Cybersecurity Tools for Linux

View 91 business solutions

Browse free open source Cybersecurity tools and projects for Linux below. Use the toggles on the left to filter open source Cybersecurity tools by OS, license, language, programming language, and project status.

  • MongoDB Atlas runs apps anywhere Icon
    MongoDB Atlas runs apps anywhere

    Deploy in 115+ regions with the modern database for every enterprise.

    MongoDB Atlas gives you the freedom to build and run modern applications anywhere—across AWS, Azure, and Google Cloud. With global availability in over 115 regions, Atlas lets you deploy close to your users, meet compliance needs, and scale with confidence across any geography.
    Start Free
  • $300 Free Credits for Your Google Cloud Projects Icon
    $300 Free Credits for Your Google Cloud Projects

    Start building on Google Cloud with $300 in free credits. No commitment, no credit card required until you're ready to scale.

    Launch your next project with $300 in free Google Cloud credits—no strings attached. Test, build, and deploy without risk. Use your credits across the entire Google Cloud platform to find what works best for your needs. After your credits are used, continue with always-free tier services. Only pay when you're ready to scale. Sign up in minutes and start exploring.
    Start Free Trial
  • 1
    Ghidra

    Ghidra

    Ghidra is a software reverse engineering (SRE) framework

    Ghidra is a free and open-source reverse engineering framework developed by the NSA for analyzing compiled software. It supports a wide array of instruction sets and executable formats, offering features such as decompilation, disassembly, scripting, and interactive graphing. Designed for security researchers and analysts, Ghidra provides a robust environment for understanding malware, auditing code, and performing software forensics. It includes both GUI-based and headless analysis modes.
    Downloads: 9,238 This Week
    Last Update:
    See Project
  • 2
    GhostTrack

    GhostTrack

    Useful tool to track location or mobile number

    GhostTrack is an open-source OSINT utility designed to help users gather publicly available intelligence related to IP addresses, phone numbers, and online usernames through a command-line workflow. The project is implemented in Python and targets cybersecurity researchers, ethical hackers, and investigators who need a lightweight reconnaissance tool for digital footprint analysis. It provides a menu-driven interface that allows users to select different tracking modes, making the tool accessible even to those with limited scripting experience. GhostTrack can be combined with complementary tools such as Seeker to enhance IP capture workflows and improve investigative coverage. Because it focuses on aggregating open data rather than exploiting systems, the tool positions itself within the information-gathering phase of security assessments and OSINT research.
    Downloads: 166 This Week
    Last Update:
    See Project
  • 3
    Greenplum Database

    Greenplum Database

    Massive parallel data platform for analytics, machine learning and AI

    Rapidly create and deploy models for complex applications in cybersecurity, predictive maintenance, risk management, fraud detection, and many other areas. With its unique cost-based query optimizer designed for large-scale data workloads, Greenplum scales interactive and batch-mode analytics to large datasets in the petabytes without degrading query performance and throughput. Based on PostgreSQL, Greenplum provides you with more control over the software you deploy, reducing vendor lock-in, and allowing open influence on product direction. Greenplum reduces data silos by providing you with a single, scale-out environment for converging analytic and operational workloads, like streaming ingestion. All major Greenplum contributions are part of the Greenplum Database project and share the same database core, including the MPP architecture, analytical interfaces, and security capabilities.
    Downloads: 15 This Week
    Last Update:
    See Project
  • 4
    cyborghawk v1.1

    cyborghawk v1.1

    Latest-v1.1 of The World's most advanced pen testing distribution ever

    updated version of The most advanced, powerful and yet beautiful penetration testing distribution ever created.Lined up with ultimate collection of tools for pro Ethical Hackers and Cyber Security Experts. Simplify security in your IT infrastructure with Cyborg. Its real strength comes from the understanding that a tester requires a strong and efficient system,that benefits from a strong selection of tools, integrated with a stable linux environment.
    Downloads: 63 This Week
    Last Update:
    See Project
  • Stop Cyber Threats with VM-Series Next-Gen Firewall on Azure Icon
    Stop Cyber Threats with VM-Series Next-Gen Firewall on Azure

    Native application identity and user-based security for your Azure cloud

    Gain integrated visibility across all traffic in a single pass. Deploy Palo Alto Networks VM-Series to determine application identity and content while automating security policy updates via rich APIs.
    Get a free trial
  • 5
    Watcher

    Watcher

    Open Source Cybersecurity Threat Hunting Platform

    Watcher is a file integrity monitoring tool that detects unauthorized changes to files, helping organizations maintain compliance and security.
    Downloads: 4 This Week
    Last Update:
    See Project
  • 6
    SafeLine

    SafeLine

    Serve as a reverse proxy to protect your web services from attacks

    SafeLine is a self-hosted WAF(Web Application Firewall) to protect your web apps from attacks and exploits. A web application firewall helps protect web apps by filtering and monitoring HTTP traffic between a web application and the Internet. It typically protects web apps from attacks such as SQL injection, XSS, code injection, os command injection, CRLF injection, LDAP injection, XPath injection, RCE, XXE, SSRF, path traversal, backdoor, brute force, HTTP-flood, bot abuse, among others. By deploying a WAF in front of a web application, a shield is placed between the web application and the Internet. While a proxy server protects a client machine’s identity by using an intermediary, a WAF is a type of reverse-proxy, protecting the server from exposure by having clients pass through the WAF before reaching the server. A WAF protects your web apps by filtering, monitoring, and blocking any malicious HTTP/S traffic traveling to the web application.
    Downloads: 3 This Week
    Last Update:
    See Project
  • 7
    SCADA-LTS

    SCADA-LTS

    A comprehensive Supervisory Control, Data Acquisition, and Execution

    SCADA-LTS is an advanced FOSS, web-based, multi-platform environment designed to build your own Supervisory Control, Data Acquisition, and Management Execution Software - SCADA/MES. Its architecture provides a robust foundation for complex industrial automation and monitoring. Optimized for Smart Infrastructure, it is highly capable of managing industrial PV/BESS, Smart buildings, municipal Water networks or Wastewater treatment, ANPR telemetry, City-wide lighting, and other diverse data administration workflows. Beyond standard use, SCADA-LTS serves as a secure "independent source of truth" in sandboxed or zero-trust environments. It enhances critical infrastructure with cyber-alarm functionality, emergency operation scenarios, and vital operational visibility. Developed since 2015 on behalf of Abil'I.T. and supported by a global community, the project focuses on stability, security, and modernizing the codebase to meet the demands of industry, defense, and wide-area distributed
    Downloads: 27 This Week
    Last Update:
    See Project
  • 8
    HydraPWK GNU/Linux

    HydraPWK GNU/Linux

    HydraPWK GNU/Linux Official SourceForge Pages.

    Leader badge
    Downloads: 47 This Week
    Last Update:
    See Project
  • 9
    PVPLE
    VPLE (Linux) Vulnerable Pentesting Lab Environment VPLE is an Intentionally Vulnerable Linux Virtual Machine. This VM can be used to conduct security training, test security tools, and practice common penetration testing Labs. In VPLE bunch of labs are Available. NOTE:- "Only run in VMWare Pls Don’t run in VirtualBox" Will also run on the ProxMox server to understand how to do it pls refer to the doc in the zip named "Cybersecurity Lab Deployment on Proxmox" The default login and password is administrator: password. List Of All Labs in one VM:- 1. Web-DVWA 2. Mutillidae 3. Webgoat 4. Bwapp 5. Juice-shop 6. Security-ninjas 7. WordPress We are adding more labs in few days
    Leader badge
    Downloads: 24 This Week
    Last Update:
    See Project
  • Our Free Plans just got better! | Auth0 Icon
    Our Free Plans just got better! | Auth0

    With up to 25k MAUs and unlimited Okta connections, our Free Plan lets you focus on what you do best—building great apps.

    You asked, we delivered! Auth0 is excited to expand our Free and Paid plans to include more options so you can focus on building, deploying, and scaling applications without having to worry about your security. Auth0 now, thank yourself later.
    Try free now
  • 10
    BerserkArch

    BerserkArch

    A bleeding-edge, security-centric Arch-based Linux distribution.

    BerserkArch is a security-focused, performance-tuned Linux operating system (OS) based on Arch Linux, designed for developers, hackers, and technical users. A bleeding-edge, security-centric Arch-based Linux distribution crafted for hackers, developers, and nerds alike. Following the Arch Linux philosophy, it is designed to be highly customizable, allowing users to build their environment with only the components they need, rather than having a lot of pre-installed software like some other security distributions (e.g., Kali Linux). As an Arch-based distribution, it benefits from the rolling release model, providing users with the latest software versions and kernel updates. BerserkArch is a dist "designed to make you powerful" for specific use cases like reverse-engineering binaries and automating exploits, rather than being an easy-to-use distribution for general beginners.
    Downloads: 33 This Week
    Last Update:
    See Project
  • 11
    cyborg hawk v 1.0

    cyborg hawk v 1.0

    The World's most advanced penetration testing distribution ever

    The most advanced, powerful and yet beautiful penetration testing distribution ever created.Lined up with ultimate collection of tools for pro Ethical Hackers and Cyber Security Experts. Simplify security in your IT infrastructure with Cyborg. Its real strength comes from the understanding that a tester requires a strong and efficient system,that benefits from a strong selection of tools, integrated with a stable linux environment.
    Leader badge
    Downloads: 9 This Week
    Last Update:
    See Project
  • 12
    MalbianLinux

    MalbianLinux

    GNU/Linux Distribution for Malware Analysis and Reverse Engineering.

    Malbian is a Light-weight Debian Based GNU/Linux Distribution for Malware Analysis and Reverse Engineering designed to aid the user in both Static and Dynamic analysis of malware samples. 100% Free to use and distribute. About: https://github.com/MalbianLinux Installation Guide in: https://github.com/MalbianLinux/Malbian-ISOs/
    Downloads: 10 This Week
    Last Update:
    See Project
  • 13
    BunkerWeb

    BunkerWeb

    Next-generation and open-source Web Application Firewall (WAF).

    Being a full-featured web server (based on NGINX under the hood), it will protect your web services to make them "secure by default". BunkerWeb integrates seamlessly into your existing environments (Linux, Docker, Swarm, Kubernetes, …) and is fully configurable (don't panic, there is an awesome web UI if you don't like the CLI) to meet your own use-cases . In other words, cybersecurity is no more a hassle.
    Downloads: 9 This Week
    Last Update:
    See Project
  • 14
    Java Vulnerable Lab - Pentesting Lab

    Java Vulnerable Lab - Pentesting Lab

    a deliberately vulnerable Web application

    This is Vulnerable Web Application developed for course by Cyber Security and Privacy Foundation (www.cysecurity.org) for Java programmers The full course on Hacking and Securing Web Java Programs is available in https://www.udemy.com/hacking-securing-java-web-programming/ WAR file: ---------- https://sourceforge.net/projects/javavulnerablelab/files/latest/JavaVulnerableLab.war/download Virtualbox VM file: -------------------------- http://sourceforge.net/projects/javavulnerablelab/files/v0.1/JavaVulnerableLab.ova/download Credentials for the VM: ------------------------ Username: root Password: cspf Stand-alone file: (Run the Jar file directly) -------------- http://sourceforge.net/projects/javavulnerablelab/files/v0.2/JavaVulnerableLab.jar/download
    Downloads: 8 This Week
    Last Update:
    See Project
  • 15
    S2OPC - Safe & Secure OPC UA

    S2OPC - Safe & Secure OPC UA

    An Open Source Safe & Secure OPC UA stack

    Open-source Safe and Secure OPC UA Toolkit designed with embedded devices in mind (see https://www.s2opc.com). Its demo server is certified by the OPC Foundation and CSPN(-BSZ).
    Downloads: 8 This Week
    Last Update:
    See Project
  • 16
    justniffer
    justniffer is a TCP sniffer. It reassembles and reorders packets and displays the tcp flow in a customizable way. It can log network traffic in web server log format. It can also log network services performances (e.g. web server response times) and extract http content (images, html, scripts, etc)
    Downloads: 4 This Week
    Last Update:
    See Project
  • 17
    Scalytics Open Intelligence - OSINT

    Scalytics Open Intelligence - OSINT

    Open OSINT stack for monitoring, analysis, and risk detection

    EUOSINT is the open-source edition of the OSINT pipeline built by Scalytics for real-world intelligence monitoring, situation analysis, and risk detection. It is not a toy dashboard or a loose script bundle. It is a packaged operational stack with a web interface, a Go-based collector runtime, configurable ingestion and refresh cadence, Docker-first deployment, and local or server installation options. The public release removes non-public and protected integrations while preserving the pipeline structure and deployment model that make the system usable in practice. EUOSINT is built for teams that need continuous monitoring, reproducible installs, and a base they can extend for their own intelligence and security workflows.
    Downloads: 7 This Week
    Last Update:
    See Project
  • 18
    T2DECODE

    T2DECODE

    Offline-first cybersecurity and system learning platform (Flutter)

    T2DECODE — Plateforme locale d’apprentissage technique T2DECODE est une suite native conçue pour l’apprentissage pratique de l’informatique, des réseaux et de la cybersécurité. Porté par l'association TUTODECODE, le projet applique le principe du "Privacy by Design" : exécution 100% locale, zéro télémétrie et souveraineté absolue sur vos données. SPECIFICATIONS TECHNIQUES * 100% Offline-first : Fonctionne sans Internet. Idéal pour zones blanches ou architectures sécurisées (Air-gapped). * Souveraineté : Pas d'analytics, pas de trackers, pas de comptes obligatoires. * IA Locale : Support optionnel des LLM via Ollama pour une assistance privée sans API tierce. MODULES INTÉGRÉS * Réseau : Simulateur de masques de sous-réseau et calculs CIDR. * Système : Gestionnaire et traducteur interactif de permissions Unix (chmod). * Cryptographie & Outils : +15 utilitaires offline (Hachage SHA-256/MD5, diagnostics). Idéal pour étudiants (BTS SIO, BUT) et admins. Licence GPLv3.
    Downloads: 6 This Week
    Last Update:
    See Project
  • 19
    PC of Death
    PC of Death is a Windows vulnerability scanner. It's meant for Windows 10 & 11.
    Downloads: 5 This Week
    Last Update:
    See Project
  • 20
    Stegcore

    Stegcore

    A cross-platform crypto-steganography toolkit

    Stegcore combines cryptography and steganography to hide encrypted data inside ordinary files. It encrypts your payload before embedding it, so the hidden content is unreadable even if someone extracts it, and invisible to anyone who doesn't know it's there. Unlike basic steganography tools that hide data without encrypting it, Stegcore ensures the payload is cryptographically protected at rest. Unlike pure encryption tools, the payload isn't even visible. Designed for journalists, security researchers, red teamers, digital forensics professionals, and CTF participants.
    Downloads: 5 This Week
    Last Update:
    See Project
  • 21
    X-Ray of Death
    A professional PE (Portable Executable) analysis and modification tool for Windows executables and DLLs.
    Downloads: 5 This Week
    Last Update:
    See Project
  • 22

    Network Enumeration Tool

    Network Enumeration Tool for Host Exploration and Recon

    N-ETHER (Network Enumeration Tool for Host Exploration and Reconnaissance) is a robust and highly automated Python script designed to streamline the critical initial phases of network security auditing and penetration testing. It’s core purpose is to perform fast, comprehensive, and consistent host and port discovery across single targets or large lists of IP addresses. N-ETHER functions as an intelligent, opinionated wrapper around the powerful nmap tool, bundling best-practice scanning techniques—including service versioning, NSE scripting, and intelligent port selection—into a single, easy-to-use utility. This significantly reduces auditor workload and potential for human error compared to manually executing multiple complex nmap commands. Read the README!!!
    Downloads: 4 This Week
    Last Update:
    See Project
  • 23
    openWrt-snort

    openWrt-snort

    Image of OpenWrt OS, with snort community featured in.

    Image of OpenWrt OS, with snort community featured in, for Raspberry Pi 4/ 4B+ and 400, basically for Processor BCM2711. Installed Snort Community Model to Intrusion Detection system. Prevention system not installed. eth0 used as output/ LAN socket, to run internet and access router. eth1, which can be USB -> Ethernet port, is used as WAN port, to connect Pi board to Internet IP. to flash img file, you can restore in SD card, or use Balena Etcher to flash. or you can use DD commend of UNIX. **USERNAME** - root **PASSWORD** - bing.google12
    Downloads: 3 This Week
    Last Update:
    See Project
  • 24
    Falcon_ArchLinux

    Falcon_ArchLinux

    Falcon ArchLinux pruple team tools cyber security

    uses repo BlackArchlinux and ArchLinux
    Downloads: 2 This Week
    Last Update:
    See Project
  • 25
    cardionet

    cardionet

    A beautiful, modern Terminal User Interface (TUI) for nmap

    CardioNet simplifies network scanning by providing an intuitive graphical interface for nmap, making it accessible to both beginners and advanced users. Build complex scanning commands visually, execute them in real-time, and export results in multiple formats.
    Downloads: 1 This Week
    Last Update:
    See Project
  • Previous
  • You're on page 1
  • 2
  • 3
  • Next
Auth0 Logo