SecTools.Org: Top 125 Network Security Tools
For more than a decade, the Nmap Project has been cataloguing the network security community's favorite tools. In 2011 this site became much more dynamic, offering ratings, reviews, searching, sorting, and a new tool suggestion form. This site allows open source and commercial tools on any platform, except those tools that we maintain (such as the Nmap Security Scanner, Ncat network connector, and Nping packet manipulator).
We're very impressed by the collective smarts of the security community and we highly recommend reading the whole list and investigating any tools you are unfamiliar with. Click any tool name for more details on that particular application, including the chance to read (and write) reviews. Many site elements are explained by tool tips if you hover your mouse over them. Enjoy!
← previous page Tools 41–50 of 125 next page →
(5) ★★★½ Acunetix (#41, 55)
Acunetix is a web vulnerability scanner that automatically checks web applications for vulnerabilities such as SQL Injections, cross site scripting, arbitrary file creation/deletion, and weak password strength on authentication pages. It boasts a comfortable GUI, an ability to create professional security audit and compliance reports, and tools for advanced manual webapp testing. Read 8 reviews.
Latest release: version 11 on Nov. 16, 2016 (8 years ago).
(4) ★★★★ QualysGuard (#42, 31)
QualysGuard is a popular SaaS (software as a service) vulnerability management offering. It's web-based UI offers network discovery and mapping, asset prioritization, vulnerability assessment reporting and remediation tracking according to business risk. Internal scans are handled by Qualys appliances which communicate back to the cloud-based system. Read 5 reviews.
Latest release: version 6.18 on Feb. 25, 2011 (13 years, 9 months ago).
(1) ★★★★★ VMware (#43, 46)
VMware virtualization software lets you run one operating system within another. This is quite useful for security researchers who commonly need to test code, exploits, etc on multiple platforms. It only runs on Windows and Linux as the host OS, but pretty much any x86 or x86_64 OS will run inside the virtualized environment. It is also useful for setting up sandboxes. You can browse from within a VMware window so the even if you are infected with malware, it cannot reach your host OS. And recovering the guest OS is as simple as loading a "snapshot" from prior to the infection. VMware player (executes, but can't create OS images) and VMWare Server (partitions a physical server machine into multiple virtual machines) were recently released for free. An open-source alternative is VirtualBox. Xen is a Linux-specific virtualization system. Read 1 review.
Latest release: version 12.0.0 on Aug. 24, 2015 (9 years, 3 months ago).
(2) ★★★ OllyDbg (#44, 49)
OllyDbg is a 32-bit assembler level analyzing debugger for Microsoft Windows. Emphasis on binary code analysis makes it particularly useful in cases where source is unavailable. OllyDbg features an intuitive user interface, advanced code analysis capable of recognizing procedures, loops, API calls, switches, tables, constants and strings, an ability to attach to a running program, and good multi-thread support. OllyDbg is free to download and use but no source code is provided. Read 2 reviews.
Latest release: version 2.01 on Sept. 27, 2013 (11 years, 2 months ago).
(2) ★★★ Ntop (#45, 9)
Ntop shows network usage in a way similar to what top does for processes. In interactive mode, it displays the network status on the user's terminal. In Web mode, it acts as a Web server, creating an HTML dump of the network status. It sports a NetFlow/sFlow emitter/collector, an HTTP-based client interface for creating ntop-centric monitoring applications, and RRD for persistently storing traffic statistics. Read 2 reviews.
Latest release: version 4.0.3 on Oct. 24, 2010 (14 years, 1 month ago).
(3) ★★★ MBSA (#46, 54)
Microsoft Baseline Security Analyzer (MBSA) is an easy-to-use tool designed for the IT professional that helps small and medium-sized businesses determine their security state in accordance with Microsoft security recommendations and offers specific remediation guidance. Built on the Windows Update Agent and Microsoft Update infrastructure, MBSA ensures consistency with other Microsoft management products including Microsoft Update (MU), Windows Server Update Services (WSUS), Systems Management Server (SMS) and Microsoft Operations Manager (MOM). Apparently MBSA on average scans over 3 million computers each week. Read 3 reviews.
Latest release: version 2.3 on Nov. 12, 2013 (11 years, 1 month ago).
(2) ★★★★ AppScan (#47, 51)
AppScan provides security testing throughout the application development lifecycle, easing unit testing and security assurance early in the development phase. Appscan scans for many common vulnerabilities, such as cross site scripting, HTTP response splitting, parameter tampering, hidden field manipulation, backdoors/debug options, buffer overflows and more. AppScan was merged into IBM's Rational division after IBM purchased its original developer (Watchfire) in 2007. Read 2 reviews.
Latest release: version 8.5 on Nov. 15, 2011 (13 years, 1 month ago).
(3) ★★★★½ OSSIM (#48, new!)
Alienvault OSSIM stands for Open Source Security Information Management. Its goal is to provide a comprehensive compilation of tools which, when working together, grant network/security administrators with a detailed view over each and every aspect of networks, hosts, physical access devices, and servers. OSSIM incorporates several other tools, including Nagios and OSSEC HIDS. Read 3 reviews.
Latest release: version 5.0.3 on June 2, 2015 (9 years, 6 months ago).
(1) ★★★★ Medusa (#49, new!)
Medusa is intended to be a speedy, massively parallel, modular, login brute-forcer. It supports many protocols: AFP, CVS, FTP, HTTP, IMAP, rlogin, SSH, Subversion, and VNC to name a few. Other online crackers are THC Hydra and Ncrack. Read 1 review.
Latest release: version 2.0 on Feb. 9, 2010 (14 years, 10 months ago).
no rating OpenSSL (#50, 9)
The OpenSSL Project is a collaborative effort to develop a robust, commercial-grade, full-featured, and open source toolkit implementing the Secure Sockets Layer (SSL v2/v3) and Transport Layer Security (TLS v1) protocols as well as a full-strength general purpose cryptography library. Apart from being a component of many crypto programs, OpenSSL comes with a lot of command-line tools for encryption, hashing, certificate handling, and more. Review this tool.
Latest release: version 1.0.2d on July 9, 2015 (9 years, 5 months ago).
← previous page Tools 41–50 of 125 next page →
Categories
- Antimalware (3)
- Application-specific scanners (3)
- Web browser–related (4)
- Encryption tools (8)
- Debuggers (5)
- Firewalls (2)
- Forensics (4)
- Fuzzers (4)
- General-purpose tools (8)
- Intrusion detection systems (6)
- Packet crafting tools (6)
- Password auditing (12)
- Port scanners (4)
- Rootkit detectors (5)
- Security-oriented operating systems (5)
- Packet sniffers (14)
- Vulnerability exploitation tools (11)
- Traffic monitoring tools (10)
- Vulnerability scanners (11)
- Web proxies (4)
- Web vulnerability scanners (20)
- Wireless tools (5)