Packages that are used to protect a user from malware & attacks from other users.


Tool count: 45

BlackArch defensive
Name Version Description Homepage
arpon 2.7 A portable handler daemon that make ARP protocol secure in order to avoid the Man In The Middle (MITM) attack through ARP Spoofing, ARP Cache Poisoning or ARP Poison Routing (APR) attacks.
arpstraw 27.ab40e13 Arp spoof detection tool.
artillery 357.805a5d8 A combination of a honeypot, file-system monitoring, system hardening, and overall health of a server to create a comprehensive way to secure a system.
artlas 154.e5fdd8d Apache Real Time Logs Analyzer System.
chainsaw v2.7.3.r6.g5d908fd A powerful ‘first-response’ capability to quickly identify threats within Windows event logs.
chkrootkit 0.58b Checks for rootkits on a system.
detect-sniffer 159.a359262 Tool that detects sniffers in the network.
fastnetmon v1.1.4.r62.g780aff3 High performance DoS/DDoS load analyzer built on top of multiple packet capture engines.
fssb 73.51d2ac2 A low-level filesystem sandbox for Linux using syscall intercepts.
honeycreds 26.eaeb401 Network credential injection to detect responder and other network poisoners.
ifchk 1.1.2 A network interface promiscuous mode detection tool.
inetsim 1.3.2 A software suite for simulating common internet services in a lab environment, e.g. for analyzing the network behaviour of unknown malware samples.
jeopardize 5.34f1d07 A low(zero) cost threat intelligence & response tool against phishing domains.
jhead 3.08 EXIF JPEG info parser and thumbnail remover
lorg 98.aa4f1a3 Apache Logfile Security Analyzer.
malice 0.3.28 VirusTotal Wanna Be - Now with 100% more Hipster.
malmon 0.3 Hosting exploit/backdoor detection daemon.
maltrail 111554.1be5e1af3b Malicious traffic detection system.
mat 0.6.1 Metadata Anonymisation Toolkit composed of a GUI application, a CLI application and a library.
mat2 0.13.4 Metadata removal tool, supporting a wide range of commonly used file formats
munin-hashchecker 239.95b046d Online hash checker for Virustotal and other services
nipe 302.9e628df A script to make Tor Network your default gateway.
onionshare 2.6.2 Share a file over Tor Hidden Services anonymously and securely
orjail 200.ae38ba2 A more secure way to force programs to exclusively use tor network.
osfooler-ng 2.c0b20d6 Prevents remote active/passive OS fingerprinting by tools like nmap or p0f.
persistencesniper v1.16.1.r1.gac4751a Hunt persistences implanted in Windows machines.
portspoof 149.c3f3c34 This program's primary goal is to enhance OS security through a set of new techniques.
prowler 4150.4badcca4f Tool for AWS security assessment, auditing and hardening.
quicksand-lite 33.c3edf92 Command line tool for scanning streams within office documents plus xor db attack.
sentrypeer v3.0.0.r14.g02173c8 Protect SIP Servers from bad actors.
sigma 0.20 Generic Signature Format for SIEM Systems
sniffjoke 772.434bfb1 Injects packets in the transmission flow that are able to seriously disturb passive analysis like sniffing, interception and low level information theft.
snort 2.9.20 A lightweight network intrusion detection system.
sooty 333.6cb15e6 The SOC Analysts all-in-one CLI tool to automate and speed up workflow.
suricata 6.0.20 An Open Source Next Generation Intrusion Detection and Prevention Engine.
tabi 13.068a406 BGP Hijack Detection.
tfsec v0.63.1.r399.g4476b18b3 Security scanner for your Terraform code.
threatspec 0.5.0 Project to integrate threat modelling into development process.
tor-autocircuit 0.2 Tor Autocircuit was developed to give users a finer control over Tor circuit creation. The tool exposes the functionality of TorCtl library which allows its users to control circuit length, speed, geolocation, and other parameters.
tor-browser 13.5.4 Tor Browser Bundle: anonymous browsing using Firefox and Tor.
tor-router 22.5b79c1c A tool that allow you to make TOR your default gateway and send all internet connections under TOR (as transparent proxy) for increase privacy/anonymity without extra unnecessary code.
tyton 80.56494f3 Kernel-Mode Rootkit Hunter.
usb-canary 31.bb23552 A Linux or OSX tool that uses psutil to monitor devices while your computer is locked. In the case it detects someone plugging in or unplugging devices it can be configured to send you an SMS or alert you via Slack or Pushover.
yeti 3342.a389eee7 A platform meant to organize observables, indicators of compromise, TTPs, and knowledge on threats in a single, unified repository.
zeus 111.97db152 AWS Auditing & Hardening Tool.