Any application connected to the internet is at risk for attacks from malicious outsiders. It’s important to check your application for vulnerabilities because they may lead to hacking or data leakage. Today’s security software comes in many forms, both free and paid. Understanding how these tools work alongside their strengths and weaknesses will help you find the best ones for your network.
In this article, we’ll cover ten of the best tools on the market today. When used in concert, these tools will identify and help resolve vulnerabilities before attackers even know they exist.
First off, we have Nikto. Nikto is an open-source website scanner that you can use to check your service for known vulnerabilities and configuration problems. Nikto’s suite of some 6,000-plus tests mean that a single scan helps you identify your most vulnerable applications quickly and easily.
Nikto is a product of Kali Linux, but it’ll run on any system that supports Perl.
Nikto is effective, but it’s not at all stealthy. If you’re using intrusion detection systems, Nikto leads to a lot of false positives. False positives make it much harder to determine when real intrusions have occurred and pollute your log files. This is a problem with Nikto, but it is reliable for testing intranet or in-house applications.
Here are a few major features, as highlighted on Nikto’s website:
- Provides full HTTP and HTTPS proxy support.
- Scans multiple ports on a server or multiple servers via input file.
- Checks for outdated or vulnerable server components.
- Offers subdomain guessing.
- Identifies installed software through headers, favicons, and files.
- Provides scan tuning that includes or excludes entire classes of vulnerability checks.
The fact that Nikto performs a large number of tests makes it a good choice for administrators and security engineers. Expect to find forgotten scripts, configuration problems, and risky files that expose you to attack.
Nmap (which is short for “Network Mapper”) is the gold standard for network scanners. Developers value Nmap for its usability and versatility. It finds open ports on internet-facing systems, and it provides an accurate port status for servers, firewalls, and network perimeters. If an unauthorized device connects to your network, this tool will identify it. You’ll also be able to spot users running unauthorized services, and you’ll find devices with open ports that shouldn’t be left open.
Nmap has evolved to include other functionality, such as
- Detecting operating systems running on network devices.
- Security auditing.
- Network mapping.
- Performing service discovery through the identification of hosts and the specific applications/versions they’re running.
Nmap is a popular tool for hackers, and this is a major reason why security professionals know how to use it. With Nmap, you’ll not only find open ports on your network; you’ll also get to see the kind of information that potential attackers have access to.
The Burp Suite is a Java-based framework for performing web application security testing. The various tools that make up the Burp Suite work together seamlessly in support of a holistic testing process.
Although the Burp Suite primarily made this list because of their scanner, it also performs other functions. Burp includes a number of security tools, like CI integration and their world-class intercepting proxy. An intercepting proxy helps identify how your applications respond to unexpected data, delayed or interrupted network connections, and more. A service which is hardened against adverse conditions will have better up time and be more secure against internet-based attacks. The Burp intercepting proxy can also be used to monitor HTTP traffic between servers and clients transparently, so the people being monitored won’t know you’re watching. This is useful when monitoring for malicious internal network traffic.
4. Zed Attack Proxy (ZAP)
ZAP is an open-source tool developed by OWASP, an organization devoted to web security. This security tool helps you detect top security threats highlighted by OWASP. Some of those vulnerabilities include SQL injection, broken access control, cross-site scripting (XSS), under-protected APIs, and cross-site request forgery. ZAP tests for them all.
How, specifically, does ZAP help you? One way is by setting up a proxy between servers and clients to identify vulnerabilities in your web server’s traffic. ZAP also comes with a built-in browser setup that will automatically crawl the target server and identify vulnerabilities. ZAP’s functionality relates directly to the OWASP Top 10, so the vulnerabilities that ZAP identifies are always critical. ZAP makes it easy to identify and target the most vulnerable parts of your service, allowing you to target the most efficient fixes.
Some ZAP key features include the following:
- Authentication and session support.
- Intercepting proxy.
- REST-based API.
- Web sockets support.
- Dynamic SSL certificates.
5. Binary Ninja
Binary Ninja is a reverse engineering platform that speeds up malware analysis. It disassembles binary code and displays the actions that code is taking in an easy-to-read interface.
One of Binary Ninja’s most powerful tools is the ability to represent disassembled binary code in a low-level intermediate language. This intermediate language (called BNIL) is a type of architecture-agnostic assembler code, and it allows you to easily trace and debug output code. Binary Ninja is a key tool for identifying what the malware that makes it onto your system is attempting to do and fixing any damage that malware caused.
Features include the following:
- Accessible Binary Ninja Intermediate Languages (BNIL).
- A command line programming interface
Another thing that sets Binary Ninja apart is its feature-rich API. This API allows engineers to write scripts that plug into the Binary Ninja disassembler. Those scripts take action based on what Binary Ninja detects its target binary is doing. With those kinds of scripts, you can automate common tasks such as malware string extraction and decryption. This automation will save you time when creating signatures for new pieces of malware or when you need to identify what action some installed malware has taken.
Next up is Mitmproxy, which is a free, open-source, man-in-the-middle HTTP and HTTPS proxy. Mitmproxy is a flexible tool that comes with an interactive console to ease monitoring and replaying of the HTTP/HTTPS traffic it intercepts. Much like Burp, Mitmproxy acts as an intercepting proxy, and it also generates certificates. This means it’s able to fool a service’s clients into believing that they’re communicating directly with the server.
By registering Mitmproxy as a trusted CA on your network, you can decrypt and monitor encrypted traffic that passes over your network. That way, you can identify and isolate any unauthorized traffic on your network.
Some of Mitmproxy’s core features include:
- Set headers—inject HTTP headers into requests between a client and server.
- Anticache—override client caching settings to make sure you capture the entire HTTP request.
- Sticky cookies—inject the most-recently sent cookie from a server into the next web request.
- Upstream certificates—sniff the server’s certificate information so that, to the client, it appears they’re connected directly to the server.
- Client-side replay—replay HTTP requests in their entirety to view all the information exchanged.
Mitmproxy is SSL and TLS-capable, so it won’t be thwarted by HTTPS traffic. It also has a graphical interface that allows you to monitor, modify, and replay web traffic.
Dirs3arch is a tool that uses the command line to identify public directories and URLs on a server. Many servers contain directories or URLs that aren’t linked to by any code but are still publicly accessible. These directories might be leaking information or exposing sensitive data. Dirs3arch uses a brute-force approach to try to discover those URLs on the targeted server, and it then lists them for you. With those URLs in hand, you can investigate and eliminate endpoints that shouldn’t be public.
Some features include the following:
- Recursive brute force searches.
- Support for multiple extensions, such as PHP and ASP.
- Support for HTTP/HTTPS proxy.
- Reports in plain text, JSON, etc.
8. Fierce DNS Scanner
Fierce DNS Scanner is a lightweight IP and domain scanner. Like Nikto, it’s offered by the folks at Kali Linux and will run on any major OS.
Fierce is used as a precursor to a tool like Nikto, so they work great together. Fierce will look at a top-level domain or a list of subdomains and identify the IP address space those domains occupy. Tools like Nikto require that you know which IP address space you’re targeting, and Fierce helps you find that information. Plus, it also allows you to collect information to help avoid security vulnerabilities resulting from improper configuration of the DNS servers or network configuration problems.
Fierce can perform a scan on a valid IP address as well. It’ll look at blocks surrounding that IP and perform reverse lookups. This helps identify public subdomains that other scans might miss.
Wireshark is a free and open-source network protocol analyzer that gives a detailed view of what’s happening on your network.
If it’s your first time using Wireshark, you might find yourself overwhelmed. Thankfully, this security tool comes with a graphical front end with integrated sorting and filtering options. It captures packets in real time and displays them in human-readable format.
Wireshark troubleshoots various network issues like malicious network activity, network connectivity difficulties, and DDOS attacks. If you have a strong knowledge of how network traffic works, there’s nothing Wireshark can’t find for you. It’s just that learning how to use it can take some time.
Some features of Wireshark include the following:
- Performs live capture and online analysis.
- Captures files compressed with GZIP and can decompress them.
- Provides decryption support for many protocols used on a network.
- Supports multiple platforms, such as Windows, FreeBSD, Linux, Solaris, and many others.
Wireshark is an essential tool for any system administrator or security professional. It will help troubleshoot your network problems. And the inclusion of powerful traffic filters means you can focus just on the traffic you need to see.
SQLmap is a free and open-source web application security tool to automate detection of SQL injection vulnerabilities in a website database. It provides a wide swath of database-related tools. From enumerating users and tables to uploading arbitrary files, there’s not much SQLmap can’t do to a database server.
Some features include
- Supports various database services such as Microsoft SQL Server, MySQL, PostgreSQL, and Oracle.
- Supports six SQL injection procedures.
- Offers the ability to crack password hash formats.
- Supports searching for specific database names, specific tables, entries, or columns.
SQLmap is a powerful SQL injection identification and automation tool. And that matters—SQL injection is one of the most common avenues of attack on the internet. Attackers want access to your database because it’s where you store your valuable information. If you use SQLmap to identify avenues for attacking your database, you’ll eliminate the most damaging attacks on your service.
Effectively testing web services is a complicated task, and doing it right takes a great deal of time. These tools will help you reduce the time you spend on testing. Many of them are designed to work in concert with one another, so please don’t feel like this list is the final word on which is the absolute best. They’re all very effective tools! The best way to stay ahead of malicious actors is to understand how they might attack your system, and these tools are some of the best to help you do that. If you can identify and remediate issues before outside agents, you can keep your services safe on a hostile internet.
Is one of your favorite tools missing? Leave us a comment below and tell us why it should be included!
Author: Eric Boersma