With the continuous development of the Internet, security issues have also received increasing attention from enterprises. But security issues often require a lot of capital investment, such as hiring security engineers, product development, and testing processes. This is absolutely unacceptable for companies that are already short of funds. Therefore, in order to reduce capital investment in this area, many security personnel will choose to use some open source software instead.
In fact, whether it is learning, experimenting, or deploying on a production basis, security professionals have long regarded open source software as an important part of their toolkits. Here are 10 recommended and recommended open source security tools for everyone.
Nessus
Nessus can be said to be the most widely used system vulnerability scanning and analysis software in the world. According to data from sectools.org, Nessus is the most popular vulnerability scanner and the third most popular security program currently in use.
Nessus has a free version and a commercial version. The current version, Nessus 7.1.0, is a commercial version, although it is free for personal home use. The current 2005 version is still open source and free.
Although Tenable retains version 2, it has forked development in several different directions. Nessus knowledge remains a valuable professional skill.
Snort
Just as thousands of IT security professionals first learned about vulnerability scanning from Nessus, Snort has always been the starting point for intrusion detection system (IDS) knowledge.
Snort has three working methods: sniffer, packet recorder and network intrusion detection system. Therefore, it can be the core of an automated safety system or a component of a series of commercial products.
Currently Snort is owned by Cisco, and Snort will continue to develop and be developed by an active community.
As an important open source software, Snort can be said to be one of the software that security practitioners must understand and learn.
Nagios
Nagios is an open source free network monitoring tool that can effectively monitor the host status of Windows, Linux and Unix, network devices such as switches and routers, and printers. Like many other open source software packages, Nagios also provides free and commercial versions.
Nagios Core is the core of the open source project and is based on the free open source version. You can monitor individual products or perform individual tasks through plugins; there are about 50 "official" plugins developed by Nagios and more than 3000 community contributed plugins.
The Nagios user interface can be modified through the desktop, the web or the front end of the mobile platform, and one of the available configuration tools can be used to manage the configuration.
Ettercap
If you need to test your corporate network to prevent man-in-the-middle attacks (MITM), then Ettercap will be your tool of choice. Since the project was first released in 2001, it has been doing one thing-launching a MITM attack.
Ettercap currently supports four basic attack modes: IP-based, MAC-based, and two ARP-based attacks. In the process of scanning test attacks, Ettercap can provide a lot of information about the network and its equipment. As part of the overall security toolkit, Ettercap has done an excellent job of MITM attacks.
Infection Monkey
Infection Monkey is a data center security inspection tool released by Israeli security company GuardiCore at the 2016 Black Hat Conference. It is mainly used for automated inspection of data center boundaries and internal server security.
The user interface is one of the distinguishing features of Infection Monkey. Although some open source security projects provide minimalist UIs or GUI-dependent plugins or skins, Infection Monkey has the same GUI as many commercial software tools. The source code of Infection Monkey is available on GitHub.
Delta
Compared with the security testing of traditional networks, the security issues of software-defined networking (SDN) are an area in the development stage-this is also one of the important reasons why Delta was developed.
As a project of the Open Network Foundation (ONF), Delta looks for potential issues in SDN and explores these issues to help determine their availability. Delta has a built-in fuzzing function designed to detect known or unknown network vulnerabilities.
Delta's code and executable programs can be viewed / downloaded on GitHub.
Cuckoo Sandbox
There are many ways to judge whether a file is safe, but these methods all have certain risks. Cuckoo sandbox is a well-known open source sandbox system used for safe test files, based on the analysis of malicious programs established in a virtualized environment The system can automatically execute and analyze program behavior.
The Sleuth Kit
Knowing what happened during the attack may be a key step in preventing future intrusions. Sleuth Kit is an open source electronic forensic investigation tool that can be used to recover lost files from disk images and perform disk image analysis for special events.
Autopsy tool is a web interface of sleuth kit and supports all functions of sleuth kit. This tool is available on both Windows and Linux platforms. Both currently have a large number of active user groups and have been actively developed and contributed.
Lynis
Lynis is a security audit and hardening tool for Unix systems. It can perform in-depth security scans. Its purpose is to detect potential time and provide recommendations for future system hardening. This software scans general system information, vulnerable software packages, and potential misconfigurations.
The Lynis code is currently hosted on GitHub, and its main support comes from its creator Cisofy. One of Lynis' special features is that, thanks to its Unix foundation, it can scan and evaluate popular IoT development boards (including Raspberry Pi).
Certbot
Encryption is important to many security standards. Implementing encryption can be complicated and costly, but EFF has tried to reduce these problems with tools like Certbot, an open source automated client that can be extracted for your web server And deploy SSL / TLS certificates.
