--------------------------------------------------------------------------------
#51 Angry IP Scanner: A very fast Windows IP scanner and port scanner
Angry IP Scanner can realize the most basic host discovery and port scanning on Windows platforms. Its size is very small, and it can also obtain other information about the host by mounting a plugin (a few plugins).
--------------------------------------------------------------------------------
#52 RKHunter: A Rootkit detector on Unix platform
RKHunter is a tool for detecting malicious programs such as rootkits, backdoors, vulnerabilities, etc. It uses a variety of detection methods, including MD5 hash comparison, rootkits original file name detection, file permission detection, and suspicious string detection in LKM and KLD modules.
--------------------------------------------------------------------------------
#53 Ike-scan: VPN detector and scanner
Ike-scan is a tool that detects the transmission characteristics of IKE (Internet Key Exchange) services. IKE is a mechanism for establishing connections between servers and remote clients in VPN networks. After scanning the IP address of the VPN server, the modified IKE packet is distributed to each host in the VPN network. As long as the host running IKE will send back feedback to prove that it exists. This tool then records and displays these feedback packets and compares them with a range of known VPN product fingerprints. Ike-scan's VPN fingerprint includes products from Checkpoint, Cisco, Microsoft, Nortel and Watchguard.
--------------------------------------------------------------------------------
#54 Arpwatch: Continuously tracking Ethernet/IP address pairing, and can check out man-in-the-middle attacks
Arpwatch is a classic ARP man-in-the-middle attack detector produced by the LBNL Network Research Group. It records the system log of network activity and reports specific changes to the administrator via email. Arpwatch uses LibPcap to listen for local Ethernet interface ARP packets.
--------------------------------------------------------------------------------
#55 KisMAC: A graphical passive wireless network searcher on Mac OS X
This very popular searcher under Mac OS X is similar to Kismet functions, but the difference from Kismet is that Kismet is based on the command line, while KisMac has a very beautiful graphical interface, which appears earlier than Kismet on OS X. It also provides mapping, Pcap-compatible format data input, login and some decryption and verification cracking functions.
--------------------------------------------------------------------------------
#56 OSSEC HIDS: an open source host-based intrusion detection system
The main functions of OSSEC HIDS include log analysis, integrity check, rootkit detection, time-based alerts and active response. In addition to having the functions of an intrusion detection system, it is also generally used in SEM/SIM (Security Event Management)/Security Information Management (SIM: Security Information Management)) solutions. Because of its powerful log analysis engine, ISPs (Internet service providers), universities and data centers use them to monitor and analyze logs generated by their firewalls, intrusion detection systems, web services and verification.
--------------------------------------------------------------------------------
#57 Openbsd PF: OpenBSD packet filter
Like Netfilter and IP Filter on other platforms, OpenBSD users love to use PF, which is their firewall tool. Its functions include network address translation, managing TCP/IP communication, providing bandwidth control and packet hierarchical control. It also has some additional features such as passive operating system detection. PF is written by the same group of people who wrote OpenBSD, so you can use it with confidence, it has been well evaluated, designed and coded to avoid exposing similar vulnerabilities on other packet filters.
--------------------------------------------------------------------------------
#58 Nemesis: Simple packet injection
The Nemesis project is designed to provide a command line-based, compact, and user-friendly IP stack for Unix/Linux (now also includes Windows). This tool set is classified by protocol and allows simple shell scripts to be used for injected packet streams. If you like Nemesis, you might also be interested in Hping2, which are complementary relationships.
--------------------------------------------------------------------------------
#59 Tor: Anonymous network communication system
Tor is a tool set for organizations and the general public who want to improve their network security. Tor's functions include anonymous web browsing and publishing, instant information, irc, ssh and other TCP protocol-related functions. Tor also provides software developers with a software platform that can develop built-in anonymity, security and other privacy features. In Vidalia, you can get a cross-platform graphical interface.
--------------------------------------------------------------------------------
#60 Knoppix: A multi-purpose CD or DVD disc self-start system
Knoppix is composed of a series of typical GNU/Linux software that can automatically detect hardware environments and support a variety of graphics, sound cards, SCSI and USB devices, and other peripheral devices. As an efficient Linux disc system, KNOPPIX can be used for various purposes such as desktop systems, Linux teaching discs, rescue systems, etc. After this investigation in nmap, it has been confirmed that it is also a very small security tool. If you want to use a more professional Linux security system, please see BackTrack.
--------------------------------------------------------------------------------
#61 ISS Internet Scanner: Application Vulnerability Scanner
Internet Scanner is an open source scanner tool written by Christopher Klaus in 1992. Now this tool has evolved into a company with a market value of over 100 million US dollars to produce countless security products.
--------------------------------------------------------------------------------
#62 Fport: Enhanced version of netstat produced by Foundstone
Fport can report TCP/IP and UDP ports opened on all local machines and display which program opens the ports. So using it can quickly identify unknown open ports and applications related to them. It only has Windows versions, but now netstat on many UNIX systems also provides the same functionality (please use 'netstat-pan' for Linux). SANS article has instructions for using Fport and results analysis methods.
--------------------------------------------------------------------------------
#63 chkrootkit: local rootkit detector
chkrootkit is a compact and easy-to-use tool on Unix platforms that can detect multiple rootkit intrusions. Its functions include detection file modification, utmp/wtmp/last log modification, interface fraud (promiscuous interfaces), and malicious core modules (malicious kernel modules).
--------------------------------------------------------------------------------
#64 SPIKE Proxy: HTTP Attack
Spike Proxy is an open source HTTP proxy for discovering website vulnerabilities. It is part of the Spike Application Testing Suite, and its functions include automatic SQL injection detection, website crawling, login list brute force\breaking\resolve, overflow detection and directory walk detection.
--------------------------------------------------------------------------------
#65 OpenBSD: Considered to be the safest operating system
OpenBSD is one of the operating systems that regard security as the top priority of operating systems, and sometimes the security level is higher than ease of use, so its impressive security is self-evident. OpenBSD also attaches great importance to system stability and hardware support capabilities. Perhaps their greatest initiative was to create OpenSSH. OpenBSD users also praised [pf] (the firewall tool on OpenBSD, introduced in the 57th place in this list) on this system.
--------------------------------------------------------------------------------
#66 Yersinia: an underlying attack tool that supports multiple protocols
Yersinia is an underlying protocol attack intrusion detection tool. It can implement multiple attacks against multiple protocols. For example, seize the root role of the spanning tree (Spanning Tree Protocol: Spanning Tree Protocol), generate virtual CDP (Cisco Discovery Protocol) neighbors, virtualize into an active router in an HSRP (Hot Standby Router Protocol) environment, create fake DHCP feedback, and other underlying attacks.
--------------------------------------------------------------------------------
#67 Nagios: an open source host, service and network monitoring program
Nagios is a system and network monitoring program. It can monitor the hosts and services you specify and issue a prompt message when any problems or problems occur in the monitored object are resolved. Its main functions include monitoring network services (smtp, pop3, http, nntp, ping, etc.), monitoring host resources (process load, hard disk space usage, etc.), and issuing prompt messages in various forms (email, pager or other user-defined methods) when problems are found or problems are solved.
--------------------------------------------------------------------------------
#68 Fragroute/Fragrouter: A collection of network intrusion detection and evasion tools
Fragrouter is a one-way segmented router that sends (receives) IP packets from the attacker to the Fragrouter, converting the packets into segmented data streams to the victims. Many intrusion detection systems cannot reconstruct a piece of network data that is regarded as a whole (reorganized through IP segmentation and TCP flow). For details, please see this article (this classic paper). Fragrouter can help hackers launch IP-based attacks after evading intrusion detection. It is part of the NIDSbench set produced by Dug Song. Fragroute is another tool produced by Dug song that is similar to Fragrouter.
--------------------------------------------------------------------------------
#69 X-scan: A network vulnerability scanner
A multi-threaded, plug-in-capable vulnerability scanner. X-Scan's main functions include fully supporting NASL (Nessus Attack Scripting Language), detection service type, remote operating system type (version) detection, weak username/password matching, etc. The latest version is available here. Please note that this is a Chinese website (the original text is in English, so the original author reminds English readers that this is a Chinese website).
--------------------------------------------------------------------------------
#70 Whisker/libwhisker: Produced by CGI vulnerability scanner and vulnerability library
Libwhisker is a Perl template set used to test HTTP. Its function is to test whether there are many known security vulnerabilities on the HTTP server, especially CGI vulnerabilities. Whisker is a scanner based on libwhisker, but now everyone tends to use Nikto, which is also based on libwhisker.
--------------------------------------------------------------------------------
#71 Socat: Bidirectional Data Transmission Relay
Tools similar to Netcat can work on many protocols, running between files, pipelines, devices (terminals or modems, etc.), sockets (Unix, IP4, IP6-raw, UDP, TCP), Socks4 client, proxy server connection, or SSL, etc. It provides forking, logging and dumping, and interactive communication in different modes, and many more options. It can be used as a TCP relay (single trigger: one-shot or daemon (background program used for mail transmission and reception in the Internet), as a dynamic socksifier based on daemon, as a shell interface for sockets on Unix platforms, as an IP6 relay, redirecting TCP-oriented programs into serial line programs, or establishing security environments (su and chroot) related to running shell scripts with network connections to the client or server.
--------------------------------------------------------------------------------
#72 Sara: Safety Review Research Assistant
SARA is a vulnerability assessment tool derived from the infamous SATAN scanner. This tool is updated about two months, and the open source community that produces this tool also maintains Nmap and Samba.
--------------------------------------------------------------------------------
#73 QualysGuard: Web-based vulnerability scanner
Posted in the form of services on the website, so QualysGuard does not have the burden of developing, maintaining and upgrading vulnerability management software or ad-hoc security applications. The client can safely access QualysGuard through a simple and easy-to-use web page. QualysGuard contains more than 5,000 single vulnerability checks, a reasoning-based scanning engine, and the vulnerability knowledge base is automatically upgraded every day.
--------------------------------------------------------------------------------
#74 ClamAV: A GPL (General Public License)-based anti-virus tool set on UNIX platform
ClamAV is a powerful anti-virus scanner that focuses on scanning of attachments for mail servers. It contains a compact, upgradeable multi-threaded daemon, a command line scanner and automatic upgrade tools. Clam AntiVirus is based on the open source virus library released by the AntiVirus package. You can also apply this virus library to your own software, but don’t forget to upgrade it frequently.
--------------------------------------------------------------------------------
#75 cheops/cheops-ng: Provides many simple network tools, such as local or remote network mapping and identification of computer operating systems
Cheops provides many useful graphical user interface networking tools. It contains host/network discovery function, that is, host operating system detection. Cheops-ng is used to detect services running on the host. For some services, cheats-ng can detect what the application running the service is and the version number of the program. Cheops has been discontinued for development and maintenance, so it is best to use Cheops-ng.
Previous page1234Next pageRead the full text