Cybersecurity student tools

Find the right tool for authorized practice and defensive work.

This directory groups common security tools by learning workflow. Use them only in labs, owned systems, CTFs, or environments where you have explicit permission.

Password Auditing Network Discovery Packet Analysis Web Security Web Discovery Analysis Lab Validation Reverse Engineering Forensics Wireless Security Authentication Testing Network Utilities Network Security Active Directory Vulnerability Scanning Practice Labs Exploit Development Research Wordlists OSINT Malware Analysis Cloud Security Container Security Practice Platforms Workflow Essentials Cryptography API Security AI Security
Responsible use: These tools can be dual-use. The descriptions here stay high level and focus on legal education, analysis, and defensive security.

Cybersecurity operating systems

15 options

Debian

Kali Linux

General penetration testing, CTF practice, web testing, wireless labs, and security training.

Best fit

Start here when you want the most common learning environment and broad documentation.

Official site

Debian

Parrot OS

Security labs, privacy-aware desktop work, forensics basics, and development.

Best fit

Good when you want a security-focused daily lab desktop with privacy tools included.

Official site

Arch Linux

BlackArch Linux

Large penetration-testing tool repository, Arch-based labs, and advanced tool exploration.

Best fit

Best for users already comfortable with Arch Linux and manual system maintenance.

Official site

Gentoo

Pentoo

Live security testing environment, wireless work, exploit development, and low-level tuning.

Best fit

Useful when you want a Gentoo-based security distro and are comfortable with deeper Linux control.

Official site

Ubuntu

BackBox Linux

Security assessment, analysis, privacy, and lightweight lab workflows.

Best fit

Good for learners who prefer an Ubuntu-based desktop with selected security tools.

Official site

Ubuntu

CAINE

Digital forensics, evidence handling, incident analysis, and recovery labs.

Best fit

Choose this for forensic workflows instead of general penetration testing.

Official site

Ubuntu

REMnux

Malware analysis, reverse engineering support, suspicious document analysis, and memory artifacts.

Best fit

Use in an isolated lab when studying malware behavior and analysis tooling.

Official site

Windows

FLARE VM

Windows malware analysis, reverse engineering, forensics, debugging, and suspicious-file triage.

Best fit

Choose this when your lab needs Windows-native malware and reverse-engineering tools.

Official site

Debian family

Ubuntu / Debian

General Linux learning, manual tool installation, scripting, networking, and server fundamentals.

Best fit

Best when you want to build Linux understanding before relying on a preloaded security distro.

Official site

Ubuntu

SIFT Workstation

Incident response, disk forensics, memory forensics, and timeline analysis.

Best fit

Best for blue-team investigation labs and structured forensic case work.

Official site

Ubuntu

Security Onion

Network security monitoring, IDS workflows, packet capture, logs, and threat hunting.

Best fit

Use when you want to build a defensive monitoring lab instead of a pentest desktop.

Official site

Debian

Tails

Amnesic live sessions, privacy practice, Tor workflows, and sensitive browsing labs.

Best fit

Good for learning privacy concepts; not a full penetration-testing distribution.

Official site

Debian

Whonix

Tor isolation, privacy research, compartmentalized browsing, and anonymity education.

Best fit

Use when traffic isolation and privacy architecture are the main learning goal.

Official site

Fedora-based compartments

Qubes OS

Security compartmentalization, isolated workflows, and high-risk research separation.

Best fit

Best for advanced users who want strong isolation between tasks and virtual machines.

Official site

Windows

Commando VM

Windows-based offensive security labs, Active Directory testing, and Windows tooling.

Best fit

Choose this when your lab needs Windows-native tools instead of a Linux distro.

Official site

Virtual lab platforms

6 options

Free desktop hypervisor

VirtualBox

Run Kali, Parrot, BlackArch, REMnux, Windows, and other lab machines on one computer.

Best fit

Best first choice for students because it is free, common, and easy to use for snapshots and practice VMs.

Official site

Desktop hypervisor

VMware Workstation

Run Linux, Windows, and BSD virtual machines with strong VM management for cybersecurity labs.

Best fit

Good when you want a polished VM experience, stable networking options, and compatibility with many prebuilt lab images.

Official site

macOS desktop hypervisor

VMware Fusion

Run Kali, Windows, REMnux, and other lab VMs on macOS hosts.

Best fit

Best for Mac users who need a VMware-style VM workflow for local cybersecurity labs.

Official site

Linux-native virtualization

QEMU + KVM

Run hardware-accelerated virtual machines on Linux hosts with strong performance and control.

Best fit

Good for Linux users who want fast local labs and are comfortable with deeper VM configuration.

Official site

Bare-metal lab hypervisor

Proxmox VE

Build a dedicated home lab server with full VMs, LXC containers, snapshots, and virtual networks.

Best fit

Best when you have spare hardware and want a more realistic multi-machine lab environment.

Official site

Windows virtualization

Hyper-V

Run Windows and Linux lab VMs on supported Windows Pro, Enterprise, and Education systems.

Best fit

Good for Windows-first labs, WSL2 users, and Microsoft ecosystem practice.

Official site

Programming languages

10 languages

Must learn

Python 3

Used for exploit scripts, automation, network tools, fuzzers, data analysis, and security libraries like Scapy, pwntools, and Impacket.

All areas

Start here for cybersecurity scripting, automation, and fast proof-of-concept work.

Must learn

Bash / Shell

Essential for Linux automation, command pipelines, recon one-liners, log parsing, and quick lab harnesses.

Linux, automation

Learn early because nearly every Linux security workflow touches the shell.

Important

C / C++

Low-level languages for understanding memory, buffer overflows, shellcode, OS internals, firmware, and network stacks.

Exploit development, reverse engineering

Pick this when moving into systems security, binary exploitation, firmware, or vulnerability research.

Important

x86 Assembly

Helps you read disassembly, understand CPU-level behavior, debug binaries, and reason about ROP chains.

Reverse engineering, malware analysis

Learn enough to follow Ghidra, IDA, x64dbg, and debugger output during RE labs.

Important

JavaScript

Core client-side language for understanding XSS, DOM-based bugs, browser behavior, and modern web app attack surface.

Web hacking

Focus here if you want web app testing, bug bounty, or frontend security skills.

Important

SQL

Needed to understand SQL injection, joins, UNION queries, stored procedures, and secure database access patterns.

Web hacking, databases

Learn alongside web security so you can both exploit and fix data-layer vulnerabilities.

Useful

PowerShell

Used for Windows administration, Active Directory enumeration, automation, incident response, and living-off-the-land concepts.

Windows, red team, defense

Important for Windows security, SOC work, Active Directory labs, and enterprise environments.

Useful

Go

Compiles to standalone binaries and is used by many modern security tools such as Nuclei, Naabu, and Gobuster.

Tool development

Good when you want fast, portable security tooling and simple deployment.

Useful

Rust

Memory-safe systems language useful for secure tooling, systems programming, and reducing memory-corruption bugs.

Systems, secure development

Good long-term choice for safer systems software and modern security engineering.

Useful

PHP

Common server-side web language where issues like file inclusion, injection, deserialization, and legacy CMS risks appear.

Web hacking

Useful for WordPress, older web apps, CTFs, and understanding common server-side vulnerability classes.

Password Auditing

4 tools

Password Auditing

Hashcat

Advanced password recovery for authorized hash-auditing labs and defensive password-strength testing.

Password Auditing

John the Ripper

Offline password auditing tool used to test password policy and hash exposure in controlled environments.

Password Auditing

RainbowCrack

Rainbow-table hash recovery tool mainly useful for understanding legacy unsalted hash weaknesses.

Password Auditing

CrackStation

Online hash lookup resource for quick checks of common unsalted hashes in training contexts.

Network Discovery

2 tools

Network Discovery

Nmap

Network mapper for host discovery, service inventory, and security auditing on networks you are allowed to assess.

Network Discovery

Masscan

High-speed port scanner for large authorized address ranges before deeper service review.

Packet Analysis

2 tools

Packet Analysis

Wireshark

Network protocol analyzer for learning traffic patterns, troubleshooting, and packet-level investigation.

Packet Analysis

tcpdump

Command-line packet capture tool for collecting network evidence and troubleshooting traffic.

Web Security

7 tools

Web Security

OWASP ZAP

Free web application security testing proxy and scanner from the OWASP ecosystem.

Web Security

Burp Suite Community

Manual web testing proxy for learning request interception, replay, and application security workflows.

Web Security

sqlmap

Automated SQL injection testing tool for controlled labs and explicitly authorized assessments.

Web Security

Nikto

Web server scanner for finding common server issues, risky files, and configuration problems.

Web Security

WPScan

WordPress security scanner for checking versions, plugins, themes, users, and known issues.

Web Security

Commix

Command-injection testing tool for controlled web application labs and authorized assessments.

Web Security

BeEF

Browser security framework for studying client-side risk in intentionally vulnerable web labs.

Web Discovery

3 tools

Web Discovery

Gobuster

Fast discovery tool for directories, DNS names, virtual hosts, and related web assets.

Web Discovery

ffuf

Fast web fuzzer for content discovery, virtual-host checks, and parameter testing in labs.

Web Discovery

WFuzz

Flexible web fuzzer for experimenting with headers, cookies, forms, and request parameters.

Analysis

1 tools

Analysis

CyberChef

Browser-based workspace for decoding, encoding, hashing, compression, and data transformation exercises.

Lab Validation

2 tools

Lab Validation

Metasploit Framework

Security testing framework best used in legal labs to understand vulnerability validation and remediation.

Lab Validation

MSFvenom

Metasploit payload generation utility for controlled exploit-development and detection labs.

Reverse Engineering

8 tools

Reverse Engineering

Ghidra

Software reverse-engineering suite for binary analysis, disassembly, and decompilation learning.

Reverse Engineering

IDA Free

Free edition of the IDA reverse-engineering platform for studying binaries and disassembly basics.

Reverse Engineering

Radare2

Scriptable open source reverse-engineering framework for binary analysis and low-level inspection.

Reverse Engineering

Binary Ninja

Commercial reverse-engineering platform with a strong API and modern binary-analysis workflow.

Reverse Engineering

x64dbg

Open source Windows debugger for dynamic analysis of x86 and x64 programs.

Reverse Engineering

Cutter

Graphical reverse-engineering interface built around Radare2 and Rizin-style workflows.

Reverse Engineering

PE-bear

Portable executable viewer and editor for inspecting Windows binary structure.

Reverse Engineering

DIE

Detect-It-Easy identifies compilers, packers, and file characteristics in unknown binaries.

Forensics

7 tools

Forensics

Volatility

Memory forensics framework for analyzing RAM images during incident response and malware labs.

Forensics

Autopsy

Open source digital forensics platform for analyzing disk images, filesystems, and investigation artifacts.

Forensics

The Sleuth Kit

Command-line forensic tools and libraries for analyzing disk images and filesystems.

Forensics

Binwalk

Firmware analysis utility for finding embedded filesystems, compressed data, and known signatures.

Forensics

Foremost

File-carving tool for recovering known file types from raw images and damaged media.

Forensics

ExifTool

Metadata reader and writer for images, PDFs, documents, audio, and video files.

Forensics

FTK Imager

Forensic imaging utility for creating and verifying disk images during evidence collection practice.

Wireless Security

2 tools

Wireless Security

Aircrack-ng

Wireless security assessment suite for authorized Wi-Fi labs and defensive wireless auditing.

Wireless Security

Kismet

Wireless network detector and sniffer for passive Wi-Fi and radio environment observation.

Authentication Testing

2 tools

Authentication Testing

THC Hydra

Authentication testing tool for controlled labs and authorized checks of login hardening.

Authentication Testing

Medusa

Parallel login-auditing tool for controlled checks against authorized lab services.

Network Utilities

2 tools

Network Utilities

Netcat

Small networking utility for opening TCP/UDP connections, banner checks, and lab troubleshooting.

Network Utilities

Ncat

Modern Netcat-style utility from the Nmap project with SSL, proxy, and connection brokering support.

Network Security

2 tools

Network Security

Bettercap

Network security framework for studying traffic interception and local-network attack paths in labs.

Network Security

Scapy

Python library for crafting, sending, receiving, and analyzing packets in custom network experiments.

Active Directory

3 tools

Active Directory

Responder

Windows network lab tool for demonstrating name-resolution poisoning and credential exposure risk.

Active Directory

Impacket

Python network protocol toolkit widely used for Windows and Active Directory security labs.

Active Directory

Kerbrute

Kerberos account-enumeration and authentication-testing tool for controlled AD lab environments.

Vulnerability Scanning

1 tools

Vulnerability Scanning

Nuclei

Template-based scanner for quickly checking known exposures and misconfigurations in authorized scopes.

Practice Labs

3 tools

Practice Labs

DVWA

Intentionally vulnerable PHP/MySQL web app for practicing common web vulnerabilities locally.

Practice Labs

WebGoat

OWASP intentionally vulnerable web application with lessons for common web security flaws.

Practice Labs

Metasploitable

Intentionally vulnerable Linux VM commonly used for safe Metasploit and network-security practice.

Exploit Development

3 tools

Exploit Development

pwntools

Python library that simplifies CTF exploit scripts, process interaction, and binary challenge automation.

Exploit Development

ROPgadget

Binary analysis helper for finding return-oriented programming gadgets in exploit-development labs.

Exploit Development

GDB with GEF/pwndbg

GNU Debugger plus security-focused plugins for inspecting crashes, memory, registers, and heap state.

Research

1 tools

Research

Exploit DB

Public exploit and proof-of-concept archive useful for vulnerability research and lab reproduction.

Wordlists

1 tools

Wordlists

SecLists

Large collection of security testing wordlists for passwords, discovery, DNS, and fuzzing labs.

OSINT

8 tools

OSINT

Maltego

Graph-based OSINT platform for mapping relationships between infrastructure, identities, and public data.

OSINT

theHarvester

Reconnaissance tool for collecting public emails, names, domains, hosts, and related metadata.

OSINT

Shodan

Search engine for internet-connected services, devices, banners, and exposed infrastructure.

OSINT

Censys

Internet search platform focused on exposed services, certificates, and infrastructure discovery.

OSINT

Recon-ng

Modular web reconnaissance framework for organizing repeatable OSINT collection workflows.

OSINT

SpiderFoot

Automated OSINT platform for collecting public information about domains, IPs, emails, and entities.

OSINT

OSINT Framework

Browser-based directory of OSINT resources organized by investigation category.

Malware Analysis

8 tools

Malware Analysis

ANY.RUN

Interactive online malware sandbox for observing process, file, registry, and network behavior.

Malware Analysis

Cuckoo Sandbox

Self-hosted automated malware analysis sandbox for controlled behavioral reports.

Malware Analysis

Hybrid Analysis

Online malware-analysis service for automated behavioral reports and indicator extraction.

Malware Analysis

VirusTotal

Multi-engine file, URL, domain, and hash triage platform for suspicious artifacts.

Malware Analysis

YARA

Pattern-matching language for writing detection rules based on strings and binary features.

Malware Analysis

PEStudio

Static Windows executable triage tool for imports, strings, indicators, entropy, and PE metadata.

Malware Analysis

PE-sieve

Process scanner for finding injected, replaced, or suspicious executable code in memory.

Malware Analysis

FLOSS

Mandiant string-extraction tool for recovering obfuscated strings from malware samples.

Cloud Security

6 tools

Cloud Security

Pacu

AWS security testing framework for controlled cloud labs and authorized assessment workflows.

Cloud Security

ScoutSuite

Multi-cloud security posture review tool that reports risky configuration and permission patterns.

Cloud Security

Prowler

Cloud security and compliance assessment tool for common benchmark and best-practice checks.

Cloud Security

CloudMapper

AWS environment mapping tool for visualizing accounts, networks, and public exposure.

Cloud Security

CloudFox

Cloud enumeration tool that helps identify potentially risky paths across AWS environments.

Cloud Security

S3Scanner

S3 bucket review tool for checking cloud storage exposure in authorized scopes.

Container Security

2 tools

Container Security

Trivy

Scanner for container images, filesystems, IaC, dependencies, secrets, and SBOMs.

Container Security

Kube-hunter

Kubernetes security tool for finding common cluster weaknesses in authorized environments.

Practice Platforms

7 tools

Practice Platforms

TryHackMe

Guided cybersecurity learning platform with browser labs and structured beginner-to-intermediate paths.

Practice Platforms

Hack The Box

Hands-on security lab platform with vulnerable machines, challenges, and structured academy content.

Practice Platforms

picoCTF

Student-friendly CTF platform with a large archive of beginner and intermediate challenges.

Practice Platforms

OverTheWire

SSH-based wargames for learning Linux, shell usage, permissions, and security basics.

Practice Platforms

pwn.college

Systems security education platform focused on binary exploitation and low-level security.

Practice Platforms

VulnHub

Archive of intentionally vulnerable virtual machines for offline local lab practice.

Practice Platforms

Root-Me

Challenge platform covering web, network, forensics, cryptography, reverse engineering, and more.

Workflow Essentials

7 tools

Workflow Essentials

Git + GitHub

Version-control workflow for storing scripts, notes, reports, and a public learning portfolio.

Workflow Essentials

Docker

Container platform for running tools, vulnerable apps, databases, and repeatable lab environments.

Workflow Essentials

tmux

Terminal multiplexer for persistent sessions, panes, and organized command-line workflows.

Workflow Essentials

VS Code

Extensible code editor useful for security scripts, notes, remote editing, and lab automation.

Workflow Essentials

Obsidian

Local markdown note-taking app for linked cybersecurity notes, CTF writeups, and study maps.

Workflow Essentials

Flameshot

Screenshot and annotation tool useful for clean lab notes, reports, and CTF documentation.

Workflow Essentials

KeePassXC

Offline password manager for lab credentials, API keys, SSH passphrases, and account hygiene.

Cryptography

1 tools

Cryptography

OpenSSL

Command-line toolkit for TLS, certificates, keys, hashes, and cryptographic troubleshooting.

API Security

1 tools

API Security

Swagger UI

Interactive OpenAPI documentation interface for understanding and testing API behavior.

AI Security

10 tools

AI Security

OWASP Top 10 for LLM Applications

Community risk framework for understanding common security failures in LLM-powered applications.

AI Security

garak

Open source LLM vulnerability scanner for probing model and chatbot failure modes.

AI Security

PyRIT

Microsoft's Python Risk Identification Tool for structured generative-AI red-team automation.

AI Security

Promptfoo

LLM testing and security platform for prompt evaluation, regression tests, and adversarial checks.

AI Security

Giskard

AI agent evaluation and red-teaming platform for finding security, hallucination, and business-failure risks.

AI Security

NeMo Guardrails

NVIDIA open source Python toolkit for adding programmable guardrails to LLM applications.

AI Security

ModelScan

ML model security scanner focused on detecting risky model serialization artifacts.

AI Security

Llama Guard

Meta safety model family and recipes for classifying human-AI conversation safety risks.

AI Security

MITRE ATLAS

Knowledge base of adversary tactics and techniques against AI-enabled systems.