay traffic flows. It may be used for pentesting, troubleshooting, or learning about SSL/TLS.


Moloch is an open source, large scale, full packet capturing, indexing, and database system. Moloch augments your current security infrastructure to store and index network traffic in standard PCAP format, providing fast, indexed access.

Latest release: 2.0.1 [Sept. 9, 2019]


Mongoaudit performs a security audit on MongoDB instances. It can be used to test if the right security measures are taken and detect room for improvement.

MongoSanitizer (python-mongo-sanitizer)

MongoSanitizer is a software component sanitizes MongoDB queries to prevent injection attacks as much as possible.


The msfenum script simplifies the Metasploit execution when scanning for low hanging fruit. Have a look at the review and see how it works.


MTPot is a so-called telnet honeypot that allows to bind and listen on a specific port. It can be configured to allow specific commands and the related responses to return. The tool also performs fingerprinting to discover what type of attack is occuring and send these details via syslog.


MultiScanner is a modular file scanning and analysis framework. It can be used to scan files and detect malware or other suspicious traces. With the help of the modules, it can be extended to provide more details about a file.

Latest release: 2.0.0 [Jan. 28, 2019]
RSS feed icon for Linux security tools

Recently reviewed

  • Vuls (agentless vulnerability scanner)
  • Cppcheck (static code analyzer)
  • Zeek (network security monitoring tool)
  • XSStrike (XSS detection and exploitation suite)
  • Decentraleyes (local CDN emulation for privacy)
  • RootHelper (script to retrieve exploitation tools)
  • graudit (static code analysis tool)
  • Suhosin7 (Suhosin security extension for PHP 7.x)
  • gosec (Golang security checker)
  • Malice (VirusTotal clone)
  • Bleach (sanitizing library for Django)
  • siemstress (basic SIEM solution)
  • CMSeeK (CMS detection and exploitation)
  • GitMiner (Git data miner)
  • massh-enum (OpenSSH user enumeration)
  • CMSmap (reconnaissance tool for popular CMS frameworks)
  • Prowler (AWS benchmark tool)
  • django-security (Security add-ons for Django)
  • Malscan (malware scanner for web servers)
  • SQLMate (a friend of SQLMap with additional features)
  • hBlock (ad blocking and tracker/malware protection)
  • nftables (network traffic filtering)
  • Cutter (graphical user interface for radare2)
  • Termineter (smart meter security framework)
  • tlsenum (enumeration tool for TLS)