Recon, Discovery & OSINT
Amass, Subfinder, Assetfinder, sublist3r, SubDomainizer, dnsx, httpx, gowitness, Eyewitness, aquatone, Nuclei (templates), SpiderFoot, Maltego (CE), recon‑ng, theHarvester, Holehe, Maigret, Sherlock, socialscan, GHunt, Gitmails, gitGraber, git-dumper, Gmap, Metagoofil, FOCA, dorkscout, CloudEnum, S3Scanner, GCPBucketBrute, crt.sh (API/clients), Censys (CLI), Shodan (CLI), BinaryEdge (CLI), Onyphe (CLI), SecurityTrails (CLI), dirsearch, gobuster, ffuf, feroxbuster, waybackurls, gau, katana, hakrawler, Photon, ParamSpider.
Network Mapping & Scanning
Nmap, Masscan, unicornscan, ZMap, RustScan, Netdiscover, arp-scan, fping, hping3, ZGrab2, Scanless, naabu, smbclient, nbtscan, rpcclient, enum4linux‑ng, smbmap, snmpwalk/snmpcheck, ike-scan, ikeprober, sslyze, testssl.sh, sslscan.
DNS, Email & Certificates
dnsenum, dnsrecon, dnstwist, DNSChef, Fierce, Subjack, tlsx, certspotter, crtsh-scraper, dmarcian-tools, checkdmarc, dkimpy, SPF Toolbox (CLI forks), OpenDKIM/OpenDMARC, sslstrip (historical), sslsplit, mkcert, step‑cli, cfssl, x509lint.
Web Application DAST & Recon
Burp Suite (Community/Pro), OWASP ZAP, Nikto, w3af, Arachni (archived), Wapiti, Skipfish (legacy), Skipfish‑mod, Nuclei, dalfox, kxss, XSStrike, tplmap (SSTI), crlfuzz, Corsy (CORS), jwt\_tool, graphw00f, GraphQLmap, InQL, Postman (collections for API tests), kiterunner (kr), ffuf/gobuster/dirsearch/feroxbuster (content discovery), Arjun (params), SSRFmap, NoSQLMap, SQLMap, joomscan, wpscan, droopescan, whatweb, wafw00f, nuclei‑templates‑community, nuclei‑templates‑projectdiscovery, retire.js, Lighthouse CI (security checks), ZAP Baseline.
API & Microservices Security
RESTler, kiterunner, schemathesis, oasdiff (security), 42Crunch CLI (policy), graphql‑security scanners (InQL/GraphQLmap), soapui, grpcurl, grpc‑fuzzer, Burp extensions (Autorize, JWT Editor, GraphQL Raider), ZAP add‑ons (OpenAPI, GraphQL).
Wordlists & Discovery Corpora
SecLists, Probable‑Wordlists, rockyou.txt, Kaonashi, dnscan‑wordlist, fuzzdb, PayloadsAllTheThings, OneListForAll, assetnote‑wordlists, raft‑wordlists.
Passwords, Hashes & Credentials
John the Ripper (Jumbo), Hashcat, hashid/hash‑identifier, pack, princeprocessor, maskprocessor, rsmangler, CUPP, CeWL, Hydra, Medusa, Ncrack, Patator, Crowbar, Kerbrute, Sprayhound, CrackMapExec (spray modules), LaZagne, creddump7, samdump2, gpp‑decrypt, KeePass2john, office2john, pdf2john, unzip2john, psexec.py/wmiexec.py (Impacket), secretsdump.py (Impacket).
Proxies, MITM & Traffic Manipulation
mitmproxy, bettercap, Burp Collaborator, sslsplit, Ettercap‑NG, arpspoof (dsniff), macof, responder, Inveigh, ntlmrelayx (Impacket), mitm6, Evilginx2 (research), Modlishka (research), ferret/hamster (legacy), scapy, socat, redsocks, proxychains‑ng, 3proxy, gost, Tor, Onioncircuits.
Tunneling, Pivoting & Redirectors
chisel, ligolo‑ng, frp (fast reverse proxy), gost, reGeorg/Neo‑reGeorg, sish, sshuttle, iodine (DNS tunnel), dnscat2, ptunnel‑ng, icmptunnel, gost‑socks5, socks5‑relay, rinetd, ncat/nc, socat, wireguard, OpenVPN, autossh.
Wireless (Wi‑Fi)
Aircrack‑ng suite, hcxdumptool/hcxtools, Wifite2, Kismet, Reaver, Bully, mdk4, airodump‑ng/aireplay‑ng, airgeddon, hostapd‑wpe, eaphammer, WPS‑Netsniffers, WiFi‑Pumpkin (legacy), Wlan‑pi tools, wavemon.
Bluetooth, BLE, Zigbee, RFID/NFC
BlueZ, btmon, hcitool, blue-hydra, bluelog, BtleJack, BLEAH, gatttool, GATTacker, BtleJuice, ubertooth‑tools, Crackle, Rfcat (Yard Stick One), KillerBee (Zigbee), zbdump/zbwireshark, RZUSBStick tools, Proxmark3 client, mfoc, mfcuk, libnfc‑tools, NFC‑Tools, ChameleonMini client.
SDR & RF Analysis
GNU Radio, GQRX, URH (Universal Radio Hacker), Inspectrum, SigDigger, SDRangel, rtl\_433, rtl\_sdr, SoapySDR, HackRF tools, BladeRF tools, gr‑gsm, gr‑ieee802.11, OpenLTE, srsRAN.
Exploit Development, Binary Exploitation & Fuzzing
pwntools, angr, radare2/rizin, Cutter, GEF, PEDA, Pwndbg, ROPgadget, Ropper, one\_gadget, rp++, AFL++, honggfuzz, libFuzzer, boofuzz, Peach Fuzzer (commercial), zzuf, Radamsa, syzkaller, kAFL, rr (Mozilla), Frida, Qiling, Triton (dynamic binary analysis), Unicorn Engine, Keystone, Capstone.
Exploit Frameworks, C2 & Payload Tooling
Metasploit Framework, Sliver C2, Covenant, Mythic, Havoc, Merlin, PoshC2, Empire (resurrected forks), Koadic, Quasar (Windows RAT; research), Cobalt Strike (commercial), Brute Ratel (commercial), Veil‑Framework (archived), Donut (shellcode loader), NimPackt (research), SharpCollection (various post‑ex tools).
Active Directory, Windows & Lateral Movement
Impacket suite (psexec, wmiexec, smbexec, secretsdump, lookupsid, getTGT, getST, ntlmrelayx), CrackMapExec, BloodHound + SharpHound, neo4j (backend), Rubeus, Mimikatz, SafetyKatz, PowerView, PowerSploit, PowerUp, PrivescCheck, Seatbelt, WinPEAS, Kerbrute, certipy‑ad, ADCSPwn, PKINITtools, gMSADumper, adidnsdump, LDAPDomainDump, evil‑winrm, SMBMap, CME‑spider\_plus, Coercer, PetitPotam, DFSCoerce, KrbRelayUp, SpoolSample, PrintNightmare PoCs (research only).
Linux & Unix Privilege Escalation & Enumeration
LinPEAS, LinEnum, linux‑smart‑enumeration (lse), pspy, LES (Linux Exploit Suggester 1/2), GTFOBins (reference), BeRoot (legacy), suid3num, unix‑privesc‑check, bashark, chkrootkit, rkhunter.
Reverse Engineering & Decompilers
Ghidra, IDA Free (limited), Binary Ninja (commercial), Hopper (commercial), radare2/rizin, Cutter, RetDec, JD‑GUI, CFR, Procyon, jadx/jadx‑gui, apktool, Androguard, dnSpyEx, ILSpy, JEB (commercial), x64dbg, OllyDbg (legacy), WinDbg, LLDB, GDB.
Malware Analysis & YARA
YARA, yarGen, PE‑Sieve, FLOSS (FireEye/FLARE), capa (FLARE), pefile, LIEF, Detect It Easy (DIE), Exeinfo PE, PEStudio, Procmon/ProcExplorer (Sysinternals), RegRipper, CAPE sandbox, Cuckoo Sandbox, Joe Sandbox (service), FireEye Sandbox (service), MalDuck, ThreatCheck, ShellcodeFluctuation tools (research), OfficeMalScanner, oledump/oletools, Didier Stevens Suite.
Network Traffic Analysis, NIDS & PCAP
Wireshark, tshark, Termshark, tcpdump, ngrep, Zeek (Bro), Suricata, Snort, Arkime (Moloch), Brim/Zui, netsniff‑ng, tcpreplay, tcpxtract, chaosreader, NetworkMiner (Windows), CapLoader (commercial), maltrail, Security Onion (distro).
SIEM, Logging, EDR/XDR & Telemetry
Elastic (Elasticsearch, Logstash, Kibana), OpenSearch (+ Dashboards), Beats/Winlogbeat/Filebeat/Packetbeat, Splunk (trial/free), Graylog, Wazuh (SIEM/XDR), OSQuery, Sysmon (Windows), Sysmon for Linux, Velociraptor, GRR Rapid Response, LimaCharlie (service), TheHive, Cortex, SigmaHQ (rules), ElastAlert2, OpenEDR, Sysdig (Falco integration).
Incident Response & DFIR: Acquisition & Analysis
Volatility 2/3, Rekall, LiME (Linux Memory Extractor), DumpIt/Magnet RAM Capture (Win), FTK Imager (Win), Guymager, dc3dd, dd, ewf‑tools/libewf, Autopsy & Sleuth Kit, Plaso (log2timeline), Timesketch, KAPE (Win), Eric Zimmerman tools (Win), HxD, bulk\_extractor, RegRipper, Velociraptor (again), ALEAPP/iLEAPP/RELEAPP (mobile artifacts), Chainsaw (Windows event log hunting), Hayabusa (EVTX hunting), EvtxECmd.
DFIR: Case Management & Playbooks
TheHive, Cortex Analyzers, DFIR‑IRIS, FIR, RTIR (Request Tracker for IR), IntelMQ, MISP, OpenCTI, Timesketch (again), Elastic Cases, Wazuh cases.
Threat Intelligence & Sharing
MISP, OpenCTI, IntelMQ, Cortex + analyzers, Yeti, CRITs (legacy), spiderfoot‑HX, SigmaHQ, STIX/TAXII clients (cabby, mitre‑cti data), ATT\&CK Navigator, ATT\&CK Workbench, VTI (services), Threat Bus, VortexTI (community), unfetter‑discovery (legacy).
Steganography & Data Hiding/Detection
steghide, stegoveritas, zsteg, outguess, stegcracker, stegseek, OpenStego, exiftool, pngcheck, binwalk, foremost, bulk\_extractor (again), bstrings, stegsnow.
Containers & Kubernetes Security
Trivy, Grype, Syft, Clair, Dockle, Docker Bench for Security, kube‑bench (CIS), kube‑hunter, kubeaudit, kubescape, KubeLinter, Polaris, KubeArmor, Falco, Tracee (eBPF), Kepler (observability), Kyverno (policy), OPA/Gatekeeper, kubesec, Popeye, kubetail, Stern, KubiScan, rbac‑policies‑lint, Kompany (RBAC viz), Kubesploit (research), Chainguard images (distroless).
Cloud Security (AWS / Azure / GCP)
Prowler (AWS), ScoutSuite, CloudMapper (AWS), Cartography (Lyft), PMapper (AWS IAM viz), Principal‑UID tools, Cloudsploits/Aqua, prowler‑azure, pacu (AWS exploitation framework), weirdAAL (AWS), Steampipe + cloud mods, Cloud Custodian, Checkov, tfsec, Terrascan, cfn‑nag, AzureHound/AzureAD module for BloodHound, MicroBurst (Azure), roadrecon (AAD), stormspotter (AAD), gcloud‑enum scripts, GCP‑IAM‑viz, GCPBucketBrute (again), gsutil gsutil‑ACL audits, ScoutSuite‑gcp.
IaC Scanning, Policy‑as‑Code & Compliance
Checkov, tfsec, Terrascan, Semgrep IaC rules, kube‑policies (Kyverno/OPA), conftest (OPA), OpenSCAP, SCAP Workbench, scap‑security‑guide (SSG), Lynis, Chef InSpec, osquery compliance packs, CIS Cat Lite (limited), Auditbeat rules, Falco rules (compliance-ish), Compliance Masonry (OpenControl), Regula.
DevSecOps, SAST/DAST/SCA & Secrets
Semgrep, SonarQube, CodeQL, Bandit (Python), Safety (Python deps), pip‑audit, pip‑grip, Trivy (SCA), Syft/Grype, OWASP Dependency‑Check, Retire.js, npm‑audit, yarn‑audit, Gosec (Go), Brakeman (Rails), FindSecBugs/SpotBugs (Java), PMD, ESLint security plugins, Flawfinder (C/C++), RIPS (legacy), ZAP baseline/automation, git‑leaks (Gitleaks), TruffleHog, detect‑secrets, ggshield (GitGuardian CLI), repo‑supervisor.
Mobile Security (Android & iOS)
MobSF, Drozer, Frida, Objection, apktool, jadx, Androguard, QARK, qark‑mod, House (iOS runtime instrumentation), Needle (iOS), r2frida, idb, otool/otx (mach‑o), class‑dump, bagbak, checkra1n (research), Android‑Backup‑Extractor, Magisk (research), mitmproxy/Burp mobile proxies, AppMon (legacy), Hopper (macOS/iOS), Ghidra iOS loaders.
IoT, Firmware & Hardware
Binwalk, Firmadyne, FirmAE, Firmwalker, Firmware‑Mod‑Kit, QEMU system emulators, Qiling (firmware emu), emba (firmware analyzer), FRAK, uefitool/UEFIExtract, CHIPSEC, flashrom, JTAGulator, OpenOCD, Bus Pirate tools, i2c‑tools, sigrok/PulseView, Logic2 (Saleae), radare2 (firmware), ghidra‑firmware loaders.
ICS/SCADA & OT
Conpot (honeypot), GRASSMARLIN, PLCScan, S7comm tools, Modbus‑scan, ModbusPal, Wireshark dissectors (DNP3, IEC‑104), ICS‑CERT scripts (archived), Scapy‑layers for ICS, FoxGuard ICS tools (refs), Icspector (community), CryPLH (research), Tofino (commercial references), OpenPLC (research), efs2 tools (vendor‑specific; limited OSS).
Honeypots & Deception
Cowrie (SSH/Telnet), Dionaea, Glutton, T‑Pot (multi‑honeypot distro), Conpot (ICS), HoneyDB sensor, Elastichoney, Mailoney, rdpy (RDP Honey), ADBHoney, Heralding, Honeytrap, Honeyd (legacy), kube‑hunter (as trap), Canarytokens (service).
Privacy, OPSEC & Anonymity
Tor, torsocks, Privoxy, I2P, Whonix (distro), WireGuard, OpenVPN, Tailscale (service), pgp/gpg, age (file encryption), sops (Mozilla SOPS), OnionShare, MAT2 (metadata anonymizer).
Cryptography, PKI & Key Management
OpenSSL/LibreSSL, HashiCorp Vault, step‑cli (Smallstep), cfssl, Keytool, GnuPG, age, sops, RHash, BouncyCastle tools, JWK tools, jwcrypto, certbot, acme.sh, mkcert, minica, xca, SoftHSM, pkcs11‑tools.
Blue Team Hardening & Benchmarks
Lynis, OpenSCAP/SSG, CIS‑Bench scripts, osquery packs, Wazuh audit rules, auditd, sysctl hardening scripts, Windows Hardening Toolkit (community), HardenTools, CIS‑CAT Lite (limited), kube‑bench, kube‑linter, Falco rules.
Data Exfiltration Detection & DLP‑Adjacents (Open Source)
Zeek file extraction + signatures, Suricata file store + rules, Arkime (index PCAP), Stenographer (Google), netsniff‑ng ring buffer, pcap‑ng indexing scripts, yextend (YARA on files at rest), Loki (YARA scanner), Thor Lite (limited).
Automation, Glue & Scripting Frameworks (Security‑Focused)
Ansible, Terraform (with guardrails), Packer, Make, Nornir (network automation), Netmiko/Paramiko, SaltStack, Fabric, mitmproxy scripting, Scapy, pwntools, angr, Keystone/Capstone/Unicorn, Volatility plugins, Splunk SDKs, Elastic clients, Sigma converters (sigmac), mitreattack‑python, OpenAI/LLM assistants for code gen (policy‑guarded).
Automotive Security (CAN, UDS, Infotainment)
CAN‑utils, ICSim, SavvyCAN, Kayak (KAYAK), SocketCAN tools, python‑can, CANtact tools, CANToolz, UDSim, caringcaribou (legacy), OpenGarages tools, Frida/Objection on infotainment systems (research), Ghidra/IDA for ECU firmware.
CMD
Nmap, Masscan, Burp Suite, ZAP, Nikto, sqlmap, wfuzz/ffuf/gobuster/dirbuster/dirsearch, Hydra/Medusa/Ncrack, John/Hashcat, Aircrack‑ng, Kismet, Reaver, WiFite, Bettercap, Hping3, Scapy, Responder, Impacket, CrackMapExec, Mimikatz (Windows), BloodHound, Neo4j, enum4linux‑ng, smbmap, dnsrecon/dnsenum, dnstwist, whatweb, wpscan, joomscan, Nikto, Arachni (archived), w3af, sqlmap, theHarvester, Maltego (CE), recon‑ng, weevely, metasploit‑framework, msfvenom, netcat/ncat/socat, tcpdump, Wireshark, tshark, Ettercap, arpspoof, sslscan, testssl.sh, sslyze, BeEF (research), SET (Social‑Engineer Toolkit), PowerSploit/PowerView, Veil (archived), OpenVAS/Greenbone (separate).
Purple Team & Adversary Emulation
MITRE CALDERA, Atomic Red Team, Invoke‑AtomicRedTeam, AtomicTestHarnesses, VECTR (SRA), Prelude Operator, Infection Monkey, Stratus Red Team, Uber Metta, APTSimulator, PurpleSharp, Red Team Automation (RTA), SCYTHE (commercial), AttackIQ (commercial), Picus (commercial), Splunk Attack Range, DetectionLab, Terraform‑Attack‑Range, RedHunt OS, SimuLand.
Vulnerability Scanners & VM Programs
Greenbone OpenVAS / GVM, Nessus, Nexpose/InsightVM, Qualys, Vuls, OpenVAS gvm‑tools, OpenVAS‑Scanner, Nikto2, Nmap Vulners NSE + vulscan, Lynis (host hardening audit), OpenSCAP + SSG, GRR Rapid Response (also IR), Vulners CLI, OWASP Dependency‑Check, Anchore Engine.
Reporting, Collab & Vuln Management
Dradis, Faraday, Serpico, PwnDoc, DefectDojo, Seccubus, ArcherySec, ThreadFix (commercial), PlexTrac (commercial), Vulnreport, Poortego, CaseFile (Maltego), Rapport (community).
OSINT (People/Companies/Assets)
PhoneInfoga, WhatsMyName, Blackbird, Twint (legacy), snscrape, h8mail, Breach‑Parser, dehashed CLI (service), emailrep.io CLI (service), ExifTool, pymeta, FOCA (Win), Creepy (geolocation), PhotonOSINT, Social Analyzer, Maigret (alt to Sherlock), DumpsterDiver (S3/archives), Gitrob (legacy), Gitleaks‑sbom, CloudQuery (OSINT via CSPs).
Attack Surface Discovery (ASM)
puredns, massdns, anew, asnmap, mapcidr, httprobe, hakrevdns, asnlookup, dnsprobe, zgrab2 (banner), zmap, tlsx, gau/waybackurls, katana (crawler), interlace (task runner), chaos‑client (ProjectDiscovery), Censys‑CLI, Shodan CLI, SecurityTrails CLI, BinaryEdge CLI.
Email Security, Phishing Sim & Analysis
GoPhish, King Phisher, Phishing Frenzy (legacy), LUCY (commercial), Gophish‑Tools, Urlscan.io CLI, emlAnalyzer, MSGViewer, oledump/oletools (analysis), PhishDetect, MailSniper (O365), Rspamd, SpamAssassin, OpenDKIM, OpenDMARC.
Web & API
wfuzz, ffuf‑scripts, feroxbuster‑templates, tplmap (SSTI), x8 (XSS/XXE tester), GraphQLCop, Clairvoyance (GraphQL introspection), Autorize (Burp), Param Miner (Burp), Hackvertor (Burp), Retire.js, Lighthouse‑CI security checks, ftw (WAF testing framework), mod\_security + OWASP CRS, NAXSI (NGINX WAF).
Out‑of‑Band & Collaborators
Interactsh (ProjectDiscovery), Burp Collaborator Everywhere (ext), DNSDumpster (service), canarytokens‑cli, Webhook.site (service), requestbin‑like tools.
Databases (SQL/NoSQL)
sqlmap‑tamper‑packs, sqlninja (legacy), ODAT (Oracle), tnscmd10g, PowerUpSQL, SQLRecon, NoSQLMap, mongoaudit (legacy), Redis‑Rogue‑Server (research), mssqlclient.py (Impacket), Postgres‑audit‑scripts, MariaDB audit plugins.
Windows AD / Lateral Movement
PingCastle, Purple Knight, ADExplorer (Sysinternals), ADACLScanner, ACLight, LDAPDomainDump, Grouper2, GPP‑Password tools, SharpHound, BloodHound CE, SharpRDP, SharpSocks, Snaffler, PrintNightmare PoCs (research only), SpoolSample, PetitPotam/DFSCoerce (research), Rubeus, Certipy‑AD, KrbRelayUp, PowerView, PowerSploit, PowerUp, PrivescCheck, WES‑NG (Windows Exploit Suggester), evil‑winrm.
Linux/Unix Priv‑Esc & Enum
LinPEAS, LinEnum, linux‑smart‑enumeration, LES1/LES2, pspy, pwnkit‑checkers, GTFOBins (ref), BeRoot (legacy), suid3num, unix‑privesc‑check, Enumy, Debsecan, Checksec, Hardening‑check.
macOS Security (Objective‑See & Others)
LuLu, KnockKnock, BlockBlock, TaskExplorer, Netiquette, Dylib Hijack Scanner, KextViewr, Oversight, Do Not Disturb, RansomWhere?, ReiKey, Santa (Google), osquery (mac), mac\_apt, macos‑unified‑logs tools.
Wireless, Wi‑Fi & Rogue AP
Aircrack‑ng suite, hcxdumptool/hcxpcapngtool, Wifite2, Airgeddon, Reaver/Bully, Kismet, mdk4, hostapd‑wpe, EAPHammer, Wifiphisher, Fluxion, Wlan‑Pi tools, Bettercap Wi‑Fi, wavemon.
Bluetooth/BLE/Zigbee/RFID/NFC
Ubertooth‑tools, Crackle, BlueHydra, BtleJack, BLEAH, gattacker, btlejuice, GATTTool, Proxmark3 client, mfoc/mfcuk, ChameleonMini/Tiny clients, RfCat, KillerBee suite, zbstumbler, zbwireshark.
SDR & RF
GNU Radio, GQRX, URH, Inspectrum, SDRangel, rtl\_433, kalibrate‑rtl, gr‑gsm, srsRAN, OpenLTE, BladeRF/HackRF tools, SoapySDR, SigDigger.
VoIP, SIP & RTC
SIPVicious‑NG, sngrep, rtpbreak, rtpsnoop, inviteflood (research), rtpflood (research), VoIP Hopper, SIPp, Asterisk‑security scripts, RTPinject (research).
Proxies, MITM, Tunnels & Pivoting
mitmproxy, Bettercap, sslsplit, Ettercap‑NG, arpspoof, Responder, Inveigh, ntlmrelayx, mitm6, Evilginx2 (research), Modlishka (research), chisel, ligolo‑ng, frp, gost, reGeorg/Neo‑reGeorg, sshuttle, sish, socat, iodine, dnscat2, ptunnel‑ng, wireguard, OpenVPN, rinetd.
C2, Post‑Ex & Tradecraft
Metasploit, Sliver, Mythic, Merlin, Covenant, PoshC2, Empire (revived forks), Havoc, Koadic, Donut, SharpCollection, PowerSharpPack, GhostPack, Seatbelt, LaZagne, SharpUp, SharpDump, SILENTTRINITY, QuasarRAT (research), Brute Ratel (commercial), Cobalt Strike (commercial).
Reverse Engineering & Diffing
Ghidra, IDA Free, Binary Ninja (comm), Hopper (comm), radare2/rizin, Cutter, RetDec, JD‑GUI, CFR, Procyon, jadx, apktool, Androguard, dnSpyEx, ILSpy, x64dbg, WinDbg, LLDB, GDB, Frida, Qiling, Triton, Unicorn/Keystone/Capstone, Diaphora, BinDiff (comm).
Malware Analysis & Sandboxes
YARA, yarGen, capa, FLOSS, PE‑sieve, pefile, LIEF, Detect‑It‑Easy (DIE), Exeinfo PE, PEStudio, Didier Stevens Suite (pdfid/pdf‑parser), ioc‑extractor, CAPE Sandbox, Cuckoo, Speakeasy (emulation), MalDetect, Procmon/ProcExp/Sysinternals, RegRipper, Raccine (ransomware mitigator).
Memory/Live Forensics
Volatility 2/3, Rekall, MemProcFS, Winpmem, AVML, DumpIt, Magnet RAM Capture, Belkasoft RAM Capture, LiME, pmem suite, Redline (legacy), Velociraptor (also IR/DFIR), Hibernation Recon (comm).
Disk & Filesystem Forensics
Sleuth Kit & Autopsy, Guymager, ewf‑tools/libewf, dc3dd, ddrescue, bulk\_extractor, foremost, scalpel, photorec/testdisk, X‑Ways Forensics (comm), EnCase (comm), Magnet AXIOM (comm), OSFMount, FTK Imager, tsk\_recover, Eric Zimmerman tools (MFTECmd, RECmd, Kape, JLECmd, LECmd, PECmd).
Browser, App & Cloud Forensics
Hindsight (Chrome), Unfurl, HARalyzer, ALEAPP/iLEAPP/RELEAPP (mobile artifacts), Kape (again), Timesketch, Plaso (log2timeline), StreamAlert (CloudTrail pipeline), CloudTrail Lake (service), Azure Sentinel (Kusto), GCP Forensics (gcptoolkit, gcsfuse usage in IR), DFIR‑IRIS (case mgmt).
Network, IDS/NIDS & PCAP
Wireshark/tshark/Termshark, tcpdump, Zeek, Suricata, Snort, Arkime (Moloch), Brim/Zui, netsniff‑ng, tcpreplay, CapLoader (comm), NetworkMiner (Win), p0f, RITA (beaconing), JA3/JA3S, HASSH/HASSH‑S, Zeek‑community scripts.
eBPF, Runtime & Cloud Observability (Security‑use)
bcc‑tools, bpftrace, Tracee (Aqua), Tetragon (Cilium), Falco, Sysdig Inspect, Hubble (Cilium), Pixie (CNCF), Parca (profiling), Kepler (energy telemetry), Procmon‑for‑Linux, Auditd/auditbeat.
Containers, Images & Kubernetes
Trivy + Trivy Operator, Grype, Syft, Clair, Dockle, Dive, kube‑bench, kube‑hunter, kubeaudit, Kubescape, Kubesec, Polaris, Kyverno, OPA/Gatekeeper, RBAC‑Police, rback, kubeletctl, Peirates, CDK (Container Attack Toolkit), KubeArmor, Tracee, Tern (SBOM), KubeClarity, Chain‑Bench (BridgeCrew).
Cloud Security – AWS
Prowler, ScoutSuite, CloudMapper, Cartography, CloudQuery, Pacu, WeirdAAL, CloudSploit (Aqua), CloudSplaining, Parliament (IAM policy lint), policy\_sentry, iamlive, Cloud Custodian, Steampipe + AWS mods, S3Scanner, Principal Mapper (PMapper), aws‑inventory, aws‑ls, SkyArk (also Azure).
Cloud Security – Azure & AAD
ROADTools (roadrecon/roadsrecon), AADInternals, AzureHound (BloodHound), Stormspotter, MicroBurst, MSOLSpray, AAD‑connect‑enumeration scripts, Azucar, AzureADExplorer, Azure Policy as Code (AzAdvertizer refs), Sentinel KQL content packs.
Cloud Security – GCP
ScoutSuite (GCP), Forseti Security (legacy), GCPBucketBrute, gcloud‑enum scripts, GCP IAM Visualization (community), GKE Policy Controller (OPA), Config Validator, Prowler‑GCP (community forks), Steampipe GCP mods.
IaC, Policy‑as‑Code & Compliance
Checkov, tfsec, Terrascan, Conftest (OPA), OPA Rego policies, OpenSCAP/SCAP Workbench, CIS‑CAT Lite, Chef InSpec, Regula, kube‑policy libs, Auditbeat compliance, Compliance Masonry (OpenControl), osquery compliance packs.
SBOM, Supply Chain & SCA
Syft (SBOM), Grype, Trivy, Clair, Tern, cdxgen, CycloneDX‑CLI, SPDX‑tools, Dependency‑Track, OSS Review Toolkit (ORT), GUAC (Graph for software supply chain), Sigstore/cosign, in‑toto, SLSA provenance generators.
Secrets Detection & Key Management
Gitleaks, TruffleHog, detect‑secrets, ggshield, Secretlint, shhgit, repo‑supervisor, Yelp/detect‑secrets server, HashiCorp Vault, AWS Secrets Manager (service), GCP Secret Manager (service), Azure Key Vault (service), Keywhiz (Square), Confidant (Lyft), SOPS + age.
Crypto, PKI & PQC
OpenSSL/LibreSSL, step‑cli + step‑ca (Smallstep), CFSSL, EJBCA, Dogtag PKI, cert‑manager (K8s), mkcert, acme.sh, JWK/Jose tools, ZLint, x509lint, hash\_extender, RsaCtfTool, liboqs (Open Quantum Safe), oqs‑openssl/oqs‑provider, PQClean, CIRCL (Cloudflare).
Blue‑Team Hardening
Sysmon (Windows) + SwiftOnSecurity config, Olaf Hartong Sysmon Modular, HardeningKitty, Windows Hardening Toolkit, AppLocker samples, Attack Surface Reduction (ASR) rule scripts, CIS Benchmarks tooling, Lynis (Linux), OpenSnitch (Linux app firewall), auditd rules packs.
Deception & Honeypots
OpenCanary, Cowrie, Dionaea, Glastopf (legacy), Conpot (ICS), T‑Pot (multi‑honeypot), HoneyPy, Heralding, rdpy (RDP honey), ADBHoney, Endlessh (slow SSH), Canarytokens (service), HoneyTrap.
IoT & Firmware
Routersploit, Firmadyne, FirmAE, Firmwalker, Firmware‑Mod‑Kit, FACT (Firmware Analysis & Comparison Tool), QEMU system emu, Binwalk, UEFITool/UEFIExtract, CHIPSEC, emba, flashrom, Bus Pirate tools, OpenOCD, Sigrok/PulseView.
ICS/SCADA & OT
GRASSMARLIN, Conpot, ModbusPal, PLCScan, s7comm‑tools, DNP3/IEC‑104 Wireshark dissectors, OpenPLC, ICS‑specific Zeek scripts, Icspector (community), Scapy‑layers‑ICS, Foxhound/Redpoint (vendor ecosystems, refs).
Automotive
SocketCAN/CAN‑utils, SavvyCAN, Kayak, ICSim, python‑can, CANToolz, UDSim, caringcaribou (legacy), IsoTp tools, CANtact utilities, Instrument clusters reverse workflows with Ghidra/IDA.
Passwords, Wordlists & Analytics
Hashcat, John (Jumbo), hashcat‑utils, maskprocessor, statsprocessor, PACK, princeprocessor, kwprocessor, Pipal, CUPP, CeWL, wordlistctl, Probable‑Wordlists, Kaonashi, OneListForAll, seclists‑updates.
Packet Crafting & Traffic Tools
Scapy, hping3, nping, Nemesis, Ostinato (GUI), trafgen, mtr, tc/netem (lab shaping), socat/ncat/nc, iperf3.
Threat Intel & Malware Knowledge
MISP, OpenCTI, IntelMQ, Yeti, CRITs (legacy), Harpoon (TI CLI), IntelOwl, MWDB (CERT.PL), Malpedia, SigmaHQ, sigmac (converters), ATT\&CK Navigator, ATT\&CK Workbench, VTI (services), OSINT‑Feeds parsers.
SIEM, XDR & Case Mgmt
Splunk (free/trial), Elastic Stack, OpenSearch + Dashboards, Graylog, Wazuh (XDR), OSQuery, LimaCharlie (service), TheHive, Cortex, ElastAlert2, Panther (serverless SIEM, OSS/community), Sigma‑to‑{SIEM} toolchains.
Training, CTF & Ranges
CTFd, RootTheBox, Pwnable.kr style setups, Damn Vulnerable Web App (DVWA), bWAPP, Juice Shop, Mutillidae, Hackazon (legacy), Metasploitable, VulnHub images, Ternaus vulnerable labs, CloudGoat (AWS), Flaws2/Flaws‑Cloud, AzureGoat, Kubernetes Goat. BeEF, Social‑Engineer Toolkit (SET), searchsploit (Exploit‑DB), yersinia, responder‑multirelay forks, sparta, legion, wpscan, joomscan, cmsmap, cadaver (WebDAV), dirbuster (legacy), wifiphisher, fluxion, reaver/bully, powersploit, veil‑framework (archived), bed (buffer overflow tester), thc‑ipv6, thc‑hydra, ike‑scan, sipvicious, openvas (gvm), hash‑identifier, mimikatz (Win), unicorn (macro gen; research), weevely (webshell), weePWN (legacy), dnschef, sslstrip/sslsplit (legacy research), sslscan/testssl.sh/sslyze, ridenum (rpc), enumiax (IAx2), onesixtyone (SNMP), snmp‑check.
Enterprise Databases & DB Security
Oracle Database (with sqlplus, tnscmd, ODAT, exploit labs), Microsoft SQL Server (with sqlcmd, PowerUpSQL, MSSQL audit scripts, xp\_cmdshell labs), PostgreSQL (psql, pgcli, pgAudit, pgcrypto), MySQL / MariaDB (mysql CLI, Percona audit, SQLMap integration), MongoDB (mongo shell, nosqlmap, mongod audit), Redis (redis-cli, rogue-server labs), Cassandra, CouchDB, Neo4j (graph database labs, BloodHound integration), Elasticsearch / OpenSearch (search exploitation labs, privilege abuse labs). Training Scenarios: Misconfigurations, SQLi, privilege escalation in stored procedures, database credential leaks, lateral movement via linked servers.
Virtual Machines & OS Environments
Windows Server VMs (AD lab forests, Sysmon telemetry, Defender bypass labs), Windows 10/11 VMs (endpoint detection, privilege escalation training), macOS VM (Objective-See tools, macOS persistence, Gatekeeper bypass labs), Linux Distributions (Debian, Ubuntu, CentOS, Arch for hardening vs attack scenarios), Containerized OS Environments (Docker, Podman, Kubernetes clusters). Training Scenarios: Build entire enterprise networks inside Rose X with multi-VM topologies (Windows + Linux + Mac + DB + WebApps).
Web Applications & CMS Exploitation
Rose X comes pre-loaded with realistic web stacks for attack and remediation: WordPress (wp-scan, plugin vulnerability labs), Joomla (joomscan, RCE practice labs), Drupal (droopescan, Drupalgeddon scenarios), Magento (eCommerce exploitation labs), MediaWiki (wiki privilege escalation labs), Prestashop, OpenCart, phpBB, vBulletin (classic CMS and forum vulnerabilities). Training Scenarios: SQLi, XSS, CSRF, RCE, plugin/backdoor exploitation, patching and hardening guides.
Vulnerability Vines AI Integration
Rose X isn’t just a static OS — it plugs directly into Vulnerability Vines AI for enterprise-grade vulnerability management: DAST, SAST and SCA scans across applications, APIs and containers; AI-powered remediation guidance where Vines generates fixes, configuration changes and hardening steps; risk dashboards mapped to NIST 800-53, ISO 27001, SOC 2 and PCI DSS; continuous integration with DevSecOps pipelines; smart reporting with CVSS scoring, EPS scoring and AI prioritization. This makes Rose X not just a hacker’s playground, but also a defender’s command center.