Home page logo
/

SecTools.Org: Top 125 Network Security Tools

For more than a decade, the Nmap Project has been cataloguing the network security community's favorite tools. In 2011 this site became much more dynamic, offering ratings, reviews, searching, sorting, and a new tool suggestion form. This site allows open source and commercial tools on any platform, except those tools that we maintain (such as the Nmap Security Scanner, Ncat network connector, and Nping packet manipulator).

We're very impressed by the collective smarts of the security community and we highly recommend reading the whole list and investigating any tools you are unfamiliar with. Click any tool name for more details on that particular application, including the chance to read (and write) reviews. Many site elements are explained by tool tips if you hover your mouse over them. Enjoy!

Sort by: popularity rating release date

Tools 1–25 of 125 next page →

(1) ★★★★★ Snort (#5, 2)

This network intrusion detection and prevention system excels at traffic analysis and packet logging on IP networks. Through protocol analysis, content searching, and various pre-processors, Snort detects thousands of worms, vulnerability exploit attempts, port scans, and other suspicious behavior. Snort uses a flexible rule-based language to describe traffic that it should collect or pass, and a modular detection engine. Also check out the free Basic Analysis and Security Engine (BASE), a web interface for analyzing Snort alerts.

While Snort itself is free and open source, parent company SourceFire offers their VRT-certified rules for $499 per sensor per year and a complementary product line of software and appliances with more enterprise-level features. Sourcefire also offers a free 30-day delayed feed. Read 3 reviews.

Latest release: version 2.9.6.1 on April 23, 2014 (1 year, 4 months ago).

(1) ★★★★★ Scapy (#20, 8)

Scapy is a powerful interactive packet manipulation tool, packet generator, network scanner, network discovery tool, and packet sniffer. Note that Scapy is a very low-level tool—you interact with it using the Python programming language. It provides classes to interactively create packets or sets of packets, manipulate them, send them over the wire, sniff other packets from the wire, match answers and replies, and more. Read 3 reviews.

Latest release: version 2.2.0 on Feb. 28, 2011 (4 years, 6 months ago).

(1) ★★★★★ Perl/Python/Ruby (#23, 3)

While many canned security tools are available on this site for handling common tasks, scripting languages allow you to write your own (or modify existing ones) when you need something more custom. Quick, portable scripts can test, exploit, or even fix systems. Archives like CPAN are filled with modules such as Net::RawIP and protocol implementations to make your tasks even easier. Many security tools use scripting languages heavily for extensibility. For example Scapy interaction is through a Python interpreter, Metasploit modules are written in Ruby, and Nmap's scripting engine uses Lua. Read 1 review.

(2) ★★★★★ WebScarab (#28, 7)

In its simplest form, WebScarab records the conversations (requests and responses) that it observes, and allows the operator to review them in various ways. WebScarab is designed to be a tool for anyone who needs to expose the workings of an HTTP(S) based application, whether to allow the developer to debug otherwise difficult problems, or to allow a security specialist to identify vulnerabilities in the way that the application has been designed or implemented. Read 3 reviews.

Latest release: version 20100820-1632 on Aug. 20, 2010 (5 years ago).

(2) ★★★★★ OllyDbg (#44, 49)

OllyDbg is a 32-bit assembler level analyzing debugger for Microsoft Windows. Emphasis on binary code analysis makes it particularly useful in cases where source is unavailable. OllyDbg features an intuitive user interface, advanced code analysis capable of recognizing procedures, loops, API calls, switches, tables, constants and strings, an ability to attach to a running program, and good multi-thread support. OllyDbg is free to download and use but no source code is provided. Read 2 reviews.

Latest release: version 2.01 on Sept. 27, 2013 (1 year, 11 months ago).

(2) ★★★★★ Canvas (#51, 37)

Canvas is a commercial vulnerability exploitation tool from Dave Aitel's ImmunitySec. It includes more than 370 exploits and is less expensive than Core Impact or the commercial versions of Metasploit. It comes with full source code, and occasionally even includes zero-day exploits. Read 3 reviews.

Latest release: version 6.73 on Oct. 26, 2011 (3 years, 10 months ago).

(2) ★★★★★ Yersinia (#59, 7)

Yersinia is a low-level protocol attack tool useful for penetration testing. It is capable of many diverse attacks over multiple protocols, such as becoming the root role in the Spanning Tree (Spanning Tree Protocol), creating virtual CDP (Cisco Discovery Protocol) neighbors, becoming the active router in a HSRP (Hot Standby Router Protocol) scenario, faking DHCP replies, and other low-level attacks. Read 3 reviews.

Latest release: version 0.7.1 on Jan. 26, 2007 (8 years, 7 months ago).

(1) ★★★★★ EtherApe (#64, 21)

Featuring link layer, IP, and TCP modes, EtherApe displays network activity graphically with a color coded protocols display. Hosts and links change in size with traffic. It supports Ethernet, WLAN, FDDI, Token Ring, ISDN, PPP and SLIP devices. It can filter traffic to be shown, and can read traffic from a file as well as live from the network. Read 4 reviews.

Latest release: version 0.9.13 on May 5, 2013 (2 years, 3 months ago).

(5) ★★★★★ Secunia PSI (#68, new!)

Secunia PSI (Personal Software Inspector) is a free security tool designed to detect vulnerable and out-dated programs and plug-ins that expose your PC to attacks. Attacks exploiting vulnerable programs and plug-ins are rarely blocked by traditional anti-virus programs. Secunia PSI checks only the machine it is running on, while its commercial sibling Secunia CSI (Corporate Software Inspector) scans multiple machines on a network. Read 6 reviews.

Latest release: version 2.0 on Jan. 10, 2011 (4 years, 7 months ago).

(6) ★★★★★ Nagios (#69, 2)

Nagios is a system and network monitoring application. It watches hosts and services that you specify, alerting you when things go bad and when they get better. Some of its many features include monitoring of network services (SMTP, POP3, HTTP, NNTP, ICMP, etc.), monitoring of host resources (processor load, disk usage, etc.), and contact notifications when service or host problems occur and get resolved (via email, pager, or user-defined method). Read 7 reviews.

Latest release: version 4.0.6 on April 29, 2014 (1 year, 4 months ago).

(1) ★★★★★ sqlninja (#72, new!)

sqlininja exploits web applications that use Microsoft SQL Server as a database backend. Its focus is on getting a running shell on the remote host. sqlninja doesn't find an SQL injection in the first place, but automates the exploitation process once one has been discovered. Read 1 review.

Latest release: version 0.2.6-r1 on April 29, 2012 (3 years, 4 months ago).

(4) ★★★★★ Netsparker (#75, new!)

Netsparker is a web application security scanner, with support for both detection and exploitation of vulnerabilities. It aims to be false positive–free by only reporting confirmed vulnerabilities after successfully exploiting or otherwise testing them. Read 5 reviews.

Latest release: version 1.8.3.3 on Feb. 10, 2011 (4 years, 6 months ago).

(1) ★★★★★ Argus (#78, 5)

Argus is a fixed-model Real Time Flow Monitor designed to track and report on the status and performance of all network transactions seen in a data network traffic stream. Argus provides a common data format for reporting flow metrics such as connectivity, capacity, demand, loss, delay, and jitter on a per transaction basis. The record format that Argus uses is flexible and extensible, supporting generic flow identifiers and metrics, as well as application/protocol specific information. There is also another open source network monitoring program named Argus. Read 2 reviews.

Latest release: version 3.7 on Feb. 1, 2013 (2 years, 7 months ago).

(1) ★★★★★ ClamAV (#80, 6)

ClamAV is a powerful AntiVirus scanner focused towards integration with mail servers for attachment scanning. It provides a flexible and scalable multi-threaded daemon, a command line scanner, and a tool for automatic updating via the Internet. Clam AntiVirus is based on a shared library distributed with the Clam AntiVirus package, which you can use with your own software. Most importantly, the virus database is kept up to date. The project was acquired by Sourcefire in 2007. Read 1 review.

Latest release: version 0.98.3 on May 7, 2014 (1 year, 3 months ago).

(1) ★★★★★ Nipper (#81, new!)

Nipper (short for Network Infrastructure Parser, previously known as CiscoParse) audits the security of network devices such as switches, routers, and firewalls. It works by parsing and analyzing device configuration file which the Nipper user must supply. This was an open source tool until its developer (Titania) released a commercial version and tried to hide their old GPL releases (including the GPLv2 version 0.10 source tarball). Read 2 reviews.

Latest release: version 1.3.

(4) ★★★★★ NoScript (#85, new!)

NoScript is an add-on for Firefox that blocks JavaScript, Java, Flash, and other plugin content (allowing you to selectively re-enable them for certain sites). It also offers cross-site scripting protection. This is mainly designed to keep web users safe, but security testers can also use the add-on to see what scripts a site is using. One caution is that the NoScript author Giorgio Maone has been caught inserting hidden code into NoScript which disabled users' ad-blocking software so that ads would still show up on the NoScript web site. He did post a lengthy apology. Read 5 reviews.

Latest release: version 2.6.8.13 on Jan. 22, 2014 (1 year, 7 months ago).

(5) ★★★★★ Firebug (#89, new!)

Firebug is an add-on for Firefox that provides access to browser internals. It features live editing of HTML and CSS, a DOM viewer, and a JavaScript debugger. Web application security testers appreciate the ability to see what's happening behind the scenes of the browser. Read 6 reviews.

Latest release: version 1.12.7 on March 5, 2014 (1 year, 5 months ago).

(1) ★★★★★ ratproxy (#96, new!)

Ratproxy is a semi-automated, largely passive web application security audit tool. It is meant to complement active crawlers and manual proxies more commonly used for this task, and is optimized specifically for an accurate and sensitive detection, and automatic annotation, of potential problems and security-relevant design patterns based on the observation of existing, user-initiated traffic in complex web 2.0 environments. Read 2 reviews.

Latest release: version 1.58 beta on May 1, 2009 (6 years, 4 months ago).

(1) ★★★★★ cURL (#100, new!)

curl is a command line tool for transferring data with URL syntax, supporting FTP, FTPS, HTTP, HTTPS, SCP, SFTP, TFTP, TELNET, DICT, LDAP, LDAPS, FILE, IMAP, SMTP, POP3 and RTSP. curl supports SSL certificates, HTTP POST, HTTP PUT, FTP uploading, HTTP form based upload, proxies, cookies, authentication, and more. libcurl provides these capabilities to other programs. Read 1 review.

Latest release: version 7.36.0 on March 26, 2014 (1 year, 5 months ago).

(1) ★★★★★ Knoppix (#103, 43)

Knoppix consists of a representative collection of GNU/Linux software, automatic hardware detection, and support for many graphics cards, sound cards, SCSI and USB devices and other peripherals. Knoppix can be used as a productive Linux system for the desktop, educational CD, rescue system, or as many Nmap survey takers attest, a portable security tool. For a security-specific Linux distribution see BackTrack. Read 1 review.

Latest release: version 7.2.0 on June 24, 2013 (2 years, 2 months ago).

(1) ★★★★★ RainbowCrack (#105, 56)

The RainbowCrack tool is a hash cracker that makes use of a large-scale time-memory trade-off. A traditional brute force cracker tries all possible plaintexts one by one, which can be time consuming for complex passwords. RainbowCrack uses a time-memory trade-off to do all the cracking-time computation in advance and store the results in so-called "rainbow tables". It does take a long time to precompute the tables but RainbowCrack can be hundreds of times faster than a brute force cracker once the precomputation is finished. Read 2 reviews.

Latest release: version 1.5 on Aug. 26, 2010 (5 years ago).

(1) ★★★★★ Grendel-Scan (#106, new!)

Grendel-Scan is an open-source web application security testing tool. It has automated testing module for detecting common web application vulnerabilities, and features geared at aiding manual penetration tests. Read 1 review.

Latest release: version 1.1.

(1) ★★★★★ NBTScan (#111, 72)

NBTScan is a program for scanning IP networks for NetBIOS name information (similar to what the Windows nbtstat tool provides against single hosts). It sends a NetBIOS status query to each address in a supplied range and lists received information in human readable form. For each responded host it lists IP address, NetBIOS computer name, logged-in user name and MAC address. The original nbtscan was written by Alla Bezroutchko. Steve Friedl has written an alternate implementation. Read 2 reviews.

Latest release: version 1.5.1 on June 1, 2003 (12 years, 3 months ago).

(1) ★★★★★ Stunnel (#117, 38)

The stunnel program is designed to work as an SSL encryption wrapper between remote client and local (inetd-startable) or remote servers. It can be used to add SSL functionality to commonly used inetd daemons like POP2, POP3, and IMAP servers without any changes in the programs' code. It will negotiate an SSL connection using the OpenSSL or SSLeay libraries. Read 1 review.

Latest release: version 5.01 on April 8, 2014 (1 year, 4 months ago).

(1) ★★★★★ SELinux (#118, new!)

Security Enhanced Linux (SELinux) is a security enhancement to Linux implementing mandatory access control (MAC). Users and processes can be granted their least required privileges in a much more granular way than with traditional Unix access control. For example, you can define a policy to prevent your web browser from reading your SSH keys. The security model of SELinux has been ported to other operating systems; see SEBSD for FreeBSD and Project fmac for OpenSolaris. Read 2 reviews.

Tools 1–25 of 125 next page →

Categories

[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]