Browse Definitions :

17 free cybersecurity tools you should know about

Cybersecurity products can get pricy but there are many excellent open source tools to help secure your systems and data. Here's a list of some of the most popular with cyber pros.

Cybersecurity tools aren't just for the enterprise anymore; they're essential for every type and size of organization.

Effective products, coupled with in-depth cybersecurity planning, are a must for all, since bad actors are no longer just going after the big fish. Whether businesses have an in-house security team or outsource these services, every entity needs cybersecurity pros to discover and fix any points of weakness in computer systems. This reality can tax the bottom line, but luckily there are an array of free cybersecurity tools available.

Here is a rundown of some of the free tools cybersecurity professionals use every day to identify vulnerabilities.

1. Aircrack-ng

Any list of the best free tools for cybersecurity professionals must include Aircrack-ng, a suite of wireless security tools that focus on different aspects of Wi-Fi security and can be used for Wi-Fi penetration testing. This package of tools can capture, analyze and export packet data, spoof access points or routers and crack complex Wi-Fi passwords. The Aircrack-ng suite of programs includes Airdecap-ng (decrypts WEP or WPA-encrypted capture files); Airodump-ng (packet sniffer); Airtun-ng (virtual tunnel interface creator); and Packetforge-ng (creates encrypted packets for injection).

2. Burp Suite

Burp is a high-tech suite of cybersecurity tools amassed as a platform for debugging and security testing web app security. Burp Suite includes a spider for crawling web app content, a randomness tool for testing session tokens and a sophisticated request repeater to resend manipulated requests. The real power of Burp Suite, however, is the intercepting proxy tool, which enables Burp to intercept, inspect, modify and send traffic from the browser to a target. This powerful feature makes it possible to creatively analyze a web app's attack vectors from all angles -- a key reason it's often ranked as one of the best free cybersecurity tools. The community version of Burp Suite is free, but there is also a paid version for enterprise clients.

3. Gophish

Many of the costliest data breaches and ransomware attacks in recent years can be traced backed to simple phishing campaigns. For cybersecurity experts who need to test their organization's preparedness against phishing expeditions, the free program Gophish was created. Gophish is open source and provides a full-featured toolkit for users to simulate and monitor elaborate phishing campaigns with relative ease. The overall goal of the project is to help computer security professionals and businesses create targeted campaigns to increase phishing awareness and foster better security training within their organization.

4. Have I Been Pwned

Created by award-winning cybersecurity thought leader and teacher Troy Hunt, Have I Been Pwned is a website that provides an intuitive search tool to check if a person's private information has been revealed in a data breach. Have I Been Pwned's database is filled with billions of usernames, passwords, email addresses and other information which hackers have stolen and published online. Anyone can download or anonymously query the information via the website's easy-to-use interface.

While cybersecurity tools can get expensive, there are many excellent free tools available.

5. Kali Linux

Kali Linux is an operating system for pen testing, security auditing and digital forensics. Based on the Debian lineage of Linux distros, Kali includes roughly 600 pre-installed programs, each included to help computer security experts carry out a specific attack, probe or exploit against a target. Aircrack-ng, Nmap, Wireshark and Metasploit are a few of the pre-installed tools that ship with the Kali Linux download. For a comprehensive list, visit the official Kali Linux website.

6. Metasploit Framework

To probe networks and applications for flaws and weaknesses, there's no better free program than the open source Metasploit software that can automate vulnerability and penetration testing. Now owned by the security company Rapid7, the Metasploit Framework can test computer system vulnerabilities or can be used to break into remote systems. It is, in other words, a network penetration "Swiss Army knife" used by both ethical hackers and criminal gangs to find points of vulnerability in a system. There is both a free and a commercial version (known as the Pro edition).

The framework ships with more than 2,000 exploits and more than 592 payloads to help users orchestrate well-planned attacks. Metasploit comes pre-installed on Kali Linux.

7. Nmap

Nmap is a free network mapper used to discover network nodes and scan systems for vulnerability. The popular free cybersecurity tool provides methods to find open ports, detect host devices, see which network services are active, fingerprint operating systems and locate potential backdoors.

While Nmap provides users immense power and capability to explore networks, the program has a rather steep learning curve to get over before one becomes truly proficient in using it.

8. Nikto

Nikto is an ultra-powerful, command-line tool useful for uncovering vulnerabilities in web apps, services and web servers. Originally launched in the early 2000s, Nikto is still widely used by both blue and red teams that want to quickly scan web servers for unpatched software, misconfigurations and other security issues. The program also features built-in support for SSL proxies and intrusion detection system evasion, among many other features. Nikto can run on any computer capable of supporting the Perl programming language.

9. OpenVAS

OpenVAS is an all-in-one vulnerability scanner that boasts a slew of modules that make it easy for cybersecurity professionals to comprehensively test for security holes, misconfigured systems and outdated software. A great deal of the program's power stems from its built-in programming interface, which enables developers to create custom scans that fit niche needs.

Available for free as open source software under the GNU General Public License, the company that maintains OpenVAS also provides a paid version for enterprise clients who need additional product support.

10. OSSEC

OSSEC is a free program for cybersecurity professionals that's been touted as one of the most popular systems for intrusion detection and prevention. Made up of multiple components -- including a server, an agent and a router monitor -- OSSEC is capable of rootkit detection, system integrity checking, threat alerts and response. One of OSSEC's highlights is its comprehensive log analysis tool, which empowers users to easily compare and contrast log events from many different sources.

11. Password managers

Using only strong passwords, and keeping them secure, is an essential step in the security of any system. But since a best practice is to use a unique password for every website, app and service, that can get tricky. A good password manager makes it possible to safely store all passwords together so a user only needs to remember one master key rather than dozens of unique passwords. This is especially true for cybersecurity professionals tasked with guarding passwords to mission-critical systems. Fortunately, there are free password management tools. Three good, free options for cybersecurity pros are KeePass, Bitwarden and Psono.

12. PfSense

The firewall/router software pfSense can be installed on either a physical computer or a VM to protect networks. Based on a project launched in 2004, pfSense is based on the FreeBSD OS and has become one of the most popular open source firewall/router projects available. In addition to acting as a firewall, pfSense can be configured for intrusion detection and prevention, traffic shaping, load balancing and content filtering, among other applications. The pfSense site includes a tour, a community page, a link to both training and support as well as a download of the latest version of the community edition of the software.

13. P0f

Endpoint fingerprinting is a network access control feature that helps secure networks by locating, classifying and monitoring detected devices, even "dumb" devices that don't interact with the network but can still enable unauthorized access to an organization's systems. P0f is a simple yet powerful network-level fingerprinting and forensics program.

While other free cybersecurity programs do a similar job, p0f is unique in that it's designed for stealth. That is, whereas most other programs rely on active scanning and packet injection, p0f can identify fingerprints and other vital information without network interference. Being passive rather than active means p0f is nearly impossible to detect and even harder to block, making it a favorite tool for ethical hackers and cybercriminals alike.

14. REMnux

Advanced malware seeks out network vulnerabilities and infiltrates them, causing serious damage to systems and data. REMnux is a free Linux toolkit for reverse engineering and analyzing malware.

Included in every REMnux distro is an array of tools to analyze Windows executables, reverse-engineer binaries and inspect suspicious documents. It also includes a collection of free tools cybersecurity professionals can use to monitor networks, gather data and conduct memory forensics. 

15. Security Onion

Security Onion is an open source software collection based on the Linux kernel that helps cybersecurity professionals develop a comprehensive profile of their system's security posture. Security Onion provides network monitoring via full packet capture, host-based and network-based intrusion detection systems, log indexing, searching and data visualization features.

The operating system emphasizes ease of use and makes it possible to interweave data and analytics from multiple tools into a unified dashboard. The overarching goal of the project is to offer teams a foolproof security monitoring solution that reduces decision paralysis and false alerts.

16. Snort

Snort is an open source network intrusion prevention and intrusion detection system capable of real-time traffic analysis and logging. It uses a series of rules to identify malicious network activity, find the packets and generate alerts. This packet sniffer -- managed by Cisco -- actively searches and analyzes networks to detect probes, attacks and intrusions. Snort accomplishes this by fusing a sniffer, packet logger and intrusion detection engine into a single package.

17. Wireshark

In the late 1990s, a frustrated computer scientist working for a small internet provider was fed up with the protocol analyzer -- also known as a network analyzer or a sniffer -- his company was using. So rather than put up with its many limitations, he created his own analyzer tool called Ethereal, which would eventually become Wireshark. Now, some 20 years later, Wireshark is considered by many to be an indispensable tool to locate, identify and examine network packets to diagnose critical issues and spot security weaknesses. The website for Wireshark outlines the broad set of its features and provides a user's guide and other resources for putting this free cybersecurity tool to best use.

Every cybersecurity expert carries a different set of tools, depending on their mission and skill set. However, the free cybersecurity tools here will serve as a fantastic entry point for those looking to increase their cybersecurity skills and knowledge. Cyberthreats are getting more lethal every year -- and more efficient too. And while up-to-date, automated cybersecurity tools can get expensive, this list demonstrates there are many excellent free tools available.

Dig Deeper on Threat management

SearchCompliance
  • ISO 31000 Risk Management

    The ISO 31000 Risk Management framework is an international standard that provides businesses with guidelines and principles for ...

  • pure risk

    Pure risk refers to risks that are beyond human control and result in a loss or no loss with no possibility of financial gain.

  • risk reporting

    Risk reporting is a method of identifying risks tied to or potentially impacting an organization's business processes.

SearchSecurity
  • Twofish

    Twofish is a symmetric-key block cipher with a block size of 128 bits and variable-length key of size 128, 192 or 256 bits.

  • walled garden

    On the internet, a walled garden is an environment that controls the user's access to network-based content and services.

  • potentially unwanted program (PUP)

    A potentially unwanted program (PUP) is a program that may be unwanted, despite the possibility that users consented to download ...

SearchHealthIT
SearchDisasterRecovery
  • What is risk mitigation?

    Risk mitigation is a strategy to prepare for and lessen the effects of threats faced by a business.

  • fault-tolerant

    Fault-tolerant technology is a capability of a computer system, electronic system or network to deliver uninterrupted service, ...

  • synchronous replication

    Synchronous replication is the process of copying data over a storage area network, local area network or wide area network so ...

SearchStorage
  • Remote Direct Memory Access (RDMA)

    Remote Direct Memory Access (RDMA) is a technology that enables two networked computers to exchange data in main memory without ...

  • storage (computer storage)

    Data storage is the collective methods and technologies that capture and retain digital information on electromagnetic, optical ...

  • storage medium (storage media)

    In computers, a storage medium is a physical device that receives and retains electronic data for applications and users and ...

Close