Identify tools, are tools that uses organizational understanding to minimize risks to systems and Digital assets.
Kali linux is a debian based linux distribution operating system that has more than 600 free open source tools for penetration testing.
Network Mapper (NMAP) is an open source for network exploration and auditing. NMAP uses raw IP packets in a novel ways to determine what hosts are available in the network, what services (application and version) those hosts are offering, what Operating system versions are they running and what type of firewalls are in use.
It can also be used to conduct network inventory, managing service upgrade schedule, and monitoring host or service uptime.
NMAP can provide further information on targets, including reverse Domain Name System(DNS) names, device types, and Media Access Control(MAC)addresses.
Wireshark is a Graphical User Interface (GUI) network protocol analyzer. It lets you interactively browse packet data from a live network or from a previously saved capture file. Wireshark’s native capture file format is pcap format, which is also the format used by tcpdump and various other tools.
It can also be used to troubleshoot network problems, verify network applications, debug protocol implementations and People use it to learn network protocol internals.
Open Vulnerability Assessment System is a full featured software providing vulnerability scanning and vulnerability management
Nessus is an open-source network vulnerability scanner that uses the Common Vulnerabilities and Exposures architecture for easy cross-linking between compliant security tools. It helps the security professionals to quickly and easily identify and fix vulnerabilities.
A Domain Doppelgänger is a tool by KnowBe4 that is used to identify the “evil domain twins” and combines the search, discovery, reporting, risk indicators, and end-user assessment with training so you can take action as soon as possible.
The Password Exposure Test (PET) is a complimentary IT security tool that allows you to run an in-depth analysis of your organization’s hidden exposure risk associated with your users. It helps IT Managers to identify users with exposed emails and publicly available on the web, checks the Active Directory to see if users are using weak or compromised passwords that are part of a known data breach. PET will then report on any user accounts affected for action to be taken
OWASP Zed Attack Proxy Project (ZAP)
ZAP is a completely open source security tool, that allows you to perform both active and passive scan of the web app and even includes spiders that are able to crawl it. ZAP will generate reports on its finds and has several components that can be added on.
CVE Details gives you information about Common Vulnerabilities Exposures. Simply perform a search based on CVE number, vulnerability category, or vendor, and get lots of great info.
Burp Suite performs automated vulnerability scanning of web apps, it has numerous tools components used to test all features of web apps