Open source security tools list

by Dutchie2020on 11/17/20, 3:57 AMwith 23 comments
by lucideeron 11/17/20, 12:11 PM

A lot of these "awesome" lists are maybe reasonably OK on first-publish, but ultimately become useless due to:

1. Lack of curation (focus on including everything rather than being opinionated)

2. Lack of updates (tools get out of date fast, especially in long lists that try and include everything).

However, THIS list is different. This list is BAD on first publish. Most of the categories are not even remotely security related ("Project Management") or at least not explicitly so ("Supply Chain Management" / "Docker UI" / "Configuration Management"). Yeah sure, some of the latter will be useful for blue teams, but noone on any blue team is going to be searching for those tools under the keyword "security".

Beyond the above, things get worse: the formatting is hopeless, many of the tools are not open-source at all, and while including a lot of irrelevant non-security-related stuff, it omits many obvious well-known security tools.

Flagged for marketing this as "Open source"

by justin_oakson 11/17/20, 6:39 AM

I find such lists nigh unto useless. I don't have time to evaluate each project to see which one is the right fit for my needs.

We'd be better off if people did a deep dive analysis of just one of those categories.

I suspect that whoever constructs these types of lists does NOT have experience with each project, and thus there's bound to be plenty of projects that don't deserve to be on the list because they're just not ready for production usage.

by bertmanon 11/17/20, 9:08 AM

  strg+f Wireguard: 0/0
I guess maintaining recommendation lists is hard.

by pure-xxon 11/17/20, 12:27 PM

I try to do something similar with Threat Intel / OSINT tooling at http://www.threat-intel.xyz. List gets regular updated and curated by hand.

by globular-toaston 11/17/20, 1:51 PM

This has the lowest signal to noise ratio of any of these lists of I've seen so far. That entire project management section should go. The entire section on configuration management should go. There are probably some good tools here but I'm not going to click on each and every one just in case it's something more interesting than Trello.

by daluon 11/17/20, 10:54 AM

Yesterday I needed a regex fuzzer but couldn't find any (except some Windows SDL whatever that means, I'm not developing on Windows) In the end I just created a very limited whitelist of input characters allowed and didn't use a "security tool"

by xaldiron 11/17/20, 10:54 AM

> open source

First tool: Trello

Hmm okay

by studentikon 11/17/20, 1:31 PM

Cool list! Gives general ideas on what to take into account when dealing with security

by 1MachineElfon 11/17/20, 2:31 PM

Curious to see the pfSense firewall appliance OS filed under "Anti-Virus"

by monkinon 11/17/20, 8:40 AM

That’s one badly formatted list.