Latest Tool

Argus

One of the best free and open source tools available for network traffic analysis. Argus stands for Audit Record Generation and Utilization System. The program does just what the acronym says. Efficient, in-depth analysis of network data, sifting through big chunks of traffic with fast, comprehensive reporting. Whether or not it’s the only traffic monitoring tool users need, it provides a solid foundation.

P0f

P0f remains popular in spite of a lack of updates. The program has scarcely changed in over a decade because it was just about perfect on release. Streamlined and efficient, P0f generates no additional traffic. It can be used to identify the operating system of any host with which it interacts. Many tools in this category create probes, name lookups, assorted queries, and so on. P0f is light, fast, and clean-running. A must-have for advanced users, but not the easiest to learn for the rookies on the team.

Nagios

Nagios monitors hosts, systems, and networks, delivering alerts in real-time. Users can specify exactly which notifications they want to receive. The program can monitor network services, including HTTP, NNTP, ICMP, POP3, and SMTP, among others. To many, Nagios is The name in traffic monitoring. A comprehensive, all-bases-covered approach to network management. One of the most powerful free tools for cybersecurity professionals and small businesses alike.

Splunk

Designed for both real-time analysis and historical data searches. Splunk is a fast and versatile network monitoring tool. One of the more user-friendly programs with a unified interface. Splunk’s strong search function makes application monitoring easy. Splunk is a paid app with free versions available. The free version is limited. This is an excellent tool to put on the list for those who have a budget to work with. Independent contractors tend to be careful about the premium tools they buy. Splunk is well worth the cost. Any information security professional with a strong enough client base should invest in Splunk.

OSSEC

OSSEC open-source intrusion detection service provides real-time analytics of system security events. It can be configured to be constantly monitoring all possible sources of entry and access, including files, rootkits, logs, registries, and processes. It is also available for a variety of platforms, such as Linux, Windows, Mac, BSD, and VMWare ESX. The OSSEC user community is also good at sharing strategies, modifications, support, and other useful information. Other available tools include “Atomicorp,” which provides ‘self-healing’ to automatically fix detected vulnerabilities, and Wazuh, which offers training and support.

KeePass

Used in identity management, KeePass is a necessity for many office settings. A simple password management system. KeePass allows users to access all of their accounts with one password. Combining convenience with security, KeePass lets users set unique passwords for different accounts with an auto-fill function when typing in the master password. Those who have dealt in InfoSec for more than a day know how important this can be. Sometimes a security issue just comes down to bad password management. KeePass helps network security officers manage the human element of the job.

TrueCrypt

TrueCrypt remains popular despite having gone years without updates. Abandoned by its developer in 2014, TrueCrypt is technically outdated, yet still a strong tool. A disk encryption system, TrueCrypt allows for layered content encryption with two tiers of access control. Free, powerful, open software. It’s easy to see why TrueCrypt remains popular despite not having been updated in four years. One of the best open source security programs available.

Burp Suite

A powerful tool for network protection. Burp Suite is a real-time network security scanner designed to identify critical weaknesses. Burp Suite will determine how cybersecurity threats might invade a network via a simulated attack. The suite is available in three versions: Community, Professional, and Enterprise. Professional and Enterprise are paid application testing tools, including the web vulnerability scanner. The Community version is free but severely limited. Community includes only the essential manual tools. Burp Suite is a potent tool for businesses, but perhaps pricey for smaller organizations. Still, a critical application security testing tool.

Nikto

One of the best open-source vulnerability scanner management tools. Nikto will scan web servers and networks for matches with a database of over 6400 threats. Although the network protection software itself has not been updated in some time, it is still up to date. This is because the threat database is regularly updated. There are also countless plugins being released and continuously updated. For many security professionals, Nikto is a cornerstone of the vulnerability assessment routine.

Paros Proxy

Java-based web proxy Paros Proxy includes several useful tools for running security tests. These include a web spider, traffic recorder, and vulnerability scanner. Excellent for detecting network intrusion openings to some of the most common threats, including detecting SQL injection attacks and cross-site scripting.

Very easy to edit with even rudimentary Java or HTTP/HTTPS knowledge. Anyone who can write a web application can edit Paros Proxy. An excellent network protection software testing tool for identifying a security risk before it becomes a security breach.

Nexpose

Nexpose offers real-time, on-premises vulnerability scanning and management. It helps security/IT teams look for, detect, and reduce possible weak points, and presents ‘live’ views of the network. It also continually refreshes and adapts to new threats in software and data. Another useful feature is its ability to help security teams prioritize the highest vulnerabilities by providing a risk score. This is useful for coordinating responses to multiple breaches or delegating workflow, starting with the weakest areas where the more serious/potentially damaging breaches are more likely to take place.

John the Ripper

Ready to crack some passwords, or at least test how strong yours are? Openwall is designed to detect weak passwords quickly.
Initially designed for Unix environments, it now works with Windows, OpenVMS, and DOS systems. John looks for common hash-type passwords as well as more complex ciphers and encrypted logins. The Openware community continually provides updates and patches as password technology and security evolves. Users can access a standard wordlist for more than 20 languages that often appear in passwords, plus varieties that include words and letters in several languages.

Cain and Abel

Anyone working in network security will know that UNIX tends to lead the way in free security apps. Windows and Mac users get the ports late, if ever. However, Cain and Abel is a Windows-only password recovery tool that leads the pack. Capable of recording VoIP conversations; it can decode scrambled passwords and analyze routing protocols. It uncovers cached passwords, reveals password boxes, cracks encryption with brute force style attacks and cryptanalysis, and on and on. Virtually a must-have starting point for packet sniffing routines.

Tcpdump

A Mac, Windows, and Linux app predating market leader Wireshark. Although Tcpdump is not the newest packet sniffer available, it set the standard in the field. Tcpdump remains a favorite network sniffer with ongoing active development and fresh approach. The tool uses fewer system resources than competing options and opens little security risk.

Wireshark

Ethereal was the name that Wireshark debuted under. Modeled mainly after Tcpdump, the console-based tool is an excellent protocol analyzer. Wireshark offers real-time network analysis. It allows users to view reconstructed TCP session streams. Many prefer Tcpdump for security and system-resource reasons, but Wireshark remains the most popular packet sniffer. The software receives regular updates to outfit its robust packet-sniffing capabilities. Wireshark is an essential tool, even if it’s not every security pro’s first choice.

Aircrack

A suite of WEP and WPA cracking tools. Aircrack features ideal internet security solutions for mobile devices. Aircrack is vital for cracking algorithms. The suite’s tools include airdecap for WEP/WPA capture file decryption and airplay for packet injection. Several other tools are included as well, creating a robust set of apps for InfoSec use. For many wireless security tasks, Aircrack is an all-in-one solution. The series of tools available within the suite allows for pros to handle an entire job at once. Some tasks may demand more than AirCrack has to offer. Many tasks can be accomplished only with AirCrack tools.

Netstumbler

Free security software for Windows users. A necessary tool for wardriving, finding open access points in a wireless network. The software is Windows only, and no source code is provided. This can make for a hard sell to some. Being able to edit open source code can be critical for security. NetStumbler’s active WAP-seeking approach makes it very popular nonetheless. NetStumbler is known for detecting vulnerabilities that other security scanner tools miss.

KisMAC

Free software for Mac with an attractive It is accessible even for less experienced users. The Mac OS X port of Kismet, with a very different codebase. KisMAC excels at mapping and penetration testing with deauthentication attacks.

Snort

An enterprise-grade open-source IDS is compatible with any OS and hardware. The system performs protocol analysis, content searching/matching, and detection of various network security attacks (buffer overflow, stealth port scanner, CGI attacks, OS fingerprinting attempts to name a few). Snort’s ease of configuration, rules’ flexibility, and raw packet analysis make it a powerful intrusion detection and prevention system.

Forcepoint

Forcepoint’s SD-WAN can be customized to keep users from accessing certain types of content, as well as blocking a variety of intrusion attempts and exploits. Admins also can quickly see activity on all networks and can take action rapidly, instead of taking time to track down problems. The service is primarily for enterprise clients working in the cloud, including being able to block or provide warnings about risky cloud servers. It also can provide extra protection and higher levels of access for more critical areas.

GFI LanGuard

GFI LanGuard includes continuous monitoring, scanning, and patching. The network security tool is so popular and useful that applying it through a network can help a company demonstrate security compliance. It also provides software and network auditing as needed for vulnerable areas in desktops or mobile devices, and automatically creates patches for Mac, Windows, and Linux systems.