Overview
This encyclopedia covers 120+ essential security tools across offensive and defensive operations, organized by function. Each entry includes the tool's purpose, key capabilities, installation, and primary use cases. This resource serves as the definitive reference for security practitioners building their toolkits.
Reconnaissance and OSINT
| Tool | Purpose | Platform | License |
| Nmap | Network discovery and port scanning | Cross-platform | Open source |
| Shodan | Internet-connected device search engine | Web/API | Free tier + paid |
| Maltego | Link analysis and OSINT automation | Cross-platform | Freemium |
| theHarvester | Email, subdomain, name harvesting | Python | Open source |
| Recon-ng | Web reconnaissance framework | Python | Open source |
| SpiderFoot | Automated OSINT (200+ modules) | Python/Web | Open source |
| Amass | Subdomain enumeration | Go | Open source |
| Subfinder | Passive subdomain discovery | Go | Open source |
| Dmitry | Deep Magic Information Gathering Tool | C | Open source |
| OSINT Framework | Categorized free OSINT tools | Web | Free |
| Censys | Internet scanning search engine | Web/API | Free tier + paid |
| Metagoofil | Document metadata extraction | Python | Open source |
Vulnerability Scanning
| Tool | Purpose | Platform | License |
| Nessus Professional | Comprehensive vulnerability scanner | Cross-platform | Commercial |
| OpenVAS / Greenbone | Open source vulnerability scanner | Linux | Open source |
| Qualys VMDR | Cloud-based vulnerability management | Cloud SaaS | Commercial |
| Nexpose / InsightVM | Vulnerability management | Cross-platform | Commercial |
| Nuclei | Fast template-based vulnerability scanner | Go | Open source |
| Nikto | Web server vulnerability scanner | Perl | Open source |
| OWASP ZAP | Web application security scanner | Java | Open source |
| SQLMap | Automated SQL injection detection | Python | Open source |
| WPScan | WordPress vulnerability scanner | Ruby | Open source |
| Burp Suite Pro | Web application security testing | Java | Commercial |
Exploitation Frameworks
| Tool | Purpose | Platform | License |
| Metasploit Framework | Penetration testing and exploitation | Ruby | Open source (commercial Pro) |
| Cobalt Strike | Advanced threat emulation platform | Java | Commercial ($5,900/seat) |
| Sliver | Modern C2 framework | Go | Open source |
| Havoc | C2 framework with EDR evasion | Go/C | Open source |
| Mythic | Collaborative red team framework | Python | Open source |
| Empire / Starkiller | PowerShell post-exploitation | Python | Open source |
| Covenant | .NET C2 framework | C# | Open source |
Active Directory Attacks
| Tool | Purpose | Platform | License |
| BloodHound CE | AD attack path visualization | Neo4j/JS | Open source |
| SharpHound | AD data collector for BloodHound | C# | Open source |
| Impacket | Python library for SMB/Kerberos/etc. | Python | Open source |
| Rubeus | Kerberos attack toolkit | C# | Open source |
| Mimikatz | Credential extraction from Windows | C | Open source |
| CrackMapExec | AD post-exploitation swiss army knife | Python | Open source |
| PowerView | AD enumeration via PowerShell | PowerShell | Open source |
| Certify | ADCS vulnerability enumeration | C# | Open source |
| Kerbrute | Kerberos username enumeration | Go | Open source |
| GetUserSPNs | Kerberoasting (Impacket) | Python | Open source |
Password Attacks
| Tool | Purpose | Platform | License |
| Hashcat | GPU-accelerated password cracking | C | Open source |
| John the Ripper | Password cracker (multi-format) | C | Open source |
| Hydra | Network login brute-force | C | Open source |
| Medusa | Parallel password brute-force | C | Open source |
| Sprayhound | AD password spray with lockout safety | Python | Open source |
| DomainPasswordSpray | AD password spray (PowerShell) | PowerShell | Open source |
| CeWL | Custom wordlist generation from website | Ruby | Open source |
| CUPP | Common User Password Profiler | Python | Open source |
Social Engineering
| Tool | Purpose | Platform | License |
| GoPhish | Phishing simulation framework | Go | Open source |
| SET (Social Engineering Toolkit) | Social engineering attacks | Python | Open source |
| Evilginx2 | Adversary-in-the-middle phishing | Go | Open source |
| Modlishka | Reverse proxy phishing framework | Go | Open source |
| King Phisher | Phishing campaign toolkit | Python | Open source |
Wireless Security
| Tool | Purpose | Platform | License |
| Aircrack-ng | Wireless network security suite | C | Open source |
| Kismet | Wireless network detector and sniffer | C++ | Open source |
| Wifite2 | Automated wireless attack tool | Python | Open source |
| Hcxtools | PMKID/EAPOL capture + conversion | C | Open source |
| Bettercap | Network attack and monitoring framework | Go | Open source |
| Wireshark | Network protocol analyzer | C/C++ | Open source |
SIEM / Log Management
| Tool | Purpose | Platform | License |
| Splunk Enterprise | Market leader SIEM | Cross-platform | Commercial |
| Microsoft Sentinel | Cloud-native SIEM + SOAR | Azure | Commercial |
| IBM QRadar | Enterprise SIEM | Linux | Commercial |
| Elastic SIEM (Elastic Security) | Open SIEM on Elasticsearch | Cross-platform | Open source core + commercial |
| Wazuh | Open source SIEM + EDR | Linux | Open source |
| Graylog | Log management and SIEM | Java | Open source core |
| Security Onion | Threat hunting + IDS distribution | Linux | Open source |
| Chronicle (Google) | Cloud SIEM (petabyte scale) | Cloud SaaS | Commercial |
| Exabeam | AI-driven SIEM + UEBA | Cloud SaaS | Commercial |
Endpoint Detection and Response (EDR)
| Tool | Purpose | Platform | License |
| CrowdStrike Falcon | AI-based EDR/XDR | Windows/Mac/Linux | Commercial |
| Microsoft Defender for Endpoint | Windows-native EDR/XDR | Windows | Commercial (M365) |
| SentinelOne | Autonomous AI EDR | Cross-platform | Commercial |
| Carbon Black (VMware) | EDR + threat intelligence | Cross-platform | Commercial |
| Palo Alto Cortex XDR | XDR across endpoints and network | Cross-platform | Commercial |
| Velociraptor | Endpoint visibility and DFIR | Go | Open source |
| OSQuery | SQL-based endpoint telemetry | Cross-platform | Open source |
| Wazuh (EDR module) | Host-based IDS + EDR | Cross-platform | Open source |
Network Security Monitoring
| Tool | Purpose | Platform | License |
| Zeek (formerly Bro) | Network security monitoring | Linux | Open source |
| Suricata | IDS/IPS/NSM | Linux | Open source |
| Snort | Network IDS/IPS | Linux | Open source |
| NetworkMiner | Network forensics analyzer | Windows/Linux | Free/Commercial |
| Arkime (Moloch) | Packet capture + search | Linux | Open source |
| ntopng | Network traffic monitoring | Linux | Open source core |
| Nozomi Networks | OT/IoT network monitoring | Appliance/VM | Commercial |
| Claroty | OT/ICS security platform | Appliance | Commercial |
Vulnerability Management
| Tool | Purpose | Platform | License |
| Tenable.io / Nessus | Comprehensive vulnerability scanner | Cloud+Agent | Commercial |
| Qualys VMDR | Cloud-based VM + CSPM | Cloud SaaS | Commercial |
| Rapid7 InsightVM | VM with workflow integration | Cloud+Agent | Commercial |
| OpenVAS | Open source vulnerability scanner | Linux | Open source |
| DefectDojo | Vulnerability management platform | Python | Open source |
| Dependency-Check (OWASP) | Software dependency vulnerability | Cross-platform | Open source |
| Trivy | Container/IaC/code vulnerability scanner | Go | Open source |
| Snyk | Developer-centric security scanning | Cloud SaaS | Freemium |
| Tool | Purpose | Platform | License |
| MISP | Malware information sharing platform | PHP | Open source |
| OpenCTI | Open cyber threat intelligence | Python/JS | Open source |
| ThreatConnect | TIP with playbooks | Cloud SaaS | Commercial |
| Anomali ThreatStream | Threat intelligence management | Cloud SaaS | Commercial |
| Recorded Future | Intelligence automation | Cloud SaaS | Commercial |
| Mandiant Advantage | Premium threat intelligence | Cloud SaaS | Commercial |
| VirusTotal Enterprise | Malware analysis + intelligence | Cloud SaaS | Commercial |
| AlienVault OTX | Open threat exchange | Cloud SaaS | Free |
| Tool | Purpose | Platform | License |
| Splunk SOAR (Phantom) | Security orchestration and automation | Cloud/On-prem | Commercial |
| Microsoft Sentinel (Logic Apps) | Azure-native SOAR | Azure | Commercial |
| Palo Alto XSOAR | Comprehensive SOAR platform | Cloud/On-prem | Commercial |
| Swimlane | Low-code SOAR | Cloud SaaS | Commercial |
| TheHive | Incident response platform | Scala | Open source |
| Cortex (TheHive) | Observable analysis automation | Scala | Open source |
| Shuffle | Open source SOAR | Python | Open source |
Identity and Access Security
| Tool | Purpose | Platform | License |
| CyberArk | Privileged access management | Windows/Linux | Commercial |
| HashiCorp Vault | Secrets management + PAM | Go | Open source core |
| BeyondTrust | PAM + remote access | Windows/Linux | Commercial |
| Microsoft Entra ID | Cloud identity platform (Azure AD) | Cloud SaaS | Commercial |
| Okta | Identity-as-a-service | Cloud SaaS | Commercial |
| SailPoint IdentityNow | Identity governance | Cloud SaaS | Commercial |
| Saviynt | Cloud IGA platform | Cloud SaaS | Commercial |
Digital Forensics and Incident Response
| Tool | Purpose | Platform | License |
| Autopsy | Digital forensics platform | Cross-platform | Open source |
| Volatility 3 | Memory forensics framework | Python | Open source |
| KAPE | Forensic triage collection | Windows | Free |
| Velociraptor | Live DFIR and endpoint visibility | Go | Open source |
| FTK Imager | Forensic imaging and analysis | Windows | Free |
| Plaso / log2timeline | Timeline creation from forensic artifacts | Python | Open source |
| Magnet AXIOM | Digital forensics with cloud/mobile | Windows | Commercial |
| Cellebrite UFED | Mobile device forensics | Hardware+Software | Commercial |
| X-Ways Forensics | Hex editor + forensics | Windows | Commercial |
| RegRipper | Registry forensics | Perl | Open source |
Malware Analysis
| Tool | Purpose | Platform | License |
| Ghidra | NSA reverse engineering tool | Java | Open source |
| IDA Pro | Industry standard disassembler | Windows/Mac/Linux | Commercial |
| x64dbg | Windows debugger | Windows | Open source |
| WinDbg | Microsoft debugger | Windows | Free |
| FLOSS | Obfuscated string extraction | Python | Open source |
| PE-bear | PE file analysis | Windows | Open source |
| Detect-It-Easy (DIE) | Packer/protection detection | Cross-platform | Open source |
| Cuckoo Sandbox | Automated malware analysis | Linux | Open source |
| Any.Run | Interactive online sandbox | Web SaaS | Free tier + paid |
| CAPE Sandbox | Config extraction + Cuckoo fork | Linux | Open source |
| YARA | Malware pattern matching | Cross-platform | Open source |
Cloud Security
| Tool | Purpose | Platform | License |
| Prowler | AWS/Azure/GCP security assessment | Python | Open source |
| ScoutSuite | Multi-cloud security auditing | Python | Open source |
| Pacu | AWS exploitation framework | Python | Open source |
| CloudSploit | Cloud security misconfiguration detection | Node.js | Open source |
| Checkov | IaC security scanning | Python | Open source |
| TFSec | Terraform security scanner | Go | Open source |
| Wiz | Agentless cloud security platform | Cloud SaaS | Commercial |
| Prisma Cloud | CSPM + CWPP + CIEM | Cloud SaaS | Commercial |
| Falco | Container runtime security | C++ | Open source (CNCF) |
Distribution / Collections
| Distribution | Contents | Use Case |
| Kali Linux | 600+ pen testing tools | Offensive security |
| Parrot OS | Pen testing + privacy tools | Offensive + privacy |
| REMnux | Malware analysis tools | Malware analysis |
| FlareVM | Windows malware analysis environment | Malware analysis |
| Security Onion | IDS + NSM + log management | Network monitoring |
| SANS SIFT | Digital forensics toolkit | DFIR |
| Tails OS | Amnesic privacy OS | OPSEC / dark web |
| BlackArch | 2,800+ security tools | Comprehensive |
This encyclopedia is maintained by the Nexus SecOps community. Submit additions via pull request.