SecBSD Roadmap

ROAD

MAP

█ In this section you can find relevant information about our goals for ports, base system and other stuff.

All software should be audited, fuzzed, looking for security holes, buffer overflows and insecure code.
Stress testing should also be performed.

In short term wil be drop insecure and obsolete tools.
We focus on quality of hacking tools, not quantity.
Help us document the progress and research in port-status.

Get involved submitting fixes or patches to improve the tools and SecBSD system.

PORTS
PKGNAME	VERSION	DESCRIPTION	URL	STATUS
ad ldap enum	0.1	LDAP enumeration	https://github.com/CroweCybersecurity/ad-ldap-enum	No Audit
amass	3.10.5	Attack surface mapping and asset discovery	https://github.com/OWASP/Amass	No Audit
anew	0.1.0	Append lines from stdin to a file	https://github.com/tomnomnom/anew	No Audit
anti-burl	0.1.0	Takes URLs on stdin, prints them to stdout if they return a 200 OK	https://github.com/tomnomnom/hacks/tree/master/anti-burl	No Audit
aquatone	1.7.0	Tool for domain flyovers	https://github.com/michenriksen/aquatone	No Audit
arjun	1.6	HTTP parameter discovery suite	https://github.com/s0md3v/Arjun	No Audit
asnlookup	0.1	Leverage ASN to look up IP addresses	https://github.com/yassineaboukir/asnlookup	No Audit
assetfinder	0.1.0	Find domains and subdomains	https://github.com/tomnomnom/assetfinder	No Audit
atscan	17.0.0	Mass exploit scanner	https://github.com/AlisamTechnology/ATSCAN	No Audit
automater	0.21	IP URL and MD5 OSINT analysis	https://github.com/1aN0rmus/TekDefense-Automater	No Audit
backfuzz	0.3.2	Protocol fuzzing toolkit	https://github.com/localh0t/backfuzz	No Audit
barmie	1.01	Java RMI enumeration and attack tool	https://github.com/NickstaDB/BaRMIe	No Audit
barq	0.1	AWS cloud post exploitation framework	https://github.com/Voulnet/barq	No Audit
bbqsql	1.2	Blind SQL injection exploitation tool	https://github.com/Neohapsis/bbqsql	No Audit
bed	0.5	Brute exploit detector	https://github.com/crunchsec/bed	No Audit
beef	0.5.0.0	Browser exploitation framework	https://github.com/beefproject/beef	No Audit
bfac	1.4	Backup file artifacts checker tool	https://github.com/mazen160/bfac	No Audit
blacknurse	0.1	Blacknurse attack	https://github.com/jedisct1/blacknurse	No Audit
blackwidow	0.1	WebApp fuzz scanner	https://github.com/1N3/BlackWidow	No Audit
breacher	0.1	Admin panel finder	https://github.com/s0md3v/Breacher	No Audit
brutespray	1.6.6	Brute forcing from Nmap output	https://github.com/x90skysn3k/brutespray	No Audit
cardpwn	1.4	OSINT tool to find breached credit cards info	https://github.com/itsmehacker/CardPwn	No Audit
chameleon	0.1	Evading proxy tool	https://github.com/mdsecactivebreach/Chameleon	No Audit
cloudbrute	1.0.5	Find company infra-structure	https://github.com/0xsha/CloudBrute	No Audit
cloudsplaining	0.2.0	AWS IAM Security Assessment tool	https://github.com/salesforce/cloudsplaining	No Audit
commix	3.1.62	Command injection and exploitation tool	https://github.com/commixproject/commix	No Audit
corstest	0.1	CORS scanner	https://github.com/RUB-NDS/CORStest	No Audit
corsy	0.1	CORS scanner	https://github.com/s0md3v/Corsy	No Audit
cr3d0v3r	0.4.4	Credential reuse attacks tool	https://github.com/D4Vinci/Cr3dOv3r	No Audit
creddump	0.3	Dump cached credentials	https://github.com/moyix/creddump	No Audit
crlfuzz	1.4.0	CRLF vulnerability scanner	https://github.com/dwisiswant0/crlfuzz	No Audit
crossweb	0.1	Private-public website verification	https://github.com/buanzo/crossweb	No Audit
cryptonark	0.5.7	SSL and PCI compliance scan tool	https://www.techstacks.com	No Audit
cupp	3.2.5	Common user passwords profiler	https://github.com/Mebus/cupp	No Audit
davtest	1.0	WebDAV servers test tool	https://code.google.com/archive/p/davtest	No Audit
dirsearch	0.3.9	Web path scanner	https://github.com/maurosoria/dirsearch	No Audit
dnsenum	1.2.4.2	Enumerate DNS information	https://github.com/fwaeytens/dnsenum	No Audit
dnsmap	0.30	DNS brute forcing tool	https://code.google.com/archive/p/dnsmap	No Audit
dnsrecon	0.10.0	Perform multiple dns queries	https://github.com/darkoperator/dnsrecon	No Audit
dnswalk	2.0.2	DNS debugger	http://dnswalk.sourceforge.net	No Audit
domlink	0.1.2	Discover organisation name	https://github.com/vysecurity/DomLink	No Audit
dotdotpwn	3.0.2	Directory traversal fuzzer	http://dotdotpwn.sectester.net	No Audit
dsfs	0.2	File inclusion vulnerability scanner	https://github.com/stamparm/DSFS	No Audit
dsss	0.3	SQLi Scanner	https://github.com/stamparm/DSSS	No Audit
dsxs	0.3	XSS scanner	https://github.com/stamparm/DSXS	No Audit
endpoint finder	0.1	Endpoint finder	https://github.com/tarunkant/EndPoint-Finder	No Audit
ettu	0.1	Recursive DNS brute forcer	https://github.com/tomnomnom/hacks/tree/master/ettu	No Audit
evilurl	2.0	IDN homograph attack generator	https://github.com/UndeadSec/EvilURL	No Audit
exploit pattern	0.1	Pattern string for exploit dev	https://github.com/Svenito/exploit-pattern	No Audit
ffuf	1.1.0	Web fuzzer	https://github.com/ffuf/ffuf	No Audit
fimap	1.00	LFI RFI scanner	https://tha-imax.de/git/root/fimap	No Audit
finalrecon	1.0.7	Web reconnaissance tool	https://github.com/thewhiteh4t/FinalRecon	No Audit
fuxploider	1.0	File upload vulnerability scanner	https://github.com/almandin/fuxploider	No Audit
gau	1.1.0	Fetch known URLs from AlienVault's Open Threat Exchange, the Wayback Machine, and Common Crawl.2	https://github.com/lc/gau	No Audit
gf	0.1	Wrapper around grep	https://github.com/tomnomnom/gf	No Audit
gitgraber	0.1	Monitor GitHub to find sensitive data	https://github.com/hisxo/gitGraber	No Audit
gitjacker	0.0.2	Downloads git repositories	https://github.com/liamg/gitjacker	No Audit
gitleaks	4.2.0	Audit git repos for secrets	https://github.com/zricethezav/gitleaks	No Audit
gitrob	2.0.0	Reconnaissance tool for GitHub	https://github.com/michenriksen/gitrob	No Audit
gmapsapiscanner	0.1	Used for determining whether a leaked/found Google Maps API Key is vulnerable	https://github.com/ozguralp/gmapsapiscanner	No Audit
goaltdns	0.1	Subdomains permutation tool	https://github.com/subfinder/goaltdns	No Audit
gobuster	3.0.1	Directory file and DNS busting tool	https://github.com/OJ/gobuster	No Audit
golinkfinder	1.0.0	JS endpoint extractor	https://github.com/0xsha/GoLinkFinder	No Audit
golismero	2.0	Framework for web security testing	https://github.com/golismero/golismero	No Audit
goofile	1.5	Search for a specific file in a given domain	https://code.google.com/archive/p/goofile	No Audit
gopherus	0.1	Gopher link generator for exploiting SSRF	https://github.com/tarunkant/Gopherus	No Audit
gospider	1.1.2	Web spider	https://github.com/jaeles-project/gospider	No Audit
gowitness	1.3.3	Web screenshot utility	https://github.com/sensepost/gowitness	No Audit
gron	0.6.0	Make JSON greppable	https://github.com/tomnomnom/gron	No Audit
hakrawler	1.1	Web crawler	https://github.com/hakluke/hakrawler	No Audit
hash buster	3.0	Hash buster tool	https://github.com/s0md3v/Hash-Buster	No Audit
hosthunter	1.5	Recon tool for discovering hostnames	https://github.com/SpiderLabs/HostHunter	No Audit
hostile subbruteforcer	1.0	Bruteforce for existing subdomains	https://github.com/nahamsec/HostileSubBruteforcer	No Audit
html tool	0.1	HTML tool	https://github.com/tomnomnom/hacks/tree/master/html-tool	No Audit
httprobe	0.1.2	Domains and probe for HTTP and HTTPS	https://github.com/tomnomnom/httprobe	No Audit
ident user enum	1.0	Query ident service	http://pentestmonkey.net/tools/ident-user-enum	No Audit
iis shortname scanner	2.3.9	IIS short filename disclosure vulnerability	https://github.com/irsdl/IIS-ShortName-Scanner	No Audit
infoga	0.1.5	Email OSINT	https://github.com/m4ll0k/Infoga	No Audit
inspy	3.0.0	LinkedIn enumeration tool	https://github.com/leapsecurity/InSpy	No Audit
interlace	1.8.0	Automate pentest and bug bounty workflow	https://github.com/codingo/Interlace	No Audit
jaeles	0.9	Automate WebApp testing	https://github.com/jaeles-project/jaeles	No Audit
jaeles signatures	0.1	Jaeles signatures	https://github.com/jaeles-project/jaeles-signatures	No Audit
javasnoop	1.1	Intercept Java applications locally	https://code.google.com/archive/p/javasnoop	No Audit
joomscan	0.0.7	OWASP Joomla vulnerability scanner	https://github.com/rezasp/joomscan	No Audit
jsparser	1.0	Parse relative URLs from JavaScript files	https://github.com/nahamsec/JSParser	No Audit
konan	0.1	Web application dir scanner	https://github.com/m4ll0k/Konan	No Audit
kubolt	0.1	Kubernete scanner	https://github.com/averonesis/kubolt	No Audit
lazys3	1.0	Bruteforce for AWS s3 buckets	https://github.com/nahamsec/lazys3	No Audit
leaklooker	0.1	Find open databases	https://github.com/woj-ciech/LeakLooker	No Audit
linkfinder	1.0	Find endpoints in JavaScript	https://github.com/GerbenJavado/LinkFinder	No Audit
masscan	1.0.5	Asynchronous TCP port scanner	https://github.com/robertdavidgraham/masscan	No Audit
massdns	0.3	Subdomain enumeration	https://github.com/blechschmidt/massdns	No Audit
medusa	2.2	Login brute-forcer	https://github.com/jmk-foofus/medusa	No Audit
meg	0.2.4	Fetch many paths for many hosts	https://github.com/tomnomnom/meg	No Audit
metagoofil	2.2	Metadata harvester	https://github.com/laramies/metagoofil	No Audit
mongoaudit	0.1.0	MongoDB auditing and pentesting tool	https://mongoaud.it	No Audit
nosqlmap	0.7	Automated NoSQL database enumeration	https://github.com/codingo/NoSQLMap	No Audit
nuclei	1.1.4	Configurable targeted scanning	https://github.com/projectdiscovery/nuclei	No Audit
pack	0.0.1	Password analysis and cracking kit	https://github.com/iphelix/pack	No Audit
padbuster	0.3.3	Oracle attack tool	https://github.com/GDSSecurity/PadBuster	No Audit
parameth	1.3	Brute discover GET and POST parameters	https://github.com/maK-/parameth	No Audit
parsero	0.81	Robot txt audit tool	https://github.com/behindthefirewalls/Parsero	No Audit
photon	1.3.2	Crawler for OSINT	https://github.com/s0md3v/Photon	No Audit
pwndb	0.1	Search for leaked credentials	https://github.com/davidtavarez/pwndb	No Audit
pwnedornot	1.2.8	Find passwords for compromised email	https://github.com/thewhiteh4t/pwnedOrNot	No Audit
qrljacker	2.1.1	QRLJacking exploitation framework	https://github.com/OWASP/QRLJacking	No Audit
qsfuzz	1.0.2	Query string fuzz	https://github.com/ameenmaali/qsfuzz	No Audit
qsreplace	0.0.1	Replace all query string values	https://github.com/tomnomnom/qsreplace	No Audit
r3con1z3r	1.0.6	Web information gathering tool	https://github.com/abdulgaphy/r3con1z3r	No Audit
recon-ng	5.1.1	Open Source Intelligence gathering tool	https://github.com/lanmaster53/recon-ng	No Audit
reconnoitre	1.0	OSINT and service enumeration tool	https://github.com/codingo/Reconnoitre	No Audit
retirejs	1.1.1	Scanner detecting the use of JavaScript libraries with known vulnerabilities	https://github.com/retirejs/retire.js	No Audit
rsmangler	1.5	Wordlist mangling tool	https://github.com/digininja/RSMangler	No Audit
s3-bucketeers	0.1	AWS S3 bucket tool	https://github.com/tomdev/teh_s3_bucketeers	No Audit
sandcastle	1.2.4	AWS S3 bucket enumeration	https://github.com/0xSearches/sandcastle	No Audit
scli	0.2.2	Simple terminal user interface for signal messenger	https://github.com/isamert/scli	No Audit
seclists	2020.4	Collection of multiple types of lists used during security assessments	https://github.com/danielmiessler/SecLists	No Audit
shhgit	0.2	Find GitHub secrets in real time	https://github.com/eth0izzle/shhgit	No Audit
signal-cli	0.6.7	Commandline and dbus interface for signal messenger	https://github.com/AsamK/signal-cli	No Audit
sipvicious	0.3.1	Audit SIP based VoIP systems	https://github.com/EnableSecurity/sipvicious	No Audit
smbmap	1.8.2	SMB enumeration tool	https://github.com/ShawnDEvans/smbmap	No Audit
smtp user enum	1.2	SMTP user enum	http://pentestmonkey.net	No Audit
snallygaster	0.0.6	Scan for secret files on HTTP servers	https://github.com/hannob/snallygaster	No Audit
social engineer toolkit	8.0.3	Social engineer toolkit	https://github.com/trustedsec/social-engineer-toolkit	No Audit
socialscan	1.1.6	Social network user scanner	https://github.com/trustedsec/social-engineer-toolkit	No Audit
spiderfoot	3.0	OSINT collection and reconnaissance tool	https://github.com/smicallef/spiderfoot	No Audit
spoofcheck	0.1	Checks a domain for email protections	https://github.com/BishopFox/spoofcheck	No Audit
sqlninja	0.2.6-r1	SQL injection tool	http://sqlninja.sourceforge.net	No Audit
ssrf testing	0.1	Server side request forgery tool	https://github.com/cujanovic/SSRF-Testing	No Audit
ssrfmap	0.1	SSRF fuzzer exploitation tool	https://github.com/swisskyrepo/SSRFmap	No Audit
subdomains brute	0.1	Subdomain brute tool	https://github.com/lijiejie/subDomainsBrute	No Audit
subfinder	2.3.4	Subdomain discovery tool	https://github.com/subfinder/subfinder	No Audit
subjack	2.1	Subdomain takeover	https://github.com/haccer/subjack	No Audit
subjs	1.0.1	Fetches javascript file from a list of URLS or subdomains	https://github.com/lc/subjs	No Audit
sublist3r	1.1	Subdomains enumeration tool	https://github.com/aboul3la/Sublist3r	No Audit
subscraper	2.1.0	DNS brute force	https://github.com/m8r0wn/subscraper	No Audit
subzy	2.1.0	Subdomain takeover vulnerability checker	https://github.com/LukaSikic/subzy	No Audit
takeover	0.2	Subdomain takeover vulnerability scanner	https://github.com/m4ll0k/takeover	No Audit
tko-subs	0.1	Detect and takeover subdomains	https://github.com/anshumanbh/tko-subs	No Audit
tplmap	0.5	Code injection detection and exploitation tool	https://github.com/epinna/tplmap	No Audit
ttpassgen	1.1.2	Scriptable password dictionary generator	https://github.com/tp7309/TTPassGen	No Audit
ua tester	1.0.6	User agent string tester	https://code.google.com/archive/p/ua-tester	No Audit
unfurl	0.2.0	Pull out bits of URLs provided on stdin	https://github.com/tomnomnom/unfurl	No Audit
urlcrazy	0.5	Typo squatting tool	https://www.morningstarsecurity.com	No Audit
urlhunter	0.1.1	Recon tool that allows searching on URLs that are exposed via shortener services	https://github.com/utkusen/urlhunter	No Audit
urlinsane	0.6.1	Domain typo permutation engine	https://github.com/cybint/urlinsane	No Audit
vinetto	0.07	Forensics tool to examine thumbs db files	http://vinetto.sourceforge.net	No Audit
virtual host discovery	1.0	Enumerate virtual hosts	https://github.com/jobertabma/virtual-host-discovery	No Audit
vulnx	1.9	Shell injector for CMS	https://github.com/anouarbensaad/vulnx	No Audit
wafw00f	2.0.1	Fingerprint web application firewall	https://github.com/EnableSecurity/wafw00f	No Audit
waybackurls	0.0.2	Fetch URLs that Wayback Machine	https://github.com/tomnomnom/waybackurls	No Audit
weblogic scanner	0.1	Weblogic vulnerability scanner	https://github.com/0xn0ne/weblogicScanner	No Audit
webscarab	1631	WebApp review tool	https://github.com/OWASP/OWASP-WebScarab	No Audit
weevely3	4.0.1	Weaponized web shell	https://github.com/epinna/weevely3	No Audit
wfuzz	3.1.0	Web application fuzzer	https://github.com/xmendez/wfuzz	No Audit
wig	0.6	WebApp information gatherer	https://github.com/jekyc/wig	No Audit
wpbullet	0.1	Static code analysis for WordPress and PHP	https://github.com/OWASP/wpBullet	No Audit
wuzz	0.4.0	Interactive cli tool for HTTP inspection	https://github.com/asciimoo/wuzz	No Audit
xsstrike	3.1.5	XSS scanner	https://github.com/s0md3v/XSStrike	No Audit
zephrfish	0.1	Various Payload wordlists	https://github.com/ZephrFish/Wordlists	No Audit

BASE SYSTEM
ITEM	DESCRIPTION	STATUS
OS name	OS name change from OpenBSD to SecBSD.	In progress
Documentation	Modify documentation and manuals according to SecBSD.	-
Custom xenodm	Custom xenodm accord to SecBSD.	In progress

STUFF
ITEM	DESCRIPTION	STATUS
SecBSD Desktop	Improve the SecBSD Desktop.	In Progress
HOWTOs	Write HOWTOs to install and settings for XFCE, DWM, GNOME, Mate, KDE, Fluxbox.	-
Manuals	Manuals for some tools are missing.	-
Licenses for tools	Review the licenses for all tools. Drop unlicense tools.	-
Create Tutorial	Create tutorials for SecBSD and tools.	-