Security Tools
A curated collection of essential tools for bug bounty hunting and security research.
Subfinder
Fast passive subdomain enumeration tool that discovers valid subdomains for websites by using passive online sources.
Installation Methods:
go install -v github.com/projectdiscovery/subfinder/v2/cmd/subfinder@latest
sudo apt update && sudo apt install subfinder
# Download and install binary wget https://github.com/projectdiscovery/subfinder/releases/latest/download/subfinder_*_linux_amd64.zip unzip subfinder_*_linux_amd64.zip chmod +x subfinder_*_linux_amd64/subfinder sudo mv subfinder_*_linux_amd64/subfinder /usr/local/bin/
theHarvester
Comprehensive OSINT tool for gathering emails, names, subdomains, IPs, and URLs from public sources like Google, Bing, PGP, LinkedIn.
Installation Methods:
pip3 install theHarvester
git clone https://github.com/laramies/theHarvester.git cd theHarvester pip3 install -r requirements.txt
sudo apt update && sudo apt install theharvester
Katana
Next-generation crawling and spidering framework designed for modern web applications with JavaScript support and advanced crawling capabilities.
Installation Methods:
go install github.com/projectdiscovery/katana/cmd/katana@latest
docker run projectdiscovery/katana:latest
Sherlock
Hunt down social media accounts by username across 400+ social networks. Perfect for investigating online presence and account enumeration.
Installation Methods:
# After git clone, install requirements cd sherlock pip3 install -r requirements.txt
git clone https://github.com/sherlock-project/sherlock.git cd sherlock pip3 install -r requirements.txt
docker run --rm -t sherlockproject/sherlock:latest
Amass
In-depth attack surface mapping and asset discovery tool that performs network mapping of attack surfaces and external asset discovery with active and passive techniques.
Installation Methods:
go install -v github.com/OWASP/Amass/v4/cmd/amass@latest
sudo apt update && sudo apt install amass
sudo snap install amass
OWASP ZAP
Free open-source web application security scanner that automatically finds security vulnerabilities in web applications during development and testing.
Installation Methods:
sudo apt update && sudo apt install zaproxy
sudo snap install zaproxy --classic
docker run -t owasp/zap2docker-stable zap.py
Shodan CLI
Command-line interface for Shodan, the world's first search engine for Internet-connected devices. Discover vulnerable systems and exposed services.
Installation Methods:
pip3 install shodan
shodan init YOUR_API_KEY
Docker Bench Security
Security audit tool that checks for common best-practices around deploying Docker containers in production environments.
Installation Methods:
git clone https://github.com/docker/docker-bench-security.git cd docker-bench-security sudo ./docker-bench-security.sh
docker run --rm -it --net host --pid host --userns host --cap-add audit_control \
-e DOCKER_CONTENT_TRUST=$DOCKER_CONTENT_TRUST \
-v /etc:/etc:ro \
-v /usr/bin/containerd:/usr/bin/containerd:ro \
-v /usr/bin/runc:/usr/bin/runc:ro \
-v /usr/lib/systemd:/usr/lib/systemd:ro \
-v /var/lib:/var/lib:ro \
-v /var/run/docker.sock:/var/run/docker.sock:ro \
--label docker_bench_security \
docker/docker-bench-security
Gobuster
Directory/file, DNS and Virtual Host busting tool written in Go that can be used to brute-force URIs, DNS subdomains, and virtual host names.
Installation Methods:
go install github.com/OJ/gobuster/v3@latest
sudo apt update && sudo apt install gobuster
git clone https://github.com/OJ/gobuster.git cd gobuster go build
CloudMapper
Security assessment tool for AWS cloud environments that helps visualize networks and identify potential security issues.
Installation Methods:
git clone https://github.com/duo-labs/cloudmapper.git cd cloudmapper pip3 install -r requirements.txt
# Configure AWS credentials first aws configure cd cloudmapper python3 cloudmapper.py collect --account-name my-account
Mobile Security Framework (MobSF)
Automated mobile application security testing framework capable of performing static and dynamic analysis on Android and iOS applications.
Installation Methods:
git clone https://github.com/MobSF/Mobile-Security-Framework-MobSF.git cd Mobile-Security-Framework-MobSF ./setup.sh
docker run -it -p 8000:8000 opensecurity/mobile-security-framework-mobsf:latest
Wireshark CLI (tshark)
Command-line network protocol analyzer that captures and analyzes network traffic. Essential for network troubleshooting and security analysis.
Installation Methods:
sudo apt update && sudo apt install tshark # Configure permissions and re-login sudo dpkg-reconfigure wireshark-common sudo usermod -a -G wireshark $USER # Log out and back in for group changes
sudo yum install wireshark-cli
sudo snap install wireshark # Connect required interfaces sudo snap connect wireshark:network-control sudo snap connect wireshark:network-observe
Feroxbuster
A fast, simple, recursive content discovery tool written in Rust designed to search for unlinked content in target directories with modern features.
Installation Methods:
cargo install feroxbuster
sudo apt update && sudo apt install feroxbuster
curl -sL https://raw.githubusercontent.com/epi052/feroxbuster/main/install-nix.sh | bash
SpiderFoot
Automated OSINT reconnaissance tool that integrates with 200+ data sources to gather intelligence about targets including domains, IPs, emails, and more.
Installation Methods:
pip3 install spiderfoot
git clone https://github.com/smicallef/spiderfoot.git cd spiderfoot pip3 install -r requirements.txt
docker run -p 5001:5001 spiderfoot/spiderfoot
WhatWeb
Web scanner that identifies technologies used by websites including content management systems, blogging platforms, and JavaScript libraries.
Installation Methods:
sudo apt update && sudo apt install whatweb
gem install whatweb
git clone https://github.com/urbanadventurer/WhatWeb.git
FFUF
Fast web fuzzer written in Go that supports directory fuzzing, parameter fuzzing, subdomain fuzzing, and virtual host discovery.
Installation Methods:
go install github.com/ffuf/ffuf@latest
sudo apt update && sudo apt install ffuf
sudo snap install ffuf
Nuclei
Fast and customizable vulnerability scanner based on simple YAML-based template files with 6000+ community-contributed templates.
Installation Methods:
go install -v github.com/projectdiscovery/nuclei/v3/cmd/nuclei@latest
sudo apt update && sudo apt install nuclei
docker run projectdiscovery/nuclei:latest
Nessus CLI
Professional vulnerability scanner that provides comprehensive vulnerability assessment with extensive plugin database and compliance checks.
Installation Methods:
# Register at https://www.tenable.com/products/nessus/nessus-essentials # Download from tenable.com - requires registration # sudo dpkg -i Nessus-*-debian6_amd64.deb
sudo systemctl start nessusd
OpenVAS
Open-source vulnerability assessment scanner with comprehensive vulnerability tests and automated security testing capabilities.
Installation Methods:
sudo apt update && sudo apt install openvas
docker run -d -p 443:443 --name openvas mikesplain/openvas
sudo gvm-setup
WAFW00F
Web Application Firewall detection tool that identifies and fingerprints Web Application Firewall (WAF) products protecting web applications.
Installation Methods:
pip3 install wafw00f
sudo apt update && sudo apt install wafw00f
git clone https://github.com/EnableSecurity/wafw00f.git
Nmap
The Network Mapper - powerful open source tool for network discovery, port scanning, and security auditing with extensive scripting capabilities.
Installation Methods:
sudo apt update && sudo apt install nmap
sudo yum install nmap
sudo snap install nmap
SQLMap
Automatic SQL injection and database takeover tool that detects and exploits SQL injection flaws with support for many database engines.
Installation Methods:
pip3 install sqlmap
sudo apt update && sudo apt install sqlmap
git clone --depth 1 https://github.com/sqlmapproject/sqlmap.git sqlmap-dev
Metasploit Framework
Comprehensive penetration testing framework with extensive exploit database, payload generation, and post-exploitation modules.
Installation Methods:
curl https://raw.githubusercontent.com/rapid7/metasploit-omnibus/master/config/templates/metasploit-framework-wrappers/msfupdate.erb > msfinstall && chmod 755 msfinstall && ./msfinstall
sudo apt update && sudo apt install metasploit-framework
docker run --rm -it metasploitframework/metasploit-framework
Burp Suite
Industry-standard platform for web application security testing with proxy, scanner, intruder, and repeater tools.
Installation Methods:
# Download from https://portswigger.net/burp/communitydownload # Requires manual download from website
sudo apt update && sudo apt install burpsuite
java -jar burpsuite_community.jar
ScoutSuite
Multi-cloud security auditing tool that assesses security posture of cloud environments including AWS, Azure, GCP, and others.
Installation Methods:
pip3 install scoutsuite
git clone https://github.com/nccgroup/ScoutSuite.git cd ScoutSuite pip3 install -r requirements.txt
Dastardly (CI/CD)
Free lightweight web application security scanner from PortSwigger designed for CI/CD pipelines and automated security testing.
Installation Methods:
docker run --user $(id -u) --rm -v $(pwd):/dastardly:rw public.ecr.aws/portswigger/dastardly:latest
HTTPx
Fast and multi-purpose HTTP toolkit that allows probing HTTP/HTTPS services, web servers, and gathering response information.
Installation Methods:
go install -v github.com/projectdiscovery/httpx/cmd/httpx@latest
sudo apt update && sudo apt install httpx-toolkit
Masscan
Internet-scale port scanner capable of scanning the entire Internet in under 6 minutes, transmitting 10 million packets per second.
Installation Methods:
sudo apt update && sudo apt install masscan
git clone https://github.com/robertdavidgraham/masscan.git cd masscan make
Gau (Get All URLs)
Fetch known URLs from multiple sources including Wayback Machine, Common Crawl, and more for domain reconnaissance.
Installation Methods:
go install github.com/lc/gau/v2/cmd/gau@latest
sudo apt update && sudo apt install gau
Aqua Trivy
Comprehensive vulnerability scanner for containers, filesystems, and Git repositories with support for multiple package managers.
Installation Methods:
sudo apt-get update && sudo apt-get install wget apt-transport-https gnupg lsb-release wget -qO - https://aquasecurity.github.io/trivy-repo/deb/public.key | sudo apt-key add - echo "deb https://aquasecurity.github.io/trivy-repo/deb $(lsb_release -sc) main" | sudo tee -a /etc/apt/sources.list.d/trivy.list sudo apt-get update && sudo apt-get install trivy
docker run --rm -v /var/run/docker.sock:/var/run/docker.sock aquasec/trivy:latest
Dirb
Web content discovery tool that launches dictionary-based attacks against web servers to find existing or hidden directories and files.
Installation Methods:
sudo apt update && sudo apt install dirb
git clone https://github.com/v0re/dirb.git cd dirb ./configure && make
Wfuzz
Web application fuzzer for security assessments that can test various injection attacks and discover hidden content through fuzzing.
Installation Methods:
pip3 install wfuzz
sudo apt update && sudo apt install wfuzz
Semgrep
Static analysis tool for finding bugs, security issues, and enforcing code standards across multiple programming languages.
Installation Methods:
pip3 install semgrep
docker run --rm -v "${PWD}:/src" returntocorp/semgrep
Arachni
Feature-rich web application security scanner framework with high-performance and modular architecture for comprehensive testing.
Installation Methods:
# Download from https://github.com/Arachni/arachni/releases wget https://github.com/Arachni/arachni/releases/latest # Extract and run
docker run --rm arachni/arachni
TruffleHog
Searches through git repositories and filesystems for high entropy strings and secrets, helping find accidentally committed credentials.
Installation Methods:
go install github.com/trufflesecurity/trufflehog/v3@latest
sudo apt update && sudo apt install trufflehog
Assetfinder
Find domains and subdomains related to a target using multiple data sources including Certificate Transparency logs and APIs.
Installation Methods:
go install github.com/tomnomnom/assetfinder@latest
sudo apt update && sudo apt install assetfinder
CloudSploit
Open-source cloud security posture management tool that scans AWS, Azure, GCP, and Oracle cloud environments for security risks.
Installation Methods:
npm install -g cloudsploit
git clone https://github.com/aquasecurity/cloudsploit.git cd cloudsploit npm install
APKLeaks
Scanning APK file for URIs, endpoints & secrets to identify potential security vulnerabilities in Android applications.
Installation Methods:
pip3 install apkleaks
git clone https://github.com/dwisiswant0/apkleaks.git cd apkleaks pip3 install -r requirements.txt
DefectDojo
Security vulnerability management tool that streamlines security testing and provides centralized vulnerability tracking and reporting.
Installation Methods:
git clone https://github.com/DefectDojo/django-DefectDojo.git cd django-DefectDojo docker-compose up -d
pip3 install defectdojo
JWT_Tool
Toolkit for validating, forging, scanning, and tampering with JWTs (JSON Web Tokens) to test for common security vulnerabilities.
Installation Methods:
pip3 install pyjwt
git clone https://github.com/ticarpi/jwt_tool.git cd jwt_tool pip3 install -r requirements.txt
Clair
Open-source static analysis tool for container security that scans container images for known vulnerabilities and security issues.
Installation Methods:
git clone https://github.com/quay/clair.git cd clair docker-compose up -d
go install github.com/quay/clair/v4/cmd/clair@latest