The document provides a comprehensive list of open-source security tools categorized into various domains such as security monitoring, threat intelligence, incident response, vulnerability assessment, firewall, antivirus/endpoint protection, and email security. Each category includes specific tools like Suricata for intrusion detection, MISP for threat intelligence, and OpenVAS for vulnerability assessment. The author, Boni Yeamin, is an IT officer specializing in defensive security at Akij Group in Dhaka, Bangladesh.

1. LIST OF OPEN-
SOURCE
SECURITY
TOOLS
Boni Yeamin

2. Contant
• Security monitoring, intrusion
detection/prevention
• Threat intelligence
• Incident response
• Vulnerability assessment
• Firewall
• Antivirus / endpoint protection
• Email security

3. Who I am ?
Boni Yeamin
IT Officer (Defensive Security)
Akij Group ,Dhaka Bangladesh

4. 01.
Security monitoring,
intrusion
detection/prevention

5. Tools
• Suricata – intrusion detection system
• Snort – intrusion detection system
• Zeek – network security monitoring
• OSSEC – host-based intrusion detection
system
• Wazuh – a more active fork of OSSEC
• Velociraptor – endpoint visibility and
response
• OSSIM – open source SIEM, at the core of
AlienVault
• SecurityOnion – security monitoring and log
management

6. Tools
• Elastic SIEM – SIEM functionality by Elasticsearch
• Mozdef – SIEM-like layer ontop of
• Elasticsearch
• Sagan – log analytics and correlation
• Apache Metron – (retired) network security
monitoring, evolved from Cisco OpenSOC
• Arkime – packet capture and search tool (formerly
Moloch)
• PRADAS – real-time asset detection
• BloodHound – ActiveDirectory relationship
detection

7. 02.
Threat
intelligence

8. Tools
• MISP – threat intelligence platform
• SpiderFoot – threat intelligence
aggregation
• OpenCTI – threat intelligence
platform
• OpenDXL – open source tools for
security intelligence sharing
• Sigma – Generic Signature Format
for SIEM Systems

9. 03.
Incident
response

10. Tools
• StackStorm – SOAR platform
• CimSweep – Windows incident response
• GRR – incident response and remote live forensics
• TheHive – incident response / SOAR platform
• TheHive Cortex – TheHive companion used for fast
queriying
• Shuffle – open source SOAR platform
• osquery – real-time querying of endpoint data
• Kansa – PowerShell incident response

11. 04.
Vulnerability
assessment

12. Tools
• OpenVAS – very popular vulnerability assessment
• ZAProxy – web vulnerability scanner by OWASP
• WebScarab – (obsolete) web vulnerability scanner by
OWASP
• w3af – web vulnerability scanner
• Loki – IoC scanner
• CVE Search – set of tools for search in CVE data

13. 05.
Firewall

14. Tools
• pfsense – the most popular open source firewall
• OPNSense – hardened BSD-based firewall
• Smoothwall – Linux-based Firewall
• Antivirus / endpoint protection

15. 06.
Antivirus,
Endpoint
protection

16. Tools
• ClamAV – open source antivirus angine
• Armadito AV – open source AV (retired)
• YARA – The pattern matching swiss knife for malware
researchers

17. 07.
Email
security

18. Tools
• Hermes Secure Email Gateway – an Ubuntu-based email
gateway
• Proxmox – email gateway
• MailScanner – email security system
• SpamAssassin – anti-spam platform
• OrangeAssassin – drop-in replacement of SpamAssassin

19. Reference
• https://www.spiceworks.com/it-
security/vulnerability-management/articles/top-
open-source-cybersecurity-tools/
• https://techbeacon.com/app-dev-testing/57-
open-source-app-sec-tools-guide-free-
application-security-software
• https://techblog.bozho.net/list-of-open-source-
security-tools/
• https://cloudinfrastructureservices.co.uk/top-10-
best-free-open-source-cyber-security-tools/

20. Thank You