Home page logo
/

SecTools.Org: Top 125 Network Security Tools

For more than a decade, the Nmap Project has been cataloguing the network security community's favorite tools. In 2011 this site became much more dynamic, offering ratings, reviews, searching, sorting, and a new tool suggestion form. This site allows open source and commercial tools on any platform, except those tools that we maintain (such as the Nmap Security Scanner, Ncat network connector, and Nping packet manipulator).

We're very impressed by the collective smarts of the security community and we highly recommend reading the whole list and investigating any tools you are unfamiliar with. Click any tool name for more details on that particular application, including the chance to read (and write) reviews. Many site elements are explained by tool tips if you hover your mouse over them. Enjoy!

Sort by: popularity rating release date

← previous page Tools 51–75 of 125 next page →

(11) ★★★★½ Nikto (#14, 2)

Nikto is an Open Source (GPL) web server scanner which performs comprehensive tests against web servers for multiple items, including over 6400 potentially dangerous files/CGIs, checks for outdated versions of over 1200 servers, and version specific problems on over 270 servers. It also checks for server configuration items such as the presence of multiple index files, HTTP server options, and will attempt to identify installed web servers and software. Scan items and plugins are frequently updated and can be automatically updated. Read 16 reviews.

Latest release: version 2.1.4 on Feb. 20, 2011 (6 years, 9 months ago).

(4) ★★★★½ Acunetix (#41, 55)

Acunetix is a web vulnerability scanner that automatically checks web applications for vulnerabilities such as SQL Injections, cross site scripting, arbitrary file creation/deletion, and weak password strength on authentication pages. It boasts a comfortable GUI, an ability to create professional security audit and compliance reports, and tools for advanced manual webapp testing. Read 7 reviews.

Latest release: version 11 on Nov. 16, 2016 (1 year ago).

(7) ★★★★ Cain and Abel (#6, 3)

UNIX users often smugly assert that the best free security tools support their platform first, and Windows ports are often an afterthought. They are usually right, but Cain & Abel is a glaring exception. This Windows-only password recovery tool handles an enormous variety of tasks. It can recover passwords by sniffing the network, cracking encrypted passwords using dictionary, brute-force and cryptanalysis attacks, recording VoIP conversations, decoding scrambled passwords, revealing password boxes, uncovering cached passwords and analyzing routing protocols. It is also well documented. Read 15 reviews.

Latest release: version 4.9.56 on April 7, 2014 (3 years, 7 months ago).

(11) ★★★★ Aircrack (#4, 17)

Aircrack is a suite of tools for 802.11a/b/g WEP and WPA cracking. It implements the best known cracking algorithms to recover wireless keys once enough encrypted packets have been gathered. . The suite comprises over a dozen discrete tools, including airodump (an 802.11 packet capture program), aireplay (an 802.11 packet injection program), aircrack (static WEP and WPA-PSK cracking), and airdecap (decrypts WEP/WPA capture files). Read 22 reviews.

Latest release: version 1.1 on April 24, 2010 (7 years, 6 months ago).

(16) ★★★★ BackTrack (#7, 25)

This excellent bootable live CD Linux distribution comes from the merger of Whax and Auditor. It boasts a huge variety of Security and Forensics tools and provides a rich development environment. User modularity is emphasized so the distribution can be easily customized by the user to include personal scripts, additional tools, customized kernels, etc. BackTrack is succeeded by Kali Linux. Read 21 reviews.

Latest release: version 5 R3 on Aug. 13, 2012 (5 years, 3 months ago).

(3) ★★★★ tcpdump (#9, 1)

Tcpdump is the network sniffer we all used before (Wireshark) came on the scene, and many of us continue to use it frequently. It may not have the bells and whistles (such as a pretty GUI and parsing logic for hundreds of application protocols) that Wireshark has, but it does the job well and with less security risk. It also requires fewer system resources. While Tcpdump doesn't receive new features often, it is actively maintained to fix bugs and portability problems. It is great for tracking down network problems or monitoring activity. There is a separate Windows port named WinDump. tcpdump is the source of the Libpcap/WinPcap packet capture library, which is used by Nmap and many other tools. Read 4 reviews.

Latest release: version 4.7.4 on April 22, 2015 (2 years, 7 months ago).

(4) ★★★★ John the Ripper (#10, unchanged)

John the Ripper is a fast password cracker for UNIX/Linux and Mac OS X.. Its primary purpose is to detect weak Unix passwords, though it supports hashes for many other platforms as well. There is an official free version, a community-enhanced version (with many contributed patches but not as much quality assurance), and an inexpensive pro version. You will probably want to start with some wordlists, which you can find here, here, or here. Read 11 reviews.

Latest release: version 1.8.0 on May 30, 2013 (4 years, 5 months ago).

(4) ★★★★ Google (#26, 8)

While it is far more than a security tool, Google's massive database is a gold mine for security researchers and penetration testers. You can use it to dig up information about a target company by using directives such as “site:target-domain.com” and find employee names, sensitive information that they wrongly thought was hidden, vulnerable software installations, and more. Similarly, when a bug is found in yet another popular webapp, Google can often provide a list of vulnerable servers worldwide within seconds. Check out the Google Hacking Database and Johnny Long's excellent book: Google Hacking for Penetration Testers. Read 4 reviews.

(1) ★★★★ Maltego (#34, new!)

Maltego is a forensics and data mining application. It is capable of querying various public data sources and graphically depicting the relationships between entities such as people, companies, web sites, and documents. Maltego is an open source intelligence too, but isn't open source software. Read 1 review.

Latest release: version 3.0.3 on Jan. 17, 2011 (6 years, 10 months ago).

(4) ★★★★ QualysGuard (#42, 31)

QualysGuard is a popular SaaS (software as a service) vulnerability management offering. It's web-based UI offers network discovery and mapping, asset prioritization, vulnerability assessment reporting and remediation tracking according to business risk. Internal scans are handled by Qualys appliances which communicate back to the cloud-based system. Read 5 reviews.

Latest release: version 6.18 on Feb. 25, 2011 (6 years, 8 months ago).

(2) ★★★★ AppScan (#47, 51)

AppScan provides security testing throughout the application development lifecycle, easing unit testing and security assurance early in the development phase. Appscan scans for many common vulnerabilities, such as cross site scripting, HTTP response splitting, parameter tampering, hidden field manipulation, backdoors/debug options, buffer overflows and more. AppScan was merged into IBM's Rational division after IBM purchased its original developer (Watchfire) in 2007. Read 2 reviews.

Latest release: version 8.5 on Nov. 15, 2011 (6 years ago).

(1) ★★★★ Medusa (#49, new!)

Medusa is intended to be a speedy, massively parallel, modular, login brute-forcer. It supports many protocols: AFP, CVS, FTP, HTTP, IMAP, rlogin, SSH, Subversion, and VNC to name a few. Other online crackers are THC Hydra and Ncrack. Read 2 reviews.

Latest release: version 2.0 on Feb. 9, 2010 (7 years, 9 months ago).

(3) ★★★★ Firefox (#55, new!)

Firefox is a web browser, a descendant of Mozilla. It emerged as a serious competitor to Internet Explorer, with improved security as one of its features. While Firefox no longer has a stellar security record, security professionals still appreciate it for its wide selection of security-related add-ons, including Tamper Data, Firebug, and NoScript. Read 3 reviews.

Latest release: version 40.0.3 on Aug. 27, 2015 (2 years, 2 months ago).

(2) ★★★★ sslstrip (#61, new!)

sslstrip is an SSL stripping proxy, designed to make unencrypted HTTP sessions look as much as possible like HTTPS sessions. It converts https links to http or to https with a known private key. It even provides a padlock favicon for the illusion of a secure channel. Many HTTPS sites are normally accessed from a redirect on an HTTP page, and many users don't notice when their connection isn't upgraded. Read 2 reviews.

Latest release: version 0.7 on Dec. 18, 2009 (7 years, 11 months ago).

(2) ★★★★ Wikto (#83, 1)

Wikto is a tool that checks for flaws in webservers. It provides much the same functionality as Nikto but adds various interesting pieces of functionality, such as a Back-End miner and close Google integration. Wikto is written for the MS .NET environment and registration is required to download the binary and/or source code. Read 3 reviews.

Latest release: version 2.1.0.0 on Dec. 14, 2008 (8 years, 11 months ago).

(1) ★★★★ Sguil (#86, 1)

Sguil (pronounced sgweel) is built by network security analysts for network security analysts. Sguil's main component is an intuitive GUI that provides access to realtime events, session data, and raw packet captures. Sguil facilitates the practice of Network Security Monitoring and event driven analysis. Read 1 review.

Latest release: version 0.9.0 on March 28, 2014 (3 years, 7 months ago).

(1) ★★★★ Tamper Data (#88, new!)

Tamper Data is an add-on for Firefox that lets you view and modify HTTP requests before they are sent. It shows what information the web browser is sending on your behalf, such as cookies and hidden form fields. Use of this plugin can reveal web applications that trust the client not to misbehave. Read 1 review.

Latest release: version 10.1.1 on Feb. 11, 2010 (7 years, 9 months ago).

(2) ★★★★ Socat (#108, 37)

A utility similar to the venerable Netcat that works over a number of protocols and through a files, pipes, devices (terminal or modem, etc.), sockets (Unix, IP4, IP6 - raw, UDP, TCP), a client for SOCKS4, proxy CONNECT, or SSL, etc. It provides forking, logging, and dumping, different modes for interprocess communication, and many more options. It can be used, for example, as a TCP relay (one-shot or daemon), as a daemon-based socksifier, as a shell interface to Unix sockets, as an IP6 relay, for redirecting TCP-oriented programs to a serial line, or to establish a relatively secure environment (su and chroot) for running client or server shell scripts with network connections. Read 2 reviews.

Latest release: version 2.0.0-b4 on Aug. 2, 2010 (7 years, 3 months ago).

(1) ★★★★ DumpSec (#109, new!)

DumpSec is a security auditing program for Microsoft Windows NT/XP/200x. It dumps the permissions (DACLs) and audit settings (SACLs) for the file system, registry, printers and shares in a concise, readable format, so that holes in system security are readily apparent. DumpSec also dumps user, group and replication information. Read 2 reviews.

Latest release: version 2.8.6 on June 3, 2010 (7 years, 5 months ago).

(2) ★★★★ SAINT (#110, 19)

SAINT is a commercial vulnerability assessment tool. Like Nessus, it used to be free and open source but is now a commercial product. Unlike Nexpose, and QualysGuard, SAINT runs on Linux and Mac OS X. In fact, SAINT is one of the few scanner vendors that don't support (run on) Windows at all. Read 5 reviews.

Latest release: version 7.13 on May 18, 2012 (5 years, 6 months ago).

(1) ★★★★ WinDbg (#113, new!)

WinDbg is a graphical debugger from Microsoft. It is actually just one component of the Debugging Tools for Windows package, which also includes the KD, CDB, and NTSD debuggers. Its claim to fame is debugging memory dumps produced after a crash. It can even debug in kernel mode. Read 1 review.

Latest release: version 10.0.10075.9 on April 29, 2015 (2 years, 6 months ago).

(29) ★★★★ OpenVAS (#19, new!)

OpenVAS is a vulnerability scanner that was forked from the last free version of Nessus after that tool went proprietary in 2005. OpenVAS plugins are still written in the Nessus NASL language. The project seemed dead for a while, but development has restarted. Read 34 reviews.

Latest release: version 8.0 on April 2, 2015 (2 years, 7 months ago).

(4) ★★★★ Websecurify (#102, new!)

Websecurify is a powerful web application security testing environment designed from the ground up to provide the best combination of automatic and manual vulnerability testing technologies. Read 4 reviews.

Latest release: version 1.0.2 on Jan. 15, 2012 (5 years, 10 months ago).

(3) ★★★½ VirusTotal (#94, new!)

VirusTotal is a web service that analyzes submitted files for known viruses and other malware. It incorporates dozens of antivirus engines from different vendors, updated regularly with new signatures. Participating antivirus vendors can get alerts when a file is not detected by their product but is by someone else's. Read 5 reviews.

(6) ★★★½ dsniff (#32, 15)

This popular and well-engineered suite by Dug Song includes many tools: dsniff, filesnarf, mailsnarf, msgsnarf, urlsnarf, and webspy passively monitor a network for interesting data (passwords, e-mail, files, etc.); arpspoof, dnsspoof, and macof facilitate the interception of network traffic normally unavailable to an attacker (e.g, due to layer-2 switching); and sshmitm and webmitm implement active monkey-in-the-middle attacks against redirected ssh and https sessions by exploiting weak bindings in ad-hoc PKI. A separately maintained partial Windows port is available here. The suite suffers from the lack of any updates in the last decade, but it is still a great toolset for handling your password sniffing needs. Read 7 reviews.

Latest release: version 2.3 on Dec. 17, 2000 (16 years, 11 months ago).

← previous page Tools 51–75 of 125 next page →

Categories

[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]