10 Open Source Security Tools You Should Know
Open source tools can be the basis for solid security and intense learning. Here are 10 you should know about for your IT security toolkit.
June 5, 2018
![](https://eu-images.contentstack.com/v3/assets/blt6d90778a997de1cd/bltada07b2d00ba42f3/64f0d72407b8494ae2d867dc/Image_1.jpg?width=700&auto=webp&quality=80&disable=upscale)
(Image: Anemone123)
Nessus: Visibility
In many ways, security starts with understanding the situation. For a couple of generations of IT security professionals, understanding their networks' vulnerabilities starts with Nessus from Tenable. According to sectools.org, Nessus is the most popular vulnerability scanner and third most popular security program currently in use.
Nessus comes in both free and commercial versions. The current version, Nessus 7.1.0, is a commercial program, though it is free for personal home use. Version 2, which was current as of 2005, is still open source and free.
Tenable has maintained Version 2, though in the best tradition of open source software, it has forked and developed in several different directions. Nessus knowledge remains a valuable career skill.
(Image: Tenable)
Snort: Visibility
Just as thousands of IT security professionals first learned about vulnerability scanning from Nessus, Snort has been the starting point of knowledge about intrusion detection systems (IDS) for more than a generation of security pros.
Part of Snort's value is that it can be configured in three separate modes: as a network sniffer, packet logger, or full IDS. As such, it can be the core of an automated security system or a component that sits alongside an array of commercial products.
Now owned by Cisco, Snort continues to evolve and be developed by an active community. Community-developed IDS rules are available, as are rules licensed on a commercial basis. It's difficult to have a real conversation about open source security software without bringing Snort into the discussion — it's that much a part of the industry and market.
(Image: Cisco)
Nagios: Visibility
Nagios monitors the network: Infrastructure, traffic, and attached servers all fall within the reach of its basic or extended capabilities. As with many other open source packages, Nagios is available in both free and commercial versions.
Nagios Core is the heart of the open source project, based on the free, open source version. Individual products can be monitored, and individual tasks can be performed, by plug-ins; there are roughly 50 "official" plug-ins developed by Nagios and more than 3,000 plug-ins contributed by the community.
Nagios's user interface can be modified through a front end for the desktop, web, or mobile platform, and configuration can be managed through one of the available config tools.
(Image: Nagios)
Ettercap: Testing
If you need to test your enterprise network for resistance to man-in-the-middle attacks (MITM), then Ettercap is the tool for you. This program has been doing one thing – launching MITM attacks – since its initial release in 2001.
Ettercap has four basic modes of attack: IP-based, MAC-based, and two ARP-based strategies. You can decide which type of vulnerabilities to explore and look for how your environment responds to each.
In the process of scanning for a testing attack, Ettercap can provide a great deal of information about the network and its devices. As part of an overall security toolkit, Ettercap provides strong capabilities for MITM attacks and solid augmentation for analysis and visibility functions.
(Image: The Ettercap Project)
Infection Monkey: Testing
Infection Monkey is a rather comprehensive testing tool designed to show you what can happen inside your network if an attacker is successful in breaching the perimeter. Developed and supported by GuardiCore, Infection Monkey is free and fully functioned.
The user interface is among Infection Monkey's notable features. While some open source security projects provide minimalist UIs or depend on plug-ins or skins for a GUI, Infection Monkey has a GUI that is on par with many commercial software tools.
Source code for Infection Monkey is available on GitHub, with an active developer community around the project. Other tools are critical for probing your defenses for breach vulnerabilities; Infection Monkey can show you why you should strengthen your entire infrastructure.
(Image: Guardicore)
Delta: Testing
Many options exist for testing security on traditional networks. However, testing specific security issues that can accrue to software-defined networks (SDNs) is a still-developing field – and that's why Delta is important.
A project of the Open Networking Foundation (ONF), Delta looks for potential issues in an SDN and then probes the issues to help determine how exploitable they are. With a built-in fuzzing capability, Delta is designed to probe for the existence of both known and unknown network vulnerabilities.
Built on the foundation of previous ONF projects Florence and Poseidon, Delta's code and executables are available on GitHub and are still undergoing rapid development.
(Image: ONF VIA GitHub)
Cuckoo Sandbox: Forensics
There are many ways to figure out whether a file is malicious, but many of them carry some level of risk. Cuckoo Sandbox is an open source framework for safely testing a file to find out what it is — and what it will really do if launched in your environment.
With source code available on GitHub, Cuckoo Sandbox analyzes both files and websites under a variety of different operating systems. It performs analysis of APIs and network traffic, and will do complete memory dumps to allow for a detailed analysis of where the software being tested is putting bits and pieces of itself — and whether it is trying to expand beyond its allowable boundaries.
(Image: Cuckoo Sandbox)
The Sleuth Kit: Forensics
Figuring out what has happened in an attack can be a crucial step in preventing future intrusions. The Sleuth Kit is a collection of CLI-based tools and libraries that allow an investigator to dig into the contents of hard drives formatted in a wide variety of formats and conditions.
The Sleuth Kit is the basis for Autopsy, a GUI front end that makes analysis faster and easier for most users. Both are under active development and have large, vibrant user communities contributing to new features and functions.
(Image: Sleuthkit.org)
Lynis: Compliance
Lynis is a tool that makes lists — lists of the applications and utilities it finds on Unix-based systems, lists of the versions of those systems, and lists of the vulnerabilities it finds in either the code or the configurations of each one.
With source code available on GitHub, Lynis has an active development community, with primary support coming from its creator, Cisofy. One of the special capabilities of Lynis is that, because of its Unix foundation, it is able to perform scanning and evaluation of popular IoT development boards, including the Raspberry Pi.
(Image: Cisofy)
Certbot: Compliance
Encryption is critical for many security standards, including everyone's new favorite, GDPR. Implementing encryption can be complicated and costly, but the EFF has tried to make it less of both with tools like Certbot, an open source automatic client that fetches and deploys SSL/TLS certificates for your web server.
Certbot began as a front end for Let's Encrypt, but it has grown to be a client for any CA that supports the ACME protocol.
The Certbot project is part of the EFF's effort to "Encrypt the Internet," a goal that has been embraced by many privacy advocates and government regulators. Keeping your employees, partners, and customers safe is both a worthwhile goal and a legal responsibility; the open source tools discussed in this article can be helpful in making steps in that direction.
(Image: EFF)
Certbot: Compliance
Encryption is critical for many security standards, including everyone's new favorite, GDPR. Implementing encryption can be complicated and costly, but the EFF has tried to make it less of both with tools like Certbot, an open source automatic client that fetches and deploys SSL/TLS certificates for your web server.
Certbot began as a front end for Let's Encrypt, but it has grown to be a client for any CA that supports the ACME protocol.
The Certbot project is part of the EFF's effort to "Encrypt the Internet," a goal that has been embraced by many privacy advocates and government regulators. Keeping your employees, partners, and customers safe is both a worthwhile goal and a legal responsibility; the open source tools discussed in this article can be helpful in making steps in that direction.
(Image: EFF)
(Image: Anemone123)
About the Author(s)
You May Also Like
CISO Perspectives: How to make AI an Accelerator, Not a Blocker
August 20, 2024Securing Your Cloud Assets
August 27, 2024