Lynis
Host-based security auditing for Unix: misconfigurations, packages, SSH, kernel hardening hints.
Why it is included
Lightweight open CIS-style pass for servers you administer.
Best for
Sysadmins hardening Linux/BSD before pentest or compliance checks.
Strengths
- Fast local run
- Actionable hints
- CISOFy maintenance
Limitations
- Not a full pentest; complements scanners
Good alternatives
OpenSCAP · manual benchmarks
Related tools
Security & Privacy
Nmap
Network discovery and security auditing scanner with scripting (NSE) and OS fingerprinting.
Security & Privacy
OpenSCAP
SCAP toolkit for compliance scanning: Oval, XCCDF, tailoring files, and remediation snippets (e.g. DISA STIG workflows).
Security & Privacy
kube-bench
CIS Kubernetes benchmark checker: run checks against nodes, control plane, etcd, and policies with readable reports.
Security & Privacy
Wazuh
Open security platform combining SIEM, XDR, file integrity monitoring, and compliance checks across endpoints and cloud.
Security & Privacy
John the Ripper
Password cracker focused on fast CPU modes, formats, and incremental attacks—ubiquitous in audits.
Security & Privacy
Tracee
Linux runtime security using eBPF to trace OS and container events with prebuilt signatures and pipeline exports.