Penetration testing and network security is a pretty vast topic. These tools cover almost every aspect of it.| Network security is one of the biggest buzzwords nowadays. There are a number of security tools available, each with its own unique ability. That said, there are some that you will find on almost every security expert's computer. These are the ones that are the best and should be on your computer too. Here are 30 of the top network security tools, stay tuned for more. |
This one was known as Ethereal till the summer of 2006. It is an open source platform network protocol analyzer.
Latest release: 26 July 2013, version 1.10.1
2. Metasploit
This is an open source platform that was released in 2004. It can be launched for developing, testing and using exploit codes. While the framework is free and open source, since its acquisition by Rapid7 in 2009, but there are paid editions to it too.
Latest release: 7 December 2012, version 4.5
3. Nessus
This is another one of the most popular network security tools. It is a vulnerability scanner that costs $1,200. It used to be a free and open source application till 2005.
Latest release: 7 May 2013, version 5.2.1
4. Aircrack
This tool used the best cracking algorithms for 802.11 A/b/g WEP and WPA cracking. It is best used to recover wireless keys.
Latest release: 24 April 2010, version 1.1
5. Snort
This is one of the best available network intrusion applications that has its forte in traffic analysis and packet logging on IP networks. Snort itself is free and open source, but SourceFire (the parent company) offers other complimentary products at a price. In addition, it offers its own VRT-certified rules for $499 per sensor per year.
Latest release: 30 July 2013, version 2.9.5.3
6. Cain and Abel
How is this security tool different from others? Well, it’s a Windows only tool, which is very unlike other tools that support Linux and UNIX before Windows. Cain & Abel is a password recovery tool that can handle a number of tasks.
Latest release: 3 December 2011, version 4.9.43
7. BackTrack
If you’re even remotely involved with hacking you would have heard of BackTrack. This is a Live CD Linux distribution that comes from Whax and Auditor. It has a huge suite of security and forensics tools and is known to be the hacker’s distribution.
Latest release: 13 August 2012, version 5 R3
8. Netcat
Want to read data across UDP or TCP network connections? This is the go to tool for most security personnel for this purpose. First released in 1995 by Hobbit, it is one of the most popular security tools. Interestingly, it hasn’t been maintained despite its popularity. Recognising its usefulness, the Nmap Project made a modern version of the tool called Ncat.
Latest release: 20 March 1996, version 1.10
9. tcpdump
This is a network traffic sniffer that lost its popularity to Wireshark. It still have a respectably large user base though.
Latest release: 20 May 2013, version 4.4.0
10. John the Ripper
Compatible with the Linux, UNIX and Mac OS X platforms, this is a commonly used password cracker.
Latest release: 30 May 2013, version 1.8.0
11. Kismet
This tool is a wireless network detector, intrusion detection system and network sniffer that is used quite commonly for wardriving, warflying, warwalking and warskating.
Latest release: 11 April 2011, version Kismet 2011-03-R2
12. OpenSSH/PuTTY/SSH
This is the go to tool for logging into and executing commands on a remote machine.
13. Burp Suite
This is a tool that is used for attacking web applications. The limited version is available for free, while the pro version costs $299.
Latest release: 3 June 2011, version 1.4.01
14. Nikto
This is an open source web server that performs tests against other web servers for multiple items. This includes more than 6,400 potentially dangerous files/CGIs and other checks.
Latest release: 20 February 2011, version 2.1.4
15. Hping
You can use this one to send custom TCP, ICMP and UDP packets and then display replies. The tool was inspired by the ping command but can be used to perform far more controlled probes.
Latest release: 5 November 2005, version hping3-20051105
16. Ettercap
If a man in the middle attack on LAN networks is what you’re looking at then Ettercap is the tool that you need.
Latest release: 22 March 2013, version 0.7.6-Locard
17. Sysinternals
This tool can be used to gain access to a number of small windows utilities that can be used for low-level windows hacking.
Latest release: 4 February 2011
18. w3af
This is a powerful framework that is used for searching and exploiting web application vulnerabilities.
Latest release: 11 October 2011, version 1.1
19. OpenVAS
This is a vulnerability scanner that was forked from Nessus. The last free version of Nessus, before it became a proprietary tool in 2005, was used for this.
Latest release: 17 April 2013, version 6.0
20. Scapy
Interactive packer manipulation, network scanning, packet generating, packet sniffing, are the activities that Scapy excels in. It is a low level tool and you need Python to interact with it.
Latest release: 28 February 2011, version 2.2.0
20. Ping/telnet/dig/traceroute/whois/netstat
This is a basic security auditing tool that is still very useful. You may be ignoring these for other high tech tools, but knowing these is important too.
21. THC Hydra
This is one tool that has been revered for brute force cracking on temote authentication services. The application can manage rapid dictionary attacks against over 30 protocols like https, ftp, http, telnet, smb, a number of databases and others.
Latest release: 23 May 2012, version 7.3
22. Perl/Python/Ruby
Secripting languages allow you to write your own canned security tools. You can also use them to modify existing tools.
no rating Paros proxy (#24, 8)
23. Paros proxy
This is a Java-based web proxy server that can be used for finding out the web vulnerabilities.
Latest release: 8 August 2006, version 3.2.13
24. NetStumbler
This is a Windows tool that can be used for finding open wireless access points. It is free but not open source and is a Windows-only application.
Latest release: 1 April 2004, version 0.4.0
25. Google
You may think that this is a weird choice for a list like this. But you’re wrong. Google’s database can be is recognised as an important security tool by experts and penetration testers everywhere.
26. OSSEC HIDS
This performs log analysis, rootkit detection, integrity checking, time-based alerting and active response. It is also used as a SEM/SIM solution/
Latest release: 16 November 2012, version 2.7
27. WebScarab
This tool records requests and responses that it observes and lets the operator review them in different ways. It is a tool that can expose the functioning of HTTP(S)-based applications.
Latest release: 20 August 2010, version 20100820-1632
28. Core Impact
This tool is considered by many to be the most powerful exploitation tool that is available right now. It is also much more expensive than others though.
Latest release: 8 August 2011, version 12
29. sqlmap
This is an open source penetration testing tool, which can be used in order to automate the detection and exploitation of SQL injection flaws.
Latest release: 11 April 2011, version 0.9
30. TrueCrypt
This is a very useful open source disk encryption system for Mac, Windows and Linux-based systems.
Latest release: 7 February 2012, version 7.1a
Author :Shivam Kotwalia, CodeKill
No comments:
Post a Comment