Best SecOps Tools: 50 Must-Have Tools For Your SecOps Arsenal

SecOps is a multi-faceted function tasked with a variety of responsibilities, not the least of which is coming up with secure software and applications while maintaining the development and release cadence users demand. It’s no longer enough to just concern yourself with writing code and developing software. Today, adding security into the mix is considered a best practice — and it’s certainly one we live by at Threat Stack.

Fortunately, a number of tools can help SecOps professionals meet these demands and achieve business goals. From dashboards that let SecOps pros view all the essential metrics about their apps in one place, to hunting tools that help users detect patterns and pinpoint potential vulnerabilities, to tools that issue alerts when anomalies arise, to attack modeling tools that create a standardized taxonomy of security threats, and more, there are many types of tools that today’s SecOps pros should have in their arsenal.

In this post, we’ve rounded up 50 of the most useful tools for SecOps teams in the following categories:

Dashboards

1. Grafana

@grafana

Grafana allows you to centralize all the relevant data into one beautiful dashboard. These dashboards are composed of different panels to make it easier to visualize, query, and comprehend the data you have — no matter where data is stored. Grafana is fully customizable so you can fine-tune your dashboard and the information you get only to what you need. What’s more, Grafana is completely open source and has an active community to back you up just in case you hit a roadblock or need some technical help. A strong and supportive community also means that you can find plugins and pre-built dashboards in Grafana’s official library.

Key Features:

  • See your data the way you want it
  • Choose from graphs, maps, histograms, and heat maps, among others
  • Set up alerts while you are looking at the data, such as setting thresholds on the graph itself
  • Easily share your dashboard with anyone

2. Kibana

@elastic

Kibana condenses thousands of log entries into a single graphic that is easy to understand. You can use Kibana for operational intelligence, time series analytics, and application monitoring. It integrates with Elasticsearch, so if you have data stored in Elasticsearch, Kibana is a must-have tool.

Key Features:

  • Interactive charts
  • Ability to manipulate how you see your data (zoom into a subset or see the big picture)
  • Mapping support, allowing you to add location information to your data and see it on a map
  • Built-in filters and aggregations
  • Ability to share your dashboards with other team members

Automation

3. StackStorm

@Stack_Storm

StackStorm positions itself as the IFTTT for your ops. Like IFTTT, StackStorm can detect when a certain event happens and sets forth different actions that you want it to do, according to the rules you set. Unlike other current automation tools, StackStorm does not rely on human input. Instead, it autonomously gets information from sensors and actions, and sets your rules into motion.

Key Features:

  • Set up workflows for multiple rules and actions, executed in order (i.e., automate remediation, such as cleaning up logs when the disk runs out of space)
  • Escalate issues for human intervention
  • Automate anything with StackStrom, from controlling home appliances to tools, the Internet of Things (IoT), and more
  • Select from more than 450 integrations
  • Or choose to write your own rules

Hunting

4. GRR Rapid Response

@grrresponse

GRR Rapid Response is a tool used for investigations and forensics, allowing you to respond to incidents by getting live forensics remotely. SecOps professionals can assign different levels of urgency to attacks and analyze the situation remotely. You would need to deploy the GRR client on the systems that you want to look into. These clients would poll the users when they run a particular action, such as listing directories or downloading files. You should also get the GRR server deployed because this is what gives you the user interface and API endpoint. You can get GRR Rapid Response at GitHub here.

Key Features:

  • Gathers and processes data from many machines and devices
  • Use GRR to remotely check on machines
  • Analyze one or more machines for vulnerabilities

5. Mig

@mozilla

Mig stands for Mozilla InvestiGator. It is a tool for investigating remote endpoints. Mig makes use of easy-to-deploy, lightweight, and secure agents that you install on your infrastructure’s systems. You can then search for information related to file systems, memory of the endpoint device, configuration of the endpoint device, and network state. You can get Mig on GitHub here.

Key Features:

  • Works with Linux, MacOS, and Windows (with varying feature sets)
  • Inspect files and memory (on all platforms); partial network inspection on Windows
  • Vuln management and system audits on Linux

6. Mirador

@fathominfo

Mirador is a tower or turret that gives you a full view of what’s around you. It is also the Spanish term for “vantage point,” as well as the name of a tool that allows you to visually explore even the most complex datasets — so you can easily understand your data, see trends and patterns, and even get new insights from it.

Key Features:

  • Interact with your data; perform open-ended searches
  • See the factors that may predict relevant outcomes
  • Allows for visual representation and measuring of correlations
  • Can be used for statistical modeling, finding and ranking correlations, and other use cases

7. Moloch

Developed by AOL, Moloch is an open source database system that can complement your existing security infrastructure. It will store and index your network traffic, making it easier and faster to access. Moloch makes use of the PCAP format, but can also handle JSON data. It gives you more visibility into your current Intrusion Detection Systems (IDS), although it’s not intended to be a replacement for your IDS. It works with the following operating systems out of the box: CentOS 7, Ubuntu 14.04 and 16.04, and FreeBSD 9 and 10.0, and there are some workarounds for other operating systems, such as CentOS 6 and Ubuntu 12.04. You can get Moloch on GitHub here.

Key Features:

  • High focus on security
  • Intuitive user interface
  • Scalability
  • Easily works with a number of clustered systems
  • Handles several gigabits of traffic per second with ease
  • APIs for downloading PCAP and JSON session data

8. MozDef

Developed by Mozilla, MozDef is a response to the tools used by hackers to coordinate their attacks, share information, and even tweak their attacks as they happen. On the other hand, IT professionals and those who are trying to ward off these attacks do not have these capabilities. MozDef, or the Mozilla Defense Platform, gives defenders a platform to quickly uncover and then respond to security breaches. MozDef is available on GitHub here, and it is currently handling at least 300 million security events daily.

Key Features:

  • Statistics on security incidents and events
  • Collaborate with fellow security handlers in real time
  • Works with Mig, Bunker, Banhammer, and others

9. OSQuery

@osquery

OSQuery lets you query your computer, smartphone, and different operating systems as though they are databases. OSQuery is an open source project that can run almost every operating system, including MacOS, FreeBSD, Linux OS, Windows, and CentOS. A very active community supports this tool, and you can find curated projects on the OSQuery website. Additionally, there is also have an extensive list of documentation that can help you along.

Key Features:

  • Use simple SQL commands to see what’s happening with your OSs
  • Insights such as open network connections, currently loaded kernel modules, and currently running processes
  • Interactive OSQueryi for testing new queries and easily exploring your OS
  • Schedule queries throughout your entire infrastructure

10. OSSEC

@ossecproject


Note: At Threat Stack, we strongly advise against a build-your-own approach to security or centering your strategy on open source security solutions. In the case of build-your-own, there’s a large number of hidden issues that will cost time and money and demand expertise that’s almost certainly beyond your core competency. And remember this about open source tools: Open source is only free if your time is worth nothing. Most open source tools require DIY deployment, which calls for an extensive investment in resources and expertise, and then there’s the ongoing issue of upgrades, maintenance, integrations, and so on.

For a thorough discussion of these issues, please take a look at these two posts:


OSSEC, an open source tool, helps you know when your system has been breached. OSSEC can watch and analyze everything from FTP servers, to mail servers, databases, web applications and servers, firewalls, antivirus, event logs, remote access logs, NIDS, and security tools, among many others. Like other tools here, this host-based intrusion detection system is backed by a big group of developers, IT personnel, and other tech users. You can get OSSEC on GitHub here.

Key Features:

  • Analyze logs, check system integrity, monitor Windows registry, detect root kits, and more
  • Issues threat alerts
  • Compatible with Windows, FreeBSD, Solaris, OS X, and Linux

ChatOps

11. Gitter

@gitchat

Gitter combines a networking and chat platform that allows you to connect, manage, and grow your communities using content, discovery, and messaging. Gitter is open source and can be deployed by developers needing to add chat rooms and instant messaging to their projects. Gitter allows you to get notifications on mobile devices in batches, connect to existing IRC clients, and access searchable message archives, among other features. You can even integrate it with Trello, Jenkins, Travis CI, Sentry, Heroku, Sprintly, Pagerduty, bitBucket, HuBoard, and Github.

Key Features:

  • Easily create communities
  • Message history and searchable archives
  • Batch notifications on mobile
  • Variety of integrations

12. Slack

@SlackHQ

Slack is a range of collaboration services and tools that give a log of your messages, files, and people that are all easily searchable. Slack also offers integration with a wide variety of third-party services, as well as those extensions provided by its community of users. You can use Slack with Heroku, Trello, IBM Bluemix, Box, Google Drive, Dropbox, Zendesk, GitHub, Runscope, and other services. Slack is free to use, but you can upgrade to a paid version that offers additional features and guaranteed uptime.

Key Features:

  • Persistent chat rooms, sorted by topic
  • Direct messaging and private groups
  • Variety of integrations and extensions

13. Riot.im

@RiotChat

Riot.im makes collaboration easier. It works similarly to Slack, but with a couple of key differences. It’s not only a tool to send and share messages, files, and other media, but you can also use video or voice conferencing with Riot.im. You have the option to show full history to new members in a chat room (so they can read what was said before they joined), or you can set it so they can just read the chat history from the time they joined. The secure platform also allows you to run it on your own server, restricting employees from inviting others who are outside your server. Riot.im has several integrations with other services, full room search, and other features. It works just about everywhere — you can access it on your desktop or on your iOS or Android device.

Key Features:

  • Full chat history
  • Video and voice conferencing
  • Run on your own server
  • Multiple integrations

Sharing

14. GitBook

@GitBookIO

GitBook makes it easier for you and your employees to write and publish all types of written content online, such as API and tool documentation, knowledge bases, and FAQs, with seamless collaboration for working simultaneously on the same documents with team members. GitBook is also a documentation-hosting platform, and it’s used by more than 200,000 users around the world.

Key Features:

  • Collaborate with team members
  • Desktop and web editors
  • Version control
  • Templates for API documentation, FAQs, manuals, and more

15. Speaker Deck

@speakerdeck

If Gitbook is perfect for documents, such as FAQs, knowledge bases, and documentation, Speaker Deck speaks to a totally different audience: those who make presentations. Upload your presentation slides, and Speaker Deck hosts it online, enabling your audience and other users to view your presentations. The best thing about Speaker Deck is that it does not serve ads, so there are no distracting advertisements that appear next to your presentation slides. Speaker Deck is owned by GitHub.

Key Features:

  • Host presentation slide decks online
  • Embed full or partial presentations on websites
  • Enable users to share your presentation materials
  • Ad-free viewing

Visualization

16. Gephi

@Gephi

Gephi is an open graph visualization platform, allowing you to see and explore your data easily. Free to use, Gephi creates any type of graph to visualize your data. You can utilize Gephi for analyzing links and correlations between two objects, your social data, biological data, and others. It supports a variety of file formats, and may be extended by a variety of plug-ins. Every data scientist and analyst should use Gephi to help them understand their data and gain new insights from it.

Key Features:

  • Create graphs, maps, and other visualizations
  • No coding necessary
  • Built-in rendering engine
  • Supports a variety of file formats

17. ShadowBuster

ShadowBuster is a unique tool that shows you real-time attacks on a map. It can show you when an attack begins, the target site of the attack, the originating IP address, and the location of both the attacker and the site being attacked. Aside from the constantly updating attack map with zoom-in, zoom-out functionality, you can also get tables of information, such as a count of the number of attacks originating from different countries, the hosts being attacked and how many attacks they have received, as well as a more detailed table that shows the target host, what kind of attack was done, the location of the attacker, and the IP address. Get ShadowBuster on GitHub here.

Key Features:

  • View attacks on a map in real time
  • Identifies target site, the time an attack began, originating IP address, and more
  • View attack data in tables

Attack Modeling

18. CAPEC

CAPEC, or Common Attack Pattern Enumeration and Classification, allows you to understand the attack patterns used by cybercriminals and hackers. It enables educators, analysts, testers, and developers to get to know the different kinds of attacks. Think of it as an encyclopedia of all the known attacks complete with a description of the attack, the prerequisites for the attack, and possible solutions. It also includes links to similar attacks, allowing you to easily find related attack patterns. You can find attack details by mechanism or by domains.

Key Features:

  • Analyze attack patterns
  • Descriptions of attacks and possible solutions
  • Discover related attack patterns

19. SeaSponge

SeaSponge is a threat modeling tool. Threat modeling is done to identify vulnerabilities and security objectives, as well as determine the countermeasures to fight, minimize, or prevent threats to your software. While threat modeling is often not carried out in software development, SeaSponge may just change that. With SeaSponge, you can identify the vulnerabilities in your application and plug them before it goes live. Developed by Mozilla, SeaSponge can be used on just about any browser on any operating system.

Key Features:

  • Intuitive user interface
  • Identify app vulnerabilities
  • Works on any browser and any OS

20. STIX

STIX, or Structured Threat Information Expression, is both a serialization format and a language that may be used to trade CTI or cyber threat intelligence, aiding security professionals and IT personnel in understanding different attacks and vulnerabilities, as well as being able to respond to these events faster and more efficiently. STIX is used for automated threat exchanges, collaborative vulnerability and attack analysis, and automatic response and detection.

Key Features:

  • Share CTI with other organizations
  • Exchanges are readable by machines
  • Learn about attack patterns, identity, intrusion set, malware, threat actors, etc.
  • Collaborative vulnerability and attack analysis

Red Team

21. EyeWitness

@christruncer

EyeWitness allows you to take screenshots of open virtual network computing servers, remote desktops, and websites, providing server header information and default credentials whenever possible. It works on Kali Linux or Debian 7+, and you can use different flags to have it do what you need. For instance, using the -f flag will automatically detect the file. Or you can use the -t flag to set a maximum time for it to screenshot or render a Web page. Read the documentation and get EyeWitness on GitHub here.

Key Features:

  • Screenshot capabilities
  • Provides server header information and default credentials
  • Configure flags to customize functionality

22. Hound

Hound lets you search your source code quickly. It is based on the code written by Russ Cox, which combined expression matching and trigram index. It may seem like a redundant tool, but unlike old code searching tools, Hound is faster, easier to configure, and has a very small footprint. You do not need to install a lot of files to get this convenient tool. It is currently fully compatible with CentOS and MacOS, but it can work any nix system. Some users have also reported that it runs on Windows, but the creators do not officially support Microsoft’s operating system.

Key Features:

  • Quickly search your source code
  • Faster, easier configuration compared to other tools
  • Smaller footprint than other code searching tools
  • Works with any nix system

Alerting

23. 411

411 is the local directory assistance number for Canada and the United States, but it is also a slang term for information. 411, the program, allows you to manage your alerts using a web-based interface. It enables you to query different data sources for all the alerts it created. For example, you can use 411 when you want to detect when specific log lines appear in ElasticSearch, or when a program’s metric changes, or when a server suddenly ceases responding. The graphical interface shows you the number of active alerts, how many of these are escalated, how many of these are high, medium or low priority, and how many alerts are already stale. Get 411 on GitHub here.

Key Features:

  • Query different data sources for alerts
  • Add metadata to alerts
  • Graphical interface displays active alerts, # of alerts escalated, priority level, and # of stale alerts
  • 20-day history of alerts and actions

24. Alerta

@alertaio

Alerta is an alert management system that allows you to query, monitor, and visualize alerts. Alerta offers numerous native integrations with several services, such as Prometheus, InfluxDB, Kapacitor, Google Stackdriver, Zabbix, Telegram, and PagerDuty. Moreover, Alerta has a very flexible alert format so you can include all the alerts that matter to you. It can also handle duplicate alerts and can help you correlate one alert to another.

Key Features:

  • Query, monitor, and visualize alerts
  • Highly extensible
  • Variety of native integrations
  • Flexible alert format

25. ElastAlert

@Yelp

ElastAlert gives you an easy way to get alerts on spikes, anomalies, and other patterns you would be interested in when it comes to ElasticSearch data. ElastAlert is modular and reliable, and is very easy to set up and configure. For instance, ElastAlert remembers its Elasticsearch state — and if it executes, it will automatically resume at the point where it was stopped. It will also retry alerts that return an error. Furthermore, all configurations are done on a single configuration file, the config.yaml. Out of the box, Elastalert works with a variety of alert types, such as AWS SNS, Commands, Email, Exotel, Gitter, HipChat, JIRA, MS Teams, OpsGenie, PagerDuty, Slack, Telegram, Twilio, and VictorOps. Developed by Yelp, ElastAlert is available on GitHub here.

Key Features:

  • Works with a variety of alert types
  • Get alerts on spikes, irregular patterns, and other data
  • Automatically retries alerts that return errors

Secret Management

26. BlackBox

BlackBox is a tool for storing your secrets in a version control repository such as Perforce, Git, or Mercurial. BlackBox basically makes it simple to use GNU Privacy Guard to encrypt files in a repo, making them encrypted even when they are not being transmitted through the networks. On the other end of the spectrum, BlackBox also makes it simple to decrypt the encrypted files when you need to edit or view them. You only need to have the right GPG key. You can use BlackBox with any Mercurial or git repository in order to encrypt SSL keys, passwords, and other secrets.

Key Features:

  • Securely store your secrets in version control repositories
  • Use GNU Privacy Guard to encrypt files
  • Easy to decrypt files with a GPG key
  • Works with any Mercurial or Git repository

27. Git Secrets

@mtdowling

Git Secrets allows you to make sure that there is no or very little private information included in a public repository. This happens more than necessary when you are collaborating to develop a platform or a program; people sometimes push very personal information onto a public repository. Git Secrets can help prevent that. It scans your commits using the git hooks you specify to make sure that you do not accidentally share private data. Git Secrets can automatically create the necessary hooks, and it curates a list of prohibited patterns. The shell utility will then scan the commits and commit messages, and see if there are prohibited patterns there. If there is a prohibited pattern in your commits, Git Secrets will reject it.

Key Features:

  • Automatically creates necessary hooks
  • Curates a list of prohibited patterns
  • Scans commits and messages to detect prohibited patterns
  • Prevents the sharing of sensitive data on public repositories

28. Keybase

@KeybaseIO

Keybase is a key directory that helps you manage your social media credentials to encryption keys. You can use it with Facebook, Reddit, Github, Twitter, Coinbase, Zcash, and Bitcoin. The messaging platform enables you to securely share updates, messages, and files. You can add people even if you do not know their email address or phone number (the way it works with other messaging platforms). You can also use Keybase to chat with other people, even if they have not signed up to Keybase. For instance, you can use somebody’s Reddit username to send him or her a message. You can also use Keybase Teams to easily send files to and communicate with several people.

Key Features:

  • Manages social media credentials to encryption keys
  • Works with a variety of social and collaboration platforms
  • Securely share messages, files, and updates
  • Connect with others, even if they are not Keybase members
  • Keybase Teams for group collaboration

29. Transcrypt

@elasticdog

Transcrypt is short for “transparent encryption.” It keeps your sensitive files safe when they are stored in a Git repo. Simply specify the files you want to protect and the script will encrypt them when you commit. Transcrypt will also decrypt these files automatically when you want to view them. The good thing about Transcrypt is that other users who do not have your encryption password are still able to make changes to the repository, but only those involving the non-encrypted files. What makes Transcrypt better than similar scripts is that it does not need to be compiled, it has safety checks that prevent it from duplicating configuration data, and it creates a unique salt for every encrypted file you specify. It also uses OpenSSL’s cipher instead of its own.

Key Features:

  • Keeps sensitive files safe when stored in a Git repo
  • Automatically encrypts specified files when committed
  • Automatically decrypts files when you need to view them
  • Enables other users to make changes to other files in the repo

30. Vault

@HashiCorp

Vault, developed by HashiCorp, is a tool that lets you encrypt and manage secrets for data in transit. The tool stores your API keys and credentials, as well as encrypts your signup passwords. In short, Vault aims to be the only tool you will ever need for everything related to secret management. For instance, you do not have to understand who has access to which secrets, and you don’t have to worry about key rolling, audit logs, and secure storage — you only have to use Vault. Vault offers several features, including secure secret storage, leasing and renewal of secrets, dynamic secrets, data encryption, auditing, secret revocation, access control rules, and a variety of authentication methods.

Key Features:

  • Stores API keys and credentials
  • Encrypts signup passwords
  • Automatically handles everything related to secret management
  • Auditing tools
  • Access control
  • Supports a variety of authentication methods

Threat Intelligence

31. Critical Stack Intel Marketplace

@CriticalStack

Critical Stack Intel Marketplace gives you access to a wide range of intel sources, blacklists, and feeds. You can choose which ones to use. Each intel feed is peer reviewed in that other users can rate the feed to give you an indicator if it is trustworthy or not. What’s more, a lot of these are free to use. You can even choose two or more feeds and mix and match, and you can decide which indicators and metrics to focus on. The Intel Marketplace supports two-step authentication, and you can use command line to deploy the tool.

Key Features:

  • Wide range of intel sources, blacklists, and feeds
  • Peer-reviewed resources to gauge trust
  • Deploys from the command line

32. IntelMQ Feeds

IntelMQ Feeds collects and processes security-related feeds, log files, tweets, and pastebins. IntelMQ Feeds makes it relatively easier for incident and threat responders to gather threat intelligence that they can use for their incident handling. For instance, you can learn more about the Palevo worm, the Zeus Botnet, SSH brute force threats, attacks on the Service SSH, and other threats. IntelMQ Feeds uses a message queue protocol and is easy to use. It does score high on features and value, as it tries to avoid feature bloat and keeps only the important and essential features on board.

Key Features:

  • Automate incident handling responses
  • Write your own bots for data feeds
  • Create your own blacklist

33. Open Threat Partner Exchange

@LG_Cyber

Open Threat Partner Exchange, or OpenTPX, lets you share and exchange information on threat intelligence, collections, context, and networks, as well as on how to mitigate these threats. It uses the large volume of data that you get from different sources and in numerous formats. OpenTPX is machine-readable, but humans can also understand the content easily.

Key Features:

  • Share and exchange information on threat intel
  • Machine-readable and human-interpretable content
  • Handles data of any size
  • Works with relational data
  • Provides data on when threat data was captured and when it was last modified and viewed
  • Determine if threat analysis was conducted and when it expires

34. RiskIQ Passive Total

@RiskIQ

RiskIQ Passive Total is a threat analysis tool that brings together all the relevant online data sets in order to make investigation into and subsequent elimination of threats a whole lot faster. Passive Total will expose and map threat infrastructure while also giving you all the intelligence and context to the incidents and events that you are investigating. Not only that, you can also predict attacks and threats that are just starting to proliferate on the internet and look into infrastructures that are used in different attacks. Most importantly, you can use RiskIQ Passive Total to defend yourself from attacks.

Key Features:

  • Curates relevant online data sets related to threats
  • Exposes and maps threat infrastructure
  • Provides intelligence and context for events you’re investigating
  • Predict attacks and threats

Testing

35. Brakeman

@brakeman

Brakeman is a security scanner that you can use when you are developing on Ruby on Rails. It can scan your applications for any vulnerability that may exist, no matter what stage of development you are in. Brakeman is different from other scanners because it looks at your source code; you do not need to set up your entire application stack. The beauty of using Brakeman is that you spend no time setting it up; you only need to execute it. You can run it any time, and it is very flexible. Brakeman does not use spidering sites, allowing itself to completely cover all aspects of your application.

Key Features:

  • Scans apps developed in Ruby on Rails for vulnerabilities
  • Scans source code
  • Reports on all detected vulnerabilities
  • Evaluates whether configurations are in line with best practices

36. Chef Inspec

@chef

Chef Inspec is a testing framework that allows you to determine which of your servers needs to be patched, to validate that a new feature is secure, or to ensure that your IT assets comply with regulatory rules even when audit is far away. This open source framework is very easy to deploy, customizable, and extensible. It supports just about every operating system and is not locked onto a particular platform — and you can test remotely or on-site.

Key Features:

  • Set up system expectations
  • Get alerts when deviations are detected
  • Create automated tests for security, policy, and compliance requirements

37. David

David is a tool that helps you see all dependencies of a particular project, as well as the version that you are using and the latest version that is available. David will then show a badge that lets you know the current status of the project, which you can embed on your website. For instance, it can tell you whether the dependencies of a particular project are up to date, out of date, or unsecure. This tool is free for all public projects hosted on GitHub, and it is very easy to use. All you need to do is declare all your dependencies in a JSON file, and David will do the rest.

Key Features:

  • See all dependencies of a project
  • Get a badge that displays current project status
  • Free for GitHub-hosted projects

38. Gauntlt

Gauntlt gives ops, dev, and security professionals an attack framework, allowing them to run a variety of different attacks and build better software. Gauntlt takes your code through the most relentless attacks out there — to make sure that it can withstand the biggest threats in existence. It works with different testing tools, including curl, dirb, nmap, sqlmap, arachnid, and sslyze. In short, Gauntlt does not really give you the security tools you need, but it enables you to use these tools for your testing.

Key Features:

  • Runs your code through the most brutal attacks to test security
  • Communicate and test between various groups
  • Create actionable testing tools connected to processes
  • Works with a variety of testing tools
  • Offers several security tool adapters
  • Uses standard Unix error to show status

39. Hakiri

@hakirisec

Hakiri is another tool that monitors Ruby on Rails applications to detect vulnerabilities in your code. It can also scan your code to find security holes that could be used for XSS, SQL injections, or other types of attacks. What’s more important is that Hakiri helps to ensure that these bugs are not there when your application is released.

Key Features:

  • Monitors Ruby on Rails apps for vulnerabilities
  • Identifies common vulnerabilities and exposures in Gems
  • Identifies vulnerabilities listed in the Open Source Vulnerability Database
  • Alerts issued via email or Slack

40. Infer

@fbinfer

Infer can help you weed out bugs in your code if you write programs in C, C++, Objective C, or Java. You can use this static analysis tool to detect critical bugs before your applications are released. This process can also help improve your application’s performance and prevent crashes. For instance, you can use Infer to check for annotation reachability, null pointer exceptions, concurrency race situations, and omitted lock guards in your Android app code. Infer can be used for projects such as Amazon Web Services (AWS), Facebook, Instagram, Mozilla, Oculus, Spotify, Kiuwan, Uber, What’s App, and more.

Key Features:

  • Detects bugs in C, C++, Objective C, and Java
  • Checks for annotation reachability, null pointer exceptions, and more
  • Improves app performance and prevents crashes
  • Used for AWS projects as well as Facebook, Instagram, Mozilla, and other popular services

41. IronWASP

@ironwaspsec

IronWASP can help you find security vulnerabilities and issues on your web site, checking for dozens of commonly seen web vulnerabilities. The open source scanner is graphical and very intuitive to use; in fact, you don’t even need to be an IT security professional in order to use it. You can also extend it with different plug-ins. Moreover, you can get additional modules that were built by its growing community, including a Wi-Fi router scanner, an SAP security Scanner, and other tools.

Key Features:

  • Efficient and powerful scanning engine
  • Get security reports in rich text and HTML
  • Detects false positives
  • Scripting engines for Ruby and Python
  • Extensible with plug-ins and additional modules

42. Lynis

@cisofy_is

Lynis evaluates how strong Linux and Unix systems are in terms of security. The open source tool is a favorite among auditors, IT security professionals, and system administrators when it comes to security auditing. You can run Lynis on the host to allow it to conduct comprehensive security scans. Data and reports are shown on your screen and all findings are logged into a report file, while the more technical results are kept in a log file.

Key Features:

  • No installation required
  • Compatible with AIX, FreeBSD, Linux, Solaris, NixOS, and other Unix-based OSs
  • Hundreds of tests

43. Node Security Platform

@nodesecurity

Node Security Platform ensures that security stops being just an afterthought and makes it part of your workflow. It continually monitors your app to see if there is a new vulnerability you have to correct. It can even suggest mitigation strategies, helping you figure out how to fight or remove these security holes.

Key Features:

  • Extensible and compatible with a variety of development tools and software
  • Continually monitors apps to detect vulnerabilities
  • Recommends threat mitigation strategies

44. npm-check and npm-outdated

@npmjs

Two command line tools from NPM — npm-check and npm-outdated — also provide an easy way to check your code’s packages and dependencies. npm-outdated will check your system’s registry to look for packages you have installed but that are now outdated. Running npm-outdated would give you a list of packages installed, installed version, latest version, location, and the wanted version. On the other hand, npm-check allows you to see which of your dependencies are not used in your code, are incorrect, or are outdated. Not only does this point out the outdated dependencies, but the results will also include a link to the documentation to help you decide whether to update it or not.

Key Features:

  • Command line tools from NPM
  • Easily check your code packages and dependencies
  • Checks system registry to identify outdated packages
  • Evaluates dependencies to identify those that are incorrect, outdated, or not in use
  • Provides links to documentation for updating outdated dependencies

45. OSS Fuzz

@Google

OSS Fuzz allows you to do fuzz testing, a commonly used technique to discover programming errors in your software. The beauty of fuzz testing is that not only does it help you find coding errors, but it will also help you ensure better security. OSS Fuzz improves the security of open source software by informing the maintainer or programmer about bugs that they should fix. Once fixed, OSS Fuzz will be able to immediately confirm it. Google, the company that develops OSS Fuzz, also maintains a page listing all known bugs reported by OSS Fuzz.

Key Features:

  • Identifies bugs in open source software
  • Informs programmers and developers of bugs that should be rectified
  • Immediately confirms whether fixes are effective

46. OWASP OWTF

@owasp

OWASP Offensive Web Testing Framework, or OWASP OWTF, has a simple goal: make security evaluation as painless and as efficient as possible. It does this by automating the manual tasks of penetration testing. Instead of worrying about manual activities, penetration testers can devote their time to finding, verifying, and then combining vulnerabilities, doing more targeted fuzzing, and completing other more important activities.

Key Features:

  • Automates manual pen testing tasks
  • Supports NIST, PTES, and OWASP Testing Guide standards
  • Supports APIs for viewing core functions and options and adding new features
  • Web interface for larger pen testing projects

47. OWASP ZAP

@owasp

OWASP Zed Attack Proxy, or OWASP ZAP, is an open source security tool that can find security holes and vulnerabilities in any web applications, even those that are still under development and testing. Penetration testers will also love OWASP ZAP as they conduct manual pen tests. You can use OWASP Zed Attack Proxy as a proxy server, where it can be used to manipulate all traffic that passes through. You can also set it to run as a daemon.

Key Features:

  • Available in more than two dozen languages
  • Active community that helps maintain and update the tool
  • Detects vulnerabilities in web apps, even those under active development and testing
  • Can be used as a proxy server or run as a daemon

48. RetireJS

@kozmic

When you code with JavaScript, you could really save time and effort by using JavaScript libraries that you could use for your Node.js and Web applications. The problem with this is that there are libraries that have known security holes and, when included as part of your application, open them to attacks. The good news is that you can use RetireJS, a highly flexible tool, to check and see if you are using library versions that have a known vulnerability.

Key Features:

  • Detects known vulnerabilities in JavaScript libraries
  • Run as a scanner or using the command line
  • Also works as a grunt plugin
  • Chrome and Firefox extensions
  • Executable with OWASP ZAP plugin, BURP plugin, or as a gulp task

49. RIPS

@FluxReiners

RIPS analyzes your PHP script’s source code to look for security vulnerabilities. You can get statistics on each scan as well as the vulnerabilities detected. If you are not familiar with a security hole RIPS has reported to you, you can consult the vulnerability description. It also has audit-related features, such as file list and graph, user input list, and a source code viewer that also has highlighting. The source code analyzer works fast and can detect security holes, such as code execytuibm cross-site scripting, file disclosure, inclusion and manipulation, SQL injection, and LDAP injection, among others.

Key Features:

  • Checks for security vulnerabilities in PHP source code
  • Reports include statistics and vulnerability descriptions
  • File list and graph, user input list, and source code viewer with highlighting

50. Snyk

@snyksec

Snyk is yet another tool that ensures your security even if you are using open source software. Rather than blindly use another person’s code in your program, including the potential vulnerabilities and security holes, you can use Snyk to make sure the code is clean. Snyk offers a few advantages over other similar software, such as its use of the best databases that detail known vulnerabilities found in libraries. In addition, it is very easy to use and fixes security issues it finds. Snyk is available in different languages, including Node.js, Ruby, Golang, Scala, Java, .NET, Phyton, and PHP.

Key Features:

  • Evaluates open source code to eliminate vulnerabilities
  • Uses the best databases with details on known vulnerabilities
  • Fixes security issues in open source code
  • Available in Node.js, Golang, Ruby, .NET, Java, Python, and PHP


*** This is a Security Bloggers Network syndicated blog from Blog – Threat Stack authored by Christian Lappin. Read the original post at: https://www.threatstack.com/blog/best-secops-tools-50-must-have-tools-for-your-secops-arsenal/