Security
Tip
For detailed guides, see the main ArchWiki page, Security.
Network security
See also Wikipedia:Comparison of packet analyzers.
airgeddon — Multi-use bash script to audit wireless networks
https://github.com/v1s1t0r1sh3r3/airgeddon || airgeddon-gitAUR
Arpwatch — Tool that monitors ethernet activity and keeps a database of Ethernet/IP address pairings.
https://ee.lbl.gov/ || arpwatch
bettercap — Swiss army knife for network attacks and monitoring.
https://www.bettercap.org/ || bettercap
darkstat — Captures network traffic, calculates statistics about usage, and serves reports over HTTP.
https://unix4lyfe.org/darkstat/ || darkstat
dsniff — Collection of tools for network auditing and penetration testing.
https://www.monkey.org/~dugsong/dsniff/ || dsniff
EtherApe — Graphical network monitor for Unix modeled after etherman. Featuring link layer, IP and TCP modes, it displays network activity graphically. Hosts and links change in size with traffic. Color coded protocols display.
https://etherape.sourceforge.io/ || etherape
Ettercap — Multipurpose Network sniffer/analyser/interceptor/logger.
https://ettercap.github.io/ettercap/ || CLI: ettercap, GUI: ettercap-gtk
GNOME Network Tools — GNOME interface for various networking tools.
https://gitlab.gnome.org/GNOME/gnome-nettool || gnome-nettool
Honeyd — Tool that allows the user to set up and run multiple virtual hosts on a computer network.
http://www.honeyd.org/ || honeydAUR
hping — Command-line oriented TCP/IP packet assembler/analyzer.
IPTraf — Console-based network monitoring utility.
https://sourceforge.net/projects/iptraf-ng/ || iptraf-ng
jnettop — top-like console network traffic visualizer.
https://sourceforge.net/projects/jnettop/ || jnettop
justniffer — Network protocol analyzer that captures network traffic and produces logs in a customized way, can emulate Apache web server log files, track response times and extract all "intercepted" files from the HTTP traffic.
http://justniffer.sourceforge.net/ || justnifferAUR
Kismet — 802.11 layer2 wireless network detector, sniffer, and intrusion detection system.
https://www.kismetwireless.net/ || kismet
LinSSID — Graphical wireless scanner.
https://sourceforge.net/projects/linssid/ || linssid
Nemesis — Command-line network packet crafting and injection utility.
http://nemesis.sourceforge.net/ || nemesisAUR
Net Activity Viewer — Graphical network connections viewer, similar in functionality with Netstat.
http://netactview.sourceforge.net/ || netactviewAUR
netsniff-ng — High performance Linux network sniffer for packet inspection.
http://netsniff-ng.org/ || netsniff-ng
ngrep — grep-like utility that allows you to search for network packets on an interface.
https://github.com/jpr5/ngrep || ngrep
Nmap — Security scanner used to discover hosts and services on a computer network, thus creating a "map" of the network.
https://nmap.org/ || CLI: nmap, GUI: zenmapAUR
Ntop — Network probe that shows network usage in a way similar to what top does for processes.
https://www.ntop.org/ || ntopAUR
pyNeighborhood — GTK-based SMB/CIFS browsing utility.
https://launchpad.net/pyneighborhood || pyneighborhoodAUR
Smb4K — Advanced network neighborhood browser and Samba share mounting utility for KDE.
https://smb4k.sourceforge.io/ || smb4k
Snort — Network intrusion prevention and detection system.
https://www.snort.org/ || snortAUR
Spectools — A set of utilities for spectrum analyzer hardware including Wi-Spy devices.
https://www.kismetwireless.net/static/spectools/ || spectoolsAUR
Sshguard — Daemon that protects SSH and other services against brute-force attacks, similar to Fail2ban.
https://www.sshguard.net/ || sshguard
Suricata — High performance Network IDS, IPS and Network Security Monitoring engine.
https://suricata-ids.org/[dead link 2022-09-20 ⓘ] || suricataAUR
Tcpdump — Common console-based packet analyzer that allows the user to intercept and display TCP/IP and other packets being transmitted or received over a network.
https://www.tcpdump.org/ || tcpdump
vnStat — Console-based network traffic monitor that keeps a log of network traffic for the selected interfaces.
https://humdi.net/vnstat/ || vnstat
What IP — Small GTK application to get info on your IP.
https://gabmus.gitlab.io/whatip/ || whatipAUR
Wireshark — Network protocol analyzer that lets you capture and interactively browse the traffic running on a computer network.
https://www.wireshark.org/ || CLI: wireshark-cli, GUI: wireshark-qt
Xplico — Network forensics analysis tool (NFAT), which is a software that reconstructs the contents of acquisitions performed with a packet sniffer.
https://www.xplico.org/ || xplicoAUR
Zeek — Powerful network analysis framework that is much different from the typical IDS you may know.
https://zeek.org/ || zeekAUR
Firewall management
See iptables#Front-ends.
Threat and vulnerability detection
AFICK — Security tool that allows to monitor the changes on your file systems, and so can detect intrusions.
http://afick.sourceforge.net/ || afickAUR
Lynis — Security and system auditing tool to harden Unix/Linux systems.
https://cisofy.com/lynis/ || lynis
Metasploit Framework — An advanced open-source platform for developing, testing, and using exploit code.
https://www.metasploit.com/ || metasploit
Nessus — Comprehensive vulnerability scanning program.
https://www.tenable.com/products/nessus || nessusAUR
OpenVAS — Framework of several services and tools offering a comprehensive and powerful vulnerability scanning and vulnerability management solution. FOSS Nessus fork.
https://www.openvas.org/ || openvas-scannerAUR
OSSEC — Open Source Host-based Intrusion Detection System that performs log analysis, file integrity checking, policy monitoring, rootkit detection, real-time alerting and active response.
https://ossec.github.io/ || ossec-localAUR, ossec-serverAUR
Samhain — Host-based intrusion detection system (HIDS) provides file integrity checking and log file monitoring/analysis, as well as rootkit detection, port monitoring, detection of rogue SUID executables, and hidden processes.
https://www.la-samhna.de/samhain/index.html || samhain-clientAUR, samhain-serverAUR, samhain-standaloneAUR
Tiger — Security tool that can be used both as a security audit and intrusion detection system.
https://www.nongnu.org/tiger/ || tigerAUR
Tripwire — Intrusion detection system.
https://github.com/Tripwire/tripwire-open-source || tripwire-gitAUR
File security
AIDE — File and directory integrity checker.
https://aide.github.io || aideAUR
Logwatch — Customizable log analysis system.
https://sourceforge.net/projects/logwatch/ || logwatch
Anti malware
ClamAV — Open source antivirus engine for detecting trojans, viruses, malware & other malicious threats.
https://www.clamav.net/ || clamav
ClamTk — Graphical front-end for ClamAV using Perl and Gtk libraries. It is designed to be an easy-to-use, lightweight, on-demand antivirus scanner for Linux systems.
https://gitlab.com/dave_m/clamtk/ || clamtk, Nautilus plugin: clamtk-gnomeAUR, Thunar plugin: thunar-sendto-clamtkAUR
Linux Malware Detect — Malware scanner designed around the threats faced in shared hosted environments.
https://www.rfxn.com/projects/linux-malware-detect/ || maldetAUR
Rootkit Hunter — Checks machines for the presence of rootkits and other unwanted tools.
https://rkhunter.sourceforge.net/ || rkhunter
Hostsblock — A script that downloads, sorts, and compiles multiple ad- and malware-blocking
hostsfiles.
https://gaenserich.github.io/hostsblock/ || hostsblockAUR
Screen lockers
See also Session lock.
Warning: Only sflock, physlock, Cinnamon Screensaver, MATE Screensaver and GNOME Screensaver are able to block tty access. See Xorg#Block TTY access on how to manually block tty access.
betterlockscreen — i3lock-color wrapper. Betterlockscreen allows you to cache images with different filters and lockscreen with blazing speed.
https://github.com/pavanjadhaw/betterlockscreen || betterlockscreenAUR
Cinnamon Screensaver — Screen locker for the Cinnamon desktop.
https://github.com/linuxmint/cinnamon-screensaver || cinnamon-screensaver
Deepin Screensaver — A lightweight Qt5 based screensaver.
https://github.com/linuxdeepin/deepin-screensaver || deepin-screensaver
GNOME Screensaver — Legacy screen locker for the GNOME desktop. Unmaintained since 2012.
https://wiki.gnome.org/Attic/GnomeScreensaver || gnome-screensaverAUR
i3lock — A simple screen locker. Provides user feedback and uses PAM authentication. The background can be set to an image or solid color.
https://i3wm.org/i3lock/ || i3lock
i3lock-blur — Fork of i3lock which can use your desktop with the blur effect applied as a background.
https://github.com/karulont/i3lock-blur || i3lock-blurAUR
i3lock-color — Fork of i3lock with color and positioning configuration support and can use your desktop with the blur effect applied as a background.
https://github.com/Raymo111/i3lock-color || i3lock-colorAUR
Light-locker — A simple locker (forked from gnome-screensaver) that aims to have simple, sane, secure defaults and be well integrated with the desktop while not carrying any desktop-specific dependencies. It relies on LightDM for locking and unlocking your session via ConsoleKit/UPower or logind/systemd.
https://github.com/the-cavalry/light-locker || light-locker
MATE Screensaver — Screensaver and locker for MATE Desktop Environment.
https://github.com/mate-desktop/mate-screensaver || mate-screensaver
physlock — Screen and console locker.
https://github.com/muennich/physlock || physlock
sflock — Simple screen locker utility for X, based on slock. Provides a very basic user feedback.
https://github.com/benruijl/sflock || sflock-gitAUR
slock — Very simple and lightweight X screen locker. Offers only a black background when locked, there are no animations or text fields.
https://tools.suckless.org/slock/ || slock
sxlock — Fork of sflock with a few enhancements. Provides basic user feedback, uses PAM authentication, supports DPMS and RandR. Supports
sxlock.serviceto lock the screen on suspend/hibernation. See the README for more information.
https://github.com/lahwaacz/sxlock || sxlock-gitAUR
tsscreenlock — Screen locker used in theShell. Shows music controls, and if used with theShell, also shows desktop notifications.
https://github.com/vicr123/tsscreenlock || tsscreenlockAUR
vlock — TTY locker. A mirror of the original vlock is available at github.
https://kbd-project.org/ || kbd
xfce4-screensaver — A screen saver and locker that aims to have simple, sane, secure defaults and be well integrated with the xfce desktop.
https://git.xfce.org/apps/xfce4-screensaver/about/ || xfce4-screensaver
xlockmore — Simple X11 screen lock with PAM support.
https://sillycycle.com/xlockmore.html || xlockmore
XScreenSaver — Screen saver and locker for the X Window System.
https://www.jwz.org/xscreensaver/ || xscreensaver
XSecureLock — X11 screen lock utility designed with the primary goal of security.
https://github.com/google/xsecurelock || xsecurelock
xtrlock — Very lightweight X display locker. Keeps windows visible and displays lock icon instead of mouse cursor. Typing password followed by enter unlocks the screen.
https://packages.debian.org/sid/xtrlock || xtrlock
Password auditing
John the Ripper — Password cracker.
https://www.openwall.com/john || john
Hashcat — Multithreaded advanced password recovery utility.
https://hashcat.net/hashcat || hashcat
Password managers
Console
1password CLI — Proprietary command line tool for 1Password password manager.
https://1password.com/downloads/command-line/ || 1password-cliAUR
Bitwarden — Open source password manager with desktop, mobile, browser, and CLI versions. Cloud or self-hosted.
https://bitwarden.com/ || bitwarden-cli
gopass — Advanced console based password manager, supporting GnuPG and other backends.
https://github.com/justwatchcom/gopass || gopass
Himitsu — Secret storage manager.
https://himitsustore.org/ || himitsuAUR
KeePassC — Curses-based password manager compatible to KeePass v.1.x.
https://outerhaven.de/keepassc/ || keepasscAUR
LastPass — Hosted password manager.
https://www.lastpass.com/ || lastpass-cli
pass — Simple console-based password manager featuring flat text file organization and GnuPG encryption.
https://www.passwordstore.org/ || pass
pwsafe — Unix command-line program that manages encrypted password databases.
http://nsd.dyndns.org/pwsafe/ || pwsafeAUR
spm — Simple Password Manager written entirely in POSIX shell using PGP. Fast, lightweight and easily scriptable.
https://notabug.org/kl3/spm/ || spmAUR
tpm — Tiny password manager, inspired by pass, written entirely in POSIX shell.
https://github.com/nmeum/tpm || tpmAUR
Vault — A tool for managing secrets.
https://vaultproject.io/ || vault
Ylva — Command-line password manager, written in C, uses OpenSSL.
https://www.ylvapasswordmanager.com/[dead link 2022-09-20 ⓘ] || ylvaAUR
Graphical
Authenticator — Open source, two-factor authentication application built for GNOME.
https://gitlab.gnome.org/World/Authenticator || authenticatorAUR
Bitwarden — Open source password manager with desktop, mobile, browser, and CLI versions. Cloud or self-hosted.
https://bitwarden.com/ || bitwarden
Figaro's Password Manager 2 — GTK2 port of Figaro's Password Manager with some new enhancements.
https://als.regnet.cz/fpm2/ || fpm2AUR
GNOME Password Safe — Password manager for GNOME which makes use of the KeePass v.4 format.
https://gitlab.gnome.org/World/PasswordSafe || gnome-passwordsafe
Ked Password Manager — A password manager that helps to manage large numbers of passwords.
http://kedpm.sourceforge.net || kedpmAUR
KeePass Password Safe — Mono-based password manager, which helps you to manage your passwords in a secure way.
https://keepass.info/ || keepass
KeePassX — Qt-based password manager. Compatible with KeePass v.1.x and KeePass v.2.x.
https://www.keepassx.org/ || version 1: keepassxAUR, version 2: keepassx2AUR
KeePassXC — Community fork of KeePassX with more active development. Compatible with KeePass v.1.x (import only) and KeePass v.2.x.
https://keepassxc.org/ || keepassxc
Keysmith — OTP generation software by KDE.
https://apps.kde.org/keysmith/ || keysmith
KDE Wallet Manager — Tool to manage the passwords on your system. By using the KDE wallet subsystem, it not only allows you to keep your own secrets but also to access and manage the passwords of every application that integrates with the wallet.
https://apps.kde.org/kwalletmanager5/ || kwalletmanager
OTPClient — Highly secure and easy to use GTK software for two-factor authentication that supports both Time-based One-time Passwords (TOTP) and HMAC-Based One-Time Passwords (HOTP).
https://github.com/paolostivanin/OTPClient || otpclientAUR
Passbook — Modern password manager for GNOME.
https://wiki.gnome.org/Apps/Passbook || passbookAUR
Password Gorilla — A cross-platform password manager.
https://github.com/zdia/gorilla/wiki || password-gorillaAUR
Password Safe — Simple and secure password manager.
https://pwsafe.org/ || passwordsafeAUR
QPass — Easy to use password manager with built-in password generator.
http://qpass.sourceforge.net/ || qpassAUR
QtPass — GUI for pass, the standard unix password manager.
Revelation — Password manager for the GNOME desktop.
https://revelation.olasagasti.info/ || revelationAUR
Seahorse — GNOME application for managing encryption keys and passwords in the GNOME Keyring.
https://wiki.gnome.org/Apps/Seahorse || seahorse
Universal Password Manager — Allows you to store usernames, passwords, URLs and generic notes in an encrypted database protected by one master password.
https://upm.sourceforge.net/ || universal-password-managerAUR
Cryptography
Hash checkers
cfv — Tiny utility to both test and create checksum files, support .sfv, .csv, .crc, .md5, md5sum, sha1sum, .torrent, par, and .par2 files.
http://cfv.sourceforge.net/ || cfvAUR
GtkHash — A GTK utility for computing message digests or checksums
https://github.com/tristanheaven/gtkhash || gtkhashAUR
hashdeep — A cross-platform tools to compute hashes, or message digests, for any number of files
https://md5deep.sourceforge.net/ || hashdeep
Quick Hash GUI — A GUI to enable the rapid selection and subsequent hashing of files (individually or recursively throughout a folder structure) text and (on Linux) disks.
https://www.quickhash-gui.org/ || quickhash-gui-binAUR
RHash — Utility for verifying hash sums (SFV, CRC, etc). Supports lots of algorithms.
https://github.com/rhash/RHash/ || rhash
MassHash — A set of file hashing tools (both CLI and GTK GUI) written in Python. Supported algorithms include MD5, SHA-1, SHA-224, SHA-256, SHA-384, SHA-512.
https://jdleicher.github.io/MassHash/ || masshashAUR
Parchive — Utility which creates and uses PAR2 files to detect damage in data files and repair them if necessary.
https://github.com/Parchive/par2cmdline || par2cmdline
Encryption, signing, steganography
age — A simple, modern and secure encryption tool (and library) with small explicit keys, no config options, and UNIX-style composability.
https://age-encryption.org/v1 || Go: age Rust: rust-rage
ccrypt — A command-line utility for encrypting and decrypting files and streams based on Rijndael.
https://ccrypt.sourceforge.net/ || ccryptAUR
Enigmail — A security extension to Mozilla Thunderbird and Seamonkey. It enables you to write and receive email messages signed and/or encrypted with the OpenPGP standard.
https://enigmail.net || thunderbird-extension-enigmail-gitAUR
GNOME Keysign — GTK/GNOME application to use GnuPG for signing other people's keys. Quickly, easily, and securely.
https://wiki.gnome.org/Apps/Keysign || gnome-keysignAUR
GnuPG — The GNU project's complete and free implementation of the OpenPGP standard as defined by RFC4880. Free and Open Source replacement of PGP, mostly used for digital signing of packages.
GPG-Crypter — Graphical front-end to GnuPG(GPG) using the GTK3 toolkit and GPGME library.
https://sourceforge.net/projects/gpg-crypter/ || gpg-crypter
KeePassXC — Mainly used for password management and generation, but also supports attaching arbitrary files to entries in an encrypted database.
https://keepassxc.org || keepassxc
Keybase — Key directory mapping social media identities, with cross platform encrypted chat, cloud storage, and git repositories.
https://keybase.io/ || keybase
KGpg — Simple interface for GnuPG, for KDE.
https://apps.kde.org/kgpg/ || kgpg
Kleopatra — Certificate Manager and Unified Crypto GUI for KDE. It supports managing X.509 and OpenPGP certificates in the GpgSM keybox and retrieving certificates from LDAP servers.
https://apps.kde.org/kleopatra/ || kleopatra
minisign — Simple program that only implements key signing
https://github.com/jedisct1/minisign || minisign
OpenSSH — De facto SSH implementation that supports message signing
https://github.com/openssh/openssh-portable/blob/master/PROTOCOL.sshsig || openssh
passphrase2pgp — Reproducibly generate private key in OpenPGP/OpenSSH formats accroding to user input passphrase and optionally sign message in one go
https://github.com/skeeto/passphrase2pgp || passphrase2pgpAUR
Seahorse — GNOME application for managing encryption keys and passwords in the GNOME Keyring.
https://wiki.gnome.org/Apps/Seahorse || seahorse
scrypt — Command-line encryption utility featuring the memory-hardened
scryptkey derivation function.
https://www.tarsnap.com/scrypt.html || scrypt
steghide — A steganography utility that is able to hide data in various kinds of image and audio files.
https://steghide.sourceforge.net || steghideAUR
Data-at-rest encryption
See Data-at-rest encryption.
Privilege elevation
doas — A portable version of OpenBSD's doas command, known for being substantially smaller in size compared to sudo.
https://github.com/Duncaen/OpenDoas || opendoas
pkexec(1) — A Polkit application that allows an authorized user to run commands or an interactive shell as another user. Configured using Polkit rules.
https://gitlab.freedesktop.org/polkit/polkit/ || polkit
su — Command used to assume the identity of another user on the system.
https://git.kernel.org/pub/scm/utils/util-linux/util-linux.git/about/ || util-linux
sudo — Command to delegate the ability to run commands as root or another user while providing an audit trail.
Last updated