sectool – Security Audit Tool & IDS


sectool is a security tool that can be used both as a security audit as well as a part of an intrusion detection system. It consists of set of tests, library and textual/graphical frontend. Tests are sorted into groups and security levels. Administrators can run selected tests, groups or whole security levels.

Security Levels

  1. Naive – pretty basic and short set of tests
  2. Desktop – set of tests prepared to run on box not connected to internet
  3. Network – standard client machine connected to internet
  4. Server – network server
  5. Paranoid – bunch of tests for paranoid admins

The tests print several type of messages during their execution. “Warning” and “Error” messages are used to inform about discovered security risks.

  • warning – something that admin should know about
  • error – issues that should be fixed

Then there are another two messages: “Hint” and “Info”. These two are not print by default, so they need to be turned on.

  • hint – helps to find a way how to resolve discovered issue
  • info – provides information what does the test do at the moment

Test Results

Every test run is finished with one of these results:

  • PASS – Everything went OK, no security risks were discovered
  • WARNING – only warning messages were print
  • ERROR – at least one security issue was discovered
  • FAIL – internal test problem appears, test can’t be run

You can download sectool here:

sectool-0.9.4.tar.bz2

Or read more here.

Posted in: Countermeasures, Security Software

, , , ,


Latest Posts:


dSploit APK Download - Hacking & Security Toolkit For Android dSploit APK Download – Hacking & Security Toolkit For Android
dSploit APK Download is a Hacking & Security Toolkit For Android which can conduct network analysis and penetration testing activities.
Scallion - GPU Based Onion Hash Generator Scallion – GPU Based Onion Hash Generator
Scallion is a GPU-driven Onion Hash Generator written in C#, it lets you create vanity GPG keys and .onion addresses (for Tor's hidden services).
WiFi-Dumper - Dump WiFi Profiles and Cleartext Passwords WiFi-Dumper – Dump WiFi Profiles and Cleartext Passwords
WiFi-Dumper is an open-source Python-based tool to dump WiFi profiles and cleartext passwords of the connected access points on a Windows machine.
truffleHog - Search Git for High Entropy Strings with Commit History truffleHog – Search Git for High Entropy Strings with Commit History
truffleHog is a Python-based tool to search Git for high entropy strings, digging deep into commit history and branches. This is effective at finding secrets accidentally committed.
AIEngine - AI-driven Network Intrusion Detection System AIEngine – AI-driven Network Intrusion Detection System
AIEngine is a next-generation interactive/programmable Python/Ruby/Java/Lua and Go AI-driven Network Intrusion Detection System engine with many capabilities.
Sooty - SOC Analyst All-In-One CLI Tool Sooty – SOC Analyst All-In-One CLI Tool
Sooty is a tool developed with the task of aiding a SOC analyst to automate parts of their workflow and speed up their process.


Comments are closed.