Top 125 Network Security Tools
SecTools.Org: Top 125 Network Security Tools
For more than a decade, the Nmap
Project has been cataloguing the network security community\’s
favorite tools. In 2011 this site became much more dynamic, offering
ratings, reviews, searching, sorting, and a new tool suggestion form.
This site allows open source and commercial tools on any platform,
except those tools that we maintain (such as the Nmap Security Scanner, Ncat network connector, and Nping packet manipulator).
We\’re very impressed by the collective smarts of the security
community and we highly recommend reading the whole list and
investigating any tools you are unfamiliar with. Click any tool name for
more details on that particular application, including the chance to
read (and write) reviews. Many site elements are explained by tool tips
if you hover your mouse over them. Enjoy!
Tools 1–25 of 125 next page →
(11) ★★★★★ Wireshark (#1, 1)
Wireshark (known as Ethereal until a trademark dispute in Summer 2006)
is a fantastic open source multi-platform network protocol analyzer. It
allows you to examine data from a live network or from a capture file
on disk. You can interactively browse the capture data, delving down
into just the level of packet detail you need. Wireshark has several
powerful features, including a rich display filter language and the
ability to view the reconstructed stream of a TCP session. It also
supports hundreds of protocols and media types. A tcpdump-like
console version named tshark is included. One word of caution is that
Wireshark has suffered from dozens of remotely exploitable security
holes, so stay up-to-date and be wary of running it on untrusted or
hostile networks (such as security conferences). Read 20 reviews.
Latest release: version 1.8.6 on March 6, 2013 (1 month, 2 weeks ago).
(5) ★★★★ Metasploit (#2, 3)
Metasploit took the security world by storm when it was released in
2004. It is an advanced open-source platform for developing, testing,
and using exploit code. The extensible model through which payloads,
encoders, no-op generators, and exploits can be integrated has made it
possible to use the Metasploit Framework as an outlet for cutting-edge
exploitation research. It ships with hundreds of exploits, as you can
see in their list of modules.
This makes writing your own exploits easier, and it certainly beats
scouring the darkest corners of the Internet for illicit shellcode of
dubious quality. One free extra is Metasploitable,
an intentionally insecure Linux virtual machine you can use for testing
Metasploit and other exploitation tools without hitting live servers.
Metasploit was completely free, but the project was acquired by Rapid7 in 2009 and it soon sprouted commercial variants. The Framework itself
is still free and open source, but they now also offer a
free-but-limited Community edition, a more advanced Express edition
($3,000 per year per user), and a full-featured Pro edition ($15,000 per
user per year). Other paid exploitation tools to consider are Core Impact (more expensive) and Canvas (less).
The Metasploit Framework now includes an official Java-based GUI and also Raphael Mudge\’s excellent Armitage. The Community, Express, and Pro editions have web-based GUIs. Read 7 reviews.
Latest release: version 4.5 on Dec. 7, 2012 (4 months, 2 weeks ago).
(3) ★★★★? Nessus (#3, 2)
Nessus is one of the most popular and capable vulnerability scanners,
particularly for UNIX systems. It was initially free and open source,
but they closed the source code in 2005 and removed the free “Registered Feed” version in 2008. It now costs $1,200 per year, which still beats many of its
competitors. A free “Home Feed” is also available, though it is limited
and only licensed for home network use.
Nessus is constantly updated, with more than 46,000 plugins. Key
features include remote and local (authenticated) security checks, a
client/server architecture with a web-based interface, and an embedded
scripting language for writing your own plugins or understanding the
existing ones. The open-source version of Nessus was forked by a group
of users who still develop it under the OpenVAS name. Read 3 reviews.
Latest release: version 5.0.2 on Oct. 9, 2012 (6 months, 2 weeks ago).
(7) ★★★★ Aircrack (#4, 17)
Aircrack is a suite of tools for 802.11a/b/g WEP and WPA cracking. It
implements the best known cracking algorithms to recover wireless keys
once enough encrypted packets have been gathered. . The suite comprises
over a dozen discrete tools, including airodump (an 802.11 packet
capture program), aireplay (an 802.11 packet injection program),
aircrack (static WEP and WPA-PSK cracking), and airdecap (decrypts
WEP/WPA capture files). Read 9 reviews.
Latest release: version 1.1 on April 24, 2010 (2 years, 12 months ago).
(1) ★★★★★ Snort (#5, 2)
This network intrusion detection and prevention system excels at
traffic analysis and packet logging on IP networks. Through protocol
analysis, content searching, and various pre-processors, Snort detects
thousands of worms, vulnerability exploit attempts, port scans, and
other suspicious behavior. Snort uses a flexible rule-based language to
describe traffic that it should collect or pass, and a modular detection
engine. Also check out the free Basic Analysis and Security Engine (BASE), a web interface for analyzing Snort alerts.
While Snort itself is free and open source, parent company SourceFire offers their VRT-certified rules for $499 per sensor per year and a
complementary product line of software and appliances with more
enterprise-level features. Sourcefire also offers a free 30-day delayed
feed. Read 2 reviews.
Latest release: version 2.9.4.5 on April 3, 2013 (2 weeks, 5 days ago).
(4) ★★★★? Cain and Abel (#6, 3)
UNIX users often smugly assert that the best free security tools
support their platform first, and Windows ports are often an
afterthought. They are usually right, but Cain & Abel is a glaring
exception. This Windows-only password recovery tool handles an enormous
variety of tasks. It can recover passwords by sniffing the network,
cracking encrypted passwords using dictionary, brute-force and
cryptanalysis attacks, recording VoIP conversations, decoding scrambled
passwords, revealing password boxes, uncovering cached passwords and
analyzing routing protocols. It is also well documented. Read 7 reviews.
Latest release: version 4.9.43 on Dec. 3, 2011 (1 year, 4 months ago).
(13) ★★★★ BackTrack (#7, 25)
This excellent bootable live CD Linux distribution comes from the
merger of Whax and Auditor. It boasts a huge variety of Security and
Forensics tools and provides a rich development environment. User
modularity is emphasized so the distribution can be easily customized by
the user to include personal scripts, additional tools, customized
kernels, etc. Read 17 reviews.
Latest release: version 5 R3 on Aug. 13, 2012 (8 months, 1 week ago).
(2) ★★★★? Netcat (#8, 4)
This simple utility reads and writes data across TCP or UDP network
connections. It is designed to be a reliable back-end tool to use
directly or easily drive by other programs and scripts. At the same
time, it is a feature-rich network debugging and exploration tool, since
it can create almost any kind of connection you would need, including
port binding to accept incoming connections.
The original Netcat was released by Hobbit in 1995, but it hasn\’t been maintained despite its popularity. It can sometimes even be hard to find a copy of the v1.10 source code. The flexibility and usefulness of this tool prompted the Nmap Project to produce Ncat,
a modern reimplementation which supports SSL, IPv6, SOCKS and http
proxies, connection brokering, and more. Other takes on this classic
tool include the amazingly versatile Socat, OpenBSD\’s nc, Cryptcat, Netcat6, pnetcat, SBD, and so-called GNU Netcat. Read 3 reviews.
Latest release: version 1.10 on March 20, 1996 (17 years, 1 month ago).
(1) ★★★★ tcpdump (#9, 1)
Tcpdump is the network sniffer we all used before (Wireshark)
came on the scene, and many of us continue to use it frequently. It may
not have the bells and whistles (such as a pretty GUI and parsing logic
for hundreds of application protocols) that Wireshark has, but it does
the job well and with less security risk. It also requires fewer system
resources. While Tcpdump doesn\’t receive new features often, it is actively maintained to fix bugs and portability problems. It is great for tracking down
network problems or monitoring activity. There is a separate Windows
port named WinDump. tcpdump is the source of the Libpcap/WinPcap packet capture library, which is used by Nmap and many other tools. Read 2 reviews.
Latest release: version 4.3.0 on June 12, 2012 (10 months, 2 weeks ago).
(1) ★★★★★ John the Ripper (#10, unchanged)
John the Ripper is a fast password cracker for UNIX/Linux and Mac OS
X.. Its primary purpose is to detect weak Unix passwords, though it
supports hashes for many other platforms as well. There is an official
free version, a community-enhanced version (with many contributed
patches but not as much quality assurance), and an inexpensive pro
version. You will probably want to start with some wordlists, which you
can find here, here, or here. Read 3 reviews.
Latest release: version 1.7.9-jumbo-7 on Sept. 20, 2012 (7 months ago).
(1) ★★★★★ Kismet (#11, 4)
Kismet is a console (ncurses) based 802.11 layer-2 wireless network
detector, sniffer, and intrusion detection system. It identifies
networks by passively sniffing (as opposed to more active tools such as NetStumbler),
and can even decloak hidden (non-beaconing) networks if they are in
use. It can automatically detect network IP blocks by sniffing TCP, UDP,
ARP, and DHCP packets, log traffic in Wireshark/tcpdump compatible format, and even plot detected networks and estimated ranges
on downloaded maps. As you might expect, this tool is commonly used for wardriving. Oh, and also warwalking, warflying, and warskating, etc. Read 1 review.
Latest release: version Kismet 2011-03-R2 on April 11, 2011 (2 years ago).
(1) ★★★★★ OpenSSH/PuTTY/SSH (#12, 2)
SSH (Secure Shell) is the now ubiquitous program for logging into or
executing commands on a remote machine. It provides secure encrypted
communications between two untrusted hosts over an insecure network,
replacing the hideously insecure telnet/rlogin/rsh alternatives. Most
UNIX users run the open source OpenSSH server and client. Windows users often prefer the free PuTTY client, which is also available for many mobile devices, and WinSCP. Other Windows users prefer the nice terminal-based port of OpenSSH that comes with Cygwin. There are dozens of other free and proprietary clients to consider as well. Read 1 review.
(13) ★★★★★ Burp Suite (#13, 63)
Burp Suite is an integrated platform for attacking web applications.
It contains a variety of tools with numerous interfaces between them
designed to facilitate and speed up the process of attacking an
application. All of the tools share the same framework for handling and
displaying HTTP messages, persistence, authentication, proxies, logging,
alerting and extensibility. There is a limited free version and also
Burp Suite Professional ($299 per user per year). Read 14 reviews.
Latest release: version 1.4.01 on June 3, 2011 (1 year, 10 months ago).
(5) ★★★? Nikto (#14, 2)
Nikto is an Open Source (GPL) web server scanner which performs
comprehensive tests against web servers for multiple items, including
over 6400 potentially dangerous files/CGIs, checks for outdated versions
of over 1200 servers, and version specific problems on over 270
servers. It also checks for server configuration items such as the
presence of multiple index files, HTTP server options, and will attempt
to identify installed web servers and software. Scan items and plugins
are frequently updated and can be automatically updated. Read 8 reviews.
Latest release: version 2.1.4 on Feb. 20, 2011 (2 years, 2 months ago).
(2) ★★★★★ Hping (#15, 9)
This handy little utility assembles and sends custom ICMP, UDP, or TCP
packets and then displays any replies. It was inspired by the ping
command, but offers far more control over the probes sent. It also has a
handy traceroute mode and supports IP fragmentation. Hping is
particularly useful when trying to traceroute/ping/probe hosts behind a
firewall that blocks attempts using the standard utilities. This often
allows you to map out firewall rule sets. It is also great for learning
more about TCP/IP and experimenting with IP protocols. Unfortunately, it
hasn\’t been updated since 2005. The Nmap Project created and maintains Nping, a similar program with more modern features such as IPv6 support, and a unique echo mode. Read 2 reviews.
Latest release: version hping3-20051105 on Nov. 5, 2005 (7 years, 5 months ago).
(5) ★★★★ Ettercap (#16, 5)
Ettercap is a suite for man in the middle attacks on LAN. It features
sniffing of live connections, content filtering on the fly and many
other interesting tricks.
It supports active and passive dissection of many protocols (even
ciphered ones) and includes many feature for network and host analysis. Read 7 reviews.
Latest release: version 0.7.6-Locard on March 22, 2013 (1 month ago).
no rating Sysinternals (#17, 7)
Sysinternals provides many small windows utilities that are quite
useful for low-level windows hacking. Some are free of cost and/or
include source code, while others are proprietary. Survey respondents
were most enamored with:
- ProcessExplorer for keeping an eye on the files and directories open by any process (like lsof on UNIX).
- PsTools for managing (executing, suspending, killing, detailing) local and remote processes.
- Autoruns for discovering what executables are set to run during system boot up or login.
- RootkitRevealer for detecting registry and file system API discrepancies that may indicate the presence of a user-mode or kernel-mode rootkit.
- TCPView, for viewing TCP and UDP traffic endpoints used by each process (like Netstat on UNIX).
Many of the Sysinternals tools originally came with source code and there were even Linux versions. Microsoft acquired Sysinternals in July 2006, promising that “Customers will be able to continue
building on Sysinternals\’ advanced utilities, technical information and
source code”. Less than four months later, Microsoft removed most of that source code. Review this tool.
Latest release: Feb. 4, 2011 (2 years, 2 months ago).
(7) ★★★★ w3af (#18, new!)
W3af is an extremely popular, powerful, and flexible framework for
finding and exploiting web application vulnerabilities. It is easy to
use and extend and features dozens of web assessment and exploitation
plugins. In some ways it is like a web-focused Metasploit. Read 9 reviews.
Latest release: version 1.1 on Oct. 11, 2011 (1 year, 6 months ago).
(17) ★★★? OpenVAS (#19, new!)
OpenVAS is a vulnerability scanner that was forked from the last free version of Nessus after Nessus went proprietary in 2005. It continues to grow, with more
than 23,000 tests as of November 2011. OpenVAS plugins are written in
the same NASL language used by Nessus. Read 20 reviews.
Latest release: version 5.0 on May 10, 2012 (11 months, 2 weeks ago).
(1) ★★★★★ Scapy (#20, 8)
Scapy is a powerful interactive packet manipulation tool, packet
generator, network scanner, network discovery tool, and packet sniffer.
Note that Scapy is a very low-level tool—you interact with it using the
Python programming language. It provides classes to interactively create
packets or sets of packets, manipulate them, send them over the wire,
sniff other packets from the wire, match answers and replies, and more. Read 2 reviews.
Latest release: version 2.2.0 on Feb. 28, 2011 (2 years, 1 month ago).
(1) ★★★★★ Ping/telnet/dig/traceroute/whois/netstat (#21, 8)
While there are many advanced high-tech tools out there to assist in
security auditing, don\’t forget about the basics! Everyone should be
very familiar with these tools as they come with most operating systems
(except that Windows omits whois and uses the name tracert). They can be
very handy in a pinch, although more advanced functionality is
available from Hping and Netcat. Read 1 review.
(1) ★★★★★ THC Hydra (#22, 7)
When you need to brute force crack a remote authentication service,
Hydra is often the tool of choice. It can perform rapid dictionary
attacks against more then 30 protocols, including telnet, ftp, http,
https, smb, several databases, and much more. Like THC Amap this release is from the fine folks at THC. Other online crackers are Medusa and Ncrack. The Nmap Security Scanner also contains many online brute force password cracking modules. Read 1 review.
Latest release: version 7.3 on May 23, 2012 (11 months ago).
no rating Perl/Python/Ruby (#23, 3)
While many canned security tools are available on this site for
handling common tasks, scripting languages allow you to write your own
(or modify existing ones) when you need something more custom. Quick,
portable scripts can test, exploit, or even fix systems. Archives like CPAN are filled with modules such as Net::RawIP and protocol implementations to make your tasks even easier. Many
security tools use scripting languages heavily for extensibility. For
example Scapy interaction is through a Python interpreter, Metasploit modules are written in Ruby, and Nmap\’s scripting engine uses Lua. Review this tool.
no rating Paros proxy (#24, 8)
A Java-based web proxy for assessing web application vulnerability. It
supports editing/viewing HTTP/HTTPS messages on-the-fly to change items
such as cookies and form fields. It includes a web traffic recorder,
web spider, hash calculator, and a scanner for testing common web
application attacks such as SQL injection and cross-site scripting. Read 2 reviews.
Latest release: version 3.2.13 on Aug. 8, 2006 (6 years, 8 months ago).
(1) ★★★★ NetStumbler (#25, 7)
Netstumbler is the best known Windows tool for finding open wireless
access points (“wardriving”). They also distribute a WinCE version for
PDAs and such named MiniStumbler.
The tool is currently free but Windows-only and no source code is
provided. It uses a more active approach to finding WAPs than passive
sniffers such as Kismet or KisMAC. Read 1 review.
Latest release: version 0.4.0 on April 1, 2004 (9 years ago).
<script>window._bd_share_config={“common”:{“bdSnsKey”:{},”bdText”:””,”bdMini”:”2″,”bdMiniList”:false,”bdPic”:””,”bdStyle”:”0″,”bdSize”:”16″},”share”:{}};with(document)0[(getElementsByTagName(\’head\’)[0]||body).appendChild(createElement(\’script\’)).src=\’http://bdimg.share.baidu.com/static/api/js/share.js?v=89860593.js?cdnversion=\’+~(-new Date()/36e5)];</script>
阅读(1045) | 评论(0) | 转发(1) |