Free and Open-Source Software: Difference between revisions

Free and Open-Source Software (FOSS) is software that is Free Software and Open-Source Software. There is so much FOSS in the security domain that I believe this warrants its own wiki page.

A[edit | edit source]

• Advanced Policy Firewall (apf) - A NetFilter firewall command-line management tool similar to IPTables
• Advanced Port Scanner - A graphical port scanner for Windows which has the capability of identifying programs running on listening ports
• AirCrack-NG - A complete suite of tools to assess WiFi network security
• Angry IP Scanner - A port and host scanner for Windows.
• AutoRecon - A multi-threaded network reconnaisance tool intended to save time in penetration testing environments and CTFs

B[edit | edit source]

• Burp Suite Community Edition - Web Application testing software

C[edit | edit source]

• Cain and Abel - A freely available Windows password sniffer and cracker

D[edit | edit source]

• dirb - A CLI fuzzing tool for finding hidden web objects based on dictionary attacks
• dirb-gendict - A command line tool for generating dictionaries to be used with the above dirb tool
• DirBuster (James Fischer) - A Java-based, fuzzing tool with a graphical interface used for finding hidden URIs/web resources
• DirBuster (Mr1llusion) - A Python script fuzzing tool used for finding hidden URIs/web resources from the command line

E[edit | edit source]

• EtherApe - A graphical network monitor and sniffer
• Ettercap - A suite of tools for Man-in-the-Middle (MITM) attacks

F[edit | edit source]

• ffuf - Fuzz Faster U Fool - A fast web fuzzer written in Go
• Firewall-cmd - The command-line client for the firewalld daemon
• Firewall builder - A no-longer-maintained graphical interface to manage Netfilter/iptables, ipfw, PF, Cisco PIX, and other firewall rules
• froggy - A subdomain enumeration tool

G[edit | edit source]

• Garud - An automated reconnaisance tool which enumerates a target and all sub-domains and finds low-hanging fruit
• GoBuster - A brute-forcing tool finding for hidden URIs, cloud hosts, DNS subdomains, and more
• Gufw - A graphical interface for managing Uncomplicated Firewall rules

H[edit | edit source]

• Hashcat - A multi-operating system, high-speed password recovery tool
• Hash Suite - A Windows-based high-performance password cracker
• httpx - A fast HTTP toolkit

I[edit | edit source]

• INetSim - A suite of tools for simulating Internet services to test network behavior of tools or unknown software
• IPTables - The userspace command line program used to configure Linux 2.4.x and later packet filtering rulesets

J[edit | edit source]

• John the Ripper - A multi-platform password cracker

K[edit | edit source]

• Kismet - A suite of tools for wireless sniffing, network and device detection, and wardriving

L[edit | edit source]

• L0phtCrack - An open-source password hash cracker
• Lynis - An open-source security auditing tool for Unix-based operating systems

M[edit | edit source]

• Maltego Community Edition - An open-source intelligence and graphical link analysis tool
• MASSSCAN - An extremely high-speed port scanner. Most famously used for scanning the entire internet in mere minutes
• mdk3 - A tool for exploiting common IEEE 802.11 protocol weaknesses
• Medusa - The massively speedy, highly parallel, modular login brute-forcing password cracker

N[edit | edit source]

• NCrack - A high-speed, multi-platform network authentication cracking tool
• NetCat - A networking utility which reads and writes data across network connections, using the TCP/IP protocol
• NetStumbler - A Windows-based wireless network detection tool used for wardriving and WiFi mapping
• NFTables - The newer NetFilter userspace program replacing IPTables for Linux firewall management
• Nikto - A free command-line utility vulnerability scanner
• NMap - A network discovery and security auditing port/host scanner

O[edit | edit source]

• OpenVAS - A full-featured vulnerability scanner forked from the Nessus code base in 2006
• ophCrack - An open-source Windows-password cracking program
• Oracle VirtualBox - An open-source system virtualization tool
• OSSEC - A free Host Intrusion Detection System (HIDS) tool

P[edit | edit source]

• p0f - An open-source, passive-listening traffic fingerprinting tool for Unix-based systems
• PimpMyKali - A script for fixing Kali virtualized system problems
• Port Authority - An Android based, high-speed scanner that allows you to quickly discover hosts on your network and will display useful network information about your device and other hosts
• PortQry - A command-line port scanner which runs on Windows 2000 based servers
• PortQryUI - A graphical interface the the above-listed PortQry tool
• pwncat - A post-exploit tool for streamlining red team operations

Q[edit | edit source]

R[edit | edit source]

• Raccoon - An offensive security tool for reconnaissance and information gathering

S[edit | edit source]

• SMap - A command-line options compatible replacement for NMap powered for the Shodan port scanning API
• Snort (Community Ruleset) - A free and open-source network intrusion detection system (NIDS) and intrusion prevention system (IPS)

T[edit | edit source]

• tcpdump - A powerful command-line packet analyzer
• TCP Port Scanner - An application that uses high-speed SYN scanning to find open ports on a network
• Test My Defenses - A free website by ZScaler to test and advise on how to improve your protection against Ransomware
• THC-Hydra - A GPLed proof-of-concept password cracking tool

U[edit | edit source]

• Uncomplicated Firewall (UFW) - A command-line tool for managing NetFilter firewalls, available in Ubuntu and Debian distributions

V[edit | edit source]

W[edit | edit source]

• Wfuzz - A fuzzing tool for finding hidden web resources
• Wireshark - The world’s foremost, widely-used network protocol analyzer

X[edit | edit source]

Y[edit | edit source]

• Yuki Chan The Auto Pentest - A Linux-based automated penetration testing tool to audit standard security settings

Z[edit | edit source]

• Zed Attack Proxy - The world's most widely used web application scanner