- Description: Nmap is a legendary free, open-source network scanner that helps you map hosts, ports, services, and OS versions in seconds. It’s the digital sonar every cyber-astronaut needs.
- Who it’s for: Network admins, ethical hackers, students in networking/security.
- How it works: It sends crafted packets using scan techniques (like TCP SYN, UDP, etc.) and decodes the responses. Comes with a GUI frontend called Zenmap.
- Why it’s valuable: It’s fast, flexible, and has a powerful Nmap Scripting Engine (NSE) for automating vulnerability scans.
- Download it: nmap.org/download
- Pro Tip: Use
nmap -A for aggressive scans, or -script vuln for quick vulnerability detection.
- Description: Wireshark captures and dissects packets like a forensic microscope. It’s used for deep network inspection, troubleshooting, protocol analysis, and security review.
- Who it’s for: Cyber students, SOC analysts, network engineers.
- How it works: It captures live traffic or reads
.pcap files, lets you filter packets, and shows application-level details.
- Why it’s valuable: It decodes over 2,000 protocols and gives you control over traffic visibility that firewalls and EDRs don’t.
- Download it: wireshark.org/download
- Pro Tip: Use capture filters (
tcp port 443) to save only what matters. Then apply display filters like http or ip.addr == 192.168.0.1 to zoom in.
- Description: ZAP is a web application scanner from OWASP. It passively and actively finds web vulnerabilities like XSS, SQLi, and misconfigurations.
- Who it’s for: Devs, QA, web security testers, appsec enthusiasts.
- How it works: ZAP proxies browser traffic, crawls the app, and runs automated attack simulations.