Information security is a big topic with a lot of disciplines, and hardly anyone is an expert in all of them. The good news is that there are some truly remarkable free tools out there that not only can help you and your team get things done, but also provide a great way to learn new security skills quickly. The list below provides an introduction to what I consider to be some of the most essential tools in particular areas of security. Keep in mind that this is a list of my personal favorite tools, and is not in the least bit intended to be authoritative. So if you don’t see your favorite tool, please add them in the comments at the bottom.
Network Tools: Wireshark
Wireshark is the industry standard for performing packet analysis of network traffic, and it is indispensable for everything from troubleshooting network performance problems to in-depth analysis of malware and attack traffic. A great many security products will save packet captures of network events and Wireshark makes it easy to look into these pcaps and see exactly what is going on. Just as importantly, Wireshark provides a wealth of tutorials and training on their site to get you up and running quickly. Additionally, packet captures are readily available for virtually any type of network-based threat, so you can learn from real-world examples. Netresec provides a very useful aggregated list of sample PCAPs for security professionals. Furthermore, as you dig into the details of protocols and specific threats, Wireshark will allow you to write custom signatures that you can implement in an IDS/IPS.
System Tools: Sysinternals
Sysinternals is a suite of utilities for the Windows family of operating systems, and is a must-have for anyone that needs to find out what is going on behind the scenes of a Windows machine. For example, have you ever looked at the long list of svchosts in your Windows Task Manager and wondered what they were really doing? Just fire up Process Explorer from Sysinternals, and you can not only see the application that is using the service host, but also track individual threads, related registry keys, as well as files and DLLs related to the process. For a security professional these tools are incredibly helpful for analyzing malware or investigating machines that may be infected with malware. Given that malware regularly injects into other running application to avoid being seen, it can be very helpful to see exactly what is going on behind the scenes of a particular process. This is just the tip of the iceberg, and Mark Russinovich, one of the masterminds behind Sysinternal, maintains a stellar library of exercises, case studies, and walkthroughs of real-world problem solving using the suite.
Kali Linux is a veritable supergroup of free security tools, and the beauty is that it comes prepackaged as an integrated virtual image. Kali is the successor to BackTrack Linux, and it is organized to facilitate each phase of a network penetration spanning reconnaissance, exploitation, persistence, and in-depth forensic analysis. The package consolidates many industry-standard tools including Wireshark, NMAP, and a variety of password cracking tools such as Hydra. Additionally, Kali includes Metasploit, which is a rockstar of security tools in its own right. Metasploit allows you to design and test exploits against vulnerable machines very easily. Metasploit is developed by Rapid7 which provides several other free and freemium tools including a vulnerable server to use for testing your exploits.
Web Application Testing Tools: OWASP – ZAP
Websites and web-applications have become mission critical for most every organization, and their constant exposure to the Internet makes them some of the most popular targets for attackers. The Open Web Application Security Project (OWASP) is an open-source, vendor-neutral organization dedicated to web application security, and they provide a range of very powerful tools. The Zed Attack Proxy or ZAP is one of the best of these tools, and it provides a very complete solution for testing and finding vulnerabilities in web applications. As the name implies, ZAP acts as a proxy sitting between the browser and the web server. This allows ZAP to see every interaction with the web server, and even provides some debugger-esque features by allowing the tester to set breakpoints and modify content in flight. It is a very complete tool offering passive and active vulnerability scanning, spiders to find hidden pages, and fuzzing capabilities to tease out some of the more unexpected vulnerabilities. Since everything from OWASP is free, you also get access to all features without having to worry that you will get upsold when you need a particular feature.
Browser-based Pen Testing: BeEF
Web-browsers have become some of the most popular initial targets for attackers looking to compromise an end-user’s machine. Once compromised, these machines make very powerful beachheads for deeper infiltration of a network. The Browser Exploitation Framework (BeEF) focuses on just this sort of attack with a pen testing suite focused on client side attacks. BeEF works by hooking vulnerable web browsers and then using those browsers to reconnoiter the environment, find additional vulnerabilities, and maintain access for ongoing hacking. This includes the ability to fingerprint the network that the client machine is on, log the users keystrokes, and even enumerate social media services on the host. The framework also enables browser redirection, clickjacking, as well testing of XSS attacks. Client side vectors are very popular in the wild, but are often poorly understood even in security circles, and BeEF provides a great way to learn about them and see them in action.
While free tools aren’t the answer for every problem, they probably should be a part of your security toolkit. Even better, they can provide an easy way to learn about new security technologies and provide your team with hands-on experience. Of course, these are just a few of the many incredible tools that are available online, so please comment with your own favorites, and have fun!