OWASP Security Testing Tools - Variety of free and open source web security testing tools via the OWASP (Open Web Application Security Project) site. SQLiX is an SQL injection vulnerability test tool that uses multiple techniques - conditional errors injection; blind injection based on integers, strings or statements, MS-SQL verbose error messages ("taggy" method); can identify database version and gather info for MS-Access, MS-SQL, MySQL, Oracle and PostgreSQL. Other security testing tools available include Pantera, Intercept, etc.
Wikto - Web server security assessment tool for windows servers, open source, from SensePost. It's three main sections are its Back-End miner, Nikto-like functionality, and Googler to obtain additional directories for use by the other two. Includes ability to export results to CSV file
Nikto Scanner - Open source web server scanner from CIRT.net which performs comprehensive tests against web servers for multiple items, including over 3300 potentially dangerous files/CGIs, versions on over 625 servers, and version specific problems on over 230 servers. Scan items and plugins are frequently updated and can be automatically updated.
Ethereal - Open source network protocol analyzer from Ethereal Inc. Data can be captured "off the wire" from a live network connection, or read from a capture file. It runs on all popular computing platforms, including Unix, Linux, and Windows. Over 700 different supported protocols and media Data display can be refined using a display filter. Display filters can also be used to selectively highlight and color packet summary information. All or part of each captured network trace can be saved to disk.
WebInspect - WebInspect automated security assessment tool for web applications and services, from SPI Dynamics. Identifies known and unknown vulnerabilities, includes checks that validate proper web server configuration. Capabilities includes discovery of all XML input parameters and parameter manipulation on each XML field looking for vulnerabilities within the service itself. Requires Windows and MSIE.
Watchfire's AppScan - Tool suite from Watchfire automates web application security testing, produces defect analyses, and offers recommendations for fixing detected security flaws. Assessment module can be used by auditors and compliance officers to conduct comprehensive audits, and to validate compliance with security requirements.
Acunetix Web Vulnerability Scanner - Web site security testing tool from Acunetix first identifies web servers from a particular IP or IP range. It then crawls entire site, gathering information about every file it finds, and displaying website structure. After this discovery stage, it performs an automatic audit for common security issues. Applications utilizing CGI, PHP, ASP, ASP.NET can all be tested for vulnerabilities such as cross site scripting, SQL injection, CRLF injection, code execution, directory traversal and more. Requires Windows and MSIE.
Codenomicon HTTP Test Tool - Tool for discovering and eradicating security-related flaws in HTTP implementations via robustness testing. Tool systematically generates very large numbers of protocol messages containing exceptional elements simulating malicious attacks, in order to induce component crashes, hanging, and denial-of-service situations which may affect component/application security. (HTTP implementations may be utilized in web servers, browsers, network appliances, proxies, protocol analyzers, PDAs and cell phones.)
C5 Compliance Platform - Security testing apliance from SecureElements Inc. for determining security and compliance status across heterogeneous systems. Identifies security vulnerabilities, finds compliance exposures, evaluates and matches exposures with fixes, provides ready to deploy remediations and enforcement actions, and summarized or detailed views of monitored assets, information security exposures, and compliance risks.
SecurityMetrics Appliance - Integrated software and hardware device includes Intrusion Detection and Prevention Systems and Vulnerability Assessment. Operates as a Layer 2 Bridge - no network configuration needed. Automatically downloads latest IDS attack signatures, vulnerability assessment scripts and program enhancements nightly.
Security Center - Security management tool from Tenable Network Security for asset discovery, vulnerability detection, event management and compliance reporting for small and large enterprises. Includes management of vulnerability, compliance, intrusion and log data. Company also provides the Nessus Vulnerability Scanner, and Passive Vulnerability Scanner.
SARA - 'Security Auditor's Research Assistant' Unix-based security analysis tool from Advanced Research Corp. Supports the FBI/SANS Top 20 Consensus; remote self scan and API facilities; plug-in facility for third party apps; SANS/ISTS certified, updated bi-monthly; CVE standards support; based on the SATAN model. Freeware. Also available is 'Tiger Analytical Research Assistant' (TARA), an upgrade to the TAMU 'tiger' program - a set of scripts that scan a Unix system for security problems.
Qualys Free Security Scans - Several free security scan services from Qualys, Inc. including SANS/FBI Top 20 Vulnerabilities Scan, network security scan, and browser checkup tool.
Qualys Guard - Online service that does remote network security assessments; provides proactive 'Managed Vulnerability Assessment', inside and outside the firewall,
Perimeter Check - SecurityMetrics 'Perimeter Check' service analyzes external network devices like servers, websites, firewalls, routers, and more for security vulnerabilities which may lead to interrupted service, data theft or system destruction. Includes instructions to help immediately remedy security problems. Can automatically schedule vulnerability assessment of designated IP addresses during low traffic times.
STAT Scanner - Tool from Harris Corp. for security analysis of Windows/UNIX/Linux and other resources. Utilizes comprehensive updatabale vulnerability databases to automatically detect vulnerabilities. Capabilities include: scan and analyze an entire network domain and/or a single machine, select or ignore specific vulnerabilities via configuration files, analysis reports of vulnerabilities with detailed information relating to the name/description/risk level of each vulnerability, eliminate vulnerabilities using recommended solutions with links to related websites and knowledge-base articles, correct vulnerabilities across the network with 'AutoFix' function, retest corrected vulnerabilities immediately, track vulnerability trends via analyses comparing current and previous assessments, customizable security reports for management and technical personnel.
Nessus Security Scanner - Free, open-source remote network security auditing tool, by Renaud Deraison, based on 'never trust the version number' and 'never trust that a given service is listening on the good port'. Nessus is made up of two parts : a server and a client; the server (nessusd) manages the 'attacks', whereas the client is a frontend designed to collect the results. Includes more than 1000 tests in 23 vulnerability categories, and Nessus Attack Scripting Language. Works with a variety of operating systems.
Secure-Me - Automated security test scanning service from Broadbandreports.com for individual machines. Port scans, denial-of-service checks, 45 common web server vulnerability checks, web server requests-per-second benchmark, and a wide variety of other tests. Limited free or full licensed versions available.
SAINT - Security Administrator's Integrated Network Tool - Security testing tool from SAINT Corporation. An updated and enhanced version of the SATAN network security testing tool. Updated regularly; CVE compatible. Includes DoS testing, reports specify severity levels of problems. Single machine or full network scans. Also available is 'WebSAINT' self-guided scanning service, and SAINTbox scanner appliance. Runs on many UNIX flavors.
NMap Network Mapper - Free open source utility for network exploration or security auditing; designed to rapidly scan large networks or single hosts. Uses raw IP packets in novel ways to determine what hosts are available on the network, what services (ports) they are offering, what operating system (and OS version) they are running, what type of packet filters/firewalls are in use, and many other characteristics. Runs on most flavors of UNIX as well as Windows.
NetIQ Security Analyzer - Multi-platform vulnerability scanning and assessment product. Systems are analyzed on demand or at scheduled intervals. Automatic update service allows updating with latest security tests. Includes a Software Developer's Kit to allow custom security test additions. For Windows/Solaris/Linux
Foundstone - Vulnerability management software tools from McAfee/Network Associates can provide comprehensive enterprise vulnerability assessments, remediation information, etc. Available as a hardware appliance, software product, or managed service.
CERIAS Security Archive - Purdue University's 'Center for Education and Research in Information Assurance and Security' site; 'hotlist' section includes extensive collection of links, organized by subject, to hundreds of security information resources and tools, intrusion detection resources, electronic law, publications, etc. Also includes an FTP site with a large collection of (mostly older) security-related utilities, scanners, intrusion detection tools, etc.
InternetScanner - Tool from Internet Security Systems, provides automated vulnerability assessment for measuring online security risks. Performs scheduled and selective probes of network services, servers, desktops, operating systems, routers, firewalls, etc. to uncover and report systems vulnerabilities that might be open to attack. Provides flexible risk management reports, prepares remediation advice, trend analyses and comprehensive data sets to support policy enforcement. Similar managed service also available.
|