Wireshark

Wireshark is free open-source software that permits you to research network traffic in real-time. because of its sniffing technology, Wireshark is widely known for its ability to detect security problems in any network, also as for its effectiveness in solving general networking problems.

While sniffing the network, you’re ready to intercept, and skim leads to a human-readable format, which makes it easier to spot potential problems (such as low latency), threats, and vulnerabilities.

Main features:

Saves analysis for offline inspection

Packet browser

Powerful GUI

Rich VoIP analysis

Inspects and decompresses gzip files

Reads other capture file-formats including Sniffer Pro as well as Microsoft network monitor, Cisco Secure IDS iplog, etc.

Supported ports and network devices: Ethernet, IEEE 802.11, PPP/HDLC, ATM, Bluetooth, USB, Token Ring, Frame Relay, FDDI.

Protocol decryption includes but not limited to IPsec, ISAKMP, Kerberos, SNMPv3, SSL/TLS, WEP, and WPA/WPA2

Exports results to XML, PostScript, CSV, or plain text

Wireshark supports up to 2000 different network protocols, and is out there on all major operating systems including:

Linux

Windows

Mac OS X

FreeBSD, NetBSD, OpenBSD

OpenVAS

OpenVAS (also referred to as the old classic “Nessus”) is an open-source network scanner wont to detect remote vulnerabilities in any hosts. one among the best-known network vulnerability scanners, it’s very fashionable among system administrators and DevOps and infosec professionals.

Main features

Powerful web-based interface

+50,000 network as well as vulnerability tests

Simultaneous multiple as well as host scanning

Able to stop, pause and resume scan tasks

False-positive management

Scheduled scans

Graphics and statistics generation

Exports results to plain text, XML, HTML or LateX

Powerful CLI available

Fully integrated with Nagios monitoring software

While its web-based interface allows it to be run from any OS, a CLI is additionally available and works well for Linux, Unix, and Windows operating systems.

The free version is often downloaded from the OpenVAS website, but there’s also a billboard enterprise license available from the Greenbone Security (parent company) website.

IronWASP

If you’re getting to perform ethical hacking, IronWASP is another useful gizmo. It’s free, open-source and multi-platform, perfect for those that got to audit their web servers and public applications.

One of the foremost appealing things about IronWASP is that you simply don’t get to be an expert to manage its main features. It’s all GUI-based, and full scans are often performed in just a couple of clicks. So, if you’re just getting started with ethical hacking tools, this is often an excellent thanks to starting.

Some of its main features include:

Powerful GUI-based interface

Web scan sequence recording

Exports results in HTML and RTF file format

25+ different web vulnerabilities

False-positive and negative management

Full Python and Ruby support for its scripting engine

Supported platforms: Windows, Linux as well as with Wine, and macOS using CrossOver

Nikto

Nikto is another favorite, well-known as a part of the Kali Linux Distribution. Other popular Linux distributions like Fedora already accompany Nikto available in their software repositories also.

This security tool is employed to scan web servers and perform different types of tests against the required remote host. Its clean and straightforward instruction interface makes it very easy to launch any vulnerability testing against your target, as you’ll see within the following screenshot:

Nikto

Nikto’s main features include:

Detects default as well as installation files on any OS

Detects outdated as well as software applications.

Runs XSS as well as vulnerability tests

Launches dictionary-based brute force attacks

Exports results as well as in plain text, CSV or HTML files

Intrusion detection as well as system evasion with LibWhisker

Integration as well as with Metasploit Framework

SQLMap

SQLMap you’ll detect and test different types of SQL-based vulnerabilities as well as to harden your apps and servers, or to report vulnerabilities to different companies.

Its SQL injection techniques include:

UNION query-based

time-based blind

boolean-based blind

error-based

stacked queries

out-of-band

Main features:

Multiple database server support: Oracle, PostgreSQL, MySQL and MSSQL, MS Access, DB2, or Informix.

Automatic code injection capabilities

Password hash recognition

Dictionary-based password cracking

User enumeration

Get password hashes

View user privileges and databases

Database user privilege escalation

Dump table information

Executes remote SQL SELECTS

Check out the subsequent video to ascertain truth power of SQLMap as well as using the sqlmap out-of-band injection working with Metasploit integration against Microsoft SQL Server:

SQLNinja

SQLNinja is another SQL vulnerability scanner bundled with Kali Linux distribution. This tool is devoted to focus on and exploit web apps that use MS SQL Server because of the backend database server. Written in Perl, SQLNinja is out there in multiple Unix distros as well as where the Perl interpreter is installed, including:

Linux

Mac OS X & iOS

FreeBSD

SQLninja is often run in several sorts of modes such as:

Test mode

Verbose mode

Fingerprint remote as well as database mode

Brute force attack with a glossary

Direct shell as well as a reverse shell

A scanner as well as for outbound ports

Reverse ICMP Shell

DNS tunneled shell

Wapiti may be a free open-source command-line based as well as vulnerability scanner written in Python. While it’s not the foremost popular tool during this field, it does as well as an honest job of finding security flaws in many web applications.