Linux Security Tools

OpenSSL is an open source project and provides a toolkit for Transport Layer Security (TLS) and Secure Sockets Layer (SSL) protocols.

The Sleuth Kit is a toolkit to investigate disk images and do forensic analysis on them.

Prowler is a security tool to perform security audits on AWS configurations. It helps to find configuration flaws and improve system hardening.

Plecost is a security tool to fingerprint WordPress installations and find available vulnerabilities.

OpenVAS is a framework of several services and tools offering a vulnerability scanning and vulnerability management solution.

Vault is a tool created by HashiCorp to store secrets like keys and passwords. These secrets are typically used by other software components and scripts.

Angr is a security tool written in Python to allow analyzing binaries. It provides a combination of static and dynamic analysis.

Cowrie is a honeypot to emulate SSH and telnet services. It can be used to learn attack methods and as an additional layer for security monitoring.

The r2frida project combines the best of both worlds from Radare2 and Frida. Where Radare2 focuses on static analysis of binaries and files, Frida will target running processes. This project combines the powers of both.

The mitmproxy tool allows to intercept, inspect, modify, and replay traffic flows. It may be used for pentesting, troubleshooting, or learning about SSL/TLS.

SIPVicious suite is a set of tools that can be used to audit SIP based VoIP systems. It can be useful during penetrating testing and security assignments.

Faraday is collaboration tool for pentest assignments and vulnerability management. It allows integration with a number of other security tools.

USBGuard is a software framework which allows USB device authorization policies. It defines what kind of USB devices are authorized together with a related policy regarding permissions.

Tools to assist administrators and auditors with assessment, measurement and enforcement of security baselines

Certigo is a security tool to find information about different types of digital certificates and validate them. It can be used in scripts or manually.