Contact information:
Email: [email protected]
Phone Number: +1 (703) 268-4350
Here at Penetrum LLC we are strong believers in the opensource community. We think knowledge should be free and everyone should have the best tools to do the job at their fingertips. Everyone should have affordable security at all times, and should be able to protect their presences and assets online without having to pay for it. That's why we decided to come up with a list of tools to help with security implementations, auditing, penetration testing, server management, and much more. Enjoy!
-
Project Management:
- Trello https://trello.com/en-US
- MeisterTask https://www.meistertask.com/
- Wrike https://www.wrike.com/
- Bitrix24 https://www.bitrix24.com/
- Teamwork Projects https://www.teamwork.com/project-management-software/
- Todoist https://todoist.com/?lang=en
- Zenkit https://zenkit.com/en/
- Wekan https://wekan.github.io
- Taskade https://www.taskade.com
-
Asset Management/Supply Chain Management:
- Snipe-IT https://github.com/snipe/snipe-it
- Ralph https://github.com/allegro/ralph
- Open Boxes https://github.com/openboxes/openboxes
- Spiceworks https://www.spiceworks.com
-
Vulnerability Management:
- Faraday https://github.com/infobyte/faraday
- Archery Sec https://github.com/archerysec/archerysec
- Jackhammer https://github.com/olacabs/jackhammer
- Watchdog https://github.com/flipkart-incubator/watchdog
- OpenVAS https://sectools.org/tool/openvas/
-
Containter Related Scanning:
-
Docker UI:
-
Configuration Management:
- MGMT https://github.com/purpleidea/mgmt
- Chef https://downloads.chef.io/
- Puppet https://puppet.com/download-open-source-puppet
- CFengine https://cfengine.com/product/free-download/
- Juju https://github.com/juju/juju
- Rudder https://www.rudder.io/en/
- Ansible https://www.ansible.com/
- Terraform https://www.terraform.io/downloads.html
- Vagrant https://www.vagrantup.com/downloads
- Bcfg2 http://bcfg2.org/download/
- Saltstack https://www.saltstack.com
- Cockpit https://cockpit-project.org/
-
SIEM:
- OSSEC https://www.ossec.net/
- WAZUH https://wazuh.com/
- ZEEK https://www.zeek.org/
- EventLog360 https://www.manageengine.com/log-management/download.html
- Alient Vault - OSSIM https://www.alienvault.com/products/ossim
-
VPN:
- OpenVPN https://openvpn.net/
- Check out https://www.vpnbook.com/
- Libreswan VPN https://libreswan.org/
- strongSwan https://www.strongswan.org/
- OpenConnect http://www.infradead.org/openconnect/
- Social VPN http://ipop-project.org/
- SoftEther VPN https://www.softether.org/
- Tinc VPN http://www.tinc-vpn.org/
- Proton VPN https://protonvpn.com/
-
End Point:
-
Linux & Windows System Hardener:
- Lynis https://github.com/CISOfy/lynis
- Microsoft Attack Surface Analyzer https://github.com/microsoft/AttackSurfaceAnalyzer
- Microsoft Baseline Security Analyzer https://www.microsoft.com/en-us/download/details.aspx?id=19892
- Bastille https://github.com/BastilleBSD/bastille
- JShielder https://github.com/Jsitech/JShielder
- nixarmor https://github.com/emirozer/nixarmor
- Zeus (AWS) https://github.com/DenizParlak/Zeus
- Docker-bench (Docker) https://github.com/docker/docker-bench-security
-
Linux Login Protection:
- Fail2Ban https://www.fail2ban.org/
- DenyHosts https://github.com/denyhosts/denyhosts
- SSHGuard https://www.sshguard.net/
-
IP Blacklists and Domains:
- Ultimate.Hosts.Blacklist https://github.com/mitchellkrogza/Ultimate.Hosts.Blacklist
- IPSet Firehol https://github.com/firehol/blocklist-ipsets
- Project Honeypot https://www.projecthoneypot.org/list_of_ips.php
- CryptoLocker https://data.netlab.360.com/feeds/dga/cryptolocker.txt
- BadIPs https://www.badips.com/get/list/any/2?age=7d
-
Proxies:
- Squid Proxy http://www.squid-cache.org/
- HAProxy http://www.haproxy.org/
- Swiper Proxy https://swiperproxy.github.io/
- DNSCrypt Proxy https://github.com/jedisct1/dnscrypt-proxy
- NGinx https://www.nginx.com
- ThrottleProxy https://github.com/mistakster/throttle-proxy
-
Socks Server:
- Shadowsocks https://shadowsocks.org/
- Dante https://github.com/notpeter/dante
- microsocks https://github.com/rofl0r/microsocks
-
HTTP Tunnel:
- Tinyproxy https://tinyproxy.github.io/
- mitmproxy https://mitmproxy.org/ < -- HTTPS
- OpenProxy https://openproxy.space/
- Privoxy https://www.privoxy.org/
-
FTP Proxy:
- ftp.proxy http://www.ftpproxy.org/
-
DNS Proxy:
-
Server/Network Monitoring:
- Netdata https://github.com/netdata/netdata
- Ganglia http://ganglia.info/
- Spiceworks https://www.capterra.com/p/79191/Spiceworks-IT-Desktop/
- Free Database Performance Analyzer https://www.solarwinds.com/free-tools/database-performance-analyzer-free?CMP=ORG-BLG-DNS
- WMI Monitor https://www.solarwinds.com/free-tools/wmi-monitor?CMP=ORG-BLG-DNS
- Wireshark https://www.wireshark.org
- TCPDump
- NetMonitor https://www.microsoft.com/en-US/download/details.aspx?id=4865
- NetMiner - http://www.netminer.com/main/main-read.do
- NetMon - https://www.nagios.org/downloads/
- Wireless Network Watcher https://www.nirsoft.net/utils/wireless_network_watcher.html
- AdapterWatch https://www.nirsoft.net/utils/awatch.html
- DNSDataView https://www.nirsoft.net/utils/dns_records_viewer.html
- MyLastSearch https://www.nirsoft.net/utils/my_last_search.html
- SniffPass https://www.nirsoft.net/utils/password_sniffer.html
-
Network Intrusion Detection System (NIDS):
- Bro Logs https://www.bro.org/
- Snort https://github.com/snort3/snort3
- Pulled Pork https://github.com/shirkdog/pulledpork
- SSHGaurd https://github.com/atenart/sshguard
- Suricata https://suricata-ids.org
-
Host Intrustion Detection System (HIDS):
- Tripwire https://github.com/Tripwire
- Stealth https://github.com/fbb-git/stealth
- Ossec https://www.ossec.net
- Samhain - https://la-samhna.de/samhain/s_download.html
-
Monitoring and Logging:
- justniffer https://github.com/onotelli/justniffer
- httpry https://github.com/jbittel/httpry
- ngrep https://github.com/jpr5/ngrep
- passivedns https://github.com/gamelinux/passivedns
- sgan https://github.com/agrimgupta92/sgan
- regshot https://sourceforge.net/projects/regshot/
- greylog https://www.graylog.org/
- Logstash https://www.elastic.co/products/logstash
- Flume https://flume.apache.org/
- LOGalyze http://www.logalyze.com/
- Syslog-ng https://www.syslog-ng.com/products/open-source-log-management/
- Greylog2
- Logstash
- Lumberjack - https://sourceforge.net/projects/lumberjack/
- RabbitMQ - https://www.rabbitmq.com/management-cli.html
- ZeroMQ - http://zeromq.org
-
Anti-Virus:
- ClamAV https://www.clamav.net/
- Sophos https://www.sophos.com/en-us/products/free-tools.aspx
- F-Protection https://www.f-secure.com/us-en/home/products/anti-virus
- Comodo https://personalfirewall.comodo.com/
- 360 Total Security https://www.360totalsecurity.com/en/
- PFSense https://www.pfsense.org/download/
- CyberGod https://github.com/VISWESWARAN1998/CyberGod-KSGMPRH
- Bank_Mitigation https://github.com/CoolerVoid/bank_mitigations
- Fortress https://github.com/essandess/macOS-Fortress
- PeekabooAV https://github.com/scVENUS/PeekabooAV
-
Anti-USB:
-
Infrastructure Evaluation/Simulation:
- Infection Monkey https://www.guardicore.com/infectionmonkey/
- Threatcare https://www.threatcare.com/
- NeSSi2 http://www.nessi2.de/index.html
- Caldera https://github.com/mitre/caldera
- MalwLess https://github.com/n0dec/MalwLess
-
Malware Scans:
- RKHunter http://rkhunter.sourceforge.net/
- GEMR http://www.gmer.net/
- Rootkit Revealer https://docs.microsoft.com/en-us/sysinternals/downloads/rootkit-revealer
- chkrootkit http://www.chkrootkit.org/
- Magneto https://github.com/gwillem/magento-malware-scanner
- Aibolit https://github.com/gregzem/aibolit
- Hijackthis https://github.com/dragokas/hijackthis
- Malware Finder https://github.com/HookJordan/MalwareFinder
-
Anti-Spam:
- Spam Assassins https://spamassassin.apache.org/
- Mail Cleaner https://www.mailcleaner.org/
- Scrollout http://www.scrolloutf1.com/
- Proxmox https://www.proxmox.com/en/proxmox-mail-gateway
- OrangeAssassin https://orangeassassin.org/
- RSpamD https://rspamd.com/
-
Threat Intelligence:
- Inquest Labs https://labs.inquest.net/
- abuse.ch https://abuse.ch/
- Emerging Threats https://rules.emergingthreats.net/
- PhishTank https://www.phishtank.com/
- AutoShun https://www.autoshun.org/
- MISP - Open Source Threat Intelligence Platform https://github.com/MISP/MISP
- YETI https://yeti-platform.github.io/
- MalC0de http://malc0de.com/dashboard/
- Flight Sim Geerate Bad Traffic Flight https://github.com/alphasoc/flightsim
- NSAuditor - https://download.cnet.com/Nsauditor-Network-Security-Auditor/3000-2653_4-10321567.html
- MTA - Microsoft Threat Analyzer https://www.microsoft.com/en-us/download/details.aspx?id=44226
- security-onion https://securityonion.net/
- ActorTrackr https://github.com/jalewis/actortrackr
- AiEngine https://gi thub.com/camp0/aiengine
- Automater https://github.com/1aN0rmus/TekDefense-Automater
- bro-intel-generator https://github.com/exp0se/bro-intel-generator
- GoatRider https://github.com/BinaryDefense/goatrider
- Omnibus https://github.com/InQuest/omnibus
- poortego https://github.com/mgeide/poortego
- QRadio https://github.com/QTek/QRadio
- Redline https://www.fireeye.com/services/freeware/redline.html
- RITA https://github.com/activecm/rita
- HostHunter https://github.com/SpiderLabs/HostHunter
- Combine https://github.com/mlsecproject/combine
- Cyphon https://www.cyphon.io/
-
Web-Application Firewall:
- ModSecurity https://github.com/SpiderLabs/ModSecurity
- NAXSI https://github.com/nbs-system/naxsi
- sql_firewall https://github.com/uptimejp/sql_firewall
- ironbee https://github.com/ironbee/ironbee
- WebKnight https://www.aqtronix.com
- Shadow Daemon - https://shadowd.zecure.org/overview/introduction/
- W00fWaf https://github.com/EnableSecurity/wafw00f
- OpenWAF https://github.com/titansec/OpenWAF
-
Free Compliance Scaning:
- OpenSCAP https://github.com/OpenSCAP
-
Disk Image Creation Tools:
- AccessData FTK Imager https://github.com/MrMugiwara/FTK-imager-OSX
- Bitscout https://github.com/vitaly-kamluk/bitscout
- GetData Forensic Imager http://www.forensicimager.com/
- Magnet Acquire https://www.magnetforensics.com/products/magnet-acquire/
- ODIN - http://odin-win.sourceforge.net/
- CloneZilla http://clonezilla.org/
-
Network Analysis:
- Xplico http://www.xplico.org/download
- Spiceworks Inventory https://www.spiceworks.com/download/inventory/
- GraphTool https://graph-tool.skewed.de/
- KeyPlayer https://cran.r-project.org/web/packages/keyplayer/index.html
- NDTV https://cran.r-project.org/web/packages/ndtv/index.html
- Walktrap https://www-complexnetworks.lip6.fr/~latapy/PP/walktrap.html
- Connvitals https://github.com/Comcast/connvitals
- IVRE https://ivre.rocks/
-
Evidence Collection:
- bulk_extractor https://github.com/simsong/bulk_extractor
- cold disk quick response https://github.com/orlikoski/CDQR
- ir-rescue https://github.com/diogo-fernan/ir-rescue
- Grr https://github.com/google/grr
- CimSweep https://github.com/PowerShellMafia/CimSweep
- Encrypted Disk Collector https://www.magnetforensics.com/free-tool-encrypted-disk-detector/
- Magnet RamCapture https://www.magnetforensics.com/free-tool-magnet-ram-capture/
- Network Miner https://www.netresec.com/?page=NetworkMiner
- NFI Defraser https://sourceforge.net/projects/defraser/
- ExifTools https://www.sno.phy.queensu.ca/~phil/exiftool/
- Toolsley https://www.toolsley.com/
- DumpZilla https://www.dumpzilla.org/
- Broswer History https://www.nirsoft.net/utils/browsing_history_view.html
-
Log Analysis Tools
- Lorg https://github.com/jensvoid/lorg
- Logdissect https://github.com/dogoncouch/logdissect
- StreamAlert https://github.com/airbnb/streamalert
- SysmonSearch https://github.com/JPCERTCC/SysmonSearch
-
File System Analysis/Imager:
- The Sleuth Kit (+Autopsy) http://www.sleuthkit.org/
- FTK Imager https://accessdata.com/product-download
-
Metadata Analysis:
- Exiftool https://www.sno.phy.queensu.ca/~phil/exiftool/
- JustMeta https://github.com/FortyNorthSecurity/Just-Metadata
- Collection https://github.com/metadatacenter/metadata-analysis-tools
- TensorFlow Based https://github.com/tensorflow/metadata
-
Memory Analysis Tools:
- Evolve https://github.com/JamesHabben/evolve
- LiME https://github.com/504ensicsLabs/LiME
- Volatility https://www.volatilityfoundation.org/
- VolDiff https://github.com/aim4r/VolDiff
- WindowsSCOPE http://www.windowsscope.com/
-
Memory Imaging Tools:
- Belkasoft Live RAM Capturer https://belkasoft.com/ram-capturer
- Linux Memory Grabber https://github.com/halpomeranz/lmg
- Magnet RAM Capture https://www.magnetforensics.com/resources/magnet-ram-capture/
- OSForensics https://www.osforensics.com/download.html
- Memoryze https://www.fireeye.com/services/freeware/memoryze.html
- RAMMap https://docs.microsoft.com/en-us/sysinternals/downloads/rammap
-
MSSP:
-
OSX Evidence Collection:
- Knocknock https://github.com/synack/knockknock
- mscOS Artifact Parsing Tool (mac_apt)
- OSX Auditor https://github.com/jipegit/OSXAuditor
- OSX Collector https://github.com/Yelp/osxcollector
- Shims (SDB Parser) https://tzworks.net/prototype_page.php?proto_id=33
- SDB-Explorer https://github.com/evil-e/sdb-explorer
-
Incident Response Operating System:
-
Sandbox:
- Falcon Sandbox https://github.com/PayloadSecurity/VxAPI
- Spender Sandbox https://github.com/spender-sandbox
- Sandboxie https://www.sandboxie.com/DownloadSandboxie
-
Automated Triaging:
- PE Studio https://www.winitor.com/
- FAME - https://github.com/certsocietegenerale/fame
- VIPER https://github.com/viper-framework/viper
- MalwOverview https://github.com/alexandreborges/malwoverview
-
Online Sandbox:
- Malcore https://penetrum.com/upload
- Any.run https://any.run/
- Hybrid-Analysis https://www.hybrid-analysis.com/
-
IOC Scanner:
- Fenrir https://github.com/Neo23x0/Fenrir
- Forager https://github.com/opensourcesec/Forager
- Loki https://github.com/Neo23x0/Loki
- Fast IR https://github.com/SekoiaLab/Fastir_Collector
- Zimmermans Toolkit https://ericzimmerman.github.io/#!index.md
- Didier Stevens Toolkit https://blog.didierstevens.com/my-software/
-
DNS:
- Bind https://www.isc.org/downloads/bind/
- djbdns http://cr.yp.to/djbdns.html
- Designate - https://wiki.openstack.org/wiki/Designate
- dnsmasq - http://www.thekelleys.org.uk/dnsmasq/doc.html
- knot - https://www.knot-dns.cz/