Important Tools

From Network Security Wiki

Network Security Tools

Tool Description
3CDaemon It contains a FTP and TFTP server, TFTP client and a Syslog Server.
Backtrack/Kali Linux A Debian-derived Linux distribution designed for digital forensics and penetration testing
Cat tools It automates common network configuration tasks including the ability to automatically change and backup network device configurations. It also sends email notifications about any network configuration changes.
Darkstat Captures network traffic, calculates statistics about usage, and serves reports over HTTP.
Elastix A unified communications server software that brings together IP PBX, Email, IM, Faxing & Collaboration Functionality.
EnCase A suite of digital forensics products which comes in several forms designed for forensic, cyber security and e-discovery use. It contains tools for several areas of the digital forensic process: acquisition, analysis and reporting.
Endian Firewall A linux security distribution that turns every system into a full featured security appliance with Unified Threat Management (UTM) functionality. The features include a stateful packet inspection firewall, application-level proxies for various protocols (HTTP, FTP, POP3, SMTP) with antivirus support, virus and spam-filtering for email traffic (POP and SMTP), content filtering of Web traffic and a "hassle free" VPN solution (based on OpenVPN).
Etherape A packet sniffer/network traffic monitoring tool which has a graphical interface. Each node represents a specific host. Nodes and links are color-coded to represent different protocols forming the various types of traffic on the network.
Ethstatus A console-based monitoring utility for displaying statistical data of the ethernet interface on a quantity basis.
Ettercap A network security tool for man-in-the-middle attacks on LAN. It can be used for computer network protocol analysis and security auditing. It works by putting the network interface into promiscuous mode and by ARP poisoning the target machines.
Expect An extension to the Tcl scripting language, a program to automate interactions with programs that expose a text terminal interface.
Fping A program to send ICMP echo probes to network hosts, similar to ping, but much better performing when pinging multiple hosts, first version was published in 1992.
GNS3 Simulates complex networks like Cisco IOS, PIX, ASA, IPS or Juniper JunOS, while being as close as possible to the way real networks perform. It uses the following emulators: Dynamips (Cisco IOS), VirtualBox(desktop and server OS as well as Juniper JunOS) Qemu(Cisco ASA, PIX and IPS)
Hping A free packet generator and analyzer for the TCP/IP protocol, is one of the de facto tools for security auditing and testing of firewalls and networks.
ipcalc A simple way to calculate IP information for a host.
John the Ripper/Johnny A free password cracking software tool, runs on fifteen different platforms, one of the most popular password testing and breaking programs as it combines a number of password crackers into one package, autodetects password hash types, and includes a customizable cracker. It can be run against various encrypted password formats based on DES, MD5, Blowfish, Kerberos AFS, or Windows NT/2000/XP/2003 LM hash. Additional modules extend its ability to include MD4-based password hashes and passwords stored in LDAP, MySQL, and others. Johnny is a GUI for John the Ripper.
K9 Web Protection A free Internet filter and parental control software for home Windows or Mac computer.
KeePass/Web KeePass A free, open source, cross-platform and light-weight password management utility, which stores all usernames, passwords, other fields, including free-form notes, in a securely encrypted database, protected by a single master password and/or key file. It supports two-factor authentication and Windows secure desktop option to protect against keyloggers. KeePass can import from over 30 other most commonly used password managers. There is a large selection of plugins for KeePass.
Kismet A network detector, packet sniffer, and intrusion detection system for 802.11 wireless LANs.
Knoppix An OS based on Debian designed to be run directly from CD/DVD or USB Drive, can be used to copy files easily from hard drives with inaccessible operating systems. To quickly and more safely use Linux software, the Live CD can be used instead of installing another OS.
KVM A virtualization infrastructure for the Linux kernel that turns it into a hypervisor, which is merged into the Linux kernel mainline.
Metasploit Framework/Armitage A tool for developing and executing exploit code against a remote target machine. To choose an exploit and payload, some information about the target system is needed, such as operating system version and installed network services. This information can be gleaned with port scanning and OS fingerprinting tools such as Nmap. Armitage is a graphical cyber attack management tool for the Metasploit Project that visualizes targets and recommends exploits.
mRemoteNG A fork of mRemote, an open source, tabbed, multi-protocol, remote connections manager. It allows you to view all of your remote connections in a simple yet powerful tabbed interface, supports the following protocols: RDP, VNC, ICA, SSH, Telnet, HTTP/HTTPS, rlogin, Raw Socket Connections.
Nagios/FAN An open source computer system monitoring, network monitoring and infrastructure monitoring software application. Nagios offers monitoring and alerting services for servers, switches, applications, and services. It alerts the users when things go wrong and alerts them a second time when the problem has been resolved. The purpose of Fully Automated Nagios (FAN) is to provide a quick and easy installation which includes the most-used tools in the Nagios community. A large number of tools are also being distributed, which makes the implementation of an efficient monitoring platform much easier.
Nessus A proprietary comprehensive vulnerability scanner which is available free of charge for personal use in a non-enterprise environment.
Netcat/Socat TCP/IP swiss army knife, a computer networking service for reading from and writing to network connections using TCP or UDP. Socat is a more complex variant of netcat. Its list of features includes port scanning, transferring files, and port listening, and it can be used as a backdoor. It is larger and more flexible and has more options that must be configured for a given task.
Network Security Toolkit(NST) A Linux-based Live CD that provides a set of open source computer security and networking tools to perform routine security and networking diagnostic and monitoring tasks. The distribution can be used as a network security analysis, validation and monitoring tool on servers hosting virtual machines.
Netexpect A framework for managing network packets, including packet crafting, injection, and reception.
NGrep A command line based network packet analyzer which has the ability to look for a regular expression in the payload of the packet, and show the matching packets on a screen or console. It allows users to see all unencrypted traffic being passed over the network, by putting the network interface into promiscuous mode.
Nmap/Zenmap A security scanner used to discover hosts and services on a computer network by sending specially crafted packets to the target host and then analyzes the responses.
Ntop A network probe that shows network usage & acts as a web server, creating a HTML dump of the network status.
Octopussy Free log analyzer to analyze Bind, Cisco Router, Cisco Switch, DenyAll Reverse Proxy, Drbd, F5 BigIP, Fortinet FW, Ironport MailServer, Linux Kernel/System, Linux IPTables, Monit, MySQL, Nagios, NetApp NetCache, Juniper Netscreen FW, Juniper Netscreen NSM, Postfix, PostgreSQL, Samhain, Snmpd, Squid, Sshd, Syslog-ng, Windows Snare Agent, Xen,etc. Wizard to easily create new Message/Service for Unrecognized logs.
Offline NT Password & Registry Editor This is a utility to reset the password of any user that has a valid (local) account on your Windows NT/2k/XP/Vista/Win7 etc system. You do not need to know the old password to set a new one.
OpenVAS A framework of several services and tools offering a comprehensive and powerful vulnerability scanning and vulnerability management solution.
Ophcrack A free open source program that cracks Windows passwords by using LM hashes through rainbow tables. The program includes the ability to import the hashes from a variety of formats, including dumping directly from the SAM files of Windows. On most computers, it can crack most passwords within a few minutes.
OSSIM An open source security information and event management system, integrating a selection of tools designed to aid network administrators in computer security, intrusion detection and prevention.
Ostinato An open-source, cross-platform network packet crafter/traffic generator and analyzer with a friendly GUI. Craft and send packets of several streams with different protocols at different rates.
OTRS An free and open-source trouble ticket system software package that a company, organization, or other entity can use to assign tickets to incoming queries and track further communications about them.
Scapy A packet manipulation tool for computer networks which can forge or decode packets, send them on the wire, capture them, and match requests and replies. It can also handle tasks like scanning, tracerouting, probing, unit tests, attacks, and network discovery.
Serva Serva is a single exe based all-in-one portable multi-server engine containing HTTP, FTP, TFTP server, TFTP client, DHCP, proxyDHCP, BINL, DNS, SNTP & SYSLOG servers which does not require installation, Internet connection, does not save keys on your Windows registry, and it can be used right away.
Snort/BASE a free and open source NIPS and NIDS which has the ability to perform real-time traffic analysis and packet logging on Internet Protocol (IP) networks. Snort performs protocol analysis, content searching, and content matching. The program can also be used to detect probes or attacks, including, but not limited to, operating system fingerprinting attempts, common gateway interface, buffer overflows, server message block probes, and stealth port scans. Snort can be configured in three main modes: sniffer, packet logger, and network intrusion detection. BASE is the Basic Analysis and Security Engine. It is based on the code from the Analysis Console for Intrusion Databases (ACID) project. This application provides a web front-end to query and analyze the alerts coming from a SNORT IDS system.
Solarwinds Engineers Toolset Over 60 Must-Have Network Tools
TCPDump A common packet analyzer that runs under the command line. It allows the user to intercept and display TCP/IP and other packets being transmitted or received over a network to which the computer is attached.
Testdisk/PhotoRec A free and open source data recovery utility. It is primarily designed to help recover lost data storage partitions and/or make non-booting disks bootable again when these symptoms are caused by faulty software, certain types of viruses or human error (such as accidentally erasing a partition table).
THC Hydra/Xhydra A fast and flexible Network Login Hacking Tool. It uses a dictionary attack to try various password/login combinations against an Internet service to determine a valid set of login credentials. It supports a wide set of protocols including Mail (POP3, IMAP, etc.), Databases, LDAP, SMB, VNC, and SSH. The gui is called xHydra.
Tor The Onion Router is free software for enabling online anonymity and resisting censorship. It is designed to make it possible for users to surf the Internet anonymously, so their activities and location can't be discovered by government agencies, corporations, or anyone else.
Tripwire A free software security and data integrity tool useful for monitoring and alerting on specific file change(s) on a range of systems. It functions as a host-based intrusion detection system. Rather than attempting to detect intrusions at the network interface level, Open Source Tripwire detects changes to file system objects.
TrueCrypt A discontinued source-available freeware utility used for on-the-fly encryption (OTFE). It can create a virtual encrypted disk within a file or encrypt a partition or (under Microsoft Windows except Windows 8 with GPT) the entire storage device (pre-boot authentication).
Ubuntu A Debian-based Linux operating system, with Unity as its default desktop environment, is the most popular desktop Linux distribution to date.
VirtualBox A virtualization software package for x86 and AMD64/Intel64-based computers.
Wireshark A free and open-source packet analyzer. It is used for network troubleshooting, analysis, software and communications protocol development, and education. It is very similar to tcpdump, but has a graphical front-end, plus some integrated sorting and filtering options.
XAMPP An open source cross-platform web server solution stack package, consisting mainly of Apache, MySQL, PHP, phpMyAdmin, FileZilla, Tomcat, Strawberry Perl, Control Panel.

Partitioning Tools

  • Gparted is a free partition editor for graphically managing your disk partitions. With GParted you can resize, copy, and move partitions without data loss.
  • FixParts is a specialized partitioning tool which can repair mis-sized extended partitions and change primary partitions into logical partitions or vice-versa.


  • eSpeak: Speaks out text messages
espeak -p 99 -s 100 "This is a test audio"
  • FIGlet: ASCII text code generator
  • TOIlet: Another ASCII text code generator
  • Screen Message: Display short message in Fullscreen
sm -b black -f white This is a test message.
  • sl: Steam Locomotive running in Terminal
  • yes: This command outputs continuous stream of the input text string
yes I Love Linux > hugefile.txt
  • cmatrix: Matrix like view in terminal
  • Star-Wars in Terminal:

{{#widget:DISQUS |id=networkm |uniqid=Important Tools |url= }}