Tools starting with M

Looking for new tools to extend your tool box? The top 100 list of best security tools is a great start.

Magic Unicorn

Magic Unicorn is a tool to perform a PowerShell downgrade attack and inject shellcode into memory. Read the review and how it works.

Latest release: 3.12 [June 18, 2020]


Malice is a malware analysis that wants to provide a free and open source version of VirusTotal. Read how the framework works in this review.


MalPipe is a modular malware and indicator collection and processing framework. It is designed to pull information about malware, domains, URLs, and IP addresses from multiple feeds. Finally, it will enrich the collected data and export the results.


Malscan is a tool that sells itself as the robust ClamAV-based malware scanner for web servers. It can use signatures from multiple sources to perform scanning.

Mal Tindex

Mal Tindex is an open source security tool to index binaries with the goal to attribute them to malware campaigns. Read in this review how it works.


Maltrail monitors for traffic on the network that might indicate system compromise or other bad behavior. It is great for intrusion detection and monitoring.

Latest release: 0.22 [June 30, 2020]


Manticore is a binary analysis tool. It uses dynamic analysis, meaning parts of the binary will be executed and tested.

Latest release: 0.3.4 [June 27, 2020]


MassBleed is a SSL vulnerability scanner to check for several known vulnerabilities and attacks like DROWN, POODLE, and ShellShock.


Masscan is a security tool to perform a network scan for many systems at once. It is optimized asynchronous transmissions to achieve its performance.


Massh-enum is a user enumeration tool for OpenSSH with the goal to find valid usernames. Read how it works in this review.

MAT (Metadata Anonymisation Toolkit)

MAT is a privacy tool to remove metadata from files. This enhances your privacy levels by removing those bits of data that may store sensitive information.


Mehrai is a honeypot written in Python to simulate telnet traffic. Like most honeypots, it captures information about the actions taken by the attackers.


Metagoofil is an information gathering tool with focus extracting any metadata from public documents.

Metasploit Framework

Metasploit is a framework that consists of tools to perform security assignments. It focuses on the offensive side of security and leverages exploit modules.

MIG (Mozilla InvestiGator)

MIG, or Mozilla InvestiGator, is a security tool to perform forensic investigation in real-time on Linux, macOS, and Windows systems.


The mimipenguin tools extracts and dumps discovered login passwords for an active Linux user. It is inspired by the mimikatz tool for Windows.

Latest release: 2.0-release [Sept. 17, 2019]


The mimipy tool is based on the work of mimipenguin and ported to Python. It can extract passwords from memory or overwrite them to prevent capture.


MISP is short for Malware Information Sharing Platform. It helps with sharing threat data which can be used by defenders and malware researchers.

Latest release: 2.4.128 [June 26, 2020]

mitmproxy (mitmproxy)

The mitmproxy tool allows to intercept, inspect, modify, and replay traffic flows. It may be used for pentesting, troubleshooting, or learning about SSL/TLS.

Latest release: 5.1.1 [April 13, 2020]


Moloch is an open source, large scale, full packet capturing, indexing, and database system. Moloch augments your current security infrastructure to store and index network traffic in standard PCAP format, providing fast, indexed access.

Latest release: 2.3.2 [June 29, 2020]


Mongoaudit performs a security audit on MongoDB instances. It can be used to test if the right security measures are taken and detect room for improvement.

MongoSanitizer (python-mongo-sanitizer)

MongoSanitizer is a software component sanitizes MongoDB queries to prevent injection attacks as much as possible.


The msfenum script simplifies the Metasploit execution when scanning for low hanging fruit. Have a look at the review and see how it works.


MTPot is a so-called telnet honeypot that allows to bind and listen on a specific port. It can be configured to allow specific commands and the related responses to return. The tool also performs fingerprinting to discover what type of attack is occuring and send these details via syslog.


MultiScanner is a modular file scanning and analysis framework. It can be used to scan files and detect malware or other suspicious traces. With the help of the modules, it can be extended to provide more details about a file.

RSS feed icon for Linux security tools

Recently reviewed

  • Maltrail (malicious traffic detection system)
  • tls-ca-manage
  • Wapiti (vulnerability scanner for web applications)
  • Vuls (agentless vulnerability scanner)
  • Cppcheck (static code analyzer)
  • Zeek (network security monitoring tool)
  • XSStrike (XSS detection and exploitation suite)
  • Decentraleyes (local CDN emulation for privacy)
  • RootHelper (script to retrieve exploitation tools)
  • graudit (static code analysis tool)
  • Suhosin7 (Suhosin security extension for PHP 7.x)
  • gosec (Golang security checker)
  • siemstress (basic SIEM solution)
  • Malice (VirusTotal clone)
  • Bleach (sanitizing library for Django)
  • CMSeeK (CMS detection and exploitation)
  • BDA (vulnerability scan for Hadoop and Spark)
  • radare2 (reverse engineering tool and binary analysis)
  • Malscan (malware scanner for web servers)
  • Termineter (smart meter security framework)
  • massh-enum (OpenSSH user enumeration)
  • GitMiner (Git data miner)
  • Hash Buster (find cleartext of hash)
  • CMSmap (reconnaissance tool for popular CMS frameworks)
  • Cutter (graphical user interface for radare2)