介绍十个安全工具-阿里云开发者社区

开发者社区> 科技小能手> 正文

介绍十个安全工具

简介:
+关注继续查看

 1:wireshark 这个做网络的不能不知道的东西。就跟中国人不能不知道毛主席一样

数据包分析工具。

2:metasploit 

渗透测试工具2004年发布的工具,现在由rapid 7维护,翻译太麻烦了 还是沾原文吧Metasploit took the security world by storm when it was released in 2004. It is an advanced open-source platform for developing, testing, and using exploit code. The extensible model through which payloads, encoders, no-op generators, and exploits can be integrated has made it possible to use the Metasploit Framework as an outlet for cutting-edge exploitation research. It ships with hundreds of exploits, as you can see in their list of modules. This makes writing your own exploits easier, and it certainly beats scouring the darkest corners of the Internet for illicit shellcode of dubious quality.

Metasploit was completely free, but the project was acquired by Rapid7 in 2009 and it soon sprouted commercial variants. The Framework itself is still free and open source, but they now also offer a free-but-limited Community edition, a more advanced Express edition ($3,000 per year per user), and a full-featured Pro edition ($15,000 per user per year). Other paid exploitation tools to consider areCore Impact (more expensive) and Canvas (less).

The Metasploit Framework now includes an official Java-based GUI and also Raphael Mudge's excellent Armitage. The Community, Express, and Pro editions have web-based GUIs. Read 5 reviews.

3Nessus 漏洞扫描工具

Nessus is one of the most popular and capable vulnerability scanners, particularly for UNIX systems. It was initially free and open source, but they closed the source code in 2005 and removed the free "Registered Feed" version in 2008. It now costs $1,200 per year, which still beats many of its competitors. A free “Home Feed” is also available, though it is limited and only licensed for home network use.

Nessus is constantly updated, with more than 46,000 plugins. Key features include remote and local (authenticated) security checks, a client/server architecture with a web-based interface, and an embedded scripting language for writing your own plugins or understanding the existing ones. The open-source version of Nessus was forked by a group of users who still develop it under the OpenVASname

4:Aircrack 无线破解攻击工具

Aircrack is a suite of tools for 802.11a/b/g WEP and WPA cracking. It implements the best known cracking algorithms to recover wireless keys once enough encrypted packets have been gathered. . The suite comprises over a dozen discrete tools, including airodump (an 802.11 packet capture program), aireplay (an 802.11 packet injection program), aircrack (static WEP and WPA-PSK cracking), and airdecap (decrypts WEP/WPA capture files).

5 Snort 入侵检测工具,这里说下这个真的很好用,但是不建议分析大流量。比如国内某盟公司的漏洞扫描垃圾的不行,在政府采购平台上还10W+ 而且升级还要续费,用句网友的话,国外一开源我们就自主研发了,

This network intrusion detection and prevention system excels at traffic analysis and packet logging on IP networks. Through protocol analysis, content searching, and various pre-processors, Snort detects thousands of worms, vulnerability exploit attempts, port scans, and other suspicious behavior. Snort uses a flexible rule-based language to describe traffic that it should collect or pass, and a modular detection engine. Also check out the free Basic Analysis and Security Engine (BASE), a web interface for analyzing Snort alerts.

While Snort itself is free and open source, parent company SourceFire offers their VRT-certified rules for $499 per sensor per year and a complementary product line of software and appliances with more enterprise-level features. Sourcefire also offers a free 30-day delayed feed

6:cain & abel 密码破解工具,真的很好用,对于我这个cisco funs 用了感觉就是

cisco 根本不是安全厂商。。。。

UNIX users often smugly assert that the best free security tools support their platform first, and Windows ports are often an afterthought. They are usually right, but Cain & Abel is a glaring exception. This Windows-only password recovery tool handles an enormous variety of tasks. It can recover passwords by sniffing the network, cracking encrypted passwords using dictionary, brute-force and cryptanalysis attacks, recording VoIP conversations, decoding scrambled passwords, revealing password boxes, uncovering cached passwords and analyzing routing protocols

7:Backtrack 5 现在最新的版本应该是rt1 这个不应该是tools 应该是os 这个os里面包含了好多tools,但是sectools.org这样拍的我也没意见,用几个词性用 就是 wonderfull,excellent,perfect

This excellent bootable live CD Linux distribution comes from the merger of Whax and Auditor. It boasts a huge variety of Security and Forensics tools and provides a rich development environment. User modularity is emphasized so the distribution can be easily customized by the user to include personal scripts, additional tools, customized kernel

8:netcat 传说中的瑞士军刀,很小的一个工具有几个不同的版本linux 和windows 都有 但是用的时候有具体查看下区别

This simple utility reads and writes data across TCP or UDP network connections. It is designed to be a reliable back-end tool to use directly or easily drive by other programs and scripts. At the same time, it is a feature-rich network debugging and exploration tool, since it can create almost any kind of connection you would need, including port binding to accept incoming connections.

The original Netcat was released by Hobbit in 1995, but it hasn't been maintained despite its popularity. It can sometimes even be hard to find a copy of the v1.10 source code. The flexibility and usefulness of this tool prompted the Nmap Project to produce Ncat, a modern reimplementation which supports SSL, IPv6, SOCKS and http proxies, connection brokering, and more. Other takes on this classic tool include the amazingly versatile SocatOpenBSD's ncCryptcatNetcat6pnetcat,SBD, and so-called

9:tcpdump 这个也是抓包工具当没有gui的时候就用这个搞定或者tshark 很简单使用的工具

10John the Ripper

John the Ripper is a fast password cracker for UNIX/Linux and Mac OS X.. Its primary purpose is to detect weak Unix passwords, though it supports hashes for many other platforms as well. There is an official free version, a community-enhanced version (with many contributed patches but not as much quality assurance), and an inexpensive pro version. You will probably want to start with some wordlists linux 上的cain &able 



本文转自 song8575 51CTO博客,原文链接:http://blog.51cto.com/song8575/752350

版权声明:本文内容由阿里云实名注册用户自发贡献,版权归原作者所有,阿里云开发者社区不拥有其著作权,亦不承担相应法律责任。具体规则请查看《阿里云开发者社区用户服务协议》和《阿里云开发者社区知识产权保护指引》。如果您发现本社区中有涉嫌抄袭的内容,填写侵权投诉表单进行举报,一经查实,本社区将立刻删除涉嫌侵权内容。

相关文章
计算机基础2 | 学习笔记
快速学习计算机基础2。
10 0
计算机基础1 | 学习笔记
快速学习计算机基础1。
7 0
计算机基础3 | 学习笔记
快速学习计算机基础3。
8 0
对ECS服务器的初认知
经过对ECS服务器的基本认识,掌握基础的操作方法,并对下一步的学习方向有了系统的规划。
17 0
Linux 命令执行过程 | 学习笔记
快速学习 Linux 命令执行过程。
7 0
Linux 基本操作 | 学习笔记
快速学习 Linux 基本操作。
8 0
centOS 系统安装方法详解 | 学习笔记
快速学习 centOS 系统安装方法详解。
7 0
冬季实战营第一期学习报告
通过五天学习与实操,对ECS云服务器入门、快速搭建LAMP环境、部署MySQL数据库、回顾搭建Docker环境和Spring Boot以及使用PolarDB和ECS搭建门户网站操作,对本期学习与实操的认识。
7 0
Java classloader详解
Java程序并不是一个可执行文件,而是由很多的Java类组成,其运行是由JVM来控制的。而JVM从内存中查找到类,而真正将类加载进内存的就是ClassLoader,可以说我们每天都在接触ClassLoader,但是很多时候我们没有明白其执行的流程和原理。
5 0
系统安装前准备 | 学习笔记
快速学习系统安装前准备。
5 0
23706
文章
0
问答
文章排行榜
最热
最新
相关电子书
更多
《2021云上架构与运维峰会演讲合集》
立即下载
《零基础CSS入门教程》
立即下载
《零基础HTML入门教程》
立即下载