Cyber Security Tools

Benchmarks / Hardening Policies

• CIS (Center for Internet Security) :Proven guidelines will enable you to safeguard operating systems, software and networks that are most vulnerable to cyber attacks. They are continuously verified by a volunteer IT community to combat evolving cybersecurity challenges.

Security/Malware/Vulnerabilities Scanning

Packets Capturing and Analysing Tools

• Tcpdump – Packet sniffers
• Wireshark – Wireshark (known as Ethereal until a trademark dispute in Summer 2006) is a fantastic open source multi-platform network protocol analyzer. It allows you to examine data from a live network or from a capture file on disk. You can interactively browse the capture data, delving down into just the level of packet detail you need. Wireshark has several powerful features, including a rich display filter language and the ability to view the reconstructed stream of a TCP session. It also supports hundreds of protocols and media types. A tcpdump-like console version named tshark is included. One word of caution is that Wireshark has suffered from dozens of remotely exploitable security holes, so stay up-to-date and be wary of running it on untrusted or hostile networks (such as security conferences).
• CloudShark works entirely in your web browser. No additional utilities, plugins, or downloads.
• Friddle
• Firebug
• httpwatch

TCP/UDP Tools

• TCPView is a Windows program that will show you detailed listings of all TCP and UDP endpoints on your system, including the local and remote addresses and state of TCP connections. 
• The Process Explorer display details your computer’s running processes in a more visual representation than the standard Windows Task Manager. 
• RINETD – Redirects TCP connections from one IP address and port to another. 

Integrity Check

• Tripwire – It was a simple tool to check file and folder integrity. Now Tripwire provide a whole set solution to discovers every asset on an organization’s network and delivers high-fidelity visibility and deep intelligence about these endpoints. Tripwire solutions also deliver actionable reports and alerts and enable the integration of valuable endpoint intelligence into operational systems like change management databases, ticketing systems, patch management and security solutions including SIEMS, malware detection and risk and analytics. 

Penetration Test Tools

• World’s most used penetration testing software – metasploit
• Kali Linux – is the new generation of the industry-leading Debian-based BackTrack Linux penetration testing and security auditing Linux distribution. Kali Linux is a complete re-build of BackTrack from the ground up, adhering completely to Debian development standards. Kali 2.0 Teaser is coming.
• Nessus® is the industry’s most widely-deployed vulnerability, configuration, and compliance scanner.
• BackTrack – BackTrack is a free bootable Linux distribution that contains a plethora of open source tools that you can use for network security and penetration testing. The tools are organized into different categories such as ‘Information Gathering’, ‘Vulnerability Assessment’, ‘Exploitation Tools’, ‘Privilege Escalation’ and ‘Maintaining Access’, amongst others.
• Nmap (“Network Mapper”) is a free and open source (license) utility for network discovery and security auditing. 
• Burp Suite 
• Cobalt Strike
• BlackArch Linux 64 bit Live ISO : BlackArch Linux is an Arch Linux-based penetration testing distribution for penetration testers and security researchers. The repository contains 1950 tools. You can install tools individually or in groups. BlackArch Linux is compatible with existing Arch installs.The BlackArch Live ISO contains multiple window managers. Below you will find screenshots of a few of them.
• BackBox Linux : BackBox Linux is a penetration testing and security assessment oriented Linux distribution providing a network and systems analysis toolkit. It includes some of the most commonly known/used security and analysis tools, aiming for a wide spread of goals, ranging from web application analysis to network analysis, stress tests, sniffing, vulnerability assessment, computer forensic analysis, automotive and exploitation. It has been built on Ubuntu core system yet fully customized, designed to be one of the best Penetration testing and security distribution and more.

Proxy Software

• ccproxy from youngzsoft
• Cisco CWS : The Cisco CWS solution, previously known as Cisco ScanSafe, enforces secure communication to and from the Internet. It uses the Cisco AnyConnect® Secure Mobility Client 3.0 to provide remote workers the same level of security as onsite employees when using a laptop issued by Cisco. Cisco CWS incorporates two main functions, web filtering and web security, and both are accompanied by extensive, centralized reporting.

Network Automation Tools

• NetMRI provides automatic network discovery, switch port management, network change automation, and continuous security policy and configuration compliance management for multi-vendor routers, switches, and other layer-2 and layer-3 network devices. NetMRI is the only platform that supports traditional and virtual network constructs (such as VRF) for multi-vendor network automation.

Threat Intelligence Tools

• Lancope, Inc. is a leading provider of network visibility and security intelligence to protect enterprises against today’s top threats. 
• FireEye Network Security (NX) products, now available in modular 2- and 4-Gbps appliances, enable organizations to prevent, detect, and respond to network-based zero day exploit attempts, web drive-by downloads, and advanced malware that routinely bypass conventional signature-reliant defenses.
• Securonix SNYPR : The SNYPR Security Analytics Platform uses a combination of context enrichment, machine learning and threat modeling to predict, detect and contain advanced threats, anywhere, in real-time. Unlike SIEM solutions that inundate security teams with false positives, SNYPR leverages sophisticated machine learning algorithms to accurately identify the most hard-to-detect cyber threats, insider threats and fraud.
• Recorded Future: Threat Intelligence Powered by Machine Learning
• ThreatConnect.com | Threat Intelligence | Smarter Security‎ – Provide a free account
• Anomali | Threat Intelligence Platform | anomali.com‎