Top 10 Open Source Network Security Tools for Web Apps

0
1148

Whether you are part of a startup dipping your toes into the field of Web apps or a full blown MNC working on multiple different projects, protecting your organisation’s network and critical infrastructure is of paramount importance. In this article, I share with you the top 10 open source tools to handle the security of your network.

We are not even half-way into 2021 and the amount of data breaches, leaks and hacks that have occurred this year alone is dizzying:

  • Ubiquiti Inc., one of the biggest IoT vendors, informed its customers about the breach of its system and the subsequent data leaks which exposed sensitive customer data such as names, addresses, emails and even passwords.
  • Parler, the conservative social media app, also released a notification regarding a data leak in which nearly 20 terabytes worth of data was scraped by a hacker from its platform.
  • Sociolark suffered a data leak in the same month due to an unsecured database that exposed sensitive account details of 214 million social media users from Facebook, Instagram and LinkedIn.
  • Pixlr, a free photo-editing app, became a victim of hacking, which led to 83 million user records getting exposed.

These are just some of the leaks that happened in January this year. Companies like Kroger and T-Mobile were targeted by hackers in February. Microsoft Exchange and SITA (the latter supports 90 per cent of the world’s airlines) were targeted in March.

Major companies in the industry with their endless supply of financing, manpower and resources are unable to save their data from being hacked. Looking at the statistics above, it is evident that if you are running a Web application that stores customer data in any form, then you need network security.

I have aggregated a list of what, in my opinion, are the top 10 open source network security tools that you could make use of. The list is not arranged in any order of importance or potential. Each tool brings its own set of features. Feel free to pick and choose whatever tools work best for you.

10. Zed Attack Proxy (ZAP)

A project developed and maintained by OWASP, ZAP is one of the most popular open source network security tools in the industry. It is multi-platform based with a user-friendly GUI and a CLI for advanced developers. With its latest version (v2.10.0) released in December 2020, ZAP has an active developer community with good documentation and support. The major highlights of ZAP are:

  • Active and vibrant developer community on GitHub
  • SQL injection vulnerability test
  • XSS injection vulnerability test
  • Easy to use and intuitive for beginners
  • Automated scanning of files
  • Uses a REST based API
  • Written in Java programming language

9. WFuzz

WFuzz is a brute forcing tool developed for Web applications. It brute forces the GET and POST parameters for checking different types of injection vulnerabilities. Its latest version (v3.1.0) was released in November 2020 and it has an active developer community. Unfortunately, it doesn’t have a GUI and can only be accessed using the terminal. The major highlights of WFuzz are:

  • Multiple injection point capabilities with multiple dictionaries
  • LDAP injection vulnerability test
  • SQL injection vulnerability test
  • XSS injection vulnerability test
  • HEAD scan
  • Multi-threading support
  • Written in Python programming language

8. Nikto2

Nikto is an open source Web server scanner. It helps you scan your Web server, testing for more than 6,700 potentially harmful or dangerous files or programs. It also checks for outdated versions of roughly 1200+ servers and version specific problems on more than 250 servers. It does not have a GUI and can only be accessed using the terminal. Its latest version (v2.10.0) was released in December 2020 and it has an active developer community. The major highlights of Nikto2 are:

  • Full HTTP proxy support
  • SSL support
  • Save reports in HTML, XML and or plain text
  • Easily identify installed software in the servers
  • Maximum execution time per target
  • Reporting of unusual headers
  • Well defined and thorough documentation

7. OpenVAS

Developed and maintained by the Greenbone network since 2009, OpenVAS stands for Open Vulnerability Assessment Scanner. It is an open source tool used for testing vulnerabilities in a Web application. With its latest version (v20.8.1) out in February 2021, OpenVAS is an actively maintained open source tool with good community support. Major highlights are:

  • Unauthenticated / authenticated testing
  • High / low level Internet and industrial protocols
  • Performance tuning for large scale scan
  • Powerful internal programming language
  • Accompanied by a vulnerability tests feed containing over 80,000 tests
  • Compatible with Greenbone vulnerability management suite
  • XML based stateless request-response

6. Grabber

Grabber is a fun little penetration testing tool with the ability to test many different vulnerabilities. Written in Python, this open source tool requires you to have some background knowledge in understanding vulnerabilities, as it only shows you what vulnerabilities your Web app has but not how to resolve them. There is no standardised version mentioned for this tool on its GitHub repository and community support might be a problem. The major highlights of Grabber are:

  • Cross-site scripting vulnerability test
  • SQL injection vulnerability test
  • Simple AJAX check
  • Crystal ball testing for PHP applications
  • JavaScript source code analysis
  • File inclusion
  • Backup files check

5. SQLMap

With a specific focus on SQL injection vulnerabilities, SQLMap is a great open source tool that automates the process of detecting and exploiting SQL injection flaws and taking over database servers. It comes with an interactive and relatively easy to use CLI, and is written in Python. Its latest version (Shazora Bradleflame) was released in January 2021 and it has an active developer community. The major highlights of SQLMap are:

  • Full support for all major databases, including MySQL, PostgreSQL, IBM DB2 and SQLite
  • Support for all 6 SQL injection techniques
  • Enumeration of user password hashes
  • Automatic recognition of password hashes
  • Download and upload file support
  • Database process’ user privilege escalation
  • Detailed documentation available in multiple languages

4. Arachni

Designed for penetration testing and systems administration, Arachni is a full-featured high performance Ruby framework. It is multi-platform, versatile and has a REST based API. The only drawback is that the app has not received any updates since 2017 when its last version (v1.5.1) was released. With no new updates and lack of community support, the tool is not ideal for those not familiar with Ruby and/or are beginners in penetration testing. The major highlights of Arachni are:

  • SSL support with fine-grained options
  • Custom header support
  • UI abstraction
  • Automatic logout detection and scanning upon re-login
  • High performance asynchronous HTTP requests
  • Proxy authentication
  • Cookie-jar / cookie-string support

3. Wireshark

Started in 1998 by Gerald Combs, Wireshark is a comprehensive network protocol analyser that helps you go into the nitty gritty details of each visit to your website and each active connection. If you require a microscopic look into your system’s network traffic, Wireshark is the tool to opt for. It has an active and vibrant developer community with excellent support tools. The major highlights of Wireshark are:

  • In-depth analysis of hundreds of protocols
  • Live and offline analysis
  • Multi-platform support
  • VoIP analysis
  • Decryption support for a wide range of protocols
  • Data can be exported to CSV, XML and other formats
  • Coloured rule highlighting for intuitive analysis

2. Nogotofail

Released in 2014 as an open source project by Google, Nogotofail is a lightweight application that can be used to spot and fix vulnerable TLS/ SSL connections. It was designed keeping in mind developers and Network security researchers. The one drawback is that the last version (v1.2.0) for this application was released in 2015. With no regular updates and shoddy community support, the application may not be ideal for absolute beginners. The major highlights of Nogotofail are:

  • SSL certificate verification
  • VPN/proxy support
  • Lightweight and easy to deploy
  • MiTM attack detection support
  • SSL injection vulnerability test
  • TLS injection vulnerability test
  • Sensitive cleartext traffic detection support

1. OSSEC

OSSEC is the only framework in this list with machine learning support, which instantly makes it more attractive than others. It is an open source host-based intrusion detection system. It has multi-platform support and has different versions that fit different enterprise needs. With its latest version (v3.6.0) out in February 2020, OSSEC is a well maintained application with active community support and detailed documentation. The major highlights of OSSEC are:

  • Log analysis
  • File integrity analysis
  • Policy monitoring
  • Rootkit detection
  • Real-time alerts
  • Active response
  • Machine learning support

LEAVE A REPLY

Please enter your comment!
Please enter your name here