Best Open Source Security Tools of 2015 (and 2016)

Best Open Source Security Tools

Always looking for a better tool to help you in your work? If there is one website who knows what is happening in the field of security tools, it is ToolsWatch. The site covers new tools, and promotes existing projects when they release a new version.

Image of ToolsWatch about top 10 of open source security tools in 2015

Every year ToolsWatch ask their readers to vote for their favorite security tool. Here are the recent results of 2015:

  • 01 – OWASP ZAP – Zed Attack Proxy Project (+1↑)
  • 02 – Lynis (+1↑)
  • 03 – Haka (NEW)
  • 04 – Faraday (NEW)
  • 05 – BeEF – The Browser Exploitation Framework (-1↓)
  • 06 – Burp Suite (NEW)
  • 07 – PeStudio (-1↓)
  • 08 – Nmap (+2↑)
  • 09 – IDA Pro (NEW)
  • 10 – OWASP Offensive (Web) Testing Framework (-3↓)

As you can see the list contains a wide variety of tools. Most can be used on Linux systems, including our own security scanner Lynis!

See the details of the open source security tools of 2015 for more details.

More Open Source?

As an open source author, I regularly ask other developers how they think open source is impacting the world. Not so surprisingly, most have similar answers: Companies are no longer afraid of the risks of using open source projects, nor testing things out. In that area we see that some open source projects are more tailored to a particular niche, beating big commercial solutions. There is definitely a market for smaller open source projects, to fulfill the needs left by the big guys.

The Niche of Security Tools

The promotion of open source security tools is a niche in itself. Not many companies or initiatives like ToolsWatch cover them. This might be actually a good thing. Knowledge will be gathered at a few places, instead of scattered around the web. With this central location, people in need for a security tool can quicker find what they need.


We thank ToolsWatch for doing their yearly vote, and our voters for getting us a nice second place!

Automate security audits with Lynis and Lynis Enterprise
Lynis Enterprise screenshot to help with system hardening

This blog post is part of our Linux security series to get Linux (and Unix-based) systems more secure.

Daily security checks

Want to go to the next level of security scanning and system hardening? Start with automated security scans for Linux: Lynis and Lynis Enterprise.

Automate Scanning »


  • RonanRonan

    Thanks for the list Michael, great to see ZAP up there. Checking out a bunch of the others that you mentioned. Lots of new ones!

    Most of the things we’ve been using at have been AWS specific (like Netflix’s open Security Monkey project) on top of our own continuous integration testing – trying to automate more and more.


Leave a Reply

Your email address will not be published. Required fields are marked *