Security Framework Tools

This is a collection of tools you can use to build a security framework in a project, a company or any other organization. Some of these tools are open-source software or provide a free plan (community edition).
I couldn't clearly categorize all of these tools. So I put some of them in category that seemed most appropriate to me.

Note: Most of the descriptions come from the projects themselves and from Wikipedia.
Links to external websites open in a new window / tab.

Identify
Protect
Detect
- SIEM & Monitoring
Respond
- Incident Response & SOAR
- Forensics
Recover
- Backup

Identify

Asset Management
AssetTiger	AssetTiger makes it easy to track, manage, and audit your assets - from IT equipment to tools, vehicles, and furniture - all in one clean, web-based platform.
ERPNext	Powerful, Intuitive and Open-Source ERP.
GLPI	Open source tool to manage Helpdesk and IT assets.
i-doit	i-doit is the platform solution for integrated IT service management, efficient IT documentation, seamless IT inventory, and powerful add-ons. Automatically create IT audits, network plans, operating manuals, or any other documentation you need.
Inventory360	Analyze, manage, and optimize all IT assets centrally—from hardware, software, and licenses to orders, rentals, and contracts.
Kuwaiba	An enterprise grade, open source Network Inventory System (which covers some aspects of NGOSS/Frameworx), built on top of the Netbeans Platform and Java EE, focused on scalability, reliability, usability and interoperability
Open-AudIT	Open-AudIT intelligently scans an organization’s network and stores the configurations of the discovered devices. A powerful reporting framework enables information such as software licensing, configuration changes, non-authorized devices, capacity utilization and hardware warranty status to be extracted and explored.
Ralph	Full-featured Asset Management, DCIM and CMDB system for data centers and back offices.
ResourceSpace	Easy to use open source Digital Asset Management software from an ethical employee-owned Certified B Corporation®.
Snipe-IT	Open Source Asset Management System.

Risk Assessment & Vulnerability Scanning
Eramba	A community driven GRC solution.
Monarc	MONARC is a tool and a method allowing an optimised, precise and repeatable risk assessment.
Nexpose	A powerful vulnerability management solution providing comprehensive asset visibility across an environment, while also aiding in the prioritization and remediation of risks.
Nikto2	An Open Source (GPL) web server scanner which performs comprehensive tests against web servers for multiple items, including over 7,000 potentially dangerous files/programs, checks for outdated versions of over 1250 servers, and version specific problems on over 270 servers.
OpenVas	A full-featured vulnerability scanner. Its capabilities include unauthenticated and authenticated testing, various high-level and low-level internet and industrial protocols, performance tuning for large-scale scans and a powerful internal programming language to implement any type of vulnerability test.
SimpleRisk	A comprehensive GRC solution.
Vega	A free and open source web security scanner and web security testing platform to test the security of web applications.

Penetration Testing
AutoRecon	A multi-threaded network reconnaissance tool which performs automated enumeration of services. It is intended as a time-saving tool for use in CTFs and other penetration testing environments (e.g. OSCP).
Burp Suite	Burp Suite is a proprietary software tool for security assessment and penetration testing of web applications.
John the ripper (Github)	An Open Source password security auditing and password recovery tool available for many operating systems.
Kali Linux	Kali Linux is an open-source, Debian-based Linux distribution geared towards various information security tasks, such as Penetration Testing, Security Research, Computer Forensics and Reverse Engineering.
Maltego	The all-in-one investigation platform that accelerates complex cyber investigations from hours to minutes.
Metasploit Framework (Github)	The world's most used penetration testing framework.
Mitmproxy	A free and open source interactive HTTPS proxy. Your swiss-army knife for debugging, testing, privacy measurements, and penetration testing. It can be used to intercept, inspect, modify and replay web traffic such as HTTP/1, HTTP/2, HTTP/3, WebSockets, or any other SSL/TLS-protected protocols.
Nmap	Nmap ("Network Mapper") is a free and open source utility for network discovery and security auditing.
Recon-ng	Open Source Intelligence gathering tool aimed at reducing the time spent harvesting information from open sources.
SpiderFoot	An open source intelligence (OSINT) automation tool. It integrates with just about every data source available and utilises a range of methods for data analysis, making that data easy to navigate.
theHarvester	A simple to use, yet powerful tool designed to be used during the reconnaissance stage of a red team assessment or penetration test. It performs open source intelligence (OSINT) gathering to help determine a domain's external threat landscape. The tool gathers names, emails, IPs, subdomains, and URLs by using multiple public resources.
Wapiti (Github)	Wapiti is a web vulnerability scanner written in Python. It performs black-box scans of the web application by crawling the webpages of the deployed webapp, looking for scripts and forms where it can inject data.
ZAP - OWASP Zed Attack Proxy (Github)	The Zed Attack Proxy (ZAP) by Checkmarx is the world’s most widely used web app scanner. It can help you automatically find security vulnerabilities in your web applications while you are developing and testing your applications. It's also a great tool for experienced pentesters to use for manual security testing.

Code Security
DevSkim	A framework of IDE extensions and language analyzers that provide inline security analysis in the dev environment as the developer writes code. It has a flexible rule model that supports multiple programming languages. The goal is to notify the developer as they are introducing a security vulnerability in order to fix the issue at the point of introduction, and to help build awareness for the developer.
Flawfinder	A simple program that examines C/C++ source code and reports possible security weaknesses (“flaws”) sorted by risk level. It’s very useful for quickly finding and removing at least some potential security problems before a program is widely released to the public.
OWASP Dependency Check	A Software Composition Analysis (SCA) tool that attempts to detect publicly disclosed vulnerabilities contained within a project’s dependencies. It does this by determining if there is a Common Platform Enumeration (CPE) identifier for a given dependency. If found, it will generate a report linking to the associated CVE entries.
SonarLint	SonarQube for IDE takes linting to another level empowering you to find & fix code issues in real time.
SonarQube	SonarQube Server automates code quality and security reviews and provides actionable code intelligence so developers can focus on building better, faster.
VisualCodeGrepper	VCG is an automated code security review tool that handles C/C++, Java, C#, VB, PL/SQL, PHP and COBOL.

Protect

Access Control
Apache Syncope	An Open Source system for managing digital identities in enterprise environments, implemented in Java EE technology.
CredoID	A modern, cloud-based access control software platform for multiple controller brands and generations . Whether you manage a single site or a multi-location enterprise, CredoID delivers intuitive, robust control over who gets in — and when.
FreeIPA	Manage Linux users and client hosts in your realm from one central location with CLI, Web UI or RPC access. Enable Single Sign On authentication for all your systems, services and applications.
Keycloak	Open Source Identity and Access Management. Add authentication to applications and secure services with minimum effort. No need to deal with storing users or authenticating users. Keycloak provides user federation, strong authentication, user management, fine-grained authorization, and more.
OpenAM (Github)	Open Access Management (OpenAM) is an access management solution that includes Authentication, SSO, Authorization, Federation, Entitlements, and Web Services Security.
OpenIAM	OpenIAM's easy-to-use converged platform supports Zero Trust initiatives while improving productivity, compliance, and end user experience by implementing a cohesive strategy based on Identity-First Security.
Shibboleth	Secure Identity Management Solutions. Shibboleth products keep workforces connected to vital resources and applications across and between organisations of all sizes.
Soffid	Digital Identity Management: Simple, secure and scalable. With Soffid, you get an agile, secure, and ready-to-use solution that empowers your business growth — while keeping everything under control.
WSO2 Identity Service	A modern, open source access management solution that keeps you ahead of evolving threats and business needs. WSO2’s AI-assisted, API-centric approach ensures your identity infrastructure supports your business growth now and in the future.

Awareness & Training
Gophish	A powerful, open-source phishing framework that makes it easy to test your organization's exposure to phishing.
King Phisher	A tool for testing and promoting user awareness by simulating real world phishing attacks. It features an easy to use, yet very flexible architecture allowing full control over both emails and server content. King Phisher can be used to run campaigns ranging from simple awareness training to more complicated scenarios in which user aware content is served for harvesting credentials.
Phishing Frenzy	Ruby on Rails Phishing Framework.

Data Loss Prevention (DLP)
MyDLP	Data Loss Prevention (DLP) - Only by building context around your most sensitive data will you gain a better understanding of how to protect, prioritize, lock down and monitor your data to avoid damaging data breaches. Large enterprises are not the only ones at risk – small to medium sized businesses are too.
OpenDLP	Data Loss Prevention suite with centralized web frontend to manage Windows agent filesystem scanners, agentless database scanners, and agentless Windows/UNIX filesystem scanners that identify sensitive data at rest.

Key Management
Confidant	An open source secret management service that provides user-friendly storage and access to secrets in a secure way, from the developers at Lyft
Conjur	A seamless open source interface to securely authenticate, control and audit non-human access across tools, applications, containers and cloud environments via robust secrets management.
HashiCorp Vault	Secure, store, and tightly control access to tokens, passwords, certificates, encryption keys for protecting secrets, and other sensitive data using a UI, CLI, or HTTP API.
Keywhiz	A system for managing and distributing secrets. It can fit well with a service oriented architecture (SOA).

Encryption
AESCrypt	A popular file encryption software product available on Windows, macOS, Linux, and FreeBSD that uses the Advanced Encryption Standard (AES) to easily and securely encrypt files.
AxCrypt	Easy to use, Strong, and Secure Encryption.
BoxCryptor	Boxcryptor protects your data in the cloud: in OneDrive, SharePoint, Dropbox, Google Drive and more.
Cryptomator	An open-source software that allows you to securely encrypt your files before uploading them to the cloud. This ensures your data remains protected from unauthorized access – even if cloud providers are compromised.
DiskCryptor	An open encryption solution that offers encryption of all disk partitions, including the system partition.
VeraCrypt (Github)	A free open source disk encryption software for Windows, Mac OSX and Linux.

Web / URL Filtering
E2guardian	A content filtering proxy that can work in explicit and transparent proxy mode or as a ICAP server mode.
GoGuardian	School hours are limited, but they go further with GoGuardian. Save time and help students thrive with streamlined web filtering, classroom management, and harm prevention.
ufdbGuard	ufdbGuard is the best URL filter one can find on the internet that is free and Open Source Software. ufdbGuard for Squid is designed for use with the popular web proxy Squid.

Firewall
Endian	An open-source router, firewall and gateway security Linux distribution developed by the South Tyrolean company Endian. The product is available as either free software, commercial software with guaranteed support services, or as a hardware appliance (including support services).
IPFire_	IPFire_ is the world's leading Open Source firewall distribution.
OPNsense	An open source, feature rich firewall and routing platform, offering cutting-edge network protection.
pfSense	pfSense is a firewall/router computer software distribution based on FreeBSD. The open source pfSense Community Edition (CE) and pfSense Plus is installed on a physical computer or a virtual machine to make a dedicated firewall/router for a network.
Shorewall	Shorewall is a gateway/firewall configuration tool for GNU/Linux.
Smoothwall	Free Open Source firewall solution.
VyOS	An open source network operating system Linux distribution based on Debian. VyOS provides a free routing platform that competes directly with other commercially available solutions from well-known network providers. Because VyOS is run on standard amd64 systems, it can be used as a router and firewall platform for cloud deployments.

IDS / IPS
OpenWIPS-ng	An open source and modular Wireless IPS (Intrusion Prevention System).
OSSEC	A free, open-source host-based intrusion detection system (HIDS). It performs log analysis, integrity checking, Windows registry monitoring, rootkit detection, time-based alerting, and active response. It provides intrusion detection for most operating systems, including Linux, OpenBSD, FreeBSD, OS X, Solaris and Windows. OSSEC has a centralized, cross-platform architecture allowing multiple systems to be easily monitored and managed. OSSEC has a log analysis engine that is able to correlate and analyze logs from multiple devices and formats.
Snort	Snort is the foremost Open Source Intrusion Prevention System (IPS) in the world. Snort IPS uses a series of rules that help define malicious network activity and uses those rules to find packets that match against them and generates alerts for users.
Suricata	A high performance, open source network analysis and threat detection software used by most private and public organizations, and embedded by major vendors to protect their assets.
Zeek	An Open Source Network Security Monitoring Tool. Unlike traditional security tools such as firewalls or intrusion prevention systems, Zeek is not an active defense mechanism. Instead, it operates quietly on a sensor—whether hardware, software, virtual, or cloud-based—analyzing network traffic in real-time. Zeek captures high-fidelity transaction logs, file contents, and customizable data outputs, which are ideal for manual review or integration into SIEM systems for security analysts.

AV & Endpoint Protection
ClamAV	An open-source antivirus engine for detecting trojans, viruses, malware & other malicious threats.
ClamWin	A Free Antivirus program for Microsoft Windows 10 / 8 / 7 / Vista / XP / Me / 2000 / 98 and Windows Server 2012, 2008 and 2003.
Wazuh	Open Source XDR and SIEM protection for endpoints and cloud workloads.

API Management
3Scale	3scale API Management makes it easy to manage your APIs. Share, secure, distribute, control, and monetize your APIs on an infrastructure platform built for performance, customer control, and future growth.
APIman.io	Extensible Open Source API Management.
API Umbrella	An open source API management platform for exposing web service APIs. The basic goal of API Umbrella is to make life easier for both API creators and API consumers.
DreamFactory	Automate the building, securing, and documenting of REST APIs for data products with built-in enterprise security on bare-metal, VMs, or containers.
Fusio	Self-Hosted API Management for Builders.
Gravitee.io	Comprehensive API management software.
Kong	The most widely adopted API gateway and service mesh, powering the world's APIs for modern architectures.
Tyk.io	Tyk is the foundation for secure, governed AI infrastructure, combining API control, LLM safety, and AI-ready transformation in one platform.
WSO2 API Manager	A fully open source platform that gives enterprises complete control and governance over every API—ingress, egress, AI-powered, and agent APIs. With a unified control plane, multiple API gateways, and an AI gateway for managing LLM and agent APIs, WSO2 ensures seamless scalability, security, and flexibility—without vendor lock-in.

Network Access Control

PacketFence

A fully supported, trusted, Free and Open Source network access control (NAC) solution. Boasting an impressive feature set including a captive-portal for registration and remediation, centralized wired, wireless and VPN management, industry-leading BYOD capabilities, 802.1X and RBAC support, integrated network anomaly detection with layer-2 isolation of problematic devices; PacketFence can be used to effectively secure small to very large heterogeneous networks.

VPN
Algo VPN	Algo VPN is a set of Ansible scripts that simplify the setup of a personal WireGuard and IPsec VPN. It uses the most secure defaults available and works with common cloud providers.
Freelan	A free, open-source, multi-platform, peer-to-peer VPN software that abstracts a LAN over the Internet. It works on Windows, Linux and Mac OSX.
OpenVPN	A virtual private network (VPN) system that implements techniques to create secure point-to-point or site-to-site connections in routed or bridged configurations and remote access facilities. It implements both client and server applications.
Outline VPN	Outline makes it easy to create a VPN server, giving anyone access to the free and open internet.
PriTunl	Pritunl is the best open source alternative to proprietary commercial vpn products such as Aviatrix and Pulse Secure. Create larger cloud vpn networks supporting thousands of concurrent users and get more control over your vpn server without any per-user pricing.
SoftEther	An Open-Source Free Cross-platform Multi-protocol VPN Program, as an academic project from University of Tsukuba.
Streisand	Streisand sets up a new server running your choice of WireGuard, OpenConnect, OpenSSH, OpenVPN, Shadowsocks, sslh, Stunnel, or a Tor bridge. It also generates custom instructions for all of these services. At the end of the run you are given an HTML file with instructions that can be shared with friends, family members, and fellow activists.
StrongSwan	Open-source, modular and portable IPsec-based VPN solution.
WireGuard	An extremely simple yet fast and modern VPN that utilizes state-of-the-art cryptography. It aims to be faster, simpler, leaner, and more useful than IPsec, while avoiding the massive headache. It intends to be considerably more performant than OpenVPN. WireGuard is designed as a general purpose VPN for running on embedded interfaces and super computers alike, fit for many different circumstances.

MFA
FreeOTP	A two-factor authentication application for systems utilizing one-time password protocols. Tokens can be added easily by scanning a QR code.
LinOTP	An enterprise level, innovative, flexible and versatile OTP-platform for strong authentication, Developed and maintained by netgo GmbH, LinOTP is scaling from small individual installations through middle sized company scenarios to Cloud-Provider requirements.
MultiOTP	multiOTP open source is a GNU LGPL implementation of a strong two-factor authentication PHP class. multiOTP open source is OATH certified for HOTP/TOTP.
privacyIDEA	privacyIDEA is a modular authentication server that can be used to enhance the security of your existing applications like local login, VPN, remote access, SSH connections, access to web sites or web portals with two factor authentication. Originally it was used for OTP (One Time Password) authentication devices – being an OTP server. But other “devices” like challenge response, U2F, Yubikeys, SSH keys and x509 certificates are also available. It runs on Linux and is completely Open Source, licensed under the AGPLv3.

Sandboxing
Cuckoo Sandbox	Cuckoo Sandbox is the leading open source dynamic malware analysis system.
Sandboxie	A sandbox-based isolation software for 32- and 64-bit Windows NT-based operating systems. It is being developed by David Xanatos since it became open source, before that it was developed by Sophos (which acquired it from Invincea, which acquired it earlier from the original author Ronen Tzur).

Deception
Cowrie SSH & Telnet Honeypot	Cowrie is a medium to high interaction SSH and Telnet honeypot designed to log brute force attacks and the shell interaction performed by the attacker. In medium interaction mode (shell) it emulates a UNIX system in Python, in high interaction mode (proxy) it functions as an SSH and telnet proxy to observe attacker behavior to another system.
DejaVU	A deception platform which can be used to deploy decoys on both cloud(for now we support AWS) and internal network.
Dionaea	Dionaea is meant to be a nepenthes successor, embedding python as scripting language, using libemu to detect shellcodes, supporting ipv6 and tls.
Elastichoney	A simple elasticsearch honeypot designed to catch attackers exploiting RCE vulnerabilities in elasticsearch.
Honeynet	The Honeynet Project is a leading international 501(c)(3) non-profit security research organization, dedicated to investigating the latest attacks and developing open source security tools to improve Internet security.
OWASP Honeypot	The goal of the OWASP Honeypot Project is to identify emerging attacks against web applications and report them to the community, in order to facilitate protection against such targeted attacks.

WAF
ModSecurity	ModSecurity is an open source, cross platform web application firewall (WAF) engine for Apache, IIS and Nginx. It has a robust event-based programming language which provides protection from a range of attacks against web applications and allows for HTTP traffic monitoring, logging and real-time analysis.
NAXSI	NAXSI means Nginx Anti XSS & SQL Injection. NAXSI is an open-source, high performance, low rules maintenance WAF for NGINX.

(D)DoS Protection
DDoS Deflate	(D)DoS Deflate is a lightweight bash shell script designed to assist in the process of blocking a denial of service attack. It utilizes the command below to create a list of IP addresses connected to the server, along with their total number of connections. It is one of the simplest and easiest to install solutions at the software level.
Gatekeeper	Gatekeeper is the first open source DDoS protection system. It is designed to scale to any peak bandwidth, so it can withstand DDoS attacks both of today and of tomorrow.

Certificate Management
Dogtag	The Dogtag Certificate System is an enterprise-class open source Certificate Authority (CA). It is a full-featured system, and has been hardened by real-world deployments. It supports all aspects of certificate lifecycle management, including key archival, OCSP and smartcard management, and much more.
EJBCA	One of the world's most popular PKIs, EJBCA gives you time-proven flexibility and robustness. Unlike other open-source certificate authority and PKI solutions, EJBCA is platform-independent and can be scaled up and down to match your needs.
OpenCA PKI	The PKI Project is the first project of the OpenCA LABS. It is a collaborative effort to develop a robust, full-featured and Open Source out-of-the-box Certification Authority implementing the most used protocols with full-strength cryptography world-wide. OpenCA PKI is based on many Open-Source Projects. Among the supported software is PERL, OpenLDAP, OpenSSL, Apache Project, Apache mod_ssl.

Mail Protection
Hermes SEG	Hermes Secure Email Gateway Community is a Free Open Source Ubuntu based Email Gateway that provides Spam, Virus and Malware protection, full email encryption as well as email archiving.
MailScanner (Github)	MailScanner is an open source email gateway that processes email for spam, viruses, phishing, and other malicious content. MailScanner leverages other open source software such as ClamAV and Spamassassin. MailScanner will run on any NIX platform and includes install packages for popular distributions such as Redhat, Debian, and SUSE in addition to any generic NIX package.
Proxmox	Proxmox Mail Gateway is the leading open-source email security solution helping you to protect your mail server against all email threats from the moment they emerge. The flexible architecture combined with the userfriendly, web-based management interface, allows IT professionals and businesses to control all incoming and outgoing emails with ease, and to protect their users from spam, viruses, phishing and trojans.
ScrolloutF1	An easy to use, already adjusted email gateway (firewall) offering free anti-spam, anti-virus protection in order to secure all existing email servers, such as Microsoft Exchange, Lotus Domino, Postfix, Exim, Qmail and more.
SpamAssassin	Apache SpamAssassin is the #1 Open Source anti-spam platform giving system administrators a filter to classify email and block spam (unsolicited bulk email). It uses a robust scoring framework and plug-ins to integrate a wide range of advanced heuristic and statistical analysis tests on email headers and body text including text analysis, Bayesian filtering, DNS blocklists, and collaborative filtering databases.

Detect

SIEM & Monitoring
Apache Metron	A scalable advanced security analytics framework built with the Hadoop Community evolving from the Cisco OpenSOC Project. A cyber security application framework that provides organizations the ability to detect cyber anomalies and enable organizations to rapidly respond to identified anomalies.
ELK	It's comprised of Elasticsearch, Kibana, Beats, and Logstash (also known as the ELK Stack) and more. Reliably and securely take data from any source, in any format, then search, analyze, and visualize.
Maltrail	A malicious traffic detection system, utilizing publicly available (black)lists containing malicious and/or generally suspicious trails, along with static trails compiled from various AV reports and custom user defined lists, where trail can be anything from domain name, URL, IP address or HTTP User-Agent header value. Also, it uses (optional) advanced heuristic mechanisms that can help in discovery of unknown threats.
PatrOwl	Open Source, Free and Scalable Security Operations Orchestration Platform.
Rudder.io	Build and enforce your security model with an infrastructure security automation platform designed for visibility and control.
SecurityOnion	A free and open platform for threat hunting, network security monitoring, and log management. Security Onion includes best-of-breed free and open tools including Suricata, Zeek, the Elastic Stack and many others.
SIEMonster	A Multi Tenant White label SIEM solution that runs in your own AWS environment.

Respond

Incident Response & SOAR
Cyphon	An incident-response platform that receives, processes, and triages events to create a more efficient analytic workflow.
Demisto	SOAR platform that combines full incident management, security automation and orchestration, and real-time collaboration to improve the efficiency of security operations and incident response.
Shuffle	An Open Source SOAR solution
The Hive	Collaborative Case Management Platform for cybersecurity teams

Forensics
Autopsy®	Autopsy® is a digital forensics platform and graphical interface to The Sleuth Kit® and other digital forensics tools.
Belkasoft X Forensic	Belkasoft X Forensic (Belkasoft Evidence Center X) is a flagship tool by Belkasoft for computer, mobile, drone, car, and cloud forensics. It can help you to acquire and analyze a wide range of mobile and computer devices, run various analytical tasks, perform case-wide searches, bookmark artifacts, and create reports. Note: This tool is offered to Government customers only.
bulk_extractor	A high-performance digital forensics exploitation tool. It is a "get evidence" button that rapidly scans any kind of input (disk images, files, directories of files, etc) and extracts structured information such as email addresses, credit card numbers, JPEGs and JSON snippets without parsing the file system or file system structures. The results are stored in text files that are easily inspected, searched, or used as inputs for other forensic processing. bulk_extractor also creates histograms of certain kinds of features that it finds, such as Google search terms and email addresses, as previous research has shown that such histograms are especially useful in investigative and law enforcement applications.
CAINE	CAINE (Computer Aided INvestigative Environment) is an Italian GNU/Linux live distribution. It offers a complete forensic environment that is organized to integrate existing software tools as software modules and to provide a friendly graphical interface.
DC3 Tools	Various Open Source Tools from the DoD Cyber Crime Center (DC3).
dcfldd	Enhanced version of dd for forensics and security.
dfTimewolf	A framework for orchestrating forensic collection, processing and data export. dfTimewolf consists of collectors, processors and exporters (modules) that pass data on to one another. How modules are orchestrated is defined in predefined "recipes".
Digital Forensics Framework (DFF)	DFF is an Open Source computer forensics platform built on top of a dedicated Application Programming Interface (API). DFF proposes an alternative to the aging digital forensics solutions used today. Designed for simple use and automation, DFF interface guides the user through the main steps of a digital investigation so it can be used by both professional and non-expert to quickly and easily conduct a digital investigation and perform incident response.
Dislocker	FUSE driver to read/write Windows' BitLocker-ed volumes under Linux / Mac OSX.
Eric Zimmerman's Tools	Various forensic tools from Eric Zimmerman.
EVTXtract	EVTXtract recovers and reconstructs fragments of EVTX log files from raw binary data, including unallocated space and memory images.
GRR Rapid Response	GRR Rapid Response is an incident response framework focused on remote live forensics.
Magnet Axiom	Examine digital evidence from mobile, cloud, computer, and vehicle sources, alongside third-party extractions all in one case file. Use powerful and intuitive analytical tools to automatically surface case-relevant evidence quickly.
Malice	Malice's mission is to be a free open source version of VirusTotal that anyone can use at any scale from an independent researcher to a fortune 500 company.
NetworkMiner	NetworkMiner is an open source network forensics tool that extracts artifacts, such as files, images, emails and passwords, from captured network traffic in PCAP files. NetworkMiner can also be used to capture live network traffic by sniffing a network interface.
olefile	olefile is a Python package to parse, read and write Microsoft OLE2 files (also called Structured Storage, Compound File Binary Format or Compound Document File Format), such as Microsoft Office 97-2003 documents, vbaProject.bin in MS Office 2007+ files, Image Composer and FlashPix files, Outlook messages, StickyNotes, several Microscopy file formats, McAfee antivirus quarantine files, etc.
OSForensics	OSForensics lets you extract forensic evidence from computers quickly with high performance file searches and indexing. Identify suspicious files and activity with hash matching, drive signature comparisons, e-mails, memory and binary data. Manage your digital investigation and create reports from collected forensic data.
Plaso	Plaso (Plaso Langar Að Safna Öllu), or super timeline all the things, is a Python-based engine used by several tools for automatic creation of timelines. Plaso default behavior is to create super timelines but it also supports creating more targeted timelines.
RegRipper	Tool to parse Windows registry files and dig for useful data.
Rifiuti2 (Github)	A tool for analyzing Windows Recycle Bin INFO2 file. Rifiuti2 can extract file deletion time, original path and size of deleted files and whether the trashed files have been permanently removed.
TestDisk	TestDisk is powerful free data recovery software! It was primarily designed to help recover lost partitions and/or make non-booting disks bootable again when these symptoms are caused by faulty software: certain types of viruses or human error (such as accidentally deleting a Partition Table).
The Sleuth Kit® (TSK)	The Sleuth Kit® (TSK) is a library and collection of command line tools that allow you to investigate disk images.
The Volatility Framework	The Volatility Framework has become the world’s most widely used memory forensics tool - relied upon by law enforcement, military, academia, and commercial investigators around the world. The Volatility Foundation helps keep Volatility going so that it may be used in perpetuity, free and open to all.
TimeSketch	Timesketch is an open-source tool for collaborative forensic timeline analysis.
WinHex	WinHex is in its core a universal hexadecimal editor, particularly helpful in the realm of computer forensics, data recovery, low-level data processing, and IT security. An advanced tool for everyday and emergency use: inspect and edit all kinds of files, recover deleted files or lost data from hard drives with corrupt file systems or from digital camera cards. Features depend on the license type.
Wireshark	Network protocol analyzer useful for network forensics and traffic analysis.
X-Ways Forensics	X-Ways Forensics is an advanced work environment for computer forensic examiners. Runs under Windows 7/8/8.1/10/11/Server 2008/2012/2016/2019/2022/2025*, 32 Bit/64 Bit, standard/PE/FE.

Recover

Backup
Areca	Reliable Backup Solution for Linux and Windows.
Bacula	Single Platform Physical, Virtual, Container and Hybrid Cloud Backup & Recovery.
Bareos	Bareos is a cross-network open-source backup software for data protection, archiving, and recovery. It supports Linux, Windows, FreeBSD, macOS and other well-established operating systems.
Clonezilla	Clonezilla is a partition and disk imaging/cloning program. It helps you to do system deployment, bare metal backup and recovery.
Duplicati	Zero-trust backup from any operating system to any destination that you can manage from anywhere.
UrBackup	An easy to setup Open Source client/server backup system, that through a combination of image and file backups accomplishes both data safety and a fast restoration time.

Would you like your tool to be added to this list? Then simply reply to my post on Bluesky or write me an email.

DE: Meine Sammlung von Tools für #IT-Sicherheit umfasst jetzt über 160 Tools aus verschiedenen Bereichen, von Asset Management bis hin zu VPN. EN: My collection of #security tools now includes over 160 tools from various areas, ranging from asset management to VPN.

[image or embed]
— Bitmuncher (@bitmuncher.neocities.org) 6. Juli 2025 um 01:10