SecTools.Org: Top 125 Network Security Tools
For more than a decade, the Nmap Project has been cataloguing the network security community's favorite tools. In 2011 this site became much more dynamic, offering ratings, reviews, searching, sorting, and a new tool suggestion form. This site allows open source and commercial tools on any platform, except those tools that we maintain (such as the Nmap Security Scanner, Ncat network connector, and Nping packet manipulator).
We're very impressed by the collective smarts of the security community and we highly recommend reading the whole list and investigating any tools you are unfamiliar with. Click any tool name for more details on that particular application, including the chance to read (and write) reviews. Many site elements are explained by tool tips if you hover your mouse over them. Enjoy!
← previous page Tools 51–60 of 125 next page →
no rating NetScanTools (#99, new!)
NetScanTools is a collection of over 40 network utilities for Windows, designed with an easy user interface in mind. It includes DNS tools, a ping and port scanner, traceroute, and other utilities. It comes in bundles with more or fewer tools based on the price. Read 2 reviews.
Latest release: version 11.30 on May 8, 2012 (11 years, 12 months ago).
(3)
★★★★★
OpenBSD PF
(#79, 
22)
Like Netfilter and ipfilter on other platforms, OpenBSD users love PF, their firewall tool. It handles network address translation, normalizing TCP/IP traffic, providing bandwidth control, and packet prioritization. It also offers some eccentric features, such as passive OS detection. Coming from the same guys who created OpenBSD, you can trust that it has been well audited and coded to avoid the sort of security holes we have seen in other packet filters. Read 4 reviews.
Latest release: version 5.3 on May 1, 2012 (12 years ago).
no rating sqlninja (#72, new!)
sqlininja exploits web applications that use Microsoft SQL Server as a database backend. Its focus is on getting a running shell on the remote host. sqlninja doesn't find an SQL injection in the first place, but automates the exploitation process once one has been discovered. Review this tool.
Latest release: version 0.2.6-r1 on April 29, 2012 (12 years ago).
(4) ★★★★ Websecurify (#102, new!)
Websecurify is a powerful web application security testing environment designed from the ground up to provide the best combination of automatic and manual vulnerability testing technologies. Read 4 reviews.
Latest release: version 1.0.2 on Jan. 15, 2012 (12 years, 3 months ago).
(2)
★★★★
AppScan
(#47, 
51)
AppScan provides security testing throughout the application development lifecycle, easing unit testing and security assurance early in the development phase. Appscan scans for many common vulnerabilities, such as cross site scripting, HTTP response splitting, parameter tampering, hidden field manipulation, backdoors/debug options, buffer overflows and more. AppScan was merged into IBM's Rational division after IBM purchased its original developer (Watchfire) in 2007. Read 2 reviews.
Latest release: version 8.5 on Nov. 15, 2011 (12 years, 5 months ago).
(1)
★★★★★
Canvas
(#51, 37)
Canvas is a commercial vulnerability exploitation tool from Dave Aitel's ImmunitySec. It includes more than 370 exploits and is less expensive than Core Impact or the commercial versions of Metasploit. It comes with full source code, and occasionally even includes zero-day exploits. Read 1 review.
Latest release: version 6.73 on Oct. 26, 2011 (12 years, 6 months ago).
(15) ★★★½ w3af (#18, new!)
W3af is an extremely popular, powerful, and flexible framework for finding and exploiting web application vulnerabilities. It is easy to use and extend and features dozens of web assessment and exploitation plugins. In some ways it is like a web-focused Metasploit. Read 18 reviews.
Latest release: version 1.1 on Oct. 11, 2011 (12 years, 6 months ago).
(7)
★★★★½
Core Impact
(#29, 15)
Core Impact isn't cheap (be prepared to spend at least $30,000), but it is widely considered to be the most powerful exploitation tool available. It sports a large, regularly updated database of professional exploits, and can do neat tricks like exploiting one machine and then establishing an encrypted tunnel through that machine to reach and exploit other boxes. Other good options include Metasploit and Canvas. Read 11 reviews.
Latest release: version 12 on Aug. 8, 2011 (12 years, 9 months ago).
no rating Wfuzz (#114, new!)
Wfuzz is a tool for bruteforcing Web Applications, it can be used for finding resources not linked (directories, servlets, scripts, etc), bruteforcing GET and POST parameters for different kinds of injections (SQL, XSS, LDAP, etc.), bruteforcing form parameters (user/password), fuzzing, and more. Review this tool.
Latest release: version 2.0 on Aug. 4, 2011 (12 years, 9 months ago).
(8)
★★★½
HP WebInspect
(#76, 36)
WebInspect is a web application security assessment tool that helps identify known and unknown vulnerabilities within the Web application layer. It can also help check that a Web server is configured properly, and attempts common web attacks such as parameter injection, cross-site scripting, directory traversal, and more. It was produced by Spidynamics, which is now part of HP. Read 11 reviews.
Latest release: version 9.10 on June 27, 2011 (12 years, 10 months ago).
← previous page Tools 51–60 of 125 next page →
Categories
- Antimalware (3)
- Application-specific scanners (3)
- Web browser–related (4)
- Encryption tools (8)
- Debuggers (5)
- Firewalls (2)
- Forensics (4)
- Fuzzers (4)
- General-purpose tools (8)
- Intrusion detection systems (6)
- Packet crafting tools (6)
- Password auditing (12)
- Port scanners (4)
- Rootkit detectors (5)
- Security-oriented operating systems (5)
- Packet sniffers (14)
- Vulnerability exploitation tools (11)
- Traffic monitoring tools (10)
- Vulnerability scanners (11)
- Web proxies (4)
- Web vulnerability scanners (20)
- Wireless tools (5)