Short of resources, but still want to have a strong IT-security ecosystem? There are multiple tools in the market specially for small to medium enterprises who can use these open source tools. Although, they can't match the capabilities as provided by the premium tools provided by big vendors which comes with hefty price tags. But still they provide quite a decent features without burning your pocket. We bring you the list of Top 10 Open Source or Free IT-Security Tools:-
1. Security Onion (Category: Package with multiple capabilities) is a Linux distro for intrusion detection, network security monitoring, and log management. It's based on Ubuntu and contains Snort, Suricata, Bro, OSSEC, Sguil, Squert, ELSA, Xplico, Network Miner, and many other security tools. It is a great asset in the defender’s toolkit. It is a Linux distro for intrusion detection, network security monitoring, and log management.
2. OSSEC (Category: IDS/IPS) is fully open source and free for your use. You can tailor OSSEC for your security needs through its extensive configuration options, adding your custom alert rules and writing scripts that take actions in response to security alerts. You are free to modify the source code to add new capabilities. OSSEC watches it all, actively monitoring all aspects of Unix system activity with file integrity monitoring, log monitoring, root check, and process monitoring.
( Read More: Top IT Security Conferences In The World )
3. Cuckoo Sandbox (Category: Endpoint Detection and Response) is an advanced, extremely modular, and 100% open malware analysis system with infinite application opportunities. By default, it is able to:
- Analyze many different malicious files (executables, document exploits, Java applets) as well as malicious websites, in Windows, OS X, Linux, and Android virtualized environments.
- Trace API calls and general behavior of the file.
- Dump and analyze network traffic, even when encrypted.
- Perform advanced memory analysis of the infected virtualized system with integrated support for Volatility.
4. Nikto (Category: Application Security) is an extremely popular web application vulnerability scanner. Web application vulnerability scanners are designed to examine a web server to find security issues. Identifying security problems proactively, and fixing them, is an important step towards ensuring the security of your web servers. It checks for a number of dangerous conditions and vulnerable software. Running it on a regular basis will ensure that you identify common problems in your web server or web applications.
- SSL Support (Unix with OpenSSL or maybe Windows with Active State's Perl/NetSSL)
- Full HTTP proxy support
- Checks for outdated server components
- Save reports in plain text, XML, HTML, NBE or CSV
- Template engine to easily customize reports
- Scan multiple ports on a server, or multiple servers via input file (including nmap output)
5. Metasploit (Category: Vulnerability Assessment) A collaboration of the open source community and Rapid7. Their penetration testing software, Metasploit, helps verify vulnerabilities and manage security assessments.
- Utilize world's largest exploit database: Leading the Metasploit project gives Rapid7 unique insights into the latest attacker methods and mindset. Rapid7 works with the community to add an average of 1 new exploit per day, currently counting more than 1,300 exploits and more than 2,000 modules.
- Simulate real-world attacks against your defenses: Metasploit evades leading anti-virus solutions 90% of the time and enables you to completely take over a machine you have compromised from over 200 modules.
- Uncover weak and reused credentials: Test your network for weak and reused passwords. Going beyond just cracking operating system accounts, Metasploit Pro can run brute–force attacks against over 20 account types, including databases, web servers, and remote administration solutions
6. Bro (Category: IDS/IPS) is a powerful network analysis framework that is much different from the typical IDS you may know. While focusing on network security monitoring, Bro provides a comprehensive platform for more general network traffic analysis as well. Well-grounded in more than 15 years of research, Bro has successfully bridged the traditional gap between academia and operations since its inception. Today, it is relied upon operationally in particular by many scientific environments for securing their cyber infrastructure. Bro's user community includes major universities, research labs, super-computing centers, and open-science communities.
7. Wireshark (Category: Package with multiple capabilities) It is the one of the foremost network protocol analyzer. It lets you see what's happening on your network at a microscopic level. It is the de facto (and often de jure) standard across many industries and educational institutions.
- Deep inspection of hundreds of protocols, with more being added all the time
- Live capture and offline analysis
- Standard three-pane packet browser
- Multi-platform: Runs on Windows, Linux, OS X, Solaris, FreeBSD, NetBSD, and many others
- Captured network data can be browsed via a GUI, or via the TTY-mode TShark utility
8. OpenVAS (Category: Vulnerability Assessment) It is the advanced Open Source vulnerability scanner and manager. It is a framework of several services and tools offering a comprehensive and powerful vulnerability scanning and vulnerability management solution. The powerful and comprehensive solution is available as Free Software and maintained on a permanent basis.
9. Kali Linux (Category: Package with multiple capabilities) is an open source debian distribution that has pre-installed pen testing tools.
- Full Customization of Kali ISOs: Full customization of Kali ISOs with live-build allowing you to create your own Kali Linux images – Kali Linux is heavily integrated with live-build, allowing endless flexibility in customizing and tailoring every aspect of your Kali Linux ISO images.
- Kali Linux ISO of Doom and Other Kali Recipes: The Kali Linux ISO of doom – a great example of the flexibility of live-build, and the types and complexity of customization possible.
- Kali Linux Live USB with Multiple Persistence Stores: Kali Linux Live USB with multiple persistence stores – What’s more, Kali Linux supports multiple persistence USB stores on a single USB drive.
10. OSSIM, Alien Vault's (Category: Security Information and Event Management) Open Source Security Information and Event Management (SIEM) product, provides you with a feature-rich open source SIEM complete with event collection, normalization and correlation. Launched by security engineers because of the lack of available open source products, OSSIM was created specifically to address the reality many security professionals face: A SIEM, whether it is open source or commercial, is virtually useless without the basic security controls necessary for security visibility.
What are the IT Security Tools you use the most & find very helpful ? Share with us in comments below.