SecTools.Org: Top 125 Network Security Tools

For more than a decade, the Nmap Project has been cataloguing the network security community's favorite tools. In 2011 this site became much more dynamic, offering ratings, reviews, searching, sorting, and a new tool suggestion form. This site allows open source and commercial tools on any platform, except those tools that we maintain (such as the Nmap Security Scanner, Ncat network connector, and Nping packet manipulator).

We're very impressed by the collective smarts of the security community and we highly recommend reading the whole list and investigating any tools you are unfamiliar with. Click any tool name for more details on that particular application, including the chance to read (and write) reviews. Many site elements are explained by tool tips if you hover your mouse over them. Enjoy!

Filtering by tag:

remove filters
Sort by: popularity rating release date

← previous page Tools 61–70 of 93 next page →

(2) ★★★★★ NoScript (#85, new!)

NoScript is an add-on for Firefox that blocks JavaScript, Java, Flash, and other plugin content (allowing you to selectively re-enable them for certain sites). It also offers cross-site scripting protection. This is mainly designed to keep web users safe, but security testers can also use the add-on to see what scripts a site is using. One caution is that the NoScript author Giorgio Maone has been caught inserting hidden code into NoScript which disabled users' ad-blocking software so that ads would still show up on the NoScript web site. He did post a lengthy apology. Read 3 reviews.

Latest release: version 2.6.9.36 on Aug. 20, 2015 (9 years, 5 months ago).

(1) ★★★★ Sguil (#86, 1)

Sguil (pronounced sgweel) is built by network security analysts for network security analysts. Sguil's main component is an intuitive GUI that provides access to realtime events, session data, and raw packet captures. Sguil facilitates the practice of Network Security Monitoring and event driven analysis. Read 1 review.

Latest release: version 0.9.0 on March 28, 2014 (10 years, 9 months ago).

(3) ★★★★★ Samurai Web Testing Framework (#87, new!)

The Samurai Web Testing Framework is a live linux environment that has been pre-configured to function as a web pen-testing environment. The CD contains the best of the open source and free tools that focus on testing and attacking websites. Samurai includes many other tools featured in this list, such as WebScarab, ratproxy, w3af, Burp Suite, and BeEF. Read 5 reviews.

Latest release: version 3.3.2 on Jan. 22, 2016 (8 years, 12 months ago).

(1) ★★★★ Tamper Data (#88, new!)

Tamper Data is an add-on for Firefox that lets you view and modify HTTP requests before they are sent. It shows what information the web browser is sending on your behalf, such as cookies and hidden form fields. Use of this plugin can reveal web applications that trust the client not to misbehave. Read 1 review.

Latest release: version 10.1.1 on Feb. 11, 2010 (14 years, 11 months ago).

(4) ★★★★★ Firebug (#89, new!)

Firebug is an add-on for Firefox that provides access to browser internals. It features live editing of HTML and CSS, a DOM viewer, and a JavaScript debugger. Web application security testers appreciate the ability to see what's happening behind the scenes of the browser. Read 5 reviews.

Latest release: version 2.0.12 on Aug. 11, 2015 (9 years, 5 months ago).

no rating Nemesis (#91, 33)

The Nemesis Project is designed to be a commandline-based, portable human IP stack for UNIX/Linux (and now Windows!). The suite is broken down by protocol, and should allow for useful scripting of injected packet streams from simple shell scripts. If you enjoy Nemesis, you might also want to look at Hping as they complement each other well. Read 3 reviews.

Latest release: version 1.4beta3 on June 29, 2003 (21 years, 6 months ago).

(5) ★★★★★ KeePass (#92, new!)

KeePass is a password manager. It stores many passwords which are unlocked by one master password. The idea is to only have to remember one high-quality password, and still be able to use unique passwords for various accounts. It has a feature to automatically fill in passwords in web forms. Read 5 reviews.

Latest release: version 1.29 on April 3, 2015 (9 years, 9 months ago).

no rating GDB (#93, new!)

GDB is the GNU Project's debugger. Security folks use it to analyze unknown binaries, by getting disassemblies and stepping through a program instruction by instruction. GDB can debug programs written in Ada, C, C++, Objective-C, Pascal, and other languages. Review this tool.

Latest release: version 7.10 on Aug. 28, 2015 (9 years, 4 months ago).

(3) ★★★½ VirusTotal (#94, new!)

VirusTotal is a web service that analyzes submitted files for known viruses and other malware. It incorporates dozens of antivirus engines from different vendors, updated regularly with new signatures. Participating antivirus vendors can get alerts when a file is not detected by their product but is by someone else's. Read 3 reviews.

no rating Tripwire (#95, 58)

A file and directory integrity checker. Tripwire is a tool that aids system administrators and users in monitoring a designated set of files for any changes. Used with system files on a regular (e.g., daily) basis, Tripwire can notify system administrators of corrupted or tampered files, so damage control measures can be taken in a timely manner. Traditionally an open souce tool, Tripwire Corp is now focused on their commercial enterprise configuration control offerings. An open source Linux version can still be found at SourceForge. UNIX users may also want to consider AIDE, which has been designed to be a free Tripwire replacement. Or you may wish to investigate Radmind, rkhunter, or chkrootkit. Windows users may like RootkitRevealer from Sysinternals. Review this tool.

← previous page Tools 61–70 of 93 next page →

Categories