Top Cybersecurity Tools (Free and Commercial) - NETSEC

Latest

Learning, Sharing, Creating

Cybersecurity Memo

Friday, March 6, 2020

Top Cybersecurity Tools (Free and Commercial)

I listed some of my favorite and useful Internet websites and IT tools in previous post which has been used in my daily IT life. There are some network security related tools I am also using in my IT life environment. This post is a just summarize for those tools and also I am trying to extend this list to add more later.

PDCA Methodology


There are some other related posts in this blog:

Recommended Tasks To Do (Free)


    1. Install AntiVirus / AntiMalware 
      • MS Defender
        • Immunet 7
      • MalwareBytes
    2. Update Everything
      • Windows
      • Java
      • Adobe
      • Firmware of your hardware such as Router, Switch, Firewall, Wireless router
    3. Vulnerability Scan
      • Qualys
      • CIS benchmark
      • Tenable.io / Nessus
    4. VPN and Safe Internet
    5. Security Awareness training
    6. Documentation
      • Gitbook
    7. GRC solution
      • Eramba - https://www.eramba.org/
      • SimpleRisk - https://www.simplerisk.com/


    Benchmarks / Hardening Policies

    • CIS (Center for Internet Security) :Proven guidelines will enable you to safeguard operating systems, software and networks that are most vulnerable to cyber attacks. They are continuously verified by a volunteer IT community to combat evolving cybersecurity challenges.
    • More policy samples


    Security/Malware/Vulnerabilities Scanning

    • https://www.qualys.com/forms/trials/pci-compliance/
    • https://www.hackerguardian.com/hackerguardian/learn/pci-free-scan.html
    • http://www.tenable.com/products/nessus-vulnerability-scanner
    • Open Bug Bounty:  Started in June 2014, Open Bug Bounty is a non-profit platform designed to connect security researchers and website owners in a transparent, respectful and mutually valuable manner. 
    • https://www.hybrid-analysis.com : is a free malware analysis service for the community that detects and analyzes unknown threats using a unique Hybrid Analysis technology.
    • www.virustotal.com  is a free service that analyzes suspicious files and URLs and facilitates the quick detection of viruses, worms, trojans, and all kinds of malware. VirusTotal was founded in 2004 as a free service that analyzes files and URLs for viruses, worms, trojans and other kinds of malicious content. Our goal is to make the internet a safer place through collaboration between members of the antivirus industry, researchers and end users of all kinds. Fortune 500 companies, governments and leading security companies are all part of the VirusTotal community, which has grown to over 500,000 registered users.
    • 腾讯反病毒实验室哈勃分析系统: 2014年5月30日 “哈勃文件分析系统”正式上线,“让病毒文件危害无所遁形。”
    • Qualys FreeScan - Online Vulnerability Scan can accurately scan your network, servers, desktops or web apps for security vulnerabilities. Scanning takes just minutes to find out where you're at risk.
    • Zscaler - Free, Instant Security Scan is a comprehensive suite of security services delivered from the cloud. It covers email, web and mobile computing. Some services the product provides are anti-malware, browser and application vulnerability management, policy enforcement for mobile computing, bandwidth and QoS management, web filtering, intellectual property protection and regulatory compliance.
    • Acunetix analyze complete web and network from Acunetix servers. You can register for free but full function 14 days online scan.  46% of web applications scanned with Acunetix Online Vulnerability Scanner contained a high risk vulnerability and 87% a medium risk vulnerability as per the 2015 Web App Vulnerability Report by Acunetix
    • Scan my server: provide one of the most comprehensive reports of varieties of security test like SQL Injection, Cross Site Scripting, PHP Code Injection, Source Disclosure, HTTP Header Injection, Blind SQL Injection and much more. Scan report is notified by email with vulnerability summary. But it requires you put a verification seal on your website to confirm your site ownership.
    • ASafaWeb - Automated Security Analyser for ASP.NET Websites. You also can schedule a regular scanning for your website in case there is any security level change on your website and you will be notified at the first tim.
    • Qualus SSL Labs: provides deep analysis of your https URL including expiry day, overall rating, Cipher, SSL/TLS version, Handshake simulation, Protocol details, BEAST and much more.
    • Quttera - Free Online Website Malware Scanner checks website for malware and vulnerability exploits online
    • SiteGuarding: helps you to scan your domain for malware, website blacklisting, injected spam, defacement and much more. The scanner is compatible with WordPress, Joomla, Drupal, Magento, osCommerce, Bulletin and another platform.
    • Sucuri - Free Website Malware and Security Scanner
    • Tinfoil Security : first audits your website against top 10 OWASP vulnerabilities and then other known security holes. You will need to verify your site by upload a html file, or add a meta tag, or add a DNS record, or manual Tinfoil verification. 
    • UpGuard : is external risk assessment tool uses publicly available information to grade on various factors including SSL, Clickjack attack, Cookie, DNSSEC, Headers, etc.
    • Web Inspector - Scan a Webpage with entering a URL to find out whether it is malicious or not
    • Microsoft Baseline Security Analyzer (MBSA) can perform local or remote scans on Windows desktops and servers, identifying any missing service packs, security patches, and common security misconfigurations. 
    • Tripwire Free Tools : SecureScan and SecureCheqSecureScan finds security vulnerabilities on your network with Tripwire SecureScan and get instructions on how to fix them. Tripwire SecureCheq is free Microsoft Windows Configuration Security Check tool for Desktops and Servers. It tests for common configuration errors and weaknesses in Microsoft Windows desktops and servers.
    • Retina Gives You Powerful Vulnerability Assessment Across Your Entire Environment. For up to 256 IPs free, Retina Community identifies network vulnerabilities (including zero-day), configuration issues, and missing patches across operating systems, applications, devices, and virtual environments.
    • OpenVAS is a framework of several services and tools offering a comprehensive and powerful vulnerability scanning and vulnerability management solution.


    SSL Certificate Verification:

    Packets Capturing and Analysing Tools

    • Tcpdump - Packet sniffers
    • Wireshark - Wireshark (known as Ethereal until a trademark dispute in Summer 2006) is a fantastic open source multi-platform network protocol analyzer. It allows you to examine data from a live network or from a capture file on disk. You can interactively browse the capture data, delving down into just the level of packet detail you need. Wireshark has several powerful features, including a rich display filter language and the ability to view the reconstructed stream of a TCP session. It also supports hundreds of protocols and media types. A tcpdump-like console version named tshark is included. One word of caution is that Wireshark has suffered from dozens of remotely exploitable security holes, so stay up-to-date and be wary of running it on untrusted or hostile networks (such as security conferences).
    • CloudShark works entirely in your web browser. No additional utilities, plugins, or downloads.
    • Friddle
    • Firebug
    • httpwatch

    Integrity Check

    • Tripwire - It was a simple tool to check file and folder integrity. Now Tripwire provide a whole set solution to discovers every asset on an organization’s network and delivers high-fidelity visibility and deep intelligence about these endpoints. Tripwire solutions also deliver actionable reports and alerts and enable the integration of valuable endpoint intelligence into operational systems like change management databases, ticketing systems, patch management and security solutions including SIEMS, malware detection and risk and analytics. 

    Penetration Test Tools

    • World's most used penetration testing software - metasploit
    • Kali Linux - is the new generation of the industry-leading Debian-based BackTrack Linux penetration testing and security auditing Linux distribution. Kali Linux is a complete re-build of BackTrack from the ground up, adhering completely to Debian development standards. Kali 2.0 Teaser is coming.
    • Nessus® is the industry’s most widely-deployed vulnerability, configuration, and compliance scanner.
    • BackTrack - BackTrack is a free bootable Linux distribution that contains a plethora of open source tools that you can use for network security and penetration testing. The tools are organized into different categories such as ‘Information Gathering’, ‘Vulnerability Assessment’, ‘Exploitation Tools’, ‘Privilege Escalation’ and ‘Maintaining Access’, amongst others.
    • Nmap ("Network Mapper") is a free and open source (license) utility for network discovery and security auditing. 
    • Burp Suite 
    • Cobalt Strike
    • BlackArch Linux 64 bit Live ISO : BlackArch Linux is an Arch Linux-based penetration testing distribution for penetration testers and security researchers. The repository contains 1950 tools. You can install tools individually or in groups. BlackArch Linux is compatible with existing Arch installs.The BlackArch Live ISO contains multiple window managers. Below you will find screenshots of a few of them.
    • BackBox Linux : BackBox Linux is a penetration testing and security assessment oriented Linux distribution providing a network and systems analysis toolkit. It includes some of the most commonly known/used security and analysis tools, aiming for a wide spread of goals, ranging from web application analysis to network analysis, stress tests, sniffing, vulnerability assessment, computer forensic analysis, automotive and exploitation. It has been built on Ubuntu core system yet fully customized, designed to be one of the best Penetration testing and security distribution and more.


    SIEM & Incident Responding


      • WAZUH- The Open Source Security Platform Unified XDR and SIEM protection for endpoints and cloud workloads.
      • Security Onion is a free and open platform built by defenders for defenders. It includes network visibility, host visibility, intrusion detection honeypots, log management, and case management. 
      • TheHive Project - TheHive is a scalable Security Incident Response Platform, tightly integrated with MISP (Malware Information Sharing Platform), designed to make life easier for SOCs, CSIRTs, CERTs and any information security practitioner dealing with security incidents that need to be investigated and acted upon swiftly.
      • Caldera™ is a cybersecurity framework developed by MITRE that empowers cyber practitioners to save time, money, and energy through automated security assessments.
      • Cortex, an open source and free software, has been created by TheHive Project for this very purpose. Observables, such as IP and email addresses, URLs, domain names, files or hashes, can be analyzed one by one or in bulk mode using a Web interface. Analysts can also automate these operations thanks to the Cortex REST API.



      Proxy Software

      • ccproxy from youngzsoft
      • Cisco CWS : The Cisco CWS solution, previously known as Cisco ScanSafe, enforces secure communication to and from the Internet. It uses the Cisco AnyConnect® Secure Mobility Client 3.0 to provide remote workers the same level of security as onsite employees when using a laptop issued by Cisco. Cisco CWS incorporates two main functions, web filtering and web security, and both are accompanied by extensive, centralized reporting.

      Network Automation Tools

      • NetMRI provides automatic network discovery, switch port management, network change automation, and continuous security policy and configuration compliance management for multi-vendor routers, switches, and other layer-2 and layer-3 network devices. NetMRI is the only platform that supports traditional and virtual network constructs (such as VRF) for multi-vendor network automation.

      Threat Intelligence Tools


      • Emerging Threats - (Proofpoint) - offering Open Source and premium version ET feed
      • ThreatConnect.com | Threat Intelligence | Smarter Security‎ - Provide a free account
      • Anomali | Threat Intelligence Platform | anomali.com‎
      • Lancope, Inc. is a leading provider of network visibility and security intelligence to protect enterprises against today’s top threats. 
      • FireEye Network Security (NX) products, now available in modular 2- and 4-Gbps appliances, enable organizations to prevent, detect, and respond to network-based zero day exploit attempts, web drive-by downloads, and advanced malware that routinely bypass conventional signature-reliant defenses.
      • Securonix SNYPR : The SNYPR Security Analytics Platform uses a combination of context enrichment, machine learning and threat modeling to predict, detect and contain advanced threats, anywhere, in real-time. Unlike SIEM solutions that inundate security teams with false positives, SNYPR leverages sophisticated machine learning algorithms to accurately identify the most hard-to-detect cyber threats, insider threats and fraud.

      Encryption Tools

      • Truecrypt - a strong encryption utility that can encrypt entire volumes or create an encrypted container within a file system. It has been announced this freeware project no longer maintained on 28 May 2014. 
      • Symantec Endpoint Encryption
      • Windows BitLoker
      • Veracrypt

      Antivirus / Anti-Malware



      • MalwareBytes
      • Avast! Free Antivirus. The testing result from third party is pretty good.  Avast Free Antivirus puts the free in freemium, and it's for those looking for a little extra from their free AV software. We wish Avast offered slightly quicker scans.Avast has two paid-upgrade antivirus products. Starting at $60 per year, Avast Internet Security adds a ransomware shield, a personal firewall and stronger protection against phishing attempts and malicious websites and a personal firewall.Avast Premier, starting at $80 per year, adds a file shredder and an automatic software updater for third-party programs. 
      • AVG.  AVG AntiVirus Free program provides good malware protection, but doesn't add many extra features other than its included file shredder. If you want to add encryption software, dedicated ransomware protection, an enhanced version of the Windows firewall and Android antivirus software, you'll need to get AVG Internet Security at $70 a year.
      • Symantec - SEPM
      • McAfee - EPO
      • Sophos

      Firewall Management Tools

      • Tufin Orchestration Suite: Tufin enables organizations to implement network security changes in the same business day through automation and impact analysis – orchestrating change processes end-to-end across physical environments and hybrid cloud platforms. It automatically designs,  provisions, analyzes and audits network changes from the application layer down to the network layer. 
      • FireMon provides enterprises with security management software that gives them deeper visibility and tighter control over their network security infrastructure. Its Security Intelligence Platform--including Security Manager, Policy Planner, Policy Optimizer and Risk Analyzer--enables customers to identify network risk, proactively eliminate those vulnerabilities and strengthen security throughout the organization, and reduce the cost of security operations. 
      • The AlgoSec Security Management Suite: The AlgoSec suite delivers a complete, integrated software solution for managing complex network security policies -- from the business application layer to the network infrastructure. With powerful visibility across virtual, cloud and physical environments, the AlgoSec suite automates and simplifies the entire security change management process to accelerate application delivery while ensuring security and compliance. The AlgoSec Security Management Suite, which includes Algosec BusinessFlow®, AlgoSec FireFlow® and AlgoSec Firewall Analyzer helps you.  

      HoneyPot

      • T-Pot: A honeypot platform based on the well-established honeypots glastopf, kippo, honeytrap and dionaea, the network IDS/IPS suricata, elasticsearch-logstash-kibana, ewsposter and some docker magic. 

      IP Reputation LookUp


      Auditing and Forensic Tools


      • Magnet Forensics
      • PALADIN - SUMURI
      • Cybersecurity and Infrastructure Security Agency - Sparrow : Sparrow.ps1 was created by CISA's Cloud Forensics team to help detect possible compromised accounts and applications in the Azure/m365 environment.
      • CHIRP - CISA (Cybersecurity and Infrastructure Security Agency) Hunt and Incident Response Program (CHIRP) is a new forensics collection tool that CISA developed to help network defenders find indicators of compromise (IOCs) associated with the SolarWinds and Active Directory/M365 Compromise. 

      Threat Hunting Tools


      Others

      • CyberChef
      • SafeRequest - Safe file online exchange service. SafeRequest is built to provide uploaders ‐your customers‐ an experience as smooth as possible. They can easily upload the requested files via a personally styled page.
      • Static Code Analysis https://www.sonarqube.org/downloads/
      • Virtual Machine monitoring https://www.veeam.com/virtual-server-management-one-free.html
      • Vulnerability management https://www.qualys.com/community-edition/
      • SOAR – Automated security response https://www.siemplify.co/community/
      • Web traffic security analysis https://portswigger.net/burp/communitydownload