Paid Advertising
web application security lab

103 Free Security Tools + a Few

Rich McIver sent over an article on entitled 103 Free Security Tools. It’s actually a pretty thorough list. Of course it’s not everything, but it actually covered quite a few programs that I personally have used.

There is one program that is missing from this list that I use every day all day long that I personally swear by. It’s Cygwin. In essence it is a Linux shell on top of Windows. It makes the possible to run apache under windows (without another install), wget, ssh, scp, vim, perl, c++, python, php etc… etc… It’s truly one of the most useful tools on my desktop. Also, tools like nmap, unicornscan, fierce etc… are all missing. For the penetration testers out there, these are pretty damn useful to keep on your desktop and all nicely run under cygwin. If you have no access to a Linux/FreeBSD box, this is the next best thing.

Btw, apparently I am behind the times, or wasn’t paying attention but winscp did fix that URL handler vulnerability (changelog can be found here). So if you haven’t updated winscp in a year or more, time to get rid of that vuln and update. Personally I’ve stuck to scp under cygwin, but for the people who never got the hang of command line apps, winscp is a great alternative. And for anyone who doesn’t know what scp is or is otherwise new to security - FTP is vulnerable to man in the middle attacks, scp and sftp use encryption, so while potentially a little slower, they are far more secure.

4 Responses to “103 Free Security Tools + a Few”

  1. Wladimir Palant Says:

    It’s a nice list but one phrase caught my attention: “Firefox […] Uses SSL browsing by default.” What is that supposed to mean???

    As to Cygwin, I recently uninstalled it with a relief, it is no longer required to compile Firefox. I prefer using the faster and more stable native ports of Unix utilities. has the base package, other tools can be downloaded at their respective homepages.

  2. id Says:

    As soon as I get a viable replacement for Visio I’ll quit using windows altogether, really what point does it have if you’re not a gamer?

  3. Spyware Says:

    Nice list but a few good tools are missing. Intellitamper for example, damn useful if you ask me. The list is probably made for the more white-hat-ish people out there. I’ll be downloading a few tools from the list, tho.

  4. Spyware Says:

    Oops just actually read the article. The programs are for keeping your pc safe and not penetration testing tools ;x So forget my last comment.

    /slap me