There is a lot of information security work that happens primarily in the brain, outthinking your opponent and designing conceptually safe and reliable systems. In fact, you might argue that a cybersecurity pro’s most valuable tools are in his head: confidence, intellect, knowledge.
But there is a lot of action where the electrons hit the circuits, too, plenty of times when your mind is only as good as the software it’s using to execute the ideas you have. In those moments, your ability to understand and use the tools of the trade will show whether you’re a force to be reckoned with or just another kid fiddling around with a firewall.
For professionals working in information security, many of the best tools are the same ones the hackers are using. To understand the holes in your system, you have to be able to see it in the same way that your potential adversaries can see it. And that means looking through the same analytical lenses at your networks and systems.
Those tools are also constantly evolving. Even though the names remain the same, the ways they operate often change radically as new defenses or mechanisms for attacking those defenses come into play. So staying current on the top tools in the cybersecurity industry is a never-ending challenge.
Some tools are highly specialized, or even custom-made, and you might find yourself working primarily with a single software package that is optimized for your role. But rolling your own is a laborious process and there are plenty of off-the-shelf products that can be extremely effective… if you know how to use them.
The good news is that many of the best tools are free—both as in speech and as in beer. Open source, freely-distributed security tools have always been among the most important in the industry because their collaborative development both outpaces private sector efforts and because the ability to view and understand how the code operates prevents any nefarious purposes from being baked in.
And, since most hackers are not exactly made of money, the free tools are most often what they are using, too.
Here are the top ten general tools used by cybersecurity pros, and the guys they go up against.
The tool that turned hacking into a commodity when it was released in 2003, the Metasploit Framework made cracking known vulnerabilities as easy as point and click. Although sold as (and used by white hats) as a penetration testing tool, Metasploit’s free version is still where most neophyte hackers cut their teeth. With downloadable modules allowing any combination of exploit and executable payload, all freely available, hackers have instant access to any system showing one of nearly 2000 cataloged vulnerabilities. Sophisticated anti-forensic and stealth tools make the package complete.
2 – Nmap
Nmap, or Network Mapper, is 20 years old, but remains one of the most flexible, powerful, and useful tools in the network security analysts toolkit. Nmap can bounce TCP and UDP packets around your network like a pinball wizard, identifying hosts, scanning for open ports, and slicing open misconfigured firewalls to show you what devices are open for business on your network… whether you put them there or someone else did. Nmap has been around so long that it has collected a constellation of helper tools such as the Zenmap GUI, Ncat debugging tool, and Nping packet generator.
3 – OpenSSH
OpenSSH is a suite of low-level tools that rights many of the wrongs built into the original network-level utilities in most Internet operating systems. Created as an integral part of the bulletproof OpenBSD UNIX implementation, OpenSSH was useful enough and solid enough that it was quickly adopted by other UNIX forks and made available as portable packages for other operating systems. The encryption and tunneling capabilities of the OpenSSH utilities are taken for granted by most users, but security professionals need to know how to build secure systems on top of reliable OpenSSH tools.
4 – Wireshark
Wireshark is the de facto standard in network protocol analysis tools. It allows deep inspection and analysis of packets from hundreds of different protocols, from the ubiquitous TCP to the exotic CSLIP. With built-in decryption support for many encrypted protocols and powerful filtering and display capabilities, Wireshark can help you dive deep in current activity on your network and expose nefariously crafted attacks in real time.
5 – Nessus
Nessus is the world’s most popular vulnerability scanner, a battle-scarred champion that has held that throne for decades even as new challengers have crowded the arena in recent years. Automated compliance scans can handle everything from password auditing to patch-level compliance across your network, with reports that immediately draw attention to open vulnerabilities. Nessus can integrate with Nmap to take advantage of advanced port-scanning capabilities and with other management tools to form an integral part of your network security system.
6 – Aircrack-ng
Aircrack is your go-to tool for wifi hacking—still one of the most vulnerable aspects of most commercial networks. Weak wireless encryption protocols are easily shattered by Aircrack’s WEP and WPA attacks. Sophisticated deauthentication and fake access point attacks allow you to probe your security aggressively. Packet sniffing capabilities allow you to simply snoop and keep an eye on traffic even without making overt attacks. No wireless network security staff should be without a copy of Aircrack-ng.
7 – Snort
Snort provides network intrusion detection that performs real-time traffic analysis and packet logging on your network. Using rulesets that are updated daily, Snort matches patterns against known attack signatures and alerts you to potential assaults. The system can be configured to trigger even on less openly nefarious activity, such as Nmap stealth port scans or operating system fingerprinting attempts.
8 – John the Ripper
John the Ripper is a fast password cracker with a lot of features that make it a breeze for slashing through your password files. It auto detects hash types to take the guesswork out of the attack and supports several popular encryption formats including DES, MD5, and Blowfish. It hits Unix, Kerberos, and Windows LanManager passwords equally hard using either dictionary or brute force attacks. If you haven’t checked your password hashes against John yet, you can be sure that some hacker out there will do it for you soon.
9 – Google
If this one seems a little trite to you, think again. Sure, Google is everybody’s go-to when it’s time to research a virus or turn up that RFP you’re looking for. Your job would be a nightmare without it. But Google is also sitting on top of one of the biggest near-real-time vulnerability databases of all time, including potential holes in your servers. Google-hacking uses search tools to explore the Google index for misconfigured Web services or illicit documents that have leaked outside your firewall. Configure your search string properly, and you have instant access to lists of open web shares at your IP address, misconfigured password pages, exposed internal file shares you never dreamed were unprotected. Sure, you have all the same information internally—but when you look at it through Google, you’re seeing it through the eyes of your adversary. You might be surprised what it shows.
10 – L0phtCrack
Something you’ll notice in the technology business is that eventually everything old becomes new again. Timesharing minicomputers are reincarnated as client-server architecture, non-relational databases are reborn as NoSQL, and the venerable L0phtCrack, one of the first effective password crackers, is reincarnated in modern form. Originally emerging from the fabled L0pht Heavy Industries hacking collective in the 1990s, the tool was abandoned after a series of mergers left it in Symantec’s hands. But in 2009, original authors and legends of cybersecurity Mudge, Weld Pond, and DilDog re-acquired the IP and revamped the old girl. With multi-core and multi-GPU support, 64-bit architecture, and advanced rainbow table precomputed hash capabilities, L0phtCrack can once again take on jobs John the Ripper can’t hack.