Top 125 Network Security Tools(5)

版权声明：转载请注明出处！！！！ https://blog.csdn.net/wxh0000mm/article/details/88638493

The Sleuth Kit (#101, new!)

The Sleuth Kit (previously known as TSK) is a collection of UNIX-based command line file and volume system forensic analysis tools. The file system tools allow you to examine file systems of a suspect computer in a non-intrusive fashion. Because the tools do not rely on the operating system to process the file systems, deleted and hidden content is shown. A graphical interface to the tools called Autopsy is available.Read 2 reviews.

Latest release: version 4.0.1 on Nov. 13, 2012 (6 years, 4 months ago).

• • 
  •  
  • 
  •  
• • 
  •  
  • 
  •  
  • 
  •  
  • 
  •  
  • 
  •  
  • 
  •  
  • 
  •  
• • forensics

(4)★★★★Websecurify (#102, new!)

Websecurify is a powerful web application security testing environment designed from the ground up to provide the best combination of automatic and manual vulnerability testing technologies. Read 4 reviews.

Latest release: version 1.0.2 on Jan. 15, 2012 (7 years, 2 months ago).

• • 
  •  
• • 
  •  
  • 
  •  
  • 
  •  
  • 
  •  
  • 
  •  
  • 
  •  
  • 
  •  
• • web-scanners

no ratingKnoppix (#103, 43)

Knoppix consists of a representative collection of GNU/Linux software, automatic hardware detection, and support for many graphics cards, sound cards, SCSI and USB devices and other peripherals. Knoppix can be used as a productive Linux system for the desktop, educational CD, rescue system, or as many Nmap survey takers attest, a portable security tool. For a security-specific Linux distribution see BackTrack.Review this tool.

Latest release: version 7.2.0 on June 24, 2013 (5 years, 8 months ago).

• • 
  •  
  • 
  •  
• • 
  •  
  • 
  •  
  • 
  •  
  • 
  •  
  • 
  •  
• • sec-distros

no ratingTHC Amap (#104, 85)

Amap is a great tool for determining what application is listening on a given port. Their database isn't as large as what Nmap uses for its version detection feature, but it is definitely worth trying for a 2nd opinion or if Nmap fails to detect a service. Amap even knows how to parse Nmap output files. This is yet another valuable tool from the great guys at THC. Review this tool.

Latest release: version 5.4 on April 1, 2011 (7 years, 11 months ago).

• • 
  •  
• • 
  •  
  • 
  •  
  • 
  •  
  • 
  •  
  • 
  •  
  • 
  •  
• • app-scanners

(1)★★★★RainbowCrack (#105, 56)

The RainbowCrack tool is a hash cracker that makes use of a large-scale time-memory trade-off. A traditional brute force cracker tries all possible plaintexts one by one, which can be time consuming for complex passwords. RainbowCrack uses a time-memory trade-off to do all the cracking-time computation in advance and store the results in so-called "rainbow tables". It does take a long time to precompute the tables but RainbowCrack can be hundreds of times faster than a brute force cracker once the precomputation is finished. Read 2 reviews.

Latest release: version 1.61 on April 25, 2015 (3 years, 10 months ago).

• • 
  •  
  • 
  •  
• • 
  •  
  • 
  •  
  • 
  •  
  • 
  •  
  • 
  •  
  • 
  •  
• • pass-audit

no ratingGrendel-Scan (#106, new!)

Grendel-Scan is an open-source web application security testing tool. It has automated testing module for detecting common web application vulnerabilities, and features geared at aiding manual penetration tests. Review this tool.

Latest release: version 1.1.

• • 
  •  
• • 
  •  
  • 
  •  
  • 
  •  
  • 
  •  
  • 
  •  
  • 
  •  
  • 
  •  
• • web-scanners

(1)★★★★★dradis (#107, new!)

dradis is an open source framework to enable effective sharing of information among participants in a penetration test. It is a self-contained web application that provides a centralised repository of information to keep track of what has been done so far, and what is still ahead. It has plugins to read and collect the output of a variety of network scanning tools, like Nmap, Burp Suite, and Nikto. Read 2 reviews.

Latest release: version 2.6.1 on Feb. 11, 2011 (8 years, 1 month ago).

• • 
  •  
• • 
  •  
  • 
  •  
  • 
  •  
  • 
  •  
  • 
  •  
  • 
  •  
  • 
  •  
• • sploits

(2)★★★★Socat (#108, 37)

A utility similar to the venerable Netcat that works over a number of protocols and through a files, pipes, devices (terminal or modem, etc.), sockets (Unix, IP4, IP6 - raw, UDP, TCP), a client for SOCKS4, proxy CONNECT, or SSL, etc. It provides forking, logging, and dumping, different modes for interprocess communication, and many more options. It can be used, for example, as a TCP relay (one-shot or daemon), as a daemon-based socksifier, as a shell interface to Unix sockets, as an IP6 relay, for redirecting TCP-oriented programs to a serial line, or to establish a relatively secure environment (su and chroot) for running client or server shell scripts with network connections. Read 2 reviews.

Latest release: version 2.0.0-b4 on Aug. 2, 2010 (8 years, 7 months ago).

• • 
  •  
• • 
  •  
  • 
  •  
  • 
  •  
  • 
  •  
  • 
  •  
• • general
  •  
  • packet-crafters

(1)★★★★DumpSec (#109, new!)

DumpSec is a security auditing program for Microsoft Windows NT/XP/200x. It dumps the permissions (DACLs) and audit settings (SACLs) for the file system, registry, printers and shares in a concise, readable format, so that holes in system security are readily apparent. DumpSec also dumps user, group and replication information. Read 2 reviews.

Latest release: version 2.8.6 on June 3, 2010 (8 years, 9 months ago).

• • 
  •  
• • 
  •  
  • 
  •  
  • 
  •  
  • 
  •  
• • rootkit-detectors

(4)★★★★½SAINT (#110, 19)

SAINT is a commercial vulnerability assessment tool. Like Nessus, it used to be free and open source but is now a commercial product. Unlike Nexpose, and QualysGuard, SAINT runs on Linux and Mac OS X. In fact, SAINT is one of the few scanner vendors that don't support (run on) Windows at all. Read 9 reviews.

Latest release: version 7.13 on May 18, 2012 (6 years, 10 months ago).

• • 
  •  
  • 
  •  
• • 
  •  
  • 
  •  
  • 
  •  
  • 
  •  
  • 
  •  
• • vuln-scanners

(3)★★★★½NBTScan (#111, 72)

NBTScan is a program for scanning IP networks for NetBIOS name information (similar to what the Windows nbtstat tool provides against single hosts). It sends a NetBIOS status query to each address in a supplied range and lists received information in human readable form. For each responded host it lists IP address, NetBIOS computer name, logged-in user name and MAC address. The original nbtscan was written by Alla Bezroutchko. Steve Friedl has written an alternate implementation. Read 4 reviews.

Latest release: version 1.5.1 on June 1, 2003 (15 years, 9 months ago).

• • 
  •  
• • 
  •  
  • 
  •  
  • 
  •  
  • 
  •  
  • 
  •  
  • 
  •  
  • 
  •  
• • app-scanners

(1)★★★★★DirBuster (#112, new!)

DirBuster searches for hidden pages and directories on a web server. Sometimes developers will leave a page accessible, but unlinked; DirBuster is meant to find these potential vulnerabilities. This is a Java application developed by OWASP. Read 2 reviews.

Latest release: version 2.0-RC1 on March 3, 2009 (10 years ago).

• • 
  •  
• • 
  •  
  • 
  •  
  • 
  •  
  • 
  •  
  • 
  •  
  • 
  •  
  • 
  •  
• • web-scanners

(1)★★★★WinDbg (#113, new!)

WinDbg is a graphical debugger from Microsoft. It is actually just one component of the Debugging Tools for Windows package, which also includes the KD, CDB, and NTSD debuggers. Its claim to fame is debugging memory dumps produced after a crash. It can even debug in kernel mode. Read 1 review.

Latest release: version 10.0.10075.9 on April 29, 2015 (3 years, 10 months ago).

• • 
  •  
  • 
  •  
• • 
  •  
  • 
  •  
  • 
  •  
  • 
  •  
• • debuggers

no ratingWfuzz (#114, new!)

Wfuzz is a tool for bruteforcing Web Applications, it can be used for finding resources not linked (directories, servlets, scripts, etc), bruteforcing GET and POST parameters for different kinds of injections (SQL, XSS, LDAP, etc.), bruteforcing form parameters (user/password), fuzzing, and more. Review this tool.

Latest release: version 2.0 on Aug. 4, 2011 (7 years, 7 months ago).

• • 
  •  
• • 
  •  
  • 
  •  
  • 
  •  
  • 
  •  
  • 
  •  
  • 
  •  
  • 
  •  
• • fuzzers
  •  
  • pass-audit
  •  
  • web-scanners

(2)★½ArcSight SIEM platform (#115, new!)

ArcSight provides a suite of tools for SIEM—security information and event management. The best-known seems to be ArcSight Enterprise Security Manager (ESM), described as the "brain" of the SIEM platform. It is a log analyzer and correlation engine designed to sift out important network events. The ESM itself is a standalone appliance, and the management programs run on Linux, Windows, AIX, and Solaris. For open-source alternatives see OSSEC HIDS and OSSIM. Read 2 reviews.

• • 
  •  
  • 
  •  
• • 
  •  
  • 
  •  
  • 
  •  
  • 
  •  
  • 
  •  
• • ids

no ratingUnicornscan (#116, 38)

Unicornscan is an attempt at a User-land Distributed TCP/IP stack for information gathering and correlation. It is intended to provide a researcher a superior interface for introducing a stimulus into and measuring a response from a TCP/IP enabled device or network. Some of its features include asynchronous stateless TCP scanning with all variations of TCP flags, asynchronous stateless TCP banner grabbing, and active/passive remote OS, application, and component identification by analyzing responses. Like Scanrand, it isn't for the faint of heart. Read 1 review.

Latest release: version 0.4.7-2 on Dec. 20, 2007 (11 years, 3 months ago).

• • 
  •  
• • 
  •  
  • 
  •  
  • 
  •  
  • 
  •  
• • port-scanners

no ratingStunnel (#117, 38)

The stunnel program is designed to work as an SSL encryption wrapper between remote client and local (inetd-startable) or remote servers. It can be used to add SSL functionality to commonly used inetd daemons like POP2, POP3, and IMAP servers without any changes in the programs' code. It will negotiate an SSL connection using the OpenSSL or SSLeay libraries. Review this tool.

Latest release: version 5.16 on April 19, 2015 (3 years, 11 months ago).

• • 
  •  
  • 
  •  
• • 
  •  
  • 
  •  
  • 
  •  
  • 
  •  
  • 
  •  
  • 
  •  
• • crypto

no ratingSELinux (#118, new!)

Security Enhanced Linux (SELinux) is a security enhancement to Linux implementing mandatory access control (MAC). Users and processes can be granted their least required privileges in a much more granular way than with traditional Unix access control. For example, you can define a policy to prevent your web browser from reading your SSH keys. The security model of SELinux has been ported to other operating systems; see SEBSD for FreeBSD and Project fmac for OpenSolaris. Read 2 reviews.

• • 
  •  
  • 
  •  
• • 
  •  
  • 
  •  
  • 
  •  
  • 
  •  
  • 
  •  
  • 
  •  
• • sec-distros

(4)★★★½Brutus (#119, 42)

This Windows-only cracker bangs against network services of remote systems trying to guess passwords by using a dictionary and permutations thereof. It supports HTTP, POP3, FTP, SMB, TELNET, IMAP, NNTP, and more. No source code is available. UNIX users should take a look at THC Hydra. Read 6 reviews.

Latest release: version AET2 on Jan. 28, 2000 (19 years, 1 month ago).

• • 
  •  
• • 
  •  
  • 
  •  
  • 
  •  
• • pass-audit

(1)★★EnCase (#120, new!)

EnCase is a suite of computer forensics software, commonly used by law enforcement. Its wide use has made it a de-facto standard in forensics. It is made to collect data from a computer in a forensically sound manner (employing checksums to help detect tampering). Read 2 reviews.

Latest release: version 7.10.05 on March 18, 2015 (4 years ago).

• • 
  •  
  • 
  •  
• • 
  •  
  • 
  •  
  • 
  •  
  • 
  •  
• • forensics

(3)★★★Wapiti (#121, new!)

Wapiti allows you to audit the security of your web applications. It performs "black-box" scans; i.e., it does not study the source code of the application but will scans the webpages of the deployed webapp, looking for scripts and forms where it can inject data. Once it gets this list, Wapiti acts like a fuzzer, injecting payloads to see if a script is vulnerable. Read 4 reviews.

Latest release: version 2.2.1 on Dec. 29, 2009 (9 years, 2 months ago).

• • 
  •  
• • 
  •  
  • 
  •  
  • 
  •  
  • 
  •  
  • 
  •  
  • 
  •  
  • 
  •  
• • fuzzers
  •  
  • web-scanners

(1)★★★★★WebGoat (#122, new!)

WebGoat is a deliberately insecure J2EE web application maintained by OWASP designed to teach web application security lessons. In each lesson, users must demonstrate their understanding of a security issue by exploiting a real vulnerability in the WebGoat application. For example, in one of the lessons the user must use SQL injection to steal fake credit card numbers. The application is a realistic teaching environment, providing users with hints and code to further explain the lesson. Read 1 review.

Latest release: version 5.3 RC1 on Nov. 1, 2009 (9 years, 4 months ago).

• • 
  •  
• • 
  •  
  • 
  •  
  • 
  •  
  • 
  •  
  • 
  •  
  • 
  •  
  • 
  •  
• • sploits

(1)★★★★★HijackThis (#123, new!)

HijackThis inspects a computer’s browser and operating system settings to generate a log file of its current state. It can selectively remove unwanted settings and files. Its main focus is on web browser hijacking. It is a freeware utility originally written by Merijn Bellekom but now distributed by Trend Micro. Read 2 reviews.

Latest release: version 2.0.5 on May 18, 2013 (5 years, 10 months ago).

• • 
  •  
  • 
  •  
• • 
  •  
  • 
  •  
  • 
  •  
  • 
  •  
  • 
  •  
• • rootkit-detectors

(1)★Honeyd (#124, 44)

Honeyd is a small daemon that creates virtual hosts on a network. The hosts can be configured to run arbitrary services, and their TCP personality can be adapted so that they appear to be running certain versions of operating systems. Honeyd enables a single host to claim multiple addresses on a LAN for network simulation. It is possible to ping the virtual machines, or to traceroute them. Any type of service on the virtual machine can be simulated according to a simple configuration file. It is also possible to proxy services to another machine rather than simulating them. It has many library dependencies, which can make compiling/installing Honeyd difficult. Read 2 reviews.

Latest release: version 1.5c on May 27, 2007 (11 years, 9 months ago).

• • 
  •  
  • 
  •  
• • 
  •  
  • 
  •  
  • 
  •  
  • 
  •  
• • ids

no ratingAIDE (#125, new!)

AIDE (Advanced Intrusion Detection Environment) is a rootkit detector, a free replacement for Tripwire. It makes cryptographic hashes of important system files and stores them in a database. It can then make reports about which files have changed. Read 1 review.

Latest release: version 0.16a1 on Feb. 16, 2011 (8 years, 1 month ago).

• • 
  •  
  • 
  •  
• • 
  •  
  • 
  •  
  • 
  •  
  • 
  •  
  • 
  •  
  • 
  •  
  • 
  •  
• • rootkit-detectors

Categories

• Antimalware (3)
• Application-specific scanners (3)
• Web browser–related (4)
• Encryption tools (8)
• Debuggers (5)
• Firewalls (2)
• Forensics (4)
• Fuzzers (4)
• General-purpose tools (8)
• Intrusion detection systems (6)
• Packet crafting tools (6)
• Password auditing (12)
• Port scanners (4)
• Rootkit detectors (5)
• Security-oriented operating systems (5)
• Packet sniffers (14)
• Vulnerability exploitation tools (11)
• Traffic monitoring tools (10)
• Vulnerability scanners (11)
• Web proxies (4)
• Web vulnerability scanners (20)
• Wireless tools (5)