Free Tools

---

Web server vulnerability, version and configuration tester. 

https://cirt.net/nikto2

A vulnerability scanner capable of authenticated  and unauthenticated testing.

 https://www.openvas.org/ 

 Open source intelligence (OSINT) tool designed to crawl the web.

https://github.com/s0md3v/Photon  

Vulnerability and configuration assessment tool featuring auditing, profiling, sensitive data discovery, patch management and analysis.

https://www.tenable.com/products/nessus

Search engine for identifying Internet-connected Internet of Things (IoT) platforms, servers and various smart devices.

https://www.shodan.io/

Free domain research web service for Domain Name Server (DNS) information such as hosts, subdomains and associated vulnerabilities.

https://dnsdumpster.com/

Dark web search engine with API for automaton of searches. Can be used from open web.

https://darksearch.io/

Digital archive of the web that allows for historic searches of web pages.

https://archive.org/web/

Digital archive of the web that allows for historic searches of web pages. No censoring of content.

https://intelx.io/

One of the most popular open source network traffic/packet analyzers.

https://www.wireshark.org/

An older, simple, minimal, command-line packet analyzer. 

http://www.tcpdump.org/

A wireless device detector and packet analyzer and intrusion detection system.

https://www.kismetwireless.net/

EtherApe is an open-source graphical network monitoring and traffic analysis tool.

https://etherape.sourceforge.io/

Suite of tools for monitoring packets, testing hardware, cracking passwords and launching attacks on Wi-Fi networks.

https://www.aircrack-ng.org/

TCP/IP packet crafter, tracer and response analysis tool.

http://www.hping.org/

 Windows-based tool capable of cracking encrypted passwords, sniffing network traffic, recording VoIP conversations, and analyzing routing protocols.

http://www.oxid.it/cain.html

Password cracker available for many flavors of Unix, macOS, Windows, DOS, BeOS, and OpenVMS.

https://www.openwall.com/john/

Highly-parallelized simultaneous cracking of multiple passwords.

https://hashcat.net/hashcat/

Command-line parallel brute-forcer password cracker.

http://foofus.net/goons/jmk/medusa/medusa.html

Brute force password cracker. Available for Windows, Linux, Free BSD, Solaris and OS X.

https://github.com/vanhauser-thc/thc-hydra

Remote password cracker that supports many different authentication types.

https://www.darknet.org.uk/2006/09/brutus-password-cracker-download-brutus-aet2zip-aet2/

Open source network mapping, system discovery and OS detection tool.

https://nmap.org/

Open source passive network sniffer and forensic analysis tool capable of enumerating operating systems, sessions, hostnames, open ports.

https://www.netresec.com/index.ashx?page=NetworkMiner

Internet-scale port scanner. Known for speed. Includes web interface.

https://github.com/robertdavidgraham/masscan

Free and open source network graphing solution. Can monitor network traffic by polling a network switch or router interface via SNMP.

https://www.cacti.net/

Free and open source software system and network monitoring platform.

https://www.nagios.org/downloads/

Free and open-source network scanning utility with the ability to scan individual IP addresses.

https://angryip.org/download/

Network intrusion detection/prevention, traffic analysis and packet logging.

https://www.snort.org/

Network intrusion detection system that provides traffic logging and analysis.

 https://zeek.org/ 

Free and open source network threat detection engine. Can use Sort rulesets.

https://suricata-ids.org/

Open-source host-based intrusion detection system owned by Trend Micro

https://www.ossec.net/

Security monitoring platform; only runs on tcl/tk-based operating systems. 

https://bammv.github.io/sguil/index.html

Host-based IDS, file integrity checking, log file monitoring/analysis, rootkit detection, etc...

https://www.ossec.net/

Kali Linux is a Debian-based Linux distribution which includes various penetration testing and forensics capabilities. 

https://www.kali.org/downloads/

  Vulnerability scanning, penetration testing, and web app security platform for applictions.

https://portswigger.net/burp/communitydownload

A multi-purpose hacking framework with a large suite of tools.

https://www.metasploit.com/download

A web application penetration-testing tool  with both automated and manual capabilities.

https://owasp.org/www-project-zap/

An attack and audit framework that identifies and exploits web application vulnerabilities. 

http://w3af.org/

An attack tool that automates detection and exploitation SQL injection vulnerabilities.

https://sqlmap.org/

Utility for generating outbound and inbound network traffic - a TCP or UDP connection.

https://nc110.sourceforge.io/

Linux and Unix utility for packet manipulation/generation as well as network scanning/discovery and packet sniffing. 

https://scapy.net/

Linux packet generator tool for ethernet.

http://packeth.sourceforge.net/packeth/Home.html

Crafts network packets to test cyber defenses.

https://www.colasoft.com/download/products/download_packet_builder.php

WYSIWYG network packets editor that supports many protocols.

https://omnipacket.com/wireedit

A packet crafting tool which can intercept, modify, and rewrite egress network traffic.

https://www.monkey.org/~dugsong/fragroute/

OpenSSH is a suite of secure networking utilities including traffic encryption, secure tunneling and authentication and key management. 

http://www.openssh.com/on

A browser and associated network designed for highly anonymized communication and access to the Dark Web.

https://www.torproject.org/download/

Free end-to-end encrypted e-mail tat leverages both RSA and AES-256 for security.

https://protonmail.com/

A centralized, end-to-end encrypted messaging and video service.

https://signal.org/en/

A cloud-based instant messaging and end-to-end encrypted VoIP application.

https://telegram.org/

Free open source disk encryption software for Windows, Mac OSX and Linux.

https://www.veracrypt.fr/en/Home.html

A malware research and detection tool that utilizes a rules to create descriptions of malware families based on textual or binary patterns.

https://virustotal.github.io/yara/

Memory forensics and file analysis for malware identification.

https://www.fireeye.com/services/freeware/redline.html

Malware analysis sandbox with online virtual machine (VM) access.

https://app.any.run/

A malware analysis service that detects and analyzes threats using CrowdStrike’s Falcon Sandbox technology.

https://www.hybrid-analysis.com/

 A malware analysis service that detects and analyzes threats against known signatures from many antivirus signatures.

https://www.virustotal.com/gui/

A GUI-based open source hard drive and smart phone digital forensic tool.

http://www.sleuthkit.org/autopsy/