18 free security tools for sysadmins.pdf

7/18/2015 18FreeSecurityToolsforSysAdmins

http://www.gfi.com/blog/18freesecuritytoolsforsysadmins/ 1/15

Like what you see? Subscribe to our blog feed and never miss a post.

Enter your email address*

Subscribe

MENU

(3 votes, average: 5.00 out of 5) 9 comments

18 Free Security Tools for SysAdmins

Here are 18 of the best free security tools for password recovery, password management, penetration testing,vulnerability scanning, steganography and secure data wiping. This list is intended to supplementthe listprovided on 101 Free Admin Tools. Additionally, other tools that can also be used for security purposes (e.g.file or disk level encryption) can be found on Top 20 Free Disk Tools for SysAdmins. Even if you may haveheard of some of these tools before, Im confident that youll find a gem or two amongst this list.

01 BackTrack

BackTrack is a free bootable Linux distribution that contains a plethora of open source tools that you can use fornetwork security and penetration testing. The tools are organized into different categories such as InformationGathering, Vulnerability Assessment, Exploitation Tools, Privilege Escalation and Maintaining Access,amongst others.



When you boot into BackTrack, you are taken to a Linux shell where you will need to enter startx to load theGUI. When the BackTrack GUI has loaded, click the Install BackTrack shortcut on the desktop to initiate theBackTrack installation. Once complete, reboot the machine and access the tools from Applications > BackTrack.

Kali Linux

Note: When BackTrack was taken over by a commercial entity, they remained committed to sustaining anopen source security and penetration testing distribution and re-built BackTrack from the ground up into whatis now known as Kali Linux. Kali Linux is another useful addition to your security toolkit and will eventuallyrender BackTrack redundant. Download it fromhereand try it out for yourself.

02 Cain & Abel

Cain & Abel allows you to recover passwords by sniffing the network, cracking encrypted passwords,recording VoIP conversations, decoding scrambled passwords, and revealing password boxes, amongst others.It also contains an Access Database password decoder, RDP password decoder, VNC password decoder andHash Calculator.

When you launch Cain & Abel, start by exploring the Decoders tab and the Cracker tab this is where you canset Cain & Abel to decode and display passwords for various protocols or applications. You should also checkout the Sniffer tab this is where you can capture usernames and passwords as they travel across the networkbetween different hosts.

03 Password Safe

Password Safe allows you to create an encrypted database container for listing all your usernames andpasswords, which can only be accessed by means of a master password. The encrypted database containerfile can be backed up and transferred between locations for convenience.



When you load Password Safe for the first time, youll first need to create a new Password Safe Database andthen enter a Safe Combination which will be used to encrypt the database. The Safe Combination will be usedevery time you wish to gain access to the list of passwords. Once youve created the database, right click on ablank area within the main window and choose Create Entry to create a new entry here, youll be able tostore a username, a password and any relevant notes.

Tip: Password Safe contains an in-built Password Generator which you can access from Manage > GeneratePassword, or by using CTRL + P.

04 Eraser

Eraser allows you to completely remove data from your hard drive by overwriting each data block severaltimes using an erasure method of your choice.

To get started, open Eraser, right click anywhere on the blank section of the main window and click NewTask. You will be asked to select when the task should be run, the data you wish to remove and the erasuremethod to be used (e.g. US Air Force 5020 (3 passes) or Gutmann (35 passes)).

05 Security Onion

Security Onion is a Linux distribution tailored for use as an IDS (Intrusion Detection System) and NSM (NetworkSecurity Monitoring) toolkit. It contains tools like Snort, ELSA, Xplico, and NetworkMiner and the in-built setupwizard makes it easy to use.



When you boot from the Security Onion ISO file, you are given the option to launch the live system or systeminstaller. If you choose to launch the live system you will be taken to an Ubuntu-based Linux interface with aseries of tools available for you to use. You will also have the ability to launch the Security Onion setup wizard.

06 Rapid7 MetaSploit Community Edition

Metasploit Community Edition allows you to simulate attacks on your network to uncover security issues.Features include the ability to discover network assets, conduct basic penetration tests and exploit individualvulnerabilities.

Tip: Rapid7s Nexpose Vulnerability Scanner (Community Edition) integrates with MetaSploit CommunityEdition to offer increased functionality.

Note: MetaSploit also comes in a Framework edition which is the original open source platform for manualexploitation and brute forcing via a command line interface.

When you launch the MetaSploit Community UI, youll first need to create an account and enter a productlicence key (which you can obtain for free when downloading the installation package). You can then getgoing immediately by performing a network discovery from the Overview tab.

07 WinDump

WinDump is essentially TcpDump for Windows. TcpDump is a powerful network packet analyser for Linux thatcan be used for network debugging and security monitoring. Using WinDump allows you to have the samefunctionality as TcpDump in a Windows environment.

WinDump requires WinPcap 3.1 or above to be installed. Once youve installed this, simply executewindump.exe from a command line to initiate the packet capture process. Unless you wish to perform a live



analysis, dumping the results to a text file is recommended. To do this, type windump >> c:\folder\textfile.txtin the command prompt, and replace the text file location with one of your choice.

08 Network Security Toolkit (NST)

Network Security Toolkit (NST) is a bootable live CD containing a wealth of open source network security toolsthat can be used by security professionals for network security analysis, validation, testing and monitoring.

When you boot from the NST ISO file, you first choose whether you wish to launch the command-line version orthe GUI version. If you choose the command-line version, youll need to run the tools manually by issuing aseries of commands and parameters. If you choose the GUI version, a Linux type environment will load givingyou the option of installing the NST tools to disk or running them directly from the Activities menu.

09 OpenVAS

OpenVAS is an open source Vulnerability Assessment System that offers a selection of tools and services forvulnerability scanning and vulnerability management. The security scanner feeds off an online database ofover 30,000 network vulnerability tests and is updated regularly.

When you launch the OpenVAS web UI you can launch a quick scan against an IP address or hostname orcreate a new task manually from the Scan Management tab. When the scan is complete you can view theresults and download a report detailing the open ports, vulnerabilities found and the information log.



10 OpenPuff

Steganography is all about hiding in plain sight. Essentially you are hiding data within data. OpenPuff is asteganography tool with features that include multi-level encryption, pseudo random number generatorbased data scrambling, whitening, and encoding which make for a strong steganography algrithm. OpenPuffalso includes the ability to add a decoy password to reveal decoy data (in case you were ever suspected ofreceiving a steganography file and asked to reveal the data) as well as the ability to split the hidden data overmultiple files (carriers).

To initiate data hiding, launch OpenPuff and press the Hide button. Follow the four step process to enter apassword, add the secret data, add the carrier files, and choose the level of bit selection to be used. Optionally,add decoy data and then click Hide Data! to begin.

11 Freeraser

Freeraser is a data shredder tool that permanently deletes data by overwriting the data blocks with randomdata multiple times. Freeraser offers three options for data destruction a fast option which uses 1 round, aforced option which uses 3 rounds and an ultimate option which uses 35 rounds of overwriting with randomdata.

When Freeraser is open, a large recycle bin icon will appear on the desktop. To erase files, simply drag them tothe icon. A warning message will pop up stating that the data will be permanently destroyed if you continue.You can also choose which files to remove by right clicking on the icon and selecting Select File to Destroy.



12 OpenStego

OpenStego is a basic easy-to-use steganography tool that takes any secret message file as input and embedsit into a cover file to create a resulting image. You are given the option to compress and encrypt data andcontrol the algorithm used in the steganography process.

Note: OpenStego is built using Java so you will need to run it on a machine that has Java installed.

The first thing you need to do is select the steganography algorithm to be used and the secret message fileyou wish to be hidden. You then select the cover file (the image to be used to conceal the secret message filewithin it) and the output filename. Once you are done, click OK to start the obfuscation process.

13 Retina Network Community

Retina Network Community is a free vulnerability scanner for up to 256 IPs that offers powerful vulnerabilityassessment across operating systems, applications, devices and virtual environments within your network usinga comprehensive vulnerability database that is updated regularly.



When you launch Retina Community, start by setting up your Audit from the Audit section at the top here,you can choose what credentials to use, which targets to scan, which ports to detect, which audit types to run,and what information to obtain from each target. Once youve done this hit the Scan button to initiate thescan and view the results at the bottom of the window.

14 OWASP Mantra

OWASP Mantra is a browser based security framework which includes a selection of integrated and onlinetools that can be used for penetration testing and web application testing. There is everything from onlinenetwork and information gathering utilities to an integrated SSH client.

When you launch the OWASP Mantra browser you are presented with a Welcome page with a splash screensimilar to the Windows 8 interface. From here you can browse to the Hackery or Gallery pages to discoverthe available online tools. On the left hand side of the browser is a selection of icons which launch theintegrated tools.

15 KeePass

KeePass is a light-weight user-friendly password manager that allows you to store username and passwordcombinations in a highly-encrypted database. Access to the database is secured using a master password orkey file.



When you first launch KeePass youll need to enter a Master Key which is used to prevent access to thepassword database. You can then start to create groups for categorization and password entries for eachgroup. KeePass also has a search facility in the top menu bar for quick access to a certain password or to helpyou find a password entry if you cant remember it this saves you navigating through each group.

16 Nmap

Nmap allows you to perform network discovery and security auditing, including tasks such as networkinventory, managing service upgrade schedules, and monitoring host or service uptime.

Note: The Nmap package comes with Zenmap (a front-end GUI for Nmap), a flexible data transfer, redirection,and debugging tool (Ncat), a utility for comparing scan results (Ndiff), and a packet generation and responseanalysis tool (Nping).

Zenmap can be used to control Nmap from a GUI rather than a command-line. Upon launching Zenmap, enterthe target to be scanned and choose a scan profile before clicking Scan. Results will be displayed in theNmap Output tab with a further breakdown available in the Ports/Hosts, Topology, Host Details, and Scanstabs.

17 PuTTY

PuTTY is a lightweight application that allows someone sitting at a Windows machine to remotely connect to aLinux server using the SSH, Telnet and Rlogin network protocols. The PuTTY family of tools also consists ofPSCP (an SCP client for secure command-line file copy), PSFTP (an SFTP client), PuTTYtel (a Telnet-only client),Plink (a command-line interface to the PuTTY back ends), Pageant (an SSH authentication agent) andPuTTYgen (an RSA and DSA key generation utility).

Note: On the server side, you will likely have an SSH implementation such as OpenSSH(http://www.openssh.org/) which encrypts all traffic transmitted across the network and is useful forsecuring protocols like telnet, rlogin and ftp (which transmit data over the network in plain text).

Home

About us

Blogroll

Categories

GFI Patch Central

Microsoft Exchange

Security 101

SMB Zone

Surveys

Tech Zone



Once you enter the connection details and click Open, a command prompt type window will appear askingyou to login to the specified server. Once you do this, you can issue commands directly to that server.

18 RANDOM.ORG Random Password Generator

The Random Password Generator from random.org does just that it generates random passwords for youbased on a set of criteria you provide. Unlike some websites, the generated passwords are delivered to youover an SSL connection for added security (last thing you want is a rogue on your network capturing packetsand discovering all your newly generated passwords!).

Simply navigate tohttp://www.random.org/passwords/ and enter the required criteria to get started. If youwant more criteria to be considered when generating a password, try using the Random String Generator athttps://www.random.org/strings/.

Like our posts? Subscribe to our RSS feed or email feed (on the right hand side) now, and be the firstto get them!

Team GFI

Top posts

Bloggers

Contact



9 Comments

About the Author: Andrew Tabona

Andrew has over 10 years experience in Quality Assurance, Incident Management, and Pre- and Post-SalesTechnical Support roles, as well as recent specialization in Digital Forensics and E-Discovery. He hascontributed to several blogs and worked on various technical writing projects for multiple organizations, aswell as being invited to be a regular guest lecturer and speaker at a top UK university.

More Posts from Andrew Suggest a Topic

Russ McRee October 3, 2013 at 7:45 am

Why list BackTrack as #1 when its last release was more than a year ago and its been replaced with Kali, per Offensive

Security: http://www.kali.org/news/kali-linux-whats-new/?

Andrew Zammit Tabona October 3, 2013 at 5:39 pm

Hi Russ,

The list is in no particular order. I just randomly organized the tools so there would be a good distribution of different

categories as you scrolled through the list.

Good shout on pointing out Kali! The reason I mention BackTrack is because it is tried and trusted in the industry and, to



this day, still used by many security professionals. Nevertheless, we have updated the article to mention Kali Linux.

Many thanks again!

Regards,

Andrew.

Russ McRee October 4, 2013 at 8:37 pm

Nice, thanks for updating.

Great tool list compilations btw, the network tools group is really solid toohttp://www.gfi.com/blog/the-top-20-

free-network-monitoring-and-analysis-tools-for-sys-admins/

Aram October 5, 2013 at 5:49 am

please advise a tool similar to eraser for Linux.

Andrew Zammit Tabona October 7, 2013 at 7:30 pm

Russ McRee Thanks for the feedback! Glad you like the lists.

Aram If youre looking for secure file/folder deletion tools in Linux, I would suggest having a look at srm, wipe or

shred.

Cesar October 8, 2013 at 8:40 pm

Hi, Please advise a tool for encryption specific directories or files on Windows?



Comments are closed.

Andrew Zammit Tabona October 9, 2013 at 9:16 am

Cesar I recommend you have a look at my article here: http://www.gfi.com/blog/the-top-20-free-file-management-

tools-for-sys-admins/

Aditya January 6, 2014 at 4:57 am

Hi andrew

I wanna knw dat wht opinion do u suggest for OS developed by

anonymous

Andrew Zammit Tabona January 17, 2014 at 8:59 pm

Aditya If you are referring to the Anonymous-OS Linux distro based on Ubuntu that was released in March 2012, my

opinion is that you should stay clear of it as there was strong suspicion that it was riddled with trojans. The Anonymous

Group themselves have even reported that it was a fake and not actually released by them.

Vote

WhenareyouplanningonmovingtoExchange2016?

AtLaunch

36monthsafterlaunch

612monthsafterlaunch

Longerthan12monthsafterlaunch

Never



FIND US ON FACEBOOK

FOLLOW US ON TWITTER

ViewResults Polldaddy.com

Bethefirstofyourfriendstolikethis

GFISoftware51,570likes

LikePage Share

#SysAdmins: Here are 5 free rescue discs to add to your toolkit ow.ly/PKsyb

GFI Software @GFISoftware

Show Summary

Is @Cringely right regarding what is causing the US computer industry to be in the dire straits?Read our commentary ow.ly/PKrKr

GFI Software @GFISoftware

Show Summary

#Windows10 is coming July 29: Here are 10 GFI Software @GFISoftware

1h

2h

5h

2015 GFI Software

Privacy policy | Copyright | Terms of use | Contact

18 free security tools for sysadmins.pdf

Documents

free disk tools

password recovery

password management

password boxes

master password

best free security tools

comments18 free security

exploitation tools