Security Tools

Vulnerability Assessment Tools:

Vulnerability scanners automate security auditing and can play a vital part in your IT security by scanning your network and websites for different security risks. It is also possible for some to even automate the patching process.

1. OpenVAS

http://www.openvas.org/

This is an open source tool serving as a central service that provides vulnerability assessment tools for both vulnerability scanning and vulnerability management.

OpenVAS supports different operating systems

The scan engine of OpenVAS is constantly updated with the Network Vulnerability Tests

OpenVAS scanner is a complete vulnerability assessment tool identifying issues related to security in the servers and other devices of the network

OpenVAS services are free of cost and are usually licensed under GNU General Public License (GPL)

2. Nikto

https://cirt.net/Nikto2

Nikto is a greatly admired and open source web scanner employed for assessing the probable issues and vulnerabilities.

It is also used for verifying whether the server versions are outdated, and also checks for any particular problem that affects the functioning of the server

Nikto is used to perform a variety of tests on web servers in order to scan different items like a few hazardous files or programs

It is not considered as a quiet tool and is used to test a web server in the least possible time

It is used for scanning different protocols like HTTPS, HTTPd, HTTP etc. This tool allows scanning multiple ports of a specific server

3Tripwire IP360

https://www.tripwire.com/products/tripwire-ip360/

Developed by Tripwire Inc, Tripwire IP360 is considered to be a leading vulnerability assessment solution that is employed by different agencies and enterprises in order to manage their security risks.

It uses a wide-ranging view of networks to spot all the vulnerabilities, configurations, applications, network hosts etc.

It uses the open standards to help in the integration of risk management and vulnerability into multiple processes of the business

4. Wireshark

https://www.wireshark.org/

Wireshark is an extensively used network protocol analyzer considered to be the most powerful tool in the security practitioners toolkit.

Wireshark is used across different streams like government agencies, enterprises, educational institutions etc.. to look into the networks at a microscopic level

It captures the issues online and executes the analysis offline

It runs on different platforms like Linux, masOS, Windows, Solaris etc.

5. Retina CS Community

https://www.beyondtrust.com/vulnerability-management

Retina CS is an open source and web-based console that has helped the vulnerability management to be both simplified and centralized.

With its feasible features like compliance reporting, patching and configuration compliance, Retina CS provides an assessment of cross-platform vulnerability

Retina CS help save the time, cost and effort for managing the network security

It is included with automated vulnerability assessment for DBs, web applications, workstations, and servers

Being an open source application, Retina CS presents complete support for virtual environments like vCenter integration, virtual app scanning etc.

6. Microsoft Baseline Security Analyzer (MBSA)

https://www.microsoft.com/en-sg/download/details.aspx?id=19892

MBSA is a free Microsoft tool ideal for securing a Windows computer based on the specifications or guidelines set by Microsoft.

MBSA allows enhancing their security process by examining a group of computers for any misconfiguration, missing updates, and any security patches etc.

It can only scan for security updates, service packs and update rollups putting aside the Critical and Optional updates

It is used by medium-sized and small-sized organizations for managing the security of their networks

After scanning a system, MBSA will present a few solutions or suggestions related to fixing of the vulnerabilities

7. AT&T Cybersecurity Vulnerability Scanning

https://www.business.att.com/products/vulnerability-scanning.html

The AT&T Cybersecurity Vulnerability Scanning Solution can be delivered either as a managed service or run from within IT. It helps detect security vulnerabilities in systems, web applications and network devices. It is probably best as a managed service for IT departments lacking cybersecurity expertise.

8. Nessus

https://www.tenable.com/products/nessus

Nessus is a widely used vulnerability assessment tool. It is probably best for experienced security teams, as its interface can be a little tricky to master at first. It can be used in conjunction with pen testing tools, providing them with areas to target and potential weaknesses to exploit.

9. Skybox

https://www.skyboxsecurity.com/?utm_source=GoogleAds&utm_medium=Brand&utm_term=&utm_content=Skybox_Security&utm_campaign=Homepage&gclid=CjwKCAjwxOvsBRAjEiwAuY7L8kLmgwGPLWhK7QdPGfdyXmy1vnsBd7Qvr9dnmK1O7h64ZA95M5MclxoC_LoQAvD_BwE

Skybox offers scanless assessment, threat prioritization and smart remediation based on risk. By tying threat intelligence into vulnerability control, and merging results from third-party scanners, it is effective at finding blind spots. User reviews are generally very good. It is probably better for mid-sized to large organizations than SMBs.

10. Alibaba Cloud Managed Security Service

https://www.alibabacloud.com/product/mss

Alibaba offers a managed service for port inspection, scans for web and system vulnerability, and a vulnerability review to eliminate false positives. It is focused on the cloud and is probably best for non-U.S. businesses in light of ongoing trade hostilities between the U.S.A. and China.

11. Metasploit

https://www.metasploit.com/

Metasploit covers the scanning and testing of vulnerabilities. Backed by a huge open-source database of known exploits, it also provides IT with an analysis of pen testing results so remediation steps can be done efficiently. However, it doesn’t scale up to enterprise level and some new users say it is difficult to use at first.

12. Netsparker

https://www.netsparker.com/

Netsparker is very good at what it does – the scanning of websites. But it is not designed to do anything else and so lacks the range of many other products. One plus is ease of use. Its automated web application security scanning capabilities can also be integrated with third party tools. Operators don’t need to be knowledgeable in source code. Very good for SMBs rather than large enterprises.

13. Amazon inspector

https://aws.amazon.com/inspector/

If you are an AWS shop, then Amazon Inspector is the automated security assessment service for you. It scans all applications deployed on AWS and can be extended to Amazon EC2 instances, too. But it can’t scan Azure, Google Cloud or on-premises data centers and server rooms. Thus, it s only recommended for those enterprises and SMBs running mainly on the Amazon cloud.

14. Burp

https://portswigger.net/burp

Burp is a web vulnerability scanner used in a great many organizations. Although there is a free version available, it is limited in functionality, with no automation capabilities. Those wishing for the complete package for enterprise wide scalability and automation should be prepared to pay well. Security professional only needing a good automated vulnerability scanner for testing of code can make do with the Professional version, which is cheaper.

15. Acunetix Vulnerability Scanner

https://www.acunetix.com/

Acunetix is another tool that only scans web-based applications. But its multi-threaded scanner can crawl across hundreds of thousands of pages rapidly and it also identifies common web server configuration issues. It is particularly good at scanning WordPress. Therefore, those with a heavy WordPress deployment should consider it.

16. Intruder

https://intruder.io/?utm_source=google&utm_medium=cpc&utm_campaign=APAC|Search|Vulnerability|BMM&adgroupid=78873630940&utm_term=%2Bcloud%20%2Bvulnerability%20%2Bscanner&gclid=CjwKCAjwxOvsBRAjEiwAuY7L8hL7XNS_dVVlw2POkwcwjjjhwngkNqngJ68lZAdKIo5rVg8_C0lJUxoCY6QQAvD_BwE

Intruder is a cloud-based vulnerability scanner that concentrates on perimeter scanning. Any deeper in the enterprise and it needs to be supplemented by other tools. But it is strong at discovering new vulnerabilities. Therefore, it’s a good choice for those looking to harden the perimeter.

17. Nmap

https://nmap.org/

Nmap is a port scanner that also aids pen testing by flagging the best areas to target in an attack. That is useful for ethical hackers in determining network weaknesses. As it’s open source, it’s free. That makes it handy for those familiar with the open source world, but it may be a challenge for someone new to such applications. Although it runs on all major OSes, Linux users will find it more familiar.

1. Autopsy

Autopsy is a GUI-based open source digital forensic program to analyze hard drives and smart phones efficiently. Autospy is used by thousands of users worldwide to investigate what happened in the computer.

autopsy

It’s widely used by corporate examiners, military to investigate and some of the features are.

  • Email analysis
  • File type detection
  • Media playback
  • Registry analysis
  • Photos recovery from memory card
  • Extract geolocation and camera information from JPEG files
  • Extract web activity from browser
  • Show system events in graphical interface
  • Timeline analysis
  • Extract data from Android – SMS, call logs, contacts, etc.

It has extensive reporting to generate in HTML, XLS file format.

2. Encrypted Disk Detector

Encrypted Disk Detector can be helpful to check encrypted physical drives. It supports TrueCrypt, PGP, BitLocker, Safeboot encrypted volumes.

3. Wireshark

Wireshark is a network capture and analyzer tool to see what’s happening in your network. Wireshark will be handy to investigate network related incident.

4. Magnet RAM Capture

You can use Magnet RAM capture to capture the physical memory of a computer and analyze artifacts in memory.

It supports Windows operating system.

5. Network Miner

An interesting network forensic analyzer for Windows, Linux & MAC OS X to detect OS, hostname, sessions and open ports through packet sniffing or by PCAP file. Network Miner provides extracted artifacts in an intuitive user interface.

networkminer

6. NMAP

NMAP (Network Mapper) is one of the most popular networks and security auditing tools. NMAP is supported on most of the operating systems including Windows, Linux, Solaris, MAC OS, HP-UX, etc. It’s open source so free.

7. RAM Capturer

RAM Capturer by Belkasoft is a free tool to dump the data from computer’s volatile memory. It’s compatible with Windows OS. Memory dumps may contain encrypted volume’s password and login credentials for webmails and social network services.

8. Forensic Investigator

If you are using Splunk, then Forensic Investigator will be a convenient tool. It’s Splunk app and has many tools combined.

splunk-forensic-investigator

  • WHOIS/GeoIP lookup
  • Ping
  • Port scanner
  • Banner grabber
  • URL decoder/parser
  • XOR/HEX/Base64 converter
  • SMB Share/NetBIOS viewer
  • Virus Total lookup

9. FAW

FAW (Forensics Acquisition of Websites) is to acquire web pages for forensic investigation which has the following features.

  • Capture the entire or partial page
  • Capture all types of image
  • Capture HTML source code of the web page
  • Integrate with Wireshark

faw

10. HashMyFiles

HashMyFiles will help you to calculate the MD5 and SHA1 hashes. It works on almost all latest Windows OS.

hashmyfiles

11. USB Write Blocker

View the USB drives content without leaving the fingerprint, changes to metadata and timestamps. USB Write Blocker use Windows registry to write-block USB devices.

usb-writeblocker

12. Crowd Response

Response by Crowd Strike is a windows application to gather system information for incident response and security engagements. You can view the results in XML, CSV, TSV or HTML with the help of CRConvert. It runs on 32 or 64 bit of Windows XP above.

Crowd Strike has some other helpful tools for investigation.

  • Totrtilla – anonymously route TCP/IP and DNS traffic through TOR.
  • Shellshock Scanner – scan your network for shellshock vulnerability
  • Heartbleed scanner – scan your network for OpenSSL heart bleed vulnerability

crowdstrike

13. NFI Defraser

Defraser forensic tool may help you to detect full and partial multimedia files in the data streams.

14. ExifTool

ExifTool helps you to read, write and edit meta information for a number of file types. It can read EXIF, GPS, IPTC, XMP, JFIF, GeoTIFF, Photoshop IRB, FlashPix, etc.

15. Toolsley

Toolsley got more than ten useful tools for investigation.

  • File signature verifier
  • File identifier
  • Hash & Validate
  • Binary inspector
  • Encode text
  • Data URI generator
  • Password generator

16. SIFT

SIFT (SANS investigative forensic toolkit) workstation is freely available as Ubuntu 14.04. SIFT is a suite of forensic tools you need and one of the most popular open source incident response platform.

sift

17. Dumpzilla

Extract all exciting information from Firefox, Iceweasel and Seamonkey browser to be analyzed with Dumpzilla.

dumpzilla

18. Browser History

Foxton has two free exciting tools.

  1. Browser history capturer – capture web browser (chrome, firefox, IE & edge) history on Windows OS.
  2. Browser history viewer – extract and analyze internet activity history from most of the modern browsers. Results are shown in the interactive graph, and historical data can be filtered.

19. ForensicUserInfo

Extract the following information with ForensicUserInfo.

  • RID
  • LM/NT Hash
  • Password reset/Account expiry date
  • Login count/fail date
  • Groups
  • Profile path

20. Black Track

Blacktrack is one of the most popular platforms for penetration testing, but it has forensic capability too.

21. Paladin

PALADIN forensic suite – the world’s most famous Linux forensic suite is a modified Linux distro based on Ubuntu available in 32 and 64 bit.

paladin

Paladin has more than 100 tools under 29 categories, almost everything you need to investigate an incident. Autospy is included in the latest version – Paladin 6.

22. Sleuth Kit

The Sleuth Kit is a collection of command line tools to investigate and analyze volume and file systems to find the evidence.

23. CAINE

CAINE (Computer Aided Investigate Environment) is Linux distro that offers the complete forensic platform which has more than 80 tools for you to analyze, investigate and create an actionable report.

caine

Dark Web

Tools, guides and tips for navigating the Dark Web.


AHMIA

Ahmia makes hidden services accessible to a wide range of people, not just Tor network users.


DARK NET DICTIONARY 

Commonly used words used on dark web.


DARK NET MARKETS

List of Dark Net markets.


DARK NET STATS

Dark Net stats regarding .onion sites.


DARK SEARCH 

Access dark web results directly, without the need to install Tor.


DARK WEB ARCHIVE / PAGE CAPTURE 

Untitled331-1200x1200Archive web page capture for dark web.


DARK WEB DAILY REPORTS

Receive daily email reports on the dark web from Hunchly.


DARK WEB GUIDES

Guides and tutorials collected and stored on the MidaSearch Pinboard.


DARK WEB LINKS

Dark web links.


DARK / DEEP WEB LINKS

Tor Search Engine Links | Onion Search Engine | Tor Directory Links | Hidden Wiki Links.


DARK WEB MAP

The Dark Web Map is a visualization of the structure of Tor’s onion services.


DARK WEB TOOL

Untitled331-1200x1200Dark web toolkit from the International Anti Crime Academy (IACA).


FRESH ONIONS

Untitled331-1200x1200A dark web crawler designed for indexing hidden services.


HIDDEN ANSWERS 

General forum.


HIDDEN WIKI FRESH

Enables you to view hidden wiki site addresses without having to connect via TOR.


ONION LAND 

Searchable TOR cache site. 


ONION LINK

Onion.link sacrifices client-anonymity for convenience. Those wishing to browse anonymously must download the Tor Browser Bundle.


ONION SCAN

OnionScan is a free and open source tool for investigating the Dark Web.


ONION SEARCH ENGINE 

An onion search engine without need to download TOR.


ONION SHARE

Share documents through TOR.


TOR66

Untitled331-1200x1200A dark web directory.


TOR BOT 

The main objective of this project is to collect open data from the deep web (aka dark web) and with the help of data mining algorithms, collect as much information as possible and produce an interactive tree graph.


TOR DEX 

TOR search engine.


TOR SEARCH ENGINES

A list of dark web search engines.


TORUM 

TOR Cyber Security forum.


UNDERDIR

Untitled331-1200x1200A dark web directory.

Coming Soon…​