Network Security Monitoring
Argus
Argus is actually Audit Record Generation and Utilization System (using the system generates audit records) acronym, network traffic and data can be efficient, in-depth analysis. Argus can filter a lot of traffic and generate comprehensive reports quickly. Whether it is a single use or used together with other tools, this tool can provide substantial assistance.
P0f
P0f update frequency is low, little change in more than a decade, but is still relatively popular. When this tool is simple to use and efficient, no additional traffic. Any host operating system is mainly used to identify interact with. Many network security monitoring tool can create detection, name lookup, and various search functions. P0f feature is its lightweight, high-speed and simplicity of operation is known, for advanced users is essential. But for some starters, it might not be so simple to learn.
Nagios
Nagios can monitor the host, system and network, real-time send alerts. Users can specify what they want to be informed accurately. The program can monitor HTTP, NNTP, ICMP, POP3 and SMTP network services. A lot of people will Nagios for traffic monitoring, in fact, it can also be used as a comprehensive, network-based management solution for network security professionals and small businesses.
Splunk
Splunk is a high-speed, general-purpose network monitoring tool designed for real-time analysis and historical data search and design. With a unified interface, more friendly to the user. Its powerful search capabilities provide assistance for application monitoring. Splunk can handle unstructured data, and easily expanded. It can be used with SIEM, to achieve better results.
Splunk is actually paid applications, offers a free version, but the free version is limited functionality. If the budget is sufficient, but also to pay for the relatively high cost option.
Network surveillance and forensics
Teःarvester
TheHarvester based Kali, contribute collect the domain name, email address, employee name, and information from SHODAN and so on.
Maltego
Maltego是Paterva开发的用于开源智能和取证的专有软件,可以提供一个变换库,用于从开源中发现数据,并以图形格式显示该信息,适用于链接分析和数据挖掘。Maltego有助于发现关于侦察目标的大量数据,包括IP地址、域名、DNS条目以及员工电子邮件地址等。
加密类
2018 的盘点中,主推的是Gnupg PGP和Keepass以及OpenVPN这三款加密工具。今年新增Tor和Openswan。
Tor
现在提到Tor大家似乎都会想起暗网。但事实上,Tor 本身只是个加密性能比较好的工具,可以保护互联网隐私。一般来说,系统将请求发送到代理web服务器以保护隐私、让用户难以被追踪。尽管会有一些恶意出口节点嗅探流量,但在使用过程中仔细留意,就不会有大的影响。在实际应用中,Tor对于网络安全的作用比在暗网中发挥的作用更大。
Openswan
Openswan可以说是Linux下IPsec的最佳实现方式,可以设置支持IKWv2、X.509证书、NAT遍历等的安全VPN。Openswan支持net-to-net和RoadWarrior两种模式,前者可实现远程子网 通讯后类似局域网的访问,后者可以实现客户端用IPSec 连接到内网后的安全通讯。
密码管理与恢复
Cain and Abel
仅适用于Windows的密码恢复工具。可以记录VoIP对话,解码加密密码并分析路由协议。 可以获取到缓存密码、显示密码框、暴力破解密码并进行密码分析等。可作为数据包嗅探的入门程序。
Thycotic Secret Server
Secret Server是一种高级密码管理器工具,适合IT团队使用。其设置秘密服务器,有助于IT团队管理者了解团队成员访问密码的情况并在必要时更改密码。当然,Secret Server与其他密码管理器一样也可以生成强密码且不需要用户强行记忆。
此外,1 password、LastPass等也都是大家常用且好用的密码管理工具。
漏洞扫描与入侵检测
Burp Suite、Nikto等工具可查看2018年盘点文章。新增工具请看下文。
Snort
Snort是一个企业级的开源IDS,可以与任何操作系统和硬件兼容。系统执行协议分析、内容搜索/匹配以及各种网络攻击的检测(如缓冲区溢出、隐形端口扫描程序、CGI攻击、OS指纹识别等)。其优点是易于配置,规则灵活,可以分析原始数据包。
OWASP Zed Attack Proxy Project (ZAP)
开发人员需要测试Web应用程序的安全性时,常常使用ZAP。ZAP是完全开源的跨平台工具,可以实现Web应用程序的主动和被动扫描、发现抓取程序内容的爬虫,并生成相关报告。此外,ZAP还能添加组件。
ModSecurity
ModSecurity堪称We应用程序防火墙的“瑞士军刀”,相当于Web应用程序开发者的必备工具。ModSecurity的主要功能包括实时监控和访问控制、HTTP流量日志记录、持续被动安全防御和Web应用程序加固等。
漏洞管理
Nessus
Nessus 堪称漏洞评估领域的行业标准,能帮助安全人员快速识别和修复问题(包括软件漏洞、缺失补丁、恶意软件和错误配置等问题)。借助预先构建的策略和模板、群组暂停功能和实时更新等功能,可以轻松、直观地进行漏洞评估。这款工具很活跃,最近刚发布了最新版本。
Balbix
Balbix能够分析网络中每种易受攻击的资产情况,包括相关数据、交互的用户、是否面向公众等,并确定资产对组织的重要性。Balbix 还可以将每个漏洞与活动的威胁源进行比较,并预测、评估未来发生漏洞的可能性以及漏洞可能对企业造成的损失。
无线安全
NetStumbler
主要适用于Windows用户,可以在无线网络中找到开放的接入点。NetStumbler既可以寻找WAP,又检测其他安全扫描工遗漏的漏洞。但需要注意的是这个工具仅仅适用于Windows,且不提供源代码。
Kismet
802.11 Kismet console (the ncurses) Layer 2 wireless network detector, sniffer, and intrusion detection system. Kismet primarily by passive sniffing recognition network, can also be found in use of hidden (non-beacon) network. It can sniffing TCP, UDP, ARP and DHCP packets automatically detect network IP blocks to Wireshark / tcpdump compatible format record flow, or even draw detected and projected range in the network to download a map.
KisMAC
KisMAC applicable Mac, easy to use, less experienced users easy to use. KisMAC equivalent to Mac OS X version of Kismet, but with different code base. KisMAC use tools, you can end authentication (deauthentication) attack, maps and penetration testing.
Sniffer and packet capture
Tcpdump
Support for Mac, Windows and Linux, appear earlier than Wireshark. Set the standard packet sniffing field, the field corresponding to the early vane. Tcpdump continuous development of improved, concise, fewer system resources are used, and there is little security risk.
Wireshark
Wireshark is the second Tcpdump of free open-source network packet analysis software intercepts network packets and displays the most detailed packet data network as much as possible. At the same time, it provides real-time network analysis, allowing users to see the reconstructed stream of a TCP session. Wireshark use higher frequencies, many security practitioners are not familiar with this.
Mail Security
Spam, phishing flood, so many people stand it. Many security researchers have developed a number of specialized tools for this phenomenon.
MailWasher (scan messages, then download after determining safety),
SPAMfighter (identify and filter spam, 100% free for home use)
Spamihilator (through a filter, and the learning algorithm spam probability calculation to determine and set the area of user training, training the system so that the user can better learn the e-mail should be shielded)
The above is commonly used in the field of network security tools that extract and inventory as inventory tool on a follow-up article and added that in the professional website Sectools network security tools, there are more tools and reviews can refer interested readers can view Quguan network .