There are 1000’s of cybersecurity tools available for professional use, most of which require training and experience/mentorship before they can be successfully applied. Here we provide a reference to tools we recommend for those seeking to learn about the tools without spending years in the security community. Be careful when experimenting with these, you can damage your systems by applying these incorrectly, and could also use these to do unethical or even illegal things if you apply them with malicious intent. That said, they are great for good guys like our readers to use to learn more about cyber security. Here is our list of favorites:
- OWASP ZAP – The Firefox of web security tools. Zed Attack Proxy (ZAP) is an easy to use integrated penetration testing tool for finding vulnerabilities in web applications. It ise designed to be used by people with a wide range of security experience and as such is ideal for people new to cybersecurity who want to learn more.
- Maltego – Developed by Paterva, it is an open source intelligence and forensics application that pulls together information designed to inform users with actionable intelligence.
- Samurai Web Testing Framework – A live Linux environment that has been pre-configured to function as a web pen-testing environment.
- Backtrack – Linux based pen-testing toolbox
- Cain & Abel – A password recovery tool for Microsoft operating systems
- NMap – Open source network exploration and security auditing
- WireShark – Network protocol analyzer to capture and interactively browse traffic.
- MetaSploit – Advanced open source platform for developing and using exploit code.