Safety test is very important !! You can improve data security in the information system, and you can not access unapproved users. Successful security tests protect web applications from severe malware and other malicious threats, which will cause web applications to crash or create accidents. Global organizations and professionals use safety tests to ensure system security. There are currently a lot of free, pay or open source tools to check the vulnerabilities and defects in the application. Here, it is the 8 security test tools recommended today.



Portable Grabber is primarily to scan small web applications, including forums and personal websites. Lightweight security test tools do not have a GUI interface and write it with Python. It can be discovered: backup file verification, cross-station script, file contain, simple Ajax verification, SQL injection. It not only simply writes and automatically generates statistical analysis files and supports JS code analysis.

2. Iron Wasp

Iron Wasp is an open source with powerful scan tool that can find more than 25 web applications! Not only can you detect false positives. IronWasp can help with authentication failure, cross-station script, CSRF, hidden parameters, privilege enhancement. It can generate reports in HTML and RTF format based on GUI.

3. Nogotofail

Nogotofail is a network traffic safety test tool, a lightweight application, very light and easy to use, easy to deploy, able to detect TLS / SSL vulnerabilities and configuration errors, support settings to routers, proxy, or virtual private network servers. Nogotofail can expose the vulnerability with MITM attack, SSL certificate verification, SSL and TLS injection, come and try it.

4. SonarquBe

This is also a recommended open source security test tool. In addition to public vulnerabilities, you can measure the source code quality of the web application. No matter what you use, SonarQube can analyze more than 20 programming languages. In addition, its continuous integration tool can easily integrate into products such as Jenkins. After the problem is found, it is highlighted in green or red, clearly. Green is not no problem but represents low-risk vulnerabilities and problems, and red represents serious vulnerabilities and problems. For relatively new testers, there is an interactive GUI; advanced users can access by a command prompt.


SQLMAP is completely free, you can automate the process of finding SQL injection vulnerabilities, or can be used for website security tests. It comes with a powerful test engine that supports multiple databases that support 6 types of SQL injection technologies: Boolean blind, based on errors, with external, stacking queries, time-based blind, UNION queries.

6. Wireshark

Wireshark is also a free open source network packet analysis software. It can intercepting the network packet, which will display the most detailed data as much as possible. Real-time network analysis can also be provided to let users see the reconstructed TCP session stream. Many security practitioners are familiar with it, because Wireshark has high usage frequencies, is a very good tool.

7. Kismet

Kismet is a traffic monitoring tool based on the 802.11 Layer 2 wireless network detector, sniffer and intrusion detection system. It is mainly to detect the network by passive sniffer, and you can find hidden networks in use. By sniffing TCP, UDP, ARP, and DHCP packets automatically detect network IP blocks, traffic is recorded in Wireshark / Tcpdump compatible format, and can even draw detected networks and estimates on the downloaded map.


Nessus can be said to be industry standards in the field of vulnerabilities, able to quickly identify and repair problems, and have a security personnel to worry about half. Vulnerability assessment can be easily and intuitively with feature of pre-constructed strategies and templates, group pause features, and real-time updates. This tool is active and often issued a new version.