Free and Open-Source Software
From SecurityTools
Free and Open-Source Software (FOSS) is software that is Free Software and Open-Source Software. There is so much FOSS in the security domain that I believe this warrants its own wiki page.
A
- Advanced Port Scanner - A graphical port scanner for Windows which has the capability of identifying programs running on listening ports
- AirCrack-NG - A complete suite of tools to assess WiFi network security
- Angry IP Scanner - A port and host scanner for Windows.
- AutoRecon - A multi-threaded network reconnaisance tool intended to save time in penetration testing environments and CTFs
B
- Burp Suite Community Edition - Web Application testing software
C
- Cain and Abel - A freely available Windows password sniffer and cracker
D
E
- EtherApe - A graphical network monitor and sniffer
- Ettercap - A suite of tools for Man-in-the-Middle (MITM) attacks
F
- ffuf - Fuzz Faster U Fool - A fast web fuzzer written in Go
- froggy - A subdomain enumeration tool
G
- Garud - An automated reconnaisance tool which enumerates a target and all sub-domains and finds low-hanging fruit
H
- Hashcat - A multi-operating system, high-speed password recovery tool
- Hash Suite - A Windows-based high-performance password cracker
- httpx - A fast HTTP toolkit
I
- INetSim - A suite of tools for simulating Internet services to test network behavior of tools or unknown software
- IPTables - The userspace command line program used to configure the Linux 2.4.x and later packet filtering rulesets
J
- John the Ripper - A multi-platform password cracker
K
- Kismet - A suite of tools for wireless sniffing, network and device detection, and wardriving
L
- L0phtCrack - An open-source password hash cracker
- Lynis - An open-source security auditing tool for Unix-based operating systems
M
- Maltego Community Edition - An open-source intelligence and graphical link analysis tool
- MASSSCAN - An extremely high-speed port scanner. Most famously used for scanning the entire internet in mere minutes
- mdk3 - A tool for exploiting common IEEE 802.11 protocol weaknesses
- Medusa - The massively speedy, highly parallel, modular login brute-forcing password cracker
N
- NCrack - A high-speed, multi-platform network authentication cracking tool
- NetCat - A networking utility which reads and writes data across network connections, using the TCP/IP protocol
- NetStumbler - A Windows-based wireless network detection tool used for wardriving and WiFi mapping
- Network Scanner - A free multithreaded ICMP, Port, IP, NetBIOS, ActiveDirectory and SNMP scanner provided by MiTeC for Windows Systems
- Nikto - A free command-line utility vulnerability scanner
- NMap - A network discovery and security auditing port/host scanner
O
- OpenVAS - A full-featured vulnerability scanner forked from the Nessus code base in 2006
- ophCrack - An open-source Windows-password cracking program
- Oracle VirtualBox - An open-source system virtualization tool
- OSSEC - A free Host Intrusion Detection System (HIDS) tool
P
- p0f - An open-source, passive-listening traffic fingerprinting tool for Unix-based systems
- PimpMyKali - A script for fixing Kali virtualized system problems
- Port Authority - An Android based, high-speed scanner that allows you to quickly discover hosts on your network and will display useful network information about your device and other hosts
- PortQry - A command-line port scanner which runs on Windows 2000 based servers
- PortQryUI - A graphical interface the the above-listed PortQry tool
- pwncat - A post-exploit tool for streamlining red team operations
Q
R
- Raccoon - An offensive security tool for reconnaissance and information gathering
S
- smap - A command-line options compatible replacement for nmap powered for the Shodan port scanning API
- Snort (Community Ruleset) - A free and open-source network intrusion detection system (NIDS) and intrusion prevention system (IPS)
T
- tcpdump - A powerful command-line packet analyzer
- TCP Port Scanner - An application that uses high-speed SYN scanning to find open ports on a network
- Test My Defenses - A free website by ZScaler to test and advise on how to improve your protection against Ransomware
- THC-Hydra - A GPLed proof-of-concept password cracking tool
U
V
W
- Wfuzz - A web application security assessment tool
- Wireshark - The world’s foremost, widely-used network protocol analyzer
X
Y
- Yuki Chan The Auto Pentest - A Linux-based automated penetration testing tool to audit standard security settings
Z
- Zed Attack Proxy - The world's most widely used web application scanner