Open-source cybersecurity tools provide transparency and flexibility, allowing users to examine and customize the source code to fit specific security needs. These tools make cybersecurity accessible to a broader range of organizations and individuals.
In this article, you will find a list of 33 open-source cybersecurity tools for Linux, Windows, and macOS that you should consider to enhance protection and stay ahead of potential threats.
Authentik: Open-source identity provider
Authentik is an open-source identity provider designed for maximum flexibility and adaptability. It easily integrates into existing environments and supports new protocols.
BunkerWeb: Open-source Web Application Firewall (WAF)
BunkerWeb is an open-source Web Application Firewall (WAF) distributed under the AGPLv3 free license. The solution’s core code is entirely auditable by a third party and the community.
Cilium: Open-source eBPF-based networking, security, observability
Cilium is an open-source, cloud-native solution that leverages eBPF technology in the Linux kernel to provide, secure, and monitor network connectivity between workloads.
Cirrus: Open-source Google Cloud forensic collection
Cirrus is an open-source Python-based tool designed to streamline Google Cloud forensic evidence collection. It can streamline environment access and evidence collection in investigations involving Google Workspace and GCP. The tool simplifies incident response activities and enhances an organization’s security posture.
Cryptomator: Open-source cloud storage encryption
Cryptomator offers open-source, client-side encryption of your files in the cloud. It’s available for Windows, Linux, macOS and iOS.
Damn Vulnerable UEFI: Simulate real-world firmware attacks
Damn Vulnerable UEFI (DVUEFI) is an open-source exploitation toolkit and learning platform for unveiling and fixing UEFI firmware vulnerabilities.
Ghidra: Open-source software reverse engineering framework
Ghidra, a cutting-edge open-source software reverse engineering (SRE) framework, is a product of the National Security Agency (NSA) Research Directorate.
Gitleaks: Open-source solution for detecting secrets in your code
Gitleaks is an open-source SAST tool designed to detect and prevent hardcoded secrets such as passwords, API keys, and tokens in Git repositories.
Grype: Open-source vulnerability scanner for container images, filesystems
Grype is an open-source vulnerability scanner designed for container images and filesystems that seamlessly integrates with Syft, a powerful Software Bill of Materials (SBOM) tool.
Infisical: Open-source secret management platform
Infisical is an open-source secret management platform developers use to centralize application configurations and secrets, such as API keys and database credentials, while also managing their internal PKI.
IntelOwl: Open-source threat intelligence management
IntelOwl is an open-source solution designed for large-scale threat intelligence management. It integrates numerous online analyzers and advanced malware analysis tools, providing comprehensive insights in one platform.
MISP: Open-source threat intelligence and sharing platform
MISP is an open-source threat intelligence and sharing platform for collecting, storing, distributing, and sharing cybersecurity indicators and threats related to incident and malware analysis.
Monocle: Open-source LLM for binary analysis search
Monocle is open-source tooling backed by a large language model (LLM) for performing natural language searches against compiled target binaries.
Nuclei: Open-source vulnerability scanner
Nuclei is a fast and customizable open-source vulnerability scanner powered by YAML-based templates.
OpenBAS: Open-source breach and attack simulation platform
OpenBAS is an open-source platform that enables organizations to plan, schedule, and execute crisis exercises, adversary simulations, and breach simulations.
OpenCTI: Open-source cyber threat intelligence platform
OpenCTI is an open-source platform designed to help organizations manage their cyber threat intelligence (CTI) data and observables.
OpenZiti: Secure, open-source networking for your applications
OpenZiti is a free, open-source project that embeds zero-trust networking principles directly into applications.
Portainer: Open-source Docker and Kubernetes management
Portainer Community Edition is an open-source, lightweight service delivery platform for containerized applications. It enables the management of Docker, Swarm, Kubernetes, and ACI environments.
Radare: Open-source reverse engineering framework
Radare is an open-source UNIX-like reverse engineering framework and command-line toolset. It can be scripted, modified, and used for batch analysis.
Realm: Open-source adversary emulation framework
Realm is an open-source adversary emulation framework emphasizing scalability, reliability, and automation. It’s designed to handle engagements of any size.
RustScan: Open-source port scanner
RustScan is an open-source port scanner designed for speed and versatility. It combines a sleek interface with the power to adapt and improve over time.
Scout Suite: Open-source cloud security auditing tool
Scout Suite is an open-source, multi-cloud security auditing tool designed to assess the security posture of cloud environments.
Secator: Open-source pentesting Swiss army knife
Secator is an open-source task and workflow runner tailored for security assessments. It facilitates the use of numerous security tools and aims to enhance the efficiency of pen testers and security researchers.
Secretive: Open-source app for storing and managing SSH keys in the Secure Enclave
Secretive is an open-source, user-friendly app designed to store and manage SSH keys within the Secure Enclave.
SELKS: Open-source Suricata IDS/IPS, network security monitoring, threat hunting
SELKS is a free, open-source, turnkey solution for Suricata-based network intrusion detection and protection (IDS/IPS), network security monitoring (NSM), and threat hunting. The project is developed and maintained by Stamus Networks.
Shuffle Automation: Open-source security automation platform
Shuffle is an open-source automation platform designed by and for security professionals. While security operations are inherently complex, Shuffle simplifies the process. It’s designed to integrate with Managed Security Service Providers (MSSPs) and other service providers.
Sinon: Open-source automatic generative burn-in for Windows deception hosts
Sinon is an open-source, modular tool for the automatic burn-in of Windows-based deception hosts. It aims to reduce the difficulty of orchestrating deception hosts at scale while enabling diversity and randomness through generative capabilities.
Sniffnet: Free, open-source network monitoring
Sniffnet is a free, open-source network monitoring tool to help you easily track your Internet traffic. What sets it apart is its strong focus on user experience. Unlike most network analyzers, Sniffnet is built to be easily usable by everyone, regardless of technical expertise.
SubSnipe: Open-source tool for finding subdomains vulnerable to takeover
SubSnipe is an open-source, multi-threaded tool to help find subdomains vulnerable to takeover. It’s simpler, produces better output, and has more fingerprints than other subdomain takeover tools.
Traceeshark: Open-source plugin for Wireshark
Traceeshark is a plugin for Wireshark that enables security practitioners to quickly investigate security incidents. It enhances the capabilities of Aqua Tracee, an open-source runtime security and forensics tool, and allows users to analyze kernel-level event and behavioral detection alongside network traffic.
x64dbg: Open-source binary debugger for Windows
x64dbg is an open-source binary debugger for Windows, designed for malware analysis and reverse engineering of executables without access to the source code. It offers a wide range of features and a plugin system, allowing you to customize and extend its capabilities to suit your needs.
YetiHunter: Open-source threat hunting tool for Snowflake environments
Cloud identity protection company Permiso has created YetiHunter, a threat detection and hunting tool companies can use to query their Snowflake environments for evidence of compromise.
Zeek: Open-source network traffic analysis, security monitoring
Zeek is an open-source network analysis framework. Unlike an active security device such as a firewall, Zeek operates on a versatile ‘sensor’ that can be a hardware, software, virtual, or cloud platform.
Must read: