Foreword:
Hello everyone, this is Jay Chou!
The tools themselves are not good or bad, but if you can make full use of good tools, you can often achieve unexpected results, especially in the security industry. This issue recommends some free and excellent security software tools, whether it is penetration testing, open source intelligence, or vulnerability assessment, which can make the daily work of security people easier. Nearly 20 of the best free security tools, the most practical sharing of dry goods, friends who don’t have time, I suggest you watch them first!
If you are an information security practitioner, you should be very familiar with network monitoring and security tools such as Nmap, Wireshark or Snort, or password cracking programs such as Ophcrack, because doing these is almost an indispensable part of the daily security operations of an enterprise.
The following 19 tools and services cover password crackers, software decompilers, vulnerability management systems, network analyzers, etc. No matter what role you belong to in the security industry, you can find what you need from this list. The following rankings are in no particular order:
Maltego
Maltego is a forensic and open source intelligence (OSINT) application, originally developed by Paterva, to provide a clear view of threats to the user environment. It has demonstrated the complexity and severity of single points of failure, and the trust relationships that exist within the scope of the infrastructure.
Maltego can collect any information published on the Internet, whether it is the current configuration of the company's network edge routers or the current whereabouts of a user. Commercial licenses need to be paid, and the community version is free, but there are some usage restrictions. In addition, Maltego can be integrated with VirusTotal and the Wayback Machine of the Internet Archive to extend the functionality of Maltego.
Tool address: https://www.maltego.com/
OWASP Zed Attack Proxy (ZAP)
Zed Attack Proxy (ZAP) is a user-friendly penetration testing tool that can find vulnerabilities in web applications. The product is mainly aimed at practitioners with extensive security experience. It provides automatic scanners and related tools for users who want to manually find vulnerabilities. It is an ideal tool for functional testers or developers who are new to penetration testing. In addition, ZAP has an official plugin for continuous integration and delivery of applications for the open source automation server Jenkins.
Tool address: https://owasp.org/www-project-zap/
Shodan
Shodan is a popular Internet of Things (IoT) search engine for hunting networked webcams, servers, and other smart devices, etc. Running Shodan for queries can help you identify public-facing servers and devices, including license plate readers, traffic lights, medical equipment, water treatment facilities, wind turbines, and almost all other smart devices.
This tool is particularly useful for searching for devices that are vulnerable to known vulnerabilities and vulnerabilities. For example, penetration testers can use IoT search engines like Shodan as part of their reconnaissance activities to identify any unintentionally exposed applications or servers on the penetration test client.
In addition, the basic functions of Shodan can be used for free, but some programs that provide advanced search filtering capabilities and lifetime licenses are paid. In addition, university students, professors, and IT personnel can get "academic upgrades" for free.
Tool address: https://www.shodan.io/
Kali Linux
Kali Linux is a Linux-based penetration testing distribution, previously known as BackTrack. Professional security personnel can use it to perform assessments in a purely local environment dedicated to hacker attacks. Users can easily access various tools from port scans to password crackers. You can download the ISO of Kali and install it on a 32-bit or 64-bit x86 system, or install it on an ARM processor. It can also be used as a virtual machine image of VMware or Hyper-V.
Kali's tools are mainly divided into information collection, vulnerability analysis, wireless attacks, web applications, exploit tools, stress testing, forensics, sniffing and spoofing, password attacks, maintaining access, reverse engineering, reporting tools, and hardware hackers. .
Tool address: https://www.kali.org/
DNS Dumpster
For domain research and DNS reconnaissance, DNS Dumpster can satisfy you. As a free domain research web service, DNS Dumpster allows you to find everything about the domain, from the host to other hard-to-find subdomains that you want to be part of the security assessment.
DNS Dumpster provides analysis data on domain names in the form of Excel files and visual graphs (mapping), which can help you better understand the relationship between the domain and its subdomains. In addition, if a subdomain that is suspended, abandoned, or parked improperly is found, it can help researchers discover the vulnerability of subdomain takeover.
Tool address: https://dnsdumpster.com/
Photon
Photon is an ultra-high-speed web crawler for collecting open source intelligence (OSINT). It can be used to obtain email addresses, social media accounts, Amazon buckets (storage areas), and other key information related to a domain, and use public resources such as Google and Internet Archive's Wayback Machine. Photon is written in Python, and plug-ins can be added, such as exporting collected data to neatly formatted JSON, or integrating DNSDumpster with Photon.
Tool address: https://github.com/s0md3v/Photon
Nessus
Nessus is one of the most popular vulnerability and configuration assessment tools in the world. It was originally an open source project, but the developer Tenable switched to a private license in version 3. As of October 2020, the version has reached 8.12.1. Nevertheless, Nessus is still free for personal use on the home network, and it can scan up to 16 IP addresses. The commercial version allows no restrictions on the IP addresses that can be scanned. According to the Tenable website, Nessus has functions such as high-speed discovery, configuration audit, asset analysis, sensitive data discovery, patch management integration, and vulnerability analysis.
Tool address: https://www.tenable.com/products/nessus
HFish
HFish is a free honeypot product. Through safe and reliable mid-to-low interaction honeypots, it increases the enterprise's capabilities in the field of loss perception and threat intelligence. The product mainly focuses on enterprise security scenarios, providing users with better availability and scalability from three aspects of internal network loss, external network threat perception, and threat intelligence production. It can be deployed with one-click and cross-platform support, and has very low performance requirements. Within one year of going online, HFish has obtained 2.6K stars on Github, and has become a GVP project in the top 5 security category on Gitee.
Tool address: https://hfish.io/
DarkSearch.io
For people who frequently visit the dark web, it is already very clear where to find content, but for novices, darksearch.io is a good platform to start studying online activities.
Like Ahmia, another dark web search engine, DarkSearch is also free, but it is additionally equipped with a free API for automatic search. Both Ahmia and DarkSearch have .onion sites, but it is not necessary to go to the .onion version site or use Tor to access these two search engines. At this time, simply visit darksearch.io from a regular web browser to search the dark web.
Tool address: https://darksearch.io/
John the Ripper
John the Ripper is a password cracking program that can be used in many types of UNIX, Windows, DOS, BeOS and OpenVMS, but the free version may have to be compiled by yourself. John the Ripper is mainly used to detect weak UNIX passwords. In addition to the most common crypt (3) password hashing types on various UNIX systems, Windows LM hashes and many other hashes and passwords in the community enhanced version are all It works out of the box. The enhanced community version supports GPU to speed up search.
Tool address: https://www.openwall.com/john/
OWASP Dependency-Check
OWASP Dependency-Check is a free open source software portfolio analysis (SCA) tool. In addition to providing diagnosis for NVD (National Vulnerability Database) and other public vulnerability information sources, Dependency-Check can also diagnose Sonatype OSS Index, a free catalog platform for open source components and scanning tools, so as to obtain accurate software component names or coordinates Related vulnerability information, rather than the broader CPE (Common Platform Enumeration, a structured naming scheme for information technology systems, software, and data packages) provided by NVD.
Tool address: https://owasp.org/www-project-dependency-check/
Microsoft Visual Studio
Some people may be surprised to mention integrated development environment (IDE) tools such as Visual Studio, but don't worry, there is a reason for this. Microsoft Visual Studio will come in handy when analyzing Trojan DLLs (Dynamic Link Library, such as those used in SolarWinds supply chain attacks) or reverse engineering C#/.NET binary files.
When using Visual Studio to open the .NET DLL, the tool will roughly reconstruct the original source code from the Microsoft Intermediate Language (MSIL) contained in the DLL, making reverse engineering and understanding of code intent easier. Visual Studio is available for Windows and Mac operating systems, and a free community edition is available for download.
For those who are only interested in a DLL decompiler rather than a mature IDE, the free .net decompiler and assembly browser dotPeek under the software provider JetBrains is also an option, but it is currently only available for Windows users .
Tool address: https://visualstudio.microsoft.com/
Java Decompiler
Just as you decompile and analyze Windows DLLs from time to time, this may also be the case for Java software programs released as JAR files. Executable packages written in Java are usually provided in the form of JARs, and these JARs are actually ZIP archives containing multiple Java "class" files.
These class files are written in Java bytecode (the intermediate instruction set of the Java virtual machine), rather than native code specific to your operating system environment. This is why Java always says that it is a "write once, run anywhere" language.
Reverse-engineer the JAR and roughly re-convert the bytecode into its original source code form, you can use tools such as Java Decompiler (JD), and can do the job well. JD can be used for free as a standalone graphical utility, also known as JD-GUI, or as an Eclipse IDE plug-in, JD-Eclipse.
Tool address: http://java-decompiler.github.io/
Burp Suite
Burp Suite is a web application security testing platform owned by the web security company PortSwigger. The various tools it contains support the entire testing process, from the initial mapping and analysis of the attack surface of the application to the discovery and exploitation of security vulnerabilities. The tools in the kit include proxy servers, web crawlers, intruder tools, and so-called repeaters, through which requests can be automated. In addition, Portswigger also provides a free version, but this version lacks a Web vulnerability scanner and some advanced manual tools.
Tool address: https://portswigger.net/burp
Metasploit
In 2003, network security expert HD Moore created the Metasploit project to provide the security community with public resources for exploit development. The framework of Metasploit was produced during the project. This is an open source platform for writing security tools and exploits. In 2009, Rapid7, a vulnerability management solutions company, acquired the Metasploit project. Before being acquired, all development of the framework was carried out in the spare time of developers. At that time, Rapid7 agreed to fund a full-time development team and retain the source code under the BSD's three-clause license, which is still in use today.
Tool address: https://www.metasploit.com/
ModSecurity
ModSecurity is a web application monitoring, logging and access control toolkit developed by the SpiderLabs team under Trustwave. It can perform complete HTTP transaction logging, capture complete requests and responses, conduct continuous security assessments, and harden web applications. Users can embed it in the Apache 2.x installation or deploy it as a reverse proxy to protect the web server. However, the way the program implements security monitoring may lead to system instability, which is somewhat controversial.
Tool address: https://www.modsecurity.org/
Aircrack-ng
Aircrack-ng is a complete set of tools for evaluating WiFi network security. It is mainly used for monitoring data packets, testing hardware, cracking passwords, and launching attacks on Wi-Fi networks. Version 1.2 released in April 2018 has significant improvements in speed and security, and expands the range of hardware that Aircrack-ng can use.
Tool address: https://www.aircrack-ng.org/
There are many tools such as: Chinese ant sword, Chinese kitchen knife, msf, etc. Some of them are not listed...
These tools are all downloaded from the official website, but the speed is very slow (all those who have downloaded it will know)
I made a big collection of them here! All are the latest version of the tool
Friends in need can click on the portal below
[The latest toolkit collection]
If you find it useful, quickly collect and learn, or share with friends to make progress together.
**粗体** _斜体_ [链接](http://example.com) `代码` - 列表 > 引用。你还可以使用@来通知其他用户。