I am pleased to release the results of the 2006 top security tools
survey. I found them quite interesting in 2000 and 2003, so I’m glad
that 3,243 of you answered this year. I learned about many neat
projects while tabulating and writing them up. It is also interesting
to see the rise of exploitation frameworks. Metasploit, Impact, and
Canvas all made the list for the first time. Wireless tools such as
Kismet and Aircrack (new) had a good showing, while many vulnerability
scanners dropped significantly in rank (ISS Scanner: -47;
Whisker/libwhisker: -60; Sara: -46; SAINT: -67; N-Stealth: -72).
Nessus kicked their butts, retaining the #1 spot despite closing their
source code as of the Nessus 3 release. But they better not get
complacent, because Nikto, Languard, and Retina aren’t all that far
behind. 44 tools are new to the list, including Paros Proxy, Scapy,
the BackTrack LiveCD, Webscarab, p0f, and Ike-scan.
I maybe went a little overboard in creating a whole site for the 2006
list. It expands the list to 100 tools, includes category-specific
pages (sniffers, crackers, etc.), better ranking information, more
detailed descriptions, logo eye candy, and more. You can find it at:
I hope you find this new site useful!