Evaluate Weigh the pros and cons of technologies, products and projects you are considering.

Top 15 security tools for testing Windows

Being proactive with security assessments can find unexpected vulnerabilities and ease pressure on patch Tuesday. Contributor and security testing guru Kevin Beaver discusses his 15 favorite security testing tools.

So, you're thinking about testing your own Windows systems for security vulnerabilities? Doing so is actually pretty...

interesting work -- that is, if you have the right tools. Well, instead of wading through all the muck and mire trying to find good security tools let me help point you in the right direction.

For starters, as it relates to Windows-based computers, there are seven general types of security testing tools. These are:

  1. Port scanners
  2. Network/OS vulnerability scanners
  3. Application/database vulnerability scanners
  4. Password crackers
  5. File searching tools
  6. Network analyzers
  7. Exploit tools

All of these types of tools can and should be used when performing penetration tests, vulnerability assessments, and security audits on your Windows systems.

I've found by and large that you get what you pay for when it comes to security testing tools. There are, however, a handful of free tools that I can't live without, so I'll share both types with you.

Tool Website What it's good at
SuperScan version 3 www.foundstone.com/resources/proddesc/superscan3.htm Very fast and easy to use port scanner that can find live systems, look for open ports and running services, grab banner information including software versions
SoftPerfect Network Scanner www.softperfect.com/products/networkscanner Maps MAC addresses to IP addresses which can help you locate rogue wired and wireless systems
NetBIOS Auditing Tool (NAT) www.cotse.com/tools/netbios.htm Neat tool for cracking passwords on Windows network shares
Winfingerprint http://winfingerprint.sourceforge.net Windows enumeration tool that can ferret out patch levels, NetBIOS information, user information, and more
Metasploit www.metasploit.org A great tool to exploit those Windows-based vulnerabilities that other tools find
Cain & Abel www.oxid.it A nice tool for misc. password cracking
QualysGuard www.qualys.com The ultimate in ease of use and comprehensive network/OS vulnerability scanning -- checks for thousands of old and current exploits
GFI LANguard Network Security Scanner www.gfi.com/lannetscan A great low-cost network/OS vulnerability scanner with a nice focus on Windows systems
N-Stealth www.nstalker.com A nice low-cast scanner for systems running IIS
WebInspect www.spidynamics.com/products/webinspect/index.html The ultimate in in-depth Web application vulnerability testing for systems running IIS, Apache, and more
WinHex www.winhex.com/winhex/index-m.html Great for poking around to see what applications leave exposed in memory after they run -- simply search for text such as "password", "SSN", etc. to find sensitive information that's not properly cleaned up
AppDetective for MS SQL Server www.appsecinc.com/products/appdetective/mssql The ultimate database security scanner for systems running SQL Server
Proactive Password Auditor www.elcomsoft.com/ppa.html An effective and simple to use password cracking program -- includes support for Rainbow tables
Effective File Search www.sowsoft.com/search.htm Great text searching tool for finding files on local drives and server shares -- simply search for text such as "password", "SSN", etc. to find sensitive information that's not properly secured
EtherPeek www.wildpackets.com/products/etherpeek/overview Excellent network analyzer for ferreting out rogue systems, unauthorized protocols, finding top talkers, and more

As you build your security testing toolbox over time, you'll find that there is no one best tool. Also, keep in mind that security tools are not the Holy Grail for finding security vulnerabilities -- even technical ones. That's where application, OS, and network knowledge and, most importantly, experience will come into play.

For more information

Where tools are required, you'll see that the ones that are more specialized in finding specific types of vulnerabilities will provide you with the best results. It all comes down to personal preference and how comfortable you feel using each tool, but in the end your goal should be to find the greatest number of vulnerabilities, exerting the least amount of legwork, in the shortest amount of time. Get to know the tools on this list, use them consistently and you'll be well on your way to vulnerability assessment stardom.

About the author: Kevin Beaver is an independent information security consultant, author, and speaker with Atlanta-based Principle Logic, LLC. He has more than 18 years of experience in IT and specializes in performing information security assessments. Kevin has written five books including Hacking For Dummies (Wiley), Hacking Wireless Networks For Dummies, and The Practical Guide to HIPAA Privacy and Security Compliance (Auerbach). He can be reached at kbeaver @ principlelogic.com.

Dig Deeper on Endpoint security management tools