Beruflich Dokumente
Kultur Dokumente
18FreeSecurityToolsforSysAdmins
MENU
Like what you see? Subscribe to our blog feed and never miss a post.
Enter your email address*
Subscribe
9 comments
Here are 18 of the best free security tools for password recovery, password management, penetration testing,
vulnerability scanning, steganography and secure data wiping. This list is intended to supplementthe list
provided on 101 Free Admin Tools. Additionally, other tools that can also be used for security purposes (e.g.
file or disk level encryption) can be found on Top 20 Free Disk Tools for SysAdmins. Even if you may have
heard of some of these tools before, Im confident that youll find a gem or two amongst this list.
01 BackTrack
BackTrack is a free bootable Linux distribution that contains a plethora of open source tools that you can use for
network security and penetration testing. The tools are organized into different categories such as Information
Gathering, Vulnerability Assessment, Exploitation Tools, Privilege Escalation and Maintaining Access,
amongst others.
http://www.gfi.com/blog/18freesecuritytoolsforsysadmins/
1/15
7/18/2015
18FreeSecurityToolsforSysAdmins
When you boot into BackTrack, you are taken to a Linux shell where you will need to enter startx to load the
GUI. When the BackTrack GUI has loaded, click the Install BackTrack shortcut on the desktop to initiate the
BackTrack installation. Once complete, reboot the machine and access the tools from Applications > BackTrack.
Kali Linux
Note: When BackTrack was taken over by a commercial entity, they remained committed to sustaining an
open source security and penetration testing distribution and re-built BackTrack from the ground up into what
is now known as Kali Linux. Kali Linux is another useful addition to your security toolkit and will eventually
render BackTrack redundant. Download it fromhereand try it out for yourself.
When you launch Cain & Abel, start by exploring the Decoders tab and the Cracker tab this is where you can
set Cain & Abel to decode and display passwords for various protocols or applications. You should also check
out the Sniffer tab this is where you can capture usernames and passwords as they travel across the network
between different hosts.
03 Password Safe
Password Safe allows you to create an encrypted database container for listing all your usernames and
passwords, which can only be accessed by means of a master password. The encrypted database container
file can be backed up and transferred between locations for convenience.
http://www.gfi.com/blog/18freesecuritytoolsforsysadmins/
2/15
7/18/2015
18FreeSecurityToolsforSysAdmins
When you load Password Safe for the first time, youll first need to create a new Password Safe Database and
then enter a Safe Combination which will be used to encrypt the database. The Safe Combination will be used
every time you wish to gain access to the list of passwords. Once youve created the database, right click on a
blank area within the main window and choose Create Entry to create a new entry here, youll be able to
store a username, a password and any relevant notes.
Tip: Password Safe contains an in-built Password Generator which you can access from Manage > Generate
Password, or by using CTRL + P.
04 Eraser
Eraser allows you to completely remove data from your hard drive by overwriting each data block several
times using an erasure method of your choice.
To get started, open Eraser, right click anywhere on the blank section of the main window and click New
Task. You will be asked to select when the task should be run, the data you wish to remove and the erasure
method to be used (e.g. US Air Force 5020 (3 passes) or Gutmann (35 passes)).
05 Security Onion
Security Onion is a Linux distribution tailored for use as an IDS (Intrusion Detection System) and NSM (Network
Security Monitoring) toolkit. It contains tools like Snort, ELSA, Xplico, and NetworkMiner and the in-built setup
wizard makes it easy to use.
http://www.gfi.com/blog/18freesecuritytoolsforsysadmins/
3/15
7/18/2015
18FreeSecurityToolsforSysAdmins
When you boot from the Security Onion ISO file, you are given the option to launch the live system or system
installer. If you choose to launch the live system you will be taken to an Ubuntu-based Linux interface with a
series of tools available for you to use. You will also have the ability to launch the Security Onion setup wizard.
When you launch the MetaSploit Community UI, youll first need to create an account and enter a product
licence key (which you can obtain for free when downloading the installation package). You can then get
going immediately by performing a network discovery from the Overview tab.
07 WinDump
WinDump is essentially TcpDump for Windows. TcpDump is a powerful network packet analyser for Linux that
can be used for network debugging and security monitoring. Using WinDump allows you to have the same
functionality as TcpDump in a Windows environment.
WinDump requires WinPcap 3.1 or above to be installed. Once youve installed this, simply execute
windump.exe from a command line to initiate the packet capture process. Unless you wish to perform a live
http://www.gfi.com/blog/18freesecuritytoolsforsysadmins/
4/15
7/18/2015
18FreeSecurityToolsforSysAdmins
analysis, dumping the results to a text file is recommended. To do this, type windump >> c:\folder\textfile.txt
in the command prompt, and replace the text file location with one of your choice.
When you boot from the NST ISO file, you first choose whether you wish to launch the command-line version or
the GUI version. If you choose the command-line version, youll need to run the tools manually by issuing a
series of commands and parameters. If you choose the GUI version, a Linux type environment will load giving
you the option of installing the NST tools to disk or running them directly from the Activities menu.
09 OpenVAS
OpenVAS is an open source Vulnerability Assessment System that offers a selection of tools and services for
vulnerability scanning and vulnerability management. The security scanner feeds off an online database of
over 30,000 network vulnerability tests and is updated regularly.
When you launch the OpenVAS web UI you can launch a quick scan against an IP address or hostname or
create a new task manually from the Scan Management tab. When the scan is complete you can view the
results and download a report detailing the open ports, vulnerabilities found and the information log.
http://www.gfi.com/blog/18freesecuritytoolsforsysadmins/
5/15
7/18/2015
18FreeSecurityToolsforSysAdmins
10 OpenPuff
Steganography is all about hiding in plain sight. Essentially you are hiding data within data. OpenPuff is a
steganography tool with features that include multi-level encryption, pseudo random number generator
based data scrambling, whitening, and encoding which make for a strong steganography algrithm. OpenPuff
also includes the ability to add a decoy password to reveal decoy data (in case you were ever suspected of
receiving a steganography file and asked to reveal the data) as well as the ability to split the hidden data over
multiple files (carriers).
To initiate data hiding, launch OpenPuff and press the Hide button. Follow the four step process to enter a
password, add the secret data, add the carrier files, and choose the level of bit selection to be used. Optionally,
add decoy data and then click Hide Data! to begin.
11 Freeraser
Freeraser is a data shredder tool that permanently deletes data by overwriting the data blocks with random
data multiple times. Freeraser offers three options for data destruction a fast option which uses 1 round, a
forced option which uses 3 rounds and an ultimate option which uses 35 rounds of overwriting with random
data.
When Freeraser is open, a large recycle bin icon will appear on the desktop. To erase files, simply drag them to
the icon. A warning message will pop up stating that the data will be permanently destroyed if you continue.
You can also choose which files to remove by right clicking on the icon and selecting Select File to Destroy.
http://www.gfi.com/blog/18freesecuritytoolsforsysadmins/
6/15
7/18/2015
18FreeSecurityToolsforSysAdmins
12 OpenStego
OpenStego is a basic easy-to-use steganography tool that takes any secret message file as input and embeds
it into a cover file to create a resulting image. You are given the option to compress and encrypt data and
control the algorithm used in the steganography process.
Note: OpenStego is built using Java so you will need to run it on a machine that has Java installed.
The first thing you need to do is select the steganography algorithm to be used and the secret message file
you wish to be hidden. You then select the cover file (the image to be used to conceal the secret message file
within it) and the output filename. Once you are done, click OK to start the obfuscation process.
http://www.gfi.com/blog/18freesecuritytoolsforsysadmins/
7/15
7/18/2015
18FreeSecurityToolsforSysAdmins
When you launch Retina Community, start by setting up your Audit from the Audit section at the top here,
you can choose what credentials to use, which targets to scan, which ports to detect, which audit types to run,
and what information to obtain from each target. Once youve done this hit the Scan button to initiate the
scan and view the results at the bottom of the window.
14 OWASP Mantra
OWASP Mantra is a browser based security framework which includes a selection of integrated and online
tools that can be used for penetration testing and web application testing. There is everything from online
network and information gathering utilities to an integrated SSH client.
When you launch the OWASP Mantra browser you are presented with a Welcome page with a splash screen
similar to the Windows 8 interface. From here you can browse to the Hackery or Gallery pages to discover
the available online tools. On the left hand side of the browser is a selection of icons which launch the
integrated tools.
15 KeePass
KeePass is a light-weight user-friendly password manager that allows you to store username and password
combinations in a highly-encrypted database. Access to the database is secured using a master password or
key file.
http://www.gfi.com/blog/18freesecuritytoolsforsysadmins/
8/15
7/18/2015
18FreeSecurityToolsforSysAdmins
When you first launch KeePass youll need to enter a Master Key which is used to prevent access to the
password database. You can then start to create groups for categorization and password entries for each
group. KeePass also has a search facility in the top menu bar for quick access to a certain password or to help
you find a password entry if you cant remember it this saves you navigating through each group.
16 Nmap
Nmap allows you to perform network discovery and security auditing, including tasks such as network
inventory, managing service upgrade schedules, and monitoring host or service uptime.
Note: The Nmap package comes with Zenmap (a front-end GUI for Nmap), a flexible data transfer, redirection,
and debugging tool (Ncat), a utility for comparing scan results (Ndiff), and a packet generation and response
analysis tool (Nping).
Home
Zenmap can be used to control Nmap from a GUI rather than a command-line. Upon launching Zenmap, enter
the target to be scanned and choose a scan profile before clicking Scan. Results will be displayed
in us
the
About
Nmap Output tab with a further breakdown available in the Ports/Hosts, Topology, Host Details, and Scans
tabs.
Blogroll
17 PuTTY
Categories
PuTTY is a lightweight application that allows someone sitting at a Windows machine to remotely connect to a
Linux server using the SSH, Telnet and Rlogin network protocols. The PuTTY family of tools also consists of
GFI Patch Central
PSCP (an SCP client for secure command-line file copy), PSFTP (an SFTP client), PuTTYtel (a Telnet-only client),
Plink (a command-line interface to the PuTTY back ends), Pageant (an SSH authentication agent) and
PuTTYgen (an RSA and DSA key generation utility).
Microsoft Exchange
Note: On the server side, you will likely have an SSH implementation such as OpenSSH
Security 101
(http://www.openssh.org/) which encrypts all traffic transmitted across the network and is useful for
securing protocols like telnet, rlogin and ftp (which transmit data over the network in plain text).
SMB Zone
Surveys
Tech Zone
http://www.gfi.com/blog/18freesecuritytoolsforsysadmins/
9/15
7/18/2015
18FreeSecurityToolsforSysAdmins
Team GFI
Top posts
Bloggers
Contact
Once you enter the connection details and click Open, a command prompt type window will appear asking
you to login to the specified server. Once you do this, you can issue commands directly to that server.
Simply navigate tohttp://www.random.org/passwords/ and enter the required criteria to get started. If you
want more criteria to be considered when generating a password, try using the Random String Generator at
https://www.random.org/strings/.
Like our posts? Subscribe to our RSS feed or email feed (on the right hand side) now, and be the first
to get them!
http://www.gfi.com/blog/18freesecuritytoolsforsysadmins/
10/15
7/18/2015
18FreeSecurityToolsforSysAdmins
Suggest a Topic
9 Comments
11/15
7/18/2015
18FreeSecurityToolsforSysAdmins
this day, still used by many security professionals. Nevertheless, we have updated the article to mention Kali Linux.
Many thanks again!
Regards,
Andrew.
http://www.gfi.com/blog/18freesecuritytoolsforsysadmins/
12/15
7/18/2015
18FreeSecurityToolsforSysAdmins
Whenareyouplanningonmovingto
Exchange2016?
AtLaunch
36monthsafterlaunch
612monthsafterlaunch
Longerthan12monthsafterlaunch
Never
Vote
http://www.gfi.com/blog/18freesecuritytoolsforsysadmins/
13/15
7/18/2015
18FreeSecurityToolsforSysAdmins
ViewResults Polldaddy.com
FIND US ON FACEBOOK
GFISoftware
51,570likes
LikePage
Share
Bethefirstofyourfriendstolikethis
FOLLOW US ON TWITTER
Privacy policy |
http://www.gfi.com/blog/18freesecuritytoolsforsysadmins/
Copyright
Terms of use
Contact
14/15
7/18/2015
http://www.gfi.com/blog/18freesecuritytoolsforsysadmins/
18FreeSecurityToolsforSysAdmins
15/15