1) Nmap
Price: Free
Nmap is a security scanner, port scanner, as well as a network exploration tool. It is open-source software and is available for free.
It supports cross-platform. It can be used for network inventory, managing service upgrade schedules, and for monitoring host & service uptime. It can work for a single host as well as large networks. It provides binary packages for Linux, Windows, and Mac OS X.
Features:
Nmap suite has:
- Data transfer, redirection, and debugging tool (Ncat),
- Scan results comparing utility(Ndiff),
- Packet generation and response analysis tool (Nping),
- GUI and Results viewer (Nping)
- Available hosts on the network.
- Their services offered by these available hosts.
- Their OS.
- Packet filters they are using.
- And many other characteristics.
=> Visit Nmap Website
2) Intruder
Intruder is a fully automated scanner that finds cybersecurity weaknesses in your digital estate, and explains the risks & helps with their remediation. It’s a perfect addition to your arsenal of ethical hacking tools.
With over 9,000 security checks available, Intruder makes enterprise-grade vulnerability scanning accessible to companies of all sizes. Its security checks include identifying misconfigurations, missing patches, and common web application issues such as SQL injection & cross-site scripting.
Built by experienced security professionals, Intruder takes care of much of the hassle of vulnerability management, so you can focus on what truly matters. It saves you time by prioritizing results based on their context as well as proactively scanning your systems for the latest vulnerabilities, so you don’t need to stress about it.
Intruder also integrates with major cloud providers as well as Slack & Jira.
=> Visit Intruder Website
3) Metasploit
Price: Metasploit Framework is an open-source tool and it can be downloaded for free. Metasploit Pro is a commercial product. The free trial is available for 14 days. Contact the company to learn more about its pricing details.
It is the software for penetration testing. Using the Metasploit Framework, you can develop and execute exploit code against a remote machine. It supports cross-platform.
Features:
- It is useful for knowing about security vulnerabilities.
- Helps in penetration testing.
- Helps in IDS signature development.
- You can create security testing tools.
Website: Metasploit
4) Aircrack-Ng
Price: Free
Aircrack-ng provides different tools for evaluating Wi-Fi network security.
All are command-line tools. For Wi-Fi security, it focuses on monitoring, attacking, testing, and cracking. It supports Linux, Windows, OS X, Free BSD, NetBSD, OpenBSD, Solaris, and eComStation 2.
Features:
- Aircrack-ng can focus on Replay attacks, de-authentication, fake access points, and others.
- It supports exporting data to text files.
- It can check Wi-Fi cards and driver capabilities.
- It can crack WEP keys and for that, it makes use of FMS attacks, PTW attacks, and dictionary attacks.
- It can crack WPA2-PSK and for that, it makes use of dictionary attacks.
Website: Aircrack-Ng
5) Wireshark
Price: Free
Wireshark is a packet analyzer and can perform deep inspections of many protocols.
It supports cross-platform. It allows you to export the output to different file formats like XML, PostScript, CSV, and Plaintext. It provides the facility to apply coloring rules to packet lists so that analysis will be easier and quicker. The above image will show the capturing of packets.
Features:
- It can decompress the gzip files on the fly.
- It can decrypt many protocols like IPsec, ISAKMP, SSL/TLS, etc.
- It can perform live capture and offline analysis.
- It allows you to browse the captured network data using GUI or TTY-mode TShark utility.
Website: Wireshark
6) OpenVAS
Open Vulnerability Assessment Scanner is a fully-featured tool that can perform unauthenticated & authenticated testing and performance tuning for large-scale scans.
It contains the capabilities of various high-level & low-level internet & industrial protocols and a powerful internal programming language. Based on a long history and daily updates, the scanner gets the tests to detect vulnerabilities.
Website: OpenVAS
7) SQLMap
SQLMap is a tool for automating the process of detecting & exploiting SQL injection flaws and taking charge of database servers.
It is an open-source tool and has a powerful detection engine. It completely supports MySQL, Oracle, PostgreSQL, and many more. It fully supports six SQL injection techniques, Boolean-based blind, time-based blind, error-based, UNION query-based, stacked queries, and out-of-band.SQLMap supports executing arbitrary commands & retrieving their standard output, downloading & uploading any file, searching for specific database names, etc. It will let you connect directly to the database.
Website: SQLMap
8) NetStumbler
NetStumbler is a wireless networking tool. It supports Windows OS. It makes use of 802.11b, 802.11a, and 802.11g WLAN for the detection of wireless LANs. It also has a trimmed-down version called MiniStumbler that is for handheld Windows CE OS. It provides integrated support for a GPS unit.
NetStumbler can be used to verify network configurations, find locations with poor coverage in a WLAN, detect causes of wireless interference, detect unauthorized access points, etc.
Website: NetStumbler
9) Ettercap
Price: Free.
Ettercap supports cross-platform. Using Ettercap’s API, you can create custom plugins. Even with a proxy connection, it can do sniffing of HTTP SSL secured data.
Features:
- Sniffing of live connections.
- Content filtering.
- Active and passive dissection of many protocols.
- Network and host analysis.
Website: Ettercap
10) Maltego
Price: The Community version, Maltego CE is available for free. The price for Maltego Classic is $999. The price for Maltego XL is $1999. These two products are for the desktop. The price for the server products like CTAS, ITDS, and Comms starts at $40000, which includes training as well.
Maltego is a tool for link analysis and data mining. It supports Windows, Linux, and Mac OS.
For the discovery of data from open sources and visualizing the information in graphical format, it provides the library of transforms. It performs real-time data mining and information gathering.
Features:
- Represents data on node-based graph patterns.
- Maltego XL can work with large graphs.
- It will provide you with a graphical picture, thereby telling you about the weak points and abnormalities of the network.
Website: Maltego
