McAfee Free Tools

McAfee is committed to your security and provides an assortment of free McAfee tools to help in your software development. Simply select a tool and download it for free. For more details, read the McAfee Software Free Tools End User License Agreement.

The following tools are often used for penetration testing and digital forensics. As such, they may be categorized as hack tools, unwanted programs, or even malware by certain security programs. Please note that these tools do not perform any function other than what is detailed in their descriptions and do not contain malware.

Anti-Malware Tools


McAfee GetSusp is intended for users who suspect undetected malware on their computer.

Real Protect (BETA)

Real Protect BETA is a real-time behavior detection technology that monitors suspicious activity on an endpoint. Raptor leverages machine learning and automated, behavioral-based classification in the cloud to detect zero-day malware in real time.


McAfee Rootkit Remover is a stand-alone utility used to detect and remove complex rootkits and associated malware.


McAfee Stinger detects and removes prevalent Fake Alert malware and threats identified in the "List Viruses" section of the Stinger application.

Assessment Utilities

CredDigger v2.1

Foundstone CredDigger™ is a tool that attempts to gather data to assist with penetration testing on a corporate network.

Fpipe v2.1

FPipe v2.1 - Port redirector.

FSCrack v1.0.1

GUI for John the Ripper.

Night Dragon Vulnerability Detection Tool

Free utility that helps identify systems affected by the "Night Dragon" malware.

Proxbrute v0.3

ProxBrute is a custom firmware written for the proxmark3. It extends the currently available firmware (revision 465) to support brute force attacks against proximity card access control systems.

ShareScan v1.0.0.2

ShareScan is a free utility that enables IT security personnel to identify open Windows file shares available on the internal network.

TesserCap v1.0

Foundstone’s TesserCap is a GUI based, highly flexible, interactive, point and shoot CAPTCHA analysis tool.

VIDigger v1.0

Check the configuration of ESX server and the virtual machines hosted on ESX server against the VMware Infrastructure Hardening guide and other best practices.

Forensic Tools

BinText 3.03

Finds Ascii, Unicode and Resource strings in a file.

DumpAutoComplete v0.7

Dump Firefox AutoComplete files into XML.

Forensic Toolkit v2.0

Tools to help examine NTFS for unauthorized activity.

Galleta v1.0

A Internet Explorer Cookie Forensic Analysis Tool.

NTLast v3.0

Security audit tool for Windows NT.

Pasco v1.0

An Internet Explorer activity forensic analysis tool.

PatchIt v2.0

A binary file byte-patching program.

Rifiuti v1.0

A Recycle Bin Forensic Analysis Tool.

ShoWin v2.0

Show information about Windows, reveal passwords, and more.

Vision v1.0

Reports all open TCP and UDP ports and maps them to the owning process or application.

Foundstone SASS Tools

.NETMon v1.0

The .NETMon tool monitors the .NET common language runtime enabling developers to conduct detailed analysis.

.NET Security Toolkit v1.0

The Foundstone SASS (Software Application Security Services) .NET Security Toolkit is designed to help application developers and architects to build secure and reliable .NET software applications.

CodeScout v1.0

Foundstone CodeScout™ is a free tool developed by Foundstone to help application developers and code reviewers validate adherence to coding best practices and determine the complexity and scope of a code base.

CookieDigger v1.0

CookieDigger helps identify weak cookie generation and insecure implementations of session management by web applications.

HackPack v1.0

Foundstone HackPack™ is a tool designed to aid security professionals in keeping up with changes and updates to security software. The tool offers a simple interface to a large variety of security tools.

Hacme Bank - Android v1.0

Hacme Bank™ Android is designed to teach mobile application developers, programmers, architects and security professionals how to create secure software and evaluate their own software to identify vulnerabilities.

Hacme Bank v2.0

Hacme Bank™ is designed to teach application developers, programmers, architects and security professionals how to create secure software.

Hacme Books

Foundstone Hacme Books is a learning platform for secure software development.

Hacme Casino v1.0

Foundstone Hacme Casino™ is a learning platform for secure software development.

Hacme Shipping

Hacme Shipping is a web-based shipping application developed to demonstrate common web application hacking techniques.

Hacme Travel

Hacme Travel is designed to create secure software.

Hash Calculator v1.0

Foundstone Hash Calculator is a Fiddler Extension that allows you to calculate hashes for input strings.


JMSDigger is an open source and GUI based tool from Foundstone used for penetration testing ActiveMQ based JMS Applications

Oyedata v1.0

Foundstone's Oyedata is an intuitive GUI based tool to analyze and perform black-box security testing on OData implementations.

SecureUML Template v1.0

The SecureUML Visio template defines a custom Unified Modeling Language (UML).

SiteDigger v3.0

SiteDigger 3.0 searches Google’s cache to look for vulnerabilities, errors, configuration issues, proprietary information, and interesting security nuggets on websites.

SiteScope v1.0

Foundstone’s SiteScope creates a site map and gathers metrics for a given web-based application.

Socket Security Auditor v1.0

Foundstone Socket Security Auditor identifies the insecurely bound sockets on the local system preventing hackers from stealing valuable information.

SSLDigger v1.02

SSLDigger v1.02 is a tool to assess the strength of SSL servers by testing the ciphers supported.


SSLSmart is a highly flexible and interactive tool aimed at improving efficiency and reducing false positives during SSL testing.

Validator.NET v1.0

Validator.NET helps eliminate common vulnerabilities such as SQL Injection and Cross-Site Scripting.


WSDigger v1.0 - Web services testing framework.

Intrusion Detection Tools

Attacker v3.0

Attacker v3.0 - A TCP/UDP port listener.


FileWatch v1.0 - A file change monitor. Used with BlackICE Defender.


FPort v2.0 - Identify unknown open ports and their associated applications.


IPv4Trace v1.0 - A Win32 C++ programming library port of the OpenBSD 2.8 kernel-land IPv4 fragment reassembly implementation.

Scanning Tools


A scanner for the infamous Back Orifice program.


Cisco IOS IPv4 Remote Denial of Service Vulnerability Detection Utility.

Conficker Detection

Conficker Detection vulnerability in Microsoft Windows Server Service.

CSniffer v1.0.0.3

Scan your infrastructure to discover if you have unencrypted Perforce passwords which could be stolen and used to penetrate your source code library.


A network admin utility for remotely detecting the most common DDoS programs.


DIRE (Detecting Insecurely Registered Executables)


LSASS scanner.


A handy integrated tool environment for website and file analysis.

MessengerScan v1.05

Quickly and accurately identify Microsoft operating systems that are vulnerable to the messenger service buffer overflow released in the MS03-043 bulletin.

MS05-039 Scan

Microsoft UPnP MS05-039 Vulnerability Detection Utility.

MS05-051 Scan

Vulnerabilities in MSDTC and COM+ Could Allow Remote Code Execution.


Mydoom worm scanner.


Remote Task Scheduler scanner.

Network Discovery for Microsoft SharePoint

Automate the search for Microsoft SharePoint servers running on your network.


Microsoft RPC(MS03-026) and RPCSS(MS03-039) Vulnerability Detection Utility.


Command line port scanner.


SNMP Detection Utility.


Powerful TCP port scanner, pinger, resolver.

SuperScan v3.0

Powerful TCP port scanner, pinger, resolver.


Traceroute and Whois program.

Spam Submission

McAfee Customer Submission Tool 2.3

Quickly and easily submit missed spam samples and misidentified spam to McAfee Labs.

McAfee Spam Submission Tool 1.0 for Windows NT/9x

Quickly and easily submit missed spam samples and misidentified spam to McAfee Labs.

Stress Testing Tools


A small, quick TCP service stress test tool.


A scriptable, server stress testing tool.


UDP packet sender utility.



Consisting of 36 sectors that are read from tracks 80 and 81 of a BOOT sector infected 1.44M diskette.


Allows transporting diskette images over the network.


Captures possible boot sector viruses.