Security-Database Best IT Security Tools for 2009

The year 2009 was very intense of emotions, sadness, sorrows, and conflicts. The world as we knew or at least our parents did is changing so fast and unfortunately not in the right way.

The very bad economic situation, the stinky religions conflicts, the riots and wars, the increase of radical extremists and the policy of fear that the governments feed us are urging this earth to an excruciating end.

But instead of talking about politicians and their immature and childish job they are doing as spreading fear, making the wrong choices (as usual), wasting taxpayers money and time, dumping people into poverty, we’d prefer focusing into enumerating the great software and tools we’ve seen this year.

So, we are happy that 2009 is finally over and we expect the best for 2010.

— Security-Database Team

Scoring criteria

We’ve conducted this new survey on the basis on some criteria (as we did two years before).
Since the last survey (2007), we decided to add these new criteria:

  • Community support
  • Documentation
  • Popularity (Twitter followers)
Criteria Comment
Audience Each tool has its target audience.
Community Support Tool has a community version with support and the appropriate documentation.
Documentation All documentation are easy to read and to understand and at least written in English. Wiki, blogs and other collaborative support are a must.
Features Built-in, plug-in, functionalities, capabilities, use of APIs, interoperability with other systems.
Maintenance Frequency of bugs fixing, generating new releases, nightly builds, beta testing.
Popularity The popularity of the tool among the community, Twitter followers and average of visits and download based on our statistics for the year 2009.
Reporting Support of charts, dashboard, exporting to multiple formats
Standards, Metrics & Open Standards The ability of the tool to map findings with Compliance, standards and open standards or to score vulnerability /
risks with metrics.

Standard and metrics could be: CVE, CVSS, CWE, CPE, CCE, OVAL, SCAP, CAPEC, ISO 2700x, NIST, PCI DSS...
Updates Frequency of updates: adding new features, new plug-in,
updating vulnerability database, updating techniques…


Open Source & Free Utilities

Penetration Tests and Ethical Hacking

- Winner Excellent Recommended (Promising)
Information Gathering Maltego Binging
Network Scanners and Discovery Nmap v5 Ex æquo:
  • Netifera
  • AutoScan
Angry IP Scanner
Vulnerability Scanners Ex æquo:
  • Nessus
  • NeXpose
Application Scanners W3AF Samurai WTF Nikto
Wireless Hacking OSWA AirCrack suite AiroScript-NG
Live CDs BackTrack 4 Katana Matriux
Exploitation Frameworks Metasploit v3 DB Exploit Website

Security Assessment

- Winner Excellent Recommended (Promising)
Windows Auditing OVAL interpreter Nessus Local Plug-ins Sysinternals tools
Unix Auditing Lynis CIS Scoring OpenSCAP
Firewall & Filtering Devices None None None
Application Assessment BurpSuite WebSecurify CAT The manual web application
Wireless Auditing OSWA Ex æquo:
  • Kismet
  • Kismac
Forensics CAINE Ex æquo:
  • Mobius
  • Process Hacker
Netwitness Free Edition
Datamining / logs management Splunk community release Dradis
IT Management SpiceWorks Paglo IT
Code analysis Rats Graudit MS
Password analysis Ex æquo:
  • Cain & Abel
  • OphCrack
John the ripper
VoIP & Telephony auditing VAST Viper WarVox
Database auditing Db Audit Free edition Ex æquo:
  • Pangolin
  • SQL Map


Commercial software

- Winner Excellent Recommended (Promising)
Vulnerability Management Ex æquo:
  • Tenable Nessus
  • ProFeed
Ex æquo:
  • WebSaint
  • NeXpose Entreprise
  • Application Security assessment Ex æquo:
    • Acunetix
    • N-stalker
    IBM AppSCAN Netsparker
    Patch Management GFI Languard NSS Lumension EndPoint
    Penetration Testing and Exploitation Core Impact SaintExploit


    Links and references

    Name Link
    Angry IP Scanner
    Samurai WTF
    Exploit DB
    AirCrack-NG Suite
    Backtrack 4
    Oval Interpreter
    Sysinternals suite
    CIS Scoring tools
    CAT The manual Web Application Audit
    Mobius Forensics Toolkit
    Process Hacker
    Netwitness Free Edition
    Splunk Community
    Spiceworks Community
    Paglo IT
    OWASP Code Crawler
    Cain & Abel
    John the Ripper
    DB Audit Free Edition
    SQL Map
    VAST Viper


    2009 Security news in brief

    What’s happened

    - Link
    Returns of The L0pht Industry
    VoIPScanner the first VoIP scanner As A Service
    Rapid7 acquires Metasploit
    Nmap v5.0 released
    Metasploit 3.x the best exploitation framework
    The attack of conficker
    Sara project retired
    Nessus turns to web with version 4.2
    OWASP Guide v3.0 released
    CWE/SANS top dangerous programming errors

    The idiot move

    Nipper the dog is retired from Sourceforge.

    The smart move

    Keeping Metasploit open source and even adding support of Nexpose from Rapid7.

    Security Hoax

    The death of Str0ke from milw0rm.

    The worst and shameless Internet innovation

    And the winner is France for HADOPI LAW.

    Big brother project of the year

    And the winner is France for HADOPI LAW.


    The Use of Awards Logos

    Congratulations for all winners. We have designed Award logos to use as advertising material on your websites or marketing campaigns. To grab the appropriate logo (winner, excellent or promising), just left click and download.

    Copyright © 2009

    Attached Documents

    Attached Pictures

    Winner Excellent Promising