Rocheston Rosé X
Rocheston Rose X is the most powerful cybersecurity operating system ever built. Unlike anything else in the world, it is a 1.2 TB giant packed with every single hacking tool, framework, dataset, and application imaginable. It is not just an OS—it is a living cyber range, a classroom, a lab, and a battlefield combined.
Rose X isn’t just an OS — it’s the entire cyber universe in one platform.
Rocheston Rosé X — Ground‑Up Linux, Engineered by Rocheston
Rosé X (Rose X) is a purpose‑built Linux cybersecurity OS designed, compiled, and maintained end‑to‑end by Rocheston.. From hacking labs to enterprise defense, Rose X is the weapon of cyber gods.
Exclusive to RCCE Students
Exclusive to RCCE students, Rose X is updated every week, delivering fresh content, new exploits, defenses, and exercises so that you are always ahead of hackers. Once you experience Rose X, every other OS feels small, incomplete, and outdated.
Only RCCE students hold the keys to Rose X — the rarest cyber platform on Earth.
Cloud‑Native: Runs in Any Web Browser
No installs. No imaging. Open a browser and start. Works on mobile phones, tablets, and desktops. Rose X turns your browser into a cyber war room.
Beautiful Retro Interface
A stunning, nostalgic UI with modern ergonomics—fast, readable, and a joy to use. Elite by design. Restricted by access. Mastery guaranteed.
One‑Click Labs & Zero‑Setup Deployment
Every lab is carefully prebuilt. Click “Launch” and everything you need appears—targets, tools, data, and guides. The cyber battlefield reserved for the world’s future defenders.
Aina — Your Integrated Cybersecurity Copilot
Aina is built into Rose X. Ask for command syntax, Sigma/YARA examples, KQL queries, Splunk searches, or remediation checklists. More tools, more labs, more power than every other security OS combined.
The 1.2 TB Arsenal: Tools, Frameworks & Apps
A massive, curated library spanning offense, defense, forensics, GRC, DevSecOps, blockchain, and post‑quantum crypto. Over 1.2 TB of pure cyber firepower packed into a single OS.
Cyber Range with 100+ Live Websites & Targets
Practice on a safe, isolated cyber range containing 100+ purpose‑built websites, apps, services, and networks. Weekly updates mean Rose X is already ahead of tomorrow’s hackers.
SIEM & Security Analytics: Splunk and Beyond
Ingest logs, write SPL and KQL, build dashboards, and triage alerts across simulated enterprise data. Hack, defend, hunt, respond — all in one living cyber range.
Endpoint Protection, EDR & XDR Operations
Detect and contain adversary behavior using endpoint telemetry, EDR playbooks, and XDR concepts. From Oracle to WordPress, from Windows forests to Kubernetes clusters — Rose X covers it all.
Threat Hunting & Network Telemetry
Hunt adversaries using packet captures, flow data, DNS analysis, beacon detection, and ATT\&CK‑mapped hypotheses. Cybersecurity mastery is no longer scattered. It’s unified inside Rose X.
Malware & Ransomware: Analysis and Resilience
Reverse malware with Ghidra/radare2, craft YARA, analyze memory with Volatility, and run safe ransomware simulations. Hack. Hunt. Defend. Respond. Repeat — all inside Rose X.
Web Application & API Security (OWASP)
Exploit and fix the OWASP Top 10 and API Top 10—then automate findings with DAST, SAST, and CI/CD gates. Every database, every CMS, every VM, every cloud — simulated, vulnerable, and waiting.
DevSecOps & Software Supply‑Chain Security
Shift left with SAST/DAST, SBOM, SCA, secrets scanning, and signed builds aligned to SLSA practices. Not a lab. Not a simulator. A living, breathing cyber range.
Cloud, Containers & Kubernetes Security
Harden cloud workloads, scan images, detect runtime threats, and enforce policy in Kubernetes. Rose X + Vines AI: The human brain fused with cyber intelligence.
Incident Response & Digital Forensics
Run full IR engagements—from alert to containment to lessons learned—while preserving evidence and timelines. Rose X is the OS hackers fear and defenders worship.
Compliance, Governance & Risk (GRC)
Translate security work into business outcomes with policy, risk registers, controls, and audit readiness. The day you touch Rose X, every other OS feels obsolete.
Blockchain & Web3 Security Labs
Audit smart contracts, exploit common EVM pitfalls, and fuzz test with professional‑grade tooling. The crown jewel of RCCE — exclusive, elite, unstoppable.
Rose X Quantum Labs
RCCE students get the complete quantum experience: design circuits, run algorithms, explore noise and error correction, prototype chemistry workflows, and visualize results in real time. The same design DNA that makes RCCE the most advanced cybersecurity training carries through here-clear labs, elegant tools, and outcomes you can show.
Why Rose X Outclasses Kali & Every Other OS
Kali is 3.5 GB with a focused toolset. Rose X is 1.2 TB, cloud‑native, and includes end‑to‑end enterprise training—tools, labs, data, and guidance. From screwdriver to supercomputer: Rose X eclipses Kali completely.
Screenshots
Features
1. Rocheston Rose X at a Glance
Rocheston Rose X is the most powerful cybersecurity operating system ever built. Unlike anything else in the world, it is a 1.2 TB giant packed with every single hacking tool, framework, dataset, and application imaginable. It is not just an OS—it is a living cyber range, a classroom, a lab, and a battlefield combined. Exclusive to RCCE students, Rose X is updated every week, delivering fresh content, new exploits, defenses, and exercises so that you are always ahead of hackers. Once you experience Rose X, every other OS feels small, incomplete, and outdated.
2. Rocheston Rosé X — Ground-Up Linux OS by Rocheston
Rosé X is not a repackaged Linux distro. It is a Linux operating system engineered from scratch by Rocheston for one single purpose: cybersecurity mastery. Hardened at the kernel level, optimized for high-performance labs, and preloaded with curated repositories, Rosé X is a fortress. Every subsystem has been hand-tuned for forensic accuracy, real-time detection, and smooth lab orchestration. No other cybersecurity platform can claim this level of engineering purity. This is Rocheston’s magnum opus in operating system design.
3. RCCE Exclusive Access
Rose X is exclusive—period. Only students enrolled in the RCCE program can access it, making it the most sought-after cyber platform in the world. You receive six months of uninterrupted access to Rose X, enough time to master fundamentals and dive into the most advanced domains. This exclusivity ensures that not everyone has the keys to the kingdom. It is designed to make RCCE graduates stand out as a rare elite force of cyber defenders.
4. Weekly Updates Without Fail
Unlike static distributions that become outdated within months, Rose X evolves every single week. New labs, new exploits, patched tools, upgraded datasets, and emerging threat simulations appear automatically. This relentless update cycle ensures you never practice on stale scenarios. You are always aligned with the latest real-world TTPs, frameworks, and vulnerabilities.
5. Cloud-Native Delivery Anywhere
Forget local installs, heavy VMs, or compatibility headaches. Rose X runs in the cloud and works directly in your browser. Open it on a desktop, tablet, or even your phone. Everything is isolated in safe, controlled environments so you can perform offensive operations without risk to your personal device. The entire experience is seamless and instant, making training as simple as logging in.
6. Retro-Futuristic Interface
Rose X greets you with a stunning retro interface that blends nostalgia with modern minimalism. Every lab window, console, and dashboard is optimized for readability, speed, and long hacking sessions. It looks beautiful, feels intuitive, and makes you fall in love with cybersecurity work. This isn’t a dull terminal—it’s an art piece you operate.
7. One-Click Labs Deployment
Every single lab in Rose X is ready to launch with one click. Complex scenarios with multiple VMs, networks, SIEM pipelines, and datasets appear instantly. You don’t waste time configuring, you spend your time hacking, defending, investigating, and solving. Rose X gives you labs at the speed of thought.
8. Aina Chatbot — Your AI Copilot
Integrated inside Rose X is Aina, your personal AI assistant. Aina gives you command syntax, query examples, scripts, YARA rules, SPL searches, and remediation checklists on demand. It is like having an instructor and a cyber encyclopedia always by your side. Stuck? Aina pulls you out instantly. Curious? Aina expands your knowledge in seconds.
9. The 1.2 TB Arsenal
Rose X contains everything—network scanners, exploit frameworks, malware analysis suites, forensic toolkits, SIEM systems, DevSecOps pipelines, blockchain fuzzers, post-quantum crypto labs, and more. Imagine Kali, Parrot, BlackArch, SIFT, REMnux, Security Onion, Metasploitable, DVWA, Juice Shop—all combined and then amplified a hundred times. That is Rose X.
10. Cyber Range With 100+ Websites
Inside Rose X is a fully isolated cyber range containing over 100 vulnerable websites, APIs, and networks. From classic OWASP targets to modern cloud-native stacks, every single type of application flaw is here to be exploited and defended. You are not just reading about attacks—you are performing them safely, legally, and repeatedly.
11. SIEM and Analytics With Splunk
Rose X comes with enterprise-grade SIEM labs using Splunk, Elastic, and OpenSearch. Students write queries, hunt threats, visualize dashboards, and tune detections exactly like SOC analysts do in the field. This is not theory. This is Splunk in action, inside your OS.
12. Endpoint Defense and XDR Scenarios
Rose X simulates enterprise endpoints with Sysmon, OSQuery, and Wazuh telemetry. You learn to detect adversary techniques, isolate compromised hosts, and implement XDR playbooks. The integration level is unmatched. You don’t just run attacks—you see them unfold through the eyes of defenders.
13. Threat Hunting Labs
The OS includes full network captures, Zeek logs, Suricata alerts, and NetFlow data for you to hunt threats. You detect beaconing, C2 traffic, tunneling, and anomalies. Each hunt is mapped to MITRE ATT&CK, teaching you structured investigation that employers demand.
14. Malware and Ransomware Labs
Rose X comes with safe, controlled malware samples, ransomware simulations, and full analysis pipelines. Students reverse binaries with Ghidra, dissect behavior with sandboxes, and perform memory analysis with Volatility. You don’t just read case studies—you execute them.
15. Web and API Security
From OWASP Top 10 to API Top 10, Rose X has targets to attack, tools to exploit, and remediation labs to fix. SQLi, XSS, CSRF, SSRF, GraphQL abuse, JWT flaws—all are represented with realistic environments. You finish with confidence that you can test and secure any modern web application.
16. DevSecOps and Supply Chain Security
Rose X integrates CI/CD pipelines that run static code analysis, dependency scanning, SBOM validation, and signed builds. You learn how to stop supply chain compromises, secrets leaks, and insecure dependencies. These labs are designed to mirror real engineering workflows.
17. Cloud and Kubernetes Security
Rose X teaches cloud native security at the infrastructure level. Trivy scans images, Falco detects runtime anomalies, kube-bench runs compliance checks, and Kyverno enforces policy. Students harden clusters, block unsafe workloads, and stop misconfigurations that lead to breaches.
18. Incident Response and DFIR
Rose X includes end-to-end incident response scenarios. You capture volatile memory, analyze disk images, reconstruct attack timelines, and build forensic reports. With Autopsy, Plaso, and Timesketch at your disposal, you become a digital detective.
19. Compliance and Risk Training
Inside Rose X, cybersecurity isn’t just technical—it is mapped to compliance frameworks. ISO 27001, NIST CSF, NIST 800-53, SOC 2, PCI DSS, HIPAA—all are represented. Students learn to build risk registers, track controls, and generate audit evidence packs. This is the missing bridge between hacking and business.
20. Blockchain and Post-Quantum Labs
Rose X looks to the future with blockchain security and post-quantum crypto. You audit smart contracts, test fuzzers, and explore PQC migrations with Kyber and Dilithium. Students are prepared for tomorrow’s risks today.
21. RCCE Rose X vs Kali Linux
Kali Linux is small—about 3.5 GB—and focused on penetration testing. It is a useful toolkit, but it is not a platform. In contrast, Rose X is a 1.2 TB powerhouse that covers offense, defense, compliance, DevSecOps, cloud, DFIR, blockchain, and PQC in one unified experience. Kali is a screwdriver; Rose X is an entire cyber arsenal. With weekly updates, one-click labs, Aina chatbot, Splunk pipelines, 100+ websites, and RCCE exclusivity, Rose X completely outclasses Kali and every other security OS in existence. Professionals need an ecosystem, not just a USB stick.What you’ll experience: Faster skill growth, richer portfolios, and training that mirrors the modern security stack end‑to‑end.
Rocheston Rose X is the most powerful cybersecurity operating system ever built. Unlike anything else in the world, it is a 1.2 TB giant packed with every single hacking tool, framework, dataset, and application imaginable. It is not just an OS—it is a living cyber range, a classroom, a lab, and a battlefield combined. Exclusive to RCCE students, Rose X is updated every week, delivering fresh content, new exploits, defenses, and exercises so that you are always ahead of hackers. Once you experience Rose X, every other OS feels small, incomplete, and outdated.
2. Rocheston Rosé X — Ground-Up Linux OS by Rocheston
Rosé X is not a repackaged Linux distro. It is a Linux operating system engineered from scratch by Rocheston for one single purpose: cybersecurity mastery. Hardened at the kernel level, optimized for high-performance labs, and preloaded with curated repositories, Rosé X is a fortress. Every subsystem has been hand-tuned for forensic accuracy, real-time detection, and smooth lab orchestration. No other cybersecurity platform can claim this level of engineering purity. This is Rocheston’s magnum opus in operating system design.
3. RCCE Exclusive Access
Rose X is exclusive—period. Only students enrolled in the RCCE program can access it, making it the most sought-after cyber platform in the world. You receive six months of uninterrupted access to Rose X, enough time to master fundamentals and dive into the most advanced domains. This exclusivity ensures that not everyone has the keys to the kingdom. It is designed to make RCCE graduates stand out as a rare elite force of cyber defenders.
4. Weekly Updates Without Fail
Unlike static distributions that become outdated within months, Rose X evolves every single week. New labs, new exploits, patched tools, upgraded datasets, and emerging threat simulations appear automatically. This relentless update cycle ensures you never practice on stale scenarios. You are always aligned with the latest real-world TTPs, frameworks, and vulnerabilities.
5. Cloud-Native Delivery Anywhere
Forget local installs, heavy VMs, or compatibility headaches. Rose X runs in the cloud and works directly in your browser. Open it on a desktop, tablet, or even your phone. Everything is isolated in safe, controlled environments so you can perform offensive operations without risk to your personal device. The entire experience is seamless and instant, making training as simple as logging in.
6. Retro-Futuristic Interface
Rose X greets you with a stunning retro interface that blends nostalgia with modern minimalism. Every lab window, console, and dashboard is optimized for readability, speed, and long hacking sessions. It looks beautiful, feels intuitive, and makes you fall in love with cybersecurity work. This isn’t a dull terminal—it’s an art piece you operate.
7. One-Click Labs Deployment
Every single lab in Rose X is ready to launch with one click. Complex scenarios with multiple VMs, networks, SIEM pipelines, and datasets appear instantly. You don’t waste time configuring, you spend your time hacking, defending, investigating, and solving. Rose X gives you labs at the speed of thought.
8. Aina Chatbot — Your AI Copilot
Integrated inside Rose X is Aina, your personal AI assistant. Aina gives you command syntax, query examples, scripts, YARA rules, SPL searches, and remediation checklists on demand. It is like having an instructor and a cyber encyclopedia always by your side. Stuck? Aina pulls you out instantly. Curious? Aina expands your knowledge in seconds.
9. The 1.2 TB Arsenal
Rose X contains everything—network scanners, exploit frameworks, malware analysis suites, forensic toolkits, SIEM systems, DevSecOps pipelines, blockchain fuzzers, post-quantum crypto labs, and more. Imagine Kali, Parrot, BlackArch, SIFT, REMnux, Security Onion, Metasploitable, DVWA, Juice Shop—all combined and then amplified a hundred times. That is Rose X.
10. Cyber Range With 100+ Websites
Inside Rose X is a fully isolated cyber range containing over 100 vulnerable websites, APIs, and networks. From classic OWASP targets to modern cloud-native stacks, every single type of application flaw is here to be exploited and defended. You are not just reading about attacks—you are performing them safely, legally, and repeatedly.
11. SIEM and Analytics With Splunk
Rose X comes with enterprise-grade SIEM labs using Splunk, Elastic, and OpenSearch. Students write queries, hunt threats, visualize dashboards, and tune detections exactly like SOC analysts do in the field. This is not theory. This is Splunk in action, inside your OS.
12. Endpoint Defense and XDR Scenarios
Rose X simulates enterprise endpoints with Sysmon, OSQuery, and Wazuh telemetry. You learn to detect adversary techniques, isolate compromised hosts, and implement XDR playbooks. The integration level is unmatched. You don’t just run attacks—you see them unfold through the eyes of defenders.
13. Threat Hunting Labs
The OS includes full network captures, Zeek logs, Suricata alerts, and NetFlow data for you to hunt threats. You detect beaconing, C2 traffic, tunneling, and anomalies. Each hunt is mapped to MITRE ATT&CK, teaching you structured investigation that employers demand.
14. Malware and Ransomware Labs
Rose X comes with safe, controlled malware samples, ransomware simulations, and full analysis pipelines. Students reverse binaries with Ghidra, dissect behavior with sandboxes, and perform memory analysis with Volatility. You don’t just read case studies—you execute them.
15. Web and API Security
From OWASP Top 10 to API Top 10, Rose X has targets to attack, tools to exploit, and remediation labs to fix. SQLi, XSS, CSRF, SSRF, GraphQL abuse, JWT flaws—all are represented with realistic environments. You finish with confidence that you can test and secure any modern web application.
16. DevSecOps and Supply Chain Security
Rose X integrates CI/CD pipelines that run static code analysis, dependency scanning, SBOM validation, and signed builds. You learn how to stop supply chain compromises, secrets leaks, and insecure dependencies. These labs are designed to mirror real engineering workflows.
17. Cloud and Kubernetes Security
Rose X teaches cloud native security at the infrastructure level. Trivy scans images, Falco detects runtime anomalies, kube-bench runs compliance checks, and Kyverno enforces policy. Students harden clusters, block unsafe workloads, and stop misconfigurations that lead to breaches.
18. Incident Response and DFIR
Rose X includes end-to-end incident response scenarios. You capture volatile memory, analyze disk images, reconstruct attack timelines, and build forensic reports. With Autopsy, Plaso, and Timesketch at your disposal, you become a digital detective.
19. Compliance and Risk Training
Inside Rose X, cybersecurity isn’t just technical—it is mapped to compliance frameworks. ISO 27001, NIST CSF, NIST 800-53, SOC 2, PCI DSS, HIPAA—all are represented. Students learn to build risk registers, track controls, and generate audit evidence packs. This is the missing bridge between hacking and business.
20. Blockchain and Post-Quantum Labs
Rose X looks to the future with blockchain security and post-quantum crypto. You audit smart contracts, test fuzzers, and explore PQC migrations with Kyber and Dilithium. Students are prepared for tomorrow’s risks today.
21. RCCE Rose X vs Kali Linux
Kali Linux is small—about 3.5 GB—and focused on penetration testing. It is a useful toolkit, but it is not a platform. In contrast, Rose X is a 1.2 TB powerhouse that covers offense, defense, compliance, DevSecOps, cloud, DFIR, blockchain, and PQC in one unified experience. Kali is a screwdriver; Rose X is an entire cyber arsenal. With weekly updates, one-click labs, Aina chatbot, Splunk pipelines, 100+ websites, and RCCE exclusivity, Rose X completely outclasses Kali and every other security OS in existence. Professionals need an ecosystem, not just a USB stick.What you’ll experience: Faster skill growth, richer portfolios, and training that mirrors the modern security stack end‑to‑end.
List of Tools in Rocheston Rosé X
Recon, Discovery & OSINT
Amass, Subfinder, Assetfinder, sublist3r, SubDomainizer, dnsx, httpx, gowitness, Eyewitness, aquatone, Nuclei (templates), SpiderFoot, Maltego (CE), recon‑ng, theHarvester, Holehe, Maigret, Sherlock, socialscan, GHunt, Gitmails, gitGraber, git-dumper, Gmap, Metagoofil, FOCA, dorkscout, CloudEnum, S3Scanner, GCPBucketBrute, crt.sh (API/clients), Censys (CLI), Shodan (CLI), BinaryEdge (CLI), Onyphe (CLI), SecurityTrails (CLI), dirsearch, gobuster, ffuf, feroxbuster, waybackurls, gau, katana, hakrawler, Photon, ParamSpider.
Network Mapping & Scanning
Nmap, Masscan, unicornscan, ZMap, RustScan, Netdiscover, arp-scan, fping, hping3, ZGrab2, Scanless, naabu, smbclient, nbtscan, rpcclient, enum4linux‑ng, smbmap, snmpwalk/snmpcheck, ike-scan, ikeprober, sslyze, testssl.sh, sslscan.
DNS, Email & Certificates
dnsenum, dnsrecon, dnstwist, DNSChef, Fierce, Subjack, tlsx, certspotter, crtsh-scraper, dmarcian-tools, checkdmarc, dkimpy, SPF Toolbox (CLI forks), OpenDKIM/OpenDMARC, sslstrip (historical), sslsplit, mkcert, step‑cli, cfssl, x509lint.
Web Application DAST & Recon
Burp Suite (Community/Pro), OWASP ZAP, Nikto, w3af, Arachni (archived), Wapiti, Skipfish (legacy), Skipfish‑mod, Nuclei, dalfox, kxss, XSStrike, tplmap (SSTI), crlfuzz, Corsy (CORS), jwt\_tool, graphw00f, GraphQLmap, InQL, Postman (collections for API tests), kiterunner (kr), ffuf/gobuster/dirsearch/feroxbuster (content discovery), Arjun (params), SSRFmap, NoSQLMap, SQLMap, joomscan, wpscan, droopescan, whatweb, wafw00f, nuclei‑templates‑community, nuclei‑templates‑projectdiscovery, retire.js, Lighthouse CI (security checks), ZAP Baseline.
API & Microservices Security
RESTler, kiterunner, schemathesis, oasdiff (security), 42Crunch CLI (policy), graphql‑security scanners (InQL/GraphQLmap), soapui, grpcurl, grpc‑fuzzer, Burp extensions (Autorize, JWT Editor, GraphQL Raider), ZAP add‑ons (OpenAPI, GraphQL).
Wordlists & Discovery Corpora
SecLists, Probable‑Wordlists, rockyou.txt, Kaonashi, dnscan‑wordlist, fuzzdb, PayloadsAllTheThings, OneListForAll, assetnote‑wordlists, raft‑wordlists.
Passwords, Hashes & Credentials
John the Ripper (Jumbo), Hashcat, hashid/hash‑identifier, pack, princeprocessor, maskprocessor, rsmangler, CUPP, CeWL, Hydra, Medusa, Ncrack, Patator, Crowbar, Kerbrute, Sprayhound, CrackMapExec (spray modules), LaZagne, creddump7, samdump2, gpp‑decrypt, KeePass2john, office2john, pdf2john, unzip2john, psexec.py/wmiexec.py (Impacket), secretsdump.py (Impacket).
Proxies, MITM & Traffic Manipulation
mitmproxy, bettercap, Burp Collaborator, sslsplit, Ettercap‑NG, arpspoof (dsniff), macof, responder, Inveigh, ntlmrelayx (Impacket), mitm6, Evilginx2 (research), Modlishka (research), ferret/hamster (legacy), scapy, socat, redsocks, proxychains‑ng, 3proxy, gost, Tor, Onioncircuits.
Tunneling, Pivoting & Redirectors
chisel, ligolo‑ng, frp (fast reverse proxy), gost, reGeorg/Neo‑reGeorg, sish, sshuttle, iodine (DNS tunnel), dnscat2, ptunnel‑ng, icmptunnel, gost‑socks5, socks5‑relay, rinetd, ncat/nc, socat, wireguard, OpenVPN, autossh.
Wireless (Wi‑Fi)
Aircrack‑ng suite, hcxdumptool/hcxtools, Wifite2, Kismet, Reaver, Bully, mdk4, airodump‑ng/aireplay‑ng, airgeddon, hostapd‑wpe, eaphammer, WPS‑Netsniffers, WiFi‑Pumpkin (legacy), Wlan‑pi tools, wavemon.
Bluetooth, BLE, Zigbee, RFID/NFC
BlueZ, btmon, hcitool, blue-hydra, bluelog, BtleJack, BLEAH, gatttool, GATTacker, BtleJuice, ubertooth‑tools, Crackle, Rfcat (Yard Stick One), KillerBee (Zigbee), zbdump/zbwireshark, RZUSBStick tools, Proxmark3 client, mfoc, mfcuk, libnfc‑tools, NFC‑Tools, ChameleonMini client.
SDR & RF Analysis
GNU Radio, GQRX, URH (Universal Radio Hacker), Inspectrum, SigDigger, SDRangel, rtl\_433, rtl\_sdr, SoapySDR, HackRF tools, BladeRF tools, gr‑gsm, gr‑ieee802.11, OpenLTE, srsRAN.
Exploit Development, Binary Exploitation & Fuzzing
pwntools, angr, radare2/rizin, Cutter, GEF, PEDA, Pwndbg, ROPgadget, Ropper, one\_gadget, rp++, AFL++, honggfuzz, libFuzzer, boofuzz, Peach Fuzzer (commercial), zzuf, Radamsa, syzkaller, kAFL, rr (Mozilla), Frida, Qiling, Triton (dynamic binary analysis), Unicorn Engine, Keystone, Capstone.
Exploit Frameworks, C2 & Payload Tooling
Metasploit Framework, Sliver C2, Covenant, Mythic, Havoc, Merlin, PoshC2, Empire (resurrected forks), Koadic, Quasar (Windows RAT; research), Cobalt Strike (commercial), Brute Ratel (commercial), Veil‑Framework (archived), Donut (shellcode loader), NimPackt (research), SharpCollection (various post‑ex tools).
Active Directory, Windows & Lateral Movement
Impacket suite (psexec, wmiexec, smbexec, secretsdump, lookupsid, getTGT, getST, ntlmrelayx), CrackMapExec, BloodHound + SharpHound, neo4j (backend), Rubeus, Mimikatz, SafetyKatz, PowerView, PowerSploit, PowerUp, PrivescCheck, Seatbelt, WinPEAS, Kerbrute, certipy‑ad, ADCSPwn, PKINITtools, gMSADumper, adidnsdump, LDAPDomainDump, evil‑winrm, SMBMap, CME‑spider\_plus, Coercer, PetitPotam, DFSCoerce, KrbRelayUp, SpoolSample, PrintNightmare PoCs (research only).
Linux & Unix Privilege Escalation & Enumeration
LinPEAS, LinEnum, linux‑smart‑enumeration (lse), pspy, LES (Linux Exploit Suggester 1/2), GTFOBins (reference), BeRoot (legacy), suid3num, unix‑privesc‑check, bashark, chkrootkit, rkhunter.
Reverse Engineering & Decompilers
Ghidra, IDA Free (limited), Binary Ninja (commercial), Hopper (commercial), radare2/rizin, Cutter, RetDec, JD‑GUI, CFR, Procyon, jadx/jadx‑gui, apktool, Androguard, dnSpyEx, ILSpy, JEB (commercial), x64dbg, OllyDbg (legacy), WinDbg, LLDB, GDB.
Malware Analysis & YARA
YARA, yarGen, PE‑Sieve, FLOSS (FireEye/FLARE), capa (FLARE), pefile, LIEF, Detect It Easy (DIE), Exeinfo PE, PEStudio, Procmon/ProcExplorer (Sysinternals), RegRipper, CAPE sandbox, Cuckoo Sandbox, Joe Sandbox (service), FireEye Sandbox (service), MalDuck, ThreatCheck, ShellcodeFluctuation tools (research), OfficeMalScanner, oledump/oletools, Didier Stevens Suite.
Network Traffic Analysis, NIDS & PCAP
Wireshark, tshark, Termshark, tcpdump, ngrep, Zeek (Bro), Suricata, Snort, Arkime (Moloch), Brim/Zui, netsniff‑ng, tcpreplay, tcpxtract, chaosreader, NetworkMiner (Windows), CapLoader (commercial), maltrail, Security Onion (distro).
SIEM, Logging, EDR/XDR & Telemetry
Elastic (Elasticsearch, Logstash, Kibana), OpenSearch (+ Dashboards), Beats/Winlogbeat/Filebeat/Packetbeat, Splunk (trial/free), Graylog, Wazuh (SIEM/XDR), OSQuery, Sysmon (Windows), Sysmon for Linux, Velociraptor, GRR Rapid Response, LimaCharlie (service), TheHive, Cortex, SigmaHQ (rules), ElastAlert2, OpenEDR, Sysdig (Falco integration).
Incident Response & DFIR: Acquisition & Analysis
Volatility 2/3, Rekall, LiME (Linux Memory Extractor), DumpIt/Magnet RAM Capture (Win), FTK Imager (Win), Guymager, dc3dd, dd, ewf‑tools/libewf, Autopsy & Sleuth Kit, Plaso (log2timeline), Timesketch, KAPE (Win), Eric Zimmerman tools (Win), HxD, bulk\_extractor, RegRipper, Velociraptor (again), ALEAPP/iLEAPP/RELEAPP (mobile artifacts), Chainsaw (Windows event log hunting), Hayabusa (EVTX hunting), EvtxECmd.
DFIR: Case Management & Playbooks
TheHive, Cortex Analyzers, DFIR‑IRIS, FIR, RTIR (Request Tracker for IR), IntelMQ, MISP, OpenCTI, Timesketch (again), Elastic Cases, Wazuh cases.
Threat Intelligence & Sharing
MISP, OpenCTI, IntelMQ, Cortex + analyzers, Yeti, CRITs (legacy), spiderfoot‑HX, SigmaHQ, STIX/TAXII clients (cabby, mitre‑cti data), ATT\&CK Navigator, ATT\&CK Workbench, VTI (services), Threat Bus, VortexTI (community), unfetter‑discovery (legacy).
Steganography & Data Hiding/Detection
steghide, stegoveritas, zsteg, outguess, stegcracker, stegseek, OpenStego, exiftool, pngcheck, binwalk, foremost, bulk\_extractor (again), bstrings, stegsnow.
Containers & Kubernetes Security
Trivy, Grype, Syft, Clair, Dockle, Docker Bench for Security, kube‑bench (CIS), kube‑hunter, kubeaudit, kubescape, KubeLinter, Polaris, KubeArmor, Falco, Tracee (eBPF), Kepler (observability), Kyverno (policy), OPA/Gatekeeper, kubesec, Popeye, kubetail, Stern, KubiScan, rbac‑policies‑lint, Kompany (RBAC viz), Kubesploit (research), Chainguard images (distroless).
Cloud Security (AWS / Azure / GCP)
Prowler (AWS), ScoutSuite, CloudMapper (AWS), Cartography (Lyft), PMapper (AWS IAM viz), Principal‑UID tools, Cloudsploits/Aqua, prowler‑azure, pacu (AWS exploitation framework), weirdAAL (AWS), Steampipe + cloud mods, Cloud Custodian, Checkov, tfsec, Terrascan, cfn‑nag, AzureHound/AzureAD module for BloodHound, MicroBurst (Azure), roadrecon (AAD), stormspotter (AAD), gcloud‑enum scripts, GCP‑IAM‑viz, GCPBucketBrute (again), gsutil gsutil‑ACL audits, ScoutSuite‑gcp.
IaC Scanning, Policy‑as‑Code & Compliance
Checkov, tfsec, Terrascan, Semgrep IaC rules, kube‑policies (Kyverno/OPA), conftest (OPA), OpenSCAP, SCAP Workbench, scap‑security‑guide (SSG), Lynis, Chef InSpec, osquery compliance packs, CIS Cat Lite (limited), Auditbeat rules, Falco rules (compliance-ish), Compliance Masonry (OpenControl), Regula.
DevSecOps, SAST/DAST/SCA & Secrets
Semgrep, SonarQube, CodeQL, Bandit (Python), Safety (Python deps), pip‑audit, pip‑grip, Trivy (SCA), Syft/Grype, OWASP Dependency‑Check, Retire.js, npm‑audit, yarn‑audit, Gosec (Go), Brakeman (Rails), FindSecBugs/SpotBugs (Java), PMD, ESLint security plugins, Flawfinder (C/C++), RIPS (legacy), ZAP baseline/automation, git‑leaks (Gitleaks), TruffleHog, detect‑secrets, ggshield (GitGuardian CLI), repo‑supervisor.
Mobile Security (Android & iOS)
MobSF, Drozer, Frida, Objection, apktool, jadx, Androguard, QARK, qark‑mod, House (iOS runtime instrumentation), Needle (iOS), r2frida, idb, otool/otx (mach‑o), class‑dump, bagbak, checkra1n (research), Android‑Backup‑Extractor, Magisk (research), mitmproxy/Burp mobile proxies, AppMon (legacy), Hopper (macOS/iOS), Ghidra iOS loaders.
IoT, Firmware & Hardware
Binwalk, Firmadyne, FirmAE, Firmwalker, Firmware‑Mod‑Kit, QEMU system emulators, Qiling (firmware emu), emba (firmware analyzer), FRAK, uefitool/UEFIExtract, CHIPSEC, flashrom, JTAGulator, OpenOCD, Bus Pirate tools, i2c‑tools, sigrok/PulseView, Logic2 (Saleae), radare2 (firmware), ghidra‑firmware loaders.
ICS/SCADA & OT
Conpot (honeypot), GRASSMARLIN, PLCScan, S7comm tools, Modbus‑scan, ModbusPal, Wireshark dissectors (DNP3, IEC‑104), ICS‑CERT scripts (archived), Scapy‑layers for ICS, FoxGuard ICS tools (refs), Icspector (community), CryPLH (research), Tofino (commercial references), OpenPLC (research), efs2 tools (vendor‑specific; limited OSS).
Honeypots & Deception
Cowrie (SSH/Telnet), Dionaea, Glutton, T‑Pot (multi‑honeypot distro), Conpot (ICS), HoneyDB sensor, Elastichoney, Mailoney, rdpy (RDP Honey), ADBHoney, Heralding, Honeytrap, Honeyd (legacy), kube‑hunter (as trap), Canarytokens (service).
Privacy, OPSEC & Anonymity
Tor, torsocks, Privoxy, I2P, Whonix (distro), WireGuard, OpenVPN, Tailscale (service), pgp/gpg, age (file encryption), sops (Mozilla SOPS), OnionShare, MAT2 (metadata anonymizer).
Cryptography, PKI & Key Management
OpenSSL/LibreSSL, HashiCorp Vault, step‑cli (Smallstep), cfssl, Keytool, GnuPG, age, sops, RHash, BouncyCastle tools, JWK tools, jwcrypto, certbot, acme.sh, mkcert, minica, xca, SoftHSM, pkcs11‑tools.
Blue Team Hardening & Benchmarks
Lynis, OpenSCAP/SSG, CIS‑Bench scripts, osquery packs, Wazuh audit rules, auditd, sysctl hardening scripts, Windows Hardening Toolkit (community), HardenTools, CIS‑CAT Lite (limited), kube‑bench, kube‑linter, Falco rules.
Data Exfiltration Detection & DLP‑Adjacents (Open Source)
Zeek file extraction + signatures, Suricata file store + rules, Arkime (index PCAP), Stenographer (Google), netsniff‑ng ring buffer, pcap‑ng indexing scripts, yextend (YARA on files at rest), Loki (YARA scanner), Thor Lite (limited).
Automation, Glue & Scripting Frameworks (Security‑Focused)
Ansible, Terraform (with guardrails), Packer, Make, Nornir (network automation), Netmiko/Paramiko, SaltStack, Fabric, mitmproxy scripting, Scapy, pwntools, angr, Keystone/Capstone/Unicorn, Volatility plugins, Splunk SDKs, Elastic clients, Sigma converters (sigmac), mitreattack‑python, OpenAI/LLM assistants for code gen (policy‑guarded).
Automotive Security (CAN, UDS, Infotainment)
CAN‑utils, ICSim, SavvyCAN, Kayak (KAYAK), SocketCAN tools, python‑can, CANtact tools, CANToolz, UDSim, caringcaribou (legacy), OpenGarages tools, Frida/Objection on infotainment systems (research), Ghidra/IDA for ECU firmware.
CMD
Nmap, Masscan, Burp Suite, ZAP, Nikto, sqlmap, wfuzz/ffuf/gobuster/dirbuster/dirsearch, Hydra/Medusa/Ncrack, John/Hashcat, Aircrack‑ng, Kismet, Reaver, WiFite, Bettercap, Hping3, Scapy, Responder, Impacket, CrackMapExec, Mimikatz (Windows), BloodHound, Neo4j, enum4linux‑ng, smbmap, dnsrecon/dnsenum, dnstwist, whatweb, wpscan, joomscan, Nikto, Arachni (archived), w3af, sqlmap, theHarvester, Maltego (CE), recon‑ng, weevely, metasploit‑framework, msfvenom, netcat/ncat/socat, tcpdump, Wireshark, tshark, Ettercap, arpspoof, sslscan, testssl.sh, sslyze, BeEF (research), SET (Social‑Engineer Toolkit), PowerSploit/PowerView, Veil (archived), OpenVAS/Greenbone (separate).
Purple Team & Adversary Emulation
MITRE CALDERA, Atomic Red Team, Invoke‑AtomicRedTeam, AtomicTestHarnesses, VECTR (SRA), Prelude Operator, Infection Monkey, Stratus Red Team, Uber Metta, APTSimulator, PurpleSharp, Red Team Automation (RTA), SCYTHE (commercial), AttackIQ (commercial), Picus (commercial), Splunk Attack Range, DetectionLab, Terraform‑Attack‑Range, RedHunt OS, SimuLand.
Vulnerability Scanners & VM Programs
Greenbone OpenVAS / GVM, Nessus, Nexpose/InsightVM, Qualys, Vuls, OpenVAS gvm‑tools, OpenVAS‑Scanner, Nikto2, Nmap Vulners NSE + vulscan, Lynis (host hardening audit), OpenSCAP + SSG, GRR Rapid Response (also IR), Vulners CLI, OWASP Dependency‑Check, Anchore Engine.
Reporting, Collab & Vuln Management
Dradis, Faraday, Serpico, PwnDoc, DefectDojo, Seccubus, ArcherySec, ThreadFix (commercial), PlexTrac (commercial), Vulnreport, Poortego, CaseFile (Maltego), Rapport (community).
OSINT (People/Companies/Assets)
PhoneInfoga, WhatsMyName, Blackbird, Twint (legacy), snscrape, h8mail, Breach‑Parser, dehashed CLI (service), emailrep.io CLI (service), ExifTool, pymeta, FOCA (Win), Creepy (geolocation), PhotonOSINT, Social Analyzer, Maigret (alt to Sherlock), DumpsterDiver (S3/archives), Gitrob (legacy), Gitleaks‑sbom, CloudQuery (OSINT via CSPs).
Attack Surface Discovery (ASM)
puredns, massdns, anew, asnmap, mapcidr, httprobe, hakrevdns, asnlookup, dnsprobe, zgrab2 (banner), zmap, tlsx, gau/waybackurls, katana (crawler), interlace (task runner), chaos‑client (ProjectDiscovery), Censys‑CLI, Shodan CLI, SecurityTrails CLI, BinaryEdge CLI.
Email Security, Phishing Sim & Analysis
GoPhish, King Phisher, Phishing Frenzy (legacy), LUCY (commercial), Gophish‑Tools, Urlscan.io CLI, emlAnalyzer, MSGViewer, oledump/oletools (analysis), PhishDetect, MailSniper (O365), Rspamd, SpamAssassin, OpenDKIM, OpenDMARC.
Web & API
wfuzz, ffuf‑scripts, feroxbuster‑templates, tplmap (SSTI), x8 (XSS/XXE tester), GraphQLCop, Clairvoyance (GraphQL introspection), Autorize (Burp), Param Miner (Burp), Hackvertor (Burp), Retire.js, Lighthouse‑CI security checks, ftw (WAF testing framework), mod\_security + OWASP CRS, NAXSI (NGINX WAF).
Out‑of‑Band & Collaborators
Interactsh (ProjectDiscovery), Burp Collaborator Everywhere (ext), DNSDumpster (service), canarytokens‑cli, Webhook.site (service), requestbin‑like tools.
Databases (SQL/NoSQL)
sqlmap‑tamper‑packs, sqlninja (legacy), ODAT (Oracle), tnscmd10g, PowerUpSQL, SQLRecon, NoSQLMap, mongoaudit (legacy), Redis‑Rogue‑Server (research), mssqlclient.py (Impacket), Postgres‑audit‑scripts, MariaDB audit plugins.
Windows AD / Lateral Movement
PingCastle, Purple Knight, ADExplorer (Sysinternals), ADACLScanner, ACLight, LDAPDomainDump, Grouper2, GPP‑Password tools, SharpHound, BloodHound CE, SharpRDP, SharpSocks, Snaffler, PrintNightmare PoCs (research only), SpoolSample, PetitPotam/DFSCoerce (research), Rubeus, Certipy‑AD, KrbRelayUp, PowerView, PowerSploit, PowerUp, PrivescCheck, WES‑NG (Windows Exploit Suggester), evil‑winrm.
Linux/Unix Priv‑Esc & Enum
LinPEAS, LinEnum, linux‑smart‑enumeration, LES1/LES2, pspy, pwnkit‑checkers, GTFOBins (ref), BeRoot (legacy), suid3num, unix‑privesc‑check, Enumy, Debsecan, Checksec, Hardening‑check.
macOS Security (Objective‑See & Others)
LuLu, KnockKnock, BlockBlock, TaskExplorer, Netiquette, Dylib Hijack Scanner, KextViewr, Oversight, Do Not Disturb, RansomWhere?, ReiKey, Santa (Google), osquery (mac), mac\_apt, macos‑unified‑logs tools.
Wireless, Wi‑Fi & Rogue AP
Aircrack‑ng suite, hcxdumptool/hcxpcapngtool, Wifite2, Airgeddon, Reaver/Bully, Kismet, mdk4, hostapd‑wpe, EAPHammer, Wifiphisher, Fluxion, Wlan‑Pi tools, Bettercap Wi‑Fi, wavemon.
Bluetooth/BLE/Zigbee/RFID/NFC
Ubertooth‑tools, Crackle, BlueHydra, BtleJack, BLEAH, gattacker, btlejuice, GATTTool, Proxmark3 client, mfoc/mfcuk, ChameleonMini/Tiny clients, RfCat, KillerBee suite, zbstumbler, zbwireshark.
SDR & RF
GNU Radio, GQRX, URH, Inspectrum, SDRangel, rtl\_433, kalibrate‑rtl, gr‑gsm, srsRAN, OpenLTE, BladeRF/HackRF tools, SoapySDR, SigDigger.
VoIP, SIP & RTC
SIPVicious‑NG, sngrep, rtpbreak, rtpsnoop, inviteflood (research), rtpflood (research), VoIP Hopper, SIPp, Asterisk‑security scripts, RTPinject (research).
Proxies, MITM, Tunnels & Pivoting
mitmproxy, Bettercap, sslsplit, Ettercap‑NG, arpspoof, Responder, Inveigh, ntlmrelayx, mitm6, Evilginx2 (research), Modlishka (research), chisel, ligolo‑ng, frp, gost, reGeorg/Neo‑reGeorg, sshuttle, sish, socat, iodine, dnscat2, ptunnel‑ng, wireguard, OpenVPN, rinetd.
C2, Post‑Ex & Tradecraft
Metasploit, Sliver, Mythic, Merlin, Covenant, PoshC2, Empire (revived forks), Havoc, Koadic, Donut, SharpCollection, PowerSharpPack, GhostPack, Seatbelt, LaZagne, SharpUp, SharpDump, SILENTTRINITY, QuasarRAT (research), Brute Ratel (commercial), Cobalt Strike (commercial).
Reverse Engineering & Diffing
Ghidra, IDA Free, Binary Ninja (comm), Hopper (comm), radare2/rizin, Cutter, RetDec, JD‑GUI, CFR, Procyon, jadx, apktool, Androguard, dnSpyEx, ILSpy, x64dbg, WinDbg, LLDB, GDB, Frida, Qiling, Triton, Unicorn/Keystone/Capstone, Diaphora, BinDiff (comm).
Malware Analysis & Sandboxes
YARA, yarGen, capa, FLOSS, PE‑sieve, pefile, LIEF, Detect‑It‑Easy (DIE), Exeinfo PE, PEStudio, Didier Stevens Suite (pdfid/pdf‑parser), ioc‑extractor, CAPE Sandbox, Cuckoo, Speakeasy (emulation), MalDetect, Procmon/ProcExp/Sysinternals, RegRipper, Raccine (ransomware mitigator).
Memory/Live Forensics
Volatility 2/3, Rekall, MemProcFS, Winpmem, AVML, DumpIt, Magnet RAM Capture, Belkasoft RAM Capture, LiME, pmem suite, Redline (legacy), Velociraptor (also IR/DFIR), Hibernation Recon (comm).
Disk & Filesystem Forensics
Sleuth Kit & Autopsy, Guymager, ewf‑tools/libewf, dc3dd, ddrescue, bulk\_extractor, foremost, scalpel, photorec/testdisk, X‑Ways Forensics (comm), EnCase (comm), Magnet AXIOM (comm), OSFMount, FTK Imager, tsk\_recover, Eric Zimmerman tools (MFTECmd, RECmd, Kape, JLECmd, LECmd, PECmd).
Browser, App & Cloud Forensics
Hindsight (Chrome), Unfurl, HARalyzer, ALEAPP/iLEAPP/RELEAPP (mobile artifacts), Kape (again), Timesketch, Plaso (log2timeline), StreamAlert (CloudTrail pipeline), CloudTrail Lake (service), Azure Sentinel (Kusto), GCP Forensics (gcptoolkit, gcsfuse usage in IR), DFIR‑IRIS (case mgmt).
Network, IDS/NIDS & PCAP
Wireshark/tshark/Termshark, tcpdump, Zeek, Suricata, Snort, Arkime (Moloch), Brim/Zui, netsniff‑ng, tcpreplay, CapLoader (comm), NetworkMiner (Win), p0f, RITA (beaconing), JA3/JA3S, HASSH/HASSH‑S, Zeek‑community scripts.
eBPF, Runtime & Cloud Observability (Security‑use)
bcc‑tools, bpftrace, Tracee (Aqua), Tetragon (Cilium), Falco, Sysdig Inspect, Hubble (Cilium), Pixie (CNCF), Parca (profiling), Kepler (energy telemetry), Procmon‑for‑Linux, Auditd/auditbeat.
Containers, Images & Kubernetes
Trivy + Trivy Operator, Grype, Syft, Clair, Dockle, Dive, kube‑bench, kube‑hunter, kubeaudit, Kubescape, Kubesec, Polaris, Kyverno, OPA/Gatekeeper, RBAC‑Police, rback, kubeletctl, Peirates, CDK (Container Attack Toolkit), KubeArmor, Tracee, Tern (SBOM), KubeClarity, Chain‑Bench (BridgeCrew).
Cloud Security – AWS
Prowler, ScoutSuite, CloudMapper, Cartography, CloudQuery, Pacu, WeirdAAL, CloudSploit (Aqua), CloudSplaining, Parliament (IAM policy lint), policy\_sentry, iamlive, Cloud Custodian, Steampipe + AWS mods, S3Scanner, Principal Mapper (PMapper), aws‑inventory, aws‑ls, SkyArk (also Azure).
Cloud Security – Azure & AAD
ROADTools (roadrecon/roadsrecon), AADInternals, AzureHound (BloodHound), Stormspotter, MicroBurst, MSOLSpray, AAD‑connect‑enumeration scripts, Azucar, AzureADExplorer, Azure Policy as Code (AzAdvertizer refs), Sentinel KQL content packs.
Cloud Security – GCP
ScoutSuite (GCP), Forseti Security (legacy), GCPBucketBrute, gcloud‑enum scripts, GCP IAM Visualization (community), GKE Policy Controller (OPA), Config Validator, Prowler‑GCP (community forks), Steampipe GCP mods.
IaC, Policy‑as‑Code & Compliance
Checkov, tfsec, Terrascan, Conftest (OPA), OPA Rego policies, OpenSCAP/SCAP Workbench, CIS‑CAT Lite, Chef InSpec, Regula, kube‑policy libs, Auditbeat compliance, Compliance Masonry (OpenControl), osquery compliance packs.
SBOM, Supply Chain & SCA
Syft (SBOM), Grype, Trivy, Clair, Tern, cdxgen, CycloneDX‑CLI, SPDX‑tools, Dependency‑Track, OSS Review Toolkit (ORT), GUAC (Graph for software supply chain), Sigstore/cosign, in‑toto, SLSA provenance generators.
Secrets Detection & Key Management
Gitleaks, TruffleHog, detect‑secrets, ggshield, Secretlint, shhgit, repo‑supervisor, Yelp/detect‑secrets server, HashiCorp Vault, AWS Secrets Manager (service), GCP Secret Manager (service), Azure Key Vault (service), Keywhiz (Square), Confidant (Lyft), SOPS + age.
Crypto, PKI & PQC
OpenSSL/LibreSSL, step‑cli + step‑ca (Smallstep), CFSSL, EJBCA, Dogtag PKI, cert‑manager (K8s), mkcert, acme.sh, JWK/Jose tools, ZLint, x509lint, hash\_extender, RsaCtfTool, liboqs (Open Quantum Safe), oqs‑openssl/oqs‑provider, PQClean, CIRCL (Cloudflare).
Blue‑Team Hardening
Sysmon (Windows) + SwiftOnSecurity config, Olaf Hartong Sysmon Modular, HardeningKitty, Windows Hardening Toolkit, AppLocker samples, Attack Surface Reduction (ASR) rule scripts, CIS Benchmarks tooling, Lynis (Linux), OpenSnitch (Linux app firewall), auditd rules packs.
Deception & Honeypots
OpenCanary, Cowrie, Dionaea, Glastopf (legacy), Conpot (ICS), T‑Pot (multi‑honeypot), HoneyPy, Heralding, rdpy (RDP honey), ADBHoney, Endlessh (slow SSH), Canarytokens (service), HoneyTrap.
IoT & Firmware
Routersploit, Firmadyne, FirmAE, Firmwalker, Firmware‑Mod‑Kit, FACT (Firmware Analysis & Comparison Tool), QEMU system emu, Binwalk, UEFITool/UEFIExtract, CHIPSEC, emba, flashrom, Bus Pirate tools, OpenOCD, Sigrok/PulseView.
ICS/SCADA & OT
GRASSMARLIN, Conpot, ModbusPal, PLCScan, s7comm‑tools, DNP3/IEC‑104 Wireshark dissectors, OpenPLC, ICS‑specific Zeek scripts, Icspector (community), Scapy‑layers‑ICS, Foxhound/Redpoint (vendor ecosystems, refs).
Automotive
SocketCAN/CAN‑utils, SavvyCAN, Kayak, ICSim, python‑can, CANToolz, UDSim, caringcaribou (legacy), IsoTp tools, CANtact utilities, Instrument clusters reverse workflows with Ghidra/IDA.
Passwords, Wordlists & Analytics
Hashcat, John (Jumbo), hashcat‑utils, maskprocessor, statsprocessor, PACK, princeprocessor, kwprocessor, Pipal, CUPP, CeWL, wordlistctl, Probable‑Wordlists, Kaonashi, OneListForAll, seclists‑updates.
Packet Crafting & Traffic Tools
Scapy, hping3, nping, Nemesis, Ostinato (GUI), trafgen, mtr, tc/netem (lab shaping), socat/ncat/nc, iperf3.
Threat Intel & Malware Knowledge
MISP, OpenCTI, IntelMQ, Yeti, CRITs (legacy), Harpoon (TI CLI), IntelOwl, MWDB (CERT.PL), Malpedia, SigmaHQ, sigmac (converters), ATT\&CK Navigator, ATT\&CK Workbench, VTI (services), OSINT‑Feeds parsers.
SIEM, XDR & Case Mgmt
Splunk (free/trial), Elastic Stack, OpenSearch + Dashboards, Graylog, Wazuh (XDR), OSQuery, LimaCharlie (service), TheHive, Cortex, ElastAlert2, Panther (serverless SIEM, OSS/community), Sigma‑to‑{SIEM} toolchains.
Training, CTF & Ranges
CTFd, RootTheBox, Pwnable.kr style setups, Damn Vulnerable Web App (DVWA), bWAPP, Juice Shop, Mutillidae, Hackazon (legacy), Metasploitable, VulnHub images, Ternaus vulnerable labs, CloudGoat (AWS), Flaws2/Flaws‑Cloud, AzureGoat, Kubernetes Goat. BeEF, Social‑Engineer Toolkit (SET), searchsploit (Exploit‑DB), yersinia, responder‑multirelay forks, sparta, legion, wpscan, joomscan, cmsmap, cadaver (WebDAV), dirbuster (legacy), wifiphisher, fluxion, reaver/bully, powersploit, veil‑framework (archived), bed (buffer overflow tester), thc‑ipv6, thc‑hydra, ike‑scan, sipvicious, openvas (gvm), hash‑identifier, mimikatz (Win), unicorn (macro gen; research), weevely (webshell), weePWN (legacy), dnschef, sslstrip/sslsplit (legacy research), sslscan/testssl.sh/sslyze, ridenum (rpc), enumiax (IAx2), onesixtyone (SNMP), snmp‑check.
Enterprise Databases & DB Security
Oracle Database (with sqlplus, tnscmd, ODAT, exploit labs), Microsoft SQL Server (with sqlcmd, PowerUpSQL, MSSQL audit scripts, xp\_cmdshell labs), PostgreSQL (psql, pgcli, pgAudit, pgcrypto), MySQL / MariaDB (mysql CLI, Percona audit, SQLMap integration), MongoDB (mongo shell, nosqlmap, mongod audit), Redis (redis-cli, rogue-server labs), Cassandra, CouchDB, Neo4j (graph database labs, BloodHound integration), Elasticsearch / OpenSearch (search exploitation labs, privilege abuse labs). Training Scenarios: Misconfigurations, SQLi, privilege escalation in stored procedures, database credential leaks, lateral movement via linked servers.
Virtual Machines & OS Environments
Windows Server VMs (AD lab forests, Sysmon telemetry, Defender bypass labs), Windows 10/11 VMs (endpoint detection, privilege escalation training), macOS VM (Objective-See tools, macOS persistence, Gatekeeper bypass labs), Linux Distributions (Debian, Ubuntu, CentOS, Arch for hardening vs attack scenarios), Containerized OS Environments (Docker, Podman, Kubernetes clusters). Training Scenarios: Build entire enterprise networks inside Rose X with multi-VM topologies (Windows + Linux + Mac + DB + WebApps).
Web Applications & CMS Exploitation
Rose X comes pre-loaded with realistic web stacks for attack and remediation: WordPress (wp-scan, plugin vulnerability labs), Joomla (joomscan, RCE practice labs), Drupal (droopescan, Drupalgeddon scenarios), Magento (eCommerce exploitation labs), MediaWiki (wiki privilege escalation labs), Prestashop, OpenCart, phpBB, vBulletin (classic CMS and forum vulnerabilities). Training Scenarios: SQLi, XSS, CSRF, RCE, plugin/backdoor exploitation, patching and hardening guides.
Vulnerability Vines AI Integration
Rose X isn’t just a static OS — it plugs directly into Vulnerability Vines AI for enterprise-grade vulnerability management: DAST, SAST and SCA scans across applications, APIs and containers; AI-powered remediation guidance where Vines generates fixes, configuration changes and hardening steps; risk dashboards mapped to NIST 800-53, ISO 27001, SOC 2 and PCI DSS; continuous integration with DevSecOps pipelines; smart reporting with CVSS scoring, EPS scoring and AI prioritization. This makes Rose X not just a hacker’s playground, but also a defender’s command center.
Amass, Subfinder, Assetfinder, sublist3r, SubDomainizer, dnsx, httpx, gowitness, Eyewitness, aquatone, Nuclei (templates), SpiderFoot, Maltego (CE), recon‑ng, theHarvester, Holehe, Maigret, Sherlock, socialscan, GHunt, Gitmails, gitGraber, git-dumper, Gmap, Metagoofil, FOCA, dorkscout, CloudEnum, S3Scanner, GCPBucketBrute, crt.sh (API/clients), Censys (CLI), Shodan (CLI), BinaryEdge (CLI), Onyphe (CLI), SecurityTrails (CLI), dirsearch, gobuster, ffuf, feroxbuster, waybackurls, gau, katana, hakrawler, Photon, ParamSpider.
Network Mapping & Scanning
Nmap, Masscan, unicornscan, ZMap, RustScan, Netdiscover, arp-scan, fping, hping3, ZGrab2, Scanless, naabu, smbclient, nbtscan, rpcclient, enum4linux‑ng, smbmap, snmpwalk/snmpcheck, ike-scan, ikeprober, sslyze, testssl.sh, sslscan.
DNS, Email & Certificates
dnsenum, dnsrecon, dnstwist, DNSChef, Fierce, Subjack, tlsx, certspotter, crtsh-scraper, dmarcian-tools, checkdmarc, dkimpy, SPF Toolbox (CLI forks), OpenDKIM/OpenDMARC, sslstrip (historical), sslsplit, mkcert, step‑cli, cfssl, x509lint.
Web Application DAST & Recon
Burp Suite (Community/Pro), OWASP ZAP, Nikto, w3af, Arachni (archived), Wapiti, Skipfish (legacy), Skipfish‑mod, Nuclei, dalfox, kxss, XSStrike, tplmap (SSTI), crlfuzz, Corsy (CORS), jwt\_tool, graphw00f, GraphQLmap, InQL, Postman (collections for API tests), kiterunner (kr), ffuf/gobuster/dirsearch/feroxbuster (content discovery), Arjun (params), SSRFmap, NoSQLMap, SQLMap, joomscan, wpscan, droopescan, whatweb, wafw00f, nuclei‑templates‑community, nuclei‑templates‑projectdiscovery, retire.js, Lighthouse CI (security checks), ZAP Baseline.
API & Microservices Security
RESTler, kiterunner, schemathesis, oasdiff (security), 42Crunch CLI (policy), graphql‑security scanners (InQL/GraphQLmap), soapui, grpcurl, grpc‑fuzzer, Burp extensions (Autorize, JWT Editor, GraphQL Raider), ZAP add‑ons (OpenAPI, GraphQL).
Wordlists & Discovery Corpora
SecLists, Probable‑Wordlists, rockyou.txt, Kaonashi, dnscan‑wordlist, fuzzdb, PayloadsAllTheThings, OneListForAll, assetnote‑wordlists, raft‑wordlists.
Passwords, Hashes & Credentials
John the Ripper (Jumbo), Hashcat, hashid/hash‑identifier, pack, princeprocessor, maskprocessor, rsmangler, CUPP, CeWL, Hydra, Medusa, Ncrack, Patator, Crowbar, Kerbrute, Sprayhound, CrackMapExec (spray modules), LaZagne, creddump7, samdump2, gpp‑decrypt, KeePass2john, office2john, pdf2john, unzip2john, psexec.py/wmiexec.py (Impacket), secretsdump.py (Impacket).
Proxies, MITM & Traffic Manipulation
mitmproxy, bettercap, Burp Collaborator, sslsplit, Ettercap‑NG, arpspoof (dsniff), macof, responder, Inveigh, ntlmrelayx (Impacket), mitm6, Evilginx2 (research), Modlishka (research), ferret/hamster (legacy), scapy, socat, redsocks, proxychains‑ng, 3proxy, gost, Tor, Onioncircuits.
Tunneling, Pivoting & Redirectors
chisel, ligolo‑ng, frp (fast reverse proxy), gost, reGeorg/Neo‑reGeorg, sish, sshuttle, iodine (DNS tunnel), dnscat2, ptunnel‑ng, icmptunnel, gost‑socks5, socks5‑relay, rinetd, ncat/nc, socat, wireguard, OpenVPN, autossh.
Wireless (Wi‑Fi)
Aircrack‑ng suite, hcxdumptool/hcxtools, Wifite2, Kismet, Reaver, Bully, mdk4, airodump‑ng/aireplay‑ng, airgeddon, hostapd‑wpe, eaphammer, WPS‑Netsniffers, WiFi‑Pumpkin (legacy), Wlan‑pi tools, wavemon.
Bluetooth, BLE, Zigbee, RFID/NFC
BlueZ, btmon, hcitool, blue-hydra, bluelog, BtleJack, BLEAH, gatttool, GATTacker, BtleJuice, ubertooth‑tools, Crackle, Rfcat (Yard Stick One), KillerBee (Zigbee), zbdump/zbwireshark, RZUSBStick tools, Proxmark3 client, mfoc, mfcuk, libnfc‑tools, NFC‑Tools, ChameleonMini client.
SDR & RF Analysis
GNU Radio, GQRX, URH (Universal Radio Hacker), Inspectrum, SigDigger, SDRangel, rtl\_433, rtl\_sdr, SoapySDR, HackRF tools, BladeRF tools, gr‑gsm, gr‑ieee802.11, OpenLTE, srsRAN.
Exploit Development, Binary Exploitation & Fuzzing
pwntools, angr, radare2/rizin, Cutter, GEF, PEDA, Pwndbg, ROPgadget, Ropper, one\_gadget, rp++, AFL++, honggfuzz, libFuzzer, boofuzz, Peach Fuzzer (commercial), zzuf, Radamsa, syzkaller, kAFL, rr (Mozilla), Frida, Qiling, Triton (dynamic binary analysis), Unicorn Engine, Keystone, Capstone.
Exploit Frameworks, C2 & Payload Tooling
Metasploit Framework, Sliver C2, Covenant, Mythic, Havoc, Merlin, PoshC2, Empire (resurrected forks), Koadic, Quasar (Windows RAT; research), Cobalt Strike (commercial), Brute Ratel (commercial), Veil‑Framework (archived), Donut (shellcode loader), NimPackt (research), SharpCollection (various post‑ex tools).
Active Directory, Windows & Lateral Movement
Impacket suite (psexec, wmiexec, smbexec, secretsdump, lookupsid, getTGT, getST, ntlmrelayx), CrackMapExec, BloodHound + SharpHound, neo4j (backend), Rubeus, Mimikatz, SafetyKatz, PowerView, PowerSploit, PowerUp, PrivescCheck, Seatbelt, WinPEAS, Kerbrute, certipy‑ad, ADCSPwn, PKINITtools, gMSADumper, adidnsdump, LDAPDomainDump, evil‑winrm, SMBMap, CME‑spider\_plus, Coercer, PetitPotam, DFSCoerce, KrbRelayUp, SpoolSample, PrintNightmare PoCs (research only).
Linux & Unix Privilege Escalation & Enumeration
LinPEAS, LinEnum, linux‑smart‑enumeration (lse), pspy, LES (Linux Exploit Suggester 1/2), GTFOBins (reference), BeRoot (legacy), suid3num, unix‑privesc‑check, bashark, chkrootkit, rkhunter.
Reverse Engineering & Decompilers
Ghidra, IDA Free (limited), Binary Ninja (commercial), Hopper (commercial), radare2/rizin, Cutter, RetDec, JD‑GUI, CFR, Procyon, jadx/jadx‑gui, apktool, Androguard, dnSpyEx, ILSpy, JEB (commercial), x64dbg, OllyDbg (legacy), WinDbg, LLDB, GDB.
Malware Analysis & YARA
YARA, yarGen, PE‑Sieve, FLOSS (FireEye/FLARE), capa (FLARE), pefile, LIEF, Detect It Easy (DIE), Exeinfo PE, PEStudio, Procmon/ProcExplorer (Sysinternals), RegRipper, CAPE sandbox, Cuckoo Sandbox, Joe Sandbox (service), FireEye Sandbox (service), MalDuck, ThreatCheck, ShellcodeFluctuation tools (research), OfficeMalScanner, oledump/oletools, Didier Stevens Suite.
Network Traffic Analysis, NIDS & PCAP
Wireshark, tshark, Termshark, tcpdump, ngrep, Zeek (Bro), Suricata, Snort, Arkime (Moloch), Brim/Zui, netsniff‑ng, tcpreplay, tcpxtract, chaosreader, NetworkMiner (Windows), CapLoader (commercial), maltrail, Security Onion (distro).
SIEM, Logging, EDR/XDR & Telemetry
Elastic (Elasticsearch, Logstash, Kibana), OpenSearch (+ Dashboards), Beats/Winlogbeat/Filebeat/Packetbeat, Splunk (trial/free), Graylog, Wazuh (SIEM/XDR), OSQuery, Sysmon (Windows), Sysmon for Linux, Velociraptor, GRR Rapid Response, LimaCharlie (service), TheHive, Cortex, SigmaHQ (rules), ElastAlert2, OpenEDR, Sysdig (Falco integration).
Incident Response & DFIR: Acquisition & Analysis
Volatility 2/3, Rekall, LiME (Linux Memory Extractor), DumpIt/Magnet RAM Capture (Win), FTK Imager (Win), Guymager, dc3dd, dd, ewf‑tools/libewf, Autopsy & Sleuth Kit, Plaso (log2timeline), Timesketch, KAPE (Win), Eric Zimmerman tools (Win), HxD, bulk\_extractor, RegRipper, Velociraptor (again), ALEAPP/iLEAPP/RELEAPP (mobile artifacts), Chainsaw (Windows event log hunting), Hayabusa (EVTX hunting), EvtxECmd.
DFIR: Case Management & Playbooks
TheHive, Cortex Analyzers, DFIR‑IRIS, FIR, RTIR (Request Tracker for IR), IntelMQ, MISP, OpenCTI, Timesketch (again), Elastic Cases, Wazuh cases.
Threat Intelligence & Sharing
MISP, OpenCTI, IntelMQ, Cortex + analyzers, Yeti, CRITs (legacy), spiderfoot‑HX, SigmaHQ, STIX/TAXII clients (cabby, mitre‑cti data), ATT\&CK Navigator, ATT\&CK Workbench, VTI (services), Threat Bus, VortexTI (community), unfetter‑discovery (legacy).
Steganography & Data Hiding/Detection
steghide, stegoveritas, zsteg, outguess, stegcracker, stegseek, OpenStego, exiftool, pngcheck, binwalk, foremost, bulk\_extractor (again), bstrings, stegsnow.
Containers & Kubernetes Security
Trivy, Grype, Syft, Clair, Dockle, Docker Bench for Security, kube‑bench (CIS), kube‑hunter, kubeaudit, kubescape, KubeLinter, Polaris, KubeArmor, Falco, Tracee (eBPF), Kepler (observability), Kyverno (policy), OPA/Gatekeeper, kubesec, Popeye, kubetail, Stern, KubiScan, rbac‑policies‑lint, Kompany (RBAC viz), Kubesploit (research), Chainguard images (distroless).
Cloud Security (AWS / Azure / GCP)
Prowler (AWS), ScoutSuite, CloudMapper (AWS), Cartography (Lyft), PMapper (AWS IAM viz), Principal‑UID tools, Cloudsploits/Aqua, prowler‑azure, pacu (AWS exploitation framework), weirdAAL (AWS), Steampipe + cloud mods, Cloud Custodian, Checkov, tfsec, Terrascan, cfn‑nag, AzureHound/AzureAD module for BloodHound, MicroBurst (Azure), roadrecon (AAD), stormspotter (AAD), gcloud‑enum scripts, GCP‑IAM‑viz, GCPBucketBrute (again), gsutil gsutil‑ACL audits, ScoutSuite‑gcp.
IaC Scanning, Policy‑as‑Code & Compliance
Checkov, tfsec, Terrascan, Semgrep IaC rules, kube‑policies (Kyverno/OPA), conftest (OPA), OpenSCAP, SCAP Workbench, scap‑security‑guide (SSG), Lynis, Chef InSpec, osquery compliance packs, CIS Cat Lite (limited), Auditbeat rules, Falco rules (compliance-ish), Compliance Masonry (OpenControl), Regula.
DevSecOps, SAST/DAST/SCA & Secrets
Semgrep, SonarQube, CodeQL, Bandit (Python), Safety (Python deps), pip‑audit, pip‑grip, Trivy (SCA), Syft/Grype, OWASP Dependency‑Check, Retire.js, npm‑audit, yarn‑audit, Gosec (Go), Brakeman (Rails), FindSecBugs/SpotBugs (Java), PMD, ESLint security plugins, Flawfinder (C/C++), RIPS (legacy), ZAP baseline/automation, git‑leaks (Gitleaks), TruffleHog, detect‑secrets, ggshield (GitGuardian CLI), repo‑supervisor.
Mobile Security (Android & iOS)
MobSF, Drozer, Frida, Objection, apktool, jadx, Androguard, QARK, qark‑mod, House (iOS runtime instrumentation), Needle (iOS), r2frida, idb, otool/otx (mach‑o), class‑dump, bagbak, checkra1n (research), Android‑Backup‑Extractor, Magisk (research), mitmproxy/Burp mobile proxies, AppMon (legacy), Hopper (macOS/iOS), Ghidra iOS loaders.
IoT, Firmware & Hardware
Binwalk, Firmadyne, FirmAE, Firmwalker, Firmware‑Mod‑Kit, QEMU system emulators, Qiling (firmware emu), emba (firmware analyzer), FRAK, uefitool/UEFIExtract, CHIPSEC, flashrom, JTAGulator, OpenOCD, Bus Pirate tools, i2c‑tools, sigrok/PulseView, Logic2 (Saleae), radare2 (firmware), ghidra‑firmware loaders.
ICS/SCADA & OT
Conpot (honeypot), GRASSMARLIN, PLCScan, S7comm tools, Modbus‑scan, ModbusPal, Wireshark dissectors (DNP3, IEC‑104), ICS‑CERT scripts (archived), Scapy‑layers for ICS, FoxGuard ICS tools (refs), Icspector (community), CryPLH (research), Tofino (commercial references), OpenPLC (research), efs2 tools (vendor‑specific; limited OSS).
Honeypots & Deception
Cowrie (SSH/Telnet), Dionaea, Glutton, T‑Pot (multi‑honeypot distro), Conpot (ICS), HoneyDB sensor, Elastichoney, Mailoney, rdpy (RDP Honey), ADBHoney, Heralding, Honeytrap, Honeyd (legacy), kube‑hunter (as trap), Canarytokens (service).
Privacy, OPSEC & Anonymity
Tor, torsocks, Privoxy, I2P, Whonix (distro), WireGuard, OpenVPN, Tailscale (service), pgp/gpg, age (file encryption), sops (Mozilla SOPS), OnionShare, MAT2 (metadata anonymizer).
Cryptography, PKI & Key Management
OpenSSL/LibreSSL, HashiCorp Vault, step‑cli (Smallstep), cfssl, Keytool, GnuPG, age, sops, RHash, BouncyCastle tools, JWK tools, jwcrypto, certbot, acme.sh, mkcert, minica, xca, SoftHSM, pkcs11‑tools.
Blue Team Hardening & Benchmarks
Lynis, OpenSCAP/SSG, CIS‑Bench scripts, osquery packs, Wazuh audit rules, auditd, sysctl hardening scripts, Windows Hardening Toolkit (community), HardenTools, CIS‑CAT Lite (limited), kube‑bench, kube‑linter, Falco rules.
Data Exfiltration Detection & DLP‑Adjacents (Open Source)
Zeek file extraction + signatures, Suricata file store + rules, Arkime (index PCAP), Stenographer (Google), netsniff‑ng ring buffer, pcap‑ng indexing scripts, yextend (YARA on files at rest), Loki (YARA scanner), Thor Lite (limited).
Automation, Glue & Scripting Frameworks (Security‑Focused)
Ansible, Terraform (with guardrails), Packer, Make, Nornir (network automation), Netmiko/Paramiko, SaltStack, Fabric, mitmproxy scripting, Scapy, pwntools, angr, Keystone/Capstone/Unicorn, Volatility plugins, Splunk SDKs, Elastic clients, Sigma converters (sigmac), mitreattack‑python, OpenAI/LLM assistants for code gen (policy‑guarded).
Automotive Security (CAN, UDS, Infotainment)
CAN‑utils, ICSim, SavvyCAN, Kayak (KAYAK), SocketCAN tools, python‑can, CANtact tools, CANToolz, UDSim, caringcaribou (legacy), OpenGarages tools, Frida/Objection on infotainment systems (research), Ghidra/IDA for ECU firmware.
CMD
Nmap, Masscan, Burp Suite, ZAP, Nikto, sqlmap, wfuzz/ffuf/gobuster/dirbuster/dirsearch, Hydra/Medusa/Ncrack, John/Hashcat, Aircrack‑ng, Kismet, Reaver, WiFite, Bettercap, Hping3, Scapy, Responder, Impacket, CrackMapExec, Mimikatz (Windows), BloodHound, Neo4j, enum4linux‑ng, smbmap, dnsrecon/dnsenum, dnstwist, whatweb, wpscan, joomscan, Nikto, Arachni (archived), w3af, sqlmap, theHarvester, Maltego (CE), recon‑ng, weevely, metasploit‑framework, msfvenom, netcat/ncat/socat, tcpdump, Wireshark, tshark, Ettercap, arpspoof, sslscan, testssl.sh, sslyze, BeEF (research), SET (Social‑Engineer Toolkit), PowerSploit/PowerView, Veil (archived), OpenVAS/Greenbone (separate).
Purple Team & Adversary Emulation
MITRE CALDERA, Atomic Red Team, Invoke‑AtomicRedTeam, AtomicTestHarnesses, VECTR (SRA), Prelude Operator, Infection Monkey, Stratus Red Team, Uber Metta, APTSimulator, PurpleSharp, Red Team Automation (RTA), SCYTHE (commercial), AttackIQ (commercial), Picus (commercial), Splunk Attack Range, DetectionLab, Terraform‑Attack‑Range, RedHunt OS, SimuLand.
Vulnerability Scanners & VM Programs
Greenbone OpenVAS / GVM, Nessus, Nexpose/InsightVM, Qualys, Vuls, OpenVAS gvm‑tools, OpenVAS‑Scanner, Nikto2, Nmap Vulners NSE + vulscan, Lynis (host hardening audit), OpenSCAP + SSG, GRR Rapid Response (also IR), Vulners CLI, OWASP Dependency‑Check, Anchore Engine.
Reporting, Collab & Vuln Management
Dradis, Faraday, Serpico, PwnDoc, DefectDojo, Seccubus, ArcherySec, ThreadFix (commercial), PlexTrac (commercial), Vulnreport, Poortego, CaseFile (Maltego), Rapport (community).
OSINT (People/Companies/Assets)
PhoneInfoga, WhatsMyName, Blackbird, Twint (legacy), snscrape, h8mail, Breach‑Parser, dehashed CLI (service), emailrep.io CLI (service), ExifTool, pymeta, FOCA (Win), Creepy (geolocation), PhotonOSINT, Social Analyzer, Maigret (alt to Sherlock), DumpsterDiver (S3/archives), Gitrob (legacy), Gitleaks‑sbom, CloudQuery (OSINT via CSPs).
Attack Surface Discovery (ASM)
puredns, massdns, anew, asnmap, mapcidr, httprobe, hakrevdns, asnlookup, dnsprobe, zgrab2 (banner), zmap, tlsx, gau/waybackurls, katana (crawler), interlace (task runner), chaos‑client (ProjectDiscovery), Censys‑CLI, Shodan CLI, SecurityTrails CLI, BinaryEdge CLI.
Email Security, Phishing Sim & Analysis
GoPhish, King Phisher, Phishing Frenzy (legacy), LUCY (commercial), Gophish‑Tools, Urlscan.io CLI, emlAnalyzer, MSGViewer, oledump/oletools (analysis), PhishDetect, MailSniper (O365), Rspamd, SpamAssassin, OpenDKIM, OpenDMARC.
Web & API
wfuzz, ffuf‑scripts, feroxbuster‑templates, tplmap (SSTI), x8 (XSS/XXE tester), GraphQLCop, Clairvoyance (GraphQL introspection), Autorize (Burp), Param Miner (Burp), Hackvertor (Burp), Retire.js, Lighthouse‑CI security checks, ftw (WAF testing framework), mod\_security + OWASP CRS, NAXSI (NGINX WAF).
Out‑of‑Band & Collaborators
Interactsh (ProjectDiscovery), Burp Collaborator Everywhere (ext), DNSDumpster (service), canarytokens‑cli, Webhook.site (service), requestbin‑like tools.
Databases (SQL/NoSQL)
sqlmap‑tamper‑packs, sqlninja (legacy), ODAT (Oracle), tnscmd10g, PowerUpSQL, SQLRecon, NoSQLMap, mongoaudit (legacy), Redis‑Rogue‑Server (research), mssqlclient.py (Impacket), Postgres‑audit‑scripts, MariaDB audit plugins.
Windows AD / Lateral Movement
PingCastle, Purple Knight, ADExplorer (Sysinternals), ADACLScanner, ACLight, LDAPDomainDump, Grouper2, GPP‑Password tools, SharpHound, BloodHound CE, SharpRDP, SharpSocks, Snaffler, PrintNightmare PoCs (research only), SpoolSample, PetitPotam/DFSCoerce (research), Rubeus, Certipy‑AD, KrbRelayUp, PowerView, PowerSploit, PowerUp, PrivescCheck, WES‑NG (Windows Exploit Suggester), evil‑winrm.
Linux/Unix Priv‑Esc & Enum
LinPEAS, LinEnum, linux‑smart‑enumeration, LES1/LES2, pspy, pwnkit‑checkers, GTFOBins (ref), BeRoot (legacy), suid3num, unix‑privesc‑check, Enumy, Debsecan, Checksec, Hardening‑check.
macOS Security (Objective‑See & Others)
LuLu, KnockKnock, BlockBlock, TaskExplorer, Netiquette, Dylib Hijack Scanner, KextViewr, Oversight, Do Not Disturb, RansomWhere?, ReiKey, Santa (Google), osquery (mac), mac\_apt, macos‑unified‑logs tools.
Wireless, Wi‑Fi & Rogue AP
Aircrack‑ng suite, hcxdumptool/hcxpcapngtool, Wifite2, Airgeddon, Reaver/Bully, Kismet, mdk4, hostapd‑wpe, EAPHammer, Wifiphisher, Fluxion, Wlan‑Pi tools, Bettercap Wi‑Fi, wavemon.
Bluetooth/BLE/Zigbee/RFID/NFC
Ubertooth‑tools, Crackle, BlueHydra, BtleJack, BLEAH, gattacker, btlejuice, GATTTool, Proxmark3 client, mfoc/mfcuk, ChameleonMini/Tiny clients, RfCat, KillerBee suite, zbstumbler, zbwireshark.
SDR & RF
GNU Radio, GQRX, URH, Inspectrum, SDRangel, rtl\_433, kalibrate‑rtl, gr‑gsm, srsRAN, OpenLTE, BladeRF/HackRF tools, SoapySDR, SigDigger.
VoIP, SIP & RTC
SIPVicious‑NG, sngrep, rtpbreak, rtpsnoop, inviteflood (research), rtpflood (research), VoIP Hopper, SIPp, Asterisk‑security scripts, RTPinject (research).
Proxies, MITM, Tunnels & Pivoting
mitmproxy, Bettercap, sslsplit, Ettercap‑NG, arpspoof, Responder, Inveigh, ntlmrelayx, mitm6, Evilginx2 (research), Modlishka (research), chisel, ligolo‑ng, frp, gost, reGeorg/Neo‑reGeorg, sshuttle, sish, socat, iodine, dnscat2, ptunnel‑ng, wireguard, OpenVPN, rinetd.
C2, Post‑Ex & Tradecraft
Metasploit, Sliver, Mythic, Merlin, Covenant, PoshC2, Empire (revived forks), Havoc, Koadic, Donut, SharpCollection, PowerSharpPack, GhostPack, Seatbelt, LaZagne, SharpUp, SharpDump, SILENTTRINITY, QuasarRAT (research), Brute Ratel (commercial), Cobalt Strike (commercial).
Reverse Engineering & Diffing
Ghidra, IDA Free, Binary Ninja (comm), Hopper (comm), radare2/rizin, Cutter, RetDec, JD‑GUI, CFR, Procyon, jadx, apktool, Androguard, dnSpyEx, ILSpy, x64dbg, WinDbg, LLDB, GDB, Frida, Qiling, Triton, Unicorn/Keystone/Capstone, Diaphora, BinDiff (comm).
Malware Analysis & Sandboxes
YARA, yarGen, capa, FLOSS, PE‑sieve, pefile, LIEF, Detect‑It‑Easy (DIE), Exeinfo PE, PEStudio, Didier Stevens Suite (pdfid/pdf‑parser), ioc‑extractor, CAPE Sandbox, Cuckoo, Speakeasy (emulation), MalDetect, Procmon/ProcExp/Sysinternals, RegRipper, Raccine (ransomware mitigator).
Memory/Live Forensics
Volatility 2/3, Rekall, MemProcFS, Winpmem, AVML, DumpIt, Magnet RAM Capture, Belkasoft RAM Capture, LiME, pmem suite, Redline (legacy), Velociraptor (also IR/DFIR), Hibernation Recon (comm).
Disk & Filesystem Forensics
Sleuth Kit & Autopsy, Guymager, ewf‑tools/libewf, dc3dd, ddrescue, bulk\_extractor, foremost, scalpel, photorec/testdisk, X‑Ways Forensics (comm), EnCase (comm), Magnet AXIOM (comm), OSFMount, FTK Imager, tsk\_recover, Eric Zimmerman tools (MFTECmd, RECmd, Kape, JLECmd, LECmd, PECmd).
Browser, App & Cloud Forensics
Hindsight (Chrome), Unfurl, HARalyzer, ALEAPP/iLEAPP/RELEAPP (mobile artifacts), Kape (again), Timesketch, Plaso (log2timeline), StreamAlert (CloudTrail pipeline), CloudTrail Lake (service), Azure Sentinel (Kusto), GCP Forensics (gcptoolkit, gcsfuse usage in IR), DFIR‑IRIS (case mgmt).
Network, IDS/NIDS & PCAP
Wireshark/tshark/Termshark, tcpdump, Zeek, Suricata, Snort, Arkime (Moloch), Brim/Zui, netsniff‑ng, tcpreplay, CapLoader (comm), NetworkMiner (Win), p0f, RITA (beaconing), JA3/JA3S, HASSH/HASSH‑S, Zeek‑community scripts.
eBPF, Runtime & Cloud Observability (Security‑use)
bcc‑tools, bpftrace, Tracee (Aqua), Tetragon (Cilium), Falco, Sysdig Inspect, Hubble (Cilium), Pixie (CNCF), Parca (profiling), Kepler (energy telemetry), Procmon‑for‑Linux, Auditd/auditbeat.
Containers, Images & Kubernetes
Trivy + Trivy Operator, Grype, Syft, Clair, Dockle, Dive, kube‑bench, kube‑hunter, kubeaudit, Kubescape, Kubesec, Polaris, Kyverno, OPA/Gatekeeper, RBAC‑Police, rback, kubeletctl, Peirates, CDK (Container Attack Toolkit), KubeArmor, Tracee, Tern (SBOM), KubeClarity, Chain‑Bench (BridgeCrew).
Cloud Security – AWS
Prowler, ScoutSuite, CloudMapper, Cartography, CloudQuery, Pacu, WeirdAAL, CloudSploit (Aqua), CloudSplaining, Parliament (IAM policy lint), policy\_sentry, iamlive, Cloud Custodian, Steampipe + AWS mods, S3Scanner, Principal Mapper (PMapper), aws‑inventory, aws‑ls, SkyArk (also Azure).
Cloud Security – Azure & AAD
ROADTools (roadrecon/roadsrecon), AADInternals, AzureHound (BloodHound), Stormspotter, MicroBurst, MSOLSpray, AAD‑connect‑enumeration scripts, Azucar, AzureADExplorer, Azure Policy as Code (AzAdvertizer refs), Sentinel KQL content packs.
Cloud Security – GCP
ScoutSuite (GCP), Forseti Security (legacy), GCPBucketBrute, gcloud‑enum scripts, GCP IAM Visualization (community), GKE Policy Controller (OPA), Config Validator, Prowler‑GCP (community forks), Steampipe GCP mods.
IaC, Policy‑as‑Code & Compliance
Checkov, tfsec, Terrascan, Conftest (OPA), OPA Rego policies, OpenSCAP/SCAP Workbench, CIS‑CAT Lite, Chef InSpec, Regula, kube‑policy libs, Auditbeat compliance, Compliance Masonry (OpenControl), osquery compliance packs.
SBOM, Supply Chain & SCA
Syft (SBOM), Grype, Trivy, Clair, Tern, cdxgen, CycloneDX‑CLI, SPDX‑tools, Dependency‑Track, OSS Review Toolkit (ORT), GUAC (Graph for software supply chain), Sigstore/cosign, in‑toto, SLSA provenance generators.
Secrets Detection & Key Management
Gitleaks, TruffleHog, detect‑secrets, ggshield, Secretlint, shhgit, repo‑supervisor, Yelp/detect‑secrets server, HashiCorp Vault, AWS Secrets Manager (service), GCP Secret Manager (service), Azure Key Vault (service), Keywhiz (Square), Confidant (Lyft), SOPS + age.
Crypto, PKI & PQC
OpenSSL/LibreSSL, step‑cli + step‑ca (Smallstep), CFSSL, EJBCA, Dogtag PKI, cert‑manager (K8s), mkcert, acme.sh, JWK/Jose tools, ZLint, x509lint, hash\_extender, RsaCtfTool, liboqs (Open Quantum Safe), oqs‑openssl/oqs‑provider, PQClean, CIRCL (Cloudflare).
Blue‑Team Hardening
Sysmon (Windows) + SwiftOnSecurity config, Olaf Hartong Sysmon Modular, HardeningKitty, Windows Hardening Toolkit, AppLocker samples, Attack Surface Reduction (ASR) rule scripts, CIS Benchmarks tooling, Lynis (Linux), OpenSnitch (Linux app firewall), auditd rules packs.
Deception & Honeypots
OpenCanary, Cowrie, Dionaea, Glastopf (legacy), Conpot (ICS), T‑Pot (multi‑honeypot), HoneyPy, Heralding, rdpy (RDP honey), ADBHoney, Endlessh (slow SSH), Canarytokens (service), HoneyTrap.
IoT & Firmware
Routersploit, Firmadyne, FirmAE, Firmwalker, Firmware‑Mod‑Kit, FACT (Firmware Analysis & Comparison Tool), QEMU system emu, Binwalk, UEFITool/UEFIExtract, CHIPSEC, emba, flashrom, Bus Pirate tools, OpenOCD, Sigrok/PulseView.
ICS/SCADA & OT
GRASSMARLIN, Conpot, ModbusPal, PLCScan, s7comm‑tools, DNP3/IEC‑104 Wireshark dissectors, OpenPLC, ICS‑specific Zeek scripts, Icspector (community), Scapy‑layers‑ICS, Foxhound/Redpoint (vendor ecosystems, refs).
Automotive
SocketCAN/CAN‑utils, SavvyCAN, Kayak, ICSim, python‑can, CANToolz, UDSim, caringcaribou (legacy), IsoTp tools, CANtact utilities, Instrument clusters reverse workflows with Ghidra/IDA.
Passwords, Wordlists & Analytics
Hashcat, John (Jumbo), hashcat‑utils, maskprocessor, statsprocessor, PACK, princeprocessor, kwprocessor, Pipal, CUPP, CeWL, wordlistctl, Probable‑Wordlists, Kaonashi, OneListForAll, seclists‑updates.
Packet Crafting & Traffic Tools
Scapy, hping3, nping, Nemesis, Ostinato (GUI), trafgen, mtr, tc/netem (lab shaping), socat/ncat/nc, iperf3.
Threat Intel & Malware Knowledge
MISP, OpenCTI, IntelMQ, Yeti, CRITs (legacy), Harpoon (TI CLI), IntelOwl, MWDB (CERT.PL), Malpedia, SigmaHQ, sigmac (converters), ATT\&CK Navigator, ATT\&CK Workbench, VTI (services), OSINT‑Feeds parsers.
SIEM, XDR & Case Mgmt
Splunk (free/trial), Elastic Stack, OpenSearch + Dashboards, Graylog, Wazuh (XDR), OSQuery, LimaCharlie (service), TheHive, Cortex, ElastAlert2, Panther (serverless SIEM, OSS/community), Sigma‑to‑{SIEM} toolchains.
Training, CTF & Ranges
CTFd, RootTheBox, Pwnable.kr style setups, Damn Vulnerable Web App (DVWA), bWAPP, Juice Shop, Mutillidae, Hackazon (legacy), Metasploitable, VulnHub images, Ternaus vulnerable labs, CloudGoat (AWS), Flaws2/Flaws‑Cloud, AzureGoat, Kubernetes Goat. BeEF, Social‑Engineer Toolkit (SET), searchsploit (Exploit‑DB), yersinia, responder‑multirelay forks, sparta, legion, wpscan, joomscan, cmsmap, cadaver (WebDAV), dirbuster (legacy), wifiphisher, fluxion, reaver/bully, powersploit, veil‑framework (archived), bed (buffer overflow tester), thc‑ipv6, thc‑hydra, ike‑scan, sipvicious, openvas (gvm), hash‑identifier, mimikatz (Win), unicorn (macro gen; research), weevely (webshell), weePWN (legacy), dnschef, sslstrip/sslsplit (legacy research), sslscan/testssl.sh/sslyze, ridenum (rpc), enumiax (IAx2), onesixtyone (SNMP), snmp‑check.
Enterprise Databases & DB Security
Oracle Database (with sqlplus, tnscmd, ODAT, exploit labs), Microsoft SQL Server (with sqlcmd, PowerUpSQL, MSSQL audit scripts, xp\_cmdshell labs), PostgreSQL (psql, pgcli, pgAudit, pgcrypto), MySQL / MariaDB (mysql CLI, Percona audit, SQLMap integration), MongoDB (mongo shell, nosqlmap, mongod audit), Redis (redis-cli, rogue-server labs), Cassandra, CouchDB, Neo4j (graph database labs, BloodHound integration), Elasticsearch / OpenSearch (search exploitation labs, privilege abuse labs). Training Scenarios: Misconfigurations, SQLi, privilege escalation in stored procedures, database credential leaks, lateral movement via linked servers.
Virtual Machines & OS Environments
Windows Server VMs (AD lab forests, Sysmon telemetry, Defender bypass labs), Windows 10/11 VMs (endpoint detection, privilege escalation training), macOS VM (Objective-See tools, macOS persistence, Gatekeeper bypass labs), Linux Distributions (Debian, Ubuntu, CentOS, Arch for hardening vs attack scenarios), Containerized OS Environments (Docker, Podman, Kubernetes clusters). Training Scenarios: Build entire enterprise networks inside Rose X with multi-VM topologies (Windows + Linux + Mac + DB + WebApps).
Web Applications & CMS Exploitation
Rose X comes pre-loaded with realistic web stacks for attack and remediation: WordPress (wp-scan, plugin vulnerability labs), Joomla (joomscan, RCE practice labs), Drupal (droopescan, Drupalgeddon scenarios), Magento (eCommerce exploitation labs), MediaWiki (wiki privilege escalation labs), Prestashop, OpenCart, phpBB, vBulletin (classic CMS and forum vulnerabilities). Training Scenarios: SQLi, XSS, CSRF, RCE, plugin/backdoor exploitation, patching and hardening guides.
Vulnerability Vines AI Integration
Rose X isn’t just a static OS — it plugs directly into Vulnerability Vines AI for enterprise-grade vulnerability management: DAST, SAST and SCA scans across applications, APIs and containers; AI-powered remediation guidance where Vines generates fixes, configuration changes and hardening steps; risk dashboards mapped to NIST 800-53, ISO 27001, SOC 2 and PCI DSS; continuous integration with DevSecOps pipelines; smart reporting with CVSS scoring, EPS scoring and AI prioritization. This makes Rose X not just a hacker’s playground, but also a defender’s command center.
Rocheston Rosé X is not for Everyone
Rocheston Rose X is not something you can download from the internet, torrent, or buy on a shady website. It is locked away from the public and made available only to students enrolled in the Rocheston Certified Cybersecurity Engineer (RCCE) program. This exclusivity is intentional — Rose X is designed to transform learners into elite cyber defenders, and that kind of mastery cannot be handed out casually.
Other training programs make a mockery of cybersecurity education. They promise mastery in three days, guarantee a pass, and sell meaningless certificates that hold no real-world weight. RCCE is the complete opposite. Our program is the most elite and highly respected cybersecurity certification in the world, because it demands six months of rigorous training powered by Rose X. No shortcuts, no gimmicks, no fake guarantees.
With Rose X at your side, you don’t just learn tools — you conquer entire enterprise environments, from Oracle and Microsoft SQL servers to Windows forests, Linux systems, macOS machines, CMS platforms, cloud workloads, and Kubernetes clusters. You master the full stack of modern cybersecurity while guided by weekly updates, AI-powered labs, and the most realistic cyber range ever created.
This is why Rose X is not for everyone. It is for those willing to commit, to endure, to push through six months of the toughest, most rewarding cyber training in existence. When you finish, you don’t walk away with just a certificate — you walk away with unbeatable expertise, unstoppable confidence, and the prestige of being RCCE certified.
Rose X isn’t just software. It is the badge of belonging to an elite brotherhood of cyber defenders who stand above the rest.
Other training programs make a mockery of cybersecurity education. They promise mastery in three days, guarantee a pass, and sell meaningless certificates that hold no real-world weight. RCCE is the complete opposite. Our program is the most elite and highly respected cybersecurity certification in the world, because it demands six months of rigorous training powered by Rose X. No shortcuts, no gimmicks, no fake guarantees.
With Rose X at your side, you don’t just learn tools — you conquer entire enterprise environments, from Oracle and Microsoft SQL servers to Windows forests, Linux systems, macOS machines, CMS platforms, cloud workloads, and Kubernetes clusters. You master the full stack of modern cybersecurity while guided by weekly updates, AI-powered labs, and the most realistic cyber range ever created.
This is why Rose X is not for everyone. It is for those willing to commit, to endure, to push through six months of the toughest, most rewarding cyber training in existence. When you finish, you don’t walk away with just a certificate — you walk away with unbeatable expertise, unstoppable confidence, and the prestige of being RCCE certified.
Rose X isn’t just software. It is the badge of belonging to an elite brotherhood of cyber defenders who stand above the rest.