Twenty free and effective infosec tools

We asked readers to name the free tools they find most useful in their daily work as infosec practitioners. Here are 20 that stand out.

Your favorite infosec freebies

Who doesn't love free software?

Recently, we conducted an informal, unscientific poll asking readers to tell us about their favorite free information security tools. And boy, did they ever respond.

Here are more than 20 of the most popular answers. Some (Nessus, Nmap, Metasploit) will be very familiar; others may surprise you.

Paterva website


Paterva develops this open source intelligence and forensics app, designed to deliver a clear threat picture for the user's environment. It will demonstrate the complexity and severity of single points of failure as well as trust relationships that exist within the scope of one's infrastructure. 

It pulls in information posted all over the Internet, whether it's the current configuration of a router on the edge of the company network or the current whereabouts of its vice president. 

OWASP Zed Attack Proxy (ZAP)

OWASP Zed Attack Proxy (ZAP)

The Zed Attack Proxy (ZAP) is a user-friendly penetration testing tool that finds vulnerabilities in web apps.

It's designed to be used by practitioners with a wide range of security experience and is ideal for developers and functional testers who are new to pen testing.

It provides automated scanners and a set of tools for those who wish to find vulnerabilities manually.

Samurai Web Testing Framework

Samurai Web Testing Framework

The Samurai Web Testing Framework functions as a web pen-testing environment. It's actually a toolbox packed with some of the other items you'll see in this slideshow.

The CD contains a host of free and open source tools to test and attack websites. 

Tools include the Fierce domain scanner and Maltego. For mapping it uses WebScarab and ratproxy. Discovery tools include w3af and burp. For exploitation, the final stage, it includes BeEF, AJAXShell and others. The CD also includes a pre-configured wiki, set up to be the central information store during the user's pen-test.



BackTrack is a Linux-based pen-testing toolbox security professionals use to perform assessments in a purely native environment dedicated to hacking.

Users have easy access to a variety of tools ranging from port scanners to password crackers. Users can boot BackTrack directly from portable media without requiring installation, though permanent installation to hard disk is an option.

BackTrack arranges tools into 12 categories:

  • Information gathering
  • Vulnerability assessment
  • Exploitation tools
  • Privilege escalation
  • Maintaining access
  • Reverse engineering
  • RFID tools
  • Stress testing
  • Forensics
  • Reporting tools
  • Services
  • Miscellaneous
Cain & Abel

Cain & Abel

Cain & Abel is a password recovery tool for Microsoft operating systems.

It allows for easy recovery of various kinds of passwords by sniffing the network, cracking encrypted passwords using Dictionary, Brute-Force and Cryptanalysis attacks, recording VoIP conversations, decoding scrambled passwords, recovering wireless network keys, revealing password boxes, uncovering cached passwords and analyzing routing protocols.

It covers some security aspects/weakness present in protocol standards, authentication methods and caching mechanisms. Its main purpose is the simplified recovery of passwords and credentials from various sources. It also ships some "non standard" utilities for Microsoft Windows users.

Fierce Domain Scan

Fierce Domain Scan

According to the ha.ckers blog, Fierce Domain Scan "was born out of personal frustration after performing a web application security audit. It is traditionally very difficult to discover large swaths of a corporate network that is non-contiguous. It's terribly easy to run a scanner against an IP range, but if the IP ranges are nowhere near one another you can miss huge chunks of networks." Fierce is designed specifically to pinpoint likely targets inside and outside a corporate network. It is essentially a reconnaissance tool, a PERL script built to scan domains within minutes, using a variety of tactics.

The Harvester

The Harvester

The Harvester is an open source intelligence tool (OSINT) used to attain email addresses and user names from public sources such like Google and LinkedIn.

A favorite among pen testers, it lets the user conduct passive reconnaissance and build target profiles that include a list of user names and email addresses.

The Social Engineering Framework website says, "Emails and user names are similar to your real name. They can be used to identify you in the virtual world or in your workplace. They can lead to identifying your friends, your family, and your social groups."

[Also read about the Social Engineering Toolkit.]



Hping is a command-line oriented TCP/IP packet assembler/analyzer. It is used for:

  • Firewall testing
  • Advanced port scanning
  • Network testing, using different protocols, TOS, fragmentation
  • Manual path MTU discovery
  • Advanced traceroute, under all the supported protocols
  • Remote OS fingerprinting
  • Remote uptime guessing
  • TCP/IP stacks auditing
It runs on Linux, FreeBSD, NetBSD, OpenBSD, Solaris, MacOs X, and Windows.
John the Ripper

John the Ripper

John the Ripper is a password cracker available for many flavors of Unix, Windows, DOS, BeOS, and OpenVMS.

It's mainly used to detect weak Unix passwords. Besides several crypt(3) password hash types most commonly found on various Unix systems, supported out of the box are Windows LM hashes, plus lots of other hashes and ciphers in the community-enhanced version.



The MobiSec Live Environment Mobile Testing open source project is good for testing mobile environments, including devices, apps and supporting infrastructure.

It allows users to test their mobile environments to identify design weaknesses and vulnerabilities.

Testers get access to a host of open-source mobile testing tools, as well as the ability to install additional tools and platforms. Using a live environment allows pen testers to boot the MobiSec Live Environment on any Intel-based system from a DVD or USB flash drive, or run the test environment within a virtual machine.

The MobiSec Live Environment is maintained as an open source project on Source Forge, located at, and can be downloaded as an ISO by clicking on the Download link above.



Nessus is one of the world’s most popular vulnerability and configuration assessment tools. Though Tenable Network Security changed Nessus 3 to a proprietary license, it is free for personal use in non-enterprise environments.

According to the Tenable website, Nessus features high-speed discovery, configuration auditing, asset profiling, sensitive data discovery, patch management integration and vulnerability analysis.



Nmap is an open source tool for network exploration and security auditing.

It's built to rapidly scan large networks, though it also works against single hosts. According to the NMap website, the scanner uses raw IP packets to determine what hosts are available on the network, which services those hosts are offering, what operating systems they are running, what types of packet filters/firewalls are in use, and dozens of other characteristics.

"While Nmap is commonly used for security audits, many systems and network administrators find it useful for routine tasks such as network inventory, managing service upgrade schedules and monitoring host or service uptime," the website says.



OpenVPN is an open source SSL VPN tool that works in a wide range of configurations, including remote access, site-to-site VPNs, Wi-Fi security, and enterprise-scale remote access solutions with load balancing, failover, and fine-grained access-controls. 

According to the OpenVPN website, it's based on SSL, the industry standard for secure communications on the Internet.

"OpenVPN implements OSI layer 2 or 3 secure network extension using the SSL/TLS protocol, supports flexible client authentication methods based on certificates, smart cards, and/or 2-factor authentication, and allows user or group-specific access control policies using firewall rules applied to the VPN virtual interface," the site says. "OpenVPN is not a web application proxy and does not operate through a web browser."



Ophcrack is a free Windows password cracker based on rainbow tables. It comes with a graphical user interface and runs on multiple platforms, according to the specifications on the website.

Features include the following:

-- Cracks LM and NTLM hashes.

-- Free tables available for Windows XP and Vista/7.

-- Brute-force module for simple passwords.

-- Audit mode and CSV export.

-- Real-time graphs to analyze the passwords.

-- LiveCD available to simplify the cracking.

-- Dumps and loads hashes from encrypted SAM recovered from a Windows partition.

Python Security

Python Security

This is more a community than a tool. Think of it as a human toolbox. Specifically, it's the home of the largest collection of information about security in the Python programming language.

OWASP says of the effort, "Our mission is to make Python the most secure programming language in the world, ensure hackers never break a Python-based application, and make security breaches a thing of the past."

The site is organized into two sections:

--Security topics and how they relate to Python as a whole

--The security of specific software such as frameworks and template engines



Wireshark is a network protocol analyzer that lets users capture and interactively browse traffic running on a computer network. 

The long list of features include:

-- Deep inspection of hundreds of protocols, with more being added all the time

-- Live capture and offline analysis

-- Standard three-pane packet browser

-- Multi-platform: Runs on Windows, Linux, OS X, Solaris, FreeBSD, NetBSD, and many others

--Captured network data can be browsed via a GUI, or via the TTY-mode TShark utility



ModSecurity is a Web app firewall developed by Trustwave's SpiderLabs Team

According to the website, it makes full HTTP transaction logging possible, allowing complete requests and responses to be logged. "Its logging facilities also allow fine-grained decisions to be made about exactly what is logged and when, ensuring that only the relevant data is recorded," the site says.



ThreadFix is a software vulnerability aggregation and vulnerability management system that helps organizations aggregate vulnerability data, generate virtual patches, and interact with software defect tracking systems.

ThreadFix aggregates vulnerability test results from disparate static and dynamic scanning tools as well as the results of manual penetration testing, code review and threat modeling to create a single comprehensive view of the security status of all applications within an organization.

The reporting, prioritization and remediation of an organization's application security vulnerabilities are centralized in a single tool, significantly easing communications between the application development and security teams. 

It was developed and is maintained by Denim Group.

Burp Suite

Burp Suite

Burp Suite is a Web app security testing platform. Its various tools support the entire testing process, from initial mapping and analysis of an application's attack surface, through to finding and exploiting security vulnerabilities.

Tools within the suite include a proxy server, web spider, intruder and a so-called repeater, with which requests can be automated.

Portswigger offers a free edition.



Stormpath provides developers with Identity and Access Management tools to bolster security in any application. There is a free developer's version, as well as these paid versions: pro, premium and enterprise.

The tools do the following:

  1. Hosts and Deploys user directories in the Cloud

  2. Authenticates users and secures their passwords with one click

  3. Manages hierarchies and RBAC with a drag-n-drop interface or API

  4. Drops in code for user workflows like password reset, account verification and locking

  5. Handles all the user security maintenance, so the user is ahead of attackers



HD Moore created the Metasploit Project in 2003 to provide the security community with a public resource for exploit development. This project resulted in the Metasploit Framework, an open source platform for writing security tools and exploits.

In 2009, Rapid7, a vulnerability management solution company, acquired the Metasploit Project. Prior to the acquisition, all development of the framework occurred in the developer's spare time, eating up most weekends and nights. Rapid7 agreed to the fund a full-time development team and keep the source code under the three-clause BSD license that is still in use today.

Slide body goes here.

Copyright © 2013 IDG Communications, Inc.