Open source security tools offer software that–in addition to being free–has had its code reviewed by numerous users. This means that most of the time (squints at Log4Shell) problems with the code are identified and resolved. Plus, they often offer appealing features since users can post requests for them.
Want to learn more about how we use these? In our podcast, we talk about these tools in greater depth. Check it out here!
We broke down our favorite tools into the following categories: Basic Security, Testing Attacks / Detections, and OSINT.
Basic security needs
Bitwarden is a good password manager helps keep your environment secure. As such, Bitwarden offers encrypted cloud storage as well as on-prem hosting. Their Android apps and browser extensions work well together and provide users with seamless sharing and a user-friendly interface.
uBlock for Chrome as well as uBlock for Firefox help protect you from a lot of the nonsense on the internet. Specifically, it blocks ads and other unwanted content, including malware and phishing attempts. It also does a great job of removing ads from YouTube.
For testing attacks and detections
Splunk Attack Range is a project by Splunk that lets you build a Splunk testing environment in AWS to run attacks and test detections. It includes Windows and Linux hosts with logging configured and forwarding to Splunk.
Atomic Red Team, which is available in Splunk Attack Range, has a collection of modular scripts for executing common attacker behavior and allows you to simulate common attacks on a network. You can run a Splunk search and see if it detected any of these behaviors.
For OSINT and research tools
Machinae is the most used tool at Hurricane Labs for gathering basic information around IoCs such as file hashes, URLs, IPs, and emails. After it runs, Machinae will generate a list with all of the OSINT data it gathers from those sources.
Spiderfoot: Similar to our Machinae tool is a tool called Spiderfoot. This tool offers many features and sites that information can be queried from. Additionally, Spiderfoot also offers a web GUI to allow for easy usability and access to data. There’s a paid version of the tool, but the open source one still allows for gathering of information–and does a good job of it.
CyberChef–which has a Splunk addon–is an encryption/decryption application. It’s valuable because the app is built in a simple way to allow both technical and non-technical users to utilize it for decrypting or encrypting data into many various encoding methods. The add-on has a very user-friendly GUI, too.
There are several applications and browser extensions available on privacytools.io that are useful for privacy and security management. One tool available here that we particularly like is the encrypted notepad: Standard Notes.
Open source security tools of all types can help make a strong security stance more accessible to you. Just don’t forget: when setting up open source tools, always remember to change any default passwords. Stay secure out there!