ROAD
MAP
In this section you can find relevant information about our goals for ports, base system and other stuff.

All software should be audited, fuzzed, looking for security holes, buffer overflows and insecure code.
Stress testing should also be performed.

In short term wil be drop insecure and obsolete tools.
We focus on quality of hacking tools, not quantity.
Help us document the progress and research in port-status.

Get involved submitting fixes or patches to improve the tools and SecBSD system.
PORTS
PKGNAME VERSION DESCRIPTION URL STATUS
ad ldap enum 0.1 LDAP enumeration https://github.com/CroweCybersecurity/ad-ldap-enum No Audit
amass 3.10.5 Attack surface mapping and asset discovery https://github.com/OWASP/Amass No Audit
anew 0.1.0 Append lines from stdin to a file https://github.com/tomnomnom/anew No Audit
anti-burl 0.1.0 Takes URLs on stdin, prints them to stdout if they return a 200 OK https://github.com/tomnomnom/hacks/tree/master/anti-burl No Audit
aquatone 1.7.0 Tool for domain flyovers https://github.com/michenriksen/aquatone No Audit
arjun 1.6 HTTP parameter discovery suite https://github.com/s0md3v/Arjun No Audit
asnlookup 0.1 Leverage ASN to look up IP addresses https://github.com/yassineaboukir/asnlookup No Audit
assetfinder 0.1.0 Find domains and subdomains https://github.com/tomnomnom/assetfinder No Audit
atscan 17.0.0 Mass exploit scanner https://github.com/AlisamTechnology/ATSCAN No Audit
automater 0.21 IP URL and MD5 OSINT analysis https://github.com/1aN0rmus/TekDefense-Automater No Audit
backfuzz 0.3.2 Protocol fuzzing toolkit https://github.com/localh0t/backfuzz No Audit
barmie 1.01 Java RMI enumeration and attack tool https://github.com/NickstaDB/BaRMIe No Audit
barq 0.1 AWS cloud post exploitation framework https://github.com/Voulnet/barq No Audit
bbqsql 1.2 Blind SQL injection exploitation tool https://github.com/Neohapsis/bbqsql No Audit
bed 0.5 Brute exploit detector https://github.com/crunchsec/bed No Audit
beef 0.5.0.0 Browser exploitation framework https://github.com/beefproject/beef No Audit
bfac 1.4 Backup file artifacts checker tool https://github.com/mazen160/bfac No Audit
blacknurse 0.1 Blacknurse attack https://github.com/jedisct1/blacknurse No Audit
blackwidow 0.1 WebApp fuzz scanner https://github.com/1N3/BlackWidow No Audit
breacher 0.1 Admin panel finder https://github.com/s0md3v/Breacher No Audit
brutespray 1.6.6 Brute forcing from Nmap output https://github.com/x90skysn3k/brutespray No Audit
cardpwn 1.4 OSINT tool to find breached credit cards info https://github.com/itsmehacker/CardPwn No Audit
chameleon 0.1 Evading proxy tool https://github.com/mdsecactivebreach/Chameleon No Audit
cloudbrute 1.0.5 Find company infra-structure https://github.com/0xsha/CloudBrute No Audit
cloudsplaining 0.2.0 AWS IAM Security Assessment tool https://github.com/salesforce/cloudsplaining No Audit
commix 3.1.62 Command injection and exploitation tool https://github.com/commixproject/commix No Audit
corstest 0.1 CORS scanner https://github.com/RUB-NDS/CORStest No Audit
corsy 0.1 CORS scanner https://github.com/s0md3v/Corsy No Audit
cr3d0v3r 0.4.4 Credential reuse attacks tool https://github.com/D4Vinci/Cr3dOv3r No Audit
creddump 0.3 Dump cached credentials https://github.com/moyix/creddump No Audit
crlfuzz 1.4.0 CRLF vulnerability scanner https://github.com/dwisiswant0/crlfuzz No Audit
cryptonark 0.5.7 SSL and PCI compliance scan tool https://www.techstacks.com No Audit
cupp 3.2.5 Common user passwords profiler https://github.com/Mebus/cupp No Audit
davtest 1.0 WebDAV servers test tool https://code.google.com/archive/p/davtest No Audit
dirsearch 0.3.9 Web path scanner https://github.com/maurosoria/dirsearch No Audit
dnsenum 1.2.4.2 Enumerate DNS information https://github.com/fwaeytens/dnsenum No Audit
dnsmap 0.30 DNS brute forcing tool https://code.google.com/archive/p/dnsmap No Audit
dnsrecon 0.10.0 Perform multiple dns queries https://github.com/darkoperator/dnsrecon No Audit
dnswalk 2.0.2 DNS debugger http://dnswalk.sourceforge.net No Audit
domlink 0.1.2 Discover organisation name https://github.com/vysecurity/DomLink No Audit
dotdotpwn 3.0.2 Directory traversal fuzzer http://dotdotpwn.sectester.net No Audit
dsfs 0.2 File inclusion vulnerability scanner https://github.com/stamparm/DSFS No Audit
dsss 0.3 SQLi Scanner https://github.com/stamparm/DSSS No Audit
dsxs 0.3 XSS scanner https://github.com/stamparm/DSXS No Audit
endpoint finder 0.1 Endpoint finder https://github.com/tarunkant/EndPoint-Finder No Audit
ettu 0.1 Recursive DNS brute forcer https://github.com/tomnomnom/hacks/tree/master/ettu No Audit
evilurl 2.0 IDN homograph attack generator https://github.com/UndeadSec/EvilURL No Audit
exploit pattern 0.1 Pattern string for exploit dev https://github.com/Svenito/exploit-pattern No Audit
ffuf 1.1.0 Web fuzzer https://github.com/ffuf/ffuf No Audit
fimap 1.00 LFI RFI scanner https://tha-imax.de/git/root/fimap No Audit
finalrecon 1.0.7 Web reconnaissance tool https://github.com/thewhiteh4t/FinalRecon No Audit
fuxploider 1.0 File upload vulnerability scanner https://github.com/almandin/fuxploider No Audit
gau 1.1.0 Fetch known URLs from AlienVault's Open Threat Exchange, the Wayback Machine, and Common Crawl.2 https://github.com/lc/gau No Audit
gf 0.1 Wrapper around grep https://github.com/tomnomnom/gf No Audit
gitgraber 0.1 Monitor GitHub to find sensitive data https://github.com/hisxo/gitGraber No Audit
gitjacker 0.0.2 Downloads git repositories https://github.com/liamg/gitjacker No Audit
gitleaks 4.2.0 Audit git repos for secrets https://github.com/zricethezav/gitleaks No Audit
gitrob 2.0.0 Reconnaissance tool for GitHub https://github.com/michenriksen/gitrob No Audit
gmapsapiscanner 0.1 Used for determining whether a leaked/found Google Maps API Key is vulnerable https://github.com/ozguralp/gmapsapiscanner No Audit
goaltdns 0.1 Subdomains permutation tool https://github.com/subfinder/goaltdns No Audit
gobuster 3.0.1 Directory file and DNS busting tool https://github.com/OJ/gobuster No Audit
golinkfinder 1.0.0 JS endpoint extractor https://github.com/0xsha/GoLinkFinder No Audit
golismero 2.0 Framework for web security testing https://github.com/golismero/golismero No Audit
goofile 1.5 Search for a specific file in a given domain https://code.google.com/archive/p/goofile No Audit
gopherus 0.1 Gopher link generator for exploiting SSRF https://github.com/tarunkant/Gopherus No Audit
gospider 1.1.2 Web spider https://github.com/jaeles-project/gospider No Audit
gowitness 1.3.3 Web screenshot utility https://github.com/sensepost/gowitness No Audit
gron 0.6.0 Make JSON greppable https://github.com/tomnomnom/gron No Audit
hakrawler 1.1 Web crawler https://github.com/hakluke/hakrawler No Audit
hash buster 3.0 Hash buster tool https://github.com/s0md3v/Hash-Buster No Audit
hosthunter 1.5 Recon tool for discovering hostnames https://github.com/SpiderLabs/HostHunter No Audit
hostile subbruteforcer 1.0 Bruteforce for existing subdomains https://github.com/nahamsec/HostileSubBruteforcer No Audit
html tool 0.1 HTML tool https://github.com/tomnomnom/hacks/tree/master/html-tool No Audit
httprobe 0.1.2 Domains and probe for HTTP and HTTPS https://github.com/tomnomnom/httprobe No Audit
ident user enum 1.0 Query ident service http://pentestmonkey.net/tools/ident-user-enum No Audit
iis shortname scanner 2.3.9 IIS short filename disclosure vulnerability https://github.com/irsdl/IIS-ShortName-Scanner No Audit
infoga 0.1.5 Email OSINT https://github.com/m4ll0k/Infoga No Audit
inspy 3.0.0 LinkedIn enumeration tool https://github.com/leapsecurity/InSpy No Audit
interlace 1.8.0 Automate pentest and bug bounty workflow https://github.com/codingo/Interlace No Audit
jaeles 0.9 Automate WebApp testing https://github.com/jaeles-project/jaeles No Audit
jaeles signatures 0.1 Jaeles signatures https://github.com/jaeles-project/jaeles-signatures No Audit
javasnoop 1.1 Intercept Java applications locally https://code.google.com/archive/p/javasnoop No Audit
joomscan 0.0.7 OWASP Joomla vulnerability scanner https://github.com/rezasp/joomscan No Audit
jsparser 1.0 Parse relative URLs from JavaScript files https://github.com/nahamsec/JSParser No Audit
konan 0.1 Web application dir scanner https://github.com/m4ll0k/Konan No Audit
kubolt 0.1 Kubernete scanner https://github.com/averonesis/kubolt No Audit
lazys3 1.0 Bruteforce for AWS s3 buckets https://github.com/nahamsec/lazys3 No Audit
leaklooker 0.1 Find open databases https://github.com/woj-ciech/LeakLooker No Audit
linkfinder 1.0 Find endpoints in JavaScript https://github.com/GerbenJavado/LinkFinder No Audit
masscan 1.0.5 Asynchronous TCP port scanner https://github.com/robertdavidgraham/masscan No Audit
massdns 0.3 Subdomain enumeration https://github.com/blechschmidt/massdns No Audit
medusa 2.2 Login brute-forcer https://github.com/jmk-foofus/medusa No Audit
meg 0.2.4 Fetch many paths for many hosts https://github.com/tomnomnom/meg No Audit
metagoofil 2.2 Metadata harvester https://github.com/laramies/metagoofil No Audit
mongoaudit 0.1.0 MongoDB auditing and pentesting tool https://mongoaud.it No Audit
nosqlmap 0.7 Automated NoSQL database enumeration https://github.com/codingo/NoSQLMap No Audit
nuclei 1.1.4 Configurable targeted scanning https://github.com/projectdiscovery/nuclei No Audit
pack 0.0.1 Password analysis and cracking kit https://github.com/iphelix/pack No Audit
padbuster 0.3.3 Oracle attack tool https://github.com/GDSSecurity/PadBuster No Audit
parameth 1.3 Brute discover GET and POST parameters https://github.com/maK-/parameth No Audit
parsero 0.81 Robot txt audit tool https://github.com/behindthefirewalls/Parsero No Audit
photon 1.3.2 Crawler for OSINT https://github.com/s0md3v/Photon No Audit
pwndb 0.1 Search for leaked credentials https://github.com/davidtavarez/pwndb No Audit
pwnedornot 1.2.8 Find passwords for compromised email https://github.com/thewhiteh4t/pwnedOrNot No Audit
qrljacker 2.1.1 QRLJacking exploitation framework https://github.com/OWASP/QRLJacking No Audit
qsfuzz 1.0.2 Query string fuzz https://github.com/ameenmaali/qsfuzz No Audit
qsreplace 0.0.1 Replace all query string values https://github.com/tomnomnom/qsreplace No Audit
r3con1z3r 1.0.6 Web information gathering tool https://github.com/abdulgaphy/r3con1z3r No Audit
recon-ng 5.1.1 Open Source Intelligence gathering tool https://github.com/lanmaster53/recon-ng No Audit
reconnoitre 1.0 OSINT and service enumeration tool https://github.com/codingo/Reconnoitre No Audit
retirejs 1.1.1 Scanner detecting the use of JavaScript libraries with known vulnerabilities https://github.com/retirejs/retire.js No Audit
rsmangler 1.5 Wordlist mangling tool https://github.com/digininja/RSMangler No Audit
s3-bucketeers 0.1 AWS S3 bucket tool https://github.com/tomdev/teh_s3_bucketeers No Audit
sandcastle 1.2.4 AWS S3 bucket enumeration https://github.com/0xSearches/sandcastle No Audit
scli 0.2.2 Simple terminal user interface for signal messenger https://github.com/isamert/scli No Audit
seclists 2020.4 Collection of multiple types of lists used during security assessments https://github.com/danielmiessler/SecLists No Audit
shhgit 0.2 Find GitHub secrets in real time https://github.com/eth0izzle/shhgit No Audit
signal-cli 0.6.7 Commandline and dbus interface for signal messenger https://github.com/AsamK/signal-cli No Audit
sipvicious 0.3.1 Audit SIP based VoIP systems https://github.com/EnableSecurity/sipvicious No Audit
smbmap 1.8.2 SMB enumeration tool https://github.com/ShawnDEvans/smbmap No Audit
smtp user enum 1.2 SMTP user enum http://pentestmonkey.net No Audit
snallygaster 0.0.6 Scan for secret files on HTTP servers https://github.com/hannob/snallygaster No Audit
social engineer toolkit 8.0.3 Social engineer toolkit https://github.com/trustedsec/social-engineer-toolkit No Audit
socialscan 1.1.6 Social network user scanner https://github.com/trustedsec/social-engineer-toolkit No Audit
spiderfoot 3.0 OSINT collection and reconnaissance tool https://github.com/smicallef/spiderfoot No Audit
spoofcheck 0.1 Checks a domain for email protections https://github.com/BishopFox/spoofcheck No Audit
sqlninja 0.2.6-r1 SQL injection tool http://sqlninja.sourceforge.net No Audit
ssrf testing 0.1 Server side request forgery tool https://github.com/cujanovic/SSRF-Testing No Audit
ssrfmap 0.1 SSRF fuzzer exploitation tool https://github.com/swisskyrepo/SSRFmap No Audit
subdomains brute 0.1 Subdomain brute tool https://github.com/lijiejie/subDomainsBrute No Audit
subfinder 2.3.4 Subdomain discovery tool https://github.com/subfinder/subfinder No Audit
subjack 2.1 Subdomain takeover https://github.com/haccer/subjack No Audit
subjs 1.0.1 Fetches javascript file from a list of URLS or subdomains https://github.com/lc/subjs No Audit
sublist3r 1.1 Subdomains enumeration tool https://github.com/aboul3la/Sublist3r No Audit
subscraper 2.1.0 DNS brute force https://github.com/m8r0wn/subscraper No Audit
subzy 2.1.0 Subdomain takeover vulnerability checker https://github.com/LukaSikic/subzy No Audit
takeover 0.2 Subdomain takeover vulnerability scanner https://github.com/m4ll0k/takeover No Audit
tko-subs 0.1 Detect and takeover subdomains https://github.com/anshumanbh/tko-subs No Audit
tplmap 0.5 Code injection detection and exploitation tool https://github.com/epinna/tplmap No Audit
ttpassgen 1.1.2 Scriptable password dictionary generator https://github.com/tp7309/TTPassGen No Audit
ua tester 1.0.6 User agent string tester https://code.google.com/archive/p/ua-tester No Audit
unfurl 0.2.0 Pull out bits of URLs provided on stdin https://github.com/tomnomnom/unfurl No Audit
urlcrazy 0.5 Typo squatting tool https://www.morningstarsecurity.com No Audit
urlhunter 0.1.1 Recon tool that allows searching on URLs that are exposed via shortener services https://github.com/utkusen/urlhunter No Audit
urlinsane 0.6.1 Domain typo permutation engine https://github.com/cybint/urlinsane No Audit
vinetto 0.07 Forensics tool to examine thumbs db files http://vinetto.sourceforge.net No Audit
virtual host discovery 1.0 Enumerate virtual hosts https://github.com/jobertabma/virtual-host-discovery No Audit
vulnx 1.9 Shell injector for CMS https://github.com/anouarbensaad/vulnx No Audit
wafw00f 2.0.1 Fingerprint web application firewall https://github.com/EnableSecurity/wafw00f No Audit
waybackurls 0.0.2 Fetch URLs that Wayback Machine https://github.com/tomnomnom/waybackurls No Audit
weblogic scanner 0.1 Weblogic vulnerability scanner https://github.com/0xn0ne/weblogicScanner No Audit
webscarab 1631 WebApp review tool https://github.com/OWASP/OWASP-WebScarab No Audit
weevely3 4.0.1 Weaponized web shell https://github.com/epinna/weevely3 No Audit
wfuzz 3.1.0 Web application fuzzer https://github.com/xmendez/wfuzz No Audit
wig 0.6 WebApp information gatherer https://github.com/jekyc/wig No Audit
wpbullet 0.1 Static code analysis for WordPress and PHP https://github.com/OWASP/wpBullet No Audit
wuzz 0.4.0 Interactive cli tool for HTTP inspection https://github.com/asciimoo/wuzz No Audit
xsstrike 3.1.5 XSS scanner https://github.com/s0md3v/XSStrike No Audit
zephrfish 0.1 Various Payload wordlists https://github.com/ZephrFish/Wordlists No Audit
BASE SYSTEM
ITEM DESCRIPTION STATUS
OS name OS name change from OpenBSD to SecBSD. Finish by Purple Rain
Documentation Modify documentation and manuals according to SecBSD. -
Custom xenodm Custom xenodm accord to SecBSD. In progress by Banshee
STUFF
ITEM DESCRIPTION STATUS
SecBSD Desktop Improve the SecBSD Desktop. In Progress by H3artbl33d
HOWTOs Write HOWTOs to install and settings for XFCE, DWM, GNOME, Mate, KDE, Fluxbox. In Process By dev0x47
Manuals Manuals for some tools are missing. -
Licenses for tools Review the licenses for all tools. Drop unlicense tools. -
Create Tutorial Create tutorials for SecBSD and tools. -