NEWS
Five free pen-testing toolsThe best things in life are ...
By Jon EspenschiedComputerworld | May 27, 2008 1:00 AM PT
Security assessment and deep testing don't require a big budget.
Some of most effectivesecurity tools are free, and are commonly
used by professional consultants, privateindustry and government
security practitioners. Here are a few to start with.
For scanning in the first steps of a security assessment or pen
test, Nmap and Nessus sharethe crown. Nmap is a simple, powerful
and very well-reviewed scanner that one finds inthe toolbox of any
serious security consultant. Nmap and its Zenmap graphical
interfaceare free and available at nmap.org for virtually any
platform from Vista and OS X toAmigaOS, and will happily run on
low-power systems.
Nessus performs scans and up-to-date vulnerability testing in
one interface, through apurchased "feed" of vulnerability modules
for the freely downloadable application. A freebut delayed
noncommercial "home feed" of updates will continue to be available
atnessus.org after Tenable Inc. changes the Nessus license this
coming July.
The Metasploit Framework provides more operating system and
application exploitinformation than most analysts would know what
to do with. Recently rewritten in Rubywith a graphical interface,
it comes with several hundred common exploit modules in thebasic
download available at metasploit.com. For testing Web applications
specifically, thewell-regarded Nikto has also undergone recent
updates and is available at cirt.net/nikto2.
Wireshark provides top-notch network protocol capture and
analysis, and its filtering andsearch functions make a good
noninvasive tool for beginners interested in TCP/IP.
Thishigh-quality successor to the long-running Ethereal tool is
available for Windows, Linuxand Mac. The "Buy" button at
wireshark.org leads to a happy reminder that it's free andopen
source.
KisMAC's simple interface belies its powerful wireless
assessment and penetration testingfeatures. This OS X application
is available at trac.kismac-ng.org, where one can also findan
active support community. Kismet, its more powerful but less
friendly progenitor, isavailable at kismetwireless.net for Linux
and Windows. There are active communities andnumerous add-ons for
each.
Copyright 1994 - 2015 Computerworld, Inc. All rights
reserved.
For more information, Fyodor, the author of Nmap, maintains a
somewhat dated but goodlist at sectools.org of the top hundred
open-source and low-cost security tools otherthan Nmap.
(Willing to spend some money for your assessment tech? We've got
you covered.)
Follow everything from Computerworld
From CIO: 8 Free Online Courses to Grow Your Tech Skills
View Comments
YOU MIGHT LIKE
