EN
ENNA
|ENNA

Welcome to ENNA: Why We Built an Open-Source Security Tool Index

announcementlaunchosintrecon

Hey! Welcome to ENNA. We're really excited to finally have this out in the world.

Let's start with the honest version of why this exists: we got tired. Tired of bookmarking GitHub repos we'd never find again. Tired of googling "best OSINT tools 2025" and getting the same recycled listicle from 2019. Tired of discovering a tool that looked perfect, clicking through to the repo, and finding the last commit was three years ago.

If you've been in security for any amount of time, you know exactly what we're talking about. The tooling landscape is massive, it's scattered across a thousand GitHub repos, and there's no good way to browse it, filter it, or figure out what's actually worth your time.

So we built the thing we wished existed.

What You're Looking At

ENNA launched today with 213 tools across 14 categories, and we're genuinely proud of how it turned out.

Every tool has a proper writeup explaining what it actually does (not just a one-liner), installation commands so you can get running on whatever platform you're on, real use cases so you know when to reach for it, and links to alternatives so you can compare your options. Oh, and live GitHub stats - stars, forks, open issues, last commit date - so you can immediately tell if something is alive and kicking or quietly abandoned.

Here's what we're covering:

  • -Network Recon - The classics. Nmap, Masscan, RustScan, Shodan CLI, and friends.
  • -Subdomain Enumeration - Subfinder, Amass, Findomain, and the rest of the DNS discovery crew.
  • -Web Scanning - Nuclei, Feroxbuster, ffuf, sqlmap - everything you need to poke at web apps.
  • -OSINT Social - Username hunting with Sherlock and Maigret, social network mapping, profile analysis.
  • -OSINT General - theHarvester, SpiderFoot, Holehe, PhoneInfoga - the broad-spectrum recon tools.
  • -Vulnerability Scanning - Nuclei (yes, it fits in two categories), OpenVAS, Trivy, Grype.
  • -Wireless - Aircrack-ng, Bettercap, Kismet, Flipper Zero firmware. The fun stuff.
  • -Digital Forensics - Volatility, Autopsy, Velociraptor, Chainsaw. For when things have already gone wrong.
  • -Crypto Tracing - This one's close to our hearts. Bitcoin Core CLI, Geth, Cast, and a whole suite of blockchain analysis tools.
  • -Password Attacks - Hashcat, John the Ripper, Hydra. You know the drill.
  • -Exploitation - Metasploit, Sliver, Mythic, Havoc. The sharp end of the stick.
  • -Phishing Analysis - GoPhish, Evilginx2, and the tools for understanding how phishing campaigns work.
  • -Dual Use - Wireshark, Burp Suite, Ghidra, YARA - legit tools that happen to be incredibly useful on offense.
  • -Offensive Ops - CrackMapExec, BloodHound, Impacket, Rubeus. Red team essentials.

Comparisons Are Our Favourite Part

Honestly, this might be the most useful feature on the whole site. Whenever two tools are listed as alternatives to each other, ENNA automatically generates a comparison page. Nmap vs Masscan. Subfinder vs Amass. Sliver vs Mythic. There are already over 85 of these, and they make it so much easier to decide which tool fits your workflow.

No more opening six tabs and trying to mentally compare README files.

Books Too

We're not just about tools. The library section has curated books covering pentesting, OSINT, social engineering, blockchain, malware analysis, and more. Everything from the classics (Hacking: The Art of Exploitation) to the field manuals (RTFM, BTFM) to the deep dives (Practical Malware Analysis). Multiple format options for each book so you can grab paperback, hardcover, or Kindle.

And Hardware

Because sometimes the right tool is a physical one. We've got the HackRF One, Flipper Zero, Proxmark3, WiFi adapters with proper monitor mode support, and even laptop recommendations for running your security toolkit.

Where This Is Going

This is day one. We're going to keep adding tools, expanding categories, and making the site more useful. We'll be posting weekly updates every Monday with everything that's new.

If you know a tool we're missing (and we're definitely missing some), we'd love to hear about it. And if you want to stay in the loop, subscribe to the newsletter - we promise to only email you on Mondays.

Thanks for being here at the start. Let's go!

Weekly Newsletter

New tools, updates, and changes delivered every Monday morning.

Subscribe on Substack