Linux
Explore 87 curated tools and resources
Search tools and resources by name, description, or purpose... (⌘+K)
PINNED
ImmuniWeb Discovery is an attack surface management platform that continuously monitors an organization's external digital assets for security vulnerabilities, misconfigurations, and threats across domains, applications, cloud resources, and the dark web.
ImmuniWeb Discovery is an attack surface management platform that continuously monitors an organization's external digital assets for security vulnerabilities, misconfigurations, and threats across domains, applications, cloud resources, and the dark web.
An AI-powered career platform that automates the creation of cybersecurity job application materials and provides company-specific insights for job seekers.
An AI-powered career platform that automates the creation of cybersecurity job application materials and provides company-specific insights for job seekers.
A weekly newsletter providing cybersecurity leadership insights, industry updates, and strategic guidance for security professionals advancing to management positions.
A weekly newsletter providing cybersecurity leadership insights, industry updates, and strategic guidance for security professionals advancing to management positions.
A software composition analysis tool that identifies vulnerabilities, malicious code, and license risks in open source dependencies throughout the software development lifecycle.
A software composition analysis tool that identifies vulnerabilities, malicious code, and license risks in open source dependencies throughout the software development lifecycle.
A cloud-native web application and API security solution that uses contextual AI to protect against known and zero-day threats without signature-based detection.
A cloud-native web application and API security solution that uses contextual AI to protect against known and zero-day threats without signature-based detection.
A cloud-native application protection platform that provides agentless security monitoring, vulnerability management, and compliance capabilities across multi-cloud environments.
A cloud-native application protection platform that provides agentless security monitoring, vulnerability management, and compliance capabilities across multi-cloud environments.
A GitHub application that performs automated security code reviews by analyzing contextual security aspects of code changes during pull requests.
A GitHub application that performs automated security code reviews by analyzing contextual security aspects of code changes during pull requests.
Wiz Cloud Security Platform is a cloud-native security platform that enables security, dev, and devops to work together in a self-service model, detecting and preventing cloud security threats in real-time.
Wiz Cloud Security Platform is a cloud-native security platform that enables security, dev, and devops to work together in a self-service model, detecting and preventing cloud security threats in real-time.
LATEST ADDITIONS
A comprehensive guide on Linux persistence mechanisms, focusing on scheduled tasks and jobs, their implementation, detection, and hunting strategies.
A comprehensive guide on Linux persistence mechanisms, focusing on scheduled tasks and jobs, their implementation, detection, and hunting strategies.
Kunai is a Linux-based system monitoring tool that provides real-time monitoring and threat hunting capabilities.
A next-generation file integrity monitoring and change detection system
A next-generation file integrity monitoring and change detection system
A comprehensive Linux log analysis tool that streamlines the investigation of security incidents by extracting and organizing critical details from supported log files.
A comprehensive Linux log analysis tool that streamlines the investigation of security incidents by extracting and organizing critical details from supported log files.
A collection of YARA rules for Windows, Linux, and Other threats.
An article in Phrack Magazine discussing the creation of shellcode for StrongARM/Linux architecture.
Scripts to automate the process of enumerating a Linux system through a Local File Inclusion (LFI) vulnerability.
Scripts to automate the process of enumerating a Linux system through a Local File Inclusion (LFI) vulnerability.
A comprehensive guide to hardening OpenLDAP on Linux using AppArmor and systemd, providing a defense in depth approach to securing LDAP deployments.
Linux privilege escalation auditing tool for detecting security deficiencies in Linux kernels.
Linux privilege escalation auditing tool for detecting security deficiencies in Linux kernels.
Modular Threat Hunting Tool & Framework
Drltrace is a dynamic API calls tracer for Windows and Linux applications.
Drltrace is a dynamic API calls tracer for Windows and Linux applications.
The best security training environment for Developers and AppSec Professionals.
The best security training environment for Developers and AppSec Professionals.
Open source application for retrieving passwords stored on a local computer with support for various software and platforms.
Open source application for retrieving passwords stored on a local computer with support for various software and platforms.
An anti-forensic Linux Kernel Module kill-switch for USB ports.
Instructions for setting up SIREN, including downloading Linux dependencies, cloning the repository, setting up virtual environment, installing pip requirements, running SIREN, setting up Snort on Pi, and MySQL setup.
A comprehensive guide for using Docker with detailed information on prerequisites, installation, containers, images, networks, and more.
A comprehensive guide for using Docker with detailed information on prerequisites, installation, containers, images, networks, and more.
A cheatsheet for understanding privilege escalation with examples, not for enumeration using Linux Commands.
A cheatsheet for understanding privilege escalation with examples, not for enumeration using Linux Commands.
Makes output from the tcpdump program easier to read and parse.
Easy-to-use live forensics toolbox for Linux endpoints with various capabilities such as process inspection, memory analysis, and YARA scanning.
Easy-to-use live forensics toolbox for Linux endpoints with various capabilities such as process inspection, memory analysis, and YARA scanning.
A tool to dump login passwords from Linux desktop users, leveraging cleartext credentials in memory.
A tool to dump login passwords from Linux desktop users, leveraging cleartext credentials in memory.
GNU/Linux Wireless distribution for security testing with XFCE desktop environment.
GNU/Linux Wireless distribution for security testing with XFCE desktop environment.
gVisor is an application kernel that provides isolation for running sandboxed containers.
gVisor is an application kernel that provides isolation for running sandboxed containers.
Porting GNU/Linux userland tools to the bionic/Linux userland of Android to provide access to the audit stream for Android applications with minimal overhead.
Porting GNU/Linux userland tools to the bionic/Linux userland of Android to provide access to the audit stream for Android applications with minimal overhead.
Comprehensive guide for Iptables configuration and firewall rules.
Comprehensive guide for Iptables configuration and firewall rules.
A tool for privilege escalation within Linux environments by targeting vulnerabilities in SUDO usage.
A tool for privilege escalation within Linux environments by targeting vulnerabilities in SUDO usage.
Python tool for remote memory acquisition
A comprehensive guide for hardening GNU/Linux systems with practical step-by-step instructions.
Libnids is an implementation of an E-component of Network Intrusion Detection System that emulates the IP stack of Linux 2.0.x and offers IP defragmentation, TCP stream assembly, and TCP port scan detection.
Libnids is an implementation of an E-component of Network Intrusion Detection System that emulates the IP stack of Linux 2.0.x and offers IP defragmentation, TCP stream assembly, and TCP port scan detection.
A portable volatile memory acquisition tool for Linux.
A portable volatile memory acquisition tool for Linux.
Linux Exploit Suggester; suggests possible exploits based on the Linux operating system release number.
Linux Exploit Suggester; suggests possible exploits based on the Linux operating system release number.
A utility for recovering deleted files from ext3 or ext4 partitions.
A utility for recovering deleted files from ext3 or ext4 partitions.
Toolkit for building custom minimal, immutable Linux distributions with secure defaults.
Toolkit for building custom minimal, immutable Linux distributions with secure defaults.
A series of vulnerable virtual machine images with documentation to teach Linux, Apache, PHP, MySQL security.
A series of vulnerable virtual machine images with documentation to teach Linux, Apache, PHP, MySQL security.
A local privilege escalation vulnerability in the Linux kernel known for its catchy name and potential damages.
A local privilege escalation vulnerability in the Linux kernel known for its catchy name and potential damages.
Next-generation Linux exploit suggester with improved features for finding privilege escalation vulnerabilities.
Next-generation Linux exploit suggester with improved features for finding privilege escalation vulnerabilities.
A bash script for automating Linux swap analysis for post-exploitation or forensics purposes.
A bash script for automating Linux swap analysis for post-exploitation or forensics purposes.
Cilium is a networking, observability, and security solution with an eBPF-based dataplane.
Cilium is a networking, observability, and security solution with an eBPF-based dataplane.
A wrapper around jNetPcap for packet capturing with Clojure, available for Linux and Windows.
A wrapper around jNetPcap for packet capturing with Clojure, available for Linux and Windows.
HoneyDrive is the premier honeypot Linux distro with over 10 pre-installed honeypot software packages and numerous analysis tools.
HoneyDrive is the premier honeypot Linux distro with over 10 pre-installed honeypot software packages and numerous analysis tools.
A daemon for blocking USB keystroke injection devices on Linux systems
A daemon for blocking USB keystroke injection devices on Linux systems
OpenRASP directly integrates its protection engine into the application server by instrumentation, providing context-aware protection and detailed stack trace logging.
OpenRASP directly integrates its protection engine into the application server by instrumentation, providing context-aware protection and detailed stack trace logging.
Cutting-edge technology for developing security applications within the Linux kernel.
Cutting-edge technology for developing security applications within the Linux kernel.
A KDE Plasma 4 widget that displays real-time traffic information for active network connections on Linux computers.
A KDE Plasma 4 widget that displays real-time traffic information for active network connections on Linux computers.
A combination of honeypot, monitoring tool, and alerting system for detecting insecure configurations.
A combination of honeypot, monitoring tool, and alerting system for detecting insecure configurations.
Set up your own IPsec VPN server in just a few minutes with IPsec/L2TP, Cisco IPsec, and IKEv2.
Set up your own IPsec VPN server in just a few minutes with IPsec/L2TP, Cisco IPsec, and IKEv2.
LinEnum is a tool for Linux enumeration that provides detailed system information and performs various checks and tasks.
LinEnum is a tool for Linux enumeration that provides detailed system information and performs various checks and tasks.
An alternative to the auditd daemon with goals of safety, speed, JSON output, and pluggable pipelines connecting to the Linux kernel via netlink.
A comprehensive auditd configuration for Linux systems following best practices.
A comprehensive auditd configuration for Linux systems following best practices.
A simple IOC scanner bash script for Linux/Unix/OSX systems
A simple IOC scanner bash script for Linux/Unix/OSX systems
A website for information on Linux and BSD distributions.
Taxii2 server for interacting with taxii services.
A guide on basic Linux privilege escalation techniques including enumeration, data analysis, exploit customization, and trial and error.
A guide on basic Linux privilege escalation techniques including enumeration, data analysis, exploit customization, and trial and error.
LiME is a Linux Memory Extractor tool for acquiring volatile memory from Linux and Linux-based devices, including Android, with features like full memory captures and minimal process footprint.
LiME is a Linux Memory Extractor tool for acquiring volatile memory from Linux and Linux-based devices, including Android, with features like full memory captures and minimal process footprint.
Procmon for Linux is a reimagining of the classic Procmon tool from Windows, allowing Linux developers to trace syscall activity efficiently.
Procmon for Linux is a reimagining of the classic Procmon tool from Windows, allowing Linux developers to trace syscall activity efficiently.
An endpoint monitoring tool for Linux and macOS that reports file, socket, and process events to Zeek.
An endpoint monitoring tool for Linux and macOS that reports file, socket, and process events to Zeek.
Sysmon for Linux is a tool that monitors and logs system activity with advanced filtering to identify malicious activity.
Sysmon for Linux is a tool that monitors and logs system activity with advanced filtering to identify malicious activity.
edb is a powerful debugger for Linux binaries, enhancing reverse engineering efforts with a user-friendly interface and extensible plugins.
edb is a powerful debugger for Linux binaries, enhancing reverse engineering efforts with a user-friendly interface and extensible plugins.
CyLR is a Live Response Collection tool for quickly and securely collecting forensic artifacts from hosts with NTFS file systems.
CyLR is a Live Response Collection tool for quickly and securely collecting forensic artifacts from hosts with NTFS file systems.
Collects and organizes Linux OS data for detailed analysis and incident response.
Collects and organizes Linux OS data for detailed analysis and incident response.
A tool for creating compact Linux memory dumps compatible with popular debugging tools.
A tool for creating compact Linux memory dumps compatible with popular debugging tools.
OpenCanary is a multi-protocol network honeypot with low resource requirements and alerting capabilities.
OpenCanary is a multi-protocol network honeypot with low resource requirements and alerting capabilities.
An open-source penetration testing framework for social engineering with custom attack vectors.
An open-source penetration testing framework for social engineering with custom attack vectors.
DenyHosts is a script to block SSH server attacks by automatically preventing attackers after failed login attempts.
BunkerWeb is a next-generation and open-source Web Application Firewall (WAF) with seamless integration and user-friendly customization options.
BunkerWeb is a next-generation and open-source Web Application Firewall (WAF) with seamless integration and user-friendly customization options.
Linux-based operating system intentionally vulnerable for cybersecurity practice.
Linux-based operating system intentionally vulnerable for cybersecurity practice.
A comprehensive cheat sheet for Windows and Linux terminals and command lines, covering essential commands and syntax for various tasks.
A comprehensive cheat sheet for Windows and Linux terminals and command lines, covering essential commands and syntax for various tasks.
A tool to locally check for signs of a rootkit with various checks and tests.
A tool to locally check for signs of a rootkit with various checks and tests.
A library and tools for accessing and analyzing Linux Logical Volume Manager (LVM) volume system format.
A library and tools for accessing and analyzing Linux Logical Volume Manager (LVM) volume system format.
A comprehensive cheat sheet for accessing Windows systems from Linux hosts using smbclient and rpcclient tools, covering password management, user and group enumeration, and more.
A javascript malware analysis tool with backend code execution.
A collection of utilities for working with USB devices on Linux
A workshop offering resources for local privilege escalation on Windows and Linux systems.
A workshop offering resources for local privilege escalation on Windows and Linux systems.
A Cross-Platform Forensic Framework for Google Chrome that allows investigation of history, downloads, bookmarks, cookies, and provides a full report.
A Cross-Platform Forensic Framework for Google Chrome that allows investigation of history, downloads, bookmarks, cookies, and provides a full report.
Semi-tethered jailbreak for iPhone 5s to iPhone X, running iOS 12.0 and up, using the 'checkm8' bootrom exploit.
Falco is a cloud native runtime security tool for Linux operating systems that detects and alerts on abnormal behavior and potential security threats in real-time.
Falco is a cloud native runtime security tool for Linux operating systems that detects and alerts on abnormal behavior and potential security threats in real-time.
A simpler version of a honeypot that looks for connections from external parties and performs a specific action, usually blacklisting.
Vulnerability scanner for Linux/FreeBSD, written in Go, agent-less, informs users of vulnerabilities related to the system and affected servers.
Vulnerability scanner for Linux/FreeBSD, written in Go, agent-less, informs users of vulnerabilities related to the system and affected servers.
Guidance on securing NFS in Red Hat Enterprise Linux 7
Guidance on securing NFS in Red Hat Enterprise Linux 7
An evolving how-to guide for securing a Linux server with detailed steps and explanations.
Python tool for remotely or locally dumping RAM of a Linux client for digital forensics analysis.
Python tool for remotely or locally dumping RAM of a Linux client for digital forensics analysis.
OpenSnitch is a GNU/Linux application firewall with interactive outbound connections filtering and system-wide domain blocking capabilities.
OpenSnitch is a GNU/Linux application firewall with interactive outbound connections filtering and system-wide domain blocking capabilities.
