🔐 SecOps Toolkits
A comprehensive collection of security tools for Blue Team and Red Team operations. Choose from our categorized tools to meet your cybersecurity needs with our searchable directory.
How to use this index: Use the navigation sidebar to jump between Blue Team and Red Team categories with their subcategories, or search for specific tools using the search bar. Each tool is tagged with relevant keywords for easier discovery.
🛡️ Blue Team (Defensive Security)
Tools for monitoring, detecting, and responding to security incidents to protect your organization's assets.
🛡️ Blue Team: Threat Intelligence & Intel
Platforms and tools that provide intelligence on threats, indicators, and attack patterns.
Malware Analysis & Scanning
VirusTotal
Visit ToolA free online service that analyzes suspicious files, URLs, and domains using multiple antivirus engines and URL scanners. VirusTotal provides threat intelligence by aggregating results from over 70 security vendors and specialized analysis tools.
Hybrid Analysis
Visit ToolA free malware analysis service that delivers automated threat analysis of suspicious files, URLs and IPs. The service provides users with in-depth analysis reports of unknown malware variants.
MalAPI
Visit ToolA malware API providing programmatic access to malware data and threat intelligence. This service helps automate malware analysis and threat detection in security operations.
MTA Intelligence
Visit ToolA repository of malware traffic analysis resources, providing samples and detailed analysis of malware communication patterns and behaviors.
CAPEv2
Visit ToolA malware configuration and payload extraction system that builds on the Cuckoo Sandbox framework. CAPEv2 helps reverse engineers understand malware behavior and extract configuration data.
IoCs & Threat Feeds
AlienVault OTX
Visit ToolAn open threat exchange platform that allows security researchers and organizations to share threat intelligence for correlation and awareness. OTX provides access to threat indicators and security research.
abuse.ch
Visit ToolA threat intelligence portal that tracks and collects information about malicious activities, including indicators of compromise and malware samples.
ThreatConnect
Visit ToolA threat intelligence platform that enables organizations to gather, analyze, and act on threat intelligence to strengthen security decisions.
Reconnaissance
Shodan
Visit ToolA search engine for internet-connected devices. Shodan enables users to find specific types of devices and systems connected to the internet using a variety of search filters.
Censys
Visit ToolAn internet infrastructure search engine that helps organizations find, monitor, and analyze publicly accessible hosts and services.
Email Security & Forensics
MXToolbox Email Header Analyzer
Visit ToolA comprehensive tool for analyzing email headers to verify authentication mechanisms including SPF, DKIM, and DMARC. The analyzer provides detailed breakdowns of email routing, authentication results, and potential indicators of spoofing or other email-based attacks.
Sublime EML Analyzer
Visit ToolAn advanced .eml file analysis platform that provides in-depth examination of email structure, content, and metadata. The analyzer identifies potential threats within email components including suspicious links, embedded content, and attachment analysis.
Mail-Tester
Visit ToolA service that tests email deliverability and authentication by providing a temporary email address for testing. Mail-Tester analyzes your email's configuration including SPF, DKIM, and DMARC records, checks for blacklisting issues, evaluates content for spam triggers, and provides a score for your email's likelihood of reaching the inbox.
🛡️ Blue Team: Network Security
Tools for capturing, analyzing, and monitoring network traffic to identify malicious activity.
Network Traffic Analysis & Monitoring
Tools for capturing, analyzing, and monitoring network traffic to identify malicious activity.
Traffic Analysis & Monitoring
Wireshark
Visit ToolThe world's most popular network protocol analyzer. Wireshark allows you to capture and interactively browse the traffic running on a computer network.
Tcpdump
Visit ToolA powerful command-line packet analyzer that allows you to intercept and display TCP/IP and other packets being transmitted or received over a network interface. Tcpdump is widely used by network administrators and security experts for network troubleshooting, traffic analysis, and security auditing.
NetworkMiner
Visit ToolA Network Forensic Analysis Tool (NFAT) that is designed to detect and analyze network sessions, extract files, images and other relevant data from PCAP files. NetworkMiner performs passive network monitoring, reconstructs sessions, extracts files and images from network traffic, and provides host information from captured packets.
Netflow Analyzer
Visit ToolA network traffic analysis software that enables administrators to monitor network traffic flow, bandwidth utilization, and identify potential security threats. It supports NetFlow, sFlow, and other flow technologies to provide detailed insights into network usage patterns. Note: Site access may be restricted in some regions.
Intrusion Detection & Prevention
Snort
Visit ToolAn open-source network intrusion detection and prevention system (NIDS/NIPS) that provides real-time traffic analysis and packet logging. Snort can perform protocol analysis, content searching, and pattern matching to detect potential threats and malicious activity.
Suricata
Visit ToolA free, open-source, mature, fast and robust network threat detection engine. Suricata inspects network traffic using a variety of detection methods including signature-based, anomaly-based, and behavioral detection.
OSSEC
Visit ToolAn open-source, Host-based Intrusion Detection System (HIDS) that performs log analysis, file integrity checking, policy monitoring, rootkit detection, real-time alerting and active response.
Zeek (Bro)
Visit ToolA powerful network analysis framework that focuses on network security monitoring (NSM). Originally developed as Bro, Zeek provides deep visibility into network behavior by transforming raw network traffic into high-level, structured logs and events.
Endpoint Security
Tools for monitoring and responding to security events on endpoints like workstations and servers.
EDR & SIEM
Elastic Security
Visit ToolA comprehensive security solution that combines SIEM capabilities with endpoint protection using the Elastic Stack (Elasticsearch, Logstash, Kibana). Elastic Security provides threat detection, incident response capabilities, and endpoint monitoring through a unified platform.
Splunk Enterprise Security
Visit ToolA leading SIEM platform that enables organizations to detect, investigate, and respond to security threats using data analytics. Splunk ES collects and correlates data from thousands of sources including network devices, security tools, endpoints, and applications.
Host Monitoring
OSQuery
Visit ToolA SQL-powered operating system instrumentation tool that makes low-level operating system data accessible via SQL queries. OSQuery allows security teams to write SQL queries to explore operating system state across their entire fleet of machines in real-time.
Sysmon
Visit ToolA system service and device driver that remains resident across system reboots to monitor and log system activity to the Windows event log.
Vulnerability Management
Tools for identifying and assessing security vulnerabilities in systems and applications.
General Vulnerability Scanners
Rapid7 Nexpose
Visit ToolA comprehensive vulnerability management solution that combines vulnerability assessment with risk management. Nexpose provides continuous monitoring for security vulnerabilities across physical, virtual, and cloud assets.
Tenable Nessus
Visit ToolOne of the most popular vulnerability scanners in the industry, Nessus provides comprehensive vulnerability detection across diverse IT environments. It can identify vulnerabilities in operating systems, applications, web applications, databases, and network appliances.
Qualys
Visit ToolA cloud-based security and compliance platform that provides continuous monitoring and protection across cloud, virtual, and on-premises environments. Qualys offers vulnerability management, web application security, web application firewall, endpoint detection and response, security assessments, and compliance monitoring.
OpenVAS
Visit ToolAn open-source vulnerability scanner and manager that provides comprehensive vulnerability testing for various types of systems. OpenVAS offers a web-based interface, detailed reporting capabilities, and an extensive vulnerability database called the Greenbone Security Assistant (GSA).
Dependency & Code Scanning
Retire.js
Visit ToolA comprehensive security scanner specifically designed to detect the use of JavaScript libraries with known vulnerabilities. Retire.js scans web projects and identifies outdated or vulnerable JavaScript libraries that might pose a security risk.
Snyk
Visit ToolA developer-first security platform that helps organizations find and fix vulnerabilities in open source dependencies, container images, and infrastructure as code.
AuditJS
Visit ToolA command line utility for detecting JavaScript and npm package vulnerabilities. AuditJS performs comprehensive scans of npm packages and their dependencies to identify known security vulnerabilities.
🛡️ Blue Team: Incident Response & Forensics
Tools and frameworks for responding to security incidents and managing breach response activities.
Incident Response
Tools and frameworks for responding to security incidents and managing breach response activities.
Forensic Analysis
Timesketch
Visit ToolA collaborative forensic timeline analysis platform developed by Google that enables security teams to analyze and investigate digital evidence through interactive timelines. Timesketch allows incident responders to upload and analyze forensic artifacts, correlate events across multiple data sources, and share findings with team members.
OSDFCon
Visit ToolThe Open Source Digital Forensics Conference is a collection of resources, presentations, and tools dedicated to open-source digital forensics solutions. OSDFCon provides educational materials, training resources, and practical tools for digital forensics professionals.
Monitoring & Alerting
ThreatIngestor ⚠️ Unmaintained
Visit ToolAn extensible framework for automating threat intelligence collection, enrichment, and dissemination. ThreatIngestor enables security teams to automatically gather threat indicator data from various sources including RSS feeds, Twitter, SMS, and other threat intelligence feeds.
Incident Response Platforms
TheHive
Visit ToolA scalable, open-source Security Incident Response Platform designed to help SOCs and CERTs collaborate on investigations. Integrates with MISP and Cortex for automated enrichment and response.
Velociraptor
Visit ToolAn advanced endpoint visibility and collection tool for DFIR. Velociraptor uses VQL (Velociraptor Query Language) to collect artifacts from endpoints at scale, enabling rapid triage and forensic analysis.
GRR Rapid Response
Visit ToolA remote live forensics framework by Google focused on large-scale incident response. GRR enables remote investigation of endpoints including memory analysis, file collection, and registry inspection.
DFIR-ORC
Visit ToolA forensic artifact collection tool for Windows developed by French ANSSI. DFIR-ORC collects critical system data (MFT, registry, event logs, running processes) into a single archive for offline analysis.
⚔️ Red Team (Offensive Security)
Tools for penetration testing, vulnerability assessment, and red team exercises to identify security weaknesses.
⚔️ Red Team: Web Application Testing
Tools for identifying and exploiting web application vulnerabilities.
Scanning & Crawling
Nikto
Visit ToolAn Open Source web server scanner which performs comprehensive tests against web servers for multiple items including dangerous files, outdated server software, and other problems. Nikto combines libwhisker and databases of potentially dangerous files, CGI scripts, and problems with specific server versions.
Nikto Web Scanner
Visit ToolThe open-source web server and CGI scanner that identifies potential security vulnerabilities in web applications and servers. Nikto performs comprehensive tests against web servers for dangerous files, outdated server software, and other problems.
BlackWidow ⚠️ Unmaintained
Visit ToolA Python-based web application scanner that performs OWASP testing, audits form inputs, crawls websites, and identifies potential vulnerabilities through automated analysis.
Nuclei
Visit ToolA fast and customizable vulnerability scanner based on a simple YAML-based template engine. Nuclei can send requests with predefined templates and detect potential vulnerabilities across various protocols including HTTP, DNS, SSL/TLS, and network services.
Katana
Visit ToolA fast web crawling framework designed to crawl web applications efficiently and discover hidden paths, parameters, and endpoints. Katana extracts links, forms, scripts, headers, and other points of interest from various sources and follows redirect chains to build an accurate map of the application's structure.
Proxy & Interception
Burp Suite
Visit ToolAn integrated platform for performing security testing of web applications. Burp Suite includes various tools for different aspects of web application testing including interception proxy, scanner, intruder, repeater, and sequencer.
OWASP ZAP
Visit ToolThe world's most widely used web application security scanner, maintained under the Open Web Application Security Project (OWASP). OWASP ZAP is an open-source tool that provides both automated and manual security testing capabilities for web applications.
Specialized Testing
SQLMap
Visit ToolThe premier open-source penetration testing tool that automates the process of detecting and exploiting SQL injection flaws. SQLMap supports various kinds of SQL injection techniques and can bypass many security measures.
WPScan
Visit ToolA comprehensive WordPress security scanner that performs black box penetration testing specifically on WordPress installations. WPScan uses a database of known vulnerabilities to detect security issues in WordPress core, themes, and plugins.
Dalfox
Visit ToolA powerful open-source XSS (Cross-Site Scripting) scanning and parameter analysis tool designed for security professionals. Dalfox performs both passive and active XSS scanning, supports headless browsing, and provides detailed analysis of parameters to identify potential XSS vulnerabilities.
Smuggler
Visit ToolAn HTTP Request Smuggling detection tool specifically designed to identify and exploit HTTP desync vulnerabilities. Smuggler detects various types of HTTP Request Smuggling vulnerabilities including CL.TE, TE.CL, and other desynchronization attacks.
⚔️ Red Team: Cloud Security Testing
Tools for testing security in cloud environments and identifying misconfigurations.
Cloud Platform Testing
Prowler
Visit ToolThe most popular open-source tool for AWS security assessment, auditing, and hardening. Prowler performs hundreds of security checks following security best practices and compliance requirements like CIS, PCI-DSS, ISO27001, and others.
AWS Pwn ⚠️ Unmaintained
Visit ToolA collection of AWS penetration testing tools designed to help security professionals identify and exploit vulnerabilities in AWS environments.
Pacu
Visit ToolAn open source AWS exploitation framework that can be used to gather information and exploit configuration weaknesses within an AWS account. Pacu contains modules to attack services and features within an AWS environment.
⚔️ Red Team: Network & Infrastructure Testing
Tools for scanning networks, identifying services, and exploiting network-based vulnerabilities.
Network Scanning & Enumeration
Nmap
Visit ToolThe Network Mapper, a powerful open-source utility for network discovery and security auditing. Nmap discovers hosts and services on a computer network, creates a map of the network, and identifies open ports, running services, operating systems, and potential vulnerabilities.
Masscan
Visit ToolAn extremely fast and lightweight port scanner capable of scanning the entire Internet in under 6 minutes from a single machine. Masscan uses asynchronous transmission to achieve high speeds while maintaining accuracy, making it suitable for large-scale network reconnaissance.
WhatWeb
Visit ToolA website fingerprinter that identifies web technologies used by sites, including content management systems, blogging platforms, statistics and analytics packages, JavaScript libraries, web servers, and embedded devices.
Httprobe
Visit ToolA tool designed to check if HTTP/HTTPS servers are responding. Httprobe takes a list of potential URLs and verifies which ones have active HTTP services running, making it ideal for reconnaissance after domain enumeration or port scanning.
Password Auditing
John the Ripper
Visit ToolA powerful and flexible open-source password security auditing tool that is available for multiple operating systems. John the Ripper is designed for detecting weak passwords and employs various password cracking techniques including dictionary attacks, brute force, and hybrid approaches.
Hashcat
Visit ToolThe world's fastest and most advanced password recovery utility that supports a wide range of hashing algorithms and features. Hashcat is renowned for its GPU acceleration capabilities, making it significantly faster than CPU-based crackers.
Aircrack-ng
Visit ToolA complete suite of tools for auditing wireless network security. Aircrack-ng includes tools for monitoring, attacking, testing, and cracking WiFi networks. It can capture packets and export data to text files for further analysis, crack WEP and WPA/WPA2-PSK keys, and includes utilities for injecting frames and replaying captures.
Hydra
Visit ToolA fast and flexible network logon cracker that supports numerous protocols for brute-force attacks against network services. Hydra is capable of performing rapid dictionary and brute-force attacks against more than 50 protocols including FTP, HTTP, HTTPS, SMB, Telnet, SSH, Oracle, and many others.
Exploitation & Post-Exploitation
Metasploit
Visit ToolThe world's most widely used penetration testing framework. Metasploit provides information about security vulnerabilities and aids in penetration testing and IDS signature development.
PowerSploit ⚠️ Archived
Visit ToolA PowerShell exploitation framework that leverages PowerShell's strengths in offensive security. PowerSploit modules help penetration testers and red teamers quickly gain situational awareness, circumvent software restrictions, inject reflective assemblies into memory, and perform post-exploitation tasks.
Covenant ⚠️ Unmaintained
Visit ToolA .NET command and control framework that provides a collaborative interface for red teamers to perform post-exploitation tasks. Covenant aims to support all stages of the attack life cycle and provides a web-based interface for managing implants and executing commands.
Impacket
Visit ToolA collection of Python classes for working with network protocols. Impacket provides a set of tools for manipulating network protocols and is widely used by security professionals for penetration testing and security assessments. It includes tools for performing various attacks against network protocols and Active Directory environments.
🔐 General Security Tools
Tools that apply to both offensive and defensive operations, including forensics, cryptography, and infrastructure security.
Digital Forensics
Tools for collecting, preserving, and analyzing digital evidence.
Disk & File Analysis
Sleuth Kit
Visit ToolA comprehensive digital forensics toolkit that provides command-line tools for analyzing disks and file systems. The Sleuth Kit includes utilities for performing post-mortem analysis on disk images and live systems.
Autopsy
Visit ToolA powerful graphical digital forensics platform that enables investigators to easily analyze disk images and perform in-depth analysis of computer systems. Autopsy provides a user-friendly interface built on top of The Sleuth Kit, offering advanced features such as keyword searching, file carving, web artifact analysis, and timeline analysis.
FileSec
Visit ToolA comprehensive portal for file security and analysis resources that provides information about file-based threats, analysis techniques, and security best practices. FileSec offers educational content, analysis tools, and resources for understanding various file formats and potential security risks associated with different file types.
Memory Analysis
Volatility 3
Visit ToolThe next-generation memory forensics framework for incident response and digital forensics. Volatility 3 is a complete rewrite of the original Volatility framework with improved architecture, better performance, and Python 3 support.
Cryptography & Certificates
Tools for testing cryptographic implementations, certificate validation, and encryption.
SSL Labs SSL Test
Visit ToolA free online service that performs comprehensive analysis of the SSL/TLS configuration of any web server. The tool examines certificate validity, protocol support, cipher suites, handshake procedures, and potential vulnerabilities.
Certificate Transparency Log
Visit ToolA public repository of certificates collected from publicly trusted Certificate Authorities (CAs) around the world. Certificate transparency logs enable security researchers and organizations to monitor certificate issuance, identify misissued certificates, and detect potential phishing attempts.
OpenSSL
Visit ToolA robust, commercial-grade, full-featured open-source toolkit implementing the Transport Layer Security (TLS) and Secure Sockets Layer (SSL) protocols, as well as a full-strength general-purpose cryptography library.
Keybase
Visit ToolA security company that provides an open-source client for end-to-end encryption that makes it easier to use public-key cryptography. Keybase connects social identities to cryptographic keys in a public directory, enabling secure messaging, encrypted file sharing, and team collaboration.
DevSecOps & Infrastructure Security
Tools for integrating security into development processes and infrastructure.
Container & Infrastructure Security
Trivy
Visit ToolA comprehensive security scanner designed to find vulnerabilities in container images, file systems, and infrastructure as code. Trivy is known for its simplicity, speed, and accuracy.
Grype
Visit ToolA vulnerability scanner for container images and filesystems by Anchore. Grype is the modern replacement for Anchore Engine (archived 2026) and provides fast, accurate vulnerability matching against multiple databases. It pairs with Syft for SBOM generation and integrates into CI/CD pipelines for shift-left security.
Cartography
Visit ToolAn open-source Python-based tool that consolidates infrastructure data from multiple sources into a graph model for security analysis and visualization.
CI/CD Security
secureCodeBox
Visit ToolA lightweight, scalable, and flexible scanning framework specifically designed for continuous security testing in CI/CD pipelines. secureCodeBox provides a Kubernetes-native approach to security scanning, allowing organizations to integrate security checks seamlessly into their development workflows.
SAST Scan
Visit ToolA comprehensive multi-language Static Application Security Testing (SAST) tool that combines multiple scanning engines to identify security vulnerabilities in source code. SAST Scan supports numerous programming languages and frameworks, helping development teams identify security flaws early in the development lifecycle.
Cloud Security
Tools for securing cloud infrastructure and identifying misconfigurations in cloud environments.
Cloud Configuration & Compliance
BLESS ⚠️ Unmaintained
Visit ToolAn SSH Certificate Authority that runs as an AWS Lambda function, providing a secure and auditable way to grant SSH access to AWS EC2 instances. BLESS allows authorized users to obtain time-limited SSH certificates without requiring a bastion host or manual key distribution.
Repokid
Visit ToolAn AWS tool that implements the principle of least privilege by automatically identifying and removing excessive permissions from IAM roles. Repokid continuously monitors IAM roles and gradually removes unused permissions based on CloudTrail logs, ensuring that roles have only the minimum permissions necessary for operations.
PacBot ⚠️ Unmaintained
Visit ToolPolicy as Code Bot, an open-source platform for continuous compliance monitoring and security automation in AWS environments. PacBot continuously evaluates AWS resources against security policies, identifies misconfigurations, and provides remediation workflows.