< List of applications

List of applications/Security


For detailed guides, see the main ArchWiki page, Security.

Network security

See also Wikipedia:Comparison of packet analyzers.

  • airgeddon Multi-use bash script to audit wireless networks
https://github.com/v1s1t0r1sh3r3/airgeddon || airgeddon-gitAUR
  • Arpwatch Tool that monitors ethernet activity and keeps a database of Ethernet/IP address pairings.
https://ee.lbl.gov/ || arpwatch
  • bettercap Swiss army knife for network attacks and monitoring.
https://www.bettercap.org/ || bettercap
  • darkstat Captures network traffic, calculates statistics about usage, and serves reports over HTTP.
https://unix4lyfe.org/darkstat/ || darkstat
  • dsniff Collection of tools for network auditing and penetration testing.
https://www.monkey.org/~dugsong/dsniff/ || dsniff
  • EtherApe Graphical network monitor for Unix modeled after etherman. Featuring link layer, IP and TCP modes, it displays network activity graphically. Hosts and links change in size with traffic. Color coded protocols display.
https://etherape.sourceforge.io/ || etherape
  • Ettercap Multipurpose Network sniffer/analyser/interceptor/logger.
https://ettercap.github.io/ettercap/ || CLI: ettercap, GUI: ettercap-gtk
  • GNOME Network Tools GNOME interface for various networking tools.
https://gitlab.gnome.org/GNOME/gnome-nettool || gnome-nettool
  • Honeyd Tool that allows the user to set up and run multiple virtual hosts on a computer network.
http://www.honeyd.org/ || honeydAUR
  • hping Command-line oriented TCP/IP packet assembler/analyzer.
http://hping.org/ || hping
  • LinSSID Graphical wireless scanner.
https://sourceforge.net/projects/linssid/ || linssid
  • Nemesis Command-line network packet crafting and injection utility.
http://nemesis.sourceforge.net/ || nemesisAUR
  • Sshguard Daemon that protects SSH and other services against brute-force attacks, similar to Fail2ban.
https://www.sshguard.net/ || sshguard
  • Suricata High performance Network IDS, IPS and Network Security Monitoring engine.
https://suricata-ids.org/[dead link 2022-09-20 ] || suricataAUR

Firewall management

See iptables#Front-ends.

Threat and vulnerability detection

  • Metasploit Framework An advanced open-source platform for developing, testing, and using exploit code.
https://www.metasploit.com/ || metasploit
  • OSSEC Open Source Host-based Intrusion Detection System that performs log analysis, file integrity checking, policy monitoring, rootkit detection, real-time alerting and active response.
https://ossec.github.io/ || ossec-localAUR, ossec-serverAUR

File security

Anti malware

  • ClamTk Graphical front-end for ClamAV using Perl and Gtk libraries. It is designed to be an easy-to-use, lightweight, on-demand antivirus scanner for Linux systems.
https://gitlab.com/dave_m/clamtk/ || clamtk, Nautilus plugin: clamtk-gnomeAUR, Thunar plugin: thunar-sendto-clamtkAUR

Screen lockers

See also Session lock.

Warning: Only sflock, physlock, Cinnamon Screensaver, MATE Screensaver and GNOME Screensaver are able to block tty access. See Xorg#Block TTY access on how to manually block tty access.
  • i3lock-blur Fork of i3lock which can use your desktop with the blur effect applied as a background.
https://github.com/karulont/i3lock-blur || i3lock-blurAUR
  • sxlock Fork of sflock with a few enhancements. Provides basic user feedback, uses PAM authentication, supports DPMS and RandR. Supports sxlock.service to lock the screen on suspend/hibernation. See the README for more information.
https://github.com/lahwaacz/sxlock || sxlock-gitAUR
  • xfce4-screensaver A screen saver and locker that aims to have simple, sane, secure defaults and be well integrated with the xfce desktop.
https://git.xfce.org/apps/xfce4-screensaver/about/ || xfce4-screensaver

Password auditing


  • Bitwarden Open source password manager with desktop, mobile, browser, and CLI versions. Cloud or self-hosted.
https://bitwarden.com/ || bitwarden-cli
  • KeePassC Curses-based password manager compatible to KeePass v.1.x.
https://outerhaven.de/keepassc/ || keepasscAUR
  • Ylva Command-line password manager, written in C, uses OpenSSL.
https://www.ylvapasswordmanager.com/[dead link 2022-09-20 ] || ylvaAUR


  • Ked Password Manager A password manager that helps to manage large numbers of passwords.
http://kedpm.sourceforge.net || kedpmAUR
  • KDE Wallet Manager Tool to manage the passwords on your system. By using the KDE wallet subsystem, it not only allows you to keep your own secrets but also to access and manage the passwords of every application that integrates with the wallet.
https://apps.kde.org/kwalletmanager5/ || kwalletmanager
  • Universal Password Manager Allows you to store usernames, passwords, URLs and generic notes in an encrypted database protected by one master password.
https://upm.sourceforge.net/ || universal-password-managerAUR

Hash checkers

  • GtkHash A GTK utility for computing message digests or checksums
https://github.com/tristanheaven/gtkhash || gtkhashAUR

Encryption, signing, steganography

  • Enigmail A security extension to Mozilla Thunderbird and Seamonkey. It enables you to write and receive email messages signed and/or encrypted with the OpenPGP standard.
https://enigmail.net || thunderbird-extension-enigmail-gitAUR
  • Keybase Key directory mapping social media identities, with cross platform encrypted chat, cloud storage, and git repositories.
https://keybase.io/ || keybase
  • passphrase2pgp Reproducibly generate private key in OpenPGP/OpenSSH formats accroding to user input passphrase and optionally sign message in one go
https://github.com/skeeto/passphrase2pgp || passphrase2pgpAUR

Data-at-rest encryption

See Data-at-rest encryption.

Privilege elevation

  • sudo Command to delegate the ability to run commands as root or another user while providing an audit trail.
https://www.sudo.ws/sudo/ || sudo
This article is issued from Archlinux. The text is licensed under Creative Commons - Attribution - Sharealike. Additional terms may apply for the media files.