Among of these tools aren't widely known but these are the most used by IT Security Person. Not just because among of them are free but these tools also very powerful. These tools are used for scanning vulnerability, threat detection and prevention, analyzing, exploit, sniffing, password recovery, and so on. Check out the list below:
- Nessus
Even Nessus not anymore freeware and now it is fee licensed but it still the most popular and powerful vulnerability scanner that can be run on UNIX and windows featuring high speed discovery, configuration auditing, asset profiling, sensitive data discovery and vulnerability analysis of your security posture.
- Wireshark
Wireshark, before known as ethereal that already built-in in Linux is a open source network protocol analyzer for Unix and Windows. It allows you to examine data from a live network or from a capture file on disk. You can interactively browse the capture data, probing down only into the level of packet detail that you need. It has several powerful features, such as a rich display filter language and the ability to view the reconstructed stream of a TCP session. It also supports hundreds of protocols and media types.
- Snort
Snort is an open source network intrusion prevention and detection system utilizing a rule-driven language, which combines the benefits of signature, protocol and anomaly based inspection methods and a network intrusion detection and preventions system that can detects thousands of worms, vulnerability exploit attempts, port scans and other suspicious behaviour.
- Netcat
Netcat is a featured networking utility which reads and writes data across network connections, using the TCP/IP protocol. It is designed to be a reliable "back-end" tool that can be used directly or easily driven by other programs and scripts. At the same time, it is a feature-rich network debugging and exploration tool, since it can create almost any kind of connection you would need and has several interesting built-in capabilities. Featuring tunnelling mode which allows special tunnelling such as UDP to TCP, with the possibility of specifying all network parameters (source port/interface, listening port/interface, and the remote host allowed to connect to the tunnel.
- Metasploit Framework
Metasploit Framework is an advanced open-source platform for developing, testing, and using exploit code. The extensible model through which payloads, encoders, no-op generators, and exploits can be integrated has made it possible to use the Metasploit Framework as an outlet for cutting-edge exploitation research. It ships with hundreds of exploits, as you can see in their online exploit building demo and it makes writing your own exploits easier. This is one of my favourite exploit tools.
- Hping2
Hping is a command-line oriented TCP/IP packet assembler/analyzer but offers far more control over the probes sent. This handy little utility assembles and sends custom ICMP, UDP, or TCP packets and then displays any replies. It also has a handy traceroute mode and supports IP fragmentation. This tool is particularly useful when trying to traceroute/ping/probe hosts behind a firewall that blocks attempts using the standard utilities. This often allows you to map out firewall rulesets. It is also great for learning more about TCP/IP and experimenting with IP protocols.
- Kismet
Kismet is a layer2 wireless network detector, sniffer, and intrusion detection system. Kismet will work with any wireless card which supports raw monitoring (rfmon) mode, and can sniff 802.11b, 802.11a, and 802.11g traffic. It identifies networks by passively sniffing (as opposed to more active tools such as NetStumbler), and can even decloak hidden (non-beaconing) networks if they are in use. It can automatically detect network IP blocks by sniffing TCP, UDP, ARP, and DHCP packets, log traffic in Wireshark/TCPDump compatible format, and even plot detected networks and estimated ranges on downloaded maps. As you might expect, this tool is commonly used for wardriving and also warwalking, warflying, and warskating, and so on.
- Tcpdump
Tcpdump is an old time IP sniffer and not have pretty GUI but it does great task came also with fewer security holes. It is great for tracking down network problem came with separate windows port named Windump. TCPDump also is the source of the WinPcap packet capture library, which is used by a lot of others network tools.
- Cain and Abel
It can recover passwords by sniffing the network, cracking encrypted passwords using Dictionary, Brute-Force and Cryptanalysis attacks, recording VoIP conversations, decoding scrambled passwords, revealing password boxes, uncovering cached passwords and analyzing routing protocols. It is also well documented. This is one of my favourite password recovering tools. Some of antivirus will detect this tool as threat so please exclude the path before use with antivirus or maybe you just disable antivirus.
- John the Ripper
John the Ripper is a fast password cracker, currently available for many flavors of UNIX, DOS, Win32, BeOS, and OpenVMS. Its primary purpose is to detect weak UNIX passwords. It supports several crypt(3) password hash types which are most commonly found on various Unix flavors, as well as Kerberos AFS and Windows NT/2000/XP LM hashes. Several other hash types are added with contributed patches. You will want to start with some wordlists, which you can find here, here, and here.
Among of this top 10 network security tools are my favourite and most used while hacking. Maybe you also familiar with these tools and want to share something with me.
Read more...
