<a href="http://g.adspeed.net/ad.php?do=clk&zid=14678&wd=728&ht=90&pair=as" target="_top"><img style="border:0px;" src="http://g.adspeed.net/ad.php?do=img&zid=14678&wd=728&ht=90&pair=as" alt="i" width="728" height="90"/></a>

Nmap Security Scanner

Docs
Security Lists

Full Disclosure

More
Security Tools

Packet crafters

More
Site News
Site Search:
Exploit World
Advertising
About/Contact
Credits
Sponsors:

Top 100 Network Security Tools (Page 3/4)

Welcome to page 3 of the top network security tools site, covering tools ranked #51-75. Survey methedology and icon descriptions can be found on page 1.
#51

Angry IP Scanner : IP address and port scanner
Angry IP Scanner is a small open source Java application which performs host discovery ("ping scan") and port scans. The old 2.x release was Windows-only, but the new 3.X series runs on Linux, Mac, or Windows as long as Java is installed. Version 3.X omits the vampire zebra logo. As with all connect()-based scanners, performance on Windows XP SP2 and Vista can be poor due to limitations added to tcpip.sys. The Angry FAQ provides details and workarounds. A short review was posted to nmap-dev.
See all port scanners

RKHunter : An Unix Rootkit Detector
RKHunter is scanning tool that checks for signs of various pieces of nasty software on your system like rootkits, backdoors and local exploits. It runs many tests, including MD5 hash comparisons, default filenames used by rootkits, wrong file permissions for binaries, and suspicious strings in LKM and KLD modules.

See all rootkit detectors

Ike-scan : VPN detector/scanner
Ike-scan exploits transport characteristics in the Internet Key Exchange (IKE) service, the mechanism used by VPNs to establish a connection between a server and a remote client. It scans IP addresses for VPN servers by sending a specially crafted IKE packet to each host within a network. Most hosts running IKE will respond, identifying their presence. The tool then remains silent and monitors retransmission packets. These retransmission responses are recorded, displayed and matched against a known set of VPN product fingerprints. Ike-scan can VPNs from manufacturers including Checkpoint, Cisco, Microsoft, Nortel, and Watchguard.

See all application-specific scanners

Arpwatch : Keeps track of ethernet/IP address pairings and can detect certain monkey business
Arpwatch is the classic ARP man-in-the-middle attack detector from LBNL's Network Research Group. It syslogs activity and reports certain changes via email. Arpwatch uses LibPcap to listen for ARP packets on a local ethernet interface.

KisMAC : A A GUI passive wireless stumbler for Mac OS X
This popular stumbler for Mac OS X offers many of the features of its namesake Kismet, though the codebase is entirely different. Unlike console-based Kismet, KisMAC offers a pretty GUI and was around before Kismet was ported to OS X. It also offers mapping, Pcap-format import and logging, and even some decryption and deauthentication attacks.

See all wireless tools, and packet sniffers

OSSEC HIDS : An Open Source Host-based Intrusion Detection System
OSSEC HIDS performs log analysis, integrity checking, rootkit detection, time-based alerting and active response. In addition to its IDS functionality, it is commonly used as a SEM/SIM solution. Because of its powerful log analysis engine, ISPs, universities and data centers are running OSSEC HIDS to monitor and analyze their firewalls, IDSs, web servers and authentication logs.

See all intrusion detection systems

4

Openbsd PF : The OpenBSD Packet Filter
Like Netfilter and IP Filter on other platforms, OpenBSD users love PF, their firewall tool. It handles network address translation, normalizing TCP/IP traffic, providing bandwidth control, and packet prioritization. It also offers some eccentric features, such as passive OS detection. Coming from the same guys who created OpenBSD, you can trust that it has been well audited and coded to avoid the sort of security holes we have seen in other packet filters.

See all firewalls

Nemesis : Packet injection simplified
The Nemesis Project is designed to be a commandline-based, portable human IP stack for UNIX/Linux (and now Windows!). The suite is broken down by protocol, and should allow for useful scripting of injected packet streams from simple shell scripts. If you enjoy Nemesis, you might also want to look at Hping2 as they complement each other well.

See all packet crafting tools

Tor : An anonymous Internet communication system
Tor is a toolset for a wide range of organizations and people that want to improve their safety and security on the Internet. Using Tor can help you anonymize web browsing and publishing, instant messaging, irc, ssh, and other applications that use the TCP protocol. Tor also provides a platform on which software developers can build new applications with built-in anonymity, safety, and privacy features. For a free cross-platform GUI, users recommend Vidalia

See all encryption tools

Knoppix : A general-purpose bootable live system on CD or DVD
Knoppix consists of a representative collection of GNU/Linux software, automatic hardware detection, and support for many graphics cards, sound cards, SCSI and USB devices and other peripherals. KNOPPIX can be used as a productive Linux system for the desktop, educational CD, rescue system, or as many nmap survey takers attest, a portable security tool. For a security-specific Linux distribution see BackTrack.

See all security-oriented operating systems

ISS Internet Scanner : Application-level vulnerability assessment
Internet Scanner started off in '92 as a tiny open source scanner by Christopher Klaus. Now he has grown ISS into a billion-dollar company with a myriad of security products.

See all vulnerability scanners

Fport : Foundstone's enhanced netstat
Fport reports all open TCP/IP and UDP ports on the machine you run it on and shows what application opened each port. So it can be used to quickly identify unknown open ports and their associated applications. It only runs on Windows, but many UNIX systems now provided this information via netstat (try 'netstat -pan' on Linux). Here is a PDF-Format SANS article on using Fport and analyzing the results.

chkrootkit : Locally checks for signs of a rootkit
chkrootkit is a flexible, portable tool that can check for many signs of rootkit intrusion on Unix-based systems. Its features include detecting binary modification, utmp/wtmp/lastlog modifications, promiscuous interfaces, and malicious kernel modules.

See all rootkit detectors

SPIKE Proxy : HTTP Hacking
Spike Proxy is an open source HTTP proxy for finding security flaws in web sites. It is part of the Spike Application Testing Suite and supports automated SQL injection detection, web site crawling, login form brute forcing, overflow detection, and directory traversal detection.

See all application-specific scanners

OpenBSD : The Proactively Secure Operating System
OpenBSD is one of the only operating systems to treat security as their very highest priority. Even higher than usability in some cases. But their enviable security record speaks for itself. They also focus on stability and fight to obtain documentation for the hardware they wish to support. Perhaps their greatest achievement was creating OpenSSH. OpenBSD users also love [pf], their firewall tool.

See all security-oriented operating systems

Yersinia : A multi-protocol low-level attack tool
Yersinia is a low-level protocol attack tool useful for penetration testing. It is capable of many diverse attacks over multiple protocols, such as becoming the root role in the Spanning Tree (Spanning Tree Protocol), creating virtual CDP (Cisco Discovery Protocol) neighbors, becoming the active router in a HSRP (Hot Standby Router Protocol) scenario, faking DHCP replies, and other low-level attacks.

See all packet crafting tools

Nagios : An open source host, service and network monitoring program
Nagios is a system and network monitoring application. It watches hosts and services that you specify, alerting you when things go bad and when they get better. Some of its many features include monitoring of network services (smtp, pop3, http, nntp, ping, etc.), monitoring of host resources (processor load, disk usage, etc.), and contact notifications when service or host problems occur and get resolved (via email, pager, or user-defined method).

See all traffic monitoring tools

Fragroute/Fragrouter : A network intrusion detection evasion toolkit
Fragrouter is a one-way fragmenting router - IP packets get sent from the attacker to the Fragrouter, which transforms them into a fragmented data stream to forward to the victim. Many network IDS are unable or simply don't bother to reconstruct a coherent view of the network data (via IP fragmentation and TCP stream reassembly), as discussed in this classic paper. Fragrouter helps an attacker launch IP-based attacks while avoiding detection. It is part of the NIDSbench suite of tools by Dug Song. Fragroute is a similar tool which is also by Dug Song.

See all intrusion detection systems

X-scan : A general scanner for scanning network vulnerabilities
A multi-threaded, plug-in-supported vulnerability scanner. X-Scan includes many features, including full NASL support, detecting service types, remote OS type/version detection, weak user/password pairs, and more. You may be able to find newer versions available here if you can deal with most of the page being written in Chinese.

See all vulnerability scanners

Whisker/libwhisker : Rain.Forest.Puppy's CGI vulnerability scanner and library
Libwhisker is a Perl module geared geared towards HTTP testing. It provides functions for testing HTTP servers for many known security holes, particularly the presence of dangerous CGIs. Whisker is a scanner that used libwhisker but is now deprecated in favor of Nikto which also uses libwhisker.

See all web vulnerability scanners

Socat : A relay for bidirectional data transfer
A utility similar to the venerable Netcat that works over a number of protocols and through a files, pipes, devices (terminal or modem, etc.), sockets (Unix, IP4, IP6 - raw, UDP, TCP), a client for SOCKS4, proxy CONNECT, or SSL, etc. It provides forking, logging, and dumping, different modes for interprocess communication, and many more options. It can be used, for example, as a TCP relay (one-shot or daemon), as a daemon-based socksifier, as a shell interface to Unix sockets, as an IP6 relay, for redirecting TCP-oriented programs to a serial line, or to establish a relatively secure environment (su and chroot) for running client or server shell scripts with network connections.

See all Netcats

Sara : Security Auditor's Research Assistant
SARA is a vulnerability assessment tool derived from the infamous (at least in 1995) SATAN scanner. They ceased development after releasing version 7.9.1 in June 2009.

See all vulnerability scanners

QualysGuard : A web-based vulnerability scanner
Delivered as a service over the Web, QualysGuard eliminates the burden of deploying, maintaining, and updating vulnerability management software or implementing ad-hoc security applications. Clients securely access QualysGuard through an easy-to-use Web interface. QualysGuard features 5,000+ unique vulnerability checks, an Inference-based scanning engine, and automated daily updates to the QualysGuard vulnerability KnowledgeBase.

See all vulnerability scanners

ClamAV : A GPL anti-virus toolkit for UNIX
ClamAV is a powerful AntiVirus scanner focused towards integration with mail servers for attachment scanning. It provides a flexible and scalable multi-threaded daemon, a command line scanner, and a tool for automatic updating via the Internet. Clam AntiVirus is based on a shared library distributed with the Clam AntiVirus package, which you can use with your own software. Most importantly, the virus database is kept up to date.

8

cheops / cheops-ng : Gives a simple interface to many network utilities, maps local or remote networks and identifies OS of machines
Cheops provides the functionality of many network utilities through a comfortable, powerful GUI. It has host/network discovery functionality as well as OS detection of hosts. Cheops-ng has the ability to probe hosts to see what services they are running. On some services, cheops-ng is actually able to see what program is running for a service and the version number of that program. The original Cheops program is currently not being developed or maintained so users are advised to use cheops-ng.

Prev

Home

Next

[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]