Skip navigation

Free Security Tools

Here's a quick rundown of some of your best bets

Everybody needs a good set of security tools. However, sometimes the specific functionality you seek is extremely expensive, and other times it simply isn't available in a commercial product, for any number of reasons. The good news is that many free security tools are available online, and a large percentage of them run on the Windows platform. Here are six resources that are very much worth your consideration.

One popular set of tools is developed by Foundstone, which is now part of McAfee. Fortunately, McAfee hasn't taken the original Foundstone security tools offline, which you can't say about @stake's excellent security tools when Symantec acquired that company in 2004.

Foundstone's free offerings ( include tools that help with forensic analysis, penetration testing, and intrusion detection. The tools also include various types of scanners and stress testers for servers. One unique tool is Fpipe, a source-port forwarding and redirecting tool that you can use in a variety of situations, including testing your own firewall and troubleshooting scenarios in which you're blocked from accessing a service because of the firewall configuration.

At the Foundstone site, you'll also find numerous specialized scanners that can detect particular vulnerabilities in Microsoft SQL Server, the Task Scheduler service, the Messenger service, and many others. All in all, more than two dozen Foundstone tools are available to help you in your daily network-security routine.

At Winternals' Sysinternals Web site (, you'll find several freeware tools that are handy for your security needs. Filemon monitors all disk activity (i.e., all activity from every open process that reads or writes from a file) in real time--useful functionality if you need to see what files are open or accessed. Similarly, Regmon monitors all registry activity in real time--useful in many scenarios, such as when you need to determine what keys are installed and used by a certain application. Both tools provide comprehensive reports that give you staggering amounts of information. The company's Streams tool lets you locate alternate data streams tacked onto seemingly harmless files, and after you locate these streams, you can easily examine them to see what they might contain. Remote Recover, NTRecover, and NTFSDOS let you access disks on systems that refuse to boot and won't let you log on, for whatever reason. PsTools lets you examine processes that are running on a system; RootkitRevealer can help you find rootkits on your systems; and Tokenmon monitors logons, logoffs, and privilege usage.

McCracken Associates
McCracken Associates ( is a terrific source for free security tools. Although the company doesn't develop its own utilities, it does maintain an extensive list of security tools, many of which are free. Among them are numerous resources that help with forensic analysis, such as toolkits that boot from a CD-ROM--including FIRE, Helix, and Penguin Sleuth--as well as whitepapers and other online information. Other listings point you to tools such as honeypots, packet sniffers, and packet analyzers, security scanners, and a whole lot more.

You'll find another consolidated resource at About ( The site links to various security tools, which appear in categories. For example, the Wireless Security section includes tools such as NetStumbler, MiniStumbler, Kismet, and Wifi Scanner, all of which can identify active Access Points (APs) and their associated parameters. WEPCrack and Airsnort can help you test the strength of Wi-Fi encryption; wIDS and WIDZ are wireless Intrusion Detection Systems (IDSs) that can identify jamming attempts, flooding problems, and scanning activity. Other categories include spam blockers, firewalls, vulnerability scanners, IDS software, port scanners and packet sniffers, encryption tools, network-monitoring utilities, antivirus and anti-spyware tools, as well as a miscellaneous catch-all category for even more tools.
Nearly last, but not least is (, a Web site mantained by Arne Vidstrom. The site offers nearly four dozen security tools, including unique tools such as AckCmd, which can help you establish a connection to a remote command shell on Windows systems. GPList can dump information about the Group Policy attributes applied to a given system, and IPEye can perform port scans in a variety of ways (e.g., SYN scans, FIN scans, Xmas scans). KerbCrack is a unique tool that captures Kerberos logon information as it travels over the network, then performs brute-force cracking against the credentials. NSCopy is another useful tool that lets you copy any files--as long as you have permission to back up those files and directories. (Unlike other copy tools, NSCopy doesn't require the Read permission.)
The final site I want to mention is (, which offers the substantial 2003 Top 75 Security Tools Survey. Some of the tools in this list might have homes at the sites I've already mentioned. However, you'll find many other tools that aren't, and although the list is dated May 2003, it remains a terrific resource because it contains tools voted "most useful" by a consensus of security administrators around the world.

Many of the tools on the list are designed specifically for Linux systems, which many of you undoubtedly use for personal or business use. There are, however, some Windows-specific tools. For example, you'll find information about the Cain & Abel password-recovery tool, the NTop network-traffic monitor, the Stunnel SSL application wrapper, and the Network Stumbler Wi-Fi scanner.

Tip of the Iceberg
You'll find many other free security tools across the Internet. A simple Google search should bring up thousands of results. In the meantime, the sites listed in this article contain enough free, useful security tools to keep you busy for a long time!

Hide comments


  • Allowed HTML tags: <em> <strong> <blockquote> <br> <p>

Plain text

  • No HTML tags allowed.
  • Web page addresses and e-mail addresses turn into links automatically.
  • Lines and paragraphs break automatically.