Week 2: 19 New Tools, Getting Started Guides, Workflows, and a Public API
Alright, week two! We shipped a lot of features this week AND added 19 new tools. Let us get into it.
19 New Tools (325 Total)
We are now at 325 tools indexed. Here is what landed this week across 10 categories:
Reverse Engineering
ImHex is probably the biggest miss we have corrected. With over 53,000 GitHub stars, it is one of the most popular RE tools on the platform. Feature-rich hex editor with a custom pattern language, entropy visualization, data analysis, and built-in disassembly. If you are doing firmware analysis or binary triage, this replaces every other hex editor.
pwndbg turns GDB from painful to powerful. Enhanced context display, heap analysis commands, and PEDA-like features designed specifically for exploit developers and CTF players.
EMBA from the embedded security community is a firmware analyzer that does both static and dynamic analysis of IoT and embedded device firmware via emulation. If you are auditing router firmware or IoT devices, this automates the heavy lifting.
Network Recon
BBOT (9,600 stars) is the modern recursive internet scanner. Think of it as SpiderFoot's successor with 100+ modules for automated recon, bug bounties, and attack surface management. Recursive scanning means it discovers new targets as it goes.
fscan (13,600 stars) is the internal network scanner that red teamers in the field actually use. Fast service enumeration, built-in brute-forcing, vulnerability detection, and exploit modules. One binary, no dependencies, works on every platform.
Sn1per is the automated pentest recon framework that chains together subdomain enumeration, port scanning, vulnerability scanning, and exploit tools into configurable scan modes.
Vulnerability Scanning
OSV-Scanner from Google uses the OSV.dev database to scan your project dependencies for known vulnerabilities across every major language ecosystem. The supply chain security scanner that should be in every CI pipeline.
Lynis (15,500 stars) is the security auditing and hardening standard for Linux and macOS. Compliance testing against CIS benchmarks, HIPAA, ISO27001, and PCI DSS out of the box.
afrog is a fast vulnerability scanner with custom PoC support that competes directly with Nuclei. Lower false positive rate and growing community-contributed PoC library.
OSINT
web-check (32,800 stars) is an all-in-one website OSINT tool that pulls DNS records, SSL certificates, headers, security audit results, and performance metrics into a single dashboard. Deploy it locally or use the hosted version.
dnstwist is the domain permutation engine for detecting homograph phishing attacks, typosquatting, and brand impersonation. Feed it your domain and it generates every possible lookalike, then checks which ones are actually registered.
Mobile Security
MVT (12,300 stars) from Amnesty International is the Mobile Verification Toolkit built specifically for detecting Pegasus and other commercial spyware on iOS and Android devices. The tool that powers the forensic investigations you read about in the news.
APKLeaks scans Android APKs for hardcoded API keys, backend URLs, and secrets using JADX decompilation. Fast static analysis for mobile app security assessments.
Offensive Ops & Cloud
CALDERA from MITRE is the automated adversary emulation platform built on the ATT&CK framework. Run automated attack chains for purple team exercises and detection validation.
Stratus Red Team from Datadog does the same thing but specifically for cloud environments. Granular adversary techniques for AWS, Azure, GCP, and Kubernetes, all mapped to ATT&CK.
Web Scanning
reNgine is the automated recon framework with correlated scan engines, continuous monitoring, and scheduled scanning. Deploy it with Docker and point it at your targets.
reconftw chains together the best recon tools (subfinder, nuclei, httpx, and more) into a single automated pipeline. One command, full-stack recon.
Forensics & Threat Intel
Timesketch from Google is the collaborative timeline analysis platform for incident investigations. Import events from multiple forensic sources, annotate them, and share findings with your team.
IntelOwl integrates 100+ threat intel analyzers for enriching observables and malware samples at scale. MISP and OpenCTI integration out of the box.
26 Getting Started Guides
We wrote step-by-step getting started guides for 26 of the most popular tools on the site. Not just "run the install command and figure it out" but actual walkthroughs that take you from installation through your first real scan.
Covers Nmap, Subfinder, Nuclei, Sherlock, theHarvester, Hashcat, Metasploit, Wireshark, Burp Suite, BloodHound, Volatility, and more. Look for the "Getting Started Guide" button on tool pages.
6 Interactive Workflows
Workflows are step-by-step playbooks that chain tools together in the order you actually use them. We launched with six:
- -OSINT Investigation - From a name or email to a full profile
- -Web Application Pentest - The full recon-to-exploit pipeline
- -Active Directory Attack Path - BloodHound to domain admin
- -Red Team Operations - Infrastructure to exfiltration
- -Crypto Tracing Investigation - Wallet address to attribution
- -Incident Response - Evidence preservation to IOC extraction
Public API
ENNA now has a REST API at /api/tools with search, filter, sort, and pagination. Get full tool details at /api/tools/[slug]. Build on top of it.
Other Improvements
- -Tool sorting by name, stars, or recent activity
- -RSS feed at /feed.xml
- -Suggest a Tool page linked in the header
- -GitHub GraphQL enrichment (300 API calls down to 4)
- -CI pipeline with type checking and data validation
- -Cross-links between Library and Gear pages
What is Coming Next
More tools, more guides, and we are looking at adding user-submitted tool reviews. Hit the Suggest button in the header if you know a tool we are missing.
See you next Monday!