Top 50 Infosec Tools

Networking/Security Forums -> Security Related Software

Author: Mongrel PostPosted: Tue Mar 23, 2004 1:14 am    Post subject: Top 50 Infosec Tools
This list comliments of my friendly neighborhood InfoSec guru. Lots of
these are on Knoppix.
Know these and you're pretty much good to go.

Oh - and if anything is missing please add to the list.

Note that many of the descriptions in this list were taken from the Debian
package descriptions, the Freshmeat descriptions, or from the home
pages of the application.

Without further ado, here is the list (starting with the most popular):

Description: Remote network security auditor, the client The Nessus
Security Scanner is a security auditing tool. It makes possible to test
security modules in an attempt to find vulnerable spots that should be
fixed. . It is made up of two parts: a server, and a client. The
server/daemon, nessusd, is in charge of the attacks, whereas the client,
nessus, interferes with the user through nice X11/GTK+ interface. . This
package contains the GTK+ 1.2 client, which exists in other forms and on
other platforms, too.
Note: This is an unofficial site
Description: TCP/IP swiss army knife A simple Unix utility which reads
and writes data across network connections using TCP or UDP protocol. It
is designed to be a reliable "back-end" tool that can be used directly or
easily driven by other programs and scripts. At the same time it is a
feature-rich network debugging and exploration tool, since it can create
almost any kind of connection you would need and has several interesting
built-in capabilities.
Description: A powerful tool for network monitoring and data acquisition
This program allows you to dump the traffic on a network. It can be used
to print out the headers of packets on a network interface that matches a
given expression. You can use this tool to track down network problems,
to detect "ping attacks" or to monitor the network activities.
Description: flexible packet sniffer/logger that detects attacks Snort is a
libpcap-based packet sniffer/logger which can be used as a lightweight
network intrusion detection system. It features rules based logging and
can perform content searching/matching in addition to being used to
detect a variety of other attacks and probes, such as buffer overflows,
stealth port scans, CGI attacks, SMB probes, and much more. Snort has a
real-time alerting capability, with alerts being sent to syslog, a
separate "alert" file, or even to a Windows computer via Samba.
Description: SAINT (Security Administrator's Integrated Network Tool) is
a security assesment tool based on SATAN. Features include scanning
through a firewall, updated security checks from CERT & CIAC bulletins, 4
levels of severity (red, yellow, brown, & green) and a feature rich HTML
Description: Network traffic analyzer Ethereal is a network traffic
analyzer, or "sniffer", for Unix and Unix-like operating systems. It uses
GTK+, a graphical user interface library, and libpcap, a packet capture
and filtering library.
Description: Rain.Forest.Puppy's excellent CGI vulnerability scanner
NOTE: Last I looked RFP no longer publishes Whisker - there is a new
improved product on his site.
Internet Security Scanner
Note: This tool costs significant $$$ to use, and does not come with
source code.
Description: A popular commercial network security scanner.
Abacus Portsentry
Description: Portscan detection daemon PortSentry has the ability to
detect portscans(including stealth scans) on the network interfaces of
your machine. Upon alarm it can block the attacker via hosts.deny,
dropped route or firewall rule. It is part of the Abacus program suite. .
Note: If you have no idea what a port/stealth scan is, I'd recommend to
have a look at before
installing this package. Otherwise you might easily block hosts you'd
better not(e.g. your NFS-server, name-server, ...).
Description: A suite of powerful for sniffing networks for passwords and
other information. Includes sophisticated techniques for defeating
the "protection" of network switchers.
Note: Depending on usage, this tool may have expensive licensing fees
associated with it.
Description: A file and directory integrity checker. Tripwire is a tool that
aids system administrators and users in monitoring a designated set of
files for any changes. Used with system files on a regular (e.g., daily)
basis, Tripwire can notify system administrators of corrupted or tampered
files, so damage control measures can be taken in a timely manner.
Cybercop Scanner
Note: This tool costs significant $$$ to use, and does not come with
source code. A powerful demo version is available for testing.
Description: Another popular commercial scanner
Description: hping2 is a network tool able to send custom ICMP/UDP/TCP
packets and to display target replies like ping does with ICMP replies. It
handles fragmentation and arbitrary packet body and size, and can be
used to transfer files under supported protocols. Using hping2, you can:
test firewall rules, perform [spoofed] port scanning, test net performance
using different protocols, packet size, TOS (type of service), and
fragmentation, do path MTU discovery, tranfer files (even between really
Fascist firewall rules), perform traceroute-like actions under different
protocols, fingerprint remote OSs, audit a TCP/IP stack, etc. hping2 is a
good tool for learning TCP/IP.
Description: The Security Auditor's Research Assistant (SARA) is a third
generation security analysis tool that is based on the SATAN model which
is covered by the GNU GPL-like open license. It is fostering a collaborative
environment and is updated periodically to address latest threats.
Description: packet sniffer and monitoring tool sniffit is a packet sniffer
for TCP/UDP/ICMP packets. sniffit is able to give you very detailed
technical info on these packets (SEC, ACK, TTL, Window, ...) but also
packet contents in different formats (hex or plain text, etc. ).
Description: Security Auditing Tool for Analysing Networks This is a
powerful tool for analyzing networks for vulnerabilities created for
sysadmins that cannot keep a constant look at bugtraq, rootshell and the
Description: IP Filter is a TCP/IP packet filter, suitable for use in a firewall
environment. To use, it can either be used as a loadable kernel module or
incorporated into your UNIX kernel; use as a loadable kernel module
where possible is highly recommended. Scripts are provided to install and
patch system files, as required.
Description: IP packet filter administration for 2.4.X kernels Iptables is
used to set up, maintain, and inspect the tables of IP packet filter rules in
the Linux kernel. The iptables tool also supports configuration of dynamic
and static network address translation.
Description: Firewalking is a technique developed by MDS and DHG that
employs traceroute-like techniques to analyze IP packet responses to
determine gateway ACL filters and map networks. Firewalk the tool
employs the technique to determine the filter rules in place on a packet
forwarding device. The newest version of the tool, firewalk/GTK
introduces the option of using a graphical interface and a few bug fixes.
Description: A "Classic" high-speed TCP port scanner
L0pht Crack
Note: No source code is included (except in research version) and there is
a $100 registration fee.
Description: L0phtCrack is an NT password auditting tool. It will compute
NT user passwords from the cryptographic hashes that are stored by the
NT operation system. L0phtcrack can obtain the hashes through many
sources (file, network sniffing, registry, etc) and it has numerous methods
of generating password guesses (dictionary, brute force, etc).
John The Ripper
Description: An active password cracking tool john, normally called john
the ripper, is a tool to find weak passwords of your users.
Description: Advanced packet sniffer and connection intrusion. Hunt is a
program for intruding into a connection, watching it and resetting it. . Note
that hunt is operating on Ethernet and is best used for connections which
can be watched through it. However, it is possible to do something even
for hosts on another segments or hosts that are on switched ports.
Note: The version cost money for some uses, but source code is
Description: Secure rlogin/rsh/rcp replacement (OpenSSH) OpenSSH is
derived from OpenBSD's version of ssh, which was in turn derived from
ssh code from before the time when ssh's license was changed to be non-
free. Ssh (Secure Shell) is a program for logging into a remote machine
and for executing commands on a remote machine. It provides secure
encrypted communications between two untrusted hosts over an insecure
network. X11 connections and arbitrary TCP/IP ports can also be
forwarded over the secure channel. It is intended as a replacement for
rlogin, rsh and rcp, and can be used to provide rdist, and rsync with a
secure communication channel.
tcp wrappers
Description: Wietse Venema's TCP wrappers library Wietse Venema's
network logger, also known as TCPD or LOG_TCP. . These programs log
the client host name of incoming telnet, ftp, rsh, rlogin, finger etc.
requests. Security options are: access control per host, domain and/or
service; detection of host name spoofing or host address spoofing; booby
traps to implement an early-warning system.
Description: display network usage in top-like format ntop is a Network
Top program. It displays a summary of network usage by machines on
your network in a format reminicent of the unix top utility. . It can also be
run in web mode, which allows the display to be browsed with a web
Description: These are utilities that virtually all UNIX boxes already have.
In fact, even Windows NT has them ( but the traceroute command is
called tracert ).
NAT (NetBIOS Auditing Tool)
Note: This is an unofficial download site.
Description: The NetBIOS Auditing Tool (NAT) is designed to explore the
NETBIOS file-sharing services offered by the target system. It implements
a stepwise approach to gather information and attempt to obtain file
system-level access as though it were a legitimate local client.
Description: A portscan detecting tool Scanlogd is a daemon written by
Solar Designer to detect portscan attacks on your maschine.
Sam Spade
Description: Online tools for investigating IP addresses and tracking down
Note: Source code was once freely available but I do not know if this is
still the case. Some usage may cost money.
Description: A commercial sniffing application for creating intrusion
detection systems. Source code was at one time available, but I do not
know if that is still the case.
Description: Mails anomalies in the system logfiles to the administrator
Logcheck is part of the Abacus Project of security tools. It is a program
created to help in the processing of UNIX system logfiles generated by the
various Abacus Project tools, system daemons, Wietse Venema's TCP
Wrapper and Log Daemon packages, and the Firewall ToolkitŠ by Trusted
Information Systems Inc.(TIS). . Logcheck helps spot problems and
security violations in your logfiles automatically and will send the results
to you in e-mail. This program is free to use at any site. Please read the
disclaimer before you use any of this software.
Description: A very powerful scripting language which is often used to
create "exploits" for the purpose of verifying security vulnerabilities. Of
course, it is also used for all sorts of other things.
Description: grep for network traffic ngrep strives to provide most of GNU
grep's common features, applying them to the network layer. ngrep is a
pcap-aware tool that will allow you to specify extended regular
expressions to match against data payloads of packets. It currently
recognizes TCP, UDP and ICMP across Ethernet, PPP, SLIP and null
interfaces, and understands bpf filter logic in the same fashion as more
common packet sniffing tools, such as tcpdump and snoop.
Description: A GTK based network "swiss-army-knife" Cheops gives a
simple interface to most network utilities, maps local or remote networks
and can show OS types of the machines on the network.
Description: Vetescan is a bulk vulnerability scanner which contains
programs to check for and/or exploit many remote network security
exploits that are known for Windows or UNIX. It includes various
programs for doing different kinds of scanning. Fixes for vulnerablities are
included along with the exploits.
Note: Commercial product with no source code available. A demo binary
is available for testing.
Description: A commercial security scanner by the great guys at eeye.
Description: Routines for the construction and handling of network
packets. libnet provides a portable framework for low-level network
packet writing and handling. . Libnet features portable packet creation
interfaces at the IP layer and link layer, as well as a host of
supplementary functionality. Still in it's infancy however, the library is
evolving quite a bit. Additional functionality and stability are added with
each release. . Using libnet, quick and simple packet assembly
applications can be whipped up with little effort. With a bit more time,
more complex programs can be written (Traceroute and ping were easily
rewritten using libnet and libpcap).
Crack / Cracklib
Description: Crack 5 is an update version of Alec Muffett's classic local
password cracker. Traditionally these allowed any user of a system to
crack the /etc/passwd and determine the passwords of other users (or
root) on the system. Modern systems require you to obtain read access
to /etc/shadow in order to perform this. It is still a good idea for
sysadmins to run a cracker occasionally to verify that all users have
strong passwords.
Cerberus Internet Scanner
Description: CIS is a free security scanner written and maintained by
Cerberus Information Security, Ltd and is designed to help administrators
locate and fix security holes in their computer systems. Runs on Windows
NT or 2000. No source code is provided.
Description: Swatch was originally written to actively monitor messages
as they were written to a log file via the UNIX syslog utility. It has multiple
methods of alarming, both visually and by triggering events. The perfect
tools for a master loghost. This is a beta release of version 3.0, so please
use it with caution. The code is still slightly ahead of the documentation,
but examples exist. NOTE: Works flawlessly on Linux (RH5), BSDI and
Solaris 2.6 (patched).
Description: The OpenBSD project produces a FREE, multi-platform
4.4BSD-based UNIX-like operating system. Our efforts place emphasis on
portability, standardization, correctness, security, and cryptography.
OpenBSD supports binary emulation of most programs from SVR4
(Solaris), FreeBSD, Linux, BSDI, SunOS, and HPUX.
Description: The Nemesis Project is designed to be a commandline-based,
portable human IP stack for UNIX/Linux. The suite is broken down by
protocol, and should allow for useful scripting of injected packet streams
from simple shell scripts.
Description: List open files. Lsof is a Unix-specific diagnostic tool. Its
name stands for LiSt Open Files, and it does just that. It lists information
about any files that are open by processes current running on the system.
The binary is specific to kernel version 2.2
Description: The LIDS is an intrusion detection/defense system in the
Linux kernel. The goal is to protect linux systems against root intrusions,
by disabling some system calls in the kernel itself. As you sometimes
need to administrate the system, you can disable LIDS protection.
Description: Interactive Colorful IP LAN Monitor IPTraf is an ncurses-
based IP LAN monitor that generates various network statistics including
TCP info, UDP counts, ICMP and OSPF information, Ethernet load info,
node stats, IP checksum errors, and others. . Note that since 2.0.0 IPTraf
requires a kernel >= 2.2
Description: iplog is a TCP/IP traffic logger. Currently, it is capable of
logging TCP, UDP and ICMP traffic. iplog 2.0 is a complete re-write of
iplog 1.x, resulting in greater portability and better performance. iplog 2.0
contains all the features of iplog 1.x as well as several new ones. Major
new features include a packet filter and detection of more scans and
attacks. It currently runs on Linux, FreeBSD, OpenBSD, BSDI and Solaris.
Ports to other systems, as well as any contributions at all, are welcome at
this time.
Description: Fragrouter is aimed at testing the correctness of a
NIDS,according to the specific TCP/IP attacks listed in the Secure
Networks NIDS evasion paper. [2] Other NIDS evasion toolkits which
implement these attacks are in circulation among hackers or publically
available, and it is assumed that they are currently being used to bypass
Note: A couple of the OS detection tests in Queso were later incorporated
into Nmap. A paper we wrote on OS detection is available here.
Description: Guess the operating system of a remote machine by looking
in the TCP replies.
Description: The GNU Privacy Guard (GnuPG) is a complete and free
replacement for PGP, developed in Europe. Because it does not use IDEA
or RSA it can be used without any restrictions. GnuPG is a RFC2440
(OpenPGP) compliant application. PGP is the famous encryption program
which helps secure your data from eavesdroppers and other risks.

Author: cisco studentLocation: SFDC USA: Chico, California PostPosted: Tue Mar 23, 2004 3:15 am    Post subject:
Very nice list, as you already mentioned they are already compiled into a single Distro. Which is nice, because you can just use STD instead of each package one by one. Nice post, and good descriptions even if you didn't write them.

Author: tree_twobearsLocation: Cascadia, North America PostPosted: Tue Mar 23, 2004 4:54 am    Post subject: Re: Top 50 Infosec Tools
Great list, Mongrel! I'm adding these to my reading list, as if I didn't already have enough there! Smile
Decent article at that mentions some of these tools.

Author: Guest PostPosted: Tue Mar 23, 2004 9:54 am    Post subject:
I didn't spot nmap in there. Maybe I haven't had enough coffee yet Smile I would assume it would be on the list, but who knows? maybe it isn't perceived as good enough Surprised But else it is a nice list of good security related tools.

Author: Mongrel PostPosted: Tue Mar 23, 2004 2:36 pm    Post subject:
nmap is there - just missing a title/detailed description. Do a text search
on this page for nmap - you'll find it. As we all know no list woule be
complete without it.

I stand corrected - nmap is not, unto itself here.
It's Strobe that's listed. Strobe is linked to nmap's site.
I'd think i t should be here - thanks for mentioning it.

Author: darkt3chLocation: aussie PostPosted: Wed Jun 16, 2004 6:38 am    Post subject:
Shocked Shocked *bookmarked* nice post mate thanx few nice tools there i didnt have well i got some playin around to do wif em now thanx again

Author: Khaine PostPosted: Wed Jun 16, 2004 9:19 am    Post subject:
great list Smile

I'm bookmarking some of those as we speak

Author: ZapotekLocation: Hellas PostPosted: Tue Jan 03, 2006 12:18 am    Post subject:
Nice post.
I'd rather use Auditor though.
It seems that it has way more tools, and since I've tested it I'd go with it. Wink

Author: jayaustinLocation: Western NC, USA PostPosted: Mon Feb 20, 2006 5:16 am    Post subject:
Auditor has now become BackTrack that is a combined product of Whax and Auditor.

Author: ydekel PostPosted: Fri Jul 13, 2007 1:56 pm    Post subject: codenomicon
you might wanna add codenomicon to your list, which is one of the most powerful security test tool


Author: shednikLocation: Pittsburgh, PA PostPosted: Mon Oct 15, 2007 4:07 am    Post subject:
Great List!!

Author: shednikLocation: Pittsburgh, PA PostPosted: Fri Oct 19, 2007 2:32 am    Post subject:
anyone else download the iso and boot into it with little functionality it didn't seem like it gave me even access to the CLI?? Question Question

Author: Grimm PostPosted: Wed Oct 24, 2007 5:35 pm    Post subject:
The link for Ethereal probably needs to be updated. It became "Wireshark" in 2006.

Author: Gillis57Location: Mobile, Alabama PostPosted: Mon May 26, 2008 6:45 am    Post subject: Metasploit.
The program Metasploit is probably the most comprehensive, single most useful tool of all the programs I own.

It can be found here:

It contains zenmap, as well as hundreds and hundreds of exploits.

Hope this Helps Smile

Author: normat0211 PostPosted: Mon Mar 14, 2011 11:36 am    Post subject: Top 50 Infosec Tools
I have searched many sites for this topic,but most of the sites have just copied this site,ie,the source is ,So I should tell hundreds of thanks to you.

Networking/Security Forums -> Security Related Software

output generated using printer-friendly topic mod, All times are GMT + 2 Hours

Page 1 of 1

Powered by phpBB 2.0.x © 2001 phpBB Group