Security Tools
Essay Preview: Security Tools
Report this essay
Top 75 Security Tools
In May of 2003, I conducted a survey of Nmap users from the nmap-hackers mailing list to determine their favorite security tools. Each respondent could list up to 8. This was a followup to the highly successful June 2000 Top 50 list. An astounding 1854 people responded in 03, and their recommendations were so impressive that I have expanded the list to 75 tools! Anyone in the security field would be well advised to go over the list and investigate tools they are unfamiliar with. I discovered several powerful new tools this way. I also plan to point newbies to this page whenever they write me saying “I do not know where to start”.
Respondents were allowed to list open source or commercial tools on any platform. Commercial tools are noted as such in the list below. Many of the descriptions were taken from the application home page or the Debian or Freshmeat package descriptions. I removed marketing fluff like “revolutionary” and “next generation”. No votes for the Nmap Security Scanner were counted because the survey was taken on an Nmap mailing list. This audience also means that the list is slightly biased toward “attack” tools rather than defensive ones.
These icons are used:
Did not appear on the 2000 list
Generally costs money. These rarely includes source code. A free limited/demo/trial version may be available.
Works on Linux
Works on FreeBSD/NetBSD/OpenBSD and/or proprietary UNIX systems (Solaris, HP-UX, IRIX, etc.)
Supports Microsoft Windows
Translations:
Spanish Translation by ThiOsk (os_k&at&softhome.net) and Kerozene (kerozene&at&hackemate.com.ar)
Portuguese Translation by Andrй Zъquete (avz&at&det.ua.pt)
Here is the list (starting with the most popular):
Nessus: Formerly open source vulnerability assessment tool
Nessus is a remote security scanner for Linux, BSD, Solaris, and other Unices. It is plug-in-based, has a GTK interface, and performs over 1200 remote security checks. It allows for reports to be generated in HTML, XML, LaTeX, and ASCII text, and suggests solutions for security problems. It was open source for many years, but they turned proprietary in late 2005.
Ethereal: Sniffing the glue that holds the Internet together
Ethereal is a free network protocol analyzer for Unix and Windows. It allows you to examine data from a live network or from a capture file on disk. You can interactively browse the capture data, viewing summary and detail information for each packet. Ethereal has several powerful features, including a rich display filter language and the ability to view the reconstructed stream of a TCP session. A text-based version called tethereal is included.
Snort: A free intrusion detection system (IDS) for the masses
Snort is a lightweight network intrusion detection system, capable of performing real-time traffic analysis and packet logging on IP networks. It can perform protocol analysis, content searching/matching and can be used to detect a variety of attacks and probes, such as buffer overflows, stealth port scans, CGI attacks, SMB probes, OS fingerprinting attempts, and much more. Snort uses a flexible rule based language to describe traffic that it should collect or pass, and a modular detection engine. Many people also suggested that the Analysis Console for Intrusion Databases (ACID) be used with Snort.
Netcat: The network swiss army knife
A simple Unix utility which reads and writes data across network connections, using TCP or UDP protocol. It is designed to be a reliable “back-end” tool that can be used directly or easily driven by other programs and scripts. At the same time, it is a feature-rich network debugging and exploration tool, since it can create almost any kind of connection you would need and has several interesting built-in capabilities.
TCPDump / WinDump: The classic sniffer for network monitoring and data acquisition
Tcpdump is a well-known and well-loved text-based network packet analyzer (“sniffer”). It can be used to print out the headers of packets on a network interface that matches a given expression. You can use this tool to track down network problems or to monitor network activities. There is a separate Windows port named WinDump. TCPDump is also the source of the Libpcap/WinPcap packet capture library, which is used by Nmap among many other utilities. Note that many users prefer the newer Ethereal sniffer.
Hping2: A network probing utility like ping on steroids
hping2 assembles and sends custom ICMP/UDP/TCP packets and displays any replies. It was inspired by the ping command, but offers far more control over the probes sent. It also has a handy traceroute mode and supports IP fragmentation. This tool is particularly useful when trying to traceroute/ping/probe hosts behind a firewall that blocks attempts using the standard utilities.
DSniff: A suite of powerful network auditing and penetration-testing tools
This popular and well-engineered suite by