McAfee Free Tools

McAfee is committed to your security and provides an assortment of free McAfee tools to help in your software development. Simply select a tool and download it for free. For more details, read the McAfee Software Free Tools End User License Agreement.

The following tools are often used for penetration testing and digital forensics. As such, they may be categorized as hack tools, unwanted programs, or even malware by certain security programs. Please note that these tools do not perform any function other than what is detailed in their descriptions and do not contain malware.

Anti-Malware Tools

  • GetSusp

    McAfee GetSusp is intended for users who suspect undetected malware on their computer.

  • Ransomware Interceptor (Pilot)

    Interceptor is an Anti-Ransomware tool. Interceptor is an early detection tool that prevents file encryption attempts by ransomware malware. This tool leverages heuristics and machine learning to identify such malware.

  • RootkitRemover

    McAfee Rootkit Remover is a stand-alone utility used to detect and remove complex rootkits and associated malware.

  • Stinger

    McAfee Stinger detects and removes prevalent Fake Alert malware and threats identified in the "List Viruses" section of the Stinger application.

  • Tesladecrypt

    Tesladecrypt will decrypt TeslaCrypt encrypted files with the following extensions: .mp3, .micro, .xxx, and .ttt.

Assessment Utilities

  • CredDigger v2.1

    Foundstone CredDigger™ is a tool that attempts to gather data to assist with penetration testing on a corporate network.

  • Fpipe v2.1

    FPipe is a source port forwarder/redirector. It can create a TCP or UDP stream with a source port of your choice.

  • FSCrack v1.0.1

    FSCrack is a front end for John the Ripper (JtR) that provides a graphical user interface (GUI) for access to most of JtR’s functions.

  • Proxbrute v0.3

    ProxBrute is a custom firmware written for the proxmark3. It extends the currently available firmware (revision 465) to support brute force attacks against proximity card access control systems.

  • ShareScan v1.0.0.2

    ShareScan is a free utility that enables IT security personnel to identify open Windows file shares available on the internal network.

  • TesserCap v1.0

    Foundstone’s TesserCap is a GUI based, highly flexible, interactive, point and shoot CAPTCHA analysis tool.

  • VIDigger v1.0

    Check the configuration of ESX server and the virtual machines hosted on ESX server against the VMware Infrastructure Hardening guide and other best practices.

Forensic Tools

  • BinText 3.03

    Finds Ascii, Unicode and Resource strings in a file.

  • Galleta v1.0

    A Internet Explorer Cookie Forensic Analysis Tool.

  • Pasco v1.0

    An Internet Explorer activity forensic analysis tool.

  • ShoWin v2.0

    Show information about Windows, reveal passwords, and more.

  • Vision v1.0

    Reports all open TCP and UDP ports and maps them to the owning process or application.

Foundstone SASS Tools

  • .NETMon v1.0

    The .NETMon tool monitors the .NET common language runtime enabling developers to conduct detailed analysis.

  • .NET Security Toolkit v1.0

    The Foundstone SASS (Software Application Security Services) .NET Security Toolkit is designed to help application developers and architects to build secure and reliable .NET software applications.

  • CodeScout v1.0

    Foundstone CodeScout™ is a free tool developed by Foundstone to help application developers and code reviewers validate adherence to coding best practices and determine the complexity and scope of a code base.

  • CookieDigger v1.0

    CookieDigger helps identify weak cookie generation and insecure implementations of session management by web applications.

  • HackPack v1.0

    Foundstone HackPack™ is a tool designed to aid security professionals in keeping up with changes and updates to security software. The tool offers a simple interface to a large variety of security tools.

  • Hacme Bank - Android v1.0

    Hacme Bank™ Android is designed to teach mobile application developers, programmers, architects and security professionals how to create secure software and evaluate their own software to identify vulnerabilities.

  • Hacme Bank v2.0

    Hacme Bank™ is designed to teach application developers, programmers, architects and security professionals how to create secure software.

  • Hacme Books

    Foundstone Hacme Books is a learning platform for secure software development.

  • Hacme Casino v1.0

    Foundstone Hacme Casino™ is a learning platform for secure software development.

  • Hacme Shipping

    Hacme Shipping is a web-based shipping application developed to demonstrate common web application hacking techniques.

  • Hacme Travel

    Hacme Travel is designed to create secure software.

  • Hash Calculator v1.0

    Foundstone Hash Calculator is a Fiddler Extension that allows you to calculate hashes for input strings.

  • JMSDigger

    JMSDigger is an open source and GUI based tool from Foundstone used for penetration testing ActiveMQ based JMS Applications

  • Oyedata v1.0

    Foundstone's Oyedata is an intuitive GUI based tool to analyze and perform black-box security testing on OData implementations.

  • SiteDigger v3.0

    SiteDigger 3.0 searches Google’s cache to look for vulnerabilities, errors, configuration issues, proprietary information, and interesting security nuggets on websites.

  • SiteScope v1.0

    Foundstone’s SiteScope creates a site map and gathers metrics for a given web-based application.

  • Socket Security Auditor v1.0

    Foundstone Socket Security Auditor identifies the insecurely bound sockets on the local system preventing hackers from stealing valuable information.

  • SSLDigger v1.02

    SSLDigger v1.02 is a tool to assess the strength of SSL servers by testing the ciphers supported.

  • SSLSmart

    SSLSmart is a highly flexible and interactive tool aimed at improving efficiency and reducing false positives during SSL testing.

  • Validator.NET v1.0

    Validator.NET helps eliminate common vulnerabilities such as SQL Injection and Cross-Site Scripting.

  • WSDigger

    WSDigger v1.0 - Web services testing framework.

Intrusion Detection Tools

  • FileWatch

    FileWatch v1.0 - A file change monitor. Used with BlackICE Defender.

  • FPort

    FPort v2.0 - Identify unknown open ports and their associated applications.

  • IPv4Trace

    IPv4Trace v1.0 - A Win32 C++ programming library port of the OpenBSD 2.8 kernel-land IPv4 fragment reassembly implementation.

Scanning Tools

  • BOPing

    A scanner for the infamous Back Orifice program.

  • CIScan

    Cisco IOS IPv4 Remote Denial of Service Vulnerability Detection Utility.

  • CSniffer v1.0.0.3

    Scan your infrastructure to discover if you have unencrypted Perforce passwords which could be stolen and used to penetrate your source code library.

  • DDosPing

    A network admin utility for remotely detecting the most common DDoS programs.

  • DIRE

    DIRE (Detecting Insecurely Registered Executables)

  • FileInsight

    A handy integrated tool environment for website and file analysis.

  • MessengerScan v1.05

    Quickly and accurately identify Microsoft operating systems that are vulnerable to the messenger service buffer overflow released in the MS03-043 bulletin.

  • MS05-039 Scan

    Microsoft UPnP MS05-039 Vulnerability Detection Utility.

  • MS05-051 Scan

    Vulnerabilities in MSDTC and COM+ Could Allow Remote Code Execution.

  • MydoomScanner

    MydoomScanner is a Windows GUI scanner tailored specifically to finding Microsoft Windows systems infected with the Mydoom worm.

  • RPCScan

    Microsoft RPC(MS03-026) and RPCSS(MS03-039) Vulnerability Detection Utility.

  • SNScan

    SNMP Detection Utility.

  • SuperScan

    Powerful TCP port scanner, pinger, resolver.

  • Trout

    Traceroute and Whois program.

Spam Submission

Stress Testing Tools

  • Blast

    A small, quick TCP service stress test tool.

  • FSMax

    A scriptable, server stress testing tool.


  • ReadT80

    Consisting of 36 sectors that are read from tracks 80 and 81 of a BOOT sector infected 1.44M diskette.

  • RWFloppy

    Allows transporting diskette images over the network.

  • SaveInfo

    SaveInfo is a utility to capture possible boot sector viruses.