Top 51 free open source tools for system network, DNS, HTTP, SSL & Security for software engineers


  ๐Ÿ”ธ PuTTY – is an SSH and telnet client, developed originally by Simon Tatham.
  ๐Ÿ”ธ Mosh – is a SSH wrapper designed to keep a SSH session alive over a volatile connection.
  ๐Ÿ”ธ Eternal Terminal – enables mouse-scrolling and tmux commands inside the SSH session.
  ๐Ÿ”ธ nmap – is a free and open source (license) utility for network discovery and security auditing.
  ๐Ÿ”ธ zmap – is a fast single packet network scanner designed for Internet-wide network surveys.
  ๐Ÿ”ธ Rust Scan – to find all open ports faster than Nmap.
  ๐Ÿ”ธ masscan – is the fastest Internet port scanner, spews SYN packets asynchronously.
  ๐Ÿ”ธ pbscan – is a faster and more efficient stateless SYN scanner and banner grabber.
  ๐Ÿ”ธ hping – is a command-line oriented TCP/IP packet assembler/analyzer.
  ๐Ÿ”ธ mtr – is a tool that combines the functionality of the ‘traceroute’ and ‘ping’ programs in a single tool.
  ๐Ÿ”ธ mylg – utility which combines the functions of the different network probes in one diagnostic tool.
  ๐Ÿ”ธ netcat – utility which reads and writes data across network connections, using the TCP/IP protocol.
  ๐Ÿ”ธ tcpdump – is a powerful command-line packet analyzer.
  ๐Ÿ”ธ tshark – is a tool that allows us to dump and analyze network traffic (wireshark cli).
  ๐Ÿ”ธ Termshark – is a simple terminal user-interface for tshark.
  ๐Ÿ”ธ ngrep – is like GNU grep applied to the network layer.
  ๐Ÿ”ธ netsniff-ng – is a Swiss army knife for your daily Linux network plumbing if you will.
  ๐Ÿ”ธ sockdump – dump unix domain socket traffic.
  ๐Ÿ”ธ stenographer – is a packet capture solution which aims to quickly spool all packets to disk.
  ๐Ÿ”ธ tcpterm – visualize packets in TUI.
  ๐Ÿ”ธ bmon – is a monitoring and debugging tool to capture networking related statistics and prepare them visually.
  ๐Ÿ”ธ iptraf-ng – is a console-based network monitoring program for Linux that displays information about IP traffic.
  ๐Ÿ”ธ vnstat – is a network traffic monitor for Linux and BSD.
  ๐Ÿ”ธ iPerf3 – is a tool for active measurements of the maximum achievable bandwidth on IP networks.
  ๐Ÿ”ธ ethr – is a Network Performance Measurement Tool for TCP, UDP & HTTP.
  ๐Ÿ”ธ Etherate – is a Linux CLI based Ethernet and MPLS traffic testing tool.
  ๐Ÿ”ธ echoip – is a IP address lookup service.
  ๐Ÿ”ธ Nemesis – packet manipulation CLI tool; craft and inject packets of several protocols.
  ๐Ÿ”ธ packetfu – a mid-level packet manipulation library for Ruby.
  ๐Ÿ”ธ Scapy – packet manipulation library; forge, send, decode, capture packets of a wide number of protocols.
  ๐Ÿ”ธ impacket – is a collection of Python classes for working with network protocols.
  ๐Ÿ”ธ ssh-audit – is a tool for SSH server auditing.
  ๐Ÿ”ธ aria2 – is a lightweight multi-protocol & multi-source command-line download utility.
  ๐Ÿ”ธ iptables-tracer – observe the path of packets through the iptables chains.
  ๐Ÿ”ธ inception – a highly configurable tool to check for whatever you like against any number of hosts.

Network (DNS)

  ๐Ÿ”ธ dnsdiag – is a DNS diagnostics and performance measurement tools.
  ๐Ÿ”ธ fierce – is a DNS reconnaissance tool for locating non-contiguous IP space.
  ๐Ÿ”ธ subfinder – is a subdomain discovery tool that discovers valid subdomains for websites.
  ๐Ÿ”ธ sublist3r – is a fast subdomains enumeration tool for penetration testers.
  ๐Ÿ”ธ amass – is tool that obtains subdomain names by scraping data sources, crawling web archives, and more.
  ๐Ÿ”ธ namebench – provides personalized DNS server recommendations based on your browsing history.
  ๐Ÿ”ธ massdns – is a high-performance DNS stub resolver for bulk lookups and reconnaissance.
  ๐Ÿ”ธ knock – is a tool to enumerate subdomains on a target domain through a wordlist.
  ๐Ÿ”ธ dnsperf – DNS performance testing tools.
  ๐Ÿ”ธ dnscrypt-proxy 2 – a flexible DNS proxy, with support for encrypted DNS protocols.
  ๐Ÿ”ธ dnsdbq – API client providing access to passive DNS database systems.
  ๐Ÿ”ธ grimd – fast dns proxy, built to black-hole internet advertisements and malware servers.

Network (HTTP)

  ๐Ÿ”ธ curl – is a command line tool and library for transferring data with URLs.
  ๐Ÿ”ธ kurly – is an alternative to the widely popular curl program, written in Golang.
  ๐Ÿ”ธ HTTPie – is an user-friendly HTTP client.
  ๐Ÿ”ธ wuzz – is an interactive cli tool for HTTP inspection.
  ๐Ÿ”ธ h2spec – is a conformance testing tool for HTTP/2 implementation.
  ๐Ÿ”ธ h2t – is a simple tool to help sysadmins to hardening their websites.
  ๐Ÿ”ธ – is a simple Swiss Army knife for http/https troubleshooting and profiling.
  ๐Ÿ”ธ httpstat – is a tool that visualizes curl statistics in a way of beauty and clarity.
  ๐Ÿ”ธ httplab – is an interactive web server.
  ๐Ÿ”ธ Lynx – is a text browser for the World Wide Web.
  ๐Ÿ”ธ Browsh – is a fully interactive, real-time, and modern text-based browser.
  ๐Ÿ”ธ HeadlessBrowsers – a list of (almost) all headless web browsers in existence.
  ๐Ÿ”ธ ab – is a single-threaded command line tool for measuring the performance of HTTP web servers.
  ๐Ÿ”ธ siege – is an http load testing and benchmarking utility.
  ๐Ÿ”ธ wrk – is a modern HTTP benchmarking tool capable of generating significant load.
  ๐Ÿ”ธ wrk2 – is a constant throughput, correct latency recording variant of wrk.
  ๐Ÿ”ธ vegeta – is a constant throughput, correct latency recording variant of wrk.
  ๐Ÿ”ธ bombardier – is a fast cross-platform HTTP benchmarking tool written in Go.
  ๐Ÿ”ธ gobench – http/https load testing and benchmarking tool.
  ๐Ÿ”ธ hey – HTTP load generator, ApacheBench (ab) replacement, formerly known as rakyll/boom.
  ๐Ÿ”ธ boom – is a script you can use to quickly smoke-test your web app deployment.
  ๐Ÿ”ธ SlowHTTPTest – is a tool that simulates some Application Layer Denial of Service attacks by prolonging HTTP.
  ๐Ÿ”ธ gobuster – is a free and open source directory/file & DNS busting tool written in Go.
  ๐Ÿ”ธ ssllabs-scan – command-line reference-implementation client for SSL Labs APIs.
  ๐Ÿ”ธ http-observatory – Mozilla HTTP Observatory cli version.


  ๐Ÿ”ธ openssl – is a robust, commercial-grade, and full-featured toolkit for the TLS and SSL protocols.
  ๐Ÿ”ธ gnutls-cli – client program to set up a TLS connection to some other computer.
  ๐Ÿ”ธ sslyze – fast and powerful SSL/TLS server scanning library.
  ๐Ÿ”ธ sslscan – tests SSL/TLS enabled services to discover supported cipher suites.
  ๐Ÿ”ธ – testing TLS/SSL encryption anywhere on any port.
  ๐Ÿ”ธ cipherscan – a very simple way to find out which SSL ciphersuites are supported by a target.
  ๐Ÿ”ธ spiped – is a utility for creating symmetrically encrypted and authenticated pipes between socket addresses.
  ๐Ÿ”ธ Certbot – is EFF’s tool to obtain certs from Let’s Encrypt and (optionally) auto-enable HTTPS on your server.
  ๐Ÿ”ธ mkcert – simple zero-config tool to make locally trusted development certificates with any names you’d like.
  ๐Ÿ”ธ certstrap – tools to bootstrap CAs, certificate requests, and signed certificates.
  ๐Ÿ”ธ Sublert – is a security and reconnaissance tool to automatically monitor new subdomains.
  ๐Ÿ”ธ mkchain – open source tool to help you build a valid SSL certificate chain.


  ๐Ÿ”ธ SELinux – provides a flexible Mandatory Access Control (MAC) system built into the Linux kernel.
  ๐Ÿ”ธ AppArmor – proactively protects the operating system and applications from external or internal threats.
  ๐Ÿ”ธ grapheneX – Automated System Hardening Framework.
  ๐Ÿ”ธ DevSec Hardening Framework – Security + DevOps: Automatic Server Hardening.


  ๐Ÿ”ธ Nipe – script to make Tor Network your default gateway.
  ๐Ÿ”ธ multitor – a tool that lets you create multiple TOR instances with a load-balancing.


  ๐Ÿ”ธ Wireshark – is the worldโ€™s foremost and widely-used network protocol analyzer.
  ๐Ÿ”ธ Ettercap – is a comprehensive network monitor tool.
  ๐Ÿ”ธ EtherApe – is a graphical network monitoring solution.
  ๐Ÿ”ธ Packet Sender – is a networking utility for packet generation and built-in UDP/TCP/SSL client and servers.
  ๐Ÿ”ธ Ostinato – is a packet crafter and traffic generator.
  ๐Ÿ”ธ JMeterโ„ข – open source software to load test functional behavior and measure performance.
  ๐Ÿ”ธ locust – scalable user load testing tool written in Python.


  ๐Ÿ”ธ SSL/TLS Capabilities of Your Browser – test your browser’s SSL implementation.
  ๐Ÿ”ธ Can I use – provides up-to-date browser support tables for support of front-end web technologies.
  ๐Ÿ”ธ Panopticlick 3.0 – is your browser safe against tracking?
  ๐Ÿ”ธ Privacy Analyzer – see what data is exposed from your browser.
  ๐Ÿ”ธ Web Browser Security – it’s all about Web Browser fingerprinting.
  ๐Ÿ”ธ How’s My SSL? – help a web server developer learn what real world TLS clients were capable of.
  ๐Ÿ”ธ sslClientInfo – client test (incl TLSv1.3 information).


  ๐Ÿ”ธ SSLLabs Server Test – performs a deep analysis of the configuration of any SSL web server.
  ๐Ÿ”ธ SSLLabs Server Test (DEV) – performs a deep analysis of the configuration of any SSL web server.
  ๐Ÿ”ธ ImmuniWebยฎ SSLScan – test SSL/TLS (PCI DSS, HIPAA and NIST).
  ๐Ÿ”ธ SSL Check – scan your website for non-secure content.
  ๐Ÿ”ธ SSL Scanner – analyze website security.
  ๐Ÿ”ธ CryptCheck – test your TLS server configuration (e.g. ciphers).
  ๐Ÿ”ธ – service to scan and analyse websites.
  ๐Ÿ”ธ Report URI – monitoring security policies like CSP and HPKP.
  ๐Ÿ”ธ CSP Evaluator – allows developers and security experts to check if a Content Security Policy.
  ๐Ÿ”ธ Useless CSP – public list about CSP in some big players (might make them care a bit more).
  ๐Ÿ”ธ Why No HTTPS? – top 100 websites by Alexa rank not automatically redirecting insecure requests.
  ๐Ÿ”ธ TLS Cipher Suite Search– cipher suite search engine.
  ๐Ÿ”ธ – strong ciphers for Apache, Nginx, Lighttpd, and more.*
  ๐Ÿ”ธ dhtool – public Diffie-Hellman parameter service/tool.
  ๐Ÿ”ธ – memorable site for testing clients against bad SSL configs.
  ๐Ÿ”ธ – registered for various tests regarding the TLS/SSL protocol.
  ๐Ÿ”ธ CAA Record Helper – generate a CAA policy.
  ๐Ÿ”ธ Common CA Database – repository of information about CAs, and their root and intermediate certificates.
  ๐Ÿ”ธ CERTSTREAM – real-time certificate transparency log update stream.
  ๐Ÿ”ธ – discovers certificates by continually monitoring all of the publicly known CT.
  ๐Ÿ”ธ Hardenize – deploy the security standards.
  ๐Ÿ”ธ Cipher suite compatibility – test TLS cipher suite compatibility.
  ๐Ÿ”ธ urlvoid – this service helps you detect potentially malicious websites.
  ๐Ÿ”ธ security.txt – a proposed standard (generator) which allows websites to define security policies.
  ๐Ÿ”ธ ssl-config-generator – help you follow the Mozilla Server Side TLS configuration guidelines.

HTTP Headers & Web Linters

  ๐Ÿ”ธ Security Headers – analyse the HTTP response headers (with rating system to the results).
  ๐Ÿ”ธ Observatory by Mozilla – set of tools to analyze your website.
  ๐Ÿ”ธ webhint – is a linting tool that will help you with your site’s accessibility, speed, security, and more.


  ๐Ÿ”ธ ViewDNS – one source for free DNS related tools and information.
  ๐Ÿ”ธ DNSLookup – is an advanced DNS lookup tool.
  ๐Ÿ”ธ DNSlytics – online DNS investigation tool.
  ๐Ÿ”ธ DNS Spy – monitor, validate and verify your DNS configurations.
  ๐Ÿ”ธ Zonemaster – helps you to control how your DNS works.
  ๐Ÿ”ธ Leaf DNS – comprehensive DNS tester.
  ๐Ÿ”ธ Find subdomains online – find subdomains for security assessment penetration test.
  ๐Ÿ”ธ DNSdumpster – dns recon & research, find & lookup dns records.
  ๐Ÿ”ธ DNS Table online – search for DNS records by domain, IP, CIDR, ISP.
  ๐Ÿ”ธ intoDNS – DNS and mail server health checker.
  ๐Ÿ”ธ DNS Bajaj – check the delegation of your domain.
  ๐Ÿ”ธ BuddyDNS Delegation LAB – check, trace and visualize delegation of your domain.
  ๐Ÿ”ธ dnssec-debugger – DS or DNSKEY records validator.
  ๐Ÿ”ธ – this site is responsible for the safekeeping of historical reverse DNS records.
  ๐Ÿ”ธ – wildcard DNS for everyone.
  ๐Ÿ”ธ – dead simple wildcard DNS for any IP Address.
  ๐Ÿ”ธ dnslookup (ceipam) – one of the best DNS propagation checker (and not only).
  ๐Ÿ”ธ What’s My DNS – DNS propagation checking tool.
  ๐Ÿ”ธ DNSGrep – quickly searching large DNS datasets.


  ๐Ÿ”ธ Netcraft – detailed report about the site, helping you to make informed choices about their integrity.*
  ๐Ÿ”ธ RIPE NCC Atlas – a global, open, distributed Internet measurement platform.
  ๐Ÿ”ธ Robtex – uses various sources to gather public information about IP numbers, domain names, host names, etc.
  ๐Ÿ”ธ Security Trails – APIs for Security Companies, Researchers and Teams.
  ๐Ÿ”ธ Online Curl – curl test, analyze HTTP Response Headers.
  ๐Ÿ”ธ Online Tools for Developers – HTTP API tools, testers, encoders, converters, formatters, and other tools.
  ๐Ÿ”ธ – online Ping, Traceroute, DNS lookup, WHOIS and others.
  ๐Ÿ”ธ Network-Tools – network tools for webmasters, IT technicians & geeks.
  ๐Ÿ”ธ BGPview – search for any ASN, IP, Prefix or Resource name.
  ๐Ÿ”ธ Is BGP safe yet? – check BGP (RPKI) security of ISPs and other major Internet players.
  ๐Ÿ”ธ Riseup – provides online communication tools for people and groups working on liberatory social change.
  ๐Ÿ”ธ VirusTotal – analyze suspicious files and URLs to detect types of malware.


  ๐Ÿ”ธ – provides knowledge and tools to protect your privacy against global mass surveillance.
  ๐Ÿ”ธ DNS Privacy Test Servers – DNS privacy recursive servers list (with a ‘no logging’ policy).

Encoders/Decoders and Regex testing

  ๐Ÿ”ธ URL Encode/Decode – tool from above to either encode or decode a string of text.
  ๐Ÿ”ธ Uncoder – the online translator for search queries on log data.
  ๐Ÿ”ธ Regex101 – online regex tester and debugger: PHP, PCRE, Python, Golang and JavaScript.
  ๐Ÿ”ธ RegExr – online tool to learn, build, & test Regular Expressions (RegEx / RegExp).
  ๐Ÿ”ธ RegEx Testing – online regex testing tool.
  ๐Ÿ”ธ RegEx Pal – online regex testing tool + other tools.
  ๐Ÿ”ธ The Cyber Swiss Army Knife – a web app for encryption, encoding, compression and data analysis



  ๐Ÿ”ธ have i been pwned? – check if you have an account that has been compromised in a data breach.
  ๐Ÿ”ธ dehashed – is a hacked database search engine.
  ๐Ÿ”ธ Leaked Source – is a collaboration of data found online in the form of a lookup.

CVE/Exploits databases

  ๐Ÿ”ธ CVE Mitre – list of publicly known cybersecurity vulnerabilities.
  ๐Ÿ”ธ CVE Details – CVE security vulnerability advanced database.
  ๐Ÿ”ธ Exploit DB – CVE compliant archive of public exploits and corresponding vulnerable software.
  ๐Ÿ”ธ – exploits market provides you the possibility to buy/sell zero-day exploits.
  ๐Ÿ”ธ sploitus – the exploit and tools database.
  ๐Ÿ”ธ cxsecurity – free vulnerability database.
  ๐Ÿ”ธ Vulncode-DB – is a database for vulnerabilities and their corresponding source code if available.
  ๐Ÿ”ธ cveapi – free API for CVE data.


  ๐Ÿ”ธ Keybase – it’s open source and powered by public-key cryptography.

PGP Keyservers

  ๐Ÿ”ธ SKS OpenPGP Key server – services for the SKS keyservers used by OpenPGP.

HTTP(s) Services

  ๐Ÿ”ธ Varnish Cache – HTTP accelerator designed for content-heavy dynamic web sites.
  ๐Ÿ”ธ Nginx – open source web and reverse proxy server that is similar to Apache, but very light weight.
  ๐Ÿ”ธ OpenResty – is a dynamic web platform based on NGINX and LuaJIT.
  ๐Ÿ”ธ Tengine – a distribution of Nginx with some advanced features.
  ๐Ÿ”ธ Caddy Server – is an open source, HTTP/2-enabled web server with HTTPS by default.
  ๐Ÿ”ธ HAProxy – the reliable, high performance TCP/HTTP load balancer.

DNS Services

  ๐Ÿ”ธ Unbound – validating, recursive, and caching DNS resolver (with TLS).
  ๐Ÿ”ธ Knot Resolver – caching full resolver implementation, including both a resolver library and a daemon.
  ๐Ÿ”ธ PowerDNS – is an open source authoritative DNS server, written in C++ and licensed under the GPL.

Other Services

  ๐Ÿ”ธ 3proxy – tiny free proxy server.


  ๐Ÿ”ธ Emerald Onion – is a 501(c)(3) nonprofit organization and transit internet service provider (ISP).
  ๐Ÿ”ธ pi-hole – the Pi-holeยฎ is a DNS sinkhole that protects your devices from unwanted content.
  ๐Ÿ”ธ maltrail – malicious traffic detection system.
  ๐Ÿ”ธ security_monkey – monitors AWS, GCP, OpenStack, and GitHub orgs for assets and their changes over time.
  ๐Ÿ”ธ firecracker – secure and fast microVMs for serverless computing.
  ๐Ÿ”ธ streisand – sets up a new server running your choice of WireGuard, OpenSSH, OpenVPN, and more.


  ๐Ÿ”ธ CapAnalysis – web visual tool to analyze large amounts of captured network traffic (PCAP analyzer).
  ๐Ÿ”ธ netbox – IP address management (IPAM) and data center infrastructure management (DCIM) tool.

โ–ช๏ธ Labs

  ๐Ÿ”ธ NRE Labs – learn automation by doing it. Right now, right here, in your browser.

โ–ช๏ธ Other

  ๐Ÿ”ธ LBNL’s Network Research Group – home page of the Network Research Group (NRG).

Rajesh Kumar
Follow me