Open Source Favorites: 7 Security Tools You Should Know

Open source tools offer software that–in addition to being free–has had its code reviewed by numerous users. This means that most of the time (squints at Log4Shell) problems with the code are identified and resolved. Plus, they often offer appealing features since users can post requests for them.

Want to learn more about how we use these? In our podcast, we talk about these tools in greater depth. Check it out here!

The Tools

We broke down our favorite tools into the following categories: Basic Security, Testing Attacks / Detections, and OSINT.

Basic security needs

Bitwarden

A good password manager helps keep your environment secure–and Bitwarden offers encrypted cloud storage as well as on-prem hosting. Their Android apps and browser extensions work well together and provide users with seamless sharing and a user-friendly interface. 

uBlock

uBlock Chrome

uBlock Firefox

Using uBlock helps protect you from a lot of the nonsense on the internet, blocking ads and other unwanted content, including malware and phishing attempts. It does a great job of removing ads from YouTube!

For testing attacks and detections

Splunk Attack Range

Splunk’s Attack Range project lets you build a Splunk testing environment in AWS to run attacks and test detections. Attack Range includes Windows and Linux hosts with logging configured and forwarding to Splunk.

Atomic Red Team

The Atomic Red Team, which is available in Splunk Attack Range, has a collection of modular scripts for executing common attacker behavior and allows you to simulate common attacks on a network. You can run a Splunk search and see if it detected any of these behaviors. 

For OSINT and research tools

Machinae 

Machinae is the most used tool at HL for gathering basic information around IOCs such as file hashes, urls, IPs, and emails. After it runs, Machinae will generate a list with all of the OSINT data it gathers from those sources. 

Spiderfoot

Similar to our Machinae tool is Spiderfoot. It offers many features and sites that information can be queried from. The tool also offers a web GUI to allow for easy usability and access to data. There is a paid version of the tool, but the open source one still allows for gathering of information–and does a good job of it. 

CyberChef

CyberChef–which has a Splunk addon–is an encryption/decryption application built in a simple way to allow both technical and non-technical users to utilize it for decrypting or encrypting data into many various encoding methods. And it has a very user-friendly GUI, too. 

Bonus: Privacy Tools

There are several applications and browser extensions available on privacytools.io that are useful for helping you manage your privacy and security. One tool available here that we particularly like is the encrypted notepad, Standard Notes

Conclusion

These tools will help make a strong security stance more accessible to you–just don’t forget: when setting up open source tools, always remember to change any default passwords!

About Hurricane Labs

Hurricane Labs is a dynamic Managed Services Provider that unlocks the potential of Splunk and security for diverse enterprises across the United States. With a dedicated, Splunk-focused team and an emphasis on humanity and collaboration, we provide the skills, resources, and results to help make our customers’ lives easier.

For more information, visit www.hurricanelabs.com and follow us on Twitter @hurricanelabs.