Open Source Security Tools List

Comments Off on Open Source Security Tools List

Open Source Security Tools list for small to medium businesses.

Project Management:

- Trello https://trello.com/en-US
- MeisterTask https://www.meistertask.com/
- Wrike https://www.googleadservices.com/pagead/aclk?sa=L&ai=DChcSEwjk6tr6tpvjAhUE4MgKHbv2BR0YABAAGgJxdQ&ohost=www.google.com&cid=CAESEeD20Zpi5P6sIDYSwTN0R6sH&sig=AOD64_3sIr0fiuILpk9tST2kZvVEHO3JnA&q=&ved=2ahUKEwiC_NL6tpvjAhVlu1kKHQsgBtoQ0Qx6BAgOEAE&adurl=
- Bitrix24 https://www.bitrix24.com/
- Teamwork Projects https://www.teamwork.com/project-management-software/
- Todoist https://todoist.com/?lang=en
- Zenkit https://zenkit.com/en/
- Wekan https://wekan.github.io

Asset Management + Supply Chain:

- Snipe-IT https://github.com/snipe/snipe-it
- Ralph https://github.com/allegro/ralph
- Open Boxes https://github.com/openboxes/openboxes
- Spiceworks https://www.spiceworks.com

Vulnerability Management:

- Faraday https://github.com/infobyte/faraday
- Archery Sec https://github.com/archerysec/archerysec
- Jackhammer https://github.com/olacabs/jackhammer
- Watchdog https://github.com/flipkart-incubator/watchdog
- OpenVAS https://sectools.org/tool/openvas/

Containter Scanning:

- Trivy https://github.com/knqyf263/trivy

Docker UI:

- lazydocker https://github.com/jesseduffield/lazydocker/blob/master/README.md

Configuation Mangement:

- MGMT https://github.com/purpleidea/mgmt 
- Chef https://downloads.chef.io/
- Puppet https://puppet.com/download-open-source-puppet
- CFengine https://cfengine.com/product/free-download/
- Juju https://github.com/juju/juju
- Rudder https://www.rudder.io/en/
- Ansible https://www.ansible.com/
- Terraform https://www.terraform.io/downloads.html
- Vagrant https://www.vagrantup.com/downloads
- Bcfg2 http://bcfg2.org/download/
- Saltstack https://www.saltstack.com
- Cockpit https://cockpit-project.org/

SIEM:

- OSSEC https://www.ossec.net/
- WAZUH  https://wazuh.com/
- ZEEK  https://www.zeek.org/
- EventLog360 https://www.manageengine.com/log-management/download.html
- Alient Vault - OSSIM https://www.alienvault.com/products/ossim

VPN:

- OpenVPN https://openvpn.net/
	- Check out https://www.vpnbook.com/
- Libreswan VPN https://libreswan.org/
- strongSwan https://www.strongswan.org/
- OpenConnect http://www.infradead.org/openconnect/ 
- Social VPN http://ipop-project.org/
- SoftEther VPN https://www.softether.org/
- Tinc VPN http://www.tinc-vpn.org/

End Point Detection:

- Redline https://www.fireeye.com/services/freeware/redline.html

Linux & Windows System Hardener:

- Lynis https://github.com/CISOfy/lynis
- Microsoft Attack Surface Analyzer https://github.com/microsoft/AttackSurfaceAnalyzer
- Microsoft Baseline Security Analyzer https://www.microsoft.com/en-us/download/details.aspx?id=19892
- Bastille https://github.com/BastilleBSD/bastille
- JShielder https://github.com/Jsitech/JShielder
- nixarmor https://github.com/emirozer/nixarmor
- Zeus (AWS) https://github.com/DenizParlak/Zeus
- Docker-bench (Docker) https://github.com/docker/docker-bench-security

Linux Login Protection:

- Fail2Ban  https://www.fail2ban.org/
- DenyHosts https://github.com/denyhosts/denyhosts
- SSHGuard https://www.sshguard.net/

Blacklist Known Campigns:

- Ultimate.Hosts.Blacklist https://github.com/mitchellkrogza/Ultimate.Hosts.Blacklist
- IPSet Firehol https://github.com/firehol/blocklist-ipsets

Government Blocklist:

- NSABlocklist https://github.com/CHEF-KOCH/NSABlocklist

Proxy:

- Squid Proxy http://www.squid-cache.org/
- HAProxy http://www.haproxy.org/
- Swiper Proxy https://swiperproxy.github.io/
- DNSCrypt Proxy  https://github.com/jedisct1/dnscrypt-proxy
- NGinx https://www.nginx.com
- ThrottleProxy https://github.com/mistakster/throttle-proxy

Socks Server:

- Shadowsocks https://shadowsocks.org/
- Dante https://github.com/notpeter/dante
- microsocks https://github.com/rofl0r/microsocks

HTTP Tunnel:

- Tinyproxy https://tinyproxy.github.io/
- mitmproxy https://mitmproxy.org/ < -- HTTPS 
- OpenProxy https://openproxy.space/
- Privoxy https://www.privoxy.org/

FTP Proxy:

- ftp.proxy http://www.ftpproxy.org/

DNS Proxy:

- dnsmasq  http://www.thekelleys.org.uk/dnsmasq/

Server/Network Monitoring:

- Netdata https://github.com/netdata/netdata
- Ganglia http://ganglia.info/
- Spiceworks https://www.capterra.com/p/79191/Spiceworks-IT-Desktop/
- Free Database Performance Analyzer https://www.solarwinds.com/free-tools/database-performance-analyzer-free?CMP=ORG-BLG-DNS
- WMI Monitor https://www.solarwinds.com/free-tools/wmi-monitor?CMP=ORG-BLG-DNS
- Wireshark https://www.wireshark.org
- TCPDump 
- NetMonitor https://www.microsoft.com/en-US/download/details.aspx?id=4865 
- NetMiner - http://www.netminer.com/main/main-read.do
- NetMon - https://www.nagios.org/downloads/
- Wireless Network Watcher https://www.nirsoft.net/utils/wireless_network_watcher.html
- AdapterWatch https://www.nirsoft.net/utils/awatch.html
- DNSDataView https://www.nirsoft.net/utils/dns_records_viewer.html
- MyLastSearch  https://www.nirsoft.net/utils/my_last_search.html
- SniffPass https://www.nirsoft.net/utils/password_sniffer.html

Network Intrusion Detection System (NIDS):

- Bro Logs https://www.bro.org/
- Snort https://github.com/snort3/snort3
	- Pulled Pork https://github.com/shirkdog/pulledpork
- SSHGaurd https://github.com/atenart/sshguard
- Suricata https://suricata-ids.org

Host Intrustion Detection System (HIDS):

- Tripwire https://github.com/Tripwire
- Stealth https://github.com/fbb-git/stealth
- Ossec	https://www.ossec.net
- Samhain - https://la-samhna.de/samhain/s_download.html

Monitoring and Logging:

- justniffer https://github.com/onotelli/justniffer
- httpry https://github.com/jbittel/httpry
- ngrep https://github.com/jpr5/ngrep
- passivedns https://github.com/gamelinux/passivedns
- sgan https://github.com/agrimgupta92/sgan
- regshot https://sourceforge.net/projects/regshot/
- greylog https://www.graylog.org/ 
- Logstash https://www.elastic.co/products/logstash
- Flume  https://flume.apache.org/
- LOGalyze http://www.logalyze.com/
- Syslog-ng https://www.syslog-ng.com/products/open-source-log-management/
- Greylog2
- Logstash
- Lumberjack - https://sourceforge.net/projects/lumberjack/
- RabbitMQ - https://www.rabbitmq.com/management-cli.html
- ZeroMQ - http://zeromq.org

Anti-USB:

- USB Write Blocker https://legility.com/

INCIDENT RESPOSNE:

Disk Image Creation Tools:

- AccessData FTK Imager https://github.com/MrMugiwara/FTK-imager-OSX
- Bitscout https://github.com/vitaly-kamluk/bitscout
- GetData Forensic Imager http://www.forensicimager.com/
- Magnet Acquire https://www.magnetforensics.com/products/magnet-acquire/
- ODIN - http://odin-win.sourceforge.net/
- CloneZilla http://clonezilla.org/

Network Analysis:

- Xplico http://www.xplico.org/download
- Spiceworks Inventory https://www.spiceworks.com/download/inventory/
- GraphTool  https://graph-tool.skewed.de/
- KeyPlayer https://cran.r-project.org/web/packages/keyplayer/index.html
- NDTV https://cran.r-project.org/web/packages/ndtv/index.html
- Walktrap https://www-complexnetworks.lip6.fr/~latapy/PP/walktrap.html
- Connvitals https://github.com/Comcast/connvitals
- IVRE https://ivre.rocks/

Evidence Collection:

- bulk_extractor https://github.com/simsong/bulk_extractor
- cold disk quick response  https://github.com/orlikoski/CDQR
- ir-rescue  https://github.com/diogo-fernan/ir-rescue
- Grr https://github.com/google/grr
- CimSweep https://github.com/PowerShellMafia/CimSweep
- Encrypted Disk Collector https://www.magnetforensics.com/free-tool-encrypted-disk-detector/
- Magnet RamCapture https://www.magnetforensics.com/free-tool-magnet-ram-capture/
- Network Miner https://www.netresec.com/?page=NetworkMiner
- NFI Defraser https://sourceforge.net/projects/defraser/
- ExifTools https://www.sno.phy.queensu.ca/~phil/exiftool/
- Toolsley https://www.toolsley.com/
- DumpZilla https://www.dumpzilla.org/
- Broswer History https://www.nirsoft.net/utils/browsing_history_view.html

Log Analysis Tools

- Lorg https://github.com/jensvoid/lorg 
- Logdissect https://github.com/dogoncouch/logdissect
- StreamAlert https://github.com/airbnb/streamalert
- SysmonSearch https://github.com/JPCERTCC/SysmonSearch

File System Analysis/Imager:

- The Sleuth Kit (+Autopsy) http://www.sleuthkit.org/
- FTK Imager https://accessdata.com/product-download

Metadata Analysis:

- Exiftool https://www.sno.phy.queensu.ca/~phil/exiftool/
- JustMeta https://github.com/FortyNorthSecurity/Just-Metadata
- Collection https://github.com/metadatacenter/metadata-analysis-tools
- Archer Meta https://github.com/metadatacenter/metadata-analysis-tools 
- TensorFlow Based https://github.com/tensorflow/metadata

Memory Analysis Tools:

- Evolve  https://github.com/JamesHabben/evolve
- LiME https://github.com/504ensicsLabs/LiME
- Volatility https://www.volatilityfoundation.org/
- VolDiff https://github.com/aim4r/VolDiff
- WindowsSCOPE  http://www.windowsscope.com/

Memory Imaging Tools:

- Belkasoft Live RAM Capturer https://belkasoft.com/ram-capturer
- Linux Memory Grabber https://github.com/halpomeranz/lmg
- Magnet RAM Capture  https://www.magnetforensics.com/resources/magnet-ram-capture/
- OSForensics https://www.osforensics.com/download.html
- Memoryze https://www.fireeye.com/services/freeware/memoryze.html
- RAMMap https://docs.microsoft.com/en-us/sysinternals/downloads/rammap

MSSP:

- TheHive  https://github.com/TheHive-Project/TheHive

OSX Evidence Collection:

- Knocknock https://github.com/synack/knockknock
- mscOS Artifact Parsing Tool (mac_apt)
- OSX Auditor https://github.com/jipegit/OSXAuditor
- OSX Collector https://github.com/Yelp/osxcollector
- Shims (SDB Parser) 	https://tzworks.net/prototype_page.php?proto_id=33
- SDB-Explorer 			https://github.com/evil-e/sdb-explorer

Threat Intelligence:

- ActorTrackr https://github.com/jalewis/actortrackr
- AiEngine https://gi thub.com/camp0/aiengine
- Automater https://github.com/1aN0rmus/TekDefense-Automater
- bro-intel-generator  https://github.com/exp0se/bro-intel-generator
- GoatRider https://github.com/BinaryDefense/goatrider
- Omnibus https://github.com/InQuest/omnibus
- poortego https://github.com/mgeide/poortego
- QRadio https://github.com/QTek/QRadio
- Redline https://www.fireeye.com/services/freeware/redline.html
- RITA https://github.com/activecm/rita
- HostHunter https://github.com/SpiderLabs/HostHunter
- Combine  https://github.com/mlsecproject/combine
- Cyphon https://www.cyphon.io/

Incident Response Operating System:

- DEFT http://www.deftlinux.net/download/
- Plainsight http://www.plainsight.info/download.html
- HBCD https://www.hirensbootcd.org/download/

Sandbox:

- Falcon Sandbox https://github.com/PayloadSecurity/VxAPI
- Spender Sandbox https://github.com/spender-sandbox
- Sandboxie https://www.sandboxie.com/DownloadSandboxie

Automated Triaging:

- PE Studio https://www.winitor.com/
- FAME - https://github.com/certsocietegenerale/fame
- VIPER https://github.com/viper-framework/viper
- MalwOverview https://github.com/alexandreborges/malwoverview

Online Sandbox:

- Reverse.it https://www.reverse.it/
- Any.run 	https://any.run/ 
- Hybrid-Analysis https://www.hybrid-analysis.com/

IOC Scanner:

- Fenrir  https://github.com/Neo23x0/Fenrir
- Forager https://github.com/opensourcesec/Forager
- Loki https://github.com/Neo23x0/Loki
- Fast IR https://github.com/SekoiaLab/Fastir_Collector 
- Zimmermans Toolkit https://ericzimmerman.github.io/#!index.md
- Didier Stevens Toolkit https://blog.didierstevens.com/my-software/

DNS

- Bind https://www.isc.org/downloads/bind/
- djbdns http://cr.yp.to/djbdns.html
- Designate - https://wiki.openstack.org/wiki/Designate
- dnsmasq - http://www.thekelleys.org.uk/dnsmasq/doc.html
- knot - https://www.knot-dns.cz/

Related Articles

ABOUT US

Haxf4rall is a collective, a good starting point and provides a variety of quality material for cyber security professionals.

Our primary focus revolves around the latest tools released in the Infosec community and provide a platform for developers to showcase their skillset and current projects.

COMPANY
Live Chat
RESOURCES
Get Started
TOOLBOX
Tools Directory

2014 – 2020 | Haxf4rall.com               Stay Connected:

Facebook Twitter Google-plus Wordpress