top security tools
It is the most “advanced and popular Framework that can be used to for pen-testing. It is based on the concept of ‘exploit’ which is a code that can surpass the security measures and enter a certain system (37, N.d.)”.
It offers “real-world security testing”; use time efficiently by prioritizing high-risk threats that need your attention and creating exceptions for acceptable risk; integrate with Nexpose for closed-loop vulnerability validation, pushing results back into your vulnerability management solution” (Metasploit, N.d.)”.
This tool also provides tools of the trade for “social engineering” techniques as it “measure security awareness or trick users to get into the network (37, N.d.)”.
“Metasploit makes writing your own exploits easier, and it certainly beats scouring the darkest corners of the Internet for illicit shellcode of dubious quality” for testing (SecTools, N.d.).
Is a “penetration testing” software that allows for “real-world test” and also tests the following:
- Web Application Penetration Testing
- End-User Security Awareness Testing
- Endpoint Penetration Testing
- Mobile Device Penetration Testing
- Network Penetration Testing
- Password cracking (Penetration, N.d.)”.
This software offers reporting tools that “deliver the powerful information that organizations need to address their most significant weaknesses and help minimize risks such as:
A single-page, high-level summary of penetration testing activities and results in a visual format that both IT and business users can understand; PCI and FISMA vulnerability validation report, Wellness Report and Attack Path Report (Penetration, N.d.)”.
Cain and Abel:
According to P.C. World everyone “should have Cain & Abel in” your “security toolbox” (Bradley, 2012). This is not just a tool for “retrieving passwords; the software can capture and monitor network traffic for passwords, crack encrypted passwords using various methods, record Voice over IP (VoIP) conversations and recover wireless network keys (Bradley, 2012)”.
“The latest version is capable of analyzing encrypted network traffic such as SSH-1 or HTTPS, and has a new feature called APR. APR stands for ARP (Address Resolution Protocol) Poison Routing, and enables Cain & Abel to sniff traffic on switched LANs, or simulate MitM (Man-in-the-Middle) attacks (Bradley, 2012)”.
Wireshark is a “sniffing” tool and “can be used to capture massive amounts of network transactions and allow network engineers to delve into the payload of packets. Wireshark, which has been commonly used for network troubleshooting (Ohlhorst, 2014)”.
Wireshark “can inspect traffic, identify denial-of-service attacks and troubleshoot devices and firewalls (Chapple, N.d.)”. This tool “can peer inside the network and examine the details of traffic at a variety of levels, ranging from connection-level information to the bits comprising a single packet. This flexibility and depth of inspection allows the valuable tool to analyze security events and troubleshoot network security device issues (Chapple, N.d.)”.
“AppDetectivePRO is a database and big data store scanner that can immediately uncover configuration mistakes, identification and access control issues, missing patches or any toxic combination of settings that could lead to escalation-of-privilege or denial-of-service attacks, data leakage or unauthorized modification of data (Trustwave, N.d.)”.
It is supported by “SQLServer, Oracle, MySQL” and many more. This is an “auditing tool” for database management. It offers the ability to “to see scan results ordered by risk level for each asset; View all of the assets you discovered in your session and a graphical representation of results; detailed information about each vulnerability” (Trustwave, N.d.)”.
A few of the key features are:
Being able to “identify and highlight recently added, rogue or missing data; quickly ascertain the configuration state of all of your data stores (relational or big data) (Trustwave, N.d.)”.