July 13, 2016

Top 50 Best Ethical Hacking And Vulnerability Scanning Tools For Free

Updated by subhakaran Nitijanandhan

Nmap (Network Mapper)

Nmap makes it easy for one to perform network discovery and security auditing. It used in managing upgrade schedules. It guides one in understanding the features of any target network. Features such as host, services, etc. It works on almost all the environment.
50 network security penetration testing software tools

Metasploit penetrating software

Metasploit is a research security project that delivers to the user vital information regarding security vulnerabilities and helps to formulate penetration testing , strategies and methods of execution.

Nessus

It is a very popular security tool that focuses on vulnerability scanning. It is the most perfect vulnerabilities identifier: Nessus scans for .It also scans for default passwords.It specialized in compliance checks, Sensitive data searches, website security scanning etc. It also helps in finding weak-spots. It works on most of the environments.

Hydra

Hydra is a powerful password guessing tool.It guesses weak passwords from databases that have been stored in or are in transit within a computer system or network.
Brute force password guessing

Cain and Abel

It is known for the following powerful features: passwords recovery, and revealing password boxes,wireless scanning, network sniffing etc. It also contains an Access Database password decoder, RDP password decode and Hash Calculator.

Kismet

Kismet is a wireless network detector, sniffer, and intrusion detection security penetration tool. Kismet can monitor and sniff 802.11b, 802.11a, 802.11g, and 802.11n traffic. It is open source and widely used.
Random.org password generator
The Random Password Generator from random.org generates random passwords based on the guidelines provided.

Faraday

Faraday is a Collaborative Penetration Test and Vulnerability Management Platform

WinDump 

WinDump is a powerful network packet analyzer that can be used for network debugging and security monitoring.

John the Ripper

John the Ripper is a popular password cracking penetration tool that is mostly used to perform dictionary attacks. This tool can also be used to perform a variety of alterations to dictionary attacks. John the Ripper as an offline password cracker.

OpenVAS

It is a Vulnerability Assessment System that offers various tools and services for vulnerability scanning and management.

OpenPuff

OpenPuff is a tool with the following features: Whitening and encoding, ability to add a decoy password to reveal decoy data and ability to split the hidden data over multiple carriers.

Retina community network

It is a top security tool which offers powerful vulnerability assessment across the whole operating systems,  devices,  application softwares , and virtual environments within a given network. It uses a database that is being updated regularly so it can detect latest security issues.

Evil grade

It is a modular framework that facilitates a user to take advantage of poor upgrade implementations entering fake updates.

OWASP Zed free

This tool is very efficient program that finds vulnerabilities in web applications. . ZAP provides automated scanners,tools that allow one to discover security vulnerabilities. It is recommended for those intending to be career penetrates.

Nikto website vulnerability scanner

Nikto is web server scanner that scans and detect web serves for any vulnerabilities. Nikto also scans for outdated versions. ,It also check the server configurations and also identifies installed web servers and web applications.

GNU Project debugger

It is a powerful tool that helps the user to discover, audit and execute what is in the web while the program is running.

aircrack-ng

This is a network security tool that allows the user to access the wireless card from other computers and allows the user to run tools on a remote computer. It allows network analysis, wireless packet capturing, and packet injection.

Eraser 

It allows the user to completely remove data from the hard drive by overwriting each data block many times using an erasure method.

Router sploit

Automated penetration testing software that consists of various modules that aids penetration testing operations like exploiting, crediting and scanning. It also identifies, designs and checks network vulnerability.

KeePass

KeePass is a password manager that allows one to store username and password combinations in a highly configured database. Access to the database is secured using a master password or key file

Open stego

It is a powerful tool that attaches secret message file into an image file. It is also used to unhide data from the output file and uses password to encrypt. This tool is open source.

Burp Suite 

It is an integrated platform for attacking web applications.

Commix

It is a powerful Network monitoring which is installed in a few minutes and it discovers one's entire network automatically

Acunetix 

It is a tool that is used to test and reports on SQL injection. Acunetix generates detailed reports while identifying security issues and vulnerabilities

Ettercap

It is a free and open source network security too. It mainly analysis computer network protocols within a security auditing context and also is an effective scanner

Vera code: It ensures security of code development and minimizes vulnerabilities.

Punk spider: This security tool is a web scanner that performs more than most of the other scanners

IBM Appscan: It is a security tool that scans and identifies the problem and then gives the remedy to the problem.
SATAN: (Security Administrator Tool for analyzing Networks). It is used for collecting and reporting network security vulnerability.

Maltego: This tool focus on highlighting relationships between people or sites , infrastructure etc.

Iron Wasp: It is a unique scanner for web application

Secunia PSI: It is a software inspector that keeps the system secured

HconSTF: It is used to exploit vulnerabilities in password, database etc.

Sqlmap: is a good open source tool. It is mostly used for detecting issues in an application.

Burp suite: It is a scanner, interceptor of proxy. It also crawl content and functions.

Netsparker: This tool is a scanner that identifies problems and suggests remedial action.

Immunity’s CANVAS: This tool is used for web application and wireless systems.

BeEF (The Browser Exploitation Framework: This tool focus on the web browser.

Netstumbler: This tool helps the user find open wireless access points on the network.

Superscan: This is a good manual on website.

Socat: This is a tool that works over a number of protocols and through a files, pipes, devices etc. It provides forking, logging, and dumping, different modes of communication, and many more other options

Snort: (IDS intrusion detection systems)

HPing2: packet crafting tools

TCPDump: packet sniffers

Scapy: It used for scanning large number of machines

Chkrootkit: it is a free, open source utility. It detects almost all the latest rootkits.

Canvas: an automated exploitation system development framework to penetration testers and security professionals worldwide.

TrueCrypt: is able to perform a powerful attack based on: Dictionary or Alphabet

SGuil: This tool sources out for all the network problems and gives out remedies

Yersinia: is a good protocol attack tool used in penetration testing.

Splunk: is a tool that searches, reports, monitors and analyzes streaming data.

Fiddler: is a Web Debugging tool which logs all HTTP traffic between one's computer and the Internet.