share some free tools to support enterprise safety work

Posted by santillano at 2020-03-14

In fact, there are many very practical free security tools on the Internet. If you want to introduce all these tools, you may not have enough time in one day or one night. Although there are many companies will "seduce" users to buy their full functional products through trial software, there are still many powerful free security tools on the market, including intelligence tools, tools to ensure security in the software development stage, penetration testing tools and forensics tools, etc.

Tools Introduction

Threat intelligence tools include alienvault's open threat exchange (Otx), which is actually a computer security platform. It can collect and share Internet threat intelligence. Similar platforms include hailataxii, and so on. In addition, there are many static application security testing (SAST) tools available for developers to test software developed in different programming languages (C / C + +, Ruby on rails or python, etc.). In terms of penetration testing, we usually choose to use nmap security scanning tool and Wireshark network protocol analysis tool. Specialized analysis and forensics products include GRR remote forensics framework, autopsy and sleuthkit. These tools can forensically analyze hard disk drives and smartphones, while the open-source framework of the volatility foundation can forensically analyze system memory.

Threat Intelligence Tools

Security vendors can analyze Threat Intelligence and create signatures for corresponding threat information, and their security detection tools can use these signature data to detect security threats. Alienvault's open thread exchange (Otx) platform can collect and share Internet threat intelligence information with the community. At present, the project has more than 47000 participants from 140 countries, who contribute more than 4 million Threat Intelligence identifiers every day. When new threats appear, this form of resource sharing can help enterprises and security vendors quickly identify and respond to these security threats.

Ben cotton, chief executive of cytech services (registered information system security specialist, CISSP), also said:

"Alienvault's Otx platform has done a very good job in sharing Threat Intelligence identifiers (IOC). Security products can enhance their detection capabilities and better detect new security threats through the IOC provided by Otx. "

Esentire's also provides a lot of free threat intelligence information. According to the data provided on its official website, when community members find new malicious activities or virus infection sources, they will immediately add the corresponding identification to's database.

Every day, cymon obtains security threat intelligence information from 180 different fields, including public industry, government agencies, and business threat intelligence sources (such as virus total, PhishTank, blacklists, and security reports of major anti-virus manufacturers), etc. Cymon can use these Threat Intelligence to track malware, phishing, Botnet, spam and other malicious activities. Cymon's database will add more than 20000 independent IP addresses every day. So far, cymon has more than 6 million login IP addresses in total and has recorded more than 33.7 million security events.

Cotton also said:

"In my opinion, in addition to Otx, is also a great open source threat intelligence resource base. But is also doing very well. I think as a threat intelligence sharing platform, it is as good as alienvault's Otx and hailataxii. "

Tools to enhance security during software development

Now there are many static application security testing (SAST) tools for the majority of developers to use, developers can use these tools in the software coding stage to test whether the software security is in place. Meera Subbarao, a senior security consultant at cigital, said: "the most popular javasast tools in the world are findbugs and PMD. Most of these SAST tools can be added to the IDE used by developers in the form of plug-ins, which can better help them to ensure the security of coding in the process of developing applications. Of course, in addition to the SAST tools for Java, there are many SAST tools for Python, Ruby on rails, C / C + +, JavaScript, and. Net programming languages. "

Tools for penetration / penetration testers

Through penetration testing of products, security personnel can catch up with hackers to find security vulnerabilities in products. The most widely used security expert is the open source nmap security scanner. Nmap is developed by Gordon Lyon. It is a professional penetration test tool. Security researchers can use nmap to scan the target host port and locate network vulnerabilities. "Nmap is the most efficient of all free open source scanning tools if network vulnerability analysis is to be carried out," said cotton. The only drawback is that although nmap can scan large networks, it does not provide features related to security event response. "

Wireshark is a widely used network protocol analysis tool. It is also a free penetration test tool. The software was originally developed by Gerald combs and is currently maintained by riverbed. "Wireshark is probably the best network packet sniffing tool at the moment," says cotton. However, Wireshark does not support scanning packets with file sizes greater than 100MB. "

Analysis and evidence collection tools

Enterprises can use forensic tools to investigate past or ongoing security incidents. Google's GRR remote forensics framework (free, open source) provides a real-time event response service, which can be obtained through the real-time interaction between GRR's Python agent and GRR's Python server. You can use GRR agent in windows, Linux, and Mac OS systems, and collect and analyze system memory data. Similarly, although it is a very good tool, when GRR is used in the enterprise environment, its scalability problems will be exposed. "Generally speaking, we only use GRR to handle about ten devices," cotton said

Usually, we use a variety of tools together. The forensics tools autopsy and sleuthkit can analyze computer hard disk, smartphone and disk image. The product supports windows, Linux and Mac OS systems. "These tools can only help us analyze less than ten computers, and autopsy and sleuthkit can't effectively deal with problems in large networks," cotton said

There is also a memory analysis tool that has to be mentioned, that is, the open source framework of the volatility foundation. This analysis and forensics tool can analyze the running system by collecting the data in the ram of the target host. It allows you to collect memory data from Windows systems and export process, open port, and network link related data, so it can help us identify running malware in memory.

Cotton explained:

"I highly recommend this open source framework for memory analysis from volatility foundation. But its disadvantage is that before you start to analyze the data, you need to create the current memory image, so that you can export the memory data and use the volatility to analyze the current RAM data of the target host. "

These free security software still have a long way to go

The free tools listed in this article are used by almost every security researcher, not only because they are outstanding in open source software projects, but also because they are freely available and used by people everywhere in the world. You can use these tools to temporarily fill the security gap in the enterprise, and try your best to make the organization or your own security as high as you can achieve.

*Reference source: csoonline, compiled by FB editor alpha ﹣ h4ck, reprinted from