Five free pen-testing tools
The best things in life are ...
Computerworld - Security assessment and deep testing don't require a big budget. Some of most effective security tools are free, and are commonly used by professional consultants, private industry and government security practitioners. Here are a few to start with.
For scanning in the first steps of a security assessment or pen test, Nmap and Nessus share the crown. Nmap is a simple, powerful and very well-reviewed scanner that one finds in the toolbox of any serious security consultant. Nmap and its Zenmap graphical interface are free and available at nmap.org for virtually any platform from Vista and OS X to AmigaOS, and will happily run on low-power systems.
Nessus performs scans and up-to-date vulnerability testing in one interface, through a purchased "feed" of vulnerability modules for the freely downloadable application. A free but delayed noncommercial "home feed" of updates will continue to be available at nessus.org after Tenable Inc. changes the Nessus license this coming July.
The Metasploit Framework provides more operating system and application exploit information than most analysts would know what to do with. Recently rewritten in Ruby with a graphical interface, it comes with several hundred common exploit modules in the basic download available at metasploit.com. For testing Web applications specifically, the well-regarded Nikto has also undergone recent updates and is available at cirt.net/nikto2.
Wireshark provides top-notch network protocol capture and analysis, and its filtering and search functions make a good noninvasive tool for beginners interested in TCP/IP. This high-quality successor to the long-running Ethereal tool is available for Windows, Linux and Mac. The "Buy" button at wireshark.org leads to a happy reminder that it's free and open source.
KisMAC's simple interface belies its powerful wireless assessment and penetration testing features. This OS X application is available at trac.kismac-ng.org, where one can also find an active support community. Kismet, its more powerful but less friendly progenitor, is available at kismetwireless.net for Linux and Windows. There are active communities and numerous add-ons for each.
For more information, Fyodor, the author of Nmap, maintains a somewhat dated but good list at sectools.org of the top hundred open-source and low-cost security tools other than Nmap.
(Willing to spend some money for your assessment tech? We've got you covered.)
Pen testing for fun and profit
Read more about Endpoint Security in Computerworld's Endpoint Security Topic Center.
- Audit Ready and Asset Optimized: The Solid Promise of an Intelligent Software Asset Management Solution In this paper Frost & Sullivan examines the benefits of enterprise-grade Software Asset Management solutions, and how these solutions serve as the convergence...
- Pragmatic Endpoint Management: Empowering an SMB Workforce in the Age of Mobility Lacking the time for proper training and education, SMB administrators often resort to taking shortcuts to keep their environment running.This paper discusses the...
- Path Selection Infographic Path Selection Infographic
- Hyperconvergence Infographic A wide range of observers agree that data centers are now entering an era of "hyperconvergence" that will raise network traffic levels faster...
- Cloud Knowledge Vault Learn how your organization can benefit from the scalability, flexibility, and performance that the cloud offers through the short videos and other resources...
- LIVE EVENT: 5/7, The End of Data Protection As We Know It. Introducing a Next Generation Data Protection Architecture. Traditional backup is going away, but where does this leave end-users? All Endpoint Security White Papers | Webcasts