Home page logo
/

SecTools.Org: Top 125 Network Security Tools

For more than a decade, the Nmap Project has been cataloguing the network security community's favorite tools. In 2011 this site became much more dynamic, offering ratings, reviews, searching, sorting, and a new tool suggestion form. This site allows open source and commercial tools on any platform, except those tools that we maintain (such as the Nmap Security Scanner, Ncat network connector, and Nping packet manipulator).

We're very impressed by the collective smarts of the security community and we highly recommend reading the whole list and investigating any tools you are unfamiliar with. Click any tool name for more details on that particular application, including the chance to read (and write) reviews. Many site elements are explained by tool tips if you hover your mouse over them. Enjoy!

Sort by: popularity rating release date

← previous page Tools 76–100 of 125 next page →

(3) ★★★½ VirusTotal (#94, new!)

VirusTotal is a web service that analyzes submitted files for known viruses and other malware. It incorporates dozens of antivirus engines from different vendors, updated regularly with new signatures. Participating antivirus vendors can get alerts when a file is not detected by their product but is by someone else's. Read 5 reviews.

(6) ★★★½ dsniff (#32, 15)

This popular and well-engineered suite by Dug Song includes many tools: dsniff, filesnarf, mailsnarf, msgsnarf, urlsnarf, and webspy passively monitor a network for interesting data (passwords, e-mail, files, etc.); arpspoof, dnsspoof, and macof facilitate the interception of network traffic normally unavailable to an attacker (e.g, due to layer-2 switching); and sshmitm and webmitm implement active monkey-in-the-middle attacks against redirected ssh and https sessions by exploiting weak bindings in ad-hoc PKI. A separately maintained partial Windows port is available here. The suite suffers from the lack of any updates in the last decade, but it is still a great toolset for handling your password sniffing needs. Read 7 reviews.

Latest release: version 2.3 on Dec. 17, 2000 (17 years, 6 months ago).

(6) ★★★½ GFI LanGuard (#40, 20)

GFI LanGuard is a network security and vulnerability scanner designed to help with patch management, network and software audits, and vulnerability assessments. The price is based on the number of IP addresses you wish to scan. A free trial version (up to 5 IP addresses) is available. Read 6 reviews.

Latest release: version 2011 on May 19, 2001 (17 years, 1 month ago).

(2) ★★★½ NetWitness NextGen (#67, new!)

NetWitness NextGen is a network security monitor. The heart of the monitor is the Decoder subsystem that records network traffic for analysis. The Investigator is a protocol analyzer meant to be run on captured traffic. Read 2 reviews.

Latest release: version 9.0.5.4 on March 17, 2010 (8 years, 3 months ago).

(4) ★★★½ Immunity Debugger (#70, new!)

Immunity Debugger is a debugger whose design reflects the need to write exploits, analyze malware, and reverse engineer binary files. It builds on a solid user interface with function graphing, the industry's first heap analysis tool built specifically for heap creation, and a large and well supported Python API for easy extensibility. Read 6 reviews.

Latest release: version 1.80 on Dec. 6, 2010 (7 years, 6 months ago).

(2) ★★★½ The Sleuth Kit (#101, new!)

The Sleuth Kit (previously known as TSK) is a collection of UNIX-based command line file and volume system forensic analysis tools. The file system tools allow you to examine file systems of a suspect computer in a non-intrusive fashion. Because the tools do not rely on the operating system to process the file systems, deleted and hidden content is shown. A graphical interface to the tools called Autopsy is available. Read 2 reviews.

Latest release: version 4.0.1 on Nov. 13, 2012 (5 years, 7 months ago).

(4) ★★★½ Brutus (#119, 42)

This Windows-only cracker bangs against network services of remote systems trying to guess passwords by using a dictionary and permutations thereof. It supports HTTP, POP3, FTP, SMB, TELNET, IMAP, NNTP, and more. No source code is available. UNIX users should take a look at THC Hydra. Read 5 reviews.

Latest release: version AET2 on Jan. 28, 2000 (18 years, 5 months ago).

(15) ★★★½ w3af (#18, new!)

W3af is an extremely popular, powerful, and flexible framework for finding and exploiting web application vulnerabilities. It is easy to use and extend and features dozens of web assessment and exploitation plugins. In some ways it is like a web-focused Metasploit. Read 17 reviews.

Latest release: version 1.1 on Oct. 11, 2011 (6 years, 8 months ago).

(7) ★★★½ HP WebInspect (#76, 36)

WebInspect is a web application security assessment tool that helps identify known and unknown vulnerabilities within the Web application layer. It can also help check that a Web server is configured properly, and attempts common web attacks such as parameter injection, cross-site scripting, directory traversal, and more. It was produced by Spidynamics, which is now part of HP. Read 10 reviews.

Latest release: version 9.10 on June 27, 2011 (6 years, 12 months ago).

(15) ★★★ Nessus (#3, 2)

Nessus is one of the most popular and capable vulnerability scanners, particularly for UNIX systems. It was initially free and open source, but they closed the source code in 2005 and removed the free "Registered Feed" version in 2008. It now costs $2,190 per year, which still beats many of its competitors. A free “Nessus Home” version is also available, though it is limited and only licensed for home network use.

Nessus is constantly updated, with more than 70,000 plugins. Key features include remote and local (authenticated) security checks, a client/server architecture with a web-based interface, and an embedded scripting language for writing your own plugins or understanding the existing ones. Read 20 reviews.

Latest release: version 6.3.3 on March 16, 2015 (3 years, 3 months ago).

(2) ★★★ OllyDbg (#44, 49)

OllyDbg is a 32-bit assembler level analyzing debugger for Microsoft Windows. Emphasis on binary code analysis makes it particularly useful in cases where source is unavailable. OllyDbg features an intuitive user interface, advanced code analysis capable of recognizing procedures, loops, API calls, switches, tables, constants and strings, an ability to attach to a running program, and good multi-thread support. OllyDbg is free to download and use but no source code is provided. Read 2 reviews.

Latest release: version 2.01 on Sept. 27, 2013 (4 years, 8 months ago).

(2) ★★★ Ntop (#45, 9)

Ntop shows network usage in a way similar to what top does for processes. In interactive mode, it displays the network status on the user's terminal. In Web mode, it acts as a Web server, creating an HTML dump of the network status. It sports a NetFlow/sFlow emitter/collector, an HTTP-based client interface for creating ntop-centric monitoring applications, and RRD for persistently storing traffic statistics. Read 2 reviews.

Latest release: version 4.0.3 on Oct. 24, 2010 (7 years, 8 months ago).

(3) ★★★ MBSA (#46, 54)

Microsoft Baseline Security Analyzer (MBSA) is an easy-to-use tool designed for the IT professional that helps small and medium-sized businesses determine their security state in accordance with Microsoft security recommendations and offers specific remediation guidance. Built on the Windows Update Agent and Microsoft Update infrastructure, MBSA ensures consistency with other Microsoft management products including Microsoft Update (MU), Windows Server Update Services (WSUS), Systems Management Server (SMS) and Microsoft Operations Manager (MOM). Apparently MBSA on average scans over 3 million computers each week. Read 3 reviews.

Latest release: version 2.3 on Nov. 12, 2013 (4 years, 7 months ago).

(1) ★★★ fgdump (#52, 5)

fgdump is a newer version of the pwdump tool for extracting NTLM and LanMan password hashes from Windows. It is also capable of displaying password histories if they are available. It outputs the data in L0phtCrack-compatible form, and can write to an output file. fgdump attempts to disable antivirus software before running. It then runs pwdump, cachedump (cached credentials dump), and pstgdump (protected storage dump). Read 1 review.

Latest release: version 2.1.0 on Sept. 18, 2008 (9 years, 9 months ago).

(2) ★★★ Superscan (#71, 49)

Superscan is a free Windows-only closed-source TCP/UDP port scanner by Foundstone (now part of McAfee). It includes a variety of additional networking tools such as ping, traceroute, HTTP HEAD, and whois. Some functionality has been crippled by restrictions imposed by Microsoft in Windows XP SP2 and newer releases. This tool is not really maintained (the latest release was in 2004). Read 4 reviews.

Latest release: version 4.0 on March 11, 2004 (14 years, 3 months ago).

(1) ★★★ NetworkMiner (#82, new!)

NetworkMiner is a Network Forensic Analysis Tool for Windows. NetworkMiner can be used as a passive network sniffer/packet capturing tool in order to detect operating systems, sessions, hostnames, open ports etc. without putting any traffic on the network. NetworkMiner can also parse pcap files for off-line analysis and to regenerate/reassemble transmitted files and certificates from pcap files. In contrast to other sniffers like Wireshark, NetworkMiner's display focuses on hosts and their attributes rather than raw packets. Read 1 review.

Latest release: version 1.0 on Feb. 5, 2011 (7 years, 4 months ago).

(3) ★★★ Wapiti (#121, new!)

Wapiti allows you to audit the security of your web applications. It performs "black-box" scans; i.e., it does not study the source code of the application but will scans the webpages of the deployed webapp, looking for scripts and forms where it can inject data. Once it gets this list, Wapiti acts like a fuzzer, injecting payloads to see if a script is vulnerable. Read 4 reviews.

Latest release: version 2.2.1 on Dec. 29, 2009 (8 years, 5 months ago).

(12) ★★½ Nexpose (#36, new!)

Rapid7 Nexpose is a vulnerability scanner which aims to support the entire vulnerability management lifecycle, including discovery, detection, verification, risk classification, impact analysis, reporting and mitigation. It integrates with Rapid7's Metasploit for vulnerability exploitation. It is sold as standalone software, an appliance, virtual machine, or as a managed service or private cloud deployment. User interaction is through a web browser. There is a free but limited community edition as well as commercial versions which start at $2,000 per user per year. Read 14 reviews.

(3) ★★½ Angry IP Scanner (#66, 15)

Angry IP Scanner is a small open source Java application which performs host discovery ("ping scan") and port scans. The old 2.x release was Windows-only, but the new 3.X series runs on Linux, Mac, or Windows as long as Java is installed. Version 3.X omits the vampire zebra logo. As with all connect()-based scanners, performance on Windows XP SP2 and newer be poor due to limitations added to tcpip.sys. The FAQ provides details and workarounds. A short review was posted to nmap-dev in 2008. Read 5 reviews.

Latest release: version 3.0-beta4 on March 23, 2009 (9 years, 3 months ago).

(2) ★★½ Paros proxy (#24, 8)

A Java-based web proxy for assessing web application vulnerability. It supports editing/viewing HTTP/HTTPS messages on-the-fly to change items such as cookies and form fields. It includes a web traffic recorder, web spider, hash calculator, and a scanner for testing common web application attacks such as SQL injection and cross-site scripting. Read 4 reviews.

Latest release: version 3.2.13 on Aug. 8, 2006 (11 years, 10 months ago).

(1) ★★ EnCase (#120, new!)

EnCase is a suite of computer forensics software, commonly used by law enforcement. Its wide use has made it a de-facto standard in forensics. It is made to collect data from a computer in a forensically sound manner (employing checksums to help detect tampering). Read 2 reviews.

Latest release: version 7.10.05 on March 18, 2015 (3 years, 3 months ago).

(2) ★½ ArcSight SIEM platform (#115, new!)

ArcSight provides a suite of tools for SIEM—security information and event management. The best-known seems to be ArcSight Enterprise Security Manager (ESM), described as the "brain" of the SIEM platform. It is a log analyzer and correlation engine designed to sift out important network events. The ESM itself is a standalone appliance, and the management programs run on Linux, Windows, AIX, and Solaris. For open-source alternatives see OSSEC HIDS and OSSIM. Read 2 reviews.

(1) Honeyd (#124, 44)

Honeyd is a small daemon that creates virtual hosts on a network. The hosts can be configured to run arbitrary services, and their TCP personality can be adapted so that they appear to be running certain versions of operating systems. Honeyd enables a single host to claim multiple addresses on a LAN for network simulation. It is possible to ping the virtual machines, or to traceroute them. Any type of service on the virtual machine can be simulated according to a simple configuration file. It is also possible to proxy services to another machine rather than simulating them. It has many library dependencies, which can make compiling/installing Honeyd difficult. Read 2 reviews.

Latest release: version 1.5c on May 27, 2007 (11 years ago).

no rating Perl/Python/Ruby (#23, 3)

While many canned security tools are available on this site for handling common tasks, scripting languages allow you to write your own (or modify existing ones) when you need something more custom. Quick, portable scripts can test, exploit, or even fix systems. Archives like CPAN are filled with modules such as Net::RawIP and protocol implementations to make your tasks even easier. Many security tools use scripting languages heavily for extensibility. For example Scapy interaction is through a Python interpreter, Metasploit modules are written in Ruby, and Nmap's scripting engine uses Lua. Review this tool.

no rating IDA Pro (#33, 12)

Disassembly is a big part of security research. It will help you dissect that Microsoft patch to discover the silently fixed bugs they don't tell you about, or more closely examine a server binary to determine why your exploit isn't working. Many debuggers are available, but IDA Pro has become the de-facto standard for the analysis of hostile code and vulnerability research. This interactive, programmable, extensible, multi-processor disassembler has a graphical interface on Windows and console interfaces on Linux and Mac OS X. Review this tool.

Latest release: version 6.8 on April 13, 2015 (3 years, 2 months ago).

← previous page Tools 76–100 of 125 next page →

Categories

[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]