Cybersecurity tools encompass an incredible range of applications and OS environments that individual cybersecurity professionals may need for their roles.
These tools aren’t the same as enterprise-wide solutions, like SIEM products, where a single product is used throughout the organization at all times.
A cybersecurity tool is used by a single person, typically in conjunction with many other tools, to find vulnerabilities in the organization’s systems, networks and applications. Without these tools, many vulnerabilities would go undetected, and more cyber attacks from security threats would succeed.
The variety of cybersecurity tools enables cybersecurity professionals to find tools that they’re comfortable using and that work for the particular resources they’re targeting. Choice is key. Different tools work well for different people — someone who’s less experienced may need a tool that needs minimal configuration, while someone who’s more experienced may want a tool that offers extensive customization capabilities so they can detect more nuanced vulnerabilities.
Caution: Don’t download or use cybersecurity tools at work without ensuring you have permission to do so. And, of course, never use these tools against others’ systems or networks without getting their permission.
Cybersecurity tool categories
For 2021, the most commonly used categories of cybersecurity tools for finding vulnerabilities will include the following:
- Security-centric Linux distributions. Before you can install tool applications, you need an OS to run them on. These Linux distributions are intended to provide an environment for cybersecurity tool usage, so they’re perfect as a starting point for vulnerability scanning, penetration testing and other tasks. They usually have many other cybersecurity tools installed already, which can save you a lot of time.
- Network traffic visibility. There are several types of tools that give you some degree of visibility into network traffic. Examples include packet sniffers, which capture packets they observe; traffic analyzers, which explain the meaning of the fields in captured packets; and proxies, which have man-in-the-middle (MitM) access to certain network traffic so they can monitor and, in some cases, alter it.
- Vulnerability scanners. This category includes tools with a wide range of capabilities, from finding hosts on a network and determining which network ports are open, to finding specific software flaws and misconfigurations in OSes, applications and firmware. Quite a few vulnerability scanning tools focus solely on web server or web application vulnerabilities. Some vulnerability scanners not only can find vulnerabilities, but they can also issue exploits to take advantage of the vulnerabilities.
- Exploitation tools. The tools in this category can issue cyber attacks, so they’re used mainly for penetration testing purposes. Every tool has its own combination of attacks. Some tools can also be used for other reasons, like testing application security in a nonproduction environment.
Highlighted open source tools
There are countless commercial and open source cybersecurity tools available, with more released every day. The list below highlights several open source tools that are essential for finding vulnerabilities in 2021. The biggest advantage of open source tools, besides being free software, is that you and others in the community can review the source code to ensure each tool is legitimate and is only doing what it’s supposed to be. Some of the highlighted tools have been around for decades, while others are relatively new. Each has proven to be highly useful and valuable in its own way, and they can all be used together.
1. Kali Linux
- Category: Security-centric Linux distribution
- Features: Kali Linux’s OS is tightly secured, with network services and other common services disabled by default, to minimize its visibility and attack surface. It has over 600 cybersecurity tools included.
- Use case: Kali Linux is designed for people who are experienced Linux users and administrators and who need a separate environment for performing penetration testing. It can run on many types of hardware platforms, as well as virtual environments, containers and public clouds.
- Category: Network traffic visibility
- Features: Wireshark can capture network traffic and analyze that traffic in depth to try to understand it. It can also analyze network traffic captures from other tools. Wireshark has built-in knowledge of hundreds of network and application protocols.
- Use case: Wireshark, formerly known as Ethereal, is a foundational utility that is useful for anyone, from novices wanting to learn the basics of network communications, to experts needing rapid identification of protocols unknown to them and detailed information about the communications they carry.
3. Open Vulnerability Assessment Scanner (OpenVAS)
- Category: Vulnerability scanner
- Features: OpenVAS is a vulnerability scanner that includes over 50,000 vulnerability checks and enables its users to create their own custom checks. What’s most noteworthy about OpenVAS is that it can look for vulnerabilities not just in the standard IT software and services, but in lower-level operational technology (OT), like industrial control systems.
- Use case: OpenVAS can identify a huge range of vulnerabilities on IT and OT systems and networks. New vulnerability checks are made available every day, so it can find the latest problems, as well as older issues.
4. Zed Attack Proxy (ZAP)
- Category: Network traffic visibility, vulnerability scanner
- Features: ZAP is a web application vulnerability scanner. It acts as a MitM proxy between your web browser and a web application. That gives it full visibility into the web application’s communication, so it can scan and analyze those communications for potential vulnerabilities.
- Use case: ZAP is most often used to check your organization’s own web applications for exploitable software flaws as part of vulnerability scanning, software testing or penetration testing.
- Category: Penetration testing tool
- Features: sqlmap is a penetration testing tool that specifically targets database servers. It can exploit vulnerabilities not just through SQL injection attacks, but through many other forms of attack. For example, it can crack passwords, escalate privileges and copy database tables.
- Use case: Usually, sqlmap is used for penetration testing only. Because it can provide administrator-level access to databases, it may be better used on database servers in a staging or other nonproduction environment so as to avoid exposing sensitive data.
This was last published in January 2021
Dig Deeper on Security automation systems, tools and tactics