Gothenburg Hackerspace Wiki

User Tools

Site Tools


Linux Security Package List

This list was started as an collaborative effort to maintain an distribution-independent list of security related packages for Linux systems. The original list came from the Linux Alpine project.

Feel free to help out in any way possible.

tags: ,


One of the goals is to offer meta-packages for popular Linux distributions, to minimize the trend of creating new distributions or derivatives for specific purposes.

Distribution Maintainer More information
Debian raccoon

Existing distributions

Package listing

The following content needs review, quality assurance and appropiate weighting.

Note: This is work in progress. Not all packages are available at the moment.

Some stuff is may be obsolote and should be removed.


openssl Toolkit for SSL v2/v3 and TLS v1

Code Analysis

rpmlint A tool for checking common errors in RPM packages http://rpmlint.zarb.or
pylint Analyzes Python code looking for bugs and signs of poor quality
flawfinder Examines C/C++ source code for security flaws
rats A tool to find security related programming errors
pychecker A analyser for python source code
pyflakes A passive checker of Python programs
strace A useful diagnositic, instructional, and debugging tool
netsink A Network Sinkhole for Isolated Malware Analysis

Other/unreviewed options

splint An implementation of the lint program
valgrind A tool for finding memory-management problems
pscan Limited problem scanner for C source files

Forensics / Data recovery tools

dc3dd Patched version of GNU dd for use in computer forensics
ddrescue Data recovery tool for block devices with errors
testdisk A powerful free data recovery software
scrub Disk scrubbing program
ncdu A curses-based version of the well-known “du”
htop An interactive process viewer for Linux
mac-robber A tool that collects data from allocated files in a mounted file system
wipe Tool for securely erasing files from magnetic media
nwipe Securely erase disks using a variety of recognized methods
jhead An Exif jpeg header manipulation tool

Other/unreviewed options

aimage Advanced Disk Imager
fiwalk Batch analysis of a disk image
ftimes A system baselining and evidence collection too
cdpr Cisco Disovery Protocol (CDP) packet decoder
rarcrack Password cracker for rar archives
extcarve ext2/ext3/ext4 file recovery and semantic file carving tool
safecopy A data recovery tool
scalpel Fast file carver working on disk images
afftools Utilities for afflib
examiner Utility to disassemble and comment foreign executable binaries
firstaidkit System Rescue Tool
foremost Recover files by “carving” them from a raw disk
hexedit A hexadecimal file viewer and editor
ntfs 3g Linux NTFS userspace driver
ntfsprogs NTFS filesystem libraries and utilities
scanmem Simple interactive debugging utility
sleuthkit The Sleuth Kit (TSK)
srm Secure file deletion
unhide Tool to find hidden processes and TCP/UDP ports from rootkits
chntpw NT SAM password recovery utility
Hydra very fast network logon cracker
Medusa fast, parallel, modular, login brute-forcer for services
volatility An advanced memory forensics framework
pdfcrack A Password Recovery Tool for PDF files


arpalert Monitor ARP changes in ethernet networks
arpon ARP handler inspection
dnsenum A tool to enumerate DNS info about domains
halberd A tool to discover HTTP load balancers
scanssh Fast SSH server and open proxy scanner
ngrep Network layer grep tool
netsniff-ng A performant Linux network analyzer and networking toolkit
scapy Interactive packet manipulation tool and network scanner
socat Bidirectional data relay between two data channels ('netcat++')
tcpdump A network traffic monitoring tool
tcptrack Displays information about tcp connections on a network interface
tcpflow A tool for monitoring, capturing and storing TCP connections flows
tcpproxy Transparent TCP Proxy
etherdump An extremely small packet sniffer
netdiscover A network address discovering tool
nmap A network exploration tool and security/port scanner
arpwatch An ethernet monitoring program
nfswatch An NFS traffic monitoring tool
p0f Passive traffic fingerprinting tool
hping3 A ping-like TCP/IP packet assembler/analyzer
sslscan Security assessment tool for SSL
httpry A packet sniffer designed for HTTP traffic
bannergrab A banner grabbing tool
dnstop A DNS traffic capture utility
flunym0us A vulnerability scanner for wordpress and moodle
swaks A transaction-oriented SMTP test tool
onesixtyone An efficient SNMP scanner

Other/unreviewed options

whatweb A website fingerprinter
blindelephant A web application fingerprinter
dpkt python packet creation / parsing library
ike-scan An IPsec VPN scanning, fingerprinting, and testing tool
tcpreen A TCP/IP re-engineering and monitoring program
tcpdump A network traffic monitoring tool
tcpflow Network traffic recorder
tcpick A tcp stream sniffer, tracker and capturer
tcping Check of TCP connection to a given IP/Port
tcpjunk TCP protocols testing tool
tcpreplay Replay captured network traffic
tcptraceroute A traceroute implementation using TCP packets
tcptrack Displays information about tcp connections on a network interface
tcputils Utilities for TCP programming in shell-scripts
tcp_wrappers A security tool which acts as a wrapper for TCP daemons
tcpxtract Tool for extracting files from network traffic
ttcp A tool for testing TCP connections
dsniff Tools for network auditing and penetration testing
ettercap A network traffic sniffer/analyser
icmpshell A tool that only uses ICMP for connections
inguma Oracle penetration testing and vulnerability research toolkit
yapscan TCP Half-open port scanner / fast ICMP scanner (+limited UDP).
Wireplay Replay pcap dumped TCP sessions with modification as required.

Application Testing

wbox HTTP testing tool and configuration-less HTTP server
slowhttptest An application Layer DoS attack simulator
arachni Web application security scanner framework
wpscan A vulnerability scanner for WordPress installations
lynis Security and system auditing tool to harden Linux systems
ratproxy A passive web application security assessment tool
fimap A little tool for local and remote file inclusion auditing and exploitation
mysqlenum An automatic blind SQL injection tool
patator A multi-purpose brute-forcer, with a modular design and a flexible usage
slowhttptest An application Layer DoS attack simulator

Network statistics

iperf Tool to measure IP bandwidth using UDP or TCP
iptraf-ng A console-based network monitoring utility
iptop Command line tool that displays bandwidth usage on an interface
fping A utility to ping multiple hosts at once
mtr Full screen ncurses traceroute tool
speedometer Measure and display the rate of data from network or file contents
nfdump The nfdump tools collect and process netflow data on the command line
nethogs Top-like monitor for network traffic
iptstate Top-like interface to netfilter connection-tracking table

Misc tools

bash-completion Command-line tab-completion for bash
clamav An anti-virus toolkit for UNIX
p7zip A command-line port of the 7zip compression utility
nano A simple ncurses text editor
rsync A file transfer program to keep remote files in sync
screen A window manager that multiplexes a physical terminal
multitail A tool to view one or multiple files
shed A simple hex editor
e2fsprogs Standard Ext2/3/4 filesystem utilities
openssh An open source implementation of SSH protocol versions 1 and 2
passwdgen A random password generator
partclone Back up and restore used-blocks of a partition
sshguard Log monitor that blocks with iptables on bad behaviour
proxychains A tool that forces any TCP connection through proxies
knock A simple port-knocking daemon
logcheck Simple system administrator logfile viewer
mc A visual file manager
makepasswd Generates (pseudo-)random passwords of a desired length
lnav A curses-based tool for viewing and analyzing log files
goaccess A real-time web log analyzer and interactive viewer
macchanger An utility for viewing/manipulating the MAC address of network interfaces
denyhosts A script to help thwart ssh server attacks
fwknop A cobination of port knocking and passive OS fingerprinting


sipp A test tool / traffic generator for the SIP protocol
voiphopper A VLAN Hop security test
sipvicious Tools for auditing SIP based VoIP systems
sipcrack A SIP protocol login cracker
sipsak SIP swiss army knife
smap A simple scanner for SIP enabled devices
oreka An audio stream recording and retrieval system
sipflanker Finder for vulnerable Web GUIs deployed by IP phones and PBXs
ucsniff A VoIP and IP video security assessment tool


weplab Analyzing WEP encryption security on wireless networks
kismet A WLAN detector, sniffer, and IDS
cowpatty Attacking WPA/WPA2-PSK exchanges
wavemon Ncurses-based monitoring application for wireless network devices
aircrack-ng 802.11 (wireless) sniffer and WEP/WPA-PSK key cracker
pgpry PGP private key recovery
airsnarf A rogue AP setup utility
lorcon A library for injecting 802.11 (WLAN) frames
quickset A suite of tools designed to setup the basics for a PenTest
wifite An automated wireless auditor
reaver Brute force attack against Wifi Protected Setup

Intrusion detection

nebula An Intrusion Signature Generator
snort A network intrusion prevention and detection system

Other/unreviewed options

aide Intrusion detection environment
chkrootkit Tool to locally check for signs of a rootkit
honeyd Honeypot daemon
labrea Tarpit (slow to a crawl) worms and port scanners
pads Passive Asset Detection System
rkhunter A host-based tool to scan for rootkits, backdoors and local exploits
tiger Security auditing on UNIX systems
prelude-lml The prelude log analyzer
prewikka Graphical front-end analysis console for the Prelude Hybrid IDS * Framework
prelude-manager Prelude-Manager
nemesis A TCP/IP packet injection tool
inundator An IDS detection false positives generator

More tools

You could leave a comment if you were logged in.
projects/members/raccoon/linuxsec.txt · Last modified: 2014/04/10 02:30 by raccoon