Published on December 19th, 2013 | by NJ Ouchn


2013 Top Security Tools as Voted by Readers

2013 Top Security Tools as Voted by Readers NJ Ouchn
Love it - 100%
Hate it - 40%
Dude, where's my fav tool ? - 40%



User Rating: -1.7 (186 votes)

Dear all,

I am honored to present the 2013 Top Security Tools as voted by users and readers. As you may have noticed, this vote was slightly particular. Indeed, I have intentionally omitted the usual pre-configured list to not limit the people choice and give them the opportunity to vote freely and in a good conscience. And amazingly it works.

I also had an awesome entry. It was like My brain with comment “A tool is worthless unless you have a brain behind it 🙂“. It was from Kevin Mitnick (confirmed). Anyway, this one was good and absolutely true. Tools actually just help out to achieve what your brains are scheming and plotting.


In fact, i have just realized that the survey was such a good idea as i discovered new gems. Therefore, it will be a great opportunity to cover them in separate posts.

Enough talking, here are the 2013 Top 10 Security Tools as voted by Users and Readers

Top 10 – Best Security Tool of the year 2013


OWASP ZAP – Zed Attack Proxy Project


The Zed Attack Proxy (ZAP) is an easy to use integrated penetration testing tool for finding vulnerabilities in web applications.It is designed to be used by people with a wide range of security experience and as such is ideal for developers and functional testers who are new to penetration testing.

ZAP provides automated scanners as well as a set of tools that allow you to find security vulnerabilities manually.

Link >>


“Full of features, stable and actively maintained”

“Best intercepting proxy for doing web application pentesting. It’s free and has advanced functionalit”

“My goto attack proxy application”

“Simply the best open-source application vulnerability scanner”

“Fuzzing and injection are simple and intuitive”


BeEF – The Browser Exploitation Framework Project


BeEF is short for The Browser Exploitation Framework. It is a penetration testing tool that focuses on the web browser.

Amid growing concerns about web-borne attacks against clients, including mobile clients, BeEF allows the professional penetration tester to assess the actual security posture of a target environment by using client-side attack vectors. Unlike other security frameworks, BeEF looks past the hardened network perimeter and client system, and examines exploitability within the context of the one open door: the web browser. BeEF will hook one or more web browsers and use them as beachheads for launching directed command modules and further attacks against the system from within the browser context.

Link >>


“BeEF really shines when it comes to demonstrating the possibilities of XSS to clients. It always blows them away!”

“Great tool for client-side and browser exploitation”



Burp Suite


Burp Suite is an integrated platform for performing security testing of web applications. Its various tools work seamlessly together to support the entire testing process, from initial mapping and analysis of an application’s attack surface, through to finding and exploiting security vulnerabilities.

Burp gives you full control, letting you combine advanced manual techniques with state-of-the-art automation, to make your work faster, more effective, and more fun.

Link >>




PeStudio is a free tool performing the static investigation of any Windows executable binary. A file being analyzed with PeStudio is never launched. Therefore you can evaluate unknown executable and even malware with no risk. PeStudio runs on any Windows Platform and is fully portable, no installation is required. PeStudio does not change the system or leaves anything behind.

Link >>



OWASP Xenotix


OWASP Xenotix XSS Exploit Framework is an advanced Cross Site Scripting (XSS) vulnerability detection and exploitation framework. It provides Zero False Positive scan results with its unique Triple Browser Engine (Trident, WebKit, and Gecko) embedded scanner. It is claimed to have the world’s 2nd largest XSS Payloads of about 1500+ distinctive XSS Payloads for effective XSS vulnerability detection and WAF Bypass. It is incorporated with a feature rich Information Gathering module for target Reconnaissance. The Exploit Framework includes highly offensive XSS exploitation modules for Penetration Testing and Proof of Concept creation.

Link >>



Lynis The Hardening Unix Tool

Lynis is a security tool to audit and harden Unix and Linux based systems. It scans the system by performing many security control checks, looks for installed software and determines compliance to standards. Also will it detects security issues and errors in configuration. At the end of the scan it will provide the warnings and suggestions to help you improving the security defense of your systems.

Link >>



Recon-NG The Web Reconnaissance Framework

Recon-ng is a full-featured Web Reconnaissance framework written in Python. Complete with independent modules, database interaction, built in convenience functions, interactive help, and command completion, Recon-ng provides a powerful environment in which open source web-based reconnaissance can be conducted quickly and thoroughly.

Recon-ng has a look and feel similar to the Metasploit Framework, reducing the learning curve for leveraging the framework. However, it is quite different. Recon-ng is not intended to compete with existing frameworks, as it is designed exclusively for web-based open source reconnaissance. If you want to exploit, use the Metasploit Framework. If you want to Social Engineer, us the Social Engineer Toolkit. If you want to conduct reconnaissance, use Recon-ng! See the Usage Guide for more information.

Link >>



Suricata The Network IDS/IPS


Suricata is a high performance Network IDS, IPS and Network Security Monitoring engine. Open Source and owned by a community run non-profit foundation, the Open Information Security Foundation (OISF). Suricata is developed by the OISF and its supporting vendors.

Link >>



WPScan WordPress Security Tool


WPScan is a black box WordPress Security Scanner written in Ruby which attempts to find known security weaknesses within WordPress installations. Its intended use it to be for security professionals or WordPress administrators to asses the security posture of their WordPress installations.

Link >>



O-SAFT OWASP SSL Advanced Forensic Tool


This tool lists information about remote target’s SSL certificate and tests the remote target’s SSL connection according given list of ciphers and various SSL configurations.

  • show SSL connection details
  • show certificate details
  • check for supported ciphers
  • check for ciphers provided in your own and
  • check for special HTTP(S) support (like SNI, HSTS, certificate pinning)
  • check for protections against attacks (BEAST, CRIME, RC4 Bias, …)
  • may check for a single attribute
  • may check multiple targets at once
  • can be scripted (headless or as CGI)
  • should work on any platform (just needs perl, openssl optional)
  • scoring for all checks (still to be improved in many ways 😉
  • output format can be customized
  • various trace and debug options to hunt unusual connection problems

Link >>

Other Security Tools that entered the contest and voted by few users (no particular order)


About the Author

"Passion is needed for any great work, and for the revolution, passion and audacity are required in big doses"

19 Responses to 2013 Top Security Tools as Voted by Readers

  1. Pingback: HackerOps » Top 10 de las mejores herramientas de seguridad del 2013 de ToolsWatch

  2. Samantha Groves says:

    Well done, OWASP!

  3. Pingback: Your current security setup?

  4. Bruce says:

    Owasp really do have amazing tools – I love zaproxy for its ease of use and regular updates.

  5. Oh my goodness! Awesome article dude! Thank you so much,
    However I am encountering difficulties with your RSS.
    I don’t know why I am unable to join it. Is there anybody having similar RSS problems?
    Anybody who knows the answer will you kindly respond? Thanks!!

  6. Everyone loves it when individuals come together and share opinions.

    Great blog, stick with it!

    Visit my page … Project Spark Beta Free Download

  7. Pingback: 10 ferramentas de #segurança que você deve conhecer já! | Dicas do Italo

  8. clh says:

    most interesting and very topical site keep up the good work

  9. HideMyAss says:

    Great post. I used to be checking continuously this blog and I’m inspired!
    Very useful info specifically the final part 🙂 I take care of such information much.
    I used to be looking for this particular info for a very long time.
    Thank you and best of luck.

    My web page; HideMyAss

  10. I’m not that much of a online reader to be honest but your
    blogs really nice, keep it up! I’ll go ahead and bookmark your website to come back later.

    Here is my homepage … emulateur ps3

  11. Pingback: - Krishna's weblog | My experiences at NullCon 2014

  12. wiesner says:

    That may be really attention-grabbing, You are an exceedingly expert blogger. I have become a member of your own nourish and turn upward intended for trying to get more of your current magnificent submit. Furthermore, I’ve embraced your web site around my web sites

  13. Fawn says:

    Hello exceptional blog! Does running a blog like
    this require a great deal of work? I’ve virtually no knowledge of computer programming but I
    had been hoping to start my own blog in the
    near future. Anyhow, should you have any suggestions or tips for new blog owners please share.
    I know this is off topic however I just needed to ask.

  14. Chanel says:

    Hi, for all time i used to check webpage posts here in the early hours in the morning,
    since i enjoy to find out more and more.

    Also visit my site; refrigerator troubleshoot (Chanel)

  15. Hi there! I’m at work browsing your blog from my new apple iphone!
    Just wanted to say I love reading through
    your blog and look forward to all your posts!
    Keep up the superb work!

  16. Pingback: 10 ferramentas de #segurança que você deve conhecer já! | Tecnologiasinha

  17. shampo noni says:

    Thanks a bunch for sharing this with all of us you really understand what you are speaking approximately!
    Bookmarked. Kindly also seek advice from my site =).
    We will have a link change contract between us

  18. A motivating discussion is definitely worth comment. I do think that you need to publish more
    on this issue, it may nnot be a taboo subject but typically folks don’t discuss these topics.
    To tthe next! Best wishes!!

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.

Back to Top ↑