2014 Top Security Tools

01 – Unhide

Unhide is a forensic tool to find hidden processes and TCP/UDP ports by rootkits / LKMs or by another hidden technique. Unhide runs in Unix/Linux and Windows Systems. It implements six main techniques.

▼Advertisement

Features

Compare /proc vs /bin/ps output

Compare info gathered from /bin/ps with info gathered by walking thru the procfs. ONLY for unhide-linux version

Compare info gathered from /bin/ps with info gathered from syscalls (syscall scanning).

Full PIDs space ocupation (PIDs bruteforcing). ONLY for unhide-linux version

Compare /bin/ps output vs /proc, procfs walking and syscall. ONLY for unhide-linux version. Reverse search, verify that all thread seen by ps are also seen in the kernel.

Quick compare /proc, procfs walking and syscall vs /bin/ps output. ONLY for unhide-linux version. It’s about 20 times faster than tests 1+2+3 but maybe give more false positives.

URL: https://www.unhide-forensics.info

Testimonials

“It is a very complete and very useful security tool. You can easily find any hidden file, ports, etc.”

“Good tool for detect malware in linux system!!”

“A good command-line tool essential nowdays to detect rootkits in unix based systems.”

02 – OWASP ZAP – Zed Attack Proxy Project

The Zed Attack Proxy (ZAP) is an easy to use integrated penetration testing tool for finding vulnerabilities in web applications.

It is designed to be used by people with a wide range of security experience and as such is ideal for developers and functional testers who are new to penetration testing.

ZAP provides automated scanners as well as a set of tools that allow you to find security vulnerabilities manually.

▼Advertisement

Features

Open source

Cross platform (it even runs on a Raspberry Pi!)

Easy to install (just requires java 1.7)

Completely free (no paid for ‘Pro’ version)

Ease of use a priority

Comprehensive help pages

Fully internationalized

Translated into over 20 languages

Community based, with involvement actively encouraged

Under active development by an international team of volunteers

URL: https://www.owasp.org/index.php/OWASP_Zed_Attack_Proxy_Project

Testimonials

“It is open source and easy to use which covers all issues.”

“Loads of features (weekly releases). Easy to use. Active community. Scripting. Runs on all platforms with Java. Extensive documentation.”

“Stable, maintained and improved, well-documented, and supports WebSockets!”

03 – Lynis

Lynis is an auditing tool which tests and gathers (security) information from Unix based systems. The audience for this tool are security and system auditors, network specialists and system maintainers.

Lynis performs an in-depth local scan on the system and is therefore much more thorough than network based vulnerability scanners. It starts with the bootloader and goes up to installed software packages. After the analysis it provides the administrator with discovered findings, including hints to further secure the system.

▼Advertisement

Features

System and security audit checks

File Integrity Assessment

System and file forensics

Usage of templates/baselines (reporting and monitoring)

Extended debugging features

URL: https://cisofy.com/download/lynis/

Testimonials

“Helped me several times to harden my systems, love it.”

“Really great auditing tool! It’s easy to use plus it’s free.”

“It helps to quickly satisfy compliance requirements in a jiffy…”

04 – BeEF – The Browser Exploitation Framework

BeEF is short for The Browser Exploitation Framework. It is a penetration testing tool that focuses on the web browser.

Amid growing concerns about web-borne attacks against clients, including mobile clients, BeEF allows the professional penetration tester to assess the actual security posture of a target environment by using client-side attack vectors. Unlike other security frameworks, BeEF looks past the hardened network perimeter and client system, and examines exploitability within the context of the one open door: the web browser. BeEF will hook one or more web browsers and use them as beachheads for launching directed command modules and further attacks against the system from within the browser context.

▼Advertisement

Features

Key Logger.

Bind Shells.

Port Scanner.

Clipboard Theft.

Tor Detection.

Integration with Metasploit Framework.

Many Browser Exploitation Modules.

Browser Functionality Detection.

Mozilla Extension Exploitation Support.

URL: https://beefproject.com

Testimonials

“Because there’s only one tool like it. No other tool serves the same purpose.”

“Nothing demonstrates the internal threat and vulnerability of a browser better than the browser exploitation framework.”

“BeEF besides the integrate attacks. It provides clients with clear pictcure of what could happen just by visiting a poisoned site.”

05 – OWASP Xenotix XSS Exploit Framework

OWASP Xenotix XSS Exploit Framework is an advanced Cross Site Scripting (XSS) vulnerability detection and exploitation framework. Xenotix provides Zero False Positive XSS Detection by performing the Scan within the browser engines where in real world, payloads get reflected. Xenotix Scanner Module is incorporated with 3 intelligent fuzzers to reduce the scan time and produce better results.

▼Advertisement

Features

Scanner Modules

Information Gathering Modules

Exploitation Modules

Auxiliary Modules

Xenotix Scripting Engine

URL: https://www.owasp.org/index.php/OWASP_Xenotix_XSS_Exploit_Framework

Testimonials

“It helps me to make interesting proof of concepts for all the XSS vulnerabilities which I found during Web-app Vulnerability Assesments.”

“XSS is a menace and this scanner allows one to scan for advanced XSS attacks from a mobile device. Moreover it eases the whole scanning effort with an amazing interface.”

“It’s UI is easy to use. It has many payloads than you can ever imagine. Overall, I would recommend it as the best tool for XSS testing.”

06 – PeStudio

PeStudio is a unique tool that performs the static investigation of 32-bit and 64-bit executable. PEStudio is free for private non-commercial use only.

Malicious executable often attempts to hide its malicious behavior and to evade detection. In doing so, it generally presents anomalies and suspicious patterns. The goal of PEStudio is to detect these anomalies, provide Indicators and score the Trust for the executable being analyzed. Since the executable file being analyzed is never started, you can inspect any unknown or malicious executable with no risk.

▼Advertisement

Features

References

Indicators

Virus Detection

Imports

Resources

Report

Prompt

Interface

URL: https://www.winitor.com

Testimonials

“Great tool, easy to use, efficient for early evaluation of malware potential and intents.”

“Best tool for static PE analysis”

“Easily the best and quickest malware analysis/triage tool. Amazing support from the author, who updates the software almost every other day. Spectacularly useful in my day-to-day analysis.”

07 – OWASP Offensive (Web) Testing Framework

OWASP OWTF, Offensive (Web) Testing Framework is an OWASP+PTES-focused try to unite great tools and make pen testing more efficient, written mostly in Python. The purpose of this tool is to automate the manual, uncreative part of pen testing: For example, spending time trying to remember how to call “tool X”, parsing results of “tool X” manually to feed “tool Y”, etc.

▼Advertisement

Features

OWASP Testing Guide-oriented.

Report updated on the fly.

“Scumbag spidering”.

Resilience.

Easy to configure.

Easy to run.

Full control of what tests to run.

Easy to review transaction logs and plain text files with URLs.

Basic Google Hacking without (annoying) API Key requirements via “blanket searches”.

Easy to extract data from the database to parse or pass to other tools.

URL: https://www.owasp.org/index.php/OWASP_OWTF

Testimonials

“Helped in automating and managing multiple tools with ease.”

“Because it rocks!!! It is combining all of the owasp vulnerability checks in one framework.”

“It saves me lot of time with repetitive tasks.”

08 – Brakeman

Brakeman is a security scanner for Ruby on Rails applications. Unlike many web security scanners, Brakeman looks at the source code of your application. This means you do not need to set up your whole application stack to use it.

Once Brakeman scans the application code, it produces a report of all security issues it has found.

▼Advertisement

Features

No Configuration Necessary

Run It Anytime

Better Coverage

Best Practices

Flexible Testing

Speed

URL: https://brakemanscanner.org

Testimonials

“Free, high quality, actively developed. Significantly better than many expensive commercial products in our testing. Justin is really nice as well.”

“One of best open source tool available for security vulnerability scanning.”

“Great ruby gem that helps you see what possible security risks you have included in your application.”

09 – WPScan

WPScan is a black box WordPress vulnerability scanner.

▼Advertisement

Features

Username enumeration (from author querystring and location header)

Weak password cracking (multithreaded)

Version enumeration (from generator meta tag and from client side files)

Vulnerability enumeration (based on version)

Plugin enumeration (2220 most popular by default)

Plugin vulnerability enumeration (based on plugin name)

Plugin enumeration list generation

Other misc WordPress checks (theme name, dir listing, …)

URL: https://wpscan.org

Testimonials

“There are a lot of website developed using wordpress and still vulnerable, using WP Scan which specialized in detecting wordpress security issue can reduce a lot of time for any security tester. No need to configure any payload or something similiar, just let WP Scan do it automatically.”

“The team made a new WPScan vulnerability database (wpvulndb.com). Everyone can populate (after approval) the database with new found vulnerabilities. Now the core program is better separated from the data.”

“Constant la updated. Best tool for WordPress security.”

10 – nmap

Nmap (“Network Mapper”) is a free and open source (license) utility for network discovery and security auditing. Many systems and network administrators also find it useful for network inventory, managing service upgrade schedules, monitoring host or service uptime, and many other tasks. Nmap uses raw IP packets in novel ways to determine what hosts are available on the network, what services (application name and version) those hosts are offering, what operating systems (and OS versions) they are running, what type of packet filters/firewalls are in use, and dozens of other characteristics.

▼Advertisement

Features

Host Discovery.

Port Scanning.

Version Detection.

OS Detection.

Nmap Scripting Engine (NSE).

URL: https://nmap.org

Testimonials

“Everyones favourite portscanner.”

“Enumerate ports, find “open door.”

“The best tool that ever Pen Tester must have.”

loading...