I always emphasize tools are not everything but we need to know how they work, how tools are engineered and how they make our lives easier. Once you have the engineering understanding of how the tool is working you can take full potential of the same.

In this article, we will discuss the top 10 security tools security engineers must know concerning different areas like Pentesting, Vulnerability scanning, incident response and more. 

Wireshark

Wireshark is a network protocol analyser tool. One tool for all your network-related security stuff that you would like to perform. It can sniff packets, follow HTTP/S, TCP streams and help you to analyse the packets. You can perform network forensics not only for wifi or connected Ethernet devices. Connect with radio listeners to sniff Bluetooth, radio frequencies and many more. Try to understand what the use cases for Wireshark and you will be mind blown with the power Wireshark holds. 

Burp Suite
AppSec, you talk, burp owns the convo. From web spidering, dynamic application security testing(DAST), proxying, repeating attacks or replaying requests. Everything you need and all you want in a single package. Burp community is enough for a decent bug bounty hunter and security testing of personal web applications. It provides lots of versatility with the help of plugins and an inbuilt browser. 

Metasploit

Metasploit is one of the most powerful pentesting frameworks. It give you several exploits, payloads, encoders, information gathering auxiliaries and post exploitation modules at your fingerprints. I don’t want to dive deep into metasploit and will keep this for other article. The more I talk about Metasploit the more I have left to talk. 

Nmap

Nmap is a network mapper, network scanner. One of the most important tools for active information gathering. Nmap is a very versatile and simple tool. It is also powerful to run heavy and stealth scans to identify services, OS and versions running on the target. It also supports scripts that can help to exploit the identified vulnerabilities. NSL – Nmap Scripting Language, and you can write your custom scripts, and the community has lots of scripts ready at your fingertips. NSL is outdated, and now Nmap uses the Lua language. 

Nessus

Nessus is a vulnerability scanning tool that uses agents installed in target systems. This is mainly used by the Blue team or internal teams to identify the vulnerabilities in the company’s infrastructure. It uses the NASL language(Nessus Attack Scripting Language). This file identifies the version file or the registry parameter in the OS to identify the application’s version installed, and checks whether the version has any vulnerabilities. This tool also helps in compliance reports. 

OSSEC

OSSEC is a HIDS(Host Intrusion Detection System). It is open source and performs log analysis, file integrity check that identifies whether an attacker modified any configuration files, Registry monitoring and even for rootkits. OSSEC also supports extensions that one can take advantage of to send alerts to Slack and generate rules from existing security tools. 

Splunk or ELK Stack

Splunk and ELK(Elastic Search, Logstash, Kibana) are very powerful log management and analysis tools. ELK is open-source, whereas Splunk is not. They can be used to monitor, analyse and identify threats from all the infrastructure logs. You can integrate all your tools and use Splunk/ELK as a centralised logging platform. 

Aircrack-ng

Aircrack is used for wireless pentesting, mainly for Wi-Fi networks. Using this, you can detect, sniff different wifi networks and capture beacons to exploit them. You can perform replay attacks, deauthentication, create fake access points and a few packet injection exploits. 

Snort or Suricata

Snort and Suricata are open-source IDS and IPS. These can help you detect and prevent threats in real time. Both of these have a multithreaded architecture, which makes them more efficient and better suited to high-traffic environments. These are used for L3 attacks and also help in DLP(Data Leak Prevention). 

OpenVAS

Openvas is a vulnerability scanner. It checks for open ports, services installed and known exploits in the network. It is very similar to Nessus and uses the same NASL language to detect vulnerabilities.