Who doesn’t love free software?
Infosec professionals are fortunate to have many good free tools for a range of tasks. The following list of two dozen tools include everything from password crackers to vulnerability management systems to networks analyzers. Whatever your security role is, you’ll find something useful here.
Maltego
Paterva develops this forensics and open-source intelligence app, designed to deliver a clear threat picture for the user’s environment. It will demonstrate the complexity and severity of single points of failure as well as trust relationships that exist within the scope of one’s infrastructure. It pulls in information posted all over the Internet, whether it’s the current configuration of a router on the edge of the company network or the current whereabouts of your company’s vice president. The commercial license does have a price tag, but the community edition is free with some restrictions.
OWASP Zed Attack Proxy (ZAP)
The Zed Attack Proxy (ZAP) is a user-friendly penetration testing tool that finds vulnerabilities in web apps. It provides automated scanners and a set of tools for those who wish to find vulnerabilities manually. It’s designed to be used by practitioners with a wide range of security experience, and is ideal for functional testers who are new to pen testing, or for developers: There’s even an official ZAP plugin for the Jenkins continuous integration and delivery application.
