SecTools.Org: Top 125 Network Security Tools

For more than a decade, the Nmap Project has been cataloguing the network security community's favorite tools. In 2011 this site became much more dynamic, offering ratings, reviews, searching, sorting, and a new tool suggestion form. This site allows open source and commercial tools on any platform, except those tools that we maintain (such as the Nmap Security Scanner, Ncat network connector, and Nping packet manipulator).

We're very impressed by the collective smarts of the security community and we highly recommend reading the whole list and investigating any tools you are unfamiliar with. Click any tool name for more details on that particular application, including the chance to read (and write) reviews. Many site elements are explained by tool tips if you hover your mouse over them. Enjoy!

← previous page Tools 71–80 of 81 next page →

no rating Grendel-Scan (#106, new!)

Grendel-Scan is an open-source web application security testing tool. It has automated testing module for detecting common web application vulnerabilities, and features geared at aiding manual penetration tests. Review this tool.

Latest release: version 1.1.

• • 
• • 
  • 
  • 
  • 
  • 
  • 
  • 
• • web-scanners

(1) ★★★★★ dradis (#107, new!)

dradis is an open source framework to enable effective sharing of information among participants in a penetration test. It is a self-contained web application that provides a centralised repository of information to keep track of what has been done so far, and what is still ahead. It has plugins to read and collect the output of a variety of network scanning tools, like Nmap, Burp Suite, and Nikto. Read 1 review.

Latest release: version 2.6.1 on Feb. 11, 2011 (13 years, 11 months ago).

• • 
• • 
  • 
  • 
  • 
  • 
  • 
  • 
• • sploits

(2) ★★★★ Socat (#108, 37)

A utility similar to the venerable Netcat that works over a number of protocols and through a files, pipes, devices (terminal or modem, etc.), sockets (Unix, IP4, IP6 - raw, UDP, TCP), a client for SOCKS4, proxy CONNECT, or SSL, etc. It provides forking, logging, and dumping, different modes for interprocess communication, and many more options. It can be used, for example, as a TCP relay (one-shot or daemon), as a daemon-based socksifier, as a shell interface to Unix sockets, as an IP6 relay, for redirecting TCP-oriented programs to a serial line, or to establish a relatively secure environment (su and chroot) for running client or server shell scripts with network connections. Read 2 reviews.

Latest release: version 2.0.0-b4 on Aug. 2, 2010 (14 years, 5 months ago).

• • 
• • 
  • 
  • 
  • 
  • 
• • general
  • packet-crafters

(6) ★★★★½ SAINT Security Suite (#110, 19)

SAINT is a commercial vulnerability assessment and penetration system. It was originally developed in the late 1990's as free UNIX tool based on the open source SATAN scanner. Later it went commercial and broadened into a whole suite of tools for vulnerability detection, exploitation, and asset management. It is available on multiple platforms, including appliances (SAINTbox) and cloud-hosted (SAINTcloud). Top competitors include Nessus, Nexpose, and QualysGuard. Read 12 reviews.

Latest release: version 9.8 on May 1, 2020 (4 years, 8 months ago).

• • 
  • 
• • 
  • 
  • 
  • 
  • 
• • vuln-scanners

(3) ★★★★½ NBTScan (#111, 72)

NBTScan is a program for scanning IP networks for NetBIOS name information (similar to what the Windows nbtstat tool provides against single hosts). It sends a NetBIOS status query to each address in a supplied range and lists received information in human readable form. For each responded host it lists IP address, NetBIOS computer name, logged-in user name and MAC address. The original nbtscan was written by Alla Bezroutchko. Steve Friedl has written an alternate implementation. Read 4 reviews.

Latest release: version 1.5.1 on June 1, 2003 (21 years, 7 months ago).

• • 
• • 
  • 
  • 
  • 
  • 
  • 
  • 
• • app-scanners

(1) ★★★★★ DirBuster (#112, new!)

DirBuster searches for hidden pages and directories on a web server. Sometimes developers will leave a page accessible, but unlinked; DirBuster is meant to find these potential vulnerabilities. This is a Java application developed by OWASP. Read 2 reviews.

Latest release: version 2.0-RC1 on March 3, 2009 (15 years, 10 months ago).

• • 
• • 
  • 
  • 
  • 
  • 
  • 
  • 
• • web-scanners

no rating Wfuzz (#114, new!)

Wfuzz is a tool for bruteforcing Web Applications, it can be used for finding resources not linked (directories, servlets, scripts, etc), bruteforcing GET and POST parameters for different kinds of injections (SQL, XSS, LDAP, etc.), bruteforcing form parameters (user/password), fuzzing, and more. Review this tool.

Latest release: version 2.0 on Aug. 4, 2011 (13 years, 5 months ago).

• • 
• • 
  • 
  • 
  • 
  • 
  • 
  • 
• • fuzzers
  • pass-audit
  • web-scanners

no rating Stunnel (#117, 38)

The stunnel program is designed to work as an SSL encryption wrapper between remote client and local (inetd-startable) or remote servers. It can be used to add SSL functionality to commonly used inetd daemons like POP2, POP3, and IMAP servers without any changes in the programs' code. It will negotiate an SSL connection using the OpenSSL or SSLeay libraries. Review this tool.

Latest release: version 5.16 on April 19, 2015 (9 years, 9 months ago).

• • 
  • 
• • 
  • 
  • 
  • 
  • 
  • 
• • crypto

(3) ★★★★ Wapiti (#121, new!)

Wapiti allows you to audit the security of your web applications. It performs "black-box" scans; i.e., it does not study the source code of the application but will scans the webpages of the deployed webapp, looking for scripts and forms where it can inject data. Once it gets this list, Wapiti acts like a fuzzer, injecting payloads to see if a script is vulnerable. Read 4 reviews.

Latest release: version 2.2.1 on Dec. 29, 2009 (15 years ago).

• • 
• • 
  • 
  • 
  • 
  • 
  • 
  • 
• • fuzzers
  • web-scanners

(1) ★★★★★ WebGoat (#122, new!)

WebGoat is a deliberately insecure J2EE web application maintained by OWASP designed to teach web application security lessons. In each lesson, users must demonstrate their understanding of a security issue by exploiting a real vulnerability in the WebGoat application. For example, in one of the lessons the user must use SQL injection to steal fake credit card numbers. The application is a realistic teaching environment, providing users with hints and code to further explain the lesson. Read 1 review.

Latest release: version 5.3 RC1 on Nov. 1, 2009 (15 years, 2 months ago).

• • 
• • 
  • 
  • 
  • 
  • 
  • 
  • 
• • sploits

← previous page Tools 71–80 of 81 next page →

Categories

• Antimalware (3)
• Application-specific scanners (3)
• Web browser–related (4)
• Encryption tools (8)
• Debuggers (5)
• Firewalls (2)
• Forensics (4)
• Fuzzers (4)
• General-purpose tools (8)
• Intrusion detection systems (6)
• Packet crafting tools (6)
• Password auditing (12)
• Port scanners (4)
• Rootkit detectors (5)
• Security-oriented operating systems (5)
• Packet sniffers (14)
• Vulnerability exploitation tools (11)
• Traffic monitoring tools (10)
• Vulnerability scanners (11)
• Web proxies (4)
• Web vulnerability scanners (20)
• Wireless tools (5)