Home page logo
/

SecTools.Org: Top 125 Network Security Tools

For more than a decade, the Nmap Project has been cataloguing the network security community's favorite tools. In 2011 this site became much more dynamic, offering ratings, reviews, searching, sorting, and a new tool suggestion form. This site allows open source and commercial tools on any platform, except those tools that we maintain (such as the Nmap Security Scanner, Ncat network connector, and Nping packet manipulator).

We're very impressed by the collective smarts of the security community and we highly recommend reading the whole list and investigating any tools you are unfamiliar with. Click any tool name for more details on that particular application, including the chance to read (and write) reviews. Many site elements are explained by tool tips if you hover your mouse over them. Enjoy!

Sort by: popularity rating release date

← previous page Tools 26–50 of 125 next page →

(1) ★★★★★ KisMAC (#97, 42)

This popular wireless stumbler for Mac OS X offers many of the features of its namesake Kismet, though the codebase is entirely different. Unlike console-based Kismet, KisMAC offers a pretty GUI and was around before Kismet was ported to OS X. It also offers mapping, Pcap-format import and logging, and even some decryption and deauthentication attacks. Read 2 reviews.

Latest release: version 0.3.3 on Feb. 7, 2011 (6 years, 10 months ago).

(1) ★★★★★ NetScanTools (#99, new!)

NetScanTools is a collection of over 40 network utilities for Windows, designed with an easy user interface in mind. It includes DNS tools, a ping and port scanner, traceroute, and other utilities. It comes in bundles with more or fewer tools based on the price. Read 3 reviews.

Latest release: version 11.30 on May 8, 2012 (5 years, 7 months ago).

(1) ★★★★★ dradis (#107, new!)

dradis is an open source framework to enable effective sharing of information among participants in a penetration test. It is a self-contained web application that provides a centralised repository of information to keep track of what has been done so far, and what is still ahead. It has plugins to read and collect the output of a variety of network scanning tools, like Nmap, Burp Suite, and Nikto. Read 2 reviews.

Latest release: version 2.6.1 on Feb. 11, 2011 (6 years, 10 months ago).

(1) ★★★★★ DirBuster (#112, new!)

DirBuster searches for hidden pages and directories on a web server. Sometimes developers will leave a page accessible, but unlinked; DirBuster is meant to find these potential vulnerabilities. This is a Java application developed by OWASP. Read 2 reviews.

Latest release: version 2.0-RC1 on March 3, 2009 (8 years, 9 months ago).

(1) ★★★★★ WebGoat (#122, new!)

WebGoat is a deliberately insecure J2EE web application maintained by OWASP designed to teach web application security lessons. In each lesson, users must demonstrate their understanding of a security issue by exploiting a real vulnerability in the WebGoat application. For example, in one of the lessons the user must use SQL injection to steal fake credit card numbers. The application is a realistic teaching environment, providing users with hints and code to further explain the lesson. Read 1 review.

Latest release: version 5.3 RC1 on Nov. 1, 2009 (8 years, 1 month ago).

(9) ★★★★★ THC Hydra (#22, 7)

When you need to brute force crack a remote authentication service, Hydra is often the tool of choice. It can perform rapid dictionary attacks against more than 50 protocols, including telnet, ftp, http, https, smb, several databases, and much more. Like THC Amap this release is from the fine folks at THC. Other online crackers are Medusa and Ncrack. The Nmap Security Scanner also contains many online brute force password cracking modules. Read 42 reviews.

Latest release: version 8.2 on June 16, 2016 (1 year, 6 months ago).

(62) ★★★★★ Social Engineer Toolkit (#58, new!)

The Social Engineer Toolkit incorporates many useful social-engineering attacks all in one interface. The main purpose of SET is to automate and improve on many of the social-engineering attacks out there. It can automatically generate exploit-hiding web pages or email messages, and can use Metasploit payloads to, for example, connect back with a shell once the page is opened. Read 82 reviews.

(6) ★★★★★ Malwarebytes' Anti-Malware (#74, new!)

Malwarebytes' Anti-Malware is a malware scanner for Windows. The authors claim to use a variety of technologies to find malware undetectable by other malware scanners. There is a free trial with limited options and a supported full version with the ability to run scheduled scans. Read 7 reviews.

Latest release: version 2.1.8.1057 on June 29, 2015 (2 years, 5 months ago).

(5) ★★★★★ Ettercap (#16, 5)

Ettercap is a suite for man in the middle attacks on LAN. It features sniffing of live connections, content filtering on the fly and many other interesting tricks. It supports active and passive dissection of many protocols (even ciphered ones) and includes many feature for network and host analysis. Read 7 reviews.

Latest release: version 0.8.2-Ferri on March 14, 2015 (2 years, 9 months ago).

(5) ★★★★★ KeePass (#92, new!)

KeePass is a password manager. It stores many passwords which are unlocked by one master password. The idea is to only have to remember one high-quality password, and still be able to use unique passwords for various accounts. It has a feature to automatically fill in passwords in web forms. Read 5 reviews.

Latest release: version 1.29 on April 3, 2015 (2 years, 8 months ago).

(4) ★★★★★ ophcrack (#35, new!)

Ophcrack is a free rainbow-table based cracker for Windows passwords (though the tool itself runs on Linux, Windows, and Mac). Features include LM and NTLM hash cracking, a GUI, the ability to load hashes from encrypted SAM recovered from a Windows partition, and a Live CD version. Some tables are provided as a free download but larger ones have to be bought from Objectif Sécurité. Read 9 reviews.

Latest release: version 3.6.0 on June 4, 2013 (4 years, 6 months ago).

(23) ★★★★½ Wireshark (#1, 1)

Wireshark (known as Ethereal until a trademark dispute in Summer 2006) is a fantastic open source multi-platform network protocol analyzer. It allows you to examine data from a live network or from a capture file on disk. You can interactively browse the capture data, delving down into just the level of packet detail you need. Wireshark has several powerful features, including a rich display filter language and the ability to view the reconstructed stream of a TCP session. It also supports hundreds of protocols and media types. A tcpdump-like console version named tshark is included. One word of caution is that Wireshark has suffered from dozens of remotely exploitable security holes, so stay up-to-date and be wary of running it on untrusted or hostile networks (such as security conferences). Read 38 reviews.

Latest release: version 1.12.7 on Aug. 12, 2015 (2 years, 4 months ago).

(3) ★★★★½ Fiddler (#60, new!)

Fiddler is a Web Debugging Proxy which logs all HTTP(S) traffic between your computer and the Internet. Fiddler allows you to inspect all HTTP(S) traffic, set breakpoints, and "fiddle" with incoming or outgoing data. Fiddler includes a powerful event-based scripting subsystem, and can be extended using any .NET language. Read 3 reviews.

Latest release: version 4.5.1.5 on July 23, 2015 (2 years, 4 months ago).

(9) ★★★★½ sqlmap (#30, new!)

sqlmap is an open source penetration testing tool that automates the process of detecting and exploiting SQL injection flaws and taking over of back-end database servers. It comes with a broad range of features, from database fingerprinting to fetching data from the DB and even accessing the underlying file system and executing OS commands via out-of-band connections. The authors recommend using the development release from their Subversion repository. Read 11 reviews.

Latest release: version 0.9 on April 11, 2011 (6 years, 8 months ago).

(8) ★★★★½ Core Impact (#29, 15)

Core Impact isn't cheap (be prepared to spend at least $30,000), but it is widely considered to be the most powerful exploitation tool available. It sports a large, regularly updated database of professional exploits, and can do neat tricks like exploiting one machine and then establishing an encrypted tunnel through that machine to reach and exploit other boxes. Other good options include Metasploit and Canvas. Read 9 reviews.

Latest release: version 12 on Aug. 8, 2011 (6 years, 4 months ago).

(9) ★★★★½ Netcat (#8, 4)

This simple utility reads and writes data across TCP or UDP network connections. It is designed to be a reliable back-end tool to use directly or easily drive by other programs and scripts. At the same time, it is a feature-rich network debugging and exploration tool, since it can create almost any kind of connection you would need, including port binding to accept incoming connections.

The original Netcat was released by Hobbit in 1995, but it hasn't been maintained despite its popularity. It can sometimes even be hard to find a copy of the v1.10 source code. The flexibility and usefulness of this tool prompted the Nmap Project to produce Ncat, a modern reimplementation which supports SSL, IPv6, SOCKS and http proxies, connection brokering, and more. Other takes on this classic tool include the amazingly versatile Socat, OpenBSD's nc, Cryptcat, Netcat6, pnetcat, SBD, and so-called GNU Netcat. Read 13 reviews.

Latest release: version 1.10 on March 20, 1996 (21 years, 9 months ago).

(10) ★★★★½ Metasploit (#2, 3)

Metasploit took the security world by storm when it was released in 2004. It is an advanced open-source platform for developing, testing, and using exploit code. The extensible model through which payloads, encoders, no-op generators, and exploits can be integrated has made it possible to use the Metasploit Framework as an outlet for cutting-edge exploitation research. It ships with hundreds of exploits, as you can see in their list of modules. This makes writing your own exploits easier, and it certainly beats scouring the darkest corners of the Internet for illicit shellcode of dubious quality. One free extra is Metasploitable, an intentionally insecure Linux virtual machine you can use for testing Metasploit and other exploitation tools without hitting live servers.

Metasploit was completely free, but the project was acquired by Rapid7 in 2009 and it soon sprouted commercial variants. The Framework itself is still free and open source, but they now also offer a free-but-limited Community edition, a more advanced Express edition ($5,000 per year per user), and a full-featured Pro edition. Other paid exploitation tools to consider are Core Impact (more expensive) and Canvas (less).

The Metasploit Framework now includes an official Java-based GUI and also Raphael Mudge's excellent Armitage. The Community, Express, and Pro editions have web-based GUIs. Read 16 reviews.

Latest release: version 4.11 on Dec. 18, 2014 (2 years, 12 months ago).

(2) ★★★★½ NetStumbler (#25, 7)

Netstumbler is the best known Windows tool for finding open wireless access points ("wardriving"). They also distribute a WinCE version for PDAs and such named MiniStumbler. The tool is currently free but Windows-only and no source code is provided. It uses a more active approach to finding WAPs than passive sniffers such as Kismet or KisMAC. Read 3 reviews.

Latest release: version 0.4.0 on April 1, 2004 (13 years, 8 months ago).

(2) ★★★★½ TrueCrypt (#31, 66)

The authors of TrueCrypt abandoned the project in May 2014. While many still use the software, there are several forks and alternatives that are striving to take its lofty place.
TrueCrypt is an excellent open source disk encryption system for Windows, Mac, and Linux systems. Users can encrypt entire filesystems, which are then on-the-fly encrypted/decrypted as needed without user intervention beyond initially entering their passphrase. A clever hidden volume feature allows you to hide a second layer of particularly sensitive content with plausible deniability about whether it even exists. Then if you are forced to give up your passphrase, you give them the first-level secret. That only allows them access to the innocuous material you have there, without proving that a second level key even exists. Read 5 reviews.

Latest release: version 7.2 on May 28, 2014 (3 years, 6 months ago).

(2) ★★★★½ skipfish (#39, new!)

skipfish is an active web application security reconnaissance tool. It prepares an interactive sitemap for the targeted site by carrying out a recursive crawl and dictionary-based probes. The resulting map is then annotated with the output from a number of active (but hopefully non-disruptive) security checks. The final report generated by the tool is meant to serve as a foundation for professional web application security assessments. Read 2 reviews.

Latest release: version 2.10b on Dec. 4, 2012 (5 years ago).

(2) ★★★★½ OSSIM (#48, new!)

Alienvault OSSIM stands for Open Source Security Information Management. Its goal is to provide a comprehensive compilation of tools which, when working together, grant network/security administrators with a detailed view over each and every aspect of networks, hosts, physical access devices, and servers. OSSIM incorporates several other tools, including Nagios and OSSEC HIDS. Read 2 reviews.

Latest release: version 5.0.3 on June 2, 2015 (2 years, 6 months ago).

(6) ★★★★½ Splunk (#65, new!)

Splunk is a tool to search, report, monitor and analyze real-time streaming and historical IT data. It collects logs from a variety of sources and makes them searchable in a unified interface. Read 6 reviews.

Latest release: version 4.1.7 on Feb. 14, 2011 (6 years, 10 months ago).

(18) ★★★★½ Burp Suite (#13, 63)

Burp Suite is an integrated platform for attacking web applications. It contains a variety of tools with numerous interfaces between them designed to facilitate and speed up the process of attacking an application. All of the tools share the same framework for handling and displaying HTTP messages, persistence, authentication, proxies, logging, alerting and extensibility. There is a limited free version and also Burp Suite Professional ($299 per user per year). Read 20 reviews.

Latest release: version 1.4.01 on June 3, 2011 (6 years, 6 months ago).

(3) ★★★★½ L0phtCrack (#57, 30)

L0phtCrack attempts to crack Windows passwords from hashes which it can obtain (given proper access) from stand-alone Windows workstations, networked servers, primary domain controllers, or Active Directory. In some cases it can sniff the hashes off the wire. It also has numerous methods of generating password guesses (dictionary, brute force, etc). LC5 was discontinued by Symantec in 2006, then re-acquired by the original L0pht guys and reborn as LC6 in 2009. For free alternatives, consider ophcrack, Cain and Abel, or John the Ripper. Read 4 reviews.

Latest release: version 6.0.11 on Jan. 9, 2011 (6 years, 11 months ago).

(6) ★★★★½ inSSIDer (#90, new!)

inSSIDer is a wireless network scanner for Windows, OS X, and Android. It was designed to overcome limitations of NetStumbler, namely not working well on 64-bit Windows and Windows Vista. inSSIDer can find open wireless access points, track signal strength over time, and save logs with GPS records. Read 11 reviews.

Latest release: version 4.1.0 on Jan. 22, 2015 (2 years, 10 months ago).

← previous page Tools 26–50 of 125 next page →

Categories

[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]