WHAT'S
NEW
In this section you can find relevant information about ported tools and other stuff.
Help us document the progress and research in port-status.

Get involved submitting fixes or patches to improve the tools and SecBSD system.
PORTS
PKGNAME VERSION DESCRIPTION URL STATUS
amass 3.23.1 Attack surface mapping and asset discovery https://github.com/OWASP/Amass No Audit
anew 0.1.1 Append lines from stdin to a file https://github.com/tomnomnom/anew No Audit
anti-burl 0.1.0 Takes URLs on stdin, prints them to stdout if they return a 200 OK https://github.com/tomnomnom/hacks/tree/master/anti-burl No Audit
arjun 2.2.1 HTTP parameter discovery suite https://github.com/s0md3v/Arjun No Audit
asnlookup 0.1 Leverage ASN to look up IP addresses https://github.com/yassineaboukir/asnlookup No Audit
assetfinder 0.1.1 Find domains and subdomains https://github.com/tomnomnom/assetfinder No Audit
atlas 1.0 SQLMap Tamper Suggester https://github.com/m4ll0k/Atlas2 No Audit
atscan 17.0.1 Mass exploit scanner https://github.com/AlisamTechnology/ATSCAN No Audit
barmie 1.01 Java RMI enumeration and attack tool https://github.com/NickstaDB/BaRMIe No Audit
barq 0.1 AWS cloud post exploitation framework https://github.com/Voulnet/barq No Audit
bed 0.5 Brute exploit detector https://github.com/crunchsec/bed No Audit
bfac 1.4 Backup file artifacts checker tool https://github.com/mazen160/bfac No Audit
blacknurse 0.1 Blacknurse attack https://github.com/jedisct1/blacknurse No Audit
blackwidow 1.3 WebApp fuzz scanner https://github.com/1N3/BlackWidow No Audit
bolt 0.2.1 WebApp fuzz scanner https://github.com/s0md3v/Bolt No Audit
bounty targets data 04.13.2022 Data dumps of bug bounty platform https://github.com/arkadiyt/bounty-targets-data No Audit
breacher 0.1 Admin panel finder https://github.com/s0md3v/Breacher No Audit
brutespray 1.8.0 Brute forcing from Nmap output https://github.com/x90skysn3k/brutespray No Audit
cardpwn 1.4 OSINT tool to find breached credit cards info https://github.com/itsmehacker/CardPwn No Audit
cewl 5.5.1 Custom word list generator https://github.com/digininja/CeWL No Audit
cloudfox 1.10.2 Cloud Penetration Testing https://github.com/BishopFox/cloudfox:w No Audit
cloud list 1.0.2 multi cloud list tool https://github.com/projectdiscovery/cloudlist No Audit
cmseek 1.1.3 CMS Detection and Exploitation suite https://github.com/Tuhinshubhra/CMSeeK No Audit
commix 3.7 Command injection and exploitation tool https://github.com/commixproject/commix No Audit
corsy 1.0 CORS scanner https://github.com/s0md3v/Corsy No Audit
cr3d0v3r 0.4.4 Credential reuse attacks tool https://github.com/D4Vinci/Cr3dOv3r No Audit
crlfuzz 1.4.1 CRLF vulnerability scanner https://github.com/dwisiswant0/crlfuzz No Audit
cupp 3.3.0 Common user passwords profiler https://github.com/Mebus/cupp No Audit
dalfox 2.9.0 XSS Scanning tool https://github.com/hahwul/dalfox No Audit
dirdar 1.0.0 searches for 403-Forbidden dirs to break https://github.com/M4DM0e/DirDar No Audit
dirsearch 0.4.3 Web path scanner https://github.com/maurosoria/dirsearch No Audit
dnsrecon 1.1.3 Perform multiple dns queries https://github.com/darkoperator/dnsrecon No Audit
domlink 0.2 Discover organisation name https://github.com/vysecurity/DomLink No Audit
dsfs 0.2 File inclusion vulnerability scanner https://github.com/stamparm/DSFS No Audit
dsjs 0.2 JS vulnerability scanner https://github.com/stamparm/DSJS No Audit
dsss 0.3 SQLi Scanner https://github.com/stamparm/DSSS No Audit
dsxs 0.3 XSS scanner https://github.com/stamparm/DSXS No Audit
endlessh 1.1 SSH tarpit that slowly sends an endless banner https://github.com/skeeto/endlessh No Audit
enum4BSD 0.9.1 Enumerating data for Windows and SMB https://github.com/CiscoCXSecurity/enum4linux No Audit
ettu 0.1 Recursive DNS brute forcer https://github.com/tomnomnom/hacks/tree/master/ettu No Audit
evilginx2 2.0.4 MITM attack framework https://github.com/kgretzky/evilginx2 No Audit
evilurl 3.0 IDN homograph attack generator https://github.com/UndeadSec/EvilURL No Audit
exploit pattern 0.1 Pattern string for exploit dev https://github.com/Svenito/exploit-pattern No Audit
ffuf 2.0.0 Web fuzzer https://github.com/ffuf/ffuf No Audit
fuxploider 1.0 File upload vulnerability scanner https://github.com/almandin/fuxploider No Audit
gau 2.1.2 Fetch known URLs https://github.com/lc/gau No Audit
gf 0.1 Wrapper around grep https://github.com/tomnomnom/gf No Audit
gitleaks 8.16.2 Audit git repos for secrets https://github.com/zricethezav/gitleaks No Audit
gmapsapiscanner 0.1 Used for determining whether a leaked/found Google Maps API Key is vulnerable https://github.com/ozguralp/gmapsapiscanner No Audit
gospider 1.1.6 Web spider https://github.com/jaeles-project/gospider No Audit
gowitness 2.4.2 Web screenshot utility https://github.com/sensepost/gowitness No Audit
openvas libraries 21.4.3 Greenbone vulnerability management Libs https://github.com/greenbone/gvm-libs No Audit
hashbuster 3.0 Crack hash in seconds. https://github.com/s0md3v/Hash-Buster No Audit
httprobe 0.1.2 Domains and probe for HTTP and HTTPS https://github.com/tomnomnom/httprobe No Audit
httpx 1.3.0 Multi-purpose HTTP toolki https://github.com/projectdiscovery/httpx No Audit
infoga 0.1.5 Email OSINT https://github.com/m4ll0k/Infoga No Audit
jaeles 0.17.0 Automate WebApp testing https://github.com/jaeles-project/jaeles No Audit
jaeles signatures 0.17.0 Jaeles signatures https://github.com/jaeles-project/jaeles-signatures No Audit
joomscan 0.0.7 OWASP Joomla vulnerability scanner https://github.com/rezasp/joomscan No Audit
lightspeed 0.1 Extract data through non-boolean blind sql injections https://github.com/tr3w/lightspeed No Audit
linkfinder 1.0 Find endpoints in JavaScript https://github.com/GerbenJavado/LinkFinder No Audit
masscan 1.3.2 Asynchronous TCP port scanner https://github.com/robertdavidgraham/masscan No Audit
massdns 1.0.1 Subdomain enumeration https://github.com/blechschmidt/massdns No Audit
medusa 2.2 Login brute-forcer https://github.com/jmk-foofus/medusa No Audit
metasploit framework 6.3.12 Metasploit Framework https://github.com/rapid7/metasploit-framework No Audit
nuclei 2.9.1 Configurable targeted scanning https://github.com/projectdiscovery/nuclei No Audit
one lin3r 2.1 One-liners that aids in penetration testing https://github.com/D4Vinci/One-Lin3r No Audit
parsero 0.81 Robot txt audit tool https://github.com/behindthefirewalls/Parsero No Audit
pf badhost 0.5 Bi-directional network filtering https://www.geoghegan.ca/pfbadhost.html No Audit
photon 1.3.2 Crawler for OSINT https://github.com/s0md3v/Photon No Audit
qsfuzz 1.0.2 Query string fuzz https://github.com/ameenmaali/qsfuzz No Audit
recon-ng 5.1.1 Open Source Intelligence gathering tool https://github.com/lanmaster53/recon-ng No Audit
reconnoitre 1.0 OSINT and service enumeration tool https://github.com/codingo/Reconnoitre No Audit
rsmangler 1.5 Wordlist mangling tool https://github.com/digininja/RSMangler No Audit
sandcastle 1.2.4 AWS S3 bucket enumeration https://github.com/0xSearches/sandcastle No Audit
seclists 2023.1 Collection of multiple types of lists used during security assessments https://github.com/danielmiessler/SecLists No Audit
secret finder 0.1 Tool to find sensitive data https://github.com/m4ll0k/SecretFinder No Audit
sherlock 0.14.3 Hunt down social media accounts https://github.com/sherlock-project/sherlock No Audit
sipvicious 0.3.4 Audit SIP based VoIP systems https://github.com/EnableSecurity/sipvicious No Audit
slowloris 0.2.3 Low bandwidth DoS tool https://github.com/gkbrk/slowloris No Audit
smbmap 1.8.2 SMB enumeration tool https://github.com/ShawnDEvans/smbmap No Audit
smtp user enum 1.2 SMTP user enum http://pentestmonkey.net No Audit
smuggler 0.1 HTTP Request Smuggling https://github.com/defparam/smuggler No Audit
snallygaster 0.0.12 Scan for secret files on HTTP servers https://github.com/hannob/snallygaster No Audit
social engineer toolkit 8.0.3 Social engineer toolkit https://github.com/trustedsec/social-engineer-toolkit No Audit
solidity 0.8.19 Smart Contract Programming Language https://github.com/ethereum/solidity No Audit
spiderfoot 4.0 OSINT collection and reconnaissance tool https://github.com/smicallef/spiderfoot No Audit
spoofcheck 0.1 Checks a domain for email protections https://github.com/BishopFox/spoofcheck No Audit
sql-anding 0.1 Extracting data tool for blind sql injections https://github.com/tr3w/sql-anding No Audit
subfinder 2.5.7 Subdomain discovery tool https://github.com/subfinder/subfinder No Audit
subjs 1.0.1 Fetches jst file from a list of URLS https://github.com/lc/subjs No Audit
sublist3r 1.1 Subdomains enumeration tool https://github.com/aboul3la/Sublist3r No Audit
takeover 0.2 Subdomain takeover vulnerability scanner https://github.com/m4ll0k/takeover No Audit
trufflehog 3.31.5 Searches through git repositories for secrets https://github.com/trufflesecurity/truffleHog No Audit
urlcrazy 0.5 Typo squatting tool https://morningstarsecurity.com/research/urlcrazy No Audit
vulnx 1.9 Shell injector for CMS https://github.com/anouarbensaad/vulnx No Audit
wafw00f 2.1.0 Fingerprint web application firewall https://github.com/EnableSecurity/wafw00f No Audit
waybackurls 0.1.0 Fetch URLs that Wayback Machine https://github.com/tomnomnom/waybackurls No Audit
weevely3 4.0.1 Weaponized web shell https://github.com/epinna/weevely3 No Audit
wfuzz 3.1.0 Web application fuzzer https://github.com/xmendez/wfuzz No Audit
xsstrike 3.1.5 XSS scanner https://github.com/s0md3v/XSStrike No Audit