Are you looking to get certified in DevOps, SRE and DevSecOps?
Get Certified!
Ahead from others!
Security is Key
Tomorow's Platform!

Top 51 free open source tools for system network, DNS, HTTP, SSL & Security for software engineers


  ๐Ÿ”ธ PuTTY – is an SSH and telnet client, developed originally by Simon Tatham.
  ๐Ÿ”ธ Mosh – is a SSH wrapper designed to keep a SSH session alive over a volatile connection.
  ๐Ÿ”ธ Eternal Terminal – enables mouse-scrolling and tmux commands inside the SSH session.
  ๐Ÿ”ธ nmap – is a free and open source (license) utility for network discovery and security auditing.
  ๐Ÿ”ธ zmap – is a fast single packet network scanner designed for Internet-wide network surveys.
  ๐Ÿ”ธ Rust Scan – to find all open ports faster than Nmap.
  ๐Ÿ”ธ masscan – is the fastest Internet port scanner, spews SYN packets asynchronously.
  ๐Ÿ”ธ pbscan – is a faster and more efficient stateless SYN scanner and banner grabber.
  ๐Ÿ”ธ hping – is a command-line oriented TCP/IP packet assembler/analyzer.
  ๐Ÿ”ธ mtr – is a tool that combines the functionality of the ‘traceroute’ and ‘ping’ programs in a single tool.
  ๐Ÿ”ธ mylg – utility which combines the functions of the different network probes in one diagnostic tool.
  ๐Ÿ”ธ netcat – utility which reads and writes data across network connections, using the TCP/IP protocol.
  ๐Ÿ”ธ tcpdump – is a powerful command-line packet analyzer.
  ๐Ÿ”ธ tshark – is a tool that allows us to dump and analyze network traffic (wireshark cli).
  ๐Ÿ”ธ Termshark – is a simple terminal user-interface for tshark.
  ๐Ÿ”ธ ngrep – is like GNU grep applied to the network layer.
  ๐Ÿ”ธ netsniff-ng – is a Swiss army knife for your daily Linux network plumbing if you will.
  ๐Ÿ”ธ sockdump – dump unix domain socket traffic.
  ๐Ÿ”ธ stenographer – is a packet capture solution which aims to quickly spool all packets to disk.
  ๐Ÿ”ธ tcpterm – visualize packets in TUI.
  ๐Ÿ”ธ bmon – is a monitoring and debugging tool to capture networking related statistics and prepare them visually.
  ๐Ÿ”ธ iptraf-ng – is a console-based network monitoring program for Linux that displays information about IP traffic.
  ๐Ÿ”ธ vnstat – is a network traffic monitor for Linux and BSD.
  ๐Ÿ”ธ iPerf3 – is a tool for active measurements of the maximum achievable bandwidth on IP networks.
  ๐Ÿ”ธ ethr – is a Network Performance Measurement Tool for TCP, UDP & HTTP.
  ๐Ÿ”ธ Etherate – is a Linux CLI based Ethernet and MPLS traffic testing tool.
  ๐Ÿ”ธ echoip – is a IP address lookup service.
  ๐Ÿ”ธ Nemesis – packet manipulation CLI tool; craft and inject packets of several protocols.
  ๐Ÿ”ธ packetfu – a mid-level packet manipulation library for Ruby.
  ๐Ÿ”ธ Scapy – packet manipulation library; forge, send, decode, capture packets of a wide number of protocols.
  ๐Ÿ”ธ impacket – is a collection of Python classes for working with network protocols.
  ๐Ÿ”ธ ssh-audit – is a tool for SSH server auditing.
  ๐Ÿ”ธ aria2 – is a lightweight multi-protocol & multi-source command-line download utility.
  ๐Ÿ”ธ iptables-tracer – observe the path of packets through the iptables chains.
  ๐Ÿ”ธ inception – a highly configurable tool to check for whatever you like against any number of hosts.

Network (DNS)

  ๐Ÿ”ธ dnsdiag – is a DNS diagnostics and performance measurement tools.
  ๐Ÿ”ธ fierce – is a DNS reconnaissance tool for locating non-contiguous IP space.
  ๐Ÿ”ธ subfinder – is a subdomain discovery tool that discovers valid subdomains for websites.
  ๐Ÿ”ธ sublist3r – is a fast subdomains enumeration tool for penetration testers.
  ๐Ÿ”ธ amass – is tool that obtains subdomain names by scraping data sources, crawling web archives, and more.
  ๐Ÿ”ธ namebench – provides personalized DNS server recommendations based on your browsing history.
  ๐Ÿ”ธ massdns – is a high-performance DNS stub resolver for bulk lookups and reconnaissance.
  ๐Ÿ”ธ knock – is a tool to enumerate subdomains on a target domain through a wordlist.
  ๐Ÿ”ธ dnsperf – DNS performance testing tools.
  ๐Ÿ”ธ dnscrypt-proxy 2 – a flexible DNS proxy, with support for encrypted DNS protocols.
  ๐Ÿ”ธ dnsdbq – API client providing access to passive DNS database systems.
  ๐Ÿ”ธ grimd – fast dns proxy, built to black-hole internet advertisements and malware servers.

Network (HTTP)

  ๐Ÿ”ธ curl – is a command line tool and library for transferring data with URLs.
  ๐Ÿ”ธ kurly – is an alternative to the widely popular curl program, written in Golang.
  ๐Ÿ”ธ HTTPie – is an user-friendly HTTP client.
  ๐Ÿ”ธ wuzz – is an interactive cli tool for HTTP inspection.
  ๐Ÿ”ธ h2spec – is a conformance testing tool for HTTP/2 implementation.
  ๐Ÿ”ธ h2t – is a simple tool to help sysadmins to hardening their websites.
  ๐Ÿ”ธ – is a simple Swiss Army knife for http/https troubleshooting and profiling.
  ๐Ÿ”ธ httpstat – is a tool that visualizes curl statistics in a way of beauty and clarity.
  ๐Ÿ”ธ httplab – is an interactive web server.
  ๐Ÿ”ธ Lynx – is a text browser for the World Wide Web.
  ๐Ÿ”ธ Browsh – is a fully interactive, real-time, and modern text-based browser.
  ๐Ÿ”ธ HeadlessBrowsers – a list of (almost) all headless web browsers in existence.
  ๐Ÿ”ธ ab – is a single-threaded command line tool for measuring the performance of HTTP web servers.
  ๐Ÿ”ธ siege – is an http load testing and benchmarking utility.
  ๐Ÿ”ธ wrk – is a modern HTTP benchmarking tool capable of generating significant load.
  ๐Ÿ”ธ wrk2 – is a constant throughput, correct latency recording variant of wrk.
  ๐Ÿ”ธ vegeta – is a constant throughput, correct latency recording variant of wrk.
  ๐Ÿ”ธ bombardier – is a fast cross-platform HTTP benchmarking tool written in Go.
  ๐Ÿ”ธ gobench – http/https load testing and benchmarking tool.
  ๐Ÿ”ธ hey – HTTP load generator, ApacheBench (ab) replacement, formerly known as rakyll/boom.
  ๐Ÿ”ธ boom – is a script you can use to quickly smoke-test your web app deployment.
  ๐Ÿ”ธ SlowHTTPTest – is a tool that simulates some Application Layer Denial of Service attacks by prolonging HTTP.
  ๐Ÿ”ธ gobuster – is a free and open source directory/file & DNS busting tool written in Go.
  ๐Ÿ”ธ ssllabs-scan – command-line reference-implementation client for SSL Labs APIs.
  ๐Ÿ”ธ http-observatory – Mozilla HTTP Observatory cli version.


  ๐Ÿ”ธ openssl – is a robust, commercial-grade, and full-featured toolkit for the TLS and SSL protocols.
  ๐Ÿ”ธ gnutls-cli – client program to set up a TLS connection to some other computer.
  ๐Ÿ”ธ sslyze – fast and powerful SSL/TLS server scanning library.
  ๐Ÿ”ธ sslscan – tests SSL/TLS enabled services to discover supported cipher suites.
  ๐Ÿ”ธ – testing TLS/SSL encryption anywhere on any port.
  ๐Ÿ”ธ cipherscan – a very simple way to find out which SSL ciphersuites are supported by a target.
  ๐Ÿ”ธ spiped – is a utility for creating symmetrically encrypted and authenticated pipes between socket addresses.
  ๐Ÿ”ธ Certbot – is EFF’s tool to obtain certs from Let’s Encrypt and (optionally) auto-enable HTTPS on your server.
  ๐Ÿ”ธ mkcert – simple zero-config tool to make locally trusted development certificates with any names you’d like.
  ๐Ÿ”ธ certstrap – tools to bootstrap CAs, certificate requests, and signed certificates.
  ๐Ÿ”ธ Sublert – is a security and reconnaissance tool to automatically monitor new subdomains.
  ๐Ÿ”ธ mkchain – open source tool to help you build a valid SSL certificate chain.


  ๐Ÿ”ธ SELinux – provides a flexible Mandatory Access Control (MAC) system built into the Linux kernel.
  ๐Ÿ”ธ AppArmor – proactively protects the operating system and applications from external or internal threats.
  ๐Ÿ”ธ grapheneX – Automated System Hardening Framework.
  ๐Ÿ”ธ DevSec Hardening Framework – Security + DevOps: Automatic Server Hardening.


  ๐Ÿ”ธ Nipe – script to make Tor Network your default gateway.
  ๐Ÿ”ธ multitor – a tool that lets you create multiple TOR instances with a load-balancing.


  ๐Ÿ”ธ Wireshark – is the worldโ€™s foremost and widely-used network protocol analyzer.
  ๐Ÿ”ธ Ettercap – is a comprehensive network monitor tool.
  ๐Ÿ”ธ EtherApe – is a graphical network monitoring solution.
  ๐Ÿ”ธ Packet Sender – is a networking utility for packet generation and built-in UDP/TCP/SSL client and servers.
  ๐Ÿ”ธ Ostinato – is a packet crafter and traffic generator.
  ๐Ÿ”ธ JMeterโ„ข – open source software to load test functional behavior and measure performance.
  ๐Ÿ”ธ locust – scalable user load testing tool written in Python.


  ๐Ÿ”ธ SSL/TLS Capabilities of Your Browser – test your browser’s SSL implementation.
  ๐Ÿ”ธ Can I use – provides up-to-date browser support tables for support of front-end web technologies.
  ๐Ÿ”ธ Panopticlick 3.0 – is your browser safe against tracking?
  ๐Ÿ”ธ Privacy Analyzer – see what data is exposed from your browser.
  ๐Ÿ”ธ Web Browser Security – it’s all about Web Browser fingerprinting.
  ๐Ÿ”ธ How’s My SSL? – help a web server developer learn what real world TLS clients were capable of.
  ๐Ÿ”ธ sslClientInfo – client test (incl TLSv1.3 information).


  ๐Ÿ”ธ SSLLabs Server Test – performs a deep analysis of the configuration of any SSL web server.
  ๐Ÿ”ธ SSLLabs Server Test (DEV) – performs a deep analysis of the configuration of any SSL web server.
  ๐Ÿ”ธ ImmuniWebยฎ SSLScan – test SSL/TLS (PCI DSS, HIPAA and NIST).
  ๐Ÿ”ธ SSL Check – scan your website for non-secure content.
  ๐Ÿ”ธ SSL Scanner – analyze website security.
  ๐Ÿ”ธ CryptCheck – test your TLS server configuration (e.g. ciphers).
  ๐Ÿ”ธ – service to scan and analyse websites.
  ๐Ÿ”ธ Report URI – monitoring security policies like CSP and HPKP.
  ๐Ÿ”ธ CSP Evaluator – allows developers and security experts to check if a Content Security Policy.
  ๐Ÿ”ธ Useless CSP – public list about CSP in some big players (might make them care a bit more).
  ๐Ÿ”ธ Why No HTTPS? – top 100 websites by Alexa rank not automatically redirecting insecure requests.
  ๐Ÿ”ธ TLS Cipher Suite Search– cipher suite search engine.
  ๐Ÿ”ธ – strong ciphers for Apache, Nginx, Lighttpd, and more.*
  ๐Ÿ”ธ dhtool – public Diffie-Hellman parameter service/tool.
  ๐Ÿ”ธ – memorable site for testing clients against bad SSL configs.
  ๐Ÿ”ธ – registered for various tests regarding the TLS/SSL protocol.
  ๐Ÿ”ธ CAA Record Helper – generate a CAA policy.
  ๐Ÿ”ธ Common CA Database – repository of information about CAs, and their root and intermediate certificates.
  ๐Ÿ”ธ CERTSTREAM – real-time certificate transparency log update stream.
  ๐Ÿ”ธ – discovers certificates by continually monitoring all of the publicly known CT.
  ๐Ÿ”ธ Hardenize – deploy the security standards.
  ๐Ÿ”ธ Cipher suite compatibility – test TLS cipher suite compatibility.
  ๐Ÿ”ธ urlvoid – this service helps you detect potentially malicious websites.
  ๐Ÿ”ธ security.txt – a proposed standard (generator) which allows websites to define security policies.
  ๐Ÿ”ธ ssl-config-generator – help you follow the Mozilla Server Side TLS configuration guidelines.

HTTP Headers & Web Linters

  ๐Ÿ”ธ Security Headers – analyse the HTTP response headers (with rating system to the results).
  ๐Ÿ”ธ Observatory by Mozilla – set of tools to analyze your website.
  ๐Ÿ”ธ webhint – is a linting tool that will help you with your site’s accessibility, speed, security, and more.


  ๐Ÿ”ธ ViewDNS – one source for free DNS related tools and information.
  ๐Ÿ”ธ DNSLookup – is an advanced DNS lookup tool.
  ๐Ÿ”ธ DNSlytics – online DNS investigation tool.
  ๐Ÿ”ธ DNS Spy – monitor, validate and verify your DNS configurations.
  ๐Ÿ”ธ Zonemaster – helps you to control how your DNS works.
  ๐Ÿ”ธ Leaf DNS – comprehensive DNS tester.
  ๐Ÿ”ธ Find subdomains online – find subdomains for security assessment penetration test.
  ๐Ÿ”ธ DNSdumpster – dns recon & research, find & lookup dns records.
  ๐Ÿ”ธ DNS Table online – search for DNS records by domain, IP, CIDR, ISP.
  ๐Ÿ”ธ intoDNS – DNS and mail server health checker.
  ๐Ÿ”ธ DNS Bajaj – check the delegation of your domain.
  ๐Ÿ”ธ BuddyDNS Delegation LAB – check, trace and visualize delegation of your domain.
  ๐Ÿ”ธ dnssec-debugger – DS or DNSKEY records validator.
  ๐Ÿ”ธ – this site is responsible for the safekeeping of historical reverse DNS records.
  ๐Ÿ”ธ – wildcard DNS for everyone.
  ๐Ÿ”ธ – dead simple wildcard DNS for any IP Address.
  ๐Ÿ”ธ dnslookup (ceipam) – one of the best DNS propagation checker (and not only).
  ๐Ÿ”ธ What’s My DNS – DNS propagation checking tool.
  ๐Ÿ”ธ DNSGrep – quickly searching large DNS datasets.


  ๐Ÿ”ธ Netcraft – detailed report about the site, helping you to make informed choices about their integrity.*
  ๐Ÿ”ธ RIPE NCC Atlas – a global, open, distributed Internet measurement platform.
  ๐Ÿ”ธ Robtex – uses various sources to gather public information about IP numbers, domain names, host names, etc.
  ๐Ÿ”ธ Security Trails – APIs for Security Companies, Researchers and Teams.
  ๐Ÿ”ธ Online Curl – curl test, analyze HTTP Response Headers.
  ๐Ÿ”ธ Online Tools for Developers – HTTP API tools, testers, encoders, converters, formatters, and other tools.
  ๐Ÿ”ธ – online Ping, Traceroute, DNS lookup, WHOIS and others.
  ๐Ÿ”ธ Network-Tools – network tools for webmasters, IT technicians & geeks.
  ๐Ÿ”ธ BGPview – search for any ASN, IP, Prefix or Resource name.
  ๐Ÿ”ธ Is BGP safe yet? – check BGP (RPKI) security of ISPs and other major Internet players.
  ๐Ÿ”ธ Riseup – provides online communication tools for people and groups working on liberatory social change.
  ๐Ÿ”ธ VirusTotal – analyze suspicious files and URLs to detect types of malware.


  ๐Ÿ”ธ – provides knowledge and tools to protect your privacy against global mass surveillance.
  ๐Ÿ”ธ DNS Privacy Test Servers – DNS privacy recursive servers list (with a ‘no logging’ policy).

Encoders/Decoders and Regex testing

  ๐Ÿ”ธ URL Encode/Decode – tool from above to either encode or decode a string of text.
  ๐Ÿ”ธ Uncoder – the online translator for search queries on log data.
  ๐Ÿ”ธ Regex101 – online regex tester and debugger: PHP, PCRE, Python, Golang and JavaScript.
  ๐Ÿ”ธ RegExr – online tool to learn, build, & test Regular Expressions (RegEx / RegExp).
  ๐Ÿ”ธ RegEx Testing – online regex testing tool.
  ๐Ÿ”ธ RegEx Pal – online regex testing tool + other tools.
  ๐Ÿ”ธ The Cyber Swiss Army Knife – a web app for encryption, encoding, compression and data analysis



  ๐Ÿ”ธ have i been pwned? – check if you have an account that has been compromised in a data breach.
  ๐Ÿ”ธ dehashed – is a hacked database search engine.
  ๐Ÿ”ธ Leaked Source – is a collaboration of data found online in the form of a lookup.

CVE/Exploits databases

  ๐Ÿ”ธ CVE Mitre – list of publicly known cybersecurity vulnerabilities.
  ๐Ÿ”ธ CVE Details – CVE security vulnerability advanced database.
  ๐Ÿ”ธ Exploit DB – CVE compliant archive of public exploits and corresponding vulnerable software.
  ๐Ÿ”ธ – exploits market provides you the possibility to buy/sell zero-day exploits.
  ๐Ÿ”ธ sploitus – the exploit and tools database.
  ๐Ÿ”ธ cxsecurity – free vulnerability database.
  ๐Ÿ”ธ Vulncode-DB – is a database for vulnerabilities and their corresponding source code if available.
  ๐Ÿ”ธ cveapi – free API for CVE data.


  ๐Ÿ”ธ Keybase – it’s open source and powered by public-key cryptography.

PGP Keyservers

  ๐Ÿ”ธ SKS OpenPGP Key server – services for the SKS keyservers used by OpenPGP.

HTTP(s) Services

  ๐Ÿ”ธ Varnish Cache – HTTP accelerator designed for content-heavy dynamic web sites.
  ๐Ÿ”ธ Nginx – open source web and reverse proxy server that is similar to Apache, but very light weight.
  ๐Ÿ”ธ OpenResty – is a dynamic web platform based on NGINX and LuaJIT.
  ๐Ÿ”ธ Tengine – a distribution of Nginx with some advanced features.
  ๐Ÿ”ธ Caddy Server – is an open source, HTTP/2-enabled web server with HTTPS by default.
  ๐Ÿ”ธ HAProxy – the reliable, high performance TCP/HTTP load balancer.

DNS Services

  ๐Ÿ”ธ Unbound – validating, recursive, and caching DNS resolver (with TLS).
  ๐Ÿ”ธ Knot Resolver – caching full resolver implementation, including both a resolver library and a daemon.
  ๐Ÿ”ธ PowerDNS – is an open source authoritative DNS server, written in C++ and licensed under the GPL.

Other Services

  ๐Ÿ”ธ 3proxy – tiny free proxy server.


  ๐Ÿ”ธ Emerald Onion – is a 501(c)(3) nonprofit organization and transit internet service provider (ISP).
  ๐Ÿ”ธ pi-hole – the Pi-holeยฎ is a DNS sinkhole that protects your devices from unwanted content.
  ๐Ÿ”ธ maltrail – malicious traffic detection system.
  ๐Ÿ”ธ security_monkey – monitors AWS, GCP, OpenStack, and GitHub orgs for assets and their changes over time.
  ๐Ÿ”ธ firecracker – secure and fast microVMs for serverless computing.
  ๐Ÿ”ธ streisand – sets up a new server running your choice of WireGuard, OpenSSH, OpenVPN, and more.


  ๐Ÿ”ธ CapAnalysis – web visual tool to analyze large amounts of captured network traffic (PCAP analyzer).
  ๐Ÿ”ธ netbox – IP address management (IPAM) and data center infrastructure management (DCIM) tool.

โ–ช๏ธ Labs

  ๐Ÿ”ธ NRE Labs – learn automation by doing it. Right now, right here, in your browser.

โ–ช๏ธ Other

  ๐Ÿ”ธ LBNL’s Network Research Group – home page of the Network Research Group (NRG).

Rajesh Kumar
Follow me