In this section you can find relevant information about our goals for ports, base system and other stuff.

All software should be audited, fuzzed, looking for security holes, buffer overflows and insecure code.
Stress testing should also be performed.

In short term wil be drop insecure and obsolete tools.
We focus on quality of hacking tools, not quantity.
Help us document the progress and research in port-status.

Get involved submitting fixes or patches to improve the tools and SecBSD system.
ad ldap enum 0.1 LDAP enumeration No Audit
amass 3.10.5 Attack surface mapping and asset discovery No Audit
anew 0.1.0 Append lines from stdin to a file No Audit
anti-burl 0.1.0 Takes URLs on stdin, prints them to stdout if they return a 200 OK No Audit
aquatone 1.7.0 Tool for domain flyovers No Audit
arjun 1.6 HTTP parameter discovery suite No Audit
asnlookup 0.1 Leverage ASN to look up IP addresses No Audit
assetfinder 0.1.0 Find domains and subdomains No Audit
atscan 17.0.0 Mass exploit scanner No Audit
automater 0.21 IP URL and MD5 OSINT analysis No Audit
backfuzz 0.3.2 Protocol fuzzing toolkit No Audit
barmie 1.01 Java RMI enumeration and attack tool No Audit
barq 0.1 AWS cloud post exploitation framework No Audit
bbqsql 1.2 Blind SQL injection exploitation tool No Audit
bed 0.5 Brute exploit detector No Audit
beef Browser exploitation framework No Audit
bfac 1.4 Backup file artifacts checker tool No Audit
blacknurse 0.1 Blacknurse attack No Audit
blackwidow 0.1 WebApp fuzz scanner No Audit
breacher 0.1 Admin panel finder No Audit
brutespray 1.6.6 Brute forcing from Nmap output No Audit
cardpwn 1.4 OSINT tool to find breached credit cards info No Audit
chameleon 0.1 Evading proxy tool No Audit
cloudbrute 1.0.5 Find company infra-structure No Audit
cloudsplaining 0.2.0 AWS IAM Security Assessment tool No Audit
commix 3.1.62 Command injection and exploitation tool No Audit
corstest 0.1 CORS scanner No Audit
corsy 0.1 CORS scanner No Audit
cr3d0v3r 0.4.4 Credential reuse attacks tool No Audit
creddump 0.3 Dump cached credentials No Audit
crlfuzz 1.4.0 CRLF vulnerability scanner No Audit
cryptonark 0.5.7 SSL and PCI compliance scan tool No Audit
cupp 3.2.5 Common user passwords profiler No Audit
davtest 1.0 WebDAV servers test tool No Audit
dirsearch 0.3.9 Web path scanner No Audit
dnsenum Enumerate DNS information No Audit
dnsmap 0.30 DNS brute forcing tool No Audit
dnsrecon 0.10.0 Perform multiple dns queries No Audit
dnswalk 2.0.2 DNS debugger No Audit
domlink 0.1.2 Discover organisation name No Audit
dotdotpwn 3.0.2 Directory traversal fuzzer No Audit
dsfs 0.2 File inclusion vulnerability scanner No Audit
dsss 0.3 SQLi Scanner No Audit
dsxs 0.3 XSS scanner No Audit
endpoint finder 0.1 Endpoint finder No Audit
ettu 0.1 Recursive DNS brute forcer No Audit
evilurl 2.0 IDN homograph attack generator No Audit
exploit pattern 0.1 Pattern string for exploit dev No Audit
ffuf 1.1.0 Web fuzzer No Audit
fimap 1.00 LFI RFI scanner No Audit
finalrecon 1.0.7 Web reconnaissance tool No Audit
fuxploider 1.0 File upload vulnerability scanner No Audit
gau 1.1.0 Fetch known URLs from AlienVault's Open Threat Exchange, the Wayback Machine, and Common Crawl.2 No Audit
gf 0.1 Wrapper around grep No Audit
gitgraber 0.1 Monitor GitHub to find sensitive data No Audit
gitjacker 0.0.2 Downloads git repositories No Audit
gitleaks 4.2.0 Audit git repos for secrets No Audit
gitrob 2.0.0 Reconnaissance tool for GitHub No Audit
gmapsapiscanner 0.1 Used for determining whether a leaked/found Google Maps API Key is vulnerable No Audit
goaltdns 0.1 Subdomains permutation tool No Audit
gobuster 3.0.1 Directory file and DNS busting tool No Audit
golinkfinder 1.0.0 JS endpoint extractor No Audit
golismero 2.0 Framework for web security testing No Audit
goofile 1.5 Search for a specific file in a given domain No Audit
gopherus 0.1 Gopher link generator for exploiting SSRF No Audit
gospider 1.1.2 Web spider No Audit
gowitness 1.3.3 Web screenshot utility No Audit
gron 0.6.0 Make JSON greppable No Audit
hakrawler 1.1 Web crawler No Audit
hash buster 3.0 Hash buster tool No Audit
hosthunter 1.5 Recon tool for discovering hostnames No Audit
hostile subbruteforcer 1.0 Bruteforce for existing subdomains No Audit
html tool 0.1 HTML tool No Audit
httprobe 0.1.2 Domains and probe for HTTP and HTTPS No Audit
ident user enum 1.0 Query ident service No Audit
iis shortname scanner 2.3.9 IIS short filename disclosure vulnerability No Audit
infoga 0.1.5 Email OSINT No Audit
inspy 3.0.0 LinkedIn enumeration tool No Audit
interlace 1.8.0 Automate pentest and bug bounty workflow No Audit
jaeles 0.9 Automate WebApp testing No Audit
jaeles signatures 0.1 Jaeles signatures No Audit
javasnoop 1.1 Intercept Java applications locally No Audit
joomscan 0.0.7 OWASP Joomla vulnerability scanner No Audit
jsparser 1.0 Parse relative URLs from JavaScript files No Audit
konan 0.1 Web application dir scanner No Audit
kubolt 0.1 Kubernete scanner No Audit
lazys3 1.0 Bruteforce for AWS s3 buckets No Audit
leaklooker 0.1 Find open databases No Audit
linkfinder 1.0 Find endpoints in JavaScript No Audit
masscan 1.0.5 Asynchronous TCP port scanner No Audit
massdns 0.3 Subdomain enumeration No Audit
medusa 2.2 Login brute-forcer No Audit
meg 0.2.4 Fetch many paths for many hosts No Audit
metagoofil 2.2 Metadata harvester No Audit
mongoaudit 0.1.0 MongoDB auditing and pentesting tool No Audit
nosqlmap 0.7 Automated NoSQL database enumeration No Audit
nuclei 1.1.4 Configurable targeted scanning No Audit
pack 0.0.1 Password analysis and cracking kit No Audit
padbuster 0.3.3 Oracle attack tool No Audit
parameth 1.3 Brute discover GET and POST parameters No Audit
parsero 0.81 Robot txt audit tool No Audit
photon 1.3.2 Crawler for OSINT No Audit
pwndb 0.1 Search for leaked credentials No Audit
pwnedornot 1.2.8 Find passwords for compromised email No Audit
qrljacker 2.1.1 QRLJacking exploitation framework No Audit
qsfuzz 1.0.2 Query string fuzz No Audit
qsreplace 0.0.1 Replace all query string values No Audit
r3con1z3r 1.0.6 Web information gathering tool No Audit
recon-ng 5.1.1 Open Source Intelligence gathering tool No Audit
reconnoitre 1.0 OSINT and service enumeration tool No Audit
retirejs 1.1.1 Scanner detecting the use of JavaScript libraries with known vulnerabilities No Audit
rsmangler 1.5 Wordlist mangling tool No Audit
s3-bucketeers 0.1 AWS S3 bucket tool No Audit
sandcastle 1.2.4 AWS S3 bucket enumeration No Audit
scli 0.2.2 Simple terminal user interface for signal messenger No Audit
seclists 2020.4 Collection of multiple types of lists used during security assessments No Audit
shhgit 0.2 Find GitHub secrets in real time No Audit
signal-cli 0.6.7 Commandline and dbus interface for signal messenger No Audit
sipvicious 0.3.1 Audit SIP based VoIP systems No Audit
smbmap 1.8.2 SMB enumeration tool No Audit
smtp user enum 1.2 SMTP user enum No Audit
snallygaster 0.0.6 Scan for secret files on HTTP servers No Audit
social engineer toolkit 8.0.3 Social engineer toolkit No Audit
socialscan 1.1.6 Social network user scanner No Audit
spiderfoot 3.0 OSINT collection and reconnaissance tool No Audit
spoofcheck 0.1 Checks a domain for email protections No Audit
sqlninja 0.2.6-r1 SQL injection tool No Audit
ssrf testing 0.1 Server side request forgery tool No Audit
ssrfmap 0.1 SSRF fuzzer exploitation tool No Audit
subdomains brute 0.1 Subdomain brute tool No Audit
subfinder 2.3.4 Subdomain discovery tool No Audit
subjack 2.1 Subdomain takeover No Audit
subjs 1.0.1 Fetches javascript file from a list of URLS or subdomains No Audit
sublist3r 1.1 Subdomains enumeration tool No Audit
subscraper 2.1.0 DNS brute force No Audit
subzy 2.1.0 Subdomain takeover vulnerability checker No Audit
takeover 0.2 Subdomain takeover vulnerability scanner No Audit
tko-subs 0.1 Detect and takeover subdomains No Audit
tplmap 0.5 Code injection detection and exploitation tool No Audit
ttpassgen 1.1.2 Scriptable password dictionary generator No Audit
ua tester 1.0.6 User agent string tester No Audit
unfurl 0.2.0 Pull out bits of URLs provided on stdin No Audit
urlcrazy 0.5 Typo squatting tool No Audit
urlhunter 0.1.1 Recon tool that allows searching on URLs that are exposed via shortener services No Audit
urlinsane 0.6.1 Domain typo permutation engine No Audit
vinetto 0.07 Forensics tool to examine thumbs db files No Audit
virtual host discovery 1.0 Enumerate virtual hosts No Audit
vulnx 1.9 Shell injector for CMS No Audit
wafw00f 2.0.1 Fingerprint web application firewall No Audit
waybackurls 0.0.2 Fetch URLs that Wayback Machine No Audit
weblogic scanner 0.1 Weblogic vulnerability scanner No Audit
webscarab 1631 WebApp review tool No Audit
weevely3 4.0.1 Weaponized web shell No Audit
wfuzz 3.1.0 Web application fuzzer No Audit
wig 0.6 WebApp information gatherer No Audit
wpbullet 0.1 Static code analysis for WordPress and PHP No Audit
wuzz 0.4.0 Interactive cli tool for HTTP inspection No Audit
xsstrike 3.1.5 XSS scanner No Audit
zephrfish 0.1 Various Payload wordlists No Audit

OS name OS name change from OpenBSD to SecBSD. Finish by Purple Rain
Documentation Modify documentation and manuals according to SecBSD. -
Custom xenodm Custom xenodm accord to SecBSD. In progress by Banshee

SecBSD Desktop Improve the SecBSD Desktop. In Progress by H3artbl33d
HOWTOs Write HOWTOs to install and settings for XFCE, DWM, GNOME, Mate, KDE, Fluxbox. In Process By dev0x47
Manuals Manuals for some tools are missing. -
Licenses for tools Review the licenses for all tools. Drop unlicense tools. -
Create Tutorial Create tutorials for SecBSD and tools. -