in

10 Best Security Software Tools for Linux

- - 66 comments
Linux is a hacker’s dream computer operating system. It supports tons of tools and utilities for cracking passwords, scanning network vulnerabilities, and detecting possible intrusions. I have here a collection of 10 of the best security software tools for Linux. Please always keep in mind that these tools are not meant to harm, but to protect.

UPDATE: More security software tools that you should check out.


1. John the Ripper

John the Ripper is a free password cracking software tool initially developed for the UNIX operating system. It is one of the most popular password testing/breaking programs as it combines a number of password crackers into one package, autodetects password hash types, and includes a customizable cracker. It can be run against various encrypted password formats including several crypt password hash types most commonly found on various Unix flavors (based on DES, MD5, or Blowfish), Kerberos AFS, and Windows NT/2000/XP/2003 LM hash. Additional modules have extended its ability to include MD4-based password hashes and passwords stored in LDAP, MySQL and others.


2. Nmap

Nmap is my favorite network security scanner. It is used to discover computers and services on a computer network, thus creating a "map" of the network. Just like many simple port scanners, Nmap is capable of discovering passive services on a network despite the fact that such services aren't advertising themselves with a service discovery protocol. In addition Nmap may be able to determine various details about the remote computers. These include operating system, device type, uptime, software product used to run a service, exact version number of that product, presence of some firewall techniques and, on a local area network, even vendor of the remote network card.

Nmap runs on Linux, Microsoft Windows, Solaris, and BSD (including Mac OS X), and also on AmigaOS. Linux is the most popular nmap platform and Windows the second most popular.


3. Nessus

Nessus is a comprehensive vulnerability scanning software. Its goal is to detect potential vulnerabilities on the tested systems such as:

-Vulnerabilities that allow a remote cracker to control or access sensitive data on a system.
-Misconfiguration (e.g. open mail relay, missing patches, etc).
-Default passwords, a few common passwords, and blank/absent passwords on some system accounts. Nessus can also call Hydra (an external tool) to launch a dictionary attack.
-Denials of service against the TCP/IP stack by using mangled packets

Nessus is the world's most popular vulnerability scanner, estimated to be used by over 75,000 organizations worldwide. It took first place in the 2000, 2003, and 2006 security tools survey from SecTools.Org.


4. chkrootkit

chkrootkit (Check Rootkit) is a common Unix-based program intended to help system administrators check their system for known rootkits. It is a shell script using common UNIX/Linux tools like the strings and grep commands to search core system programs for signatures and for comparing a traversal of the /proc filesystem with the output of the ps (process status) command to look for discrepancies.

It can be used from a "rescue disc" (typically a Live CD) or it can optionally use an alternative directory from which to run all of its own commands. These techniques allow chkrootkit to trust the commands upon which it depend a bit more.

There are inherent limitations to the reliability of any program that attempts to detect compromises (such as rootkits and computer viruses). Newer rootkits may specifically attempt to detect and compromise copies of the chkrootkit programs or take other measures to evade detection by them.


5. Wireshark

Wireshark is a free packet sniffer computer application used for network troubleshooting, analysis, software and communications protocol development, and education. In June 2006, the project was renamed from Ethereal due to trademark issues.

The functionality Wireshark provides is very similar to tcpdump, but it has a GUI front-end, and many more information sorting and filtering options. It allows the user to see all traffic being passed over the network (usually an Ethernet network but support is being added for others) by putting the network interface into promiscuous mode.

Wireshark uses the cross-platform GTK+ widget toolkit, and is cross-platform, running on various computer operating systems including Linux, Mac OS X, and Microsoft Windows. Released under the terms of the GNU General Public License, Wireshark is free software.


6. netcat

netcat is a computer networking utility for reading from and writing to network connections on either TCP or UDP.

Netcat was voted the second most useful network security tool in a 2000 poll conducted by insecure.org on the nmap users mailing list. In 2003, it gained fourth place, a position it also held in the 2006 poll.

The original version of netcat is a UNIX program. Its author is known as *Hobbit*. He released version 1.1 in March of 1996.

Netcat is fully POSIX compatible and there exist several implementations, including a rewrite from scratch known as GNU netcat.


7. Kismet

Kismet is a network detector, packet sniffer, and intrusion detection system for 802.11 wireless LANs. Kismet will work with any wireless card which supports raw monitoring mode, and can sniff 802.11a, 802.11b and 802.11g traffic.

Kismet is unlike most other wireless network detectors in that it works passively. This means that without sending any loggable packets, it is able to detect the presence of both wireless access points and wireless clients, and associate them with each other.

Kismet also includes basic wireless IDS features such as detecting active wireless sniffing programs including NetStumbler, as well as a number of wireless network attacks.


8. hping

hping is a free packet generator and analyzer for the TCP/IP protocol. Hping is one of the de facto tools for security auditing and testing of firewalls and networks, and was used to exploit the idle scan scanning technique (also invented by the hping author), and now implemented in the Nmap Security Scanner. The new version of hping, hping3, is scriptable using the Tcl language and implements an engine for string based, human readable description of TCP/IP packets, so that the programmer can write scripts related to low level TCP/IP packet manipulation and analysis in very short time.

Like most tools used in computer security, hping is useful to both system administrators and crackers (or script kiddies).


9. Snort

Snort is a free and open source Network Intrusion prevention system (NIPS) and network intrusion detection (NIDS) capable of performing packet logging and real-time traffic analysis on IP networks.

Snort performs protocol analysis, content searching/matching, and is commonly used to actively block or passively detect a variety of attacks and probes, such as buffer overflows, stealth port scans, web application attacks, SMB probes, and OS fingerprinting attempts, amongst other features. The software is mostly used for intrusion prevention purposes, by dropping attacks as they are taking place. Snort can be combined with other software such as SnortSnarf, sguil, OSSIM, and the Basic Analysis and Security Engine (BASE) to provide a visual representation of intrusion data. With patches for the Snort source from Bleeding Edge Threats, support for packet stream antivirus scanning with ClamAV and network abnormality with SPADE in network layers 3 and 4 is possible with historical observation.


10. tcpdump

tcpdump is a common computer network debugging tool that runs under the command line. It allows the user to intercept and display TCP/IP and other packets being transmitted or received over a network to which the computer is attached.

In some Unix-like operating systems, a user must have superuser privileges to use tcpdump because the packet capturing mechanisms on those systems require elevated privileges. However, the -Z option may be used to drop privileges to a specific unprivileged user after capturing has been set up. In other Unix-like operating systems, the packet capturing mechanism can be configured to allow non-privileged users to use it; if that is done, superuser privileges are not required.

The user may optionally apply a BPF-based filter to limit the number of packets seen by tcpdump; this renders the output more usable on networks with a high volume of traffic.


Do you have a favorite security software tool for Linux? Feel free to comment and tell us about it.

66 comments

  1. AnonymousJuly 01, 2008

    Please do not list PuTTY, you are right in saying that it is a Windows tool, but for any other platform other than Windows using real `ssh` is much better and much more powerful

    ReplyDelete
  2. AnonymousJuly 01, 2008

    Missing curl and nc.

    ReplyDelete
  3. as a professional pen-test, I was a bit disappointed that you missed netcat (`nc`), which is one of the most useful tools in my bag. Also another one that should be included is `amap`, or my own application mapper pyScout (intertrusion.com/files/).

    ReplyDelete
  4. 1) chkrootkit is not a hacking software, it's used for checking the rootkit.

    2) How can you put putty as a hacking software

    3)

    ReplyDelete
  5. AnonymousJuly 02, 2008

    You should also add
    NETBIOS nameserver scanner to the list

    ReplyDelete
  6. AnonymousJuly 02, 2008

    netcat missed :(

    ReplyDelete
  7. AnonymousJuly 02, 2008

    chkrootkit is a security tool so it should be included. I agree, netcat should have been on the list. But there are plenty of great hacking tools listed here that are better than netcat.

    ReplyDelete
  8. AnonymousJuly 02, 2008

    s/nc|netcat/socat/
    and you're about right.

    ReplyDelete
  9. AnonymousJuly 02, 2008

    Echoing the comments about choices of what's in or not in the list, but I know such lists are always subjective. One thing, though, isn't subjective -- how are these "Linux" (just leave out the BSDs and Solaris) tools when just about every single one listed will also work for the OS about 92% of the world already uses? From now on, I disregard lists that mention one specific OS because 99% of the time I'll be able to use the applications or utilities listed on any OS. Including Windows (with or without cygwin).

    ReplyDelete
  10. AnonymousJuly 02, 2008

    Nikto is very usefull too

    ReplyDelete
  11. AnonymousJuly 02, 2008

    Thanks for sharing this info. I found it very usefull.

    ReplyDelete
  12. AnonymousJuly 02, 2008

    I think rkhunter is a better tool then chkrookit. Also you should replace netcat for putty.

    ReplyDelete
  13. Putty? Wtf? What about something useful like webscarab for hacking websites? Putty? I don't get it...

    ReplyDelete
  14. Changed Putty to netcat. Thank you for the suggestion.

    Cheers!

    ReplyDelete
  15. AnonymousJuly 02, 2008

    Regarding the comment above where someone got in a huff because the author uses the word 'Linux':

    Big deal, just because he's saying that these tools are good linux hacking tools doesn't mean he's saying that they don't work on other OS's.

    I for one would never dream of using any other OS than Linux for my hacking needs. It is far more flexible. Plus with great distrobutions like BackTrack, why would you need anything else.

    ReplyDelete
  16. AnonymousJuly 03, 2008

    ettercap. i could teach my cat to steal your password with it.

    ReplyDelete
  17. AnonymousJuly 03, 2008

    What about ettercap?

    ReplyDelete
  18. AnonymousJuly 03, 2008

    tripwire

    ReplyDelete
  19. AnonymousJuly 03, 2008

    This list really sucks.

    ReplyDelete
  20. AnonymousJuly 03, 2008

    Those are all good tools but I would be very careful about using some of these after reading The Truth about Linux.

    I really don't want to use infringing software that will just make all the work I do property of the Microsoft Corporation and any other IP holders. Scary stuff.

    ReplyDelete
  21. AnonymousJuly 03, 2008

    I'm really surprised to find that orfcrack was not in one of the top 5 it have yet to fail me in cracking a simple password on a xp machine. It comes with its own gui and the program basically runs it self

    ReplyDelete
  22. AnonymousJuly 03, 2008

    aircrack-ng is pretty cool, too

    ReplyDelete
  23. AnonymousJuly 04, 2008

    One of these posts leads you (through a link) to a website with a virus on it. If you are surfing on a Windows computer, be very very careful.

    If you are a Linux user and love security, have a good day.

    ReplyDelete
  24. AnonymousJuly 05, 2008

    These are all great tools if being used properly... i also used this tools for security auditing...

    ReplyDelete
  25. AnonymousJuly 06, 2008

    greatest tools. way to go, if one masters them :) liked it ..digged

    ReplyDelete
  26. 1. aircrack-ng is a perfect wireless traffic analysis tool, kismet just monitors wifi activity

    2. rkhunter competes chkrootkit very well

    ReplyDelete
  27. AnonymousJuly 09, 2008

    Linux,you say.
    Kinda funny that most of these tools run on windows too.

    ReplyDelete
  28. Information Security Software Tools

    Free software tools commonly used by information security experts

    http://cryptoexperts.blogspot.com

    ReplyDelete
  29. AnonymousJuly 28, 2008

    How does one block booting it is really annoying and can be very bothersome?

    ReplyDelete
  30. How can you leave out Metasploit. It is one powerful tool that makes security testing insanly easy.

    ReplyDelete
  31. OMG that little penguin dude is so cute, I must have one.

    Lisa
    www.anonymize.us.tc

    ReplyDelete
  32. *cough *cough tripwire

    This list is weak.

    How in the hell could you forget tripwire?

    ReplyDelete
  33. No ettercap?

    ReplyDelete
  34. Snort Free ? Is this info correct ?

    ReplyDelete
  35. metasploit ?

    ReplyDelete
  36. The truth about linux is a load of shit. Windows stole the basis for there system of the Mac, Mac is what was amde first, and then Microsoft stole over half of these new findings and used them for themselves, so who cares what linux has done to rip them off. Also, Windows Vista has stolen technologies and layouts usedin Linux Ubuntu. Microsoft have taken more than there share from others, so no one can say people are stealing there ideas so dont use anything else, it's tht simple. Really!!!!

    ReplyDelete
  37. Whoever posted that link to the "Truth About Linux", CHECK YOUR SOURCES. That article is complete and utter BS. At the time of this post, the link to whatever so-called "proof" that they have, is an error 404!! PROOF NOT FOUND.

    ReplyDelete
  38. Whoever posted that link to the "Truth About Linux", CHECK YOUR SOURCES. That article is complete and utter BS. At the time of this post, the link to whatever so-called "proof" that they have, is an error 404!! PROOF NOT FOUND.

    ReplyDelete
  39. I am glad I am not the only one that thinks so.
    I posted message: Semptember 23 2008 1:23 AM

    Read that before you believe any of the Linux crap you read. Linux is a true operating system who may or may not have infringed other Os's. But seriousley, Who hasn't infringed another OS??? It's just the way it is. none the less, Linux kicks ass and windows doesnt, there just peed off that there the big name and cant do as good a job, there twat plane and simple. Peace out.

    Danny boy

    ReplyDelete
  40. I would have to say there are more than just few applications in Linux that allows users to perform specialised tasks.

    Nonethless, thanks for these few suggestions. I certainly have not come across some of them.

    ReplyDelete
  41. Have you ever even used BackTrack? This list is sad.

    ReplyDelete
  42. Share some security tools and knowledge

    http://werew01f.blogspot.com

    ReplyDelete
  43. Metasploit
    Ethercap
    Aircrack-ng
    Samhaim

    http://www.retronet.com.ar

    ReplyDelete
  44. "The Truth About Linux" is a troll. She's been posting that link all over the place for months. Probably a paid microsoftie.

    ReplyDelete
  45. No, The Truth About Linux is a JOKE, Click the Contact link at the end of the article. But it gets everyone scared. I'd troll it too just to freak people out

    ReplyDelete
  46. no urlsnarf? serious used it TODAY.

    ReplyDelete
  47. very good post, tnx!

    ReplyDelete
  48. Ignorate about hacking. How can I track an IP address to the exact location? Also, if someone wanted to learn more about hacking in general, is there a basic program to start with (or am I real stupid and "See list above")

    ReplyDelete
  49. HACKERS BEWARE OF SPY BOT SEARCH AND DESTROY.
    YOU WILL BE SORRY.

    ReplyDelete
  50. these programs are very old my friend!!!
    why don't you tell us about the new one
    already used them all except for hiping and snort

    ReplyDelete
  51. I agree :
    Metasploit
    Ethercap
    Aircrack-ng
    Samhaim

    must to be included !

    ReplyDelete
  52. ok but there is any hacking software avilable on the net ?????

    ReplyDelete
  53. i thing.... to crack software o windows is .... hex editor ... one u all can find on google....... and...
    its simple too....
    and. ethercap is must..

    ReplyDelete
  54. "Linux,you say.
    Kinda funny that most of these tools run on windows too."

    That's what they call "cross-platform" applications.

    ReplyDelete
  55. ShellShockApril 17, 2010

    You really should list Aircrack-ng... :|

    ReplyDelete
  56. AnonymousMay 12, 2010

    ahehehehe..nice.. i know someone from bohol he is a terrible hacker. a.k.a SKULL do you know him?

    ReplyDelete
  57. I'm really surprised to find that orfcrack was not in one of the top 5 it have yet to fail me in cracking a simple password on a xp machine. It comes with its own gui and the program basically runs it self

    ReplyDelete
  58. hufffff....lol

    ReplyDelete
  59. Visit www.computersecurity007.blogspot.com and download the free But Professional Hacking course then all of u know which hacking softwares are used by hackers and how they Conduct Penetration Test in networks and how to hack every thing
    so enjoy.............................

    ReplyDelete
  60. That website thats criticizing Linux so much is actually running Linux. I confirmed it using Xprobe2, which I think should be put onto that list of hacking tools.

    ReplyDelete
  61. flakefrostJune 21, 2011

    kismet is awesome :)

    ReplyDelete
  62. AnonymousJuly 24, 2011

    hey who farted?

    ReplyDelete
  63. we.use.these

    ReplyDelete