Tools starting with S
Looking for new tools to extend your tool box? The top 100 list of best security tools is a great start.
S3Scanner
S3Scanner helps with the discovery of S3 storage buckets on the platform of Amazon's AWS. Learn how the tool works with this review.
SCUTUM
SCUTUM is a security tool for Linux systems to filter network traffic. With this firewall functionality, it can allow only whitelisted network gateways.
SFTPfuzzer (Simple FTP Fuzzer)
SIMP
SIMP is short for System Integrity Management Platform. It is a project maintained by the NSA and released as an open source project.
SIPVicious
SIPVicious suite is a set of tools that can be used to audit SIP based VoIP systems. It can be useful during penetrating testing and security assignments.
SMBMap
SMBMap is a security tool that allows users enumerating Samba shares and can be used during security assessments. Read the review and how it works.
SNARE
SNARE is a reactive honeypot for security research, detecting attacks, and respond to possible flaws within your environment. It is the successor of Glastopf.
SQLMate
SQLMate is a security tool that calls itself a friend of SQLMap. It has similar functionality, yet comes with additional features like finding an admin panel and improved hash cracking. The tool can find possible vulnerable targets, with the option to save the results and feed it to others, like SQLMap.
SSH Honeypot
SSH Honeypot is as the name implies a honeypot to emulate the SSH service. It can be used to learn about threats and commands used by attackers.
SSH MITM
This security tool intercepts SSH connections to perform a so-called man-in-the-middle attack. It can be used for penetration testing and security assessments, to intercept traffic.
SSHHiPot
SSHHiPot is a high-interaction SSH honeypot. It captures connections and commands that are to be performed, for the purpose of learning about possible threats.
SSHsec
SSHsec scans a system running the SSH protocol and retrieves its configuration, host keys, and Diffie-Hellman groups.
SSLMap
SSLMap is a TLS/SSL cipher suite scanner. It provides a way to detect weak ciphers enabled on SSL endpoints and can be used during security assessments.
SSLsplit
SSLsplit is a security tool to perform transparent SSL/TLS interception by using a so-called man-in-the-middle (MitM) attack.
SSLyze
SSLyze provides a library for scanning services that use SSL/TLS for encrypted communications. It can be used to test their implementation.
SSMA
There are never enough tools to analyze malware, right? SSMA might be one of those tools that to add to your malware analysis toolbox.
Safety
Safety is a security tool to scan software dependencies and see which ones are possibly vulnerable. See the review and how the tool works.
Samba
Makes Windows interoperability possible for systems running Linux or other flavors of Linux by sharing file and print services.
Samba-VirusFilter
On-access antivirus filter for Samba to detect malware threats and prevent them from investing file shares.
Samhain
Host-based intrusion detection system (HIDS) providing file integrity checking and log file monitoring
Sandmap
Sandmap is a security tool to perform network and system reconnaissance using the well-known Nmap engine.
ScanSSH
ScanSSH is a security tool to perform scans on SSH to detect open proxies and available services. It retrieves version information and related details.
Scapy
Scapy is an interactive packet manipulation program. It is able to forge or decode packets of a wide number of protocols and send and capture them.
Scirius
Scirius is a web application to do Suricata ruleset management. There is both a community version as paid version available.
Scout2
Scout2 is a security tool to assess the security of an AWS environment. It can be used for system hardening and IT audits.
SearchSploit
Exploit-DB's CLI search tool to find any exploits from the database. The tool is written in shell script and maintained by Offensive Security.
Seccubus
Seccubus automates vulnerability scanning with support for Nessus, OpenVAS, NMap, SSLyze, Medusa, SkipFish, OWASP ZAP, and SSLlabs.
Security Monkey
Security Monkey monitors AWS and GCP accounts for policy changes and alerts on insecure configurations.
Seth
Seth is a security tool to perform a man-in-the-middle (MitM) attack and extract clear text credentials from RDP connections.
ShellPop
ShellPop is a security tool used by penetration testers during their assignments. It helps with generating both easy and more sophisticated reverse or bind shell commands.
Shellharden
Shellharden is a tool to improve shell scripts when it comes to using variables and applying quotes properly. The tool can suggest and make the required changes.
Shellyzer
Shellyzer helps with static code analysis for both developers and security professionals, to test the quality of shell scripts. This is also known as linting.
Sn1per
Sn1per is security scanner that can be used during a penetration test to enumerate and scan for vulnerabilities.
Snort
Snort is a network intrusion detection system (NIDS) that runs on Linux and other platforms.
Social-Engineer Toolkit (SET)
The Social-Engineer Toolkit (SET) is an open source penetration testing framework. It helps with assignments that require social engineering.
Spaghetti
Spaghetti is a web vulnerability scanner to find flaws in common web applications and frameworks. It can perform fingerprinting and vulnerability discovery.
SpamScope
SpamScope is an advanced spam analysis tool to scan emails for unwanted messages. Read the review and see how it works.
SpiderFoot
SpiderFoot is an open source intelligence automation tool (OSINT). It automates the process of gathering intelligence, like IP addresses, domains, and networks.
Stegosuite
Stegosuite is a free steganography tool written in Java. It can be used to hide information in image files with the BMP, GIF, JPG, and PNG format. The embedded data is encrypted using AES.
SubBrute (subdomain-bruteforcer)
SubBrute is a DNS meta-query spider that enumerates DNS records and subdomains. This can be useful during penetration tests and security assessments.
SubFinder
SubFinder is a subdomain discovery tool. This can be useful to learn more about a particular target and available subdomains.
SubOver
SubOver is a security tool to with the goal to take over subdomains. This can be used as part of security assessment or obtaining bug bounties.
Subdomino
Subdomino is a tool to perform enumeration on domain names. It can be used to detect and scan hostnames and subdomains.
Sublist3r
Sublist3r is a security tool to scan a domain and attempt the discovery of underlying subdomains. This can be used during pentesting and security assessments.
Suhosin
Suhosin is a security extension for PHP and consists of two parts that enhance PHP. It helps with protecting against known and unknown attacks.
Suhosin7
Suhosin7 is the security extension for PHP 7 versions. It protects a PHP installation by preventing different types of attacks.
Sulley
Sulley is an automated fuzzing framework that can be used during penetration tests and security assessments.
Suricata
Network threat detection engine that acts as intrusion detection (IDS), inline intrusion prevention (IPS), and network security monitoring (NSM)
Susanoo
Susanoo is a security tool to test the security of a REST API. With this focus, it goes beyond the typical attack surface of a web application.
Sweet Security
Sweet Security is a set of scripts to setup and install Bro IDS, Elasticsearch, Logstash, Kibana, and Critical Stack on any device.
Recently reviewed
- Archery (vulnerability assessment and management)
- Wapiti (vulnerability scanner for web applications)
- Patator (multi-purpose brute-force tool)
- BleachBit (system cleaner and privacy tool)
- OpenSCAP (suite with tools and security data)
- Lynis (security scanner and compliance auditing tool)
- BlackBox (store secrets in Git/Mercurial/Subversion)
- salt-scanner (Linux vulnerability scanner)
- Infection Monkey (security testing for data centers and networks)
- Anchore Engine (container analysis and inspection)
- Zeek (network security monitoring tool)
- ZAP (web application analysis)
- Maltrail (malicious traffic detection system)
- tls-ca-manage
- Vuls (agentless vulnerability scanner)
- Cppcheck (static code analyzer)
- XSStrike (XSS detection and exploitation suite)
- Decentraleyes (local CDN emulation for privacy)
- RootHelper (script to retrieve exploitation tools)
- graudit (static code analysis tool)
- Suhosin7 (Suhosin security extension for PHP 7.x)
- gosec (Golang security checker)
- Bleach (sanitizing library for Django)
- siemstress (basic SIEM solution)
- CMSeeK (CMS detection and exploitation)