The prediction says that by 2021, Cybercrime damages will cost $6 trillion to the world. On an individual company level, the financial loss could hurt the company. The average cost of a cyber-attack is $1.67 million, including productivity and operational costs. These losses also cause negative customer experience, along with other consequences. Hence to manage the results, there are numerous Network Security Tools present in the market which may save the company from damages.

The prediction says that by 2021, Cybercrime damages will cost $6 trillion to the world. On an individual company level, the financial loss could hurt the company. The average cost of a cyber-attack is $1.67 million, including productivity and operational costs. These losses also cause negative customer experience, along with other consequences. Hence to manage the results, there are numerous Network Security Tools present in the market which may save the company from damages.

List of Network Security Tools:

  1. Wireshark
  2. Metasploit
  3. Nessus
  4. AirCrack
  5. Snort
  6. Cain and Abel
  7. BackTrack
  8. Netcat
  9. Tcpdump
  10. John the Ripper
  11. Kismet
  12. Open SSH/PuTTY/SSH
  13. Burp Suite
  14. Nikto
  15. Hping
  16. Ettercap
  17. Sysinternals
  18. W3af
  19. OpenVAS
  20. Scapy
  21. Ping/telnet/dig/traceroute/whois/netstat
  22. THC Hydra
  23. Perl/Python/Ruby
  24. Paros Proxy
  25. NetStumbler
  26. Google
  27. OSSEC HIDS
  28. WebScarab
  29. Core Impact
  30. SQL Map
  31. TruCrypt
  32. Dsniff
  33. IDA Pro
  34. Maltego
  35. OphCrack
  36. Nexpose
  37. Netfilter
  38. GnuPG/PGP
  39. Skipfish
  40. GFI LanGuard
  41. Acunetix
  42. QualysGuard
  43. VMware
  44. OllyDbg
  45. Ntop
  46. MBSA
  47. AppScan
  48. OSSIM
  49. Medusa
  50. OpenSSL
  51. Canvas
  52. FGDump
  53. Tor
  54. Retina
  55. Firefox
  56. OpenVPN
  57. L0phtCrack
  58. Social Engineer Toolkit
  59. Yersinia
  60. Fiddler
  61. Sslstrip
  62. SolarWinds
  63. Ngrep
  64. EtherApe
  65. Splunk
  66. Angry Ip Scanner
  67. NetWitness NextGen
  68. Secunia PSI
  69. Nagios
  70. Immunity Debugger
  71. Superscan
  72. SQL Ninja
  73. Helix
  74. Malware Bytes Anti Malware
  75. Netsparker
  76. HP Webinspect
  77. BeEF
  78. Argus
  79. OpenBSD PF
  80. ClamAV
  81. Nipper
  82. Network Miner
  83. Wikto
  84. P0f
  85. NoScript
  86. Sguil
  87. Samurai Web Testing Framework
  88. Tamper Data
  89. Firebug
  90. insider
  91. Nemesis
  92. KeePass
  93. GDB
  94. Virus Total
  95. Tripwire
  96. Ratproxy
  97. KisMAC
  98. IKE-Scan
  99. Net Scan Tools
  100. cURL
  101. The Sleuth Kit
  102. WebSecurify
  103. Knoppix
  104. THC Amap
  105. RainbowCrack
  106. Grendel Scan
  107. Dradis
  108. Socat
  109. DumpSec
  110. SAINT
  111. NBTScan
  112. DirBuster
  113. WinDbg
  114. Wfuzz
  115. ArcSight SIEM Platform
  116. Unicorn Scan
  117. Stunnel
  118. SELinux
  119. Brutus
  120. EnCase
  121. Wapiti
  122. WebGoat
  123. HijackThis
  124. Honeyd
  125. AIDE

 

Let us have a look at all the above tools briefly.

Wireshark

Wireshark is known to be an open multi-platform network protocol analyzer. It helps to examine data from a live network or a capture file. Wireshark will help you to browse capture data and get information about packet detail to the level you need. This tool can view the reconstructed stream of a TCP session and has a rich display filter language. It supports many media types and protocols. Despite all the positives, Wireshark has many security holes; hence you need to stay up-to-date and be careful while running it on hostile or untrusted networks.

 

Metasploit

Metasploit is an advanced open-source platform that can develop, test, and use exploit code. The Metasploit Framework can is an outlet for exploitation research. It ships with numerous exploits, thus helping you to write your exploit. Also, Metasploitable (Linux Virtual Machine) is used to test Metasploit, and another tool without hitting live servers. Metasploit is free and open-source but also offers a free but limited Community Edition and a Full-feature Pro Edition ($5000/year/user). This framework also includes an official Java-based GUI and Raphael Mudge’s Armitage. All the editions have a web-based GUI.

 

Nessus

Nessus is a popular and very capable vulnerability scanner developed for UNIX systems, embedded scripting language to help you write your scripts and understand the existing ones. It has features like remote and local security checks. When launched, it was a free and open-source (closed in 2005). The current scanner costs $2190/year. The Nessus Home version is free but is licensed and limited only for a home network. Nessus comprises more than 70,000 plugins.

 

AirCrack

AirCrack is a combination of tools for 802.11 a/b/g WEP and WPA Cracking. It implements the best cracking algorithms to recover wireless keys once enough encrypted packets gather. This suite consists of tools like Airodump, Aireplay, Aircrack, and Airdecap.

 

Snort

This suite of tools helps in network intrusion detection and prevention during traffic analysis and packet logging on IP Networks. Snort can detect various worms; vulnerability exploit attempts, port scans, and other suspicious behaviors via protocol analysis, content searching, and multiple pre-processors. It has a flexible rule-based language that describes if it should collect or pass the traffic and a modular detection engine. The Basic Analysis and Security Engine (BASE) is a web interface which analyses Snort alerts. Snort is free and an open-source which offers their VRT certified rules for $499/sensor/year. It also provides a complementary product line of appliances and software with many enterprise-level features.

 

Cain and Abel

Cain and Abel is a Windows only password recovery tool that helps to handle a variety of tasks. It helps in recovering passwords by sniffing the network. It also helps in cracking encrypted passwords using a dictionary. Other functions include revealing password boxes, recovering cached passwords, decoding scrambled passwords. Apart from password related functions, it helps in recording VoIP conversations, analyzing routing protocols, and brute-force and cryptanalysis attacks.

 

BackTrack

BackTrack is an excellent bootable live CD Linux Distribution coming from the combination of Whax and Auditor. It helps to boast many Forensic and Security tools. These are the tools that provide a rich development environment. They mainly focus on user modularity, which helps distribution to be easily customized by the user, thus including personal scripts, customized kernels, and additional tools. BackTrack is succeeded by Kali Linux.

 

Netcat

The original Netcat was released by Hobbit in 1995. Netcat helps to read and write data across TCP and UDP network connections. It is a reliable back-end tool that can be easily used by other scripts and programs. Netcat is also a feature-rich network debugging and exploration tool as it creates any type of connection you require, including accepting incoming connections or port binding. As this tool is useful and flexible, the Nmap Project had produced Ncat, which was a modern reimplementation supporting IPv6, SSL, SOCKS, connection brokering, HTTP proxies, etc.

 

Tcpdump

Tcpdump is a network sniffer that was initially used before Wireshark, and many of us continue to use it. It may not have a pretty GUI or a parsing logic for many application protocols, but it functions well with less security risk. It also requires fewer system resources. Even though Tcpdump doesn’t receive new features frequently, it is still actively maintained to fix bugs and portability issues. It has received good reviews for tracking network problems and maintaining activity. The separate Windows port is called WinDump. Tcpdump is also the source of WinPcap/Libpcap.

 

John the Ripper

John the Ripper is another password cracker that is used for UNIX/Linux and Mac OS. It helps to detect weak Unix passwords despite supporting hashes for many other platforms. Three versions of John the Ripper are available in the market, namely, the official free version, the community enhanced version, and the inexpensive pro version.

 

Kismet

Kismet is a console that is based on 802.11 Layer-2, Sniffer, Wireless Network Detector, and Intrusion Detection System. It helps to identify networks by passively sniffing and decloaking hidden networks if in use. It helps to detect network IP blocks by sniffing UDP, TCP, DHCP packets, and ARP by logging traffic in Wireshark/Tcpdump compatible format and plot detected networks. It helps to estimate ranges on downloaded maps. This tool is commonly used for wardriving, warflying, warskating, and warwalking.

 

Secure Shell (SSH)

SSH is a ubiquitous program used for logging into or executing commands on a remote machine. It helps to provide secure and encrypted communications between two untrusted hosts over an insecure network, thus replacing the insecure telnet/rsh/rlogin alternatives. Many UNIX users run the open-source Open SSH server and client. Windows users prefer the Putty client available for mobile devices and WinSCP. Other Windows users prefer the terminal-based port of OpenSSH, which comes with Cygwin.

 

Burp Suite

Burp Suite is an integrated platform that helps to attack web applications. It comprises of tools with various interfaces between them, which help to facilitate and speeding up the process of attacking an application. All tools in the Burp Suite have a common framework to handle and display HTTP messages, authentication, persistence, logging, alerting, proxies, and extensibility. A limited free version of Burp Suite Professional is available for $299 per user per year.It helps in checking for server configuration items like the presence of multiple index files, HTTP server options, thus attempting to identify installed web servers and software. Scan items and plugins are updated or can be automatically updated.

 

Nikto

Nikto is an open-source (GPL) web server scanner known to perform tests against web servers against 6400 dangerous files/CGIs, outdated versions of 1200 servers, and many other problems for 270 servers. It helps in checking the server configuration items like the presence of multiple index files, and HTTP server options. It attempts and identifies installed web servers and software. Scan items and plugins are updated and have an option to be updated automatically.

 

Hping

Hping helps in assembling and sending custom ICMP, TCP, and UDP packets and then displays any replies. Hping was or inspired by the ping command, but it offers more control over the probes sent. It also consists of a traceroute mode and helps supporting IP fragmentation. It is mainly useful when you are trying to ping/probe/traceroute hosts behind the firewall that blocks attempts using the standard utilities. Hping is used while learning about TCP/IP and experimenting with IP protocols. But unfortunately, Hping hasn’t been updated since 2005.

 

Ettercap

Ettercap is a suite used for attacks in LAN. Ettercap features sniffing of live connections, content filtering on the fly, and many other interesting tricks. It helps in supporting active and passive dissection of many protocols and includes many features for network and host analysis.

 

Sysinternals

Sysinternals helps to provide many utilities which are useful for low-level windows hacking. Some are free of cost and/or include source code, while others are proprietary. Survey respondents were enamored with:

  • PsTools: Manage (execute, suspend, detail, kill) local and remote processes
  • RootkitRevealer: Detect registry and file system API discrepancies which indicate the presence of a user-mode or kernel-mode rootkit
  • TCPView: View TCP and UDP traffic endpoints used by each process
  • Autoruns: Discover executables set to run during system login/bootup
  • ProcessExplorer: Look out for the files and directories open by any process

 

Many Sysinternals tools originally come with the source code (even Linux versions).

 

W3af

W3af is a popular, powerful, and flexible framework used to find and exploit web application vulnerabilities. It is easy to use and extend. It also features various web assessments and exploitation plugins.

 

OpenVAS

OpenVAS is a vulnerability scanner, forked from the last free version of Nessus post, which the tool went proprietary in 2005. OpenVAS plugins are yet written in the Nessus NASL language. OpenVAS has been dead for a while, but redevelopment has recently started.

 

Scapy

Scapy is an interactive and powerful manipulation tool, network discovery tool, network scanner, packet generator, and a packet sniffer. You will interact with Scapy while using the Python Programming Language. Scapy helps to provide classes to create sets or packets, manipulate them, and send them over the wire. They sniff other packets from the wire, match answers and replies, and perform many more functions.

 

Hydra

Hydra is often used when you require to brute force crack a remote authentication service. It helps to perform a rapid attack against more than 50 protocols like HTTP, https, smb, FTP, telnet, various databases, etc. Other similar online crackers include Ncrack and Medusa.

 

Pearl/Python/Ruby

Many canned security tools are available here to handle common tasks, scripting languages allowing you to write your own when you need some custom features. Quick, portable scripts can test, exploit, or fix systems. CPAN comprises of modules like Net RawIP and protocol implementation to make tasks easier. Many security tools make use of Scripting languages for extensibility. For example, Scapy interaction through a Python interpreter, Nmap’s scripting engine uses Lua, Metasploit modules are written in Ruby.

 

Netstumbler

Netstumbler is a Windows tool that helps to find open wireless access points. They also help to distribute a WinCE version for PDAs and such named MiniStumbler. This tool is available for free for Windows only. It uses an active approach to finding WAPs than passive sniffers like KisMAC or Kismet.

 

Google

Google’s huge database is known to be a gold mine for penetration testers and security researchers. There are functions where you can find information about a particular company by “site:taget-domain.com” and find employee names, sensitive hidden information, vulnerable software installations, and much more. When a bug is found in a web application, Google helps to provide a list of vulnerable servers available worldwide within seconds.

 

OSSEC HIDS

OSSEC HIDS helps performing integrity checking, time-based alerting, rootkit detection, active response, and log analysis. It is known to provide IDS functionality and commonly known as an SEM/SIM solution. OSSEC HIDS has a powerful log analysis engine due to which universities, data centers, and ISPs run OSSEC HIDS to monitor and analyze their IDSs, firewalls, authentication logs, and web servers.

 

WebScarab

WebScarab helps to record the conversations (requests and responses) that it observers and allows the operator to review them in various different ways. It is designed to be used for anyone who exposes the working of an HTTP(S) based application and decides whether to allow the security specialist to identify vulnerabilities in the application or to allow the developer to debug difficult issues.

 

Core Impact

Core Impact is one of the expensive tools available in the market (Minimum append = $30,000), but it is the most powerful exploitation tool available. It helps to sport a large and regularly updated database of professional exploits and can perform neat tricks like being able to exploit one machine and then establishes an encrypted tunnel through the machine to reach and exploit other boxes.

 

SQLMap

SQLMap is an open-source penetration testing tool that helps to automate the process of detecting and exploiting SQL Injection flaws and take over the backend database servers. It provides features like fetching data from the database, database fingerprinting, accessing the underlying file system and execute OS commands via out-of-band connections. It is recommended to use the development release from their Subversion repository.

 

TrueCrypt

TrueCrypt was abandoned in May 2014. But many people are still using the software, and there are many alternatives striving to take its lofty place. TrueCrypt is an open-source disk encryption system mainly for Linux, Mac, and Windows. Users have the option to encrypt filesystems, which are then encrypted/decrypted as required without user intervention and beyond entering their passphrase. There is a hidden volume feature that allows users to hide the second layer of sensitive content with deniability about whether it even exists. If you are forced to give up the passphrase, then you give them to the first level secret. That only allows them access to the innocuous material you have there without proving that a second-level key even exists.

 

Dsniff

Dsniff is a well-engineered suite of tools by Dug Song. It comprises of many tools like dsniff, filesnarf, mailsnarf, msgsnarf, urlsnarf, and webspy. It helps monitoring networks for data like e-mails, passwords, files, etc. Macof, Dnsspoof, Arpspoof help in facilitating the interception of network traffic. Sshmitm and Webmitm help in implementing active monkey-in-the-middle attacks against redirected SSH and HTTPS sessions by exploiting the weak bindings in ad-hoc PKI. This suite suffers from a lack of any updates in the last decade, but it is a great toolset for handling password sniffing needs.

 

IDA Pro

Disassembly is a huge part of security research. It helps to dissect the Microsoft Patch to help to discover the bugs or in examining a server binary to determine why your exploit is not working. IDA Pro has become a standard for analyzing the hostile code and for vulnerability research. This is an interactive, extensible, programmable, and is a multi-processor disassembler with a graphical interface on Windows and console interfaces on Mac OS and Linux.

 

Maltego

Maltego is a data mining application also used for forensics. It helps in querying public data sources, and graphically depicts relationships between people, web sites, documents, companies. It is an open-source intelligence but not open-source software.

 

Ophcrack

Ophcrack is a rainbow table-based cracker for Windows Passwords. It runs on Windows, Linux, and Mac. Its features include LM and NTLM hash cracking, ability to load hashes from SAM recovered from a Windows partition, GUI, Live CD version. Ophcrack is also available for free download but larger ones must be bought from Objectif Securite.

 

Nexpose

Nexpose is famous for scanning vulnerabilities in networks. It helps to support the vulnerability management lifecycle, including detection, discovery, verification, impact analysis, mitigation, reporting, and risk classification. It integrates with Metasploit for vulnerability exploitation. It is available as standalone software, virtual machine, application, managed service, or private cloud deployment. Nexpose is free but is limited to community edition and commercial versions, which cost up to $2,000 per user per year.

 

Netfilter

Netfilter is a packet filter that implements in the standard Linux kernel. Configuration is the primary function of this tool. It helps supporting packet filtering (stateful or stateless), different types of network addresses and port translation (NAPT/NAT), and multiple API layers for 3rd party extensions. It comprises of various modules which handle protocols like FTP.

 

GnuPG/PGP

Initially written by Phil Zimmerman, PGP is a famous encryption system that will help you secure your data from eavesdroppers and other risks. Whereas GnuPG is an open-source implementation of PGP. GnuPG is available for free while PGP owned by Symantec and costs a lot of money.

 

Skipfish

Skipfish is a web application and security reconnaissance tool that helps in preparing an interactive sitemap for the targeted site. The interactive sitemap helps in recursive crawling and dictionary-based probes. This map annotates the output from several active security checks. The final report is generated by a tool that serves as a foundation for professional web application security assessment.

 

GFI LanGuard

GFI LanGuard is a vulnerability and network security scanner, specially designed to help clients with patch management, vulnerability assessment, software, and network audits. Costing for this tool depends on the number of IP addresses the client wishes to scan. Despite the cost, a free trial version of up to 5 IP addresses is available.

 

Acunetix

Acunetix is a web vulnerability scanner that checks web applications for vulnerabilities like SQL Injections, Arbitrary File Creation and Deletion, Cross-Site Scripting, and Weak Password Strength on authentication pages. It helps to boost a GUI and has the ability to create professional security audits and compliance reports.

 

QualysGuard

QualysGuard us a SaaS vulnerability management tool. Its web-based User Interface offers network discovery and mapping, vulnerability assessment reporting, asset prioritization, and remediation tracking according to the business risk. Internal scans are handled by Qualys appliances, which helps to communicate back to the cloud-based system.

 

VMware

VMware is a virtualization tool that will let you run one operating system within another. Security researchers can use this to test codes, exploits, etc. on various platforms. It runs only on Linux and Windows as the host OS, but any OS (for example – x86 or x86_64) can run inside the virtualized environment, It also helps in setting up sandboxes. Browsing within a VMware window is possible, despite you being affected. Thus it will not reach your host. Recovering the guest OS is as simple as loading a snapshot from prior to the infection. An open-source alternative for VMware is VirtualBox.

 

OllyDbg

OllyDbg is an assembler level which analyses debugger for MS Windows. Binary Code Analysis helps in making it useful in cases where the sources are unavailable. Some OllyDbg features include the intuitive user interface, Loops, Switches, Cables, API Calls, Constants, and Strings. It also comprises of an Intuitive User Interface. The OllyDbg can attach to a running program and comprises of good multi-thread support. It is free to download but without source code.

 

Ntop

Ntop helps in showing network usage similar to what a top does for processes. Ntop displays the network status on the user’s terminal. It also acts as a Web Server, thus creating an HTML dump of the network status. It is a NetFlow/collector/sFlow emitter, and an HTTP based client interface for creating ntop centric monitoring applications and RRD for storing traffic statistics.

 

MBSA

Microsoft Baseline Security Analyzer (MBSA) designed for IT Professionals, is commonly used in small and medium-sized businesses. They help to determine the security state per Microsoft Security offers and recommendations. It helps to maintain consistency with other Microsoft Management Products like WSUS, SMS, MU, and MOM.

 

AppScan

AppScan is a tool that provides security testing in the application development lifecycle, thus easing the unit testing and security assurance. It scans vulnerabilities like HTTP Response Splitting, Cross-Site Scripting, Hidden Field Manipulation, Parameter Tampering, Buffer Overflows, Backdoor/Debug Options, etc.

 

Open Source Security Information Management (OSSIM)

Open Source Security Information Management (OSSIM) is a suite of tools that, while working together, provide network/security administrators with detailed information about hosts, networks, servers, and physical access devices. OSSIM incorporates tools like OSSEC HIDS and Nagios.

 

Medusa

Medusa is a modular, speedy, massively parallel login brute forcer. It supports many protocols like AFP, CVS, FTP, HTTP, IMAP, SSH, Subversion, and VNC, to name a few. Other online crackers include THC Hydra and Ncrack.

 

OpenSSL

OpenSSL helps to develop a robust, commercial-grade, open-source toolkit, and a full-featured Secure Sockets Layer and Transport Layer Security protocols. It is a component of many crypto programs. An OpenSSL comprises of a lot of command-line tools for hashing, encryption, certificate handling, etc.

 

Canvas

Canvas is known to be a commercial vulnerability exploitation tool. It comprises of 370 exploits and is less expensive than the Core Impact or commercial versions of Metasploit. It has full source code and even includes zero-day exploits.

 

Fgdump

Fgdump is the latest version of the pwdump tool, which helps in extracting LanMan and NTLM password from Windows. It also displays password histories if available. It can disable antivirus software before running. It outputs the data in the L0pht-Crack-compatible form. It then runs pwdump, cache dump (cached credentials dump), and pstgdump (protected storage dump).

 

Tor

Tor is a network of virtual tunnels known to improve privacy and security on the Internet by routing requests through a series of intermediate machines. It makes use of a normal proxy server interface. It also helps preserve the user’s anonymity. Firewall restrictions can also be evaded using Tor. With the help of Tor, users can publish websites and other services without revealing their identity and location. Tor exit nodes run by malicious parties and can sniff your traffic, which helps in authentication using insecure network protocols like non-SSL websites and mail servers.

 

Retina

The retina can scan all the hosts on a network and report on vulnerabilities found in a network—the retina written by eEye, which is known for its security research.

 

Firefox

Firefox is a web browser which is a descendant of Mozilla. Firefox was once a dangerous competition to Internet Explorer but with improved security. Firefox is not much in use today, but the security professionals still appreciate it for its wide selection of security-related add-ons like Firebug, NoScript, and Tamper Data.

 

Open VPN

OpenVPN is an open-source SSL VPN package that helps to accommodate various configurations like site-to-site VPNs, Remote Access, WiFi Security, and Enterprise Scale Remote Access Solutions with Failover, Load Balancing, and Fine-Grained Access Controls. An Open VPN helps to implement Layer 2 or Layer 3 Secure Network Extension using the industry-standard SSL/TLS protocol. It supports client authentication methods based on smart cards, certificates. It allows a user or a group of users to access control policies using firewall rules, which applies to the VPN Virtual Interface. An Open VPN uses the OpenSSL as its primary cryptographic library.

 

L0phtCrack

L0phtCrack helps in cracking Windows passwords from hashes, which it can obtain (given proper access) from stand-alone Windows workstations, networked servers, primary domain controllers, or Active Directory. It can also sniff the hashes off the wire. L0phtCrack has various methods to generate password guesses.

 

Social Engineer Toolkit

The Social-Engineer Toolkit is known to incorporate many social-engineering attacks all in one interface. The main purpose of the Social-Engineer Toolkit is to help to automate and improve many social-engineering attacks. It can also generate exploit-hiding web pages or email messages and can use Metasploit payloads to connect back with a shell.

 

Yersinia

Yersinia is a low-level protocol attack tool useful for penetration testing. It takes care of many attacks over multiple protocols like becoming the root role in the Spanning Tree (Spanning Tree Protocol), or creating virtual CDP (Cisco Discovery Protocol) neighbors, or help to become the active router in an HSRP (Hot Standby Router Protocol) scenario, faking DHCP replies, and other low-level attacks.

 

Fiddler

Fiddler is a Web Debugging Proxy tool that logs all HTTP(S) traffic between your computer and the Internet. It allows the user to inspect all HTTP(S) traffic, set breakpoints, and “fiddle” with incoming or outgoing data. Fiddler has an event-based scripting subsystem and extends using any .NET language.

 

SSLStrip

SSLStrip is an SSL stripping proxy that makes unencrypted HTTP sessions look as much as possible like HTTPS sessions. It helps in converting HTTPS Links to HTTP or HTTPS with a known private key. The SSLStrip also provides a padlock favicon for the illusion of a secure channel. Many HTTPS sites normally access from a redirect on an HTTP page, and many users don’t notice when their connection is not upgraded.

 

SolarWinds

SolarWinds is known to create and sell dozens of special-purpose tools targeted at systems administrators. Security-related tools include an SNMP brute-force cracker, network discovery scanners, a TCP connection reset program, router password decryption, one of the fastest and easiest router config download/upload applications available, and many more.

 

Ngrep

Ngrep provides features like applying them to the Network Layer. The Ngrep is a pcap-aware tool which allows you to specify extended regular or hexadecimal expressions to match against data payloads of packets. It helps to recognize TCP, UDP and ICMP. It helps understanding bpf filter logic in the same fashion as more common packet sniffing tools, such as tcpdump and snoop.

 

EtherApe

EtherApe is known to display network activity graphically with a color-coded protocols display. It also supports Ethernet, WLAN, FDDI, Token Ring, ISDN, PPP, and SLIP devices. It helps in filtering traffic to be shown and can read traffic from a file as well as live from the network.

 

Splunk

Splunk searches, reports, monitors, and analyzes real-time streaming and historical IT data. It helps in collecting logs from a variety of sources and makes them searchable in a unified interface.

 

Angry IP Scanner

Angry IP Scanner is an open-source Java application known to perform host discovery (“ping scan”) and port scans. The initial 2.x release was applicable for Windows-only, but the current 3.X series supports Linux, Mac, or Windows only if Java is installed.

 

NetWitness NextGen

NetWitness NextGen is a network security monitor. The core of the monitor is the Decoder subsystem that records network traffic for analysis. The Investigator is a protocol analyzer runs on captured traffic.

 

Secunia PSI

Secunia PSI (Personal Software Inspector) is a free security tool that helps in detecting out-dated programs and plug-ins which expose your PC to attacks. Attacks that exploit Thus Secunia PSI checks only the machine it is running on. At the same time, its commercial sibling Secunia CSI (Corporate Software Inspector) helps in scanning multiple machines on a network.

 

Nagios

Nagios helps in the system and network monitoring. It is known to keep an eye on the hosts and services and alert you if there are any disruptions. It has features like it helps to monitor network services (SMTP, POP3, HTTP, NNTP, ICMP, etc.), monitor host resources (processor load, disk usage, etc.), and contact notifications when service or host problems occur and get resolved (via email, pager, or user-defined method).

 

Immunity Debugger

Immunity Debugger is a debugger whose design reflects the need to write exploits, analyze malware, and reverse engineer binary files. It is the industry’s first heap analysis tool built specifically for heap creation and a large and well supported Python API for easy extensibility.

 

Superscan

Superscan is a free Windows-only closed-source TCP/UDP port scanner made by Foundstone. It includes a suite of networking tools like ping, traceroute, HTTP HEAD, and whois. This tool is currently not maintained.

 

SQLIninja

SQLIninja helps in exploiting the web applications which make use of Microsoft SQL Server as a database backend. It also focuses on getting a running shell on the remote host. SQLIninja does not find an SQL injection in the first place but automates the exploitation process.

 

Helix

Helix is a Live CD customized for computer forensics. Helix does not access the host computer and is forensically sound. Helix will not auto mount swap space or any attached devices. Helix also has a special Windows autorun side for Incident Response and Forensics.

 

Malwarebyte’s Anti-Malware

Malwarebyte’s Anti-Malware is a malware scanner for Windows. It is known to make use of many technologies to find malware undetectable by other malware scanners. A free trial available with limited options and a supported full version with the ability to run scheduled scans.

 

Netsparker

Netsparker is a web application security scanner, with support for both detection and exploitation of vulnerabilities. It aims to be false-positive–free by only reporting confirmed vulnerabilities after successfully exploiting or otherwise testing them.

 

HP WebInspect

WebInspect is a web application security assessment tool that helps to identify the known and unknown vulnerabilities within the Web application layer. It also helps in checking if the Web server is configured properly and attempts common web attacks such as parameter injection, cross-site scripting, directory traversal, and more. HP WebInspect, produced by Spidynamics, is now a part of HP.

 

BeEF

BeEF is a browser exploitation framework. This tool helps in demonstrating the collection of zombie browsers and browser vulnerabilities in real-time. It also provides a command and control interface which facilitates the targeting of individual or groups of zombie browsers. It makes the creation of new exploit modules easy.