Results by Year
01 – Unhide (NEW)
02 – OWASP ZAP – Zed Attack Proxy Project (-1↓)
03 – Lynis (+3↑)
04 – BeEF – The Browser Exploitation Framework (-2↓)
05 – OWASP Xenotix XSS Exploit Framework (0→)
06 – PeStudio (-2↓)
07 – OWASP Offensive (Web) Testing Framework (NEW)
08 – Brakeman (NEW)
09 – WPScan (0→)
10 – Nmap (NEW)
2014 Top Security Tools as Voted by ToolsWatch.org Readers
01 – Unhide
Unhide is a forensic tool to find hidden processes and TCP/UDP ports by rootkits / LKMs or by another hidden technique. Unhide runs in Unix/Linux and Windows Systems. It implements six main techniques.
- Compare /proc vs /bin/ps output
- Compare info gathered from /bin/ps with info gathered by walking thru the procfs. ONLY for unhide-linux version
- Compare info gathered from /bin/ps with info gathered from syscalls (syscall scanning).
- Full PIDs space ocupation (PIDs bruteforcing). ONLY for unhide-linux version
- Compare /bin/ps output vs /proc, procfs walking and syscall. ONLY for unhide-linux version. Reverse search, verify that all thread seen by ps are also seen in the kernel.
- Quick compare /proc, procfs walking and syscall vs /bin/ps output. ONLY for unhide-linux version. It’s about 20 times faster than tests 1+2+3 but maybe give more false positives.
“It is a very complete and very useful security tool. You can easily find any hidden file, ports, etc.”
“Good tool for detect malware in linux system!!”
“A good command-line tool essential nowdays to detect rootkits in unix based systems.”
02 – OWASP ZAP – Zed Attack Proxy Project
The Zed Attack Proxy (ZAP) is an easy to use integrated penetration testing tool for finding vulnerabilities in web applications.
It is designed to be used by people with a wide range of security experience and as such is ideal for developers and functional testers who are new to penetration testing.
ZAP provides automated scanners as well as a set of tools that allow you to find security vulnerabilities manually.
- Open source
- Cross platform (it even runs on a Raspberry Pi!)
- Easy to install (just requires java 1.7)
- Completely free (no paid for ‘Pro’ version)
- Ease of use a priority
- Comprehensive help pages
- Fully internationalized
- Translated into over 20 languages
- Community based, with involvement actively encouraged
- Under active development by an international team of volunteers
“It is open source and easy to use which covers all issues.”
“Loads of features (weekly releases). Easy to use. Active community. Scripting. Runs on all platforms with Java. Extensive documentation.”
“Stable, maintained and improved, well-documented, and supports WebSockets!”
03 – Lynis
Lynis is an auditing tool which tests and gathers (security) information from Unix based systems. The audience for this tool are security and system auditors, network specialists and system maintainers.
Lynis performs an in-depth local scan on the system and is therefore much more thorough than network based vulnerability scanners. It starts with the bootloader and goes up to installed software packages. After the analysis it provides the administrator with discovered findings, including hints to further secure the system.
- System and security audit checks
- File Integrity Assessment
- System and file forensics
- Usage of templates/baselines (reporting and monitoring)
- Extended debugging features
“Helped me several times to harden my systems, love it.”
“Really great auditing tool! It’s easy to use plus it’s free.”
“It helps to quickly satisfy compliance requirements in a jiffy…”
04 – BeEF – The Browser Exploitation Framework
BeEF is short for The Browser Exploitation Framework. It is a penetration testing tool that focuses on the web browser.
Amid growing concerns about web-borne attacks against clients, including mobile clients, BeEF allows the professional penetration tester to assess the actual security posture of a target environment by using client-side attack vectors. Unlike other security frameworks, BeEF looks past the hardened network perimeter and client system, and examines exploitability within the context of the one open door: the web browser. BeEF will hook one or more web browsers and use them as beachheads for launching directed command modules and further attacks against the system from within the browser context.
- Key Logger.
- Bind Shells.
- Port Scanner.
- Clipboard Theft.
- Tor Detection.
- Integration with Metasploit Framework.
- Many Browser Exploitation Modules.
- Browser Functionality Detection.
- Mozilla Extension Exploitation Support.
“Because there’s only one tool like it. No other tool serves the same purpose.”
“Nothing demonstrates the internal threat and vulnerability of a browser better than the browser exploitation framework.”
“BeEF besides the integrate attacks. It provides clients with clear pictcure of what could happen just by visiting a poisoned site.”
05 – OWASP Xenotix XSS Exploit Framework
OWASP Xenotix XSS Exploit Framework is an advanced Cross Site Scripting (XSS) vulnerability detection and exploitation framework. Xenotix provides Zero False Positive XSS Detection by performing the Scan within the browser engines where in real world, payloads get reflected. Xenotix Scanner Module is incorporated with 3 intelligent fuzzers to reduce the scan time and produce better results.
- Scanner Modules
- Information Gathering Modules
- Exploitation Modules
- Auxiliary Modules
- Xenotix Scripting Engine
“It helps me to make interesting proof of concepts for all the XSS vulnerabilities which I found during Web-app Vulnerability Assesments.”
“XSS is a menace and this scanner allows one to scan for advanced XSS attacks from a mobile device. Moreover it eases the whole scanning effort with an amazing interface.”
“It’s UI is easy to use. It has many payloads than you can ever imagine. Overall, I would recommend it as the best tool for XSS testing.”
06 – PeStudio
PeStudio is a unique tool that performs the static investigation of 32-bit and 64-bit executable. PEStudio is free for private non-commercial use only.
Malicious executable often attempts to hide its malicious behavior and to evade detection. In doing so, it generally presents anomalies and suspicious patterns. The goal of PEStudio is to detect these anomalies, provide Indicators and score the Trust for the executable being analyzed. Since the executable file being analyzed is never started, you can inspect any unknown or malicious executable with no risk.
- Virus Detection
“Great tool, easy to use, efficient for early evaluation of malware potential and intents.”
“Best tool for static PE analysis”
“Easily the best and quickest malware analysis/triage tool. Amazing support from the author, who updates the software almost every other day. Spectacularly useful in my day-to-day analysis.”
07 – OWASP Offensive (Web) Testing Framework
OWASP OWTF, Offensive (Web) Testing Framework is an OWASP+PTES-focused try to unite great tools and make pen testing more efficient, written mostly in Python. The purpose of this tool is to automate the manual, uncreative part of pen testing: For example, spending time trying to remember how to call “tool X”, parsing results of “tool X” manually to feed “tool Y”, etc.
- OWASP Testing Guide-oriented.
- Report updated on the fly.
- “Scumbag spidering”.
- Easy to configure.
- Easy to run.
- Full control of what tests to run.
- Easy to review transaction logs and plain text files with URLs.
- Basic Google Hacking without (annoying) API Key requirements via “blanket searches”.
- Easy to extract data from the database to parse or pass to other tools.
“Helped in automating and managing multiple tools with ease.”
“Because it rocks!!! It is combining all of the owasp vulnerability checks in one framework.”
“It saves me lot of time with repetitive tasks.”
08 – Brakeman
Brakeman is a security scanner for Ruby on Rails applications. Unlike many web security scanners, Brakeman looks at the source code of your application. This means you do not need to set up your whole application stack to use it.
Once Brakeman scans the application code, it produces a report of all security issues it has found.
- No Configuration Necessary
- Run It Anytime
- Better Coverage
- Best Practices
- Flexible Testing
“Free, high quality, actively developed. Significantly better than many expensive commercial products in our testing. Justin is really nice as well.”
“One of best open source tool available for security vulnerability scanning.”
“Great ruby gem that helps you see what possible security risks you have included in your application.”
09 – WPScan
WPScan is a black box WordPress vulnerability scanner.
- Username enumeration (from author querystring and location header)
- Weak password cracking (multithreaded)
- Version enumeration (from generator meta tag and from client side files)
- Vulnerability enumeration (based on version)
- Plugin enumeration (2220 most popular by default)
- Plugin vulnerability enumeration (based on plugin name)
- Plugin enumeration list generation
- Other misc WordPress checks (theme name, dir listing, …)
“There are a lot of website developed using wordpress and still vulnerable, using WP Scan which specialized in detecting wordpress security issue can reduce a lot of time for any security tester. No need to configure any payload or something similiar, just let WP Scan do it automatically.”
“The team made a new WPScan vulnerability database (wpvulndb.com). Everyone can populate (after approval) the database with new found vulnerabilities. Now the core program is better separated from the data.”
“Constant la updated. Best tool for WordPress security.”
10 – nmap
Nmap (“Network Mapper”) is a free and open source (license) utility for network discovery and security auditing. Many systems and network administrators also find it useful for network inventory, managing service upgrade schedules, monitoring host or service uptime, and many other tasks. Nmap uses raw IP packets in novel ways to determine what hosts are available on the network, what services (application name and version) those hosts are offering, what operating systems (and OS versions) they are running, what type of packet filters/firewalls are in use, and dozens of other characteristics.
- Host Discovery.
- Port Scanning.
- Version Detection.
- OS Detection.
- Nmap Scripting Engine (NSE).
“Everyones favourite portscanner.”
“Enumerate ports, find “open door.”
“The best tool that ever Pen Tester must have.”
Others Tools Listed, voted by users:
- Arachni: Arachni is an Open Source, feature-full, modular, high-performance Ruby framework aimed towards helping penetration testers and administrators evaluate the security of web applications. [http://www.arachni-scanner.com]
- ArchAssault: The ArchAssault Project is an Arch Linux derivative for penetration testers, security professionals and all-around Linux enthusiasts. [https://archassault.org]
- Bellator: Security Audit Program for Microsoft Windows System. [http://sourceforge.net/projects/bellator]
- Burp Suite Professional: Integrated platform for performing security testing of web applications. [http://portswigger.net/Burp]
- FBHT: Facebook Hacking Tool is an open-source tool written in Python that exploits multiple vulnerabilities on the Facebook platform. [https://github.com/chinoogawa/fbht]
- GoLismero: Free software framework for security testing. It’s currently geared towards web security, but it can easily be expanded to other kinds of scans. [http://www.golismero.com]
- Iron OWASP: IronWASP (Iron Web application Advanced Security testing Platform) is an open source system for web application vulnerability testing. It is designed to be customizable to the extent where users can create their own custom security scanners using it. [http://ironwasp.org]
- Kautilya: Toolkit which provides various payloads for a Human Interface Device which may help in breaking in a computer during penetration tests. [https://github.com/samratashok/Kautilya]
- Metasploit: It is the de-facto standard for penetration testing with more than one million unique downloads per year and the world’s largest, public database of quality assured exploits. [http://www.metasploit.com]
- OWASP O-Saft: Tool to show informations about SSL certificate and tests the SSL connection according given list of ciphers and various SSL configurations. [https://www.owasp.org/index.php/O-Saft]
- Pipal: Tool to generate statistics from a password file, stats go from number of 6 character passwords to hashcat masks. [http://digi.ninja/projects/pipal.php]
- ThreadFix: Software vulnerability aggregation and management system that helps organizations aggregate vulnerability data, generate virtual patches, and interact with software defect tracking systems. [http://www.denimgroup.com/resources-threadfix]
- Veil Framework: Tool to generate payload executables that bypass common antivirus solutions. [https://www.veil-framework.com]
- Volatility: The Volatility Framework is a completely open collection of tools, implemented in Python under the GNU General Public License, for the extraction of digital artifacts from volatile memory (RAM) samples. [https://github.com/volatilityfoundation/volatility]
- w3af: Web Application Attack and Audit Framework. The project’s goal is to create a framework to help you secure your web applications by finding and exploiting all web application vulnerabilities. [http://w3af.org]
- YASAT: YASAT (Yet Another Stupid Audit Tool) is a simple stupid audit tool. Its goal is to be as simple as possible with minimum binary dependencies (only sed, grep and cut). Second goal is to document each test with maximum information and links to official documentation. [http://yasat.sourceforge.net]