Open Source Tools Collection 2

Testing Tools[edit | edit source]

Katalon Studio[edit | edit source]

Katalon Studio is an all-in-one solution that supports web, API, mobile, and desktop app test automation. It is powerful in enabling cross-functional operations for product development teams at scale. As a codeless solution, Katalon Studio is easy to use, robust to expand, yet contains the necessary components for advanced needs with built-in keywords and project templates. In addition, it provides a host of seamless integrations with SDLC management, CI/CD pipeline, team collaborate applications, etc. Users can leverage Katalon Store – a plugin and extension marketplace, to add more features and optimize their test automation strategies. Katalon Studio has been recognized by Gartner Peer Insights Customers’ Choice in 2020 and is trusted by over 65,000+ companies worldwide.

Selenium[edit | edit source]

Needless to say, selenium is one of the best open source testing tools that is available today. Being compatible with quite a lot of programming languages, testing frameworks, browsers and operating systems, Selenium is an awesome automation testing tool for web apps. It helps you to create very effective test scripts for regression testing, exploratory testing, and quick bug reproduction

Appium[edit | edit source]

Appium open source test automation framework is primarily envisioned for mobile apps. Built on client/server architecture, Appium automates the applications that are created for iOS and Android. It is a well-liked mobile automation testing tool attributable to its easy installation and usage.

Robotium[edit | edit source]

Robotium is an open-source tool that acts as a test automation framework which is mainly intended for Android UI testing. It supports gray box UI testing, system testing, functional testing and user acceptance testing for both native and hybrid android based applications.

Cucumber[edit | edit source]

It is an open-source tool which is based upon the concept of Behavioral driven development using which Cucumber allows you to do automated acceptance testing by executing the examples that optimally describe the behavior of the application. It has cross-platform OS support and compatibility with programming languages like Ruby, Java and.NET. The best part is that Cucumber allows you to have a single live document for both specification and test documentation.

Watir[edit | edit source]

Watir (enunciated as water) is the short form for Web Application Testing in Ruby. This is an extremely lightweight, technology independent open source testing tool for web automation testing. It allows you to write simple, adaptable readable and maintainable automated tests.

Sikuli[edit | edit source]

Sikuli is an open source testing tool which is built upon the concept of image recognition and possesses the ability to automate anything that is seen on the screen. It is very useful to automate non-web-based desktop applications. It is also known for its quick bug reproduction.

Apache JMeter[edit | edit source]

Apache JMeter is an open source Java desktop app which is intended mainly for web applications’ load testing. It also supports unit testing and limited functional testing. It has a lot of good features like dynamic reporting, portability, powerful Test IDE, etc and supports different type of applications, protocols, shell scripts, Java objects, and databases.

WatiN[edit | edit source]

It is the short form of Web Application Testing in.NET. Watin is an open source test automation framework that aids in UI and functional web app testing. This tool is mainly intended for Internet Explorer and FireFox browser.

SoapUI[edit | edit source]

SoapUI is a very popular open source API Test Automation Framework for SOAP & REST. It supports functional testing, performance testing, data-driven testing and test reporting as well.

Capybara[edit | edit source]

Capybara is an open source acceptance test framework that is helpful in testing web applications. It simulates the behavior of a real user that interacts with the application. It can be used in conjunction with the other testing tools like Cucumber, RSpec, Minitest, etc.

Testia Tarantula[edit | edit source]

This free and open source tool is created by one of the leading software company – Prove Expertise in Finland. It is a modern web tool for software test management mainly intended for agile projects. Test executions can be quickly planned by using its tagging features and easy drag & drop interface. Smart tags for fix verification and dashboard for managers are also some of its cool features.

Testlink[edit | edit source]

Test Link is an open source web-based test management tool which was primarily featured for test plans, test cases, user roles, test projects and test specifications. It offers cross-platform OS support and gets well integrated with the other bug tracking systems like JIRA, Bugzilla, Redmine, etc.

Windmill[edit | edit source]

Windmill is an open source web testing tool created for automating and debugging the web applications. It offers cross browser and cross platform support for web apps testing. Till May 2016, Windmill was actively maintained. But now, it has been covered by web driver/selenium 2.

TestNG[edit | edit source]

TestNG is an open source testing framework enthused by Junit and Nunit with some new features added to make it a more powerful tool? It supports almost all kinds of testing like unit testing, functional testing, integration testing, data-driven testing, end-to-end testing, etc.Few of its cool features include annotations, big thread pool, flexible test configuration, support for parameters, different tools, plug-ins, etc.

Marathon[edit | edit source]

Marathon is an open source test automation framework which is designed to test Java-based GUI applications. This tool is mainly intended for acceptance testing. It allows you to record and replay the tests and generate test reports as well. You should use Marathon if you are testing a small project and if your application screen size is limited to 10 screens. Note: Marathon ITE is a successor of Marathon which allows you to come up with resilient test suites for large and complex projects. However, it is a licensed tool. But you can check for its free trial.

httest[edit | edit source]

Httest is used to implement all types of Http-based tests. It offers a range of Http based functionalities. It allows testing the complex scenarios very effectively.

Xmind[edit | edit source]

It is an open source and free mind mapping software useful for regression testing. It is built on java platform and has cross-OS support. It’s a light-weight app, provides good encapsulation and also produces an artifact that tells about the total time spent on testing.

Wiremock[edit | edit source]

It is an open source testing tool for Http based application programming interfaces. It acts as a service virtualization tool that mocks the API for providing quick and powerful end to end testing.

k6[edit | edit source]

k6 is an open source load and performance testing tool for testing cloud-native applications, APIs and microservices. It's a modern developer-centric CLI tool with test cases written in ES6 JavaScript and with builtin support for HTTP/1.1, HTTP/2 and WebSocket protocols. k6 is purposefully built for automation, and can easily be introduced into automation pipelines in Jenkins, GitLab, Azure DevOps Pipelines, CircleCI and other CI/CD tools for performance regression testing

Maven[edit | edit source]

Maven is basically an open source build automation tool mainly intended for java projects. We have the maven plugins available for testing. The “surefire:test” goal provided by the plugin is associated with a testing phase of software management lifecycle.

Espresso[edit | edit source]

It is an open source UI testing framework for Android that is helpful in creating reliable user interface tests within a single app. The auto sync feature of this app is really cool.

FitNesse[edit | edit source]

FitNesse is an open source ­­­automation acceptance testing framework. It is centered over the framework for an integrated test. It helps in coming up with high-quality tests.

JUnit[edit | edit source]

It is an open source unit testing framework for Java. This tool is helpful for writing repeatable tests. It is a part of Xunit and has a cross-platform OS support.

The Grinder[edit | edit source]

The Grinder is a free and open source java based load testing framework. It utilizes multiple load injector machines which turn out running a distributed test quite easily. Its main features include generic approach, flexible scripting, distributed framework and mature Http support.

Tsung[edit | edit source]

Tsung is a free and open source load and stress testing tool. It is compatible with multiple protocols and servers like HTTP, SOAP, LDAP, etc. It distributes the load while testing and this turns out as one of its contributing feature towards the high performance of the tool.

Gatling[edit | edit source]

Gatling is an open source load and performance testing tool intended for web applications. It detects the bottlenecks in early development phase which help in reducing the overall debugging effort. It offers continuous integration. You can use Gatling with Jenkins which helps in better regression performance testing and faster delivery.

Multi-Mechanize[edit | edit source]

It is an open source performance & scalability testing framework for web apps. It executes parallel python scripts to generate load against a site.

Selendroid[edit | edit source]

It is an open source test automation framework for Android applications and mobile web. It supports scaling and parallel testing.

Keep it Functional[edit | edit source]

KIF(Keep it functional) is an open source iOS functional testing framework.  Some of its features include minimal indirection, easy configuration, auto integration with Xcode tools, user simulation tests and wide OS coverage.

iMacros[edit | edit source]

iMacros is obtainable as a free browser add-on for FF, IE and Chrome browsers. It is helpful for automating functional, regression and performance tests. One of its cool features is its built-in stopwatch command that allows you to capture response times of the webpage. Free iMacros for browsers can be downloaded from here

Linux Desktop Testing Project[edit | edit source]

LDTP is an open source automated testing tool for GUI testing.

OpenTest[edit | edit source]

OpenTest is a spectacular automation tool for web, Apps, and APIs.

Testerum[edit | edit source]

Testerum is a free and open-source test automation framework that enables users to test Web Applications, REST APIs, initialize & verify databases, and mock 3rd party APIs. This framework allows users to create custom integrations. Using Testerum you can define acceptance criteria, use them as manual tests or transform them into automated tests. This can be done from an easy to use UI where no programming knowledge is required. There are many advantages of using Open source testing tools. There is no direct cost involved and open source permits customization. However, there are certain limitations as well. Lack of professional technical support, limited protocols support and script maintenance can be challenging at times. In order to choose the right Open source testing tool, you should ensure that the tool is actively maintained, the type of tool matches the skills of your team and you have the experts in the team. The features, benefits, and challenges offered by the tool should align with your testing requirements and organizational goals.

Virtualization tools[edit | edit source]

Ganeti[edit | edit source]

Ganeti is a cluster server management tool developed by Google; it is built on existing virtualization technologies like KVM, Xen and other Open Source software. Ganeti was initially started as a VMware alternative for managing networks, storage, and virtual machines- and not as a cloud platform, meaning it lacks several of the features that come with larger open cloud projects. It was designed to handle cluster management of virtual servers and offer quick and easy recovery after physical failures using commodity software. For Ganeti to work, virtualization software must be pre-installed on the servers. Once installed, it assumes management of the virtual instances; Ganeti handles startup, shutdown, OS installation, migration, disk creation, and can be used to preemptively relocate a VM off a physical machine that is failing. Ganeti can be used for both single-host management, like Xen Tools or Libyirt, and large-scale computing on an OpenStack level.

KVM (Kernel-based virtual machine)[edit | edit source]

KVM is an open source virtualization tool for Linux and contains virtualization extensions (AMD-V or Intel VT). It can either be operated in emulation or hardware mode; however, without the CPU extensions, the overall performance will be poor. Despite the fact that it was designed for command line, KVM has a decent management interface that enable users to perform actions like launching and stopping virtual machines or taking screen shots with ease. The interface (Virtual Machine Manger – VMM) can also be used to control Xen virtual machines. Each of virtual machine within KVM has personalized virtualized hardware: a graphics adapter, disk, network adapter, etc. If you are searching for a free modern virtualization solution with an unlimited usage mode and without additional feature tearing or licensing fees, and a powerful command line interface then KVM is your best bet.

oVirt[edit | edit source]

oVirt is a virtualization solution used to manage/create virtual datacenters. oVirt manages storage options, virtualized networks, and virtual machines using interactive an easy to use web-based administration and user portal. oVirt supports several advanced virtualization features like live storage migration, high availability, and the ability to control and schedule the deployment of virtual machines. Aside from the oVirt engine, this Red Hat backed project also includes other components, like oVirt Node – a scaled down version of Linux with enough code to host virtual machines. The oVirt project also includes data reporting and warehouse components, based on the work of open source software providers Jaspersoft and Talend.

Packer[edit | edit source]

Packer can be used by system admins to build then subsequently manage the operations of virtual machine images. The same commands and files can be used to build an image on Digital Ocean, AWS or for vagrant and VirtualBox. This enables you to use the same system for development which you then create in production. Packer is notably light, high performing, and operates on every major operating system. It assembles and configures all the necessary components for a virtual machine then creates images that run on multiple platforms. Packer doesn’t replace configuration management tools like Puppet or Chef; as a matter of fact, when creating images, Packer can utilize tools like Puppet or Chef to install applications onto the image.

Vagrant[edit | edit source]

Vagrant is a command-line tool that provides a framework and configuration format for creating, managing and distributing virtualized development environments. These environments can live on your computer or in the cloud, and are portable between Linux, Mac OS X, and Windows. Vagrant has a differentiating feature – Vagrant Share that enables users to share their running Vagrant environment via the internet. This makes it easy to collaborate and share on development environments thus creating consistent working environments for teams of software developers using a virtual machine. Vagrant can also work alongside configuration management tools like Puppet and Chef.

VirtualBox[edit | edit source]

VirtualBox is an open source cross-platform product that is currently under the stewardship of Oracle. VirtualBox is one of the veterans of the virtualization scene, and remains a lightweight and reliable virtualization tool that is easy to install and use. With its latest release, VirtualBox adds support for touchscreens and other user-recognizable improvements like Webcam pass-thru, support for IPv6 with VRDP and, video capture support. One important feature VirtualBox lacks is the ability to boot from existing Boot Camp partitions.

Xen[edit | edit source]

Xen is a hypervisor that started out as a Microsoft backed startup at the University of Cambridge and has now risen to become one of the best Linux hypervisors. The Xen Hypervisor is inserted between the server’s hardware and the operating system. This creates an abstraction layer that allows multiple guest operating systems to be concurrently executed on a single physical server. Xen is included with most popular Linux distributions like Fedora, RHEL, CentOS, Ubuntu, and Debian. Xen supports ‘hardware assisted’ virtualization and para-virtualization for unmodified and modified guests respectively. The guests can be windows or Linux, but most guests particularly in the hosting space are Linux variants.

Configuration management tools for SysAdmins[edit | edit source]

Ansible[edit | edit source]

Ansible is a model-driven configuration management tool, ad-hoc task execution tool, and automated app deployment tool all in one. For the above reason, the company prefers to categorize it as an ‘orchestration engine’. Ansible is built on five design principles – ease of use, quick learning curve, comprehensive automation, efficiency, and security. Ansible can be installed via a git repository clone to an Ansible master server. It is built on python but its modules can be written in any language, provided the output of the module is valid JSON. Ansible has a vast collection of modules that can be used to manage different systems and cloud infrastructure like OpenStack and Amazon EC2. Like several other open source projects, Ansible also has a paid product that is available via a web UI referred to as Ansible tower.

CFEngine[edit | edit source]

CFEngine is probably the oldest and one of the most established configuration management tools. It has been described as the grandfather of configuration management tools. CFEngine has undergone numerous iterations allowing it to maintain relevance as OS have migrated from local data centers to the cloud. It runs on C and despite having a significantly smaller footprint, CFEngine runs quickly and has few dependencies. There is a library of reusable data-driven models that can help CFEngine users model their desired states. The main drawback of CFEngine is its steep learning curve.

Chef[edit | edit source]

Chef is a powerful IT infrastructure configuration management tool that is offered as both an enterprise and open source product. Chef has a scalable and flexible automation platform and provides integration with leading cloud providers. It also provides enterprise platform support, including Solaris and Windows and enables users to develop, bootstrap and manage OpenStack clouds. Chef is written in Erlang and Ruby, extensions or specifications are written in pure ruby. Aside from configuration management, Chef can also be used to rapidly provision and deploy servers for automated delivery of services and applications.

Fabric[edit | edit source]

Fabric is a Python command-line tool and library for streamlining the use SSH for systems administration tasks or application deployment. It offers a fundamental suite of operations for executing remote or local shell commands and downloading/uploading files, as well as additional functions like aborting execution or prompting the running user for input. The main advantages of Fabric is that it uses simple primitives (reboot(), get(), sudo() etc.) and all you need is a remote command API, this eliminates the need for abstraction or a DSL.

Pallet[edit | edit source]

Unlike most of the other CM tools, Pallet is more of a CM library or framework built with developers in mind as opposed to a standalone CM tool. Its lightweight nature means it can easily be embedded or integrated into other applications. Despite the fact that it can work in traditional on premise servers, Pallet is designed for cloud based environments. Pallet is relatively new in the market so its documentation is still a work in progress but its user community is quite helpful. Pallet is built with Clojure, a JVM implementation of the LISP programming language.

Puppet[edit | edit source]

Puppet is one the most complete configuration management tools in terms of user interfaces, modules, and available actions. It is an ideal representation of the entire picture of data center orchestration, including virtually every operating system and providing deep tools for the main operating systems. Puppet is written in Ruby, and like Chef, it comes in both an enterprise and open source version. However, unlike Chef whose offering of features is healthy across both enterprise and open source versions, a majority of Puppet’s features are placed into enterprise status. Setting up Puppet is relatively easy and it requires the installation of a master server and client agents on every system that is to be managed.

Salt[edit | edit source]

As part of a bigger enterprise ready application, the configuration management section of Salt is feature-full and robust. Like Ansible, Salt is a CLI based tool that uses a push method of client communication. Users can issue commands like install packages or start services to “minions” directly from the CLI, which receives the commands from the central salt master and replies with the results of the command(s). Salt can be installed via a Git or via the package management systems on masters and clients.

Slaughter[edit | edit source]

Slaughter is a Perl-based utility tool that is used to automate the deployment, configuration, and maintenance of a large number of servers. Despite the fact it was written from scratch, it is greatly inspired by CFEngine. Slaughter is considerably small in terms of code, and the concepts required to understand and use it. Despite its simplicity, Slaughter is flexible and facilitates a wide range of functions. Slaughter is a client-pull application, this basically means that each machine that has slaughter installed on it is expected to schedule itself. There is no central server in charge of mediation, control or scheduling.

Cyber Simulators[edit | edit source]

TopGen[edit | edit source]

TopGen is a virtualized application-service simulator for offline exercise and training networks. It allows multiple co-hosted virtual application-layer services, such as multiple HTTP vHosts, Domain Name System (DNS) views, or virtual mail domains to be delivered from a single host (physical, virtual machine, or container). A large number of host unique, single IP addresses, corresponding to each virtual application server (each website, nameserver, and mail gateway), are then added to the TopGen host's loopback interface. This configuration ensures that client traffic is delivered to the appropriate application-server daemon, and that replies will originate from the correct source IP address.

GreyBox[edit | edit source]

GreyBox is a virtual machine that provides a self-contained emulation of the Internet backbone, including connectivity for 500-plus websites, mail servers, Bitcoin environments, and other sites. It simulates not only the servers, but also the Internet infrastructure, with root and top-level domain (TLD) DNS servers, a functional WHOIS service, and a realistic Tier I web cloud. GreyBox includes emulation of Border Gateway Patrol (BGP) and autonomous system (AS) numbers running the actual IP addresses deployed in the Internet backbone. Greybox and TopGen are designed to run on any generic Linux system. GreyBox provides the ability to communicate in this environment, which renders a realistic simulation of the Internet backbone, implemented with Linux containers. Any peer-to-peer software can be added to GreyBox to increase the realism of the simulation experience for users. We are planning a feature where we could connect arbitrary Docker containers into the Greybox map for added flexibility to allow users to connect custom containers serving whatever their needs are. The key to the utility of this environment is its realistic look and feel to its users are. The front pages of more than 5,000 websites were scraped from the actual Internet to provide this realistic user experience. GreyBox is great for training and exercises; students have used it to learn about routing. The activity of having users interacting with the system and creating traffic enriches this Internet simulation. GreyBox has public key infrastructure (PKI) and can do HTTP Secure (HTTPS) or Transport Layer Security (TLS). We use our own in-game certificate authority to sign all the websites to produce HTTPS traffic when a user is looking at packet traces. We eventually want to offer encrypted HTTPS traffic for added realism. Users can connect existing network enclaves that they're already using in their cyber exercises into the core Internet structure that GreyBox creates. This connectivity can be performed via the simulator's user interface. Users can put RJ-45 icons on the map and connect them to existing routers, then map those to network interfaces of the host machines. Any other computing infrastructure that shares a network with those network interfaces that are mapped into the simulation would then connect to the simulation via those interfaces by simply mapping extra network cards to those enclaves.

GHOSTS[edit | edit source]

GHOSTS is a framework for automating and orchestrating non-player character activities. By creating "synthetic users" in the environment, it enables advanced user-activity simulation to enrich the realism of cyber exercises. The simulated characters that participants interact with can perform many functions, such as web browsing, executing terminal commands, sending emails, or managing office documents. The functions appear as if real people were performing them, and none can be traced back to the GHOSTS software directly, making the training experience more lifelike and convincing. GHOSTS orchestrates friendly, hostile, and other behaviors that players would be likely to encounter. GHOSTS is not simply a mechanism for traffic creation; it creates realistic network traffic in the form of context-driven user activity on a network. It focuses on what every computer-controlled actor on the network is doing and what decisions it might make, and uses the results of those decisions to make future decisions, as well. For example, GHOSTS can bring harmless administrators and hostile red-team operators to life within an exercise by giving them growing intelligence that mimics what people may do in real life. It enables exercise creators to build enclaves of blue teams that perform specific tasks. In addition, GHOSTS can simulate active insider-threat scenarios or random security mistakes that any user might make.

vTunnel[edit | edit source]

vTunnel allows the tunneling of arbitrary IP traffic from a guest virtual machine through the hypervisor instead of through the normal Ethernet connections. This feature allows the removal of certain network activity from the game space. This capability prevents game players from seeing certain network traffic, such as command-and-control or scoring activities. vTunnel hides the traffic that is "out of band." All this administrative activity running within the simulation would be in plain view for all participants in the exercise or training course (which distracts users and detracts from the look and feel of a realistic network environment) if nothing were done to hide it. "White cell" management, monitoring and overhead traffic, including the management traffic for the GHOSTS activities, can flow unimpeded and totally unseen by users. vTunnel helps keep all of this administrative traffic hidden so that users can focus on just the activity that relates to the intended event simulation. vTunnel allows guest VM networks to communicate with management networks on the hypervisor side for the simulation. It transmits traffic between virtual-machine networks and range-management networks, allowing control of automations and simulations while avoiding in-game networks being monitored by exercise participants. The vTunnel connection into the virtual machine allows the sending of command-and-control traffic to the GHOSTS agent. The vTunnel connection out of the virtual machine allows logs and telemetry data from the GHOSTS agent to arrive back at the GHOSTS command-and-control server. By allowing management traffic to reside outside the game space, vTunnel enables more realistic and reliable cyber exercises.

WELLE-D[edit | edit source]

Cybersecurity training often occurs in classified spaces where users can't bring cellphones or other network-connected devices. For wireless simulation, one work role is that of a wireless professional who needs to perform wireless penetration (or pen) testing. However, these spaces are not good environments for attaching wireless devices to virtual machines, and there are not many virtualization options available for wireless training. We used capabilities in the Linux kernel to extend simulation across multiple virtual machines for Wireless Emulation Link Layer Exchanges Daemon (WELLE-D), which enables integration of virtual wireless networks into the existing cyber range. Virtual machines in the virtual environment can then have realistic wireless interfaces that can be used by all standard wireless tools. WELLE-D perfectly emulates 802.11 wireless communications in virtual environments without creating any radio signals. WELLE-D enables system administrators to configure wireless access points and/or client systems running on a Linux kernel. The software creates actual 802.11 frames and passes them across a hidden channel so the traffic does not appear in the wired Ethernet environment. Actual 802.11 frames are used in the communication between clients, thereby providing an unparalleled level of realism since all Wi-Fi attack tools can operate against the actual 802.11 traffic. WELLE-D allows the cyber workforce to perform realistic attack-and-defend scenarios in a cost-effective, safe, and controlled environment. Using WELLE-D, the team can generate and investigate wireless frames with ease. WELLE-D extends frames available in the Linux kernel so that students in one of these roles who need to do wireless pen testing can run their tools, inject frames, and capture frames from the available networks.

TopoMojo[edit | edit source]

Simulations are hard to set up and hard to administer once they are set up. Many organizations, therefore, have relegated realistic hands-on exercises to once-a-year events, cobbled together by organizational "heroes" who create a lab architecture out of old gear. CERT's motivation in developing TopoMojo was to provide subject-matter experts with a platform where they could quickly create and share ideas for cyber training. TopoMojo is a web application that simplifies virtual lab creation and deployment. This Linux-based virtual appliance jump launches virtual-machine learning environments, including use of existing network topologies from a topology library, or creation of custom topologies to meet the specific requirements of a given user. After topologies are created, they come to life in the same TopoMojo platform, deploying network configurations and the associated host systems. These deployed environments support training, testing, and many other possibilities. TopoMojo simplifies the setup of exercises. It comprises two components, a lab player and a lab builder. The player allows a user to browse and access existing labs. After TopoMojo is launched, the user can access various hosts to accomplish lab objectives and can collaborate with others by inviting them to share a lab by sending them a link. The builder interface is for content creators, people with a lab idea that they want to share with others. The builder can add people to a workspace to enable collaboration in putting the lab together. Ideal for creating quick training on a small scale, TopoMojo employs the same technology used for larger simulations.

Cloud Infrastructure and Management[edit | edit source]

OpenStack[edit | edit source]

OpenStack software allows data centers to pool the compute, storage, and networking resources and manage them through a dashboard or via the OpenStack API.

CloudStack[edit | edit source]

Apache CloudStack is designed to deploy and manage large networks of virtual machines. This Apache Project offers a turnkey Infrastructure as a Service (IaaS) cloud computing platform. It’s used both by public cloud computing vendors and by organizations running their own private clouds.

Eucalyptus[edit | edit source]

Eucalyptus allows organizations to easily migrate apps and data to build private or hybrid cloud environments that are compatible with Amazon Web Services.

Synnefo[edit | edit source]

Synnefo is a complete cloud infrastructure stack that provides Network, Image, Volume and Storage service. It manages Google Ganetti, OpenStack, and KVM.

FOSS-Cloud[edit | edit source]

The FOSS-Cloud is a Software that enables you to create your own Private or Public Cloud. It is an integrated infrastructure to provide cloud-Services, Windows or Linux based SaaS. FOSS-Cloud covers all of the aspects of an Open Source IT environment.This multi-faced cloud computing solution includes virtualization, cloud desktop, IaaS, PaaS and SaaS capabilities.

openQRM[edit | edit source]

openQRM software manages a data center’s infrastructure to build private, public and hybrid IaaS (Infrastructure as a Service) clouds. This enterprise-class tool combines data center management system administration and IaaS provisioning into a single tool.

OpenShift[edit | edit source]

OpenShift’s helps you to make your job easier by taking care of all the messy IT aspects of app development and allows you to focus on your job by Coding your Application and satisfying your customers.

Cloud Foundry[edit | edit source]

Cloud Foundry is used to deploy your applications on a variety of infrastructures, including Amazon Web Services, OpenStack, and vSphere. It supports Java, Ruby, and Node applications out of the box.

Docker[edit | edit source]

Docker provides a highly reliable, low-cost way to quickly build, ship, and run distributed applications at scale. It gives developers the freedom to define environments and create apps faster and easier and flexibility for IT ops to quickly respond to change.

Salt Stack[edit | edit source]

SaltStack software is easy enough to get running in seconds, scalable enough to manage tens of thousands of servers, and fast enough to control and communicate with them in milliseconds. SaltStack delivers a dynamic infrastructure communication bus used for remote execution, configuration management and much more.

Software Development Tools[edit | edit source]

Linx[edit | edit source]

Linx is low code tool to build and automate backend applications and web services. The tool accelerates the design, development and automation of custom business processes, including easy integration of applications, systems and databases.

• Easy-to-use, drag-and-drop IDE and Server
• Over 100 pre-built plugins programming functions and services for rapid development
• One-click deployment to any local or cloud server
• Input and outputs include nearly any SQL & NoSQL databases, numerous file formats (text and binary) or REST and SOAP Web services
• Live debugging with step through logic
• Automate processes via timer, directory events or message queue or expose web services, and call APIs via HTTP requests

Atom[edit | edit source]

Atom is an open source and free desktop editor cum source code editor that is up-to-date, friendly and hackable to the core.

Key Features:

• Atom supports cross-platform editing and works for various operating systems like Windows, Linux and OS X.
• Atom is a customizable tool with which one can effectively edit the look & feel of the User Interface, add few important features etc., without editing the configuration file.
• Important features of Atom which made it a remarkable tool are its built-in package manager, smart autocomplete, multiple panes, file system browser, find & replace feature etc.
• Atom is used to build cross-platform applications with web technologies using a framework called ‘Electron’.

Cloud 9[edit | edit source]

Initially in 2010 Cloud 9 was an open source, cloud-based IDE (Integrated Development Environment) that supports various programming languages like C, Perl, Python, JavaScript, PHP etc. Later in 2016, AWS (Amazon Web Service) acquired it for further improvement and made it chargeable as per the usage.

Key Features:

• Cloud 9 IDE is a web-based platform that is used for scripting, running and debugging the code in the cloud.
• Using Cloud 9, the users can work with serverless applications which help to switch between remote and local testing and debugging activities.
• The features like code completion suggestions, debugging, file dragging etc., makes Cloud 9 a powerful tool.
• Cloud 9 is an IDE for web and mobile developers that help to collaborate together.
• Developers using AWS Cloud 9 can share the environment with the workmates for projects.
• Cloud 9 IDE lets to replica the entire development environment.
• Click here for more information on Cloud 9 tool.

GitHub[edit | edit source]

GitHub is a powerful collaboration tool and development platform for code review and code management. With this GitHub, the users can build applications and software, manage the projects, host the code, review the code etc.

Key Features:

• With GitHub, developers can easily document their code and can host the same from the repositories.
• GitHub’s project management tools help its users to stay aligned, co-ordinate easily and get their task done accordingly.
• Few features of GitHub that make it a useful tool are its code security, access control among the team members, integration with other tools etc.
• Few developers use GitHub for experimenting new programming languages in their personal projects.
• GitHub can be hosted on servers and on a cloud platform. It runs on Windows and Mac OS.
• GitHub is free for open source projects and public use. For developers it is charged @ $7/month, for teams @ $9/month and for organizations it is $21/month.

NetBeans[edit | edit source]

NetBeans is an open source and a free software development tool written in Java that develops world-class web, mobile, and desktop applications easily and quickly. It uses C / C++, PHP, JavaScript, Java etc.

Key Features:

• NetBeans supports cross-platform and works on any operating system like Linux, Mac OS, Solaris, and Windows etc.
• NetBeans offers features like Smart Code Editing, writing bug-free code, easy management process, and quick user interface development.
• Java applications can be easily updated to its newer editions using the code analyzers, editors and converters offered by NetBeans 8 IDE.
• Features of NetBeans IDE that made it the best tool are debugging, profiling, dedicated support from the community, powerful GUI builder, out of box working, support for Java platforms etc.
• The well-organized code in NetBeans allows its new developers to understand the structure of the application.

Bootstrap[edit | edit source]

Bootstrap is an open source and free framework for developing responsive websites and mobile-first projects using CSS, HTML, and JS. Bootstrap is widely used to design faster and simpler websites.

Key Features:

• As Bootstrap is an open source toolkit, one can customize it according to their project’s requirement.
• Bootstrap is provided with built-in components which are used in accumulating responsive websites by a smart drag and drop facility.
• Powerful features of Bootstrap like a responsive grid system, plug-ins, pre-built components, sass variables & mixins allow its users to build their applications.
• Bootstrap is a front-end web framework that is used for quick modeling of the ideas and building of the web applications.
• This tool guarantees consistency among all the developers or users working on the project.

Node.js[edit | edit source]

Node.js is an open source, cross-platform and JavaScript run-time environment that is built to design a variety of web applications and to create web servers and networking tools.

Key Features:

• Node.js applications run on Windows, Linux, Mac OS, Unix etc.
• Node.js is efficient and lightweight as it uses non-blocking and event-driven I/O model.
• Node.js is used by developers to write server-side applications in JavaScript.
• Node.js modules are used to provide rapid and well-organized solutions for developing back-end structure and integrating with the front-end platforms.
• The largest ecosystem of open source libraries is available with node.js package.
• Various IT Companies, software developers, small & large business organizations use node.js for developing web and network server applications in their projects.

Bitbucket[edit | edit source]

Bitbucket is a distributed, web-based version control system that is used for collaboration between software development teams (code and code review). It is used as a repository for source code and development projects.

Key Features:

• Useful features of Bitbucket that makes it a powerful tool are its flexible deployment models, unlimited private repositories, code collaboration on steroids etc.
• Bitbucket supports few services like code search, issue tracking, Git large file storage, bitbucket pipelines, integrations, smart mirroring etc.
• Using Bitbucket, one can organize the repositories into the projects with which they can focus easily on their goal, process or product.
• To rationalize the development process of any software it can integrate into the prevailing workflow.
• Bitbucket offers a free plan for 5 users with unlimited private repositories, standard plan @ $2/user/month for growing teams and premium plan @ $5/user/month for large teams.

CodeCharge Studio[edit | edit source]

CodeCharge Studio is the most creative and leading IDE and RAD (Rapid Application Development) that is used to create data-driven web applications or enterprise internet and intranet systems with minimal coding.

Key Features:

• CodeCharge Studio supports various platforms like Windows, Mac, Linux etc.
• Using CodeCharge Studio, one can analyze and modify the code generated to study the web technologies which are used to work with programming projects in any environment.
• It supports various Databases like MySQL, Postgre SQL, Oracle, MS Access, MS SQL etc.
• Few important features of CodeCharge Studio are Visual IDE & Code Generator, web reports, online calendar, gallery builder, flash charts, AJAX, menu builder, database-to-web converter etc.
• By using CodeCharge Studio, one can minimize the errors, reduce the development time, reduce the learning curve etc.
• CodeCharge Studio can be used for a 20-day free trial and then it can be purchased at $139.95.

CodeLobster[edit | edit source]

CodeLobster is a free as well as a convenient PHP IDE that is used to develop fully-featured web applications. It supports HTML, JavaScript, Smarty, Twig, and CSS.

Key Features:

• CodeLobster PHP Edition rationalizes & makes things easier in the development process and also supports CMS like Joomla, Magneto, Drupal, WordPress etc.
• Few important and advanced features of CodeLobster PHP IDE are PHP Debugger, PHP Advanced autocomplete, CSS code inspector, DOM elements, auto-completing of keywords etc.
• PHP Debugger facilitates the users in debugging the programs at the time of coding and before executing the code.
• CodeLobster offers its users to enjoy the file explorer facilities and browser previews.
• CodeLobster is available in 3 versions namely free version, lite version @ $39.95 and professional version @ $99.95.

Codenvy[edit | edit source]

Codenvy is a cloud development environment used for coding and debugging the applications. It can support sharing projects in real-time and can collaborate with others.

Key Features:

• As Codenvy is a cloud-based IDE there is no need for any installation and configuration of this software development tool.
• Codenvy can be integrated with Jira, Jenkins, Eclipse Che extensions and to any private toolchain.
• Codenvy can be customized in many ways using IDE extensions, Eclipse Che, commands, stacks, editors, assemblies, RESTful APIs, and server-side extension plug-ins.
• Codenvy can run on any operating system like Windows, Mac OS, and Linux. It can also run in the public or private cloud.
• Command-line installers generated by Codenvy are used for deploying in any environment.
• It is available at a free of cost up to 3 developers and for more users, it costs at $20/user/month.

AngularJS[edit | edit source]

AngularJS is an open source, structural and JavScript based framework used by web developers to design web applications in a dynamic manner.

Key Features:

• AngularJS is fully expandable and works easily with other libraries. Each feature can be replaced or edited as per the development workflow and project needs.
• AngularJS works well with data-driven applications if the site is updated regularly as per the changes in the data.
• Advanced features of AngularJS are Directives, localization, dependency injection, reusable components, form validation, deep linking, data binding etc.
• AngularJS is not a plug-in or browser extension. It is 100% client-side and works on both mobile and desktop browsers like Safari, iOS, IE, Firefox, Chrome etc.
• AngularJS offers built-in protection against basic security holes which include HTML injection attacks and cross-site scripting.

Eclipse[edit | edit source]

Eclipse is the most popular IDE that is used by Java developers in computer programming. It is used to develop applications not only in Java but also in other programming languages like C, C++, C#, PHP, ABAP etc.

Key Features:

• Eclipse is an open source group of projects, tools and collaborative working groups which play a key role in the development of new solution and innovations.
• Eclipse Software Development Kit (SDK) is a free and open source software which is used by the developers in programming as per their respective programming languages.
• Eclipse is used in creating web, desktop and cloud IDEs which in turn delivers the wide collection of add-on tools for software developers.
• Advantages of Eclipse are refactoring, code completion, syntax checking, rich client platform, error debugging, industrial level of development etc.
• One can easily integrate Eclipse with other frameworks like TestNG, JUnit, and other plug-ins.

Dreamweaver[edit | edit source]

Adobe Dreamweaver is an exclusive software program and programming editor that is used for creating simple or complex websites. It supports many markup languages like CSS, XML, HTML, and JavaScript.

Key Features:

• Dreamweaver is used across Linux and Windows operating systems including iOS devices.
• Dreamweaver CS6 provides you with a preview option with which one can look at the preview of the designed website on any desired device.
• The latest version of Dreamweaver is used to design responsive websites.
• Another version of Dreamweaver, named Dreamweaver CC combines a code editor and a design surface termed as a Live view to offer some advanced features like auto-completion of code, code collapsing, real-time syntax checking, syntax highlighting and code inspection.
• Dreamweaver offers various plans, for individuals @ $19.99/month, for business @ $29.99/month and for schools or Universities @ $ 14.99/user/month.

Crimson Editor[edit | edit source]

Crimson Editor is a freeware, lightweight text editing tool and an epic of software development tools only for Microsoft Windows which are used as HTML editor and source code editor.

Key Features:

• Crimson Editor is the specialized source code editor that offers an amazing feature of editing the score of programming languages like HTML, Perl, C / C++ and Java.
• Features of Crimson Editor include print & print preview, syntax highlighting, multi-level undo/redo, editing multiple documents, user tools & macros, editing remote files directly using built-in FTP client etc.
• Size of Crimson Editor software is also small but the loading time is fast.
• The learning curve of this software is so fast. It comes with a complete help manual which makes the navigation part easy.

Zend Studio[edit | edit source]

Zend Studio is a next-generation PHP IDE that is used for coding, debugging, prototyping and testing of mobile & web applications.

Key Features:

• Zend Studio’s 3x faster performance helps in indexing, searching, and validation of PHP code.
• Zend Studio helps in deploying PHP applications on any server that includes cloud support for Microsoft Azure and Amazon AWS.
• Debugging capabilities offered by Zend Studio are using Z-Ray integration, Zend Debugger and Xdebug.
• It supports best-in-class development tools like Docker and Git Flow.
• Zend Studio works on Windows, Mac OS, and Linux platforms.
• Zend Studio software pricing for personal use is $89.00 and for commercial use is $189.00.

Jira[edit | edit source]

Jira is the most popular software development tool that is used by agile teams for planning, tracking and releasing the software.

Key Features:

• This tool is customizable and also has some prevailing features that are used in every development phase.
• Using Jira, we can accomplish the work in progress, generate reports, backlogs etc.
• Few other important features of Jira software are Scrum boards, Kanban boards, GitHub integration, Disaster recovery, Code Integration, Portfolio Management, Sprint Planning, and Project Management etc.
• Jira works for Windows and Linux/Solaris operating systems.
• Jira software pricing in the cloud for small teams is $10/month per 10 users and for 11 – 100 users it costs $7/user/month. For a free trial, this tool is available for 7 days.

CloudForge[edit | edit source]

CloudForge is a Saas (Software as a service) product that is used for application development. It is used for collaborative application development in the cloud.

Key Features:

• CloudForge is a secured and single cloud platform that is used by developers for coding, connecting and deploying the applications.
• CloudForge elastically balances your projects, teams, and processes.
• It is used to manage and integrate various development tools.
• Features of CloudForge are Version control hosting, Bugs & issue tracking, Agile planning, Visibility & reporting, deploying code to public & private clouds, etc.
• CloudForge is available for a 30 days free trial. Standard pack for small teams is available @ $2/user/month and Professional pack for small business & enterprise groups is available @ $10/user/month.

Azure[edit | edit source]

Microsoft Azure is a cloud computing service that is used for designing, deploying, testing and managing web applications or hybrid cloud applications through Microsoft’s global network of data centers.

Key Features:

• Microsoft Azure offers various services like mobile services, data management, storage services, messaging, media services, CDN, caching, virtual network, business analytics, migrate apps & infrastructure etc.
• It supports various programming languages (.NET, Python, PHP, JavaScript etc), widest range of operating systems (Linux, Windows etc), devices and frameworks.
• Detailed pricing information is available on their website. Sample example pricing for “App Service” is Rs 0.86/hour and that too its free for the first 12 months.
• Using Azure, we can easily spot the threats and lessen them, deliver the mobile apps flawlessly, manage the apps proactively etc.

Spiralogics Application Architecture (SAA)[edit | edit source]

SAA is a cloud-based development tool that is used to define, design, customize, and publish their software applications online without any coding.

Key Features:

• Using SAA, the developers can preview the changes before issuing or deploying the applications.
• Even the users can select any pre-built application and customize them as per their requirement or can build it from scratch.
• Important features of SAA are drag & drop controls, customizing the controls, embed & built-in HTML editor, Interactive dashboard builder, predefined processes, a graphical representation of workflows & seamless integration etc.
• SAA supports various platforms like Windows, Android, Linux, iOS etc.
• SAA is available for a 30 days free trial and the paid plans start with $25/month/user for Pro Subscription and $35/month/user for Premier Subscription.

Delphi[edit | edit source]

Embarcadero Delphi is a powerful object Pascal IDE that is used to develop cross-platform Native Applications with adjustable cloud services and comprehensive IoT connectivity.

Key Features:

• Delphi is used to deliver powerful and fast native apps for Linux, Android, iOS, Mac OS, Windows, IoT, and cloud.
• Delphi is 5 times quicker in designing Hyper-Connected Apps using FireUI preview for multiple database platforms, desktops, and mobiles.
• Delphi supports RAD and its features like native cross-compilation, visual window layout, application framework, refactoring etc.
• Delphi provides an integrated debugger, source control, strong database, code editor with code completion, real-time error-checking, in-line documentation, best code quality, code collaboration etc.
• Latest versions of Delphi includes features like Quick Edit support, new VCL control, FireMonkey, installer, multi-tenancy support in RAD server etc.
• Delphi Professional Edition costs $999.00/year and Delphi Enterprise Edition costs $1999.00/year.

Zoho Creator[edit | edit source]

Zoho Creator is a low-code platform that enables rapid development and delivery of web and mobile applications and assists to Build powerful enterprise software applications 10x faster. You no longer have to write endless lines of code to build an application. It also provides key features like Artificial Intelligence, JavaScript, Cloud functions, third-party integrations, multi-language support, offline mobile access, integration with a payment gateway and more. With over 4 million users worldwide and 60+ apps, our platform enhances business productivity. Zoho Creator is featured in Gartner Magic Quadrant for Enterprise Low-Code Application Platforms (LCAP), 2019.

Features:

• Create more applications with less effort.
• Connect your business data and collaborate across teams.
• Create insightful reports.
• Gain instant access to mobile apps.
• Uncompromising security.

Verdict: Zoho Creator provides the low-code application development platform to build enterprise applications. It involves building applications with minimal coding which drastically reduces app-development time and effort.

Networking Tools[edit | edit source]

Nagios Core[edit | edit source]

Nagios Core is an absolute favorite open source tool with network administrators and developers and has a very vibrant community. Nagios is straightforward and highly scalable, which makes it an effective tool for network, application, and server monitoring in larger, enterprise-class environments. The visualization capability of Nagios is an extremely popular feature, which gives a centralized view of the entire monitored IT infrastructure.

Nagios is very powerful, scalable, and flexible. It can be scaled up to monitor up to 100,000 hosts. The cool failover capability ensures nonstop monitoring of critical IT infrastructure components. It can be easily integrated with third-party tools such as Check_mk and Vigilo NMS.for additional functionalities. Specific tools can be added for specific functionalities. Nagios provides monitoring support for protocols, applications, Internet servers, websites, links, and much more.

Flannel[edit | edit source]

Network implementation in Kubernetes is not easy. That’s precisely where the usefulness of a good tool like Flannel lies. Flannel is a layer 3 virtual network designed for Kubernetes. Each host in a Flannel network runs a binary agent called flannel. It allocates each host a subnet lease out of a larger, preconfigured address space acting as IP address pool. Containers then establish connections directly using IP addresses allocated to them. Network configuration and subnet information are stored either in the Kubernetes API or etcd. Packets are forwarded using one of several backends encapsulating mechanisms including Virtual Extensible LAN.

SolarWinds[edit | edit source]

SolarWinds has a host of open source tools. The toolkit of Solaris for Network Administrators provides the entire range of tools required for network monitoring, diagnostics, and network discovery tools. SolaReal-Time NetFlow Analyzer is excellent for troubleshooting network performance. It easily identifies users, applications, and devices that are clogging the network. SolarWinds WAN Killer tests network performance by testing network traffic and load balancing. SolarWinds TFTP Server is a multithreaded, reliable TFTP Server. SolarWinds SFTP/SCP Server is another commonly used tool from the Solaris toolkit to upload and download executable images for routers and switches.

Weave Net[edit | edit source]

Weave Net helps to create a secure, encrypted network with container-to-container access control rules, easily and quickly, be it on-premises or in the cloud. It creates a virtual network connecting Docker containers across multiple hosts and offers service discovery, policy management, and fault tolerance. It sets up subsystems that provide a distributed virtual firewall system and routes around network failures. Additionally, Weave Net can encrypt all traffic between hosts. Weave Net is known for its tolerance ability and its resilience to recover from network partitions. It is built on a decentralized architecture, and routes VXLAN packets in the kernel instead of user space, thus reducing dependency on highly available storage.

Project Calico[edit | edit source]

Calico is built on proven IP routing technology to connect containers, making it possible to scale cloud securely to heavy workloads. Calico is focused on network policy which has a micro-firewall for every workload. DevOps staff can easily define whether a connection is allowed or not. A distributed algorithm dynamically calculates and analyzes the rules required for each node in the cluster. As a result, any possible anomaly is detected well before it can cause any significant damage. Calico comes with a variety of plugins for Kubernetes, Mesos, Docker, OpenStack, and various other vendor derivatives.

Istio[edit | edit source]

Istio is a platform-independent service mesh that provides the fundamentals required to run a distributed microservice architecture. Network operators have to manage multicloud and hybrid deployments as organizations adopt cloud platforms. Istio provides a seamless, uniform way to secure and connect microservices, simplifying deployments. Developers are also free to focus on application level security. Istio is a very popular choice for self-contained microservices built on Kubernetes. For enterprise-wide control, Istio can be used with tools such as Glasnostic.

Canal[edit | edit source]

Canal is a unified networking solution to integrate the best of Flannel and Calico. It combines Calico’s fine-grained network policy capabilities with Flannel’s connectivity elements. Canal acts as a deployment tool for installing and configuring both Flannel and Calico. As developers focus on adding features to both projects, the result is literally the best of both worlds — an open source networking fabric with built-in policy management.

Angry IP Scanner[edit | edit source]

Angry IP Scanner is a very popular open-source, multithreaded IP address and port scanner used by millions — 29 million to be precise. It’s a standard tool for network administrators like Wireshark. Angry Scanner scans IP addresses and ports on local networks as well as on the internet. It first rapidly pings (hence the name) and then troubleshoots resolving hostnames, gathering MAC addresses, operating systems, etc. Output can be saved as CSV, TXT or XML. It runs on Linux, Windows, and Mac OS X.

Zabbix[edit | edit source]

Zabbix is an enterprise-class open source networking tool solution for monitoring servers, virtual machines, and cloud services. Zabbix provides monitoring for network utilization, CPU load, and storage. Simple checks are enough to review the availability and responsiveness of standard services without installing any software on the host. Users can view their IT environment using customizable dashboards in the GUI. Zabbix can be deployed for agent-based and agentless monitoring. It monitors operations on Linux, HP Unix, Mac OS X, Solaris, and other operating systems.

Wireshark / Tshark[edit | edit source]

No list of open source networking tools is complete without the mention of Wireshark, often referred to as one of the best open source networking tools. Wireshark is a network analyzer — your microscope and magnifying lens for all network troubleshooting. It has the ability to clearly inspect hundreds of protocols and can provide both live and offline analysis. Wireshark runs on multiple platforms: Windows, Linux, Solaris, BSD, and many others. Its visualization capability makes analysis easy to understand. The output of troubleshooting can be exported to multiple formats including XML, CSV, or text.

Networking used to be simple back in the day of client-server enterprise applications. However, with the advancement in software, monitoring your network has had to evolve alongside the rest of the application stack. Whether you have a mix of legacy and modern apps or are a startup that runs only cloud-native apps, networking is an important part of your applications’ success. Fortunately, there is a wide range of open source networking tools to suit every need. And the best part is that because these cutting-edge tools are open source, each has a vibrant community of users to give you support and ideas.

Network Monitoring Tools[edit | edit source]

Cacti[edit | edit source]

If you know anything about open source network monitoring tools, you've probably heard of Cacti. It's a graphing solution that acts as an addition to RRDTool and is used by many network administrators to collect performance data in LANs. Cacti comes with Simple Network Management Protocol (SNMP) support on Windows and Linux to create graphs of traffic data. Cacti typically works by using data sourced from user-created scripts that ping hosts on a network. The values returned by the scripts are stored in a MySQL database, and this data is used to generate graphs. This sounds complicated, but Cacti has templates to help speed the process along. You can also create a graph or data source template that can be used for future monitoring activity. If you'd like to try it out, download Cacti for free on Linux and Windows.

Nagios Core[edit | edit source]

Nagios Core is one of the most well-known open source monitoring tools. It provides a network monitoring experience that combines open source extensibility with a top-of-the-line user interface. With Nagios Core, you can auto-discover devices, monitor connected systems, and generate sophisticated performance graphs. Support for customization is one of the main reasons Nagios Core has become so popular. For example, Nagios V-Shell was added as a PHP web interface built in AngularJS, searchable tables and a RESTful API designed with CodeIgniter. If you need more versatility, you can check the Nagios Exchange, which features a range of add-ons that can incorporate additional features into your network monitoring. These range from the strictly cosmetic to monitoring enhancements like nagiosgraph. You can try it out by downloading Nagios Core for free.

Icinga 2[edit | edit source]

Icinga 2 is another widely used open source network monitoring tool. It builds on the groundwork laid by Nagios Core. It has a flexible RESTful API that allows you to enter your own configurations and view live performance data through the dashboard. Dashboards are customizable, so you can choose exactly what information you want to monitor in your network. Visualization is an area where Icinga 2 performs particularly well. It has native support for Graphite and InfluxDB, which can turn performance data into full-featured graphs for deeper performance analysis. Icinga2 also allows you to monitor both live and historical performance data. It offers excellent alerts capabilities for live monitoring, and you can configure it to send notifications of performance problems by email or text. You can download Icinga 2 for free for Windows, Debian, DHEL, SLES, Ubuntu, Fedora, and OpenSUSE.

Zabbix[edit | edit source]

Zabbix is another industry-leading open source network monitoring tool, used by companies from Dell to Salesforce on account of its malleable network monitoring experience. Zabbix does network, server, cloud, application, and services monitoring very well. You can track network information such as network bandwidth usage, network health, and configuration changes, and weed out problems that need to be addressed. Performance data in Zabbix is connected through SNMP, Intelligent Platform Management Interface (IPMI), and IPv6. Zabbix offers a high level of convenience compared to other open source monitoring tools. For instance, you can automatically detect devices connected to your network before using an out-of-the-box template to begin monitoring your network. You can download Zabbix for free for CentOS, Debian, Oracle Linux, Red Hat Enterprise Linux, Ubuntu, and Raspbian.

Prometheus[edit | edit source]

Prometheus is an open source network monitoring tool with a large community following. It was built specifically for monitoring time-series data. You can identify time-series data by metric name or key-value pairs. Time-series data is stored on local disks so that it's easy to access in an emergency. Prometheus' Alertmanager allows you to view notifications every time it raises an event. Alertmanager can send notifications via email, PagerDuty, or OpsGenie, and you can silence alerts if necessary. Prometheus' visual elements are excellent and allow you to switch from the browser to the template language and Grafana integration. You can also integrate various third-party data sources into Prometheus from Docker, StatsD, and JMX to customize your Prometheus experience. As a network monitoring tool, Prometheus is suitable for organizations of all sizes. The onboard integrations and the easy-to-use Alertmanager make it capable of handling any workload, regardless of its size. You can download Prometheus for free.

Application Security Tools[edit | edit source]

Andiparos[edit | edit source]

A fork of the famous Paros Proxy, an open source web application security assessment tool that gives penetration testers the ability to spider websites, analyze content, intercept, and modify requests Web: https://code.google.com/archive/p/andiparos

BackTrack[edit | edit source]

Called a Linux-based penetration testing arsenal, this distribution is configured with hundreds of security testing tools and scripts Web: http://www.backtrack-linux.org

BeEF[edit | edit source]

Penetration testing for Open Source Web: http://beefproject.com

Caja[edit | edit source]

Compiler for making third-party HTML, CSS and JavaScript safe to embed in a website. It uses an object-capability security model to allow for a wide range of flexible security policies. Web: http://developers.google.com/caja

ClamAV[edit | edit source]

Open source antivirus engine for detecting trojans, viruses, malware & other malicious threats Web: http://clamav.net

DOM Snitch[edit | edit source]

Experimental Chrome extension that enables developers and testers to identify insecure practices commonly found in client-side code. Developers and testers can observe DOM modifications as they happen inside the browser without the need to step through JavaScript code with a debugger or pause the execution of their application Web: https://code.google.com/archive/p/domsnitchdomsnitch

Ettercap[edit | edit source]

Called "a comprehensive suite for man in the middle attacks... features sniffing of live connections, content filtering on the fly and many other interesting tricks." Web: http://ettercap.github.io/ettercap

GoLismero[edit | edit source]

Free software framework for security testing. Web: http://www.golismero.com

Google hacking database (GHDB)[edit | edit source]

Described by SecTools.org as "a gold mine for security researchers and penetration testers," this site is part of The Exploit Database, "a non-profit project that is provided as a public service by Offensive Security." Web: https://www.exploit-db.com/google-hacking-database

Google application security tools[edit | edit source]

Google states that these tools "address a gap present in other open-source tools. These tools may require some minor tweaking or compilation to work on your systems." Some are included separately in this list. Web: https://www.google.com/about/appsecurity/tools

Grabber[edit | edit source]

Web application scanner which can detect many security vulnerabilities in web applications. An open source web application penetration testing tools Web: http://rgaucher.info/beta/grabber

Grendel[edit | edit source]

Scan web application security tool for finding security vulnerabilities; features are also available for manual penetration testing Web: https://sourceforge.net/projects/grendel

Gruyere[edit | edit source]

Called “a small, cheesy web application”; allows users to publish snippets of text and store assorted files. Caveat: Gruyere has multiple security bugs ranging from cross-site scripting and cross-site request forgery, to information disclosure, denial of service, and remote code execution Web: http://google-gruyere.appspot.com

Kali Linux[edit | edit source]

Linux penetration testing Web: http://kali.org

Keyczar[edit | edit source]

Open source cryptographic toolkit designed to make it easier and safer for developers to use cryptography in their applications. It supports authentication and encryption with both symmetric and asymmetric keys; designed to be an open, extensible and cross-platform compatible. Web: https://github.com/google/keyczar

Kismet[edit | edit source]

Wireless network detector, sniffer, and intrusion detection system. Kismet works predominately with Wi-Fi (IEEE 802.11) networks, but can be expanded via plug-ins to handle other network types. Web: http://kismetwireless.org

Malwarebytes[edit | edit source]

Endpoint security malware scanner for Windows. Web: http://malwarebytes.org

Metasploit[edit | edit source]

Metasploit by Rapid7 Penetration Testing Open Source Web: http://metasploit.com

ModSecurity[edit | edit source]

WAF open source Web: http://modsecurity.org

Nagios[edit | edit source]

Monitors the entire IT infrastructure to ensure systems, applications, services, and business processes are functioning properly. Web: http://nagios.org

Native Client (NaCl)[edit | edit source]

A technology for running native compiled code in the browser. NaCl aims at maintaining operating system portability and safety that people expect from web applications Web: http://developer.chrome.com/native-client

Nikto2[edit | edit source]

Web server testing tool to find known vulnerable scripts, configuration mistakes and related security problems Web: http://cirt.net/nikto2

Nmap[edit | edit source]

Penetration testing utility for network discovery and security auditing with NSE scripts that can detect vulnerabilities, misconfiguration and security related information around network services Web: http://nmap.org

NoScript[edit | edit source]

Firefox addon that provides extra protection for Firefox, Seamonkey and other mozilla-based browsers; allows JavaScript, Java, Flash and other plugins to be executed only by trusted web sites of your choice Web: http://noscript.net

OpenSSH[edit | edit source]

Secures traffic between two points by tunnelling insecure protocols through an SSH tunnel Web: http://www.openssh.com

OpenVAS[edit | edit source]

Open source vulnerability scanning suite Web: http://openvas.org

OSSEC[edit | edit source]

Host based intrusion detection system or HIDS Web: http://ossec.github.io

OWASP[edit | edit source]

A large class of open source sec testing tools is available at owasp.org Web: https://www.owasp.org/index.php/Appendix_A:_Testing_Tools

Packet Storm[edit | edit source]

Wide variety of scanner tools for vulnerability and penetration available Web: http://packetstormsecurity.org/files/tags/scanner

Paros Proxy[edit | edit source]

Testing tool for your security and vulnerability testing. Used to spider/crawl entire sites, then execute canned vulnerability scanner tests Web: http://www.testingsecurity.com/paros_proxy

Powerfuzzer[edit | edit source]

HTTP protocol based application fuzzer based on many other Open Source fuzzers Web: http://www.powerfuzzer.com

Ratproxy[edit | edit source]

Designed to overcome the problems users usually face while using other proxy tools for security audits; capable of distinguishing between CSS stylesheets and JavaScript codes Web: https://code.google.com/archive/p/ratproxy

Secunia PSI[edit | edit source]

A free computer security solution that identifies vulnerabilities in applications on private PCs Web: http://learn.flexerasoftware.com/SVM-EVAL-Personal-Software-Inspector

Security Onion[edit | edit source]

Linux distribution for intrusion detection, network security monitoring, and log management Web: http://blog.securityonion.net

Skipfish[edit | edit source]

Active web application security reconnaissance tool. It prepares an interactive sitemap for a site by carrying out a recursive crawl and dictionary tools. Written in C with a custom HTTP stack, it is high performance, easy to use and reliable Web: https://code.google.com/archive/p/skipfish

Snort[edit | edit source]

Open-source, free and lightweight network intrusion detection system (NIDS) for UNIX derivatives and Windows Web: http://snort.org

SonarQube[edit | edit source]

SonarQube™ software (previously known as “Sonar”) is an open platform to manage code quality. As such, it covers the 7 axes of code quality. Web: https://github.com/SonarSource/sonarqube

SQLMap[edit | edit source]

Penetration testing tool, automates the process of finding and exploiting SQL injection vulnerability in a website’s database Web: http://sqlmap.org

Tcpdump[edit | edit source]

Called "a powerful command-line packet analyzer" on its website, this tool is still used by many as an alternative to the more resource-intensive Wireshark Web: http://tcpdump.org

Vega[edit | edit source]

Web vulnerability scanner and testing platform; SQL injection, cross-site scripting, etc. Web: https://subgraph.com/vega

W3AF[edit | edit source]

SQL injection, cross-site scripting detection tool Web: http://w3af.org

Wapiti[edit | edit source]

Web vulnerability scanner which lets you audit the security of your web applications. It performs black-box testing by scanning web pages and injecting data Web: http://wapiti.sourceforge.net

Watcher[edit | edit source]

A Fiddler addon to assist penetration testers in passively finding Web app vulnerabilities Web: http://websecuritytool.codeplex.com

WATOBO[edit | edit source]

Perform efficient (semi-automated) web application security audits Web: http://watobo.sourceforge.net/index.html

WebScarab[edit | edit source]

Java-based security framework for analyzing web applications using HTTP or HTTPS protocol. Written in Java, portable to many platforms; offers several modes of operation, implemented by a number of plugins. In its most common usage, WebScarab operates as an intercepting proxy Web: http://www.owasp.org/index.php/Category:OWASP_WebScarab_Project

Wfuzz[edit | edit source]

A freely available open source tool for web application penetration testing. It can be used to brute force GET and POST parameters for testing against various kinds of injections like SQL, XSS, LDAP, and many others Web: http://code.google.com/p/wfuzz

SensePost[edit | edit source]

Vulnerability tools for devices, networks, and apps. Tools include autoDANE, reGeorg, Jack, and the SensePost Maltego Toolset Web: http://sensepost.com

Wireshark[edit | edit source]

Wireshark Penetration Testing and Packet-level Monitoring Open Source; view traffic in as much detail as you want; follow network streams and find problems Web: http://wireshark.org

Zed Attack Proxy[edit | edit source]

Also known as Zap. Open source, intercepting proxy which is fork and update of the badly out of date Paros Proxy. Fairly powerful for manual testing, and contains some automated testing features. Web: https://www.owasp.org

Cloud Security Tools[edit | edit source]

Osquery[edit | edit source]

Osquery is a low-level operating system analytics and monitoring tool that enables security engineers to perform sophisticated analysis with SQL. Available for Linux, macOS, Windows, and FreeBSD, this framework exposes an operating system as a high-performance relational database. This exposition allows engineers to write SQL-based queries to explore operating system attributes such as running processes, loaded kernel modules, open network connections, browser plugins, hardware events or file hashes. Created by Facebook, the framework was open-sourced in 2014 after the company realized that the issue of maintaining insight into the low-level behavior of operating systems is not a problem that is unique to Facebook. Since then, it has been used and appreciated by engineers and developers from Dactiv, Google, Kolide, Trail of Bits, Uptycs, and other companies. Recently, the osquery Foundation was also welcomed into the Linux Foundation. Osquery’s host monitoring daemon, osqueryd lets you schedule queries to be executed across your entire infrastructure. The daemon aggregates queries and generates logs that indicate state changes in your infrastructure which can help you maintain insight into security especially useful for anomaly detection. You can use osquery's log aggregation capabilities to easily catch known and unknown malware as well as pinpoint when the attack occurred and what was installed. Read more about anomaly detection using Osquery here.

GoAudit[edit | edit source]

The Linux Audit system consists of two major components. The first component is some kernel code to hook and monitor syscalls. The second component is a userspace daemon, auditd responsible for writing audit records to the disk. GoAudit, written by Slack and released in 2016, is a replacement for auditd which provides better logging by converting auditd’s multiline events into a single JSON blob for easy analysis. With GoAudit, you can directly speak to the kernel via netlink. You can also do minimal (or zero) filtering of events on the hosts themselves. Not just for security, GoAudit developers designed it as a general-purpose tool - for operations or development teams to help debug problems at scale. Go-audit is written in Golang that is type-safe and performant. When installing, make sure your golang version is above 1.7

Grapl[edit | edit source]

Open-sourced last year in March, Grapl is a, relatively new, Graph Analytics Platform for detection, forensics, and incident response. Attackers often work with graphs - they land on a box and start traversing the network. This makes it natural for defenders to also adopt a graph-based mechanism that understands the scope of the trust relationships within their network. Grapl is an attempt to explore Detection and Response given a graph primitive instead of a log primitive. Grapl consumes security-relevant logs (Sysmon logs or a generic JSON log format), converts them into subgraphs (determining the ‘identity’ for each node), and then merges these subgraphs into a Master Graph that represents the actions across your environments. Grapl then executes Analyzers, the ‘attacker signatures’ for Grapl, against the graph to find anomalies and suspicious patterns. When analyzers detect a scary subgraph, Grapl will generate an Engagement construct for performing investigations. Engagement is a Python class that you can load up in an AWS hosted Jupyter Notebook. Grapl can also scope engagement through graph expansion.

OSSEC[edit | edit source]

Founded in 2004, OSSEC is an open-source, host-based intrusion detection software that is basically a security monitoring platform. With more than 500,000 downloads a year, it is primarily used as a server intrusion detection system — both on-premise and in the cloud. It is also commonly used as a log analysis tool for monitoring and analyzing firewalls, IDSs, web servers, and authentication logs. It combines HIDS monitoring features with Security Incident Management (SIM)/Security Information and Event Management (SIEM). OSSEC can also perform real-time file integrity monitoring, Windows registry monitoring, rootkit detection, real-time alerting, and active response. OSSEC is multi-platform, running on Microsoft Windows, and most modern Unix-like systems including Linux, FreeBSD, OpenBSD, and Solaris. The software consists of a central manager for monitoring and receiving information from agents (a small program installed on the systems to be monitored). The OSSEC manager is installed on the Linux system which stores the file integrity checking databases, logs, events, and system auditing entries. The OSSEC project is currently maintained by Atomicorp who oversees the free and open-source version and also offers an enhanced commercial version. Listen to this Linux Security Podcast where Scott Shinn, OSSEC project manager discusses the latest update - OSSEC 3.0, history of the project, and how it differs from commercial security software currently in use.

Suricata[edit | edit source]

Suricata is an essential open-source security project that acts as an intrusion detection system, intrusion prevention system, and network security monitoring tool. First introduced in 2009, Suricata is rules-based, meaning you can specify a simple definition to specify unique characteristics of network traffic. When these conditions are met, it triggers an alert and the communication is blocked or dropped based on the rule requirements. Suricata also has multithreading so more rules could be processed on the same hardware for networks that have large traffic volumes. With multithreading, commodity hardware can achieve 10-gigabit speeds without sacrificing ruleset coverage. It also supports hashing and file extraction.* Suricata can be configured to run both on bare metal and virtual machines within AWS using the newly introduced traffic-mirroring feature. More on this in a later blog post!

• Suricata provides Lua scripting support using which you can create complex and detailed signature detection logic for detecting complex threats.
• The Suricata project and code are owned and supported by the Open Information Security Foundation (OISF).

Zeek/Bro[edit | edit source]

Like Suricata, Zeek or Bro (Bro was renamed Zeek at BroCon 2018) is also an intrusion detection system and a network monitoring tool that can identify behavior anomalies, such as suspicious or threat activity. Zeek is different from traditional IDS in the sense that unlike rules-based engines that detect exceptions, Zeek also captures metadata about activity on a network to better understand the context of the network behavior. You can, for example, look at protocols, at headers and domain names in an HTTP call or in certificates. As a networking monitoring tool, Zeek provides forensic examination which means it lets you look back at what happened before or during an incident. It also converts data about network traffic into higher-level events and provides a script interpreter. This interpreter is essentially a programming language used to interact with events and understand what those events mean in terms of network security. The Zeek programming language can be used to customize the interpretation of metadata to the specific needs of an organization. It can build out complex logical conditions using AND, OR and NOT operators, which allow the users to customize the analysis to their environment. Although, compared to Suricata, Zeek can be fairly complex when it comes to threat intelligence.

Panther[edit | edit source]

Panther is a powerful, cloud-native, continuous security monitoring platform, recently open-sourced. It was founded by the core architect of Stream Alert, a solution for automated log analysis open-sourced by Airbnb. Panther provides a single pane for centralizing detection and response in all environments that scales with the business. Detections are transparent and deterministic rules in order to reduce false positives and alert fatigue. Panther's core features include:

• Unauthorized Access detection: Analyze logs to identify unauthorized access into systems
• Threat Hunting: Quickly search logs for matches against indicators of compromise with Panther's standardized data fields
• Compliance: Use built-in detections as controls for SOC/PCI/HIPAA compliance
• Secure Your Cloud Resources: Automatically fix misconfigurations that could cause severe damage if exploited
• Panther is deployed within your own AWS Cloud with AWS Cloud Formation. This ensures that data is always within your control

Python libraries[edit | edit source]

Scikit-learn[edit | edit source]

It is a free software machine learning library for the Python programming language and can be effectively used for a variety of applications which include classification, regression, clustering, model selection, naive Bayes’, grade boosting, K-means, and preprocessing. Scikit-learn requires the following python libraries:

• Python (>= 2.7 or >= 3.3),
• NumPy (>= 1.8.2),
• SciPy (>= 0.13.3).

Spotify uses Scikit-learn for its music recommendations and Evernote for building their classifiers. If you already have a working installation of numpy and scipy, the easiest way to install scikit-learn is using pip.

NuPIC[edit | edit source]

The Numenta Platform for Intelligent Computing (NuPIC) is a platform which aims to implement an HTM learning algorithm and make them public source as well. It is the foundation for future machine learning algorithms based on the biology of the neocortex.

Ramp[edit | edit source]

It is a Python library which is used for rapid prototyping of machine learning models. Ramp provides a simple, declarative syntax for exploring features, algorithms, and transformations. It is a lightweight pandas-based machine learning framework and can be used seamlessly with existing python machine learning and statistics tools.

NumPy[edit | edit source]

When it comes to scientific computing, NumPy is one of the fundamental packages for Python providing support for large multidimensional arrays and matrices along with a collection of high-level mathematical functions to execute these functions swiftly. NumPy relies on BLAS and LAPACK for efficient linear algebra computations. NumPy can also be used as an efficient multi-dimensional container of generic data.

Pipenv[edit | edit source]

The officially recommended tool for Python in 2017 – Pipenv is a production-ready tool that aims to bring the best of all packaging worlds to the Python world. The cardinal purpose is to provide users with a working environment which is easy to set up. Pipenv, the “Python Development Workflow for Humans” was created by Kenneth Reitz for managing package discrepancies..

TensorFlow[edit | edit source]

The most popular deep learning framework, TensorFlow is an open-source software library for high-performance numerical computation. It is an iconic math library and is also used for machine learning and deep learning algorithms. Tensorflow was developed by the researchers at the Google Brain team within Google AI organisation, and today it is being used by researchers for machine learning algorithms, and by physicists for complex mathematical computations. The following operating systems support TensorFlow: macOS 10.12.6 (Sierra) or later; Ubuntu 16.04 or later; Windows 7 or above; Raspbian 9.0 or later.

Bob[edit | edit source]

Developed at Idiap Research Institute in Switzerland, Bob is a free signal processing and machine learning toolbox. The toolbox is written in a mix of Python and C++. From image recognition to image and video processing using machine learning algorithms, a large number of packages are available in Bob to make all of this happen with great efficiency in a short time.

PyTorch[edit | edit source]

Introduced by Facebook in 2017, PyTorch is a Python package which gives the user a blend of 2 high-level features – Tensor computation (like NumPy) with strong GPU acceleration and developing Deep Neural Networks on a tape-based auto diff system. PyTorch provides a great platform to execute Deep Learning models with increased flexibility and speed built to be integrated deeply with Python.

PyBrain[edit | edit source]

PyBrain contains algorithms for neural networks that can be used by entry-level students yet can be used for state-of-the-art research. The goal is to offer simple, flexible yet sophisticated and powerful algorithms for machine learning with many pre-determined environments to test and compare your algorithms. Researchers, students, developers, lecturers, you and me – we can all use PyBrain.

MILK[edit | edit source]

This machine learning toolkit in Python focuses on supervised classification with a gamut of classifiers available: SVM, k-NN, random forests, decision trees. A range of combination of these classifiers gives different classification systems. For unsupervised learning, one can use k-means clustering and affinity propagation. There is a strong emphasis on speed and low memory usage. Therefore, most of the performance-sensitive code is in C++. Read more about it here.

Keras[edit | edit source]

It is an open-source neural network library written in Python designed to enable fast experimentation with deep neural networks. With deep learning becoming ubiquitous, Keras becomes the ideal choice as it is API designed for humans and not machines according to the creators. With over 200,000 users as of November 2017, Keras has stronger adoption in both the industry and the research community even over TensorFlow or Theano. Before installing Keras, it is advised to install TensorFlow backend engine.

Dash[edit | edit source]

From exploring data to monitoring your experiments, Dash is like the frontend to the analytical Python backend. This productive Python framework is ideal for data visualization apps particularly suited for every Python user. The ease which we experience is a result of extensive and exhaustive effort.

Pandas[edit | edit source]

It is an open-source, BSD licensed library. Pandas enable the provision of easy data structure and quicker data analysis for Python. For operations like data analysis and modelling, Pandas makes it possible to carry these out without needing to switch to more domain-specific language like R. The best way to install Pandas is by Conda installation.

Scipy[edit | edit source]

This is yet another open-source software used for scientific computing in Python. Apart from that, Scipy is also used for Data Computation, productivity, and high-performance computing and quality assurance. The various installation packages can be found here. The core Scipy packages are Numpy, SciPy library, Matplotlib, IPython, Sympy, and Pandas.

Matplotlib[edit | edit source]

All the libraries that we have discussed are capable of a gamut of numeric operations but when it comes to dimensional plotting, Matplotlib steals the show. This open-source library in Python is widely used for publication of quality figures in a variety of hard copy formats and interactive environments across platforms. You can design charts, graphs, pie charts, scatterplots, histograms, error charts, etc. with just a few lines of code.

Theano[edit | edit source]

This open-source library enables you to define, optimize, and evaluate mathematical expressions involving multi-dimensional arrays efficiently. For a humongous volume of data, handcrafted C codes become slower. Theano enables swift implementations of code. Theano can recognise unstable expressions and yet compute them with stable algorithms which gives it an upper hand over NumPy. The closest Python package to Theano is Sympy. So let us talk about it.

SymPy[edit | edit source]

For all the symbolic mathematics, SymPy is the answer. This Python library for symbolic mathematics is an effective aid for computer algebra system (CAS) while keeping the code as simple as possible to be comprehensible and easily extensible. SimPy is written in Python only and can be embedded in other applications and extended with custom functions. You can find the source code on GitHub.

Caffe2[edit | edit source]

The new boy in town – Caffe2 is a Lightweight, Modular, and Scalable Deep Learning Framework. It aims to provide an easy and straightforward way for you to experiment with deep learning. Thanks to Python and C++ API’s in Caffe2, we can create our prototype now and optimize later. You can get started with Caffe2.

Seaborn[edit | edit source]

When it comes to visualisation of statistical models like heat maps, Seaborn is among the reliable sources. This Python library is derived from Matplotlib and closely integrated with Pandas data structures. Visit the installation page to see how this package can be installed.

Hebel[edit | edit source]

This Python library is a tool for deep learning with neural networks using GPU acceleration with CUDA through pyCUDA. Right now, Hebel implements feed-forward neural networks for classification and regression on one or multiple tasks. Other models such as Autoencoder, Convolutional neural nets, and Restricted Boltzman machines are planned for the future.

Chainer[edit | edit source]

A competitor to Hebel, this Python package aims at increasing the flexibility of deep learning models. The three key focus areas of chainer include:* Transportation system: The makers of Chainer have consistently shown an inclination towards automatic driving cars and they have been in talks with Toyota Motors about the same.

• Manufacturing industry: From object recognition to optimization, Chainer has been used effectively for robotics and several machine learning tools.
• Bio-health care: To deal with the severity of cancer, the makers of Chainer have invested in research of various medical images for early diagnosis of cancer cells.

OpenCV Python[edit | edit source]

Open Source Computer Vision or OpenCV is used for image processing. It is a Python package that monitors overall functions focused on instant computer vision. OpenCV provides several inbuilt functions, with the help of this you can learn Computer Vision. It allows both read and write images at the same time. Objects such as faces, trees, etc., can be diagnosed in any video or image. It is compatible with Windows, OS-X, and other operating systems.

Theano[edit | edit source]

Along with being a Python Library, Theano is also an optimizing compiler. It is used for analyzing, describing, and optimising different mathematical declarations at the same time. It makes use of multi-dimensional arrays, ensuring that we don’t have to worry about the perfection of our projects. Theano works well with GPUs and has an interface quite similar to Numpy. The library makes computation 140x faster and can be used to detect and analyze any harmful bugs.

NLTK[edit | edit source]

Natural Language toolkit or NLTK is said to be one among the popular Python NLP Libraries. It contains a set of processing libraries that provide processing solutions for numerical and symbolic language processing in English only. The toolkit comes with a dynamic discussion forum that allows you to discuss and bring up any issues relating to NLTK.

SQLAlchemy[edit | edit source]

SQLAcademy is a Database abstraction library for Python that comes with astounding support for a range of databases and layouts. It provides consistent patterns, is easy to understand and can be used by beginners too. It improves the speed of communication between Python language and databases, and supports most platforms such as Python 2.5, Jython, and Pypy. Using SQLAcademy, you can develop database schemes from scratch.

Bokeh[edit | edit source]

A Data Visualisation library for Python, Bokeh allows interactive visualisation. It makes use of HTML and Javascript to provide graphics, making it reliable for contributing web-based applications. It is highly flexible and allows you to convert visualisation written in other libraries such as ggplot or matplotlib. Bokeh makes use of straight-forward commands to create composite statistical scenarios.

Open Source Python Libraries for Data Science[edit | edit source]

Scrapy[edit | edit source]

It is a collaborative framework for extracting the data that is required from websites. It is a quite simple and fast tool.

BeautifulSoup[edit | edit source]

This is another popular library that is used in Python for extracting or collecting information from websites i.e. it is used for web-scraping.

StatsModels[edit | edit source]

As the name suggests, Statsmodels is a Python library that provides many opportunities, such as statistical model analysis and estimation, performing statistical tests, etc. It has a function for statistical analysis to achieve high-performance outcomes while processing large statistical data sets.

XGBoost[edit | edit source]

This library is implemented in machine learning algorithms under the Gradient Boosting framework. It provides high-performance implementation of gradient boosted decision trees. XGBoost is portable, flexible, and efficient. It provides highly optimised, scalable and fast implementations of gradient boosting.

Plotly[edit | edit source]

This library is used for plotting graphs easily. This works very well in interactive web applications. With this, we can make different types of basic charts like line, pie, scatter, heat maps, polar plots and so on. Whatever visualisation we can think of, we can easily plot a graph of it using Plotly.

Pydot[edit | edit source]

Pydot is used for generating complex oriented and non-oriented graphs. It is specially used while developing algorithms based on neural networks and decision trees.

Gensim[edit | edit source]

It is a Python library for topic modelling, document indexing, which means it is able to extract the underlying topics from a large volume of text. It can handle large text files without loading the entire file in memory.

PyOD[edit | edit source]

As the name suggests, it is a Python toolkit for detecting outliers in multivariate data. It provides access to a wide range of outlier detection algorithms. Outlier detection, also known as anomaly detection, refers to the identification of rare items, events or observations which differ from the general distribution of a population.