Network security is an ongoing task: you need to continuously scan for threats, assess vulnerabilities in your network, and take corrective measures. This is a proactive approach where you simulate attacks and remediate vulnerabilities prevent network breaches, but attacks may still occur and you need to be prepared for that. As an organization, it is difficult to keep up with the latest threat landscape, as you need to focus your resources and time on the business.
The most suitable solution is to have security services provided by experts who have a wide range of experience in the field and can work with your organization to provide you with an unbiased view of the current state of network security. However, this isn't always possible due to time and budget constraints. In between assessments, there are various tools available for testing the security of your network.
Here are the nine most popular tools: their applicability varies depending on your organization’s infrastructure and available applications.
1. Vulnerability Scanner
Vulnerability scanners are used for identification and detection of vulnerabilities in the network due to misconfigurations, or incorrect settings on various network devices or firewalls. Four popular tools are listed below:
Tenable is a network security company which provides continuous monitoring, and identifies risk to assist with compliance and best security practices. The Tenable.io platform provides you with actionable insights for your infrastructure risks, enabling you to accurately identify, investigate and prioritize actions to remediate vulnerabilities.
Burp is a specialized scanner which provides you with a list of vulnerabilities discovered on a web application, including cross-site scripting (XSS) and SQL injections. The tool supports various web application technologies, including REST, JSON, AJAX and SOAP.
Cloud-based AppScan helps you decrease the likelihood of attacks on mobile and web applications. Managed by IBM, the tool can help your organization identify and remediate vulnerabilities early in the development lifecycle, prioritize assets based on risk, and test applications both before deployment and in production environments.
Rapid7 provides vulnerability insights by scanning data from your environments, and offers solutions such as auto-containment and integrated threat feeds to reduce organizational risk and manage your business.
Read more about what vulnerability scanning is and how it works.
2. Port Scanner
Port scanning is used by systems and network administrators to scan for open ports and verify the security policies of the network. The most widely used tool for scanning networks is NMAP (network mapper). This utility is available for free and can scan your network ports determine available network hosts, which applications (including versions) are running on those hosts, their operating systems and versions, packet filters/firewalls in use, and many other attributes.
3. OSINT Tools
Open-Source Intelligence is “intelligence produced from publicly available information that is collected, exploited, and disseminated in a timely manner to an appropriate audience for the purpose of addressing a specific intelligence requirement. OSINT draws from a wide variety of information and sources” including mass media, public data, audience-specific literature, and observations and reporting from public sources such as satellites, planes, and radios. There are various OSINT tools available; some examples are listed below.
Google search is the most popular and commonly used tool to provide you with insights about various events.
As a domain registration and hosting service, WHOIS can provide domain name details, such as the IP address, name servers, the company where the domain is hosted, and even the registrant contact information. It also offers infrastructure services and SiteLock, a subscription service that monitors your website daily for security gaps, identifies threats before they are exploited, and remediates vulnerabilities in the background.
Developed by Paterva, Maltego is a data mining tool that uses transforms to automate data source queries, and is available by default in Kali Linux. You can use either the built-in transforms or write custom ones to analyze targets and take the necessary actions.
A search engine that finds specific types of internet-connected devices, Shodan is the most widely used tool used by hackers to find vulnerable devices. The tool displays a list of devices that are connected online, and you can view connected webcams, traffic lights, routers, and servers through their service banner metadata.
This tool is in built into Kali Linux and is used to collect information such as email addresses, subdomains, hosts, employee names, open ports, and banners from specific targets, such as public search engines, key servers, and the SHODAN database. The tool helps pen testers establish an organization’s internet footprint, including what types of organizational information a potential attacker can view on the internet.
This Python-based tool is used to gather domain-specific information that can be exploited using social engineering techniques. It indexes the domain names to various search engines and is used for web-based, open-source reconnaissance.
This is a reverse-image tool that tracks your images, discovers where they appear online, and alerts you. Through December 2018, the tool has indexed over 33.5 billion images.
4. Banner Grabbing
Banner grabbing is a technique used to collect details about the hosts connected to a network and the services running on them. Administrators use it to catalog their networks, and ethical hackers use it during penetration testing. But hackers can also use it to reveal compromising network host information by running a simple Telnet command to connect to a specific IP address:
nap -sV --script=banner 255.255.255.255
5. Transparent Proxies
These proxies are systems that act as intermediaries and perform the functions of authentication, redirection and caching. This functionality prevents the user from directly connecting to the web server, providing better control and security.
Burp Proxy functions as an invisible proxy server (a man-in-the-middle between the browser and target application), which allows the client to connect directly to the proxy listener. You can also send requests to other Burp Suite tools for more advanced testing.
6. Source Code Analytics
Veracode is a code-scanning application which scans your code for potential vulnerabilities and increases the application security. It was developed to make application security a seamless part of software development.
Fortify is also a static code analyzer which supports over 25 programming languages. You can easily integrate the plugin into the IDE of your choice and then add the necessary security fixes through your IDE.
This tool lets you write exploits, analyze malware, and reverse-engineer binary files. The debugger is designed specifically for the security industry and supports both GUI and command languages.
This is a multiprocessor disassembler and debugger which supports multiple debugging targets. Available for many platforms, under license, IDA is arguably the most important tool available for software analysis.
8. Exploitation Frameworks
If you discover a vulnerability and want to validate whether other controls are remediating the risk, using an exploitation framework will help verify if the vulnerability is exploitable. While no substitute for a professional penetration tester, many of these frameworks have automated exploitation modes that will attempt to exploit discovered vulnerabilities, acting in the capacity of a low-skilled attacker. Some examples include:
Built from the open-source Metasploit Framework, Metasploit Pro is a reasonably priced, GUI-based tool that allows the tester to attack individual vulnerabilities and enable an auto-attack. Metasploit Pro, however, does not address as many vulnerabilities as other products might.
While pricey, Core Impact is considered one of the strongest tools on the market. The tool includes options to leverage both zero-day vulnerabilities and known vulnerabilities during its attack run.
9. Note-Taking Tools
When analyzing the security of your network, you can use any of the available note-taking tools of your choice. We like the following tools, as they were designed keeping the developers and programmers in mind:
Want more? Read about...