Build your own SOC at home.

Open-source SIEM and XDR platform with built-in agents for endpoints and servers.

🔎 Vulnerability scanners

Find unpatched and misconfigured assets before attackers.

Nessus Essentials

Proprietary (free tier)

Tenable's industry-standard vulnerability scanner, free for up to 16 IPs.

Nuclei

Fast, template-based vulnerability scanner from ProjectDiscovery.

OpenVAS / Greenbone Community

Free, full-featured network vulnerability scanner with 100k+ NVTs.

Trivy

Container, filesystem, and IaC vulnerability scanner from Aqua Security.

🛰️ Network detection (NIDS/NDR)

Watch traffic for malicious behaviour at the wire.

Arkime

Full packet capture, indexed and searchable like a SIEM.

Suricata

High-performance open-source IDS/IPS with deep protocol inspection.

Zeek

BSD

Network analysis framework producing rich, structured protocol logs.

💻 Endpoint detection (EDR)

Visibility and response on every host.

LimaCharlie

Proprietary (free tier)

Cloud-managed EDR with a generous free tier — runs as SecOps infrastructure.

osquery

Query your operating system as if it were a database.

Velociraptor

DFIR-grade endpoint visibility and live hunting at fleet scale.

🗺️ Network scanning & recon

Map what you have. You can't protect what you can't see.

Masscan

Internet-scale port scanner. Scans a /16 in seconds.

Nmap

NPSL (open source)

The classic network mapper — port scanning, OS detection, service fingerprinting.

RustScan

GPLv3

Modern port scanner that pipes results straight into Nmap.

🧠 Threat intelligence

Aggregate, share, and operationalise IoCs.

Cortex

Observable analyser engine that powers TheHive's enrichments.

MISP

Threat intelligence platform for sharing IoCs and structured intel.

OpenCTI

STIX 2.1-native threat intelligence platform with a polished modern UI.

TheHive

Open-source security incident response platform — case management for SOC teams.

🍯 Honeypots & deception

Detect attackers by what they touch.

Canarytokens

Proprietary (free Community Edition)

Tripwire-style deception tokens that fire when an attacker touches them.

Cowrie

BSD

SSH and Telnet honeypot that records every keystroke from attackers.

T-Pot

GPLv3

All-in-one honeypot platform from Deutsche Telekom — 20+ honeypots in one box.

🌐 Web application security

Scan, fuzz, and audit your own web apps.

Burp Suite Community

The industry-standard intercept proxy — free for manual testing.

Nikto

Classic web server scanner — fast checks for known issues and misconfigurations.

OWASP ZAP

Free, full-featured web application security scanner from OWASP.

🔬 DFIR & forensics

Investigate when something goes wrong.

Autopsy

Common Public License + IBM Public License

GUI digital forensics platform built on The Sleuth Kit.

The Sleuth Kit

Command-line digital forensics library and tools — the engine behind Autopsy.

Volatility 3

Volatility Software License (BSD-style)

Industry-standard memory forensics framework.

🛡️ Network & identity defence

DNS filtering, IPS, and zero-trust connectivity.

CrowdSec

Community-driven IPS and behaviour-based threat detection.

Pi-hole

EUPL-1.2

Network-wide DNS sinkhole that blocks ads, trackers, and known malware domains.

WireGuard

Modern, fast, simple VPN — replaces OpenVPN and IPsec for most use cases.

🎣 Phishing & awareness

Run your own phishing simulations.

GoPhish

Self-hosted phishing simulation framework for security awareness testing.

swaks

Swiss Army Knife for SMTP — test mail server config, deliverability, and SPF/DKIM/DMARC.

☁️ Cloud & container security

Harden Kubernetes, containers, and cloud accounts.

Falco

Cloud-native runtime security — detect threats inside containers and Kubernetes.

kube-bench

Audit your Kubernetes cluster against the CIS Benchmark.

ScoutSuite