Free and Open-Source Software

From SecurityTools

Free and Open-Source Software (FOSS) is software that is Free Software and Open-Source Software. There is so much FOSS in the security domain that I believe this warrants its own wiki page.

A[edit | edit source]

  • Advanced Policy Firewall (apf) - A NetFilter firewall command-line management tool similar to IPTables
  • Advanced Port Scanner - A graphical port scanner for Windows which has the capability of identifying programs running on listening ports
  • AirCrack-NG - A complete suite of tools to assess WiFi network security
  • Angry IP Scanner - A port and host scanner for Windows.
  • AutoRecon - A multi-threaded network reconnaisance tool intended to save time in penetration testing environments and CTFs

B[edit | edit source]

C[edit | edit source]

  • Cain and Abel - A freely available Windows password sniffer and cracker

D[edit | edit source]

  • dirb - A CLI fuzzing tool for finding hidden web objects based on dictionary attacks
  • dirb-gendict - A command line tool for generating dictionaries to be used with the above dirb tool
  • DirBuster (James Fischer) - A Java-based, fuzzing tool with a graphical interface used for finding hidden URIs/web resources
  • DirBuster (Mr1llusion) - A Python script fuzzing tool used for finding hidden URIs/web resources from the command line

E[edit | edit source]

  • EtherApe - A graphical network monitor and sniffer
  • Ettercap - A suite of tools for Man-in-the-Middle (MITM) attacks

F[edit | edit source]

G[edit | edit source]

  • Garud - An automated reconnaisance tool which enumerates a target and all sub-domains and finds low-hanging fruit
  • GoBuster - A brute-forcing tool finding for hidden URIs, cloud hosts, DNS subdomains, and more
  • Gufw - A graphical interface for managing Uncomplicated Firewall rules

H[edit | edit source]

  • Hashcat - A multi-operating system, high-speed password recovery tool
  • Hash Suite - A Windows-based high-performance password cracker
  • httpx - A fast HTTP toolkit

I[edit | edit source]

  • INetSim - A suite of tools for simulating Internet services to test network behavior of tools or unknown software
  • IPTables - The userspace command line program used to configure Linux 2.4.x and later packet filtering rulesets

J[edit | edit source]

K[edit | edit source]

  • Kismet - A suite of tools for wireless sniffing, network and device detection, and wardriving

L[edit | edit source]

  • L0phtCrack - An open-source password hash cracker
  • Lynis - An open-source security auditing tool for Unix-based operating systems

M[edit | edit source]

  • Maltego Community Edition - An open-source intelligence and graphical link analysis tool
  • MASSSCAN - An extremely high-speed port scanner. Most famously used for scanning the entire internet in mere minutes
  • mdk3 - A tool for exploiting common IEEE 802.11 protocol weaknesses
  • Medusa - The massively speedy, highly parallel, modular login brute-forcing password cracker

N[edit | edit source]

  • NCrack - A high-speed, multi-platform network authentication cracking tool
  • NetCat - A networking utility which reads and writes data across network connections, using the TCP/IP protocol
  • NetStumbler - A Windows-based wireless network detection tool used for wardriving and WiFi mapping
  • NFTables - The newer NetFilter userspace program replacing IPTables for Linux firewall management
  • Nikto - A free command-line utility vulnerability scanner
  • NMap - A network discovery and security auditing port/host scanner

O[edit | edit source]

  • OpenVAS - A full-featured vulnerability scanner forked from the Nessus code base in 2006
  • ophCrack - An open-source Windows-password cracking program
  • Oracle VirtualBox - An open-source system virtualization tool
  • OSSEC - A free Host Intrusion Detection System (HIDS) tool

P[edit | edit source]

  • p0f - An open-source, passive-listening traffic fingerprinting tool for Unix-based systems
  • PimpMyKali - A script for fixing Kali virtualized system problems
  • Port Authority - An Android based, high-speed scanner that allows you to quickly discover hosts on your network and will display useful network information about your device and other hosts
  • PortQry - A command-line port scanner which runs on Windows 2000 based servers
  • PortQryUI - A graphical interface the the above-listed PortQry tool
  • pwncat - A post-exploit tool for streamlining red team operations

Q[edit | edit source]

R[edit | edit source]

  • Raccoon - An offensive security tool for reconnaissance and information gathering

S[edit | edit source]

  • SMap - A command-line options compatible replacement for NMap powered for the Shodan port scanning API
  • Snort (Community Ruleset) - A free and open-source network intrusion detection system (NIDS) and intrusion prevention system (IPS)

T[edit | edit source]

  • tcpdump - A powerful command-line packet analyzer
  • TCP Port Scanner - An application that uses high-speed SYN scanning to find open ports on a network
  • Test My Defenses - A free website by ZScaler to test and advise on how to improve your protection against Ransomware
  • THC-Hydra - A GPLed proof-of-concept password cracking tool

U[edit | edit source]

  • Uncomplicated Firewall (UFW) - A command-line tool for managing NetFilter firewalls, available in Ubuntu and Debian distributions

V[edit | edit source]

W[edit | edit source]

X[edit | edit source]

Y[edit | edit source]

Z[edit | edit source]