Home page logo
/

SecTools.Org: Top 125 Network Security Tools

For more than a decade, the Nmap Project has been cataloguing the network security community's favorite tools. In 2011 this site became much more dynamic, offering ratings, reviews, searching, sorting, and a new tool suggestion form. This site allows open source and commercial tools on any platform, except those tools that we maintain (such as the Nmap Security Scanner, Ncat network connector, and Nping packet manipulator).

We're very impressed by the collective smarts of the security community and we highly recommend reading the whole list and investigating any tools you are unfamiliar with. Click any tool name for more details on that particular application, including the chance to read (and write) reviews. Many site elements are explained by tool tips if you hover your mouse over them. Enjoy!

Sort by: popularity rating release

Tools 1–25 of 125 next page →

(2) ★★★★ Firefox (#55, new!)

Firefox is a web browser, a descendant of Mozilla. It emerged as a serious competitor to Internet Explorer, with improved security as one of its features. While Firefox no longer has a stellar security record, security professionals still appreciate it for its wide selection of security-related add-ons, including Tamper Data, Firebug, and NoScript. Read 2 reviews.

Latest release: version 28.0 on March 18, 2014 (1 month ago).

(1) ★★★★★ Tor (#53, 6)

Tor is a network of virtual tunnels designed to improve privacy and security on the Internet by routing your requests through a series of intermediate machines. It uses a normal proxy server interface so that ordinary Internet applications like web browsers and chat programs can be configured to use it. In addition to helping preserve users' anonymity, Tor can help evade firewall restrictions. Tor's hidden services allow users publish web sites and other services without revealing their identity or location. For a free cross-platform GUI, users recommend Vidalia. Remember that Tor exit nodes are sometimes run by malicious parties and can sniff your traffic, so avoid authenticating using insecure network protocols (such as non-SSL web sites and mail servers). That is always dangerous, but particularly bad when routing through Tor. Read 1 review.

Latest release: version 0.2.4.21 on Feb. 28, 2014 (1 month, 3 weeks ago).

(5) ★★★★★ Nagios (#69, 2)

Nagios is a system and network monitoring application. It watches hosts and services that you specify, alerting you when things go bad and when they get better. Some of its many features include monitoring of network services (SMTP, POP3, HTTP, NNTP, ICMP, etc.), monitoring of host resources (processor load, disk usage, etc.), and contact notifications when service or host problems occur and get resolved (via email, pager, or user-defined method). Read 6 reviews.

Latest release: version 4.0.3 on Feb. 28, 2014 (1 month, 3 weeks ago).

(3) ★★★★½ Fiddler (#60, new!)

Fiddler is a Web Debugging Proxy which logs all HTTP(S) traffic between your computer and the Internet. Fiddler allows you to inspect all HTTP(S) traffic, set breakpoints, and "fiddle" with incoming or outgoing data. Fiddler includes a powerful event-based scripting subsystem, and can be extended using any .NET language. Read 3 reviews.

Latest release: version 4.4.6.1 on Feb. 20, 2014 (2 months ago).

no rating GDB (#93, new!)

GDB is the GNU Project's debugger. Security folks use it to analyze unknown binaries, by getting disassemblies and stepping through a program instruction by instruction. GDB can debug programs written in Ada, C, C++, Objective-C, Pascal, and other languages. Review this tool.

Latest release: version 7.7 on Feb. 6, 2014 (2 months, 2 weeks ago).

(1) ★★ EnCase (#120, new!)

EnCase is a suite of computer forensics software, commonly used by law enforcement. Its wide use has made it a de-facto standard in forensics. It is made to collect data from a computer in a forensically sound manner (employing checksums to help detect tampering). Read 2 reviews.

Latest release: version 7.09.02 on Feb. 4, 2014 (2 months, 2 weeks ago).

no rating cURL (#100, new!)

curl is a command line tool for transferring data with URL syntax, supporting FTP, FTPS, HTTP, HTTPS, SCP, SFTP, TFTP, TELNET, DICT, LDAP, LDAPS, FILE, IMAP, SMTP, POP3 and RTSP. curl supports SSL certificates, HTTP POST, HTTP PUT, FTP uploading, HTTP form based upload, proxies, cookies, authentication, and more. libcurl provides these capabilities to other programs. Review this tool.

Latest release: version 7.35.0 on Jan. 29, 2014 (2 months, 3 weeks ago).

(1) ★★★★★ Snort (#5, 2)

This network intrusion detection and prevention system excels at traffic analysis and packet logging on IP networks. Through protocol analysis, content searching, and various pre-processors, Snort detects thousands of worms, vulnerability exploit attempts, port scans, and other suspicious behavior. Snort uses a flexible rule-based language to describe traffic that it should collect or pass, and a modular detection engine. Also check out the free Basic Analysis and Security Engine (BASE), a web interface for analyzing Snort alerts.

While Snort itself is free and open source, parent company SourceFire offers their VRT-certified rules for $499 per sensor per year and a complementary product line of software and appliances with more enterprise-level features. Sourcefire also offers a free 30-day delayed feed. Read 2 reviews.

Latest release: version 2.9.6.0 on Jan. 23, 2014 (2 months, 4 weeks ago).

(2) ★★★★★ NoScript (#85, new!)

NoScript is an add-on for Firefox that blocks JavaScript, Java, Flash, and other plugin content (allowing you to selectively re-enable them for certain sites). It also offers cross-site scripting protection. This is mainly designed to keep web users safe, but security testers can also use the add-on to see what scripts a site is using. One caution is that the NoScript author Giorgio Maone has been caught inserting hidden code into NoScript which disabled users' ad-blocking software so that ads would still show up on the NoScript web site. He did post a lengthy apology. Read 3 reviews.

Latest release: version 2.6.8.13 on Jan. 22, 2014 (2 months, 4 weeks ago).

no rating ClamAV (#80, 6)

ClamAV is a powerful AntiVirus scanner focused towards integration with mail servers for attachment scanning. It provides a flexible and scalable multi-threaded daemon, a command line scanner, and a tool for automatic updating via the Internet. Clam AntiVirus is based on a shared library distributed with the Clam AntiVirus package, which you can use with your own software. Most importantly, the virus database is kept up to date. The project was acquired by Sourcefire in 2007. Review this tool.

Latest release: version 0.98.1 on Jan. 14, 2014 (3 months, 1 week ago).

no rating OpenSSL (#50, 9)

The OpenSSL Project is a collaborative effort to develop a robust, commercial-grade, full-featured, and open source toolkit implementing the Secure Sockets Layer (SSL v2/v3) and Transport Layer Security (TLS v1) protocols as well as a full-strength general purpose cryptography library. Apart from being a component of many crypto programs, OpenSSL comes with a lot of command-line tools for encryption, hashing, certificate handling, and more. Review this tool.

Latest release: version 1.0.1f on Jan. 6, 2014 (3 months, 2 weeks ago).

(14) ★★★★★ Wireshark (#1, 1)

Wireshark (known as Ethereal until a trademark dispute in Summer 2006) is a fantastic open source multi-platform network protocol analyzer. It allows you to examine data from a live network or from a capture file on disk. You can interactively browse the capture data, delving down into just the level of packet detail you need. Wireshark has several powerful features, including a rich display filter language and the ability to view the reconstructed stream of a TCP session. It also supports hundreds of protocols and media types. A tcpdump-like console version named tshark is included. One word of caution is that Wireshark has suffered from dozens of remotely exploitable security holes, so stay up-to-date and be wary of running it on untrusted or hostile networks (such as security conferences). Read 25 reviews.

Latest release: version 1.10.5 on Dec. 19, 2013 (4 months ago).

(5) ★★★★½ inSSIDer (#90, new!)

inSSIDer is a wireless network scanner for Windows, OS X, and Android. It was designed to overcome limitations of NetStumbler, namely not working well on 64-bit Windows and Windows Vista. inSSIDer can find open wireless access points, track signal strength over time, and save logs with GPS records. Read 9 reviews.

Latest release: version 3.1.2.1 on Dec. 18, 2013 (4 months ago).

(2) ★★★★½ OSSIM (#48, new!)

Alienvault OSSIM stands for Open Source Security Information Management. Its goal is to provide a comprehensive compilation of tools which, when working together, grant network/security administrators with a detailed view over each and every aspect of networks, hosts, physical access devices, and servers. OSSIM incorporates several other tools, including Nagios and OSSEC HIDS. Read 2 reviews.

Latest release: version 4.4 on Dec. 13, 2013 (4 months, 1 week ago).

(5) ★★★★ Metasploit (#2, 3)

Metasploit took the security world by storm when it was released in 2004. It is an advanced open-source platform for developing, testing, and using exploit code. The extensible model through which payloads, encoders, no-op generators, and exploits can be integrated has made it possible to use the Metasploit Framework as an outlet for cutting-edge exploitation research. It ships with hundreds of exploits, as you can see in their list of modules. This makes writing your own exploits easier, and it certainly beats scouring the darkest corners of the Internet for illicit shellcode of dubious quality. One free extra is Metasploitable, an intentionally insecure Linux virtual machine you can use for testing Metasploit and other exploitation tools without hitting live servers.

Metasploit was completely free, but the project was acquired by Rapid7 in 2009 and it soon sprouted commercial variants. The Framework itself is still free and open source, but they now also offer a free-but-limited Community edition, a more advanced Express edition ($3,000 per year per user), and a full-featured Pro edition ($15,000 per user per year). Other paid exploitation tools to consider are Core Impact (more expensive) and Canvas (less).

The Metasploit Framework now includes an official Java-based GUI and also Raphael Mudge's excellent Armitage. The Community, Express, and Pro editions have web-based GUIs. Read 9 reviews.

Latest release: version 4.8.2 on Dec. 12, 2013 (4 months, 1 week ago).

(1) ★★★★★ OSSEC HIDS (#27, 29)

OSSEC HIDS performs log analysis, integrity checking, rootkit detection, time-based alerting and active response. In addition to its IDS functionality, it is commonly used as a SEM/SIM solution. Because of its powerful log analysis engine, ISPs, universities and data centers are running OSSEC HIDS to monitor and analyze their firewalls, IDSs, web servers and authentication logs. Read 2 reviews.

Latest release: version 2.7.1 on Nov. 20, 2013 (5 months ago).

(1) ★★★★ tcpdump (#9, 1)

Tcpdump is the network sniffer we all used before (Wireshark) came on the scene, and many of us continue to use it frequently. It may not have the bells and whistles (such as a pretty GUI and parsing logic for hundreds of application protocols) that Wireshark has, but it does the job well and with less security risk. It also requires fewer system resources. While Tcpdump doesn't receive new features often, it is actively maintained to fix bugs and portability problems. It is great for tracking down network problems or monitoring activity. There is a separate Windows port named WinDump. tcpdump is the source of the Libpcap/WinPcap packet capture library, which is used by Nmap and many other tools. Read 2 reviews.

Latest release: version 4.5.1 on Nov. 20, 2013 (5 months ago).

no rating VMware (#43, 46)

VMware virtualization software lets you run one operating system within another. This is quite useful for security researchers who commonly need to test code, exploits, etc on multiple platforms. It only runs on Windows and Linux as the host OS, but pretty much any x86 or x86_64 OS will run inside the virtualized environment. It is also useful for setting up sandboxes. You can browse from within a VMware window so the even if you are infected with malware, it cannot reach your host OS. And recovering the guest OS is as simple as loading a "snapshot" from prior to the infection. VMware player (executes, but can't create OS images) and VMWare Server (partitions a physical server machine into multiple virtual machines) were recently released for free. An open-source alternative is VirtualBox. Xen is a Linux-specific virtualization system. Review this tool.

Latest release: version 10.0.1 on Oct. 24, 2013 (5 months, 4 weeks ago).

no rating OllyDbg (#44, 49)

OllyDbg is a 32-bit assembler level analyzing debugger for Microsoft Windows. Emphasis on binary code analysis makes it particularly useful in cases where source is unavailable. OllyDbg features an intuitive user interface, advanced code analysis capable of recognizing procedures, loops, API calls, switches, tables, constants and strings, an ability to attach to a running program, and good multi-thread support. OllyDbg is free to download and use but no source code is provided. Review this tool.

Latest release: version 2.01 on Sept. 27, 2013 (6 months, 3 weeks ago).

(4) ★★★★★ Ettercap (#16, 5)

Ettercap is a suite for man in the middle attacks on LAN. It features sniffing of live connections, content filtering on the fly and many other interesting tricks. It supports active and passive dissection of many protocols (even ciphered ones) and includes many feature for network and host analysis. Read 6 reviews.

Latest release: version 0.8.0-Lacassagne on Sept. 21, 2013 (7 months ago).

no rating BeEF (#77, new!)

BeEF is a browser exploitation framework. This tool will demonstrate the collecting of zombie browsers and browser vulnerabilities in real-time. It provides a command and control interface which facilitates the targeting of individual or groups of zombie browsers. It is designed to make the creation of new exploit modules easy. Read 3 reviews.

Latest release: version 0.4.4.7 on Aug. 1, 2013 (8 months, 3 weeks ago).

(2) ★★★★★ KeePass (#92, new!)

KeePass is a password manager. It stores many passwords which are unlocked by one master password. The idea is to only have to remember one high-quality password, and still be able to use unique passwords for various accounts. It has a feature to automatically fill in passwords in web forms. Read 2 reviews.

Latest release: version 1.26 on July 12, 2013 (9 months, 1 week ago).

no rating Knoppix (#103, 43)

Knoppix consists of a representative collection of GNU/Linux software, automatic hardware detection, and support for many graphics cards, sound cards, SCSI and USB devices and other peripherals. Knoppix can be used as a productive Linux system for the desktop, educational CD, rescue system, or as many Nmap survey takers attest, a portable security tool. For a security-specific Linux distribution see BackTrack. Review this tool.

Latest release: version 7.2.0 on June 24, 2013 (10 months ago).

(4) ★★★★★ ophcrack (#35, new!)

Ophcrack is a free rainbow-table based cracker for Windows passwords (though the tool itself runs on Linux, Windows, and Mac). Features include LM and NTLM hash cracking, a GUI, the ability to load hashes from encrypted SAM recovered from a Windows partition, and a Live CD version. Some tables are provided as a free download but larger ones have to be bought from Objectif Sécurité. Read 6 reviews.

Latest release: version 3.6.0 on June 4, 2013 (10 months, 3 weeks ago).

no rating OpenVPN (#56, 36)

OpenVPN is an open-source SSL VPN package which can accommodate a wide range of configurations, including remote access, site-to-site VPNs, WiFi security, and enterprise-scale remote access solutions with load balancing, failover, and fine-grained access-controls. OpenVPN implements OSI layer 2 or 3 secure network extension using the industry standard SSL/TLS protocol, supports flexible client authentication methods based on certificates, smart cards, and/or 2-factor authentication, and allows user or group-specific access control policies using firewall rules applied to the VPN virtual interface. OpenVPN uses OpenSSL as its primary cryptographic library. Review this tool.

Latest release: version 2.3.2 on June 3, 2013 (10 months, 3 weeks ago).

Tools 1–25 of 125 next page →

Categories

[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]