Network VAPT Tools Comparison

Network VAPT tools Comparison

Network VAPT is the assessment procedure that is conducted by safety experts on the user’s network for identifying possible vulnerabilities that the attackers might exploit. The primary objective of a network penetration test is to recognize exploitable vulnerabilities in systems, networks, network devices (i.e., switches, routers), and hosts before hackers can discover as well as exploit them.

Network security testing is important for any corporate to protect their intellectual property. Most of the attacks being internal, it is imperative to scan the networks periodically and fix the loopholes. This helps corporates achieve a better cyber security posture of their IT corporate network, by protecting their data from internal and external threats.

Tool Name Author/ Company Free/ Commercial Open Source? License Written in Used by?
Nmap Fyodor (Gordon Lyon) Free Yes GNU General Public License C, C++, Python, Lua Researchers and Pentesters
WireShark Gerald Combs Free Yes GNU General Public License C and C++ Researchers and Pentesters
Nessus Professional Tenable Inc Commercial No Proprietary   Cooperations and Pentesters
Nexpose Community Edition Rapid7 LLC Free No Proprietary   Researchers and Pentesters
UnicornScan Jack C. Louis Free Yes GNU General Public License C, Shell, PHP Researchers and Pentesters
Fierce Robert Hansen (RSnake) Free Yes GNU General Public License Python Researchers and Pentesters
nikto Chris Sullo

(CIRT.net)

Free Yes GNU General Public License Perl Researchers and Pentesters
SPARTA Antonio Quina and Leonidas Stavliotis

(SECFORCE Ltd.)

Free Yes GNU General Public License Python Researchers and Pentesters
netsniff-ng Daniel Borkmann Free Yes GNU General Public License C, Roff, Yacc, Shell Researchers and Pentesters
DNSChef Peter Kacherginsky (iphelix) Free Yes GNU General Public License Python Researchers and Pentesters
tcpflow Jeremy Elson Free Yes GNU General Public License C++ and C Researchers and Pentesters
mitmproxy Aldo Cortesi, Maximilian Hils, Thomas Kriechbaumer, and contributors Free Yes The MIT License Python and JavaScript Researchers and Pentesters
responder Laurent Gaffie Free Yes GNU General Public License Python Researchers and Pentesters
ProxyChains N3E7CR34TUR3, rofl0r, Adam Hamsik Free Yes GNU General Public License C Researchers and Pentesters
SATAN Dan Farmer and WietseVenema Free No Proprietary Perl and Shell scripts Researchers and Pentesters
SAINT® Security Suite Carson & SAINT Commercial No Proprietary   Cooperations
Snort Martin Roesch

(Cisco Systems)

Free Yes GNU General Public License C Researchers and Pentesters
Metasploit Framework Rapid7 LLC Free Yes BSD Ruby Researchers and Pentesters
Aircrack-ng Thomas d’Otreppe de Bouvette Free Yes GNU General Public License C Researchers and Pentesters
BlackBox Raffaele Forte Free No Proprietary   Researchers and Pentesters
hping3 Salvatore Sanfilippo (Antirez) Free Yes GNU General Public License C Researchers and Pentesters
SuperScan Foundstone team (part of McAfee) Free No Freeware   Researchers and Pentesters
Scapy Philippe Biondi, Guillaume Valadon, Pierre Lalet, Gabriel Potter Free Yes GNU General Public License Python Researchers and Pentesters
Ettercap ALoR (Alberto Ornaghi) and NaGA (Marco Valleri) Free Yes GNU General Public License C Researchers and Pentesters
Kismet Mike Kershaw Free Yes GNU General Public License C++, C, JavaScript Researchers and Pentesters
Zenmap Adriano Monteiro Marques (Author of Umit) Free Yes GNU General Public License   Researchers and Pentesters
Falco Sysdig Inc. Free Yes Apache License 2.0 C++, CMake, Lua, Shell, Python Researchers and Pentesters
nChronos Colasoft Co. Commercial No Proprietary   Cooperations
Debookee iwaxx Team Commercial No Proprietary   Cooperations
OmniPeek Savvius, Inc. Commercial No Proprietary   Cooperations
SmartSniff NirSofer Free   Freeware C++ Researchers and Pentesters
EtherApe Riccardo Ghetta, Juan Toledo, Zev Weiss Free Yes GNU General Public License C Researchers and Pentesters
Qualys Network Security Qualys Inc. Commercial No Proprietary   Cooperations
PRTG Network Monitor Paessler AG Commercial No Proprietary Delphi Cooperations
FireEye Network Security FireEye Inc. Commercial No Proprietary   Cooperations
OpenVAS Greenbone Networks GmbH Free Yes GNU General Public License C Cooperations and Pentesters
Angry IP Scanner Anton Keks Free Yes GNU General Public License Java Researchers and Pentesters
DNSDumpster HackerTarget.com Project Free   Online Tool

(The Internet)

  Researchers and Pentesters
DNSRecon Carlos Perez Free Yes GNU General Public License Python Researchers and Pentesters
Mass Scan Robert Graham Free Yes GNU Affero General Public License v3 C Researchers and Pentesters
Zarp Bryan Alexander (hatRiot) Free Yes GNU General Public License Python Researchers and Pentesters
sslstrip Moxie Marlinspike Free Yes GNU General Public License Python Researchers and Pentesters
Dshell U.S. Army Research Laboratory (ARL) Free Yes The MIT License Python Cooperations and Pentester

Nmap Security Scanner

  • The Nmap Project
  • Open Source
  • Author: Fyodor (Gordon Lyon)

Nmap (“Network Mapper”) is a free and open source (license) utility for network discovery and security auditing. Many systems and network administrators also find it useful for tasks such as network inventory, managing service upgrade schedules, and monitoring host or service uptime. Nmap uses raw IP packets in novel ways to determine what hosts are available on the network, what services (application name and version) those hosts are offering, what operating systems (and OS versions) they are running, what type of packet filters/firewalls are in use, and dozens of other characteristics. It was designed to rapidly scan large networks, but works fine against single hosts.

  • Written in C, C++, Python, Lua
  • Supported platforms: Windows, Linux, OS X, UNIX
  • License: GNU GeneralPublicLicensev2
  • Used by: Students, Researcher and Penetration Testers
  • https://nmap.org/

Wireshark

  • Author: Gerald Combs
  • Open Source

Wireshark is the world’s foremost network protocol analyzer. It lets you see what’s happening on your network at a microscopic level. It is the de facto (and often de jure) standard across many industries and educational institutions. Wireshark development thrives thanks to the contributions of networking experts across the globe. It is the continuation of a project that started in 1998.

  • Written in C, C++
  • License: GNU GeneralPublicLicensev2
  • Supported platforms: Windows, Linux, OS X, BSD, Solaris, UNIX
  • Used by: Students, Researcher and Penetration Testers
  • https://www.wireshark.org/

Nessus Professional

  • Tenable, Inc.
  • Commercial

Nessus Professional is the most commonly-deployed vulnerability assessment solution across the industry. This solution helps you perform high-speed asset discovery, target profiling, configuration auditing, malware detection, sensitive data discovery and so much more. Nessus Professional runs on client devices such as laptops and can be effectively used by your security departments within your organization.

  • License: Proprietary
  • Supported platforms: Windows, Linux, OS X, UNIX
  • Used by: Cooperations, Consultants, Pen Testers and Security Practitioners
  • https://www.tenable.com/products/nessus/nessus-professional

Nexpose Community Edition

  • Rapid7
  • Free

Rapid7 Nexpose is a vulnerability scanner which aims to support the entire vulnerability management lifecycle, including discovery, detection, verification, risk classification, impact analysis, reporting and mitigation. It integrates with Rapid7’s Metasploit for vulnerability exploitation. It is sold as standalone software, an appliance, virtual machine, or as a managed service or private cloud deployment. User interaction is through a web browser.

  • License: Proprietary
  • Supported platforms: Windows, Linux, OS X, UNIX
  • Used by: Students, Researcher and Penetration Testers
  • https://www.rapid7.com/products/nexpose/

Unicornscan

  • Author: Jack C. Louis
  • Open Source

Unicornscan is an attempt at a User-land Distributed TCP/IP stack for information gathering and correlation. It is intended to provide a researcher a superior interface for introducing a stimulus into and measuring a response from a TCP/IP enabled device or network. Some of its features include asynchronous stateless TCP scanning with all variations of TCP flags, asynchronous stateless TCP banner grabbing, and active/passive remote OS, application, and component identification by analyzing responses.

  • Written in C, Shell, PHP
  • License: GNU GeneralPublicLicensev2
  • Used by: Students, Researcher and Penetration Testers
  • https://gitlab.com/kalilinux/packages/unicornscan

Fierce

  • Author: Robert Hansen (RSnake)
  • Open Source

Fierce is a semi-lightweight scanner that helps locate non-contiguous IP space and hostnames against specified domains. It’s really meant as a pre-cursor to nmap, unicornscan, nessus, nikto, etc, since all of those require that you already know what IP space you are looking for. This does not perform exploitation and does not scan the whole internet indiscriminately. It is meant specifically to locate likely targets both inside and outside a corporate network. Because it uses DNS primarily you will often find mis-configured networks that leak internal address space. That’s especially useful in targeted malware.

  • Written in Python
  • License: GNU GeneralPublicLicensev2
  • Supported platforms: Windows, Linux, OS X, UNIX
  • Used by: Students, Researcher and Penetration Testers
  • https://github.com/mschwager/fierce

Nikto

  • Project by CIRT.net
  • Original Author: Chris Sullo
  • Open Source

Nikto is an Open Source web server scanner which performs comprehensive tests against web servers for multiple items, including over 6700 potentially dangerous files/programs, checks for outdated versions of over 1250 servers, and version specific problems on over 270 servers. It also checks for server configuration items such as the presence of multiple index files, HTTP server options, and will attempt to identify installed web servers and software. Scan items and plugins are frequently updated and can be automatically updated. It will test a web server in the quickest time possible, and is obvious in log files or to an IPS/IDS. However, there is support for LibWhisker’s anti-IDS methods in case you want to give it a try (or test your IDS system).

  • Written in Perl
  • License: GNU General Public License v2
  • Supported platforms – Linux, Windows, OS X, UNIX
  • Used by – Students, Researcher and Penetration Testers
  • https://github.com/sullo/nikto

Sparta

  • SECFORCE Ltd.
  • Authors: Antonio Quina and Leonidas Stavliotis
  • Open Source

SPARTA is a python GUI application that simplifies network infrastructure penetration testing by aiding the penetration tester in the scanning and enumeration phase. It allows the tester to save time by having point-and-click access to their toolkit and by displaying all tool output in a convenient way. If less time is spent setting up commands and tools, more time can be spent focusing on analysing results.

  • Written in Python
  • License: GNU General Public License v3
  • Supported platforms – Linux, Windows, OS X, UNIX
  • Used by – Students, Researcher and Penetration Testers
  • https://sparta.secforce.com/
  • https://gitlab.com/kalilinux/packages/sparta

Netsniff-ng

  • Author: Daniel Borkmann
  • Open Source

netsniff-ng is a free, performant Linux network analyzer and networking toolkit.The gain of performance is reached by built-in zero-copy mechanisms, so that on packet reception and transmission the kernel does not need to copy packets from kernel space to user space, and vice versa. The netsniff-ng toolkit’s primary usage goal is to facilitate a network developer’s / hacker’s daily Linux plumbing. It can be used for network development, debugging, analysis, auditing or network reconnaissance. It consists of the following fixed set of utilities:

  • Written in C, Roff, Yacc, Shell
  • License: GNU General Public License v2
  • Supported platforms – Linux
  • Used by – Students, Researcher and Penetration Testers
  • http://netsniff-ng.org/
  • https://github.com/netsniff-ng/netsniff-ng

DNSChef

  • Author: Peter Kacherginsky (iphelix)
  • Open Source

DNSChef is a highly configurable DNS proxy for Penetration Testers and Malware Analysts. A DNS proxy (aka “Fake DNS”) is a tool used for application network traffic analysis among other uses. For example, a DNS proxy can be used to fake requests for “badguy.com” to point to a local machine for termination or interception instead of a real host somewhere on the Internet. DNSChefwas developed as part of a penetration test where there was a need for a more configurable system. As a result, DNSChef is cross-platform application capable of forging responses based on inclusive and exclusive domain lists, supporting multiple DNS record types, matching domains with wildcards, proxying true responses for nonmatching domains, defining external configuration files, IPv6 and many other features.

  • Written in Python
  • License: GNU General Public License v3
  • Supported platforms – Linux, Windows, OS X, UNIX
  • Used by – Students, Researcher and Penetration Testers
  • https://github.com/iphelix/dnschef

tcpflow

  • Author: Jeremy Elson
  • Maintainer: Simson L. Garfinkel
  • Open Source

tcpflow is a program that captures data transmitted as part of TCP connections (flows), and stores the data in a way that is convenient for protocol analysis and debugging. Each TCP flow is stored in its own file. Thus, the typical TCP flow will be stored in two files, one for each direction. tcpflow can also process stored ‘tcpdump’ packet flows.

  • Written in C++ and C
  • License: GNU General Public License v3
  • Supported platforms – Linux, Windows, OS X, UNIX
  • Used by – Students, Researcher and Penetration Testers
  • https://github.com/simsong/tcpflow

mitmproxy

  • Authors: Aldo Cortesi, Maximilian Hils, Thomas Kriechbaumer, and contributors
  • Open Source

mitmproxy is an interactive, SSL/TLS-capable intercepting proxy with a console interface for HTTP/1, HTTP/2, and WebSockets. It can be used to intercept, inspect, modify and replay web traffic such as HTTP/1, HTTP/2, WebSockets, or any other SSL/TLS-protected protocols. You can prettify and decode a variety of message types ranging from HTML to Protobuf, intercept specific messages on-the-fly, modify them before they reach their destination, and replay them to a client or server later on.

  • Written in Python and Javascript
  • License: The MIT License
  • Supported platforms – Linux, Windows, OS X, UNIX
  • Used by – Students, Researcher and Penetration Testers
  • https://mitmproxy.org/

Responder

  • Author: Laurent Gaffie
  • Open Source

This tool is first an LLMNR and NBT-NS responder, it will answer to *specific* NBT-NS (NetBIOS Name Service) queries based on their name suffix (see: http://support.microsoft.com/kb/163409). By default, the tool will only answers to File Server Service request, which is for SMB. The concept behind this, is to target our answers, and be stealthier on the network. This also helps to ensure that we don’t break legitimate NBT-NS behavior. You can set the -r option to 1 via command line if you want this tool to answer to the Workstation Service request name suffix.

  • Written in Python
  • License: GNU General Public License v3
  • Supported platforms – Linux, Windows, OS X, UNIX
  • Used by – Students, Researcher and Penetration Testers
  • https://github.com/lgandx/Responder/

ProxyChains

  • Author: N3E7CR34TUR3, rofl0r, Adam Hamsik
  • Open Source

ProxyChains is a UNIX program, that hooks network-related libc functions in dynamically linked programs via a preloaded DLL and redirects the connections through SOCKS4a/5 or HTTP proxies. A tool that forces any TCP connection made by any given application to follow through proxy like TOR or any other SOCKS4, SOCKS5 or HTTP(S) proxy. Supported auth-types: “user/pass” for SOCKS4/5, “basic” for HTTP.

  • Written in C
  • License: GNU General Public License v2
  • Supported platforms – Linux and UNIX
  • Used by – Students, Researcher and Penetration Testers
  • https://github.com/haad/proxychains

SATAN

  • Authors: Dan Farmer and Wietse Venema
  • Free

SATAN is a free tool for remotely analyzing the security of networks. Security Administrator Tool for Analyzing Networks (SATAN) consists of a variety of routines that probe a network for security holes in a similar way that hackers do. SATAN tests the vulnerabilities of TCP/IP hosts using common TCP/IP protocols, such as File Transfer Protocol (FTP), Network File System (NFS), and Network Information System (NIS), and analyzes how the host responds to requests based on these protocols. The results are stored in a database and can be displayed using a Web browser.

  • Written in Perl and Shell scripts
  • Supported platforms – Linux and UNIX
  • Used by – Students, Researcher and Penetration Testers
  • www.porcupine.org/satan/

SAINT® Security Suite

  • Carson & SAINT
  • Commercial

SAINT Security Suite provides a fully-integrated set of capabilities to assess your network assets for the latest vulnerabilities across a wide variety of operating systems, software applications, databases, network devices and configurations.

  • License: Proprietary
  • Used by: Corporations looking for high level assessment reports and deep vulnerability assessments
  • https://www.carson-saint.com/products/saint-security-suite/

Snort

  • Original Author: Martin Roesch
  • Currently developed and maintained by Cisco Systems, Inc.
  • Open Source

Snort is an open source network intrusion prevention system, capable of performing real-time traffic analysis and packet logging on IP networks. It can perform protocol analysis, content searching/matching, and can be used to detect a variety of attacks and probes, such as buffer overflows, stealth port scans, CGI attacks, SMB probes, OS fingerprinting attempts, and much more.

  • Written in C
  • License: GNU General Public License v2
  • Supported platforms – Linux, Windows, OS X, UNIX
  • Used by – Students, Researcher and Penetration Testers
  • https://www.snort.org/

Metasploit Framework

  • Rapid7 LLC
  • Open Source

The Metasploit Project is a computer security project that provides information about security vulnerabilities and aids in penetration testing and IDS signature development. It is owned by Boston, Massachusetts-based security company Rapid7. Its best-known sub-project is the open-source Metasploit Framework, a tool for developing and executing exploit code against a remote target machine. Other important sub-projects include the Opcode Database, shellcode archive and related research. The Metasploit Project includes anti-forensic and evasion tools, some of which are built into the Metasploit Framework. Metasploit is pre-installed in the Kali Linux operating system.

  • Written in Ruby
  • License: BSD
  • Supported platforms – Linux, Windows, OS X, UNIX
  • Used by – Students, Researcher and Penetration Testers
  • https://www.metasploit.com/
  • https://github.com/rapid7/metasploit-framework

Aircrack-ng

  • Author: Thomas d’Otreppe de Bouvette
  • Open Source

Aircrack-ng is a network software suite consisting of a detector, packet sniffer, WEP and WPA/WPA2-PSK cracker and analysis tool for 802.11 wireless LANs. It works with any wireless network interface controller whose driver supports raw monitoring mode and can sniff 802.11a, 802.11b and 802.11g traffic.

  • Monitoring: Packet capture and export of data to text files for further processing by third party tools.
  • Attacking: Replay attacks, deauthentication, fake access points and others via packet injection.
  • Testing: Checking WiFi cards and driver capabilities (capture and injection).
  • Cracking: WEP and WPA PSK (WPA 1 and 2).
  • Written in C
  • License: GNU General Public License v2
  • Supported platforms – Linux, Windows, OS X, UNIX
  • Used by – Students, Researcher and Penetration Testers
  • https://www.aircrack-ng.org/

BlackBox

  • BackBox Team
  • Main author: Raffaele Forte
  • Free

BackBox Linux is an Ubuntu-based distribution developed to perform penetration tests and security assessments. It includes a complete set of tools required for ethical hacking and security testing. It is designed to be fast and easy to use. It provides a minimal yet complete desktop environment, thanks to its own software repositories, which are always updated to the latest stable versions of the most often used and best-known ethical hacking tools. It includes some of the most used security and analysis Linux tools, aiming for a wide spread of goals, ranging from web application analysis to network analysis, from stress tests to sniffing, also including vulnerability assessment, computer forensic analysis and exploitation.

  • License: Proprietary
  • Supported platforms – Linux, Windows, OS X, UNIX
  • Used by – Students, Researcher and Penetration Testers
  • https://linux.backbox.org/

hping3

  • Author: Salvatore Sanfilippo (Antirez)
  • Open Source

hping3 is a network tool able to send custom TCP/IP packets and to display target replies like ping do with ICMP replies. hping3 can handle fragmentation, and almost arbitrary packet size and content, using the command line interface. As a command line utility, hping is useful to test at many kind of networking devices like firewalls, routers, and so. hping is a command-line oriented TCP/IP packet assembler/analyzer. The interface is inspired to the ping unix command, but hpingisn’t only able to send ICMP echo requests. It supports TCP, UDP, ICMP and RAW-IP protocols, has a traceroute mode, the ability to send files between a covered channel, and many other features.

  • Written in C
  • License: GNU General Public License v2
  • Supported platforms – Linux, Windows, OS X, UNIX
  • Used by – Students, Researcher and Penetration Testers
  • http://www.hping.org/

SuperScan

  • Authors: Foundstone team (part of McAfee)
  • Last stable release: 4.0 in 2003
  • Free

SuperScan is a free connect-based port scanning software designed to detect open TCP and UDP ports on a target computer, determine which services are running on those ports, and run queries such as whois, ping, ICMP traceroute, and Hostname lookups.

  • License: Freeware
  • Supported platforms: Windows 2000/XP/Vista/7
  • Used by – Students, Researcher and Penetration Testers
  • https://sectools.org/tool/superscan/

Scapy

  • SecDev Team
  • Authors: Philippe Biondi, Guillaume Valadon, Pierre Lalet, Gabriel Potter
  • Open Source

Scapy is a powerful Python-based interactive packet manipulation program and library. It is able to forge or decode packets of a wide number of protocols, send them on the wire, capture them, store or read them using pcap files, match requests and replies, and much more. It is designed to allow fast packet prototyping by using default values that work. It can easily handle most classical tasks like scanning, tracerouting, probing, unit tests, attacks or network discovery. It also performs very well at a lot of other specific tasks that most other tools can’t handle, like sending invalid frames, injecting your own 802.11 frames, combining techniques (VLAN hopping+ARP cache poisoning, VoIP decoding on WEP protected channel, …), etc.

  • Written in Python
  • License: GNU General Public License v2
  • Supported platforms – Linux, Windows, OS X, UNIX
  • Used by – Students, Researcher and Penetration Testers
  • https://scapy.net/

Ettercap
• Authors: ALoR (Alberto Ornaghi) and NaGA (Marco Valleri)
• Contributors: Ettercap Dev. Team
• Open Source

Ettercap is a comprehensive suite for man in the middle attacks. It features sniffing of live connections, content filtering on the fly and many other interesting tricks. It supports active and passive dissection of many protocols and includes many features for network and host analysis.

• Written in C
• License: GNU General Public License v2
• Supported platforms – Linux, Windows, OS X, UNIX
• Used by – Students, Researcher and Penetration Testers
• https://www.ettercap-project.org/

Kismet
• Author: Mike Kershaw
• Open Source

Kismet is an 802.11 layer-2 wireless network detector, sniffer, and intrusion detection system. It will work with any wireless card that supports raw monitoring (rfmon) mode, and can sniff 802.11a/b/g/n traffic. It can use other programs to play audio alarms for network events, read out network summaries, or provide GPS coordinates. This is the main package containing the core, client, and server.

• Written in C++, C, JavaScript
• License: GNU General Public License v2
• Supported platforms – Linux, Windows, OS X, UNIX
• Used by – Students, Researcher and Penetration Testers
• https://www.kismetwireless.net/
• https://gitlab.com/kalilinux/packages/kismet

Zenmap
• The Nmap Project
• Open Source
• Author: Adriano Monteiro Marques (Author of Umit)

Zenmap is the official Nmap Security Scanner GUI. It is a multi-platform (Linux, Windows, Mac OS X, BSD, etc.) free and open source application which aims to make Nmap easy for beginners to use while providing advanced features for experienced Nmap users. Frequently used scans can be saved as profiles to make them easy to run repeatedly. A command creator allows interactive creation of Nmap command lines. Scan results can be saved and viewed later. Saved scan results can be compared with one another to see how they differ. The results of recent scans are stored in a searchable database.
Zenmapwas originally derived from Umit, an Nmap GUI created during the Google-sponsored Nmap Summer of Code in 2005 and 2006. The primary author of Umit was Adriano Monteiro Marques. When Umit was modified and integrated into Nmap in 2007, it was renamed Zenmap.

• Supported platforms: Windows, Linux, OS X, UNIX, BSD etc.
• License: GNU GeneralPublicLicensev2
• Used by: Students, Researcher and Penetration Testers
• https://nmap.org/zenmap/

Falco
• Sysdig, Inc.
• Open Source

Falco is a behavioural activity monitor designed to detect anomalous activity in your applications. Falco audits a system at the most fundamental level, the kernel. Falco then enriches this data with other input streams such as container runtime metrics, and Kubernetes metrics. Falco lets you continuously monitor and detect container, application, host, and network activity—all in one place—from one source of data, with one set of rules.

• Written in C++, CMake, Lua, Shell, Python
• License: Apache License 2.0
• Supported platforms: UNIX and Linux
• Used by: Students, Researcher and Penetration Testers
• https://falco.org/
• https://github.com/falcosecurity/falco

nChronos
• Colasoft Co. Ltd,
• Commercial (30 days trial available)

nChronos is an application centric, deep-dive network performance analysis system. It combines the nChronos Console with the nChronos Server to deliver the capability of 24×7 continuous packet capturing, unlimited data storage, efficient data mining and in depth traffic analysis solution. nChronos captures 100% of all data captured for real-time analysis as well as historical playback.

• License: Proprietary
• Server Requirements: Linux CentOS 6.6/7.1
• Console Requirements: Windows 7/8/10
• Used by – Corporations looking for high level assessment reports
• https://www.colasoft.com/nchronos/

Debookee
• iwaxx Team
• Commercial (Free trial available)

Debookee is a simple and powerful network traffic analyzer for macOS. Debookee is able to intercept and monitor the traffic of any device in the same subnet, thanks to a Man-in-the-middle attack (MITM). It allows you to capture data from mobile devices on your Mac (iPhone, iPad, Android, BlackBerry…) or Printer, TV, Fridge (Internet of Things!) without the need of a proxy. This interception is done in 1clic and is totally transparent, without network interruption.

• License: Proprietary
• Supported platform: MacOS
• Used by – Corporations looking for high level assessment reports
• https://debookee.com/

OmniPeek
• Savvius, Inc.
• Commercial (Free trial available)

Omnipeek is the world’s most powerful network protocol analyzer decoding over 1,000 protocols for fast network troubleshooting and diagnostics, anywhere network issues happen. Omnipeek network protocol analyzer delivers intuitive visualization and effective forensics for faster resolution of network and application performance issues and security investigations.

• License: Proprietary
• Supported platforms: Windows 7/8/10
• Used by – Corporations looking for high level assessment reports
• https://www.liveaction.com/products/omnipeek-network-protocol-analyzer/

SmartSniff
• Nirsoft.net
• Author: Nir Sofer

SmartSniff is a powerful, free software only available for Windows, that belongs to the category Networking software with subcategory Analysis (more specifically Monitoring) and has been created by Nirsoft. SmartSniff is a network monitoring utility that allows you to capture TCP/IP packets that pass through your network adapter, and view the captured data as sequence of conversations between clients and servers. You can view the TCP/IP conversations in Ascii mode (for text-based protocols, like HTTP, SMTP, POP3 and FTP.) or as hex dump. (for non-text base protocols, like DNS)

• Written in C++
• License: Freeware
• Supported platform: Windows 98/ME/NT/2000/XP/2003/2008/Vista/7/8
• Used by: Students, Researcher and Penetration Testers
• https://www.nirsoft.net/utils/smsniff.html

EtherApe
• Authors: Riccardo Ghetta, Juan Toledo, Zev Weiss
• Open Source

EtherApe is a graphical network monitor for Unix modeled after etherman. Featuring link layer, IP and TCP modes, it displays network activity graphically. Hosts and links change in size with traffic. Color coded protocols display. It supports Ethernet, FDDI, Token Ring, ISDN, PPP, SLIP and WLAN devices, plus several encapsulation formats. It can filter traffic to be shown, and can read packets from a file as well as live from the network. Node statistics can be exported.

• Written in C
• License: GNU General Public License
• Supported platform: Linux and UNIX
• Used by: Students, Researcher and Penetration Testers
• https://etherape.sourceforge.io/

Qualys Network Security
• Qualys, Inc.
• Commercial (Free trial available)

Automate your network auditing and vulnerability management lifecycle with Qualys. Cyber security threats can come from anywhere at any time, so network security needs to be continuous, scalable, extensible and comprehensive. You must constantly monitor and discover your assets, be alerted about atypical network changes and quickly identify and remediate critical vulnerabilities and compliance problems. Otherwise, you won’t be able to respond to suspicious incidents and your network will be at an elevated risk of breaches.

• License: Proprietary
• Used by – Corporations looking for high level assessment reports
• https://www.qualys.com/network-security/

PRTG Network Monitor
• Paessler AG
• Commercial

With PRTG, you can permanently monitor your network. If there are disruptions or breakdowns, you will receive an alarm and can react quickly. With PRTG, you can monitor your network devices, but also applications and your network traffic – for example, which traffic runs over which IP address. Complete monitoring for your network.

• Written in Delphi
• License: Proprietary
• Supported platforms: Windows 7/8/10
• Used by – Corporations looking for high level assessment reports
• https://www.paessler.com/prtg

FireEye Network Security
• FireEye, Inc.
• Commercial

FireEye Network Security is an effective cyber threat protection solution that helps organizations minimize the risk of costly breaches by accurately detecting and immediately stopping advanced, targeted and other evasive attacks hiding in Internet traffic. It facilitates efficient resolution of detected security incidents in minutes with concrete evidence, actionable intelligence and response workflow integration.

• License: Proprietary
• Supported platforms: Windows, Linux, OS X, UNIX
• Used by – Corporations looking for high level assessment reports
• https://www.fireeye.com/solutions/nx-network-security-products.html

OpenVAS
• Greenbone Networks GmbH
• Open Source

OpenVAS (Open Vulnerability Assessment System, originally known as GNessUs) is a full-featured vulnerability scanner. Its capabilities include unauthenticated testing, authenticated testing, various high level and low level Internet and industrial protocols, performance tuning for large-scale scans and a powerful internal programming language to implement any type of vulnerability test.

• Written in C
• License: GNU General Public License v2
• Supported platforms – Linux, Windows, OS X, UNIX
• Used by: Students, Researcher and Penetration Testers
• https://www.openvas.org/

Angry IP Scanner
• Author: Anton Keks
• Open Source

Angry IP Scanner (or simply ipscan) is an open-source and cross-platform network scanner designed to be fast and simple to use. It scans IP addresses and ports as well as has many other features. It is widely used by network administrators and just curious users around the world, including large and small enterprises, banks, and government agencies.

• Written in Java
• License: GNU General Public License v2
• Supported platforms: Windows, Linux, OS X, UNIX
• Used by: Students, Researcher and Penetration Testers
• https://angryip.org/
• https://github.com/angryip/ipscan

DNSDumpster
• HackerTarget.com Project
• Online Tool

A tool to perform DNS reconnaissance on target networks. The results include a variety of information that are useful for users performing network reconnaissance. Some of the information return include
• Host subdomains
• Different dnsinformat(MX, A record)
• Geo information
• Email

• Used by: Students, Researcher and Penetration Testers
• https://dnsdumpster.com/

DNSRecon
• Author: Carlos Perez
• Open Source

DNSRecon provides the ability to perform:
• Check all NS Records for Zone Transfers
• Enumerate General DNS Records for a given Domain (MX, SOA, NS, A, AAAA, SPF and TXT)
• Perform common SRV Record Enumeration. Top Level Domain (TLD) Expansion
• Check for Wildcard Resolution
• Brute Force subdomain and host A and AAAA records given a domain and a wordlist
• Perform a PTR Record lookup for a given IP Range or CIDR
• Check a DNS Server Cached records for A, AAAA and CNAME Records provided a list of host records in a text file to check
• Enumerate Common mDNS records in the Local Network Enumerate Hosts and Subdomains using Google

• Written in Python
• License: GNU General Public License v2
• Supported platforms: Windows, Linux, OS X, UNIX
• Used by: Students, Researcher and Penetration Testers
• https://github.com/darkoperator/dnsrecon

Mass Scan
• Author: Robert Graham
• Open Source

This is the fastest Internet port scanner. It can scan the entire Internet in under 6 minutes, transmitting 10 million packets per second. It produces results similar to nmap, the most famous port scanner using asynchronous transmission. The major difference is that it’s faster than these other scanners. In addition, it’s more flexible, allowing arbitrary address ranges and port ranges.

• Written in C
• License: GNU Affero General Public License version 3
• Supported platforms: Windows, Linux, OS X, UNIX
• Used by: Students, Researcher and Penetration Testers
• https://github.com/robertdavidgraham/masscan

Zarp
• Author: BryanAlexander (hatRiot)
• Open Source

Zarp is a network attack tool centered around the exploitation of local networks. This does not include system exploitation, but rather abusing networking protocols and stacks to take over, infiltrate, and knock out. Sessions can be managed to quickly poison and sniff multiple systems at once, dumping sensitive information automatically or to the attacker directly. Various sniffers are included to automatically parse usernames and passwords from various protocols, as well as view HTTP traffic and more. DoS attacks are included to knock out various systems and applications. These tools open up the possibility for very complex attack scenarios on live networks quickly, cleanly, and quietly.

• Written in Python
• License: License: GNU General Public License v3
• Supported platforms: Windows, Linux, OS X, UNIX
• Used by: Students, Researcher and Penetration Testers
• https://github.com/hatRiot/zarp

sslstrip
• Author: Moxie Marlinspike
• Open Source

sslstrip is a tool that transparently hijacks HTTP traffic on a network, watch for HTTPS links and redirects, and then map those links into look-alike HTTP links or homograph-similar HTTPS links. It also supports modes for supplying a favicon which looks like a lock icon, selective logging, and session denial.

• Written in Python
• License: License: GNU General Public License v3
• Supported platforms: Windows, Linux, OS X, UNIX
• Used by: Students, Researcher and Penetration Testers
• https://github.com/moxie0/sslstrip

Dshell
• U.S. Army Research Laboratory (ARL)
• Open Source

Dshell is an open source, Python-based, forensic analysis framework developed by the U.S. Army Research Laboratory, MD. This tool provides users with the ability to develop custom analysis modules which helps them understand events of cyber intrusion. This framework handles stream reassembly of both IPv4 and IPv6 network traffic and also includes geolocation and IP-to-ASN mapping for each connection. Additionally, the framework plug-ins are designed to aid in the understanding of network traffic and present results to the user in a concise, useful manner. Since Dshellis written entirely in Python, the code base can be customized to particular problems by modifying an existing decoder to extract different information from existing protocols.

• Written in Python
• License: The MIT License
• Supported platforms: Windows, Linux, OS X, UNIX
• https://github.com/USArmyResearchLab/Dshell

Related Post