Tools starting with P
Looking for new tools to extend your tool box? The top 100 list of best security tools is a great start.
P0f is a security tool that utilizes passive traffic fingerprinting mechanisms to identify the systems behind any incidental TCP/IP communications.
Pacman is the default package manager for Arch Linux. The main focus of this tool is on a binary package format and the underlying build system for software.
Pangu is a small toolset to mess around with debugging-related tools from the GNU project like GDB.
Panoptic is a tool that automates the process of search and retrieval of content for common log and config files through path traversal vulnerabilities.
Parse is a security scanner to perform static analysis on PHP code potential security-related issues. As it is a static scanner, no code is executed.
Parsero is a Python script to analyze robots.txt on web servers. It specifically looks for the Disallow entries and checks which entries might be accessible.
Pas is a tool to store secrets like passwords, API keys and other sensitive data.
The pass utility is also known as password-store. It uses GPG and Unix directories to store passwords and others secrets.
PassGen is a tool to help with password dictionary attacks to guess a password. It does not perform the attack but creates the related database.
With passhport SSH access can be done via a centralized system. There is support for roles, accounting, and authorizations of what commands can be used.
Passmgr is a simple portable password manager written in Go. It helps with storing secrets, like passwords and API keys.
pass-rotate is a library and command-line tool to rotate password on various web services. It allows for bulk changing your passwords.
Pastemon is a utility to monitor texts that are placed on Pastebin, a popular paste tool to store information temporarily.
Patator is a security tool to perform enumeration or brute-force attempts to discover authentication details. It can be used during penetration testing.
pcc (PHP Secure Configuration Checker)
PHP Secure Configuration Checker, or pcc, is a security tool to test for potential security flaws in the PHP configuration. It can be used from the command-line or directly on the web server itself.
PCILeech is a tool which uses PCIe hardware devices to attack a target system. It can read and write from the system memory by using DMA over PCIe. It requires no drivers on the system of the target itself.
PCredz is a tool to extract sensitive data from pcap files like credit card numbers, session information, and authentication details.
PEDA is an extension for GDB (GNU DeBugger) to help with the development of exploit code. It can be used by reverse engineers and pentesters.
peepdf is a tool to explore a PDF file in order to find out if the file can be harmful or not. It helps security researchers in simplifying the analysis of PDF
PHP Malware Finder is a tool to find malicious PHP scripts. This threat is common for most web hosters and websites of their customers.
The pick tool provides a minimal password manager on the terminal for systems running macOS and Linux.
Plecost is a security tool to fingerprint WordPress installations and find available vulnerabilities.
Pocsuite is a remote vulnerability testing and development framework. It can be used by penetration testers and vulnerability researchers.
Pompem is an open source security tool to automate the search for exploits and vulnerabilities in public databases.
portSpider is a security tool to scan network ranges and find open ports. The goal of the tool is to find vulnerable services.
Portspoof is a small utility with the goal to make port scanning by other much harder by showing all TCP ports as 'open' and emulating actual services.
Postfix is one of the most used mail transfer agents (MTA) on Linux systems
Privacy Badger is a tool to enhance your privacy and protect against web resources like trackers that spy on your web behavior.
Prowler is a security tool to perform security audits on AWS configurations. It helps to find configuration flaws and improve system hardening.
Prowler is a distributed vulnerability scanner that can run on devices like the Raspberry Pi. It can scan a set of systems and perform the typical tests within vulnerability scanning.
Pshtt is a security tool to scan domains for the usage of HTTPS and applying best practices in their web configuration.
PTF (The PenTesters Framework)
Doing regular pentesting and wondering how to keep your toolbox up-to-date? PTF or the PenTesters Framework comes to the rescue!
Pupy is an open source remote administration and post-exploitation tool. It is mainly written in Python and works Androi, Linux, macOS, and Windows.
The pwdlyser tool can help during penetration tests and security assignments to analyze cracked passwords and their strength.
Pybelt is a toolkit that helps during penetration testing and security assessments. It combines functionality like port scanning, hash cracking, and security scanning.
Pyelftools is a Python library to parse ELF files and DWARF debugging information. It can be useful to perform dynamic binary analysis on files.
Pyersinia is a tool like Yersinia and can perform network attacks such as spoofing ARP, DHCP DoS , STP DoS, and more. It is written in Python and uses Scapy.
Pyknock is a tool to perform UDP port knocking with HMAC-PSK authentication. It can be used to harden systems and limit access to specific network ports.
Looking for a way to perform reverse engineering or dynamic analysis? PyREBox is an instrumentation tool for virtual machines. Learn how it works and its benefits.
Pysap is a Python library to craft SAP network protocol packets. It can be used for analysis and security assessments.
PyT (Python Taint)
Python Taint (or PyT) is a static code analyzer for Python scripts and applications. It tries to discover vulnerabilities or other possible weaknesses.
- Wapiti (vulnerability scanner for web applications)
- Vuls (agentless vulnerability scanner)
- Cppcheck (static code analyzer)
- Zeek (network security monitoring tool)
- XSStrike (XSS detection and exploitation suite)
- Decentraleyes (local CDN emulation for privacy)
- RootHelper (script to retrieve exploitation tools)
- graudit (static code analysis tool)
- Suhosin7 (Suhosin security extension for PHP 7.x)
- gosec (Golang security checker)
- siemstress (basic SIEM solution)
- CMSeeK (CMS detection and exploitation)
- Malice (VirusTotal clone)
- Bleach (sanitizing library for Django)
- SQLMate (a friend of SQLMap with additional features)
- Termineter (smart meter security framework)
- tlsenum (enumeration tool for TLS)
- hBlock (ad blocking and tracker/malware protection)
- Malscan (malware scanner for web servers)
- massh-enum (OpenSSH user enumeration)
- BDA (vulnerability scan for Hadoop and Spark)
- SubFinder (subdomain scanner)
- Prowler (AWS benchmark tool)
- GitMiner (Git data miner)
- Hash Buster (find cleartext of hash)