SecTools.Org: Top 125 Network Security Tools
For more than a decade, the Nmap Project has been cataloguing the network security community's favorite tools. In 2011 this site became much more dynamic, offering ratings, reviews, searching, sorting, and a new tool suggestion form. This site allows open source and commercial tools on any platform, except those tools that we maintain (such as the Nmap Security Scanner, Ncat network connector, and Nping packet manipulator).
We're very impressed by the collective smarts of the security community and we highly recommend reading the whole list and investigating any tools you are unfamiliar with. Click any tool name for more details on that particular application, including the chance to read (and write) reviews. Many site elements are explained by tool tips if you hover your mouse over them. Enjoy!
← previous page Tools 31–40 of 107 next page →
(3) ★★★½ dsniff (#32, 15)
This popular and well-engineered suite by Dug Song includes many tools: dsniff, filesnarf, mailsnarf, msgsnarf, urlsnarf, and webspy passively monitor a network for interesting data (passwords, e-mail, files, etc.); arpspoof, dnsspoof, and macof facilitate the interception of network traffic normally unavailable to an attacker (e.g, due to layer-2 switching); and sshmitm and webmitm implement active monkey-in-the-middle attacks against redirected ssh and https sessions by exploiting weak bindings in ad-hoc PKI. A separately maintained partial Windows port is available here. The suite suffers from the lack of any updates in the last decade, but it is still a great toolset for handling your password sniffing needs. Read 4 reviews.
Latest release: version 2.3 on Dec. 17, 2000 (23 years, 11 months ago).
no rating IDA Pro (#33, 12)
Disassembly is a big part of security research. It will help you dissect that Microsoft patch to discover the silently fixed bugs they don't tell you about, or more closely examine a server binary to determine why your exploit isn't working. Many debuggers are available, but IDA Pro has become the de-facto standard for the analysis of hostile code and vulnerability research. This interactive, programmable, extensible, multi-processor disassembler has a graphical interface on Windows and console interfaces on Linux and Mac OS X. Review this tool.
Latest release: version 6.8 on April 13, 2015 (9 years, 7 months ago).
(1) ★★★★ Maltego (#34, new!)
Maltego is a forensics and data mining application. It is capable of querying various public data sources and graphically depicting the relationships between entities such as people, companies, web sites, and documents. Maltego is an open source intelligence too, but isn't open source software. Read 1 review.
Latest release: version 3.0.3 on Jan. 17, 2011 (13 years, 10 months ago).
(4) ★★★★★ ophcrack (#35, new!)
Ophcrack is a free rainbow-table based cracker for Windows passwords (though the tool itself runs on Linux, Windows, and Mac). Features include LM and NTLM hash cracking, a GUI, the ability to load hashes from encrypted SAM recovered from a Windows partition, and a Live CD version. Some tables are provided as a free download but larger ones have to be bought from Objectif Sécurité. Read 8 reviews.
Latest release: version 3.6.0 on June 4, 2013 (11 years, 5 months ago).
(14) ★★½ Nexpose (#36, new!)
Rapid7 Nexpose is a vulnerability scanner which aims to support the entire vulnerability management lifecycle, including discovery, detection, verification, risk classification, impact analysis, reporting and mitigation. It integrates with Rapid7's Metasploit for vulnerability exploitation. It is sold as standalone software, an appliance, virtual machine, or as a managed service or private cloud deployment. User interaction is through a web browser. There is a free but limited community edition as well as commercial versions which start at $2,000 per user per year. Read 16 reviews.
no rating GnuPG/PGP (#38, 8)
PGP is the famous encryption system originally written by Phil Zimmerman which helps secure your data from eavesdroppers and other risks. GnuPG is a very well-regarded open source implementation of the PGP standard (the actual executable is named gpg). While the excellent GnuPG is always free, PGP is now owned by Symantec and costs a lot of money. Review this tool.
(2) ★★★★½ skipfish (#39, new!)
skipfish is an active web application security reconnaissance tool. It prepares an interactive sitemap for the targeted site by carrying out a recursive crawl and dictionary-based probes. The resulting map is then annotated with the output from a number of active (but hopefully non-disruptive) security checks. The final report generated by the tool is meant to serve as a foundation for professional web application security assessments. Read 2 reviews.
Latest release: version 2.10b on Dec. 4, 2012 (11 years, 11 months ago).
(6) ★★★½ GFI LanGuard (#40, 20)
GFI LanGuard is a network security and vulnerability scanner designed to help with patch management, network and software audits, and vulnerability assessments. The price is based on the number of IP addresses you wish to scan. A free trial version (up to 5 IP addresses) is available. Read 6 reviews.
Latest release: version 2011 on May 19, 2001 (23 years, 6 months ago).
(5) ★★★½ Acunetix (#41, 55)
Acunetix is a web vulnerability scanner that automatically checks web applications for vulnerabilities such as SQL Injections, cross site scripting, arbitrary file creation/deletion, and weak password strength on authentication pages. It boasts a comfortable GUI, an ability to create professional security audit and compliance reports, and tools for advanced manual webapp testing. Read 8 reviews.
Latest release: version 11 on Nov. 16, 2016 (8 years ago).
(4) ★★★★ QualysGuard (#42, 31)
QualysGuard is a popular SaaS (software as a service) vulnerability management offering. It's web-based UI offers network discovery and mapping, asset prioritization, vulnerability assessment reporting and remediation tracking according to business risk. Internal scans are handled by Qualys appliances which communicate back to the cloud-based system. Read 5 reviews.
Latest release: version 6.18 on Feb. 25, 2011 (13 years, 9 months ago).
← previous page Tools 31–40 of 107 next page →
Categories
- Antimalware (3)
- Application-specific scanners (3)
- Web browser–related (4)
- Encryption tools (8)
- Debuggers (5)
- Firewalls (2)
- Forensics (4)
- Fuzzers (4)
- General-purpose tools (8)
- Intrusion detection systems (6)
- Packet crafting tools (6)
- Password auditing (12)
- Port scanners (4)
- Rootkit detectors (5)
- Security-oriented operating systems (5)
- Packet sniffers (14)
- Vulnerability exploitation tools (11)
- Traffic monitoring tools (10)
- Vulnerability scanners (11)
- Web proxies (4)
- Web vulnerability scanners (20)
- Wireless tools (5)