← Back to Blog

Curating 250+ Security Tools

February 1, 2026 nullsectools

How we select, package, and integrate 250+ security tools into NullSec Linux. The difference between a useful distro and bloatware is thoughtful curation.

◉ The Bloat Problem

Kali Linux ships 600+ tools. Most users need maybe 30 for any given engagement. The rest:

NullSec takes a different approach: curate aggressively, document clearly, integrate deeply.

◉ Selection Criteria

Every tool in NullSec must pass these tests:

  1. Actively maintained: Commits within the last 12 months. Abandoned tools get replaced.
  2. Open source: Fully auditable. No binary blobs except specific licensed tools (Burp, etc.).
  3. CLI-friendly: Must support command-line operation for pipeline integration. GUI-only tools are excluded.
  4. Proven in professional use: Either widely-used industry standard, or personally validated by our team.
  5. Unique capability: If two tools do the same thing, include only the better one.

◉ Category Breakdown

Our 250 tools fall into these categories:

Category Count Key Tools
Reconnaissance42nmap, masscan, amass, subfinder
Web Application38burp, sqlmap, nikto, gobuster
Exploitation25metasploit, searchsploit, pwntools
Password Attacks18john, hashcat, hydra, cewl
Wireless22aircrack-ng, wifite, kismet
Forensics28volatility, autopsy, binwalk
Reverse Engineering15ghidra, radare2, gdb
Network32wireshark, tcpdump, responder
Cloud/Container18trivy, cloudsploit, kubectl
Automation12nuclei, ffuf, httpx

◉ Lateralus Integration

The distinguishing feature of NullSec: every CLI tool has a Lateralus wrapper for pipeline integration.

import security.nmap
import security.nikto
import security.sqlmap

fn scan_target(host: str) {
    // Nmap → Nikto → SQLMap pipeline
    let services = nmap.scan(host, ports: "80,443,8080")

    services
        |> filter(fn(s) { s.service == "http" })
        |> map(fn(s) { nikto.scan(host, s.port) })
        |> flatten()
        |> filter(fn(finding) { finding.type == "sqli_possible" })
        |> each(fn(f) { sqlmap.test(f.url, level: 2) })
}

Each wrapper:

◉ The Wrapper Generator

We don't hand-write all 250 wrappers. A tool called wrap-gen creates them:

# Generate wrapper from tool help
wrap-gen analyze nmap --help

# Output: structured schema
nmap:
  options:
    - name: ports
      short: p
      type: str
      description: "Port specification"
    - name: timing
      short: T
      type: int[0-5]
      description: "Timing template"
  output:
    format: xml|greppable|json
    parser: nmap_xml_parser

The schema is then compiled into a Lateralus module with proper types.

◉ Update Policy

Tools are updated on different schedules based on risk:

All updates are tested in CI before release. Breaking changes are documented in release notes.

◉ Deprecated Tools

Sometimes tools get removed. Recent deprecations:

Removed Replaced By Reason
dirbgobuster10x faster, better output
fierce (original)fierce (rewrite)Python 3, active maintenance
wpscan (Ruby)wpscan (Docker)Dependency nightmare solved
beef(removed)Minimal use, huge footprint

◉ Community Requests

Want a tool added? Open a GitHub issue with:

  1. Tool name and repository
  2. Use case (what does it do that existing tools don't?)
  3. Evidence of maintenance (recent commits)
  4. CLI output format (for wrapper generation)

We review requests monthly. Accepted tools ship in the next release.

◉ Meta: Tools About Tools

NullSec includes meta-tools to manage the toolset:

# Find tools for SQL injection
nullsec-search "sql injection"
  sqlmap        - Automatic SQL injection and database takeover
  ghauri        - Advanced SQLi detection
  nosqlmap      - NoSQL injection tool

# Generate pipeline for web app testing
nullsec-pipeline webapp --target https://example.com > scan.ltl

Full tool list at the downloads page. Source at nullsec-tools.