More than 120
Awesome Security Products¹ (In alphabetical order)
¹ Most of them Open Source
Products
#
— A —
#
Active Countermeasures AC-Hunter
Microsoft Active Directory Explorer
Adalanche: Attack path analysis engine visualizing data from core infrastructure
ADeleginator: A tool to find insecure trustee and resource delegations in Active Directory
AIL is a framework to collect, crawl, dig and analyse unstructured data
Network Analysis & Packet Capture
atomicgen.io: Create Atomic Red Team tests with ease
Atomic Purple Team Framework
Autopsy® open source digital forensics platform.
— B —
#
The Bash Bunny from Hak5
BeaKer combines Sysmon, and the Elastic Stack to provide insights into network traffic
BloodHound uses graph theory to reveal relationships within Active Directory
BruteLoop library for efficient password brute force attacks
Bruteshark: Network Forensic Analysis Tool (NFAT)
Burp Proxy operates as a web proxy server
Burp Suite: Test Web Appliations
— C —
#
The C2 Matrix Gitbook
Caldera helps reduce time and resources needed for testing.
Canary Tokens - Generate your own tokens here
CanaryServer - SMB Server
CapLoader performs indexing of PCAP/PcapNG files and visualizes their contents
PoC for persisting .NET payloads in Windows Notification Facility (WNF)
Prevent cloud misconfigurations and find vulnerabilities during build-time
Chromebackdoor is a PoC of pentest tool
USB key sanitizer
Open-source antivirus engine
red team framework for interacting with cloud providers
Cobalt Strike: Software for Adversary Simulations and Red Team Operations
CrackMapExec, A swiss army knife for pentesting networks
Password spraying using AWS Lambda for IP rotation
CredSniper: Phishing framework written with Flask and Jinja2 templating
— D —
#
DeepBlueCLI: a PowerShell Module for Threat Hunting via Windows Event Logs
dfTimeWolf: framework for orchestrating forensic collection, processing and data export
dnscat2: DNS tunnel
— E —
#
Download the Elastic Agent for your chosen platform and format
Empire: Post-exploitation & adversary emulation framework
Espy: Sysmon Network Log Collector and Adapter
evilginx: AiTM framework phishing credentials and session cookies, allowing bypass of MFA
EvilnoVNC: Ready to go Phishing Platform.
— F —
#
Open Source Vulnerability Manager
A fast Web fuzzer written in Go. Fuzz Faster U Fool!
FireProx: AWS API tool for on-the-fly HTTP pass-through proxies for unique IP rotation
Flipper Zero a Multi-tool Device for Geeks
An open source platform to support analysts to organise their case and tasks
— G —
#
GhostPack: A collection of security related toolsets
Ghostwriter: part of your team, manage clients, projects, reports, and infrastructure
GoDap, Terminal User Interface (TUI) for LDAP
GoPhish, an Open-Source Phishing Framework
Greenbone Vulnerability Management, formerly known as OpenVAS
Grype: A vulnerability scanner for container images and filesystems
— H —
#
Hashcat, the world’s fastest and most advanced password recovery utility
Honeybadger is an application health monitoring tool built by developers for developers
HonyePorts: When a connection is made a FW rule blocking the source IP is created
— I —
#
ICSAP: CISA ICS Advisories visualized
Industrial Control Systems protocol parsers plugins for Zeek
A powerful CLI tool written in Go for IP lookup and subdomain discovery
— J —
#
— K —
#
A Powershell incident response framework
A tool to perform Kerberos pre-auth bruteforcing
Kismet is a sniffer, WIDS, and wardriving tool for Wi-Fi, Bluetooth, Zigbee, RF, and more
Kubescape is an open-source Kubernetes security platform
— L —
#
Leviathan is a mass audit toolkit
Locksmith: The number 1 ADCS misconfiguration identification tool
Lookyloo: Web i/f to capture a website and display a tree of domains that call each other
— M —
#
Malcolm is a powerful network traffic analysis tool suite for full packet capture artifacts
MailSniper is a penetration testing tool for Microsoft Exchange
Merlin: Cross-platform post-exploitation HTTP/2 C2 server
metasploit - Penetration Testing Platform
Modlishka is a powerful and flexible HTTP reverse proxy
MS Online Spray is a password spraying tool for Microsoft Online accounts.
msticpy is a library for InfoSec investigation and hunting in Jupyter Notebooks
MISP - Open Source Threat Intelligence and Sharing Platform
— N —
#
The netfilter project is commonly associated with iptables and its successor nftables
network forensics tool that extracts artifacts from PCAPs
— O —
#
OpenBAS: Create dynamic attack scenarios, ensuring effective responses during incidents
OpenCTI - Open Source TIP
OpenEDR is a full-blown EDR capability
OpenTIDE: Open Threat Informed Detection Engineering
OpenUBA - A flexible open source UEBA platform used for Security Analytics
FreeBSD based firewall and routing platform.
OracleCommander: query Oracle Databases
— P —
#
OracleCommander: query Oracle Databases
Pandora is an analysis framework to discover if a file is suspicious
pfSense: a free network firewall distribution
PingCastle: Active Directory Security Health Check
PlumHound - Bloodhound for Blue and Purple Teams
Transparent TLS and SSL inspection proxy
PowerShell tools to help defenders hunt smarter, hunt harder
Pypykatz: Mimikatz implementation in pure Python
— Q —
#
Qubes OS is a free and open-source, security-oriented operating system
Quickemu: Quickly create and run optimised Windows, macOS and Linux virtual machines
— R —
#
RedELK: Red Team’s SIEM
RendesvousRAT: Self-healing RAT utilizing libp2p
Responder: LLMNR, NBT-NS and MDNS poisoner. HTTP/SMB/MSSQL/FTP/LDAP rogue AuthN
Respotter is a Responder honeypot
Real Intelligence Threat Analytics (R-I-T-A)
ROADtools: Rogue Office 365 and Azure Active Directory tools
— S —
#
ScriptSentry: finds misconfigured and dangerous logon scripts
Sliver: Adversary Emulation Framework
The Social-Engineer Toolkit (SET) repository from TrustedSec
Security Onion: Threat hunting, network security monitoring, and log management
Lightweight static analysis for many languages
SharpFruit, a C# penetration testing tool
SharpHose, asynchronous Password Spraying Tool in C# for Windows Environments
General purpose security automation platform
Sigma - Generic Signature Format for SIEM Systems
SilentTrinity, An asynchronous, collaborative post-exploitation agent
SneakyCreeper, get your APT on using social media as a tool for data exfiltration
SOF-ELK® is a “big data analytics” platform for InfoSec
anti-spam platform giving system administrators a filter to classify email and block spam
Scripts to make password spraying attacks a lot quicker, less painful and more efficient
SQLMAP, automatic SQL injection and database takeover tool
Suricata is a high performance, FOSS network analysis and threat detection software
CLI tool and library for generating a Software Bill of Materials
— T —
#
Tachyon is a fast web application security reconnaissance tool
Tails is a portable operating system that protects against surveillance and censorship
tcpdump, a powerful command-line packet analyzer
THC Hydra, flexible password spraying tool
Timesketch is an open-source tool for collaborative forensic timeline analysis
Network Analysis tool that provide a network graph
— U —
#
The Hak5 RubberDucky
— V —
#
Velociraptor is an advanced digital forensic and incident response tool
DFIR analysis platform that leverages the power of Volatility 3
Vulnerability Lookup facilitates quick correlation of vulnerabilities
— W —
#
Wazuh - The Open Source Security Platform
WireShark - The world’s most popular network protocol analyzer
— X —
#
— Y —
#
The pattern matching swiss knife for malware researchers (and everyone else)
— Z —
#
Zed Attack Proxy (ZAP) Web Application Security Scanner
Zeek (formerly Bro) is the world’s leading platform for network security monitoring.
