Your

Cybersecurity
Toolkit

APRIL 2

Access CyberJA for many more resources

Compiled by: Richea Perry

1
Access ALL CyberJA Resources to enhance your Cyber-GRC Skills
A comprehensive list of both commercial and opened-sourced
tools used for Network Analysis & Monitoring
Network analysis and monitoring tools are crucial for maintaining the health and performance of a
computer network. These tools can help identify and troubleshoot problems, as well as optimize
network performance. There are a wide variety of network analysis and monitoring tools available,
both commercial and open-source.

Here is a comprehensive list of both commercial and open-sourced tools used for Network Analysis &
Monitoring:

Commercial Network Analysis and Monitoring Tools

 SolarWinds Network Performance Monitor (NPM): A comprehensive network monitoring

solution that provides real-time monitoring of network devices, traffic, and performance.

2
Access ALL CyberJA Resources to enhance your Cyber-GRC Skills
 Opens in a new window www.solarwinds.com

SolarWinds Network Performance Monitor

 SolarWinds NetFlow Traffic Analyzer (NTA): A powerful tool that provides deep insights
into network traffic patterns and helps identify bandwidth hogs.

Opens in a new window www.solarwinds.com

SolarWinds NetFlow Traffic Analyzer

 Paessler PRTG Network Monitor: A popular network monitoring solution that offers a wide
range of features, including real-time monitoring, alerting, and reporting.

Opens in a new window paessler.com

Paessler PRTG Network Monitor

3
Access ALL CyberJA Resources to enhance your Cyber-GRC Skills
 ManageEngine OpManager: A comprehensive network management solution that includes
network monitoring, configuration management, and automation.

Opens in a new window www.manageengine.com

ManageEngine OpManager

 Datadog Network Performance Monitoring: A cloud-based network monitoring solution that

provides real-time visibility into network performance and health.

Opens in a new window www.datadoghq.com

Datadog Network Performance Monitoring

4
Access ALL CyberJA Resources to enhance your Cyber-GRC Skills
Open-Source Network Analysis and Monitoring Tools

 Wireshark: A powerful network protocol analyzer that can be used to capture and analyze
network traffic.

Opens in a new window www.techtarget.com

Wireshark

 Nagios: A popular open-source network monitoring solution that offers a wide range of
features, including real-time monitoring, alerting, and reporting.

Opens in a new window www.nagios.org

Nagios

 OpenNMS: A scalable open-source network monitoring solution that can be used to monitor
large and complex networks.

5
Access ALL CyberJA Resources to enhance your Cyber-GRC Skills
 Opens in a new window www.linkedin.com

OpenNMS

 LibreNMS: A community-driven fork of OpenNMS that is easy to use and deploy.

Opens in a new window www.librenms.org

LibreNMS

 Icinga: A fork of Nagios that offers a number of new features and improvements.

Opens in a new window en.wikipedia.org

Icinga

The best network analysis and monitoring tool for you will depend on your specific needs and budget.
Commercial tools typically offer a wider range of features and support, but they can also be more
expensive. Open-source tools can be a good option for smaller businesses or organizations with limited
budgets.

6
Access ALL CyberJA Resources to enhance your Cyber-GRC Skills
Here are some additional factors to consider when choosing a network analysis and monitoring tool:

 The size and complexity of your network

 Your specific needs and requirements
 Your budget
 Your level of technical expertise

A comprehensive list of both commercial and opened-sourced

tools used for Vulnerability Assessment & Exploitation
Here's a comprehensive list of commercial and open-source tools used for Vulnerability Assessment &
Exploitation (VAE):

Commercial Vulnerability Assessment & Exploitation Tools

 Nessus by Tenable: A powerful vulnerability scanner that provides comprehensive coverage of

a wide range of vulnerabilities.

Opens in a new window www.tenable.com

Nessus by Tenable

 Acunetix by Acunetix: A web application security scanner that can identify a wide range of
vulnerabilities in web applications.

Opens in a new window www.acunetix.com

7
Access ALL CyberJA Resources to enhance your Cyber-GRC Skills
 Acunetix by Acunetix

 Rapid7 Nexpose: A vulnerability scanner that provides detailed information about

vulnerabilities, including exploit code and remediation steps.

Opens in a new window www.rapid7.com

Rapid7 Nexpose

 Qualys VM: A cloud-based vulnerability management platform that provides a comprehensive

view of an organization's security posture.

Opens in a new window blog.qualys.com

Qualys VM

 Tenable.io: A cloud-based vulnerability scanner that is easy to use and deploy.

Opens in a new window tenable.io

8
Access ALL CyberJA Resources to enhance your Cyber-GRC Skills
 Tenable.io

Open-Source Vulnerability Assessment & Exploitation Tools

 OpenVAS: A free and open-source vulnerability scanner that provides a wide range of
features, including vulnerability scanning, reporting, and management.

Opens in a new window

www.farmaciasguadalajara.com

OpenVAS

 Metasploit by Rapid7: A powerful penetration testing framework that can be used to identify,
exploit, and validate vulnerabilities.

Opens in a new window www.cyberworld.com.hk

Metasploit by Rapid7

 Nmap: A free and open-source network scanner that can be used to identify vulnerabilities in
network devices.

9
Access ALL CyberJA Resources to enhance your Cyber-GRC Skills
 Opens in a new window wikipedia.org

Nmap

 Nessus Scripting Language (Nessuscript): A scripting language that can be used to extend the
capabilities of Nessus.
 Open Web Application Security Project (OWASP) ZAP: A free and open-source web
application security scanner that can be used to identify vulnerabilities in web applications.

Opens in a new window devops.com

Open Web Application Security Project (OWASP) ZAP

Important Considerations

It's important to remember that VAE tools are powerful and can be dangerous if used incorrectly. It's
important to only use these tools in a controlled environment and with proper authorization.
Additionally, VAE tools should be used in conjunction with other security measures, such as
penetration testing and security awareness training.

Choosing the Right Tool

The right VAE tool for you will depend on your specific needs and budget. Commercial tools typically
offer a wider range of features and support, but they can also be more expensive. Open-source tools
can be a good option for smaller businesses or organizations with limited budgets.

Here are some additional factors to consider when choosing a VAE tool:

10
Access ALL CyberJA Resources to enhance your Cyber-GRC Skills
  The size and complexity of your network
 Your specific security needs
 Your level of technical expertise
 Your compliance requirements

By carefully considering these factors, you can choose the VAE tool that is right for you.

A comprehensive list of both commercial and opened-sourced

tools used for Security Information & Event Management
Security Information & Event Management (SIEM) Tools
SIEM tools are a vital component of any organization's security posture, offering real-time analysis of
security alerts and events across a network. Here's a breakdown of both commercial and open-source
SIEM options:

Commercial SIEM Tools

 McAfee SIEM (formerly Nitro Security): Integrates threat intelligence and automation for
faster incident response.

Opens in a new window www.comparitech.com

McAfee SIEM

11
Access ALL CyberJA Resources to enhance your Cyber-GRC Skills
 Splunk Enterprise Security: Offers a powerful platform for security data analytics and
incident investigation.

Opens in a new window www.splunk.com

Splunk Enterprise Security

 LogRhythm SIEM: Provides advanced threat detection and user entity and behavior analytics
(UEBA).

Opens in a new window logrhythm.com

LogRhythm SIEM

 IBM Security QRadar: Delivers real-time threat detection, security information and event
management, and incident response.

12
Access ALL CyberJA Resources to enhance your Cyber-GRC Skills
 Opens in a new window www.ibm.com

IBM Security QRadar

 Rapid7 InsightIDR: A cloud-based SIEM solution that simplifies security operations and
incident response.

Opens in a new window rapid7.com

Rapid7 InsightIDR

Open-Source SIEM Tools

 ELK Stack (Elasticsearch, Logstash, Kibana): A popular open-source SIEM solution that
provides powerful search and analytics capabilities. While not a single tool, ELK Stack
combines these three open-source tools to create a SIEM solution.

13
Access ALL CyberJA Resources to enhance your Cyber-GRC Skills
 Opens in a new window medium.com

ELK Stack

 Security Onion: A Linux distribution pre-configured with open-source security tools for threat
detection, log analysis, and network security monitoring.

Opens in a new window blog.securityonion.net

Security Onion

 OSSEC: An open-source host-based intrusion detection system (HIDS) that can also be used
for log management and SIEM.

Opens in a new window www.ossec.net

OSSEC

14
Access ALL CyberJA Resources to enhance your Cyber-GRC Skills
  Graylog: A centralized log management system that can be extended with plugins to provide
SIEM functionality.

Opens in a new window graylog.org

Graylog

 SIEMonster: An open-source SIEM solution that is designed to be easy to deploy and use.

Opens in a new window siemonster.com

SIEMonster

Choosing the Right SIEM Tool

The ideal SIEM tool depends on your organization's specific needs and resources. Here are some key
factors to consider:

 Security Requirements: Evaluate the level of threat detection and security information you
need.
 Scalability: Consider the size and complexity of your network and how the tool scales with
growth.
 User Interface (UI) and Usability: Assess the ease of use and how well the UI fits your team's
skillset.
 Cost: Compare licensing fees for commercial tools and the resource investment required for
open-source options.

15
Access ALL CyberJA Resources to enhance your Cyber-GRC Skills
Remember, SIEM is just one piece of the security puzzle. It should be implemented alongside other
security measures for optimal protection.

A comprehensive list of both commercial and opened-sourced

tools used for Intelligence & Reconnaissance Tools
Intelligence & Reconnaissance (OSINT) Tools
When it comes to gathering information openly available online, OSINT tools are powerful allies.
Here's a list of both commercial and open-source options to empower your research:

Commercial Intelligence & Reconnaissance Tools

 Maltego: A visual link analysis tool that helps you connect seemingly disparate pieces of
information.

Opens in a new window en.wikipedia.org

Maltego

 SpiderFoot: Automates OSINT tasks, collecting data from various sources to build a
comprehensive picture of a target.

Opens in a new window github.com

16
Access ALL CyberJA Resources to enhance your Cyber-GRC Skills
 SpiderFoot

 Clearview: A search engine specializing in public data, allowing for deep dives into people,
companies, and more. [Clearview] (Note: Due to privacy concerns, Clearview may not be
available in all regions)
 Shodan: Often called the "search engine for internet connected devices," Shodan helps identify
and explore vulnerable devices.

Opens in a new window wikipedia.org

Shodan

 Social Mention: Tracks brand mentions across social media platforms, providing valuable
insights into online sentiment. [Social Mention]

Open-Source Intelligence & Reconnaissance Tools

 Recon-ng: A web-based framework that automates various OSINT methodologies for efficient
information gathering. [Recon-ng]
 theHarvester: Collects email addresses, phone numbers, and other data from various online
sources. [theHarvester]
 OSINT Framework: A Python library that provides modules for automating common OSINT
tasks. [OSINT Framework] (https://github.com/topics/osint-framework)
 Wayback Machine: Enables you to see archived versions of websites, aiding in historical
research. [Wayback Machine] ([invalid URL removed])
 GooFu: A browser extension that helps craft advanced Google search queries for more targeted
information gathering. [GooFu]

Important Considerations

While OSINT tools are valuable, it's crucial to remember:

 Respect Legal Boundaries: Only gather information from publicly available sources and
adhere to local laws.
 Focus on Ethical Use: Use these tools for legitimate purposes, not for malicious activities.
 Data Verification: Cross-check information from multiple sources to ensure accuracy.

17
Access ALL CyberJA Resources to enhance your Cyber-GRC Skills
Choosing the Right Tool

The most suitable OSINT tool depends on the type of information you're seeking. Here are some
pointers:

 Target Type: Consider if you're researching people, companies, websites, or a combination.

 Data Depth: Evaluate how much detail you require and the tool's data-gathering capabilities.
 Technical Expertise: Assess your comfort level and choose a tool with a matching learning
curve.

By understanding your needs and these tools' functionalities, you can leverage OSINT effectively for
your intelligence gathering endeavors.

A comprehensive list of both commercial and opened-sourced

tools used for Artificial Intelligence & Machine Learning
Artificial Intelligence (AI) & Machine Learning (ML) Tools
AI and ML are revolutionizing various fields. Here's a breakdown of both commercial and open-source
tools to empower your endeavors in this exciting domain:

Commercial AI & ML Tools

 TensorFlow by Google: A versatile open-source library (also offered commercially by

Google) for numerical computation and building ML models.

Opens in a new window en.wikipedia.org

TensorFlow

 PyTorch by Meta: An open-source (with commercial support) ML framework known for its
flexibility and ease of use, especially for deep learning tasks.

Opens in a new window theaveragecoder.medium.com

18
Access ALL CyberJA Resources to enhance your Cyber-GRC Skills
 PyTorch

 Microsoft Azure Machine Learning: A cloud-based platform offering a complete solution for
building, deploying, and managing ML models.

Opens in a new window microsoft.com

Microsoft Azure Machine Learning

 Amazon SageMaker: A cloud-based platform providing a managed environment for building,

training, and deploying ML models on AWS.

Opens in a new window aws.amazon.com

Amazon SageMaker

 IBM Watson: A suite of AI services, APIs, and tools for various applications, including
natural language processing and computer vision.

19
Access ALL CyberJA Resources to enhance your Cyber-GRC Skills
 Opens in a new window en.wikipedia.org

IBM Watson

Open-Source AI & ML Tools

 Scikit-learn: A powerful Python library offering a wide range of machine learning algorithms
for tasks like classification, regression, and clustering.

Opens in a new window en.wikipedia.org

Scikitlearn

 Keras: A high-level neural network API built on top of TensorFlow, known for its user-
friendliness and focus on rapid prototyping.

Opens in a new window wikipedia.org

Keras

20
Access ALL CyberJA Resources to enhance your Cyber-GRC Skills
 Apache MXNet: A flexible and scalable open-source deep learning framework supporting
various programming languages.

Opens in a new window github.com

Apache MXNet

 OpenCV: Primarily focused on computer vision tasks, OpenCV is a comprehensive library

with extensive functionalities for image and video analysis.

Opens in a new window en.wikipedia.org

OpenCV

 Weka: A user-friendly suite of machine learning algorithms and data mining tools, offering a
graphical user interface for easy exploration.

Opens in a new window en.wikipedia.org

21
Access ALL CyberJA Resources to enhance your Cyber-GRC Skills
 Weka

Choosing the Right Tool

The ideal AI/ML tool depends on your project's specific needs and your technical expertise. Here are
some factors to consider:

 Project Requirements: Identify the type of AI/ML task you want to accomplish (e.g., image
recognition, natural language processing).
 Programming Language: Choose a tool that aligns with your preferred programming
language (e.g., Python, R).
 Skill Level: Consider your experience level and the tool's learning curve.
 Scalability: If large datasets or complex models are involved, prioritize scalable tools.

Additional Considerations

 Commercial tools often provide additional features like pre-trained models, technical support,
and cloud integration, but come with licensing costs.
 Open-source tools offer greater flexibility and customization, but require more technical
expertise and may involve managing your own infrastructure.

Remember, this list isn't exhaustive. There are numerous other AI/ML tools available, so explore and
experiment to find the ones that best suit your needs.

Access ALL other resources provided by Richea Perry (CyberJA)-

https://linktr.ee/richeaperry/store

22
Access ALL CyberJA Resources to enhance your Cyber-GRC Skills