1. Metasploit: Penetration Testing Software
Metasploit Framework is a perfect environment for writing, testing and exploiting exploit code. This environment provides a reliable platform for penetration testing, shellcode writing and vulnerability research, which is written primarily by the object-oriented Perl programming language with optional components written by C, assembler, and Python.
Metasploit Framework as a buffer overflow test using aids, it can be said to be a vulnerability exploit and test platform. It integrates common spillover vulnerabilities and popular shellcode on each platform, and is constantly updated to make the buffer overflow test easy and simple.
2. Nessus Vulnerability Scanner
Nessus is known as “the world’s most popular vulnerability scanning program, with more than 75,000 organizations around the world using it.”
Nessus is the most trusted vulnerability scanning platform for auditors and security analysts. Users can schedule scans across multiple scanners, use wizards to easily and quickly create policies, schedule scans and send results via email. Nessus supports more technologies than any other vendor, including operating systems, network devices, hypervisors, databases, tablets/phones, web servers and critical infrastructure.
Key features include:
High-Speed Asset Discovery
Configuration & Compliance Auditing
Scanning & Auditing of Virtualized & Cloud Platforms
3. Acunetix: Website security
Acunetix Web Vulnerability Scanner is a website and server vulnerability scanning software that contains both free and paid versions.
Acunetix Web Vulnerability Scanner features:
An automated client-side script analyzer that allows security testing of Ajax and Web 2.0 applications.
The industry’s most advanced and in-depth SQL injection and cross-site scripting
Advanced penetration testing tools such as HTTP Editor and HTTP Fuzzer
Visual macro recorders help you easily test web forms and password-protected areas
Supports CAPTHCA-containing pages, single start instructions, and Two Factor verification mechanisms
Rich reporting features, including VISA PCI compliance reporting
High-speed multi-threaded scanners easily retrieve thousands of pages
The intelligent crawler detects the web server type and application language
Acunetix retrieves and analyzes Web sites, including flash content, SOAP and AJAX
The port scans the web server and performs a security check on the network service running on the server.
4. Windows Based Netsparker Website Vulnerability Scanner
Netsparker is a comprehensive web application security vulnerability scanning tool, which is divided into professional and free version, free version of the function is also more powerful. Netsparker and other comprehensive web application security scanning tool compared to a feature is that it can better detect SQL Injection and Cross-site Scripting type of security vulnerabilities.
5. w3af – Open Source Web Application Security Scanner
W3af is a Web application attack and check framework. The project has more than 130 plugins, which check SQL injection, cross site scripting (XSS), local and remote files. The goal of the project is to build a framework to find and develop Web application security vulnerabilities that are easy to use and extend.
Proxy authentication (basic and summary)
Website authentication (basic and summary)
Forged user agent
Add a request for a custom title
Local cache GET and head
Local DNS cache
Keep and support http and https connections
Use multiple POS request file uploads
Support SSL certificate
6. Wireshark: network protocol analyzer
Wireshark (formerly known as Ethereal) is a network packet analysis software. The function of the network packet analysis software is to capture the network packets and display the most detailed network packet information as much as possible.
The function of the network packet analysis software can be imagined as “the use of electric meters to measure current, voltage, resistance” work – just transplant the scene to the network, and replace the wire into a network cable. In the past, the network packet analysis software is very expensive, or specifically dedicated to the use of software. Ethereal’s appearance changed all that. Under the GNUGPL Universal License, users can obtain software and its source code at a free price and have the right to modify and customize their source code. Ethereal is one of the world’s most extensive network packet analysis software.
Network administrators use Wireshark to detect network problems. Network security engineers use Wireshark to check information security-related issues. Developers use Wireshark to troubleshoot new protocols. General users use Wireshark to learn about network protocols. People will be “ulterior motives” with it to find some sensitive information … …
Wireshark is not intrusion detection software (Intrusion DetectionSoftware, IDS). For unusual traffic on the network, Wireshark does not generate a warning or any prompt. However, a careful analysis of Wireshark’s captured packets can help users gain a clearer understanding of network behavior. Wireshark does not make changes to the content of the network packet, it will only reflect the current distribution of packet information. Wireshark itself will not send packets to the network.
7. Nmap: Security Auditing Tools
Nmap is a network connection scanning software, used to scan the Internet computer open network connection. Determine which services are running on those connections, and infer which operating system the computer is running (which is also known as fingerprinting). It is one of the necessary software for network administrators, and is used to evaluate network system security.
As most tools are used for network security tools, nmap is also a tool for many hackers and researcher to love. The system administrator can use nmap to detect unapproved servers in the work environment, but hackers will use nmap to collect the target computer’s network settings to plan the attack.
Nmap is often confused with the evaluation system vulnerability software Nessus. Nmap in a secret way, to avoid intrusion detection system monitoring, and as far as possible does not affect the daily operation of the target system.
8. Hashcat – advanced password recover
hashcat is the world’s fastest and most advanced password recovery utility, supporting five unique modes of attack for over 200 highly-optimized hashing algorithms. hashcat currently supports CPUs, GPUs, and other hardware accelerators on Linux, Windows, and OSX, and has facilities to help enable distributed password cracking.
Maltego is a unique platform developed to deliver a clear threat picture to the environment that an organization owns and operates. Maltego can locate, aggregate and visualize this information. Maltego is a program that can be used to determine the relationships and real world links between people, groups of people (social networks), companies, organizations, web sites, phrases, affiliations, documents and files, internet infrastructure (domains, DNS names, netblocks, IP addresses).