GET YOUR VULNERABILITY AND THREAT DATABASE SUBSCRIPTION
EKOLABS 2016


Tools Best_2015_Security_ToolsWatch

Published on February 23rd, 2016 | by MaxiSoler

3

2015 Top Security Tools as Voted by ToolsWatch.org Readers

Dear ToolsWatchers,

We are honored to announce the 2015 Top Security Tools as Voted by ToolsWatch.org Readers, this is the third edition of our online voting by users and readers.

Thanks for your time and your votes, are very useful for the community. 🙂

Best_2015_Security_ToolsWatch

Results by Year

01 – OWASP ZAP – Zed Attack Proxy Project (+1↑)
02 – Lynis (+1↑)
03 – Haka (NEW)
04 – Faraday (NEW)
05 – BeEF – The Browser Exploitation Framework (-1↓)
06 – Burp Suite (NEW)
07 – PeStudio (-1↓)
08 – Nmap (+2↑)
09 – IDA Pro (NEW)
10 – OWASP Offensive (Web) Testing Framework (-3↓)

01 – Unhide (NEW)
02 – OWASP ZAP – Zed Attack Proxy Project (-1↓)
03 – Lynis (+3↑)
04 – BeEF – The Browser Exploitation Framework (-2↓)
05 – OWASP Xenotix XSS Exploit Framework (0→)
06 – PeStudio (-2↓)
07 – OWASP Offensive (Web) Testing Framework (NEW)
08 – Brakeman (NEW)
09 – WPScan (0→)
10 – Nmap (NEW)

 

2015 Top Security Tools as Voted by ToolsWatch.org Readers

01- OWASP ZAP – Zed Attack Proxy Project

zap-banner-square

 

The OWASP Zed Attack Proxy (ZAP) is an easy to use integrated penetration testing tool for finding vulnerabilities in web applications.

It is designed to be used by people with a wide range of security experience and as such is ideal for developers and functional testers who are new to penetration testing.

ZAP provides automated scanners as well as a set of tools that allow you to find security vulnerabilities manually.

URL: https://www.owasp.org/index.php/OWASP_Zed_Attack_Proxy_Project

 

02- Lynis

logo_cisofy

Lynis is an open source security auditing tool. Used by system administrators, security professionals, and auditors, to evaluate the security defenses of their Linux/Unix-based systems. It runs on the host itself, so it performs more extensive security scans than vulnerability scanners.

URL: https://cisofy.com/lynis/

 

03- Haka

logo_haka

 

Haka is an open source security oriented language which allows to describe protocols and apply security policies on (live) captured traffic.

The scope of Haka language is twofold. First of all, it allows to write security rules in order to filter/alter/drop unwanted packets and log and report malicious activities. Second, Haka features a grammar enabling to specify network protocols and their underlying state machine.

URL: http://www.haka-security.org

 

04- Faraday

logo_faraday

Faraday introduces a new concept (IPE) Integrated Penetration-Test Environment a multiuser Penetration test IDE. Designed for distribution, indexation and analysis of the generated data during the process of a security audit. The main purpose of Faraday is to re-use the available tools in the community to take advantage of them in a multiuser way.

URL: https://www.faradaysec.com

 

05- BeEF – The Browser Exploitation Framework

logo_beef

BeEF is short for The Browser Exploitation Framework. It is a penetration testing tool that focuses on the web browser.

Amid growing concerns about web-borne attacks against clients, including mobile clients, BeEF allows the professional penetration tester to assess the actual security posture of a target environment by using client-side attack vectors.

Unlike other security frameworks, BeEF looks past the hardened network perimeter and client system, and examines exploitability within the context of the one open door: the web browser. BeEF will hook one or more web browsers and use them as beachheads for launching directed command modules and further attacks against the system from within the browser context.

URL: http://beefproject.com/

 

06- Burp Suite

burp_logo

Burp Suite is an integrated platform for performing security testing of web applications. Its various tools work seamlessly together to support the entire testing process, from initial mapping and analysis of an application’s attack surface, through to finding and exploiting security vulnerabilities.

Burp gives you full control, letting you combine advanced manual techniques with state-of-the-art automation, to make your work faster, more effective, and more fun.

URL: https://portswigger.net/burp/

 

07- PeStudio

malware-cartoon2-02

pestudio is an application that performs Malware Initial Assessment of any executable file (*.exe, *.dll, *.sys, *.cpl, etc…).

Malicious executable often attempts to hide its malicious intents and to evade detection. In doing so, it generally presents suspicious patterns and other anomalies.

The goal of pestudio is to detect these and to provide indicators about the executable being analyzed in order to ease malware initial assessment. Since the executable file being analyzed is never started, you can inspect any unknown or malicious executable with no risk.

URL: https://www.winitor.com/

 

08- Nmap

nmap

Nmap (“Network Mapper”) is a free and open source utility for network discovery and security auditing. Many systems and network administrators also find it useful for tasks such as network inventory, managing service upgrade schedules, and monitoring host or service uptime. Nmap uses raw IP packets in novel ways to determine what hosts are available on the network, what services (application name and version) those hosts are offering, what operating systems (and OS versions) they are running, what type of packet filters/firewalls are in use, and dozens of other characteristics.

URL: https://nmap.org/

 

09- IDA

logo_ida

IDA is the Interactive DisAssembler: the world’s smartest and most feature-full disassembler, which many software security specialists are familiar with.
Written entirely in C++, IDA runs on the three major operating systems: Microsoft Windows, Mac OS X, and Linux.

URL: https://www.hex-rays.com/products/ida/

 

10- OWASP Offensive (Web) Testing Framework

logo_owasp-owtf

OWASP OWTF, Offensive (Web) Testing Framework is an OWASP+PTES-focused try to unite great tools and make pen testing more efficient, written mostly in Python. The purpose of this tool is to automate the manual, uncreative part of pen testing: For example, spending time trying to remember how to call “tool X”, parsing results of “tool X” manually to feed “tool Y”, etc.

URL: https://www.owasp.org/index.php/OWASP_OWTF

 

 


ToolsWatch Team

NJ OUCHN & MAXI SOLER




Tags:


About the Author

ToolsWatcher :) @maxisoler



3 Responses to 2015 Top Security Tools as Voted by ToolsWatch.org Readers

  1. Example says:

    Any plans of publishing PDF version of this report

  2. Pingback: OWASP ZAP Receives Global Community Vote As Leading Security Tool | Asia Fresh News

  3. Pingback: How to become a hacker in 10 minutes | Theodo, développement agile symfony

Leave a Reply

Your email address will not be published. Required fields are marked *

Back to Top ↑