Software used in the security industry

William
Site Admin
Posts: 5
Joined: Thu May 21, 2020 8:49 pm

Software used in the security industry

Post by William »

Here is a list of software used across the security industry. some free some rather expensive
I will have missed loads so feel free to add any I have missed
******* Some security software will give false positive ********

1. Metasploit

The world’s most used penetration testing framework
Knowledge is power, especially when it’s shared. A collaboration between the open source community and Rapid7, Metasploit helps security teams do more than just verify vulnerabilities, manage security assessments, and improve security awareness; it empowers and arms defenders to always stay one step (or two) ahead of the game.

More info here

2. Wireshark

Wireshark is the world’s foremost and widely-used network protocol analyzer. It lets you see what’s happening on your network at a microscopic level and is the de facto (and often de jure) standard across many commercial and non-profit enterprises, government agencies, and educational institutions. Wireshark development thrives thanks to the volunteer contributions of networking experts around the globe and is the continuation of a project started by Gerald Combs in 1998.

More info here

3. w3af

w3af is a Web Application Attack and Audit Framework. The project’s goal is to create a framework to help you secure your web applications by finding and exploiting all web application vulnerabilities.

More info here

4. Kali Linux

Kali Linux is an open source project that is maintained and funded by Offensive Security, a provider of world-class information security training and penetration testing services. In addition to Kali Linux, Offensive Security also maintains the Exploit Database and the free online course, Metasploit Unleashed.

More info here

5. Nessus

Nessus was built from the ground-up with a deep understanding of how security practitioners work. Every feature in Nessus is designed to make vulnerability assessment simple, easy and intuitive. The result: less time and effort to assess, prioritize, and remediate issues.

More info here

6. Burpsuite

Burp Suite is the world's most widely used web application security testing software. Burp comes as two versions - Burp Suite Professional for hands-on testers, and Burp Suite Enterprise Edition with scalable automation and CI integration.

More info here

7. Netsparker

Netsparker helps you combat the cybersecurity skills gap and fully automate your web security processes. You can perform automatic vulnerability assessment, which helps you prioritize your work on fixing the issues. You can also automatically discover and protect your current web assets so you can avoid resource-intensive manual procedures.

More info here

8. Core Impact

The choice of the Penetration Testing Community, Core Impact is an analytics-driven solution for assessing and testing security vulnerabilities throughout your organisation. With Core Impact your IT security team can automate manual processes using consistent data, prioritisation methods and reporting to cut remediation time, minimise risks, secure critical assets and maintain continuous compliance.

More info here

9. Indusface WAS Free Website Security Check

Indusface Web Application Scanning helps detect web application vulnerabilities, malware, and logical flaws with daily or on-demand comprehensive scanning. Managed by certified security experts, Indusface application scanner helps organizations find greater business impact of logical flaws with detailed demonstrations through proof-of-concept.

More info here

10. Nmap

Nmap ("Network Mapper") is a free and open source (license) utility for network discovery and security auditing. Many systems and network administrators also find it useful for tasks such as network inventory, managing service upgrade schedules, and monitoring host or service uptime. Nmap uses raw IP packets in novel ways to determine what hosts are available on the network, what services (application name and version) those hosts are offering, what operating systems (and OS versions) they are running, what type of packet filters/firewalls are in use, and dozens of other characteristics. It was designed to rapidly scan large networks, but works fine against single hosts. Nmap runs on all major computer operating systems, and official binary packages are available for Linux, Windows, and Mac OS X. In addition to the classic command-line Nmap executable, the Nmap suite includes an advanced GUI and results viewer (Zenmap), a flexible data transfer, redirection, and debugging tool (Ncat), a utility for comparing scan results (Ndiff), and a packet generation and response analysis tool (Nping).

More info here

11. BeEF

BeEF is short for The Browser Exploitation Framework. It is a penetration testing tool that focuses on the web browser.

More info here

12. Ettercap

Ettercap is a comprehensive suite for man in the middle attacks. It features sniffing of live connections, content filtering on the fly and many other interesting tricks. It supports active and passive dissection of many protocols and includes many features for network and host analysis.

More info here

13. Aircrack-ng

Aircrack-ng is a complete suite of tools to assess WiFi network security.

It focuses on different areas of WiFi security:Monitoring: Packet capture and export of data to text files for further processing by third party tools
Attacking: Replay attacks, deauthentication, fake access points and others via packet injection,Testing: Checking WiFi cards and driver capabilities (capture and injection) Cracking: WEP and WPA PSK (WPA 1 and 2)

More info here

14. Zed Attack Proxy (ZAP)

ZAP is completely free to use, scanner and security vulnerability finder for web applications. ZAP includes Proxy intercepting aspects, a variety of scanners, spiders, etc.

More info here

15. John The Ripper

John the Ripper is free and Open Source software, for password cracker.

More info here

16. Sqlmap

sqlmap is an open source penetration testing tool that automates the process of detecting and exploiting SQL injection flaws and taking over of database servers. It comes with a powerful detection engine, many niche features for the ultimate penetration tester and a broad range of switches lasting from database fingerprinting, over data fetching from the database, to accessing the underlying file system and executing commands on the operating system via out-of-band connections.

More info here

17. Canvas

Immunity's CANVAS makes available hundreds of exploits, an automated exploitation system, and a comprehensive, reliable exploit development framework to penetration testers and security professionals worldwide.

More info here

18. Social-Engineer Toolkit

The Social-Engineer Toolkit (SET) is specifically designed to perform advanced attacks against the human element. SET was designed to be released with the https://www.social-engineer.org launch and has quickly became a standard tool in a penetration testers arsenal.

More info here

19. Sqlninja

Sqlninja is a tool targeted to exploit SQL Injection vulnerabilities on a web application that uses Microsoft SQL Server as its back-end.

More info here

20. Arachni

Arachni is a feature-full, modular, high-performance Ruby framework aimed towards helping penetration testers and administrators evaluate the security of modern web applications.

More info here

21. HconSTF

Most of the part of HconSTF is semi-automated but you still need your brain to work it out.
It can be use in all kind of security testing stages,

More info here

22. OpenVAS

OpenVAS is a full-featured vulnerability scanner. Its capabilities include unauthenticated testing, authenticated testing, various high level and low level Internet and industrial protocols, performance tuning for large-scale scans and a powerful internal programming language to implement any type of vulnerability test.

More info here