Docs · Reference

Security Tools

Nexus Desktop bundles 25+ security tools behind one clean, VS Code–style workspace. Each tool wraps a battle-tested engine (Nmap, Nuclei, sslyze, Trivy, Prowler …) with sanitized inputs, a live terminal and exportable reports. This page is the full catalogue — what every tool does and how to run it.

Safe & honest by design. Every tool has a realistic demo fallback, so you can walk the full workflow before installing the underlying CLI. All target/URL/port/file inputs are sanitized and subprocesses run without shell=True (no command injection). Offensive tools are gated by the Scope Guard and the first-run ethical-use agreement — they only run against targets you own or have marked authorized.

How to run a tool

Pick a module

Open Nexus Desktop and choose a tool from the left sidebar. Each module is a focused workspace with its own inputs, options and results.

Set the target & options

Enter the target (host, URL, file or interface) and pick a mode/profile. Inputs are validated before anything runs.

Run & read the results

Click Run. Output streams into the live terminal; structured findings appear in the results pane and feed the Security Score, History and the PDF/HTML Report Generator.

Desktop + Fleet are complementary. These desktop tools are for hands-on, point-in-time assessment from one workstation. For always-on monitoring across many endpoints, pair them with the Fleet and the SecOps SOC layer — findings from tools like the Cloud Config Checker can flow straight into the SecOps pillars.

Recon & Scan

Map the attack surface — what hosts, ports, services, subdomains and assets exist.

Port Scanner (Nmap) — TCP/UDP/ICMP scanning with 7 ready-made modes: quick, standard, os (OS detection), full, vuln, stealth (SYN) and udp. Start with quick, escalate to full/vuln on hosts of interest.
Network Scanner (tshark) — live packet capture with per-interface selection, traffic statistics and .pcap export for offline analysis.
Network Mapper (Nmap host discovery) — enumerates live hosts and renders an interactive Cytoscape topology graph so you can see the network at a glance.
DNS / Subdomain Recon — pure-Python subdomain enumeration and DNS resolution (no external tool required), with a built-in prefix list plus your own wordlist.
Directory Fuzzer — discovers hidden web paths and parameters with ffuf/gobuster, falling back to a concurrent pure-Python fuzzer when neither is installed.
Asset Inventory — aggregates IP/MAC/hostname/OS/open-port data from your scans into a searchable SQLite inventory so nothing gets lost between sessions.

Port Scanner · quick mode

$ port_scan 192.168.1.0/24 --mode quick
22/tcp   open  ssh
80/tcp   open  http
443/tcp  open  https
3306/tcp open  mysql   ← exposed DB, review firewall

Web & API

Probe web apps, APIs, TLS and container images for known weaknesses.

Vulnerability Scanner — combines Nikto, Nuclei CVE templates and Gobuster for broad web vulnerability coverage with severity-ranked findings.
SSL/TLS Auditor (sslyze) — checks supported protocols, weak ciphers, and certificate validity/expiry; flags downgrade and deprecated-protocol risks.
API Tester — fuzzes API endpoints with ffuf and performs GraphQL introspection to surface undocumented or unauthenticated operations.
Container Scanner (Trivy) — scans container images against the Trivy vulnerability database for OS and dependency CVEs before you ship.

Offensive (authorized only)

Authorization required. These tools are powerful. They are protected by Scope Guard — attack-simulation runs only against targets you have explicitly marked authorized — and by the ethical-use agreement. Using them on systems you do not own or are not permitted to test is illegal.

Password Auditor — online brute-force with Hydra, offline cracking with Hashcat, and automatic hash-type detection so you test credential strength against the right algorithm.
Hash Tools — identify a hash and run dictionary cracking (pure-Python hashlib with hashcat/john fallback).
Exploit Lookup — read-only searchsploit wrapper that references Exploit-DB entries matching your findings (it looks up, it does not launch).
Attack Simulation — authorized drills (brute-force, directory fuzzing, DoS, MITM, privesc checks), each scope-guarded so it cannot fire at anything outside your authorized list.
Reverse Shell / Listener — a socket listener plus payload generator for authorized red-team exercises and lab work.
Wireless Auditor (aircrack-ng) — Wi-Fi/wireless auditing with monitor-mode detection.

Cloud & Container

Assess cloud posture and container supply chain.

Cloud Config Checker (Prowler) — audits AWS/GCP/Azure account configuration against security best practices. Findings can flow into the SecOps Cloud (CSPM) pillar for continuous posture scoring.
Container Scanner (Trivy) — see Web & API above; equally at home in your container pipeline.

Analysis

Turn raw output into understanding and track change over time.

Log Analyzer — parses logs and detects SSH brute-force, SQL injection, directory traversal and privilege-escalation patterns out of the box.
Scan Diff — compares two scan sessions to highlight newly opened/closed ports, changed service versions and vulnerabilities that were fixed (or appeared).
Security Score — a single 0–100 posture score built from five factors: network exposure, vulnerabilities, SSL/TLS, password policy and hardening. Watch it climb as you remediate.

Defense & Hardening

Move from finding problems to fixing them.

Defense Monitor — host hardening audit: firewall rules, open ports, SSH config, a Lynis audit, SUID finder and password-policy checks.
Firewall Advisor — turns open-port findings into copy-paste ufw/iptables/netsh rules that close what you don't need.
Patch Advisor — consolidates vulnerability findings per component into a severity-ordered update list, so you patch what matters first.
IDS Monitor — lightweight passive intrusion detection powered by Suricata, with alerting on suspicious traffic.
Portable WAF — a drop-in reverse-proxy web application firewall: rule-based blocking for SQLi/XSS/path-traversal/command-injection, rate limiting, virtual-host config and TLS termination.

Reporting

The Report Generator exports any results as a polished PDF/HTML report, and History keeps every past run so you can prove progress to a client or auditor.

Awareness

Human Element — run phishing-awareness campaigns, track quiz attempts and drill results, and measure your team's human-risk over time. It is SQLite-backed and shows real data only. By design it does not send real phishing emails — awareness and measurement, not deception.

Utilities

Scheduler — run recurring scans on a cron-style schedule so monitoring keeps going without you.
Wordlist Manager — download and manage SecLists wordlists used by the fuzzers and auditors.

Tip: start broad, then go deep. A good first pass is Port Scanner (quick) → Vulnerability Scanner → SSL/TLS Auditor → Security Score. Fix the top findings with Firewall Advisorand Patch Advisor, then re-run and use Scan Diff to confirm the score went up.

PreviousAsk Nexus (local AI)Next Port Scanner