Top 75 Security Tools

Note: These are archived 2003 survey results. For the latest survey, visit http://SecTools.Org.

In May of 2003, I conducted a survey of Nmap users from the nmap-hackers mailing list to determine their favorite security tools. Each respondent could list up to 8. This was a followup to the highly successful June 2000 Top 50 list. An astounding 1854 people responded in '03, and their recommendations were so impressive that I have expanded the list to 75 tools! Anyone in the security field would be well advised to go over the list and investigate tools they are unfamiliar with. I discovered several powerful new tools this way. I also plan to point newbies to this page whenever they write me saying "I do not know where to start".

Respondents were allowed to list open source or commercial tools on any platform. Commercial tools are noted as such in the list below. Many of the descriptions were taken from the application home page or the Debian or Freshmeat package descriptions. I removed marketing fluff like "revolutionary" and "next generation". No votes for the Nmap Security Scanner were counted because the survey was taken on an Nmap mailing list. This audience also means that the list is slightly biased toward "attack" tools rather than defensive ones.

These icons are used:
👁 Image
Did not appear on the 2000 list

Translations:
Spanish Translation by ThiOsk (os_k&at&softhome.net) and Kerozene (kerozene&at&hackemate.com.ar)
Portuguese Translation by André Zúquete (avz&at&det.ua.pt)

Here is the list (starting with the most popular):

• OpenBSD: The proactively secure operating system.
  
• TCP Wrappers: A classic IP-based access control and logging mechanism
  
• pwdump3: Allows for retreiving Windows password hashes locally or across the network whether or not syskey is enabled.
  
• LibNet: A high-level API (toolkit) allowing the application programmer to construct and inject network packets
  
• IpTraf: IP Network Monitoring Software
  
• Fping: A parallel ping scanning program
  
• Bastille: Security hardening script for Linux, Mac OS X, and HP-UX
  
• Winfingerprint: A Win32 Host/Network Enumeration Scanner
  
• TCPTraceroute: A traceroute implementation using TCP packets
  
• Shadow Security Scanner: A commercial vulnerability assessment tool
  
• pf: The innovative packet filter in OpenBSD
  
• LIDS: A Linux kernel intrusion detection/defense system
  
• hfnetchk: Microsoft tool for checking the patch status of all the Windows machines on a network from a central location
  
• etherape: A graphical network monitor for Unix modeled after etherman
  
• dig: A handy DNS query tool that comes free with Bind
  
• Crack / Cracklib: Alec Muffett's classic local password cracker
  
• cheops / cheops-ng: Gives a simple interface to many network utilities, maps local or remote networks and identifies OS of machines
  
• zone alarm: Windows Personal firewall software. They offer a limited free version, but much of the functionality is disabled. Some users prefer Kerio Personal Firewall, which also sports free and commercial versions.
  
• Visual Route: Obtains traceroute/whois data and plots it on a World map
  
• The Coroner's Toolkit (TCT): A collection of tools that are either oriented towards gathering or analyzing forensic data on a Unix system
  
• tcpreplay: a tool to replay saved tcpdump or snoop files at arbitrary speeds
  
• snoop: A well-known gangsta rapper (Snoop Dogg)! It is also a network sniffer that comes with Solaris.
  
• putty: An excellent Windows SSH client
  
• pstools: A suite of free command-line tools for managing Windows systems (process listings, command execution, etc)
  
• arpwatch: Keeps track of ethernet/ip address pairings and can detect certain monkey business