Wireshark
Wireshark (known as Ethereal until a trademark dispute in Summer 2006) is a fantastic open source multi-platform network protocol analyzer. It allows you to examine data from a live network or from a capture file on disk. You can interactively browse the capture data, delving down into just the level of packet detail you need. Wireshark has several powerful features, including a rich display filter language and the ability to view the reconstructed stream of a TCP session. It also supports hundreds of protocols and media types. A tcpdump-like console version named tshark is included. One word of caution is that Wireshark has suffered from dozens of remotely exploitable security holes, so stay up-to-date and be wary of running it on untrusted or hostile networks (such as security conferences).
Metasploit
Metasploit took the security world by storm when it was released in 2004. It is an advanced open-source platform for developing, testing, and using exploit code. The extensible model through which payloads, encoders, no-op generators, and exploits can be integrated has made it possible to use the Metasploit Framework as an outlet for cutting-edge exploitation research. It ships with hundreds of exploits, as you can see in their list of modules. This makes writing your own exploits easier, and it certainly beats scouring the darkest corners of the Internet for illicit shellcode of dubious quality. One free extra is Metasploitable, an intentionally insecure Linux virtual machine you can use for testing Metasploit and other exploitation tools without hitting live servers.
Metasploit was completely free, but the project was acquired by Rapid7 in 2009 and it soon sprouted commercial variants. The Framework itself is still free and open source, but they now also offer a free-but-limited Community edition, a more advanced Express edition ($3,000 per year per user), and a full-featured Pro edition ($15,000 per user per year). Other paid exploitation tools to consider are Core Impact (more expensive) and Canvas (less).
The Metasploit Framework now includes an official Java-based GUI and also Raphael Mudge's excellent Armitage. The Community, Express, and Pro editions have web-based GUIs.
Nessus
Nessus is one of the most popular and capable vulnerability scanners, particularly for UNIX systems. It was initially free and open source, but they closed the source code in 2005 and removed the free "Registered Feed" version in 2008. It now costs $2,190 per year, which still beats many of its competitors. A free “Nessus Home” version is also available, though it is limited and only licensed for home network use.
Nessus is constantly updated, with more than 70,000 plugins. Key features include remote and local (authenticated) security checks, a client/server architecture with a web-based interface, and an embedded scripting language for writing your own plugins or understanding the existing ones.
tcpdump
Tcpdump is the network sniffer we all used before (Wireshark) came on the scene, and many of us continue to use it frequently. It may not have the bells and whistles (such as a pretty GUI and parsing logic for hundreds of application protocols) that Wireshark has, but it does the job well and with less security risk. It also requires fewer system resources. While Tcpdump doesn't receive new features often, it is actively maintained to fix bugs and portability problems. It is great for tracking down network problems or monitoring activity. There is a separate Windows port named WinDump. tcpdump is the source of the Libpcap/WinPcap packet capture library, which is used by Nmap and many other tools.
OpenSSH/PuTTY/SSH
SSH (Secure Shell) is the now ubiquitous program for logging into or executing commands on a remote machine. It provides secure encrypted communications between two untrusted hosts over an insecure network, replacing the hideously insecure telnet/rlogin/rsh alternatives. Most UNIX users run the open source OpenSSH server and client. Windows users often prefer the free PuTTY client, which is also available for many mobile devices, and WinSCP. Other Windows users prefer the nice terminal-based port of OpenSSH that comes with Cygwin. There are dozens of other free and proprietary clients to consider as well.
Ping/telnet/dig/traceroute/whois/netstat
While there are many advanced high-tech tools out there to assist in security auditing, don't forget about the basics! Everyone should be very familiar with these tools as they come with most operating systems (except that Windows omits whois and uses the name tracert). They can be very handy in a pinch, although more advanced functionality is available from Hping and Netcat.
========================================================================
Top 10 Tools
- Nessus (vulnerability scanners)
- Wireshark (packet sniffers- previously known as Ethereal)
- Snort (IDS - intrusion detection system)
- Netcat (Netcat)
- Metasploit Framework (vulnerability exploitation tools)
- HPing2 (packet crafting tools)
- Kismet (wireless tools or packet sniffers)
- TCPDump {packet sniffers)
- Cain and Abel (password crackers or packet sniffers)
- John The Ripper (password crackers)
New Tools
- Metasploit Framework
- Paros Proxy
- Aircrack
- Sysinternals
- Scapy
- BackTrack
- P0f
- WebScarab
- WebInspect
- Core Impact
- IDA Pro
- Rainbow Crack
- AngryIP Scanner
- RKHunter
- Ike-scan
- KisMAC
- OSSEC HIDS
- Tor
- Knoppix
- chrootkit
- Yersinia
- Nagios
- X-scan
- Socat
- QualysGuard
- ClamAV
- BurpSuite
- Unicornscan
- BASE
- Argus
- Wikto
- SGuil
- IP Filter
- Canvas
- VMware
- OpenVPN
- OllyDbg
- Helix
- Acunetix Web Vulnerability Scanner
- TrueCrypt
- Watchfire AppScan
References:
- http://netsecurity.about.com/od/hackertools/a/top1002006.htm
- http://sectools.org/
- http://www.networksasia.net/article/framework-help-make-sense-cybersecurity-tools.1433516707