Home page logo
/

SecTools.Org: Top 125 Network Security Tools

For more than a decade, the Nmap Project has been cataloguing the network security community's favorite tools. In 2011 this site became much more dynamic, offering ratings, reviews, searching, sorting, and a new tool suggestion form. This site allows open source and commercial tools on any platform, except those tools that we maintain (such as the Nmap Security Scanner, Ncat network connector, and Nping packet manipulator).

We're very impressed by the collective smarts of the security community and we highly recommend reading the whole list and investigating any tools you are unfamiliar with. Click any tool name for more details on that particular application, including the chance to read (and write) reviews. Many site elements are explained by tool tips if you hover your mouse over them. Enjoy!

Sort by: popularity rating release date

← previous page Tools 101–125 of 125

no rating Perl/Python/Ruby (#23, 3)

While many canned security tools are available on this site for handling common tasks, scripting languages allow you to write your own (or modify existing ones) when you need something more custom. Quick, portable scripts can test, exploit, or even fix systems. Archives like CPAN are filled with modules such as Net::RawIP and protocol implementations to make your tasks even easier. Many security tools use scripting languages heavily for extensibility. For example Scapy interaction is through a Python interpreter, Metasploit modules are written in Ruby, and Nmap's scripting engine uses Lua. Review this tool.

no rating IDA Pro (#33, 12)

Disassembly is a big part of security research. It will help you dissect that Microsoft patch to discover the silently fixed bugs they don't tell you about, or more closely examine a server binary to determine why your exploit isn't working. Many debuggers are available, but IDA Pro has become the de-facto standard for the analysis of hostile code and vulnerability research. This interactive, programmable, extensible, multi-processor disassembler has a graphical interface on Windows and console interfaces on Linux and Mac OS X. Review this tool.

Latest release: version 6.8 on April 13, 2015 (3 years, 5 months ago).

no rating GnuPG/PGP (#38, 8)

PGP is the famous encryption system originally written by Phil Zimmerman which helps secure your data from eavesdroppers and other risks. GnuPG is a very well-regarded open source implementation of the PGP standard (the actual executable is named gpg). While the excellent GnuPG is always free, PGP is now owned by Symantec and costs a lot of money. Review this tool.

no rating OpenSSL (#50, 9)

The OpenSSL Project is a collaborative effort to develop a robust, commercial-grade, full-featured, and open source toolkit implementing the Secure Sockets Layer (SSL v2/v3) and Transport Layer Security (TLS v1) protocols as well as a full-strength general purpose cryptography library. Apart from being a component of many crypto programs, OpenSSL comes with a lot of command-line tools for encryption, hashing, certificate handling, and more. Review this tool.

Latest release: version 1.0.2d on July 9, 2015 (3 years, 2 months ago).

no rating Retina (#54, 29)

Like Nessus, Retina's function is to scan all the hosts on a network and report on any vulnerabilities found. It was written by eEye, who are well known for their security research. Read 1 review.

no rating OpenVPN (#56, 36)

OpenVPN is an open-source SSL VPN package which can accommodate a wide range of configurations, including remote access, site-to-site VPNs, WiFi security, and enterprise-scale remote access solutions with load balancing, failover, and fine-grained access-controls. OpenVPN implements OSI layer 2 or 3 secure network extension using the industry standard SSL/TLS protocol, supports flexible client authentication methods based on certificates, smart cards, and/or 2-factor authentication, and allows user or group-specific access control policies using firewall rules applied to the VPN virtual interface. OpenVPN uses OpenSSL as its primary cryptographic library. Review this tool.

Latest release: version 2.3.8 on Aug. 4, 2015 (3 years, 1 month ago).

no rating SolarWinds (#62, 16)

SolarWinds has created and sells dozens of special-purpose tools targeted at systems administrators. Security-related tools include many network discovery scanners, an SNMP brute-force cracker, router password decryption, a TCP connection reset program, one of the fastest and easiest router config download/upload applications available and more. Review this tool.

no rating Ngrep (#63, 25)

ngrep strives to provide most of GNU grep's common features, applying them to the network layer. ngrep is a pcap-aware tool that will allow you to specify extended regular or hexadecimal expressions to match against data payloads of packets. It currently recognizes TCP, UDP and ICMP across Ethernet, PPP, SLIP, FDDI, Token Ring and null interfaces, and understands bpf filter logic in the same fashion as more common packet sniffing tools, such as tcpdump and snoop. Review this tool.

Latest release: version 1.45 on Nov. 28, 2006 (11 years, 10 months ago).

no rating sqlninja (#72, new!)

sqlininja exploits web applications that use Microsoft SQL Server as a database backend. Its focus is on getting a running shell on the remote host. sqlninja doesn't find an SQL injection in the first place, but automates the exploitation process once one has been discovered. Review this tool.

Latest release: version 0.2.6-r1 on April 29, 2012 (6 years, 5 months ago).

no rating Helix (#73, 21)

Helix is a Ubuntu live CD customized for computer forensics. Helix has been designed very carefully to not touch the host computer in any way and it is forensically sound. Helix will not auto mount swap space, or auto mount any attached devices. Helix also has a special Windows autorun side for Incident Response and Forensics. Downloading of the live CD is only provided as a complement to membership in the e-fense members-only forum. An unsupported, older, no-cost version is available as well. Review this tool.

Latest release: version 2009R3 on Dec. 23, 2009 (8 years, 9 months ago).

no rating ClamAV (#80, 6)

ClamAV is a powerful AntiVirus scanner focused towards integration with mail servers for attachment scanning. It provides a flexible and scalable multi-threaded daemon, a command line scanner, and a tool for automatic updating via the Internet. Clam AntiVirus is based on a shared library distributed with the Clam AntiVirus package, which you can use with your own software. Most importantly, the virus database is kept up to date. The project was acquired by Sourcefire in 2007. Review this tool.

Latest release: version 0.98.7 on April 28, 2015 (3 years, 5 months ago).

no rating Nemesis (#91, 33)

The Nemesis Project is designed to be a commandline-based, portable human IP stack for UNIX/Linux (and now Windows!). The suite is broken down by protocol, and should allow for useful scripting of injected packet streams from simple shell scripts. If you enjoy Nemesis, you might also want to look at Hping as they complement each other well. Read 2 reviews.

Latest release: version 1.4beta3 on June 29, 2003 (15 years, 3 months ago).

no rating GDB (#93, new!)

GDB is the GNU Project's debugger. Security folks use it to analyze unknown binaries, by getting disassemblies and stepping through a program instruction by instruction. GDB can debug programs written in Ada, C, C++, Objective-C, Pascal, and other languages. Review this tool.

Latest release: version 7.10 on Aug. 28, 2015 (3 years, 1 month ago).

no rating Tripwire (#95, 58)

A file and directory integrity checker. Tripwire is a tool that aids system administrators and users in monitoring a designated set of files for any changes. Used with system files on a regular (e.g., daily) basis, Tripwire can notify system administrators of corrupted or tampered files, so damage control measures can be taken in a timely manner. Traditionally an open souce tool, Tripwire Corp is now focused on their commercial enterprise configuration control offerings. An open source Linux version can still be found at SourceForge. UNIX users may also want to consider AIDE, which has been designed to be a free Tripwire replacement. Or you may wish to investigate Radmind, rkhunter, or chkrootkit. Windows users may like RootkitRevealer from Sysinternals. Read 1 review.

no rating ratproxy (#96, new!)

Ratproxy is a semi-automated, largely passive web application security audit tool. It is meant to complement active crawlers and manual proxies more commonly used for this task, and is optimized specifically for an accurate and sensitive detection, and automatic annotation, of potential problems and security-relevant design patterns based on the observation of existing, user-initiated traffic in complex web 2.0 environments. Review this tool.

Latest release: version 1.58 beta on May 1, 2009 (9 years, 5 months ago).

no rating ike-scan (#98, 45)

ike-scan is a command-line tool that uses the IKE protocol to discover, fingerprint and test IPsec VPN servers. It scans IP addresses for VPN servers by sending a specially crafted IKE packet to each host within a network. Most hosts running IKE will respond, identifying their presence. The tool then remains silent and monitors retransmission packets. These retransmission responses are recorded, displayed and matched against a known set of VPN product fingerprints. ike-scan can VPNs from manufacturers including Checkpoint, Cisco, Microsoft, Nortel, and Watchguard. Review this tool.

Latest release: version 1.9 on Jan. 24, 2007 (11 years, 8 months ago).

no rating cURL (#100, new!)

curl is a command line tool for transferring data with URL syntax, supporting FTP, FTPS, HTTP, HTTPS, SCP, SFTP, TFTP, TELNET, DICT, LDAP, LDAPS, FILE, IMAP, SMTP, POP3 and RTSP. curl supports SSL certificates, HTTP POST, HTTP PUT, FTP uploading, HTTP form based upload, proxies, cookies, authentication, and more. libcurl provides these capabilities to other programs. Review this tool.

Latest release: version 7.44.0 on Aug. 12, 2015 (3 years, 1 month ago).

no rating Knoppix (#103, 43)

Knoppix consists of a representative collection of GNU/Linux software, automatic hardware detection, and support for many graphics cards, sound cards, SCSI and USB devices and other peripherals. Knoppix can be used as a productive Linux system for the desktop, educational CD, rescue system, or as many Nmap survey takers attest, a portable security tool. For a security-specific Linux distribution see BackTrack. Review this tool.

Latest release: version 7.2.0 on June 24, 2013 (5 years, 3 months ago).

no rating THC Amap (#104, 85)

Amap is a great tool for determining what application is listening on a given port. Their database isn't as large as what Nmap uses for its version detection feature, but it is definitely worth trying for a 2nd opinion or if Nmap fails to detect a service. Amap even knows how to parse Nmap output files. This is yet another valuable tool from the great guys at THC. Review this tool.

Latest release: version 5.4 on April 1, 2011 (7 years, 6 months ago).

no rating Grendel-Scan (#106, new!)

Grendel-Scan is an open-source web application security testing tool. It has automated testing module for detecting common web application vulnerabilities, and features geared at aiding manual penetration tests. Review this tool.

Latest release: version 1.1.

no rating Wfuzz (#114, new!)

Wfuzz is a tool for bruteforcing Web Applications, it can be used for finding resources not linked (directories, servlets, scripts, etc), bruteforcing GET and POST parameters for different kinds of injections (SQL, XSS, LDAP, etc.), bruteforcing form parameters (user/password), fuzzing, and more. Review this tool.

Latest release: version 2.0 on Aug. 4, 2011 (7 years, 1 month ago).

no rating Unicornscan (#116, 38)

Unicornscan is an attempt at a User-land Distributed TCP/IP stack for information gathering and correlation. It is intended to provide a researcher a superior interface for introducing a stimulus into and measuring a response from a TCP/IP enabled device or network. Some of its features include asynchronous stateless TCP scanning with all variations of TCP flags, asynchronous stateless TCP banner grabbing, and active/passive remote OS, application, and component identification by analyzing responses. Like Scanrand, it isn't for the faint of heart. Review this tool.

Latest release: version 0.4.7-2 on Dec. 20, 2007 (10 years, 9 months ago).

no rating Stunnel (#117, 38)

The stunnel program is designed to work as an SSL encryption wrapper between remote client and local (inetd-startable) or remote servers. It can be used to add SSL functionality to commonly used inetd daemons like POP2, POP3, and IMAP servers without any changes in the programs' code. It will negotiate an SSL connection using the OpenSSL or SSLeay libraries. Review this tool.

Latest release: version 5.16 on April 19, 2015 (3 years, 5 months ago).

no rating SELinux (#118, new!)

Security Enhanced Linux (SELinux) is a security enhancement to Linux implementing mandatory access control (MAC). Users and processes can be granted their least required privileges in a much more granular way than with traditional Unix access control. For example, you can define a policy to prevent your web browser from reading your SSH keys. The security model of SELinux has been ported to other operating systems; see SEBSD for FreeBSD and Project fmac for OpenSolaris. Read 2 reviews.

no rating AIDE (#125, new!)

AIDE (Advanced Intrusion Detection Environment) is a rootkit detector, a free replacement for Tripwire. It makes cryptographic hashes of important system files and stores them in a database. It can then make reports about which files have changed. Read 1 review.

Latest release: version 0.16a1 on Feb. 16, 2011 (7 years, 7 months ago).

← previous page Tools 101–125 of 125

Categories

[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]