Linux Security Tools

Zeek is a network security monitoring tool (NSM) and helps with monitoring. It can also play an active rol in performing forensics and incident response.

SMBMap is a security tool that allows users enumerating Samba shares and can be used during security assessments. Read the review and how it works.

OpenVAS is a framework of several services and tools offering a vulnerability scanning and vulnerability management solution.

OpenSSL is an open source project and provides a toolkit for Transport Layer Security (TLS) and Secure Sockets Layer (SSL) protocols.

MISP is short for Malware Information Sharing Platform. It helps with sharing threat data which can be used by defenders and malware researchers.

Angr is a security tool written in Python to allow analyzing binaries. It provides a combination of static and dynamic analysis.

Network threat detection engine that acts as intrusion detection (IDS), inline intrusion prevention (IPS), and network security monitoring (NSM)

Cowrie is a honeypot to emulate SSH and telnet services. It can be used to learn attack methods and as an additional layer for security monitoring.

The osquery tool allows querying your Linux, Windows, and macOS infrastructure. It can help with intrusion detection, infrastructure reliability, or compliance.

jSQL Injection is a security tool to test web applications. It can be used to discover if an application is vulnerable to SQL injection attacks.

USBGuard is a software framework which allows USB device authorization policies. It defines what kind of USB devices are authorized together with a related policy regarding permissions.

PCILeech is a tool which uses PCIe hardware devices to attack a target system. It can read and write from the system memory by using DMA over PCIe. It requires no drivers on the system of the target itself.

The Sleuth Kit is a toolkit to investigate disk images and do forensic analysis on them.

Dockerscan is a Docker toolkit for security analysis which includes attacking tools. It is more focused on side of the offensive than defensive.

The r2frida project combines the best of both worlds from Radare2 and Frida. Where Radare2 focuses on static analysis of binaries and files, Frida will target running processes. This project combines the powers of both.