14 Feb 2019

9 Best Linux-Based Security Tools

Information security specialists and sysadmins need to be sure their networks are sealed against malicious attacks. This is why the practice of penetration testing is commonly employed, to sniff out security vulnerabilities before malicious hackers. Home Linux users should also be wary about the security of their systems. There are a huge variety of tools for accomplishing this, but some stand out in the industry more than others.

In this article, we are going to highlight 9 of the best Linux-based security tools, which every pentester should be familiar with. Note this is only a list of some of the most widely used tools - if you're interested in the latest security news, you can regularly read this website, which covers a lot of great infosec topics. Most of the tools on this list are also bundled with Kali Linux (specially designed for information security professionals, but not for home users or Linux newbies), but you can check out this literally massive list of all things related to hardware, security, programming, and other computer-related fields of interest to infosec people.


Nmap is one of the most popular tools for network mapping. You can discover active hosts within a network, and a wide range of other detection features. Nmap has functions for host discovery, port scanning, OS detection, app versions, and other scripting interactions.

Nmap is great for both beginners and veterans alike, and is compatible with a wide range of operating systems, including most of the popular Linux distros.


Unicornscan is an infosec tool used for data correlation and information gathering. Basically, it offers complex, asynchronous TCP and UDP scanning, which is useful for finding remote hosts. Furthermore, it can reveal the software driving the hosts.

Unicornscan also features TCP banner detection, custom data sets, SQL relationship output, and a handful of other functions useful to the cause.


While similar in function to Nmap and Unicornscan, Fierce is more useful for corporate network scanning. As a network mapper and port scanner, Fierce is able to discover non-contiguous IP space, and hostnames on the network.

Fierce can be used to employ tests against a selected domain, allowing you to garner valuable information. It has the ability to change DNS servers for reverse lookups, can scan entire IP ranges and Class C scans, as well as brute force attack methods with custom dictionaries.

THC Hydra

An explicit brute force hacking tool, THC Hydra is used for brute force cracking remote authentication services. It supports over 50 protocols, including CVS, FTP, HTTP/S, IMAP, IRC, LDAP, MS-SQL, and obviously many more. As an infosec tool, it is incredibly useful for testing network password security - though of course, it is a favourite of blackhat hackers as well.

THC Hydra can launch parallel brute force attacks, and is considered one of the fastest tools for the job. It also supports custom modules, and is available for a wide range of operating systems.

John the Ripper

As a multi-platform cryptography testing tool, John the Ripper allows sysadmins to simulate brute force attacks on a network. Its main strength is in its ability to test encryptions such as SHA-1, DES, Windows LM hashes, and many others commonly found on Unix systems.

John the Ripper will also automatically change decryption methods, depending on the algorithms it detects. Aside from dictionary-based brute force attacks, the tool can also allow you to define custom letters, run automatically with crons, and it is compatible with most operating systems and architectures.

Kismet Wireless

A tool for analyzing and sniffing wireless LAN networks, as well as intrusion detection. Kismet Wireless is compatible with nearly all types of network cards, and the sniffing mode can work on 802.11a/b/g/n.

It can scan for wireless encryption levels on any given AP, allows for channel hopping, and has a network logging feature. Additionally, the tool can run natively on Windows, Linux, and various BSD systems.

Metasploit Framework

Infosec specialists familiar with the Ruby programming language should highly appreciate Metasploit Framework, being a Ruby-based tool. It is used for the development and execution of exploit attacks against remote targets. It's also extremely powerful with a ton of features.

Metasploit Framework is able to evade detection on remote hosts, for starters. Secondly, it has network enumeration and discovery, can work from an MFSconsole, and scrape data. It is available for Windows and Linux.


As a network exploration tool, Netcat is fairly popular in the infosec and sysadmin industries. It’s primary function is for checking inbound / outbound network data, as well as port exploration. This sounds simple, but its potential is unlocked when used in combination with Perl, C, and bash scripts.

Netcat features TCP/UDP port analysis, reverse and forward DNS analysis, a UDP/TCP tunneling mode, and more. There are also forks of the tool which have additional features, for example OpenBSD Netcat, which has TLS support.


From the same development team that wrote the famous Nessus tool, OpenVAS is a fairly powerful pentest tool. It's more like a toolbox, rather than an individual tool. It comes with over 50 network vulnerability tests, and you can write your own security plugins to the platform. Basically, it can scan anything you can dream of related to network vulnerabilities.

Some of OpenVAS primary features include simultaneous host discovery, full integration with SQL databases, results exporting in various formats, and the OpenVAS Transfer Protocol. It is available for Linux and Windows.

This post is written by Robert Dale


Post a Comment