Security Tools
Network Security Tools
Nessus:
The premier Open Source vulnerability assessment tool, Nessus is a remote security scanner for Linux, BSD, Solaris, and other Unices. It is plug-in-based, has a GTK interface, and performs over 1200 remote security checks. It allows for reports to be generated in HTML, XML, LaTeX, and ASCII text, and suggests solutions for security problems.
Download: nessus.org
Etheral:
Platform: Linux, FreeBSD/NetBSD/OpenBSD and/or proprietary UNIX systems (Solaris, HP-UX, IRIX, etc.) License: GNU GPL Sniffs the glue that binds the Internet together.
Description: Ethereal is a free network protocol analyzer for Unix and Windows. It allows you to examine data from a live network or from a capture file on disk. You can interactively browse the capture data, viewing summary and detail information for each packet. Ethereal posses several powerful features, including its filter language and the ability to view the reconstructed stream of a TCP session. A text-based version called tethereal is included.
Download: ethereal.com
Snort:
Platform: Windows, Linux, FreeBSD/NetBSD/OpenBSD and/or proprietary UNIX systems (Solaris, HP-UX, IRIX, etc.) License: GNU GPL Snort is a lightweight network intrusion detection system, capable of performing real time traffic analysis and packet logging on IP networks. A free intrusion detection system (IDS)!
Description: It can perform protocol analysis, content searching/matching and can be used to detect a variety of attacks and probes, such as buffer overflows, stealth port scans, CGI attacks, SMB probes, OS fingerprinting attempts, and a whole lot more.Snort uses a flexible rule based language to describe traffic that it should collect or pass, along with a modular detection engine. Many people also suggested that the Analysis Console for Intrusion Databases known by the acronym (ACID) be used with Snort.
Download: snort.org
TCPDump / WinDump:
Platform: Windows, Linux, FreeBSD/NetBSD/OpenBSD and/or proprietary UNIX systems (Solaris, HP-UX, IRIX, etc.) License: GNU GPL
A classic sniffer for network monitoring and data acquisition
Description: Tcpdump is a well-known and well-loved text-based network packet analyzer (”sniffer”). It can be used to print out the headers of packets on a network interface that matches a given expression. You can use this tool to track down a plethora of network problems. There is a separate Windows port named WinDump. TCPDump is also the source of the Libpcap/WinPcap packet capture library, which is used by Nmap among many other utilities. I personally prefer Ethereal sniffer.
Download: tcpdump.org
Hping2:
Platform: Windows, Linux, FreeBSD/NetBSD/OpenBSD and/or proprietary UNIX systems (Solaris, HP-UX, IRIX, etc.) License: GNU GPL A network probing utility that acts like ping on steroids.
Description: hping2 assembles and sends custom ICMP/UDP/TCP packets and displays any replies. It was inspired by the ping command, but offers far more control over the probes sent. It also has a handy traceroute mode and supports IP fragmentation. This tool can probe your networks for security holes.
Download: hping.org
DSniff:
Platform: Linux, FreeBSD/NetBSD/OpenBSD and/or proprietary UNIX systems (Solaris, HP-UX, IRIX, etc.) License: GNU GPL An exceptionally powerful suite of network auditing and penetration-testing tools.
Description: This popular and well-engineered suite by Dug Song includes many tools. dsniff, filesnarf, mailsnarf, msgsnarf, urlsnarf, and webspy passively monitor a network for interesting data (passwords, e-mail, files, etc.). arpspoof, dnsspoof, and macof facilitate the interception of network traffic normally unavailable. sshmitm and webmitm implement active monkey-in-the-middle attacks against redirected SSH and HTTPS sessions by exploiting weak bindings in ad-hoc PKI. When you really need to lock down a network because of sensitive data you should use nothing but this tool.
Download: Homepage
GFI LANguard:
Platform: Linux, FreeBSD/NetBSD/OpenBSD and/or proprietary UNIX systems (Solaris, HP-UX, IRIX, etc.) License: GNU GPL
A commercial network security scanner for Windows which LANguard scans networks and reports information such as service pack level of each machine, missing security patches, open shares, open ports, services/applications active on the computer, key registry entries, weak passwords, users and groups, and more. Scan results are organized in a HTML report, which can be customized and queried. Apparently a limited free version is available for non-commercial/trial use.
Download: gfi.com/lannetscan/
Ettercap:
Platform: Linux, FreeBSD/NetBSD/OpenBSD and/or proprietary UNIX systems (Solaris, HP-UX, IRIX, etc.) License: Freeware and Shareware Editions
In case you still thought switched LANs provide much more security.
Description: Ettercap is a terminal-based network sniffer/interceptor/logger for ethernet LANs. It supports active and passive dissection of many protocols (even ciphered ones,
like SSH and HTTPS). Data injection in an established connection and filtering on the fly is also possible, keeping the connection synchronized. Many sniffing modes were implemented to give you a powerful and complete sniffing suite. Plugins are supported. It has the ability to check whether you are in a switched LAN or not, and to use OS fingerprints (active or passive) to let you know the geometry of the LAN
Download: ettercap.sourceforge.net
Whisker/Libwhiske:
Platform: Linux, FreeBSD/NetBSD/OpenBSD and/or proprietary UNIX systems (Solaris, HP-UX, IRIX, etc.) License: GNU GPL Rain.Forest.Puppy’s CGI vulnerability scanner and
library Description: Whisker is a scanner which allows you to test HTTP servers for many known security holes, particularly the presence of dangerous CGIs. Libwhisker is a perl
library (used by Whisker) which allows for the creation of custom HTTP scanners. If you wish to audit more than just web servers, have a look at Nessus.
Download: wiretrip.net
John the Ripper:
Platform: Linux, FreeBSD/NetBSD/OpenBSD and/or proprietary UNIX systems (Solaris, HP-UX, IRIX, etc.) License: GNU GPL
An extraordinarily powerful, flexible, and fast multi-platform password hash cracker. Description: John the Ripper is a fast password cracker, currently available for many flavors of Unix (11 are officially supported, not counting different architectures), DOS, Win32, BeOS, and OpenVMS. Its primary purpose is to detect weak Unix passwords. It supports several crypt(3) password hash types which are most commonly found on various Unix varieties, as well as Kerberos, AFS and Windows NT/2000/XP LM hashes. Several other hash types are added with contributed patches.
Download: openwall.com/john/
OpenSSH:
Platform: Linux, FreeBSD/NetBSD/OpenBSD and/or proprietary UNIX systems (Solaris, HP-UX, IRIX, etc.) License: GNU GPL
A secure way to access remote computers.
Description: Ssh (Secure Shell) is a program for logging into or executing commands on a remote machine. It provides secure encrypted communications between two untrusted hosts over an insecure network. X11 connections and arbitrary TCP/IP ports can also be forwarded over the secure channel. It is intended as a replacement for rlogin, rsh and rcp, and can be used to provide rdist, and rsync with a secure communication channel. OpenSSH is affiliated with the OpenBSD project, though a portable version runs on most UNIX systems. Note that the SSH.Com link above costs money for some uses, while OpenSSH is always free. Windows users may want to try the free PuTTY SSH Client or the nice terminal-based port of OpenSSH that comes with Cygwin. There are dozens of other clients (free or prorietary) available.
Download: openssh.com
Sam Spade:
Platform: Linux, FreeBSD/NetBSD/OpenBSD and/or proprietary UNIX systems (Solaris, HP-UX, IRIX, etc.) License: GNU GPL
Windows network query tool.
Description: SamSpade provides a consistent GUI and implementation for many handy network query tasks. It was designed with tracking down spammers in mind, but can be useful for many other network administration and security tasks. It includes tools such as ping, nslookup, whois, dig, traceroute, finger, raw HTTP web browser, DNS zone transfer, SMTP relay check, website search, and more.
Download: samspade.org
ISS Internet Scanner:
Platform: Windows License: Freeware
Application-level vulnerability assessment tool.
Description: Internet Scanner started off in ‘92 as a tiny Open Source scanner by Christopher Klaus. Now he has grown ISS into a billion-dollar company with a myriad of security products. ISS Internet Scanner is pretty good, but is not cheap. So companies on a tight budget may wish to look at Nessus.
Download: iss.net download page
Tripwire:
Platform: Windows License: Shareware
Trippwire is the grand-daddy of file integrity checkers.
Description: A file and directory integrity checker. Tripwire is a tool that aids system administrators and users in monitoring a designated set of files for any changes. Used with system files on a regular (e.g., daily) basis, Tripwire can notify system administrators of corrupted or tampered files, so damage control measures can be taken in a timely manner. An Open Source Linux version is freely available at Tripwire.Org. UNIX users may also want to consider AIDE, which has been designed to be a free Tripwire replacement. Or you may wish to investigate Radmind.
Download: tripwire.com
Nikto:
Platform: Windows, Linux, FreeBSD/NetBSD/OpenBSD and/or proprietaryUNIX systems (Solaris, HP-UX, IRIX, etc.) License: Shareware
A comprehensive web scanner with great capabilities. Description: Nikto is a web server scanner which looks for over 2000 potentially dangerous files/CGIs and problems on over 200 servers. It uses LibWhisker but is generallyupdated more frequently than Whisker itself.
Download:Cirt.net
Kismet:
Platform: Windows, Linux, FreeBSD/NetBSD/OpenBSD and/or proprietary
UNIX systems (Solaris, HP-UX, IRIX, etc.) License: GNU GPL
A powerful wireless sniffer!
Description: Kismet is an 802.11b network sniffer and network dissector. It is capable of sniffing using most wireless cards, automatic network IP block detection via UDP, ARP, and DHCP packets, Cisco equipment lists via Cisco Discovery Protocol, weak cryptographic packet logging, and Ethereal and tcpdump compatible packet dump files. It also includes the ability to plot detected networks and estimated network ranges on downloaded maps or user supplied image files. Windows support is currently preliminary, so those users may want to look at Netstumbler if they run into trouble. Linux (and Linux PDAs like
Zaurus) users may wish to also look at the Wellenreiter wireless scanner.
Download: kismetwireless.net
SuperScan:
Platform: Windows, Linux, FreeBSD/NetBSD/OpenBSD and/or proprietary UNIX systems (Solaris, HP-UX, IRIX, etc.) License: GNU GPL Foundstone’s Windows TCP port scanner Description: A connect-based TCP port scanner, pinger and hostname resolver. No source code is provided. It can handle ping scans and port scans using specified IP ranges. It can also connect to any discovered open port using user-specified “helper” applications (e.g. Telnet, Web browser, FTP).
Download: foundstone.com
Retina:
Platform: Windows License: Shareware
Commertial vulnerability assessment scanner by eEye.
Description: Like Nessus and ISS Internet Scanner mentioned previously, Retina’s function is to scan all the hosts on a networkand report on any vulnerabilities found.
Download: eeye.com download page
Netfilter:
Platform: Windows License: Shareware
The current Linux kernel packet filter/firewall
Description: Netfilter is a powerful packet filter which is implemented in the standard Linux kernel. The userspace iptables tool is used for configuration. It now supports packet
filtering (stateless or stateful), all different kinds of NAT (Network Address Translation) and packet mangling.For non-Linux platforms, see pf (OpenBSD), ipfilter(many other UNIX variants), or even the Zone Alarm personal firewall (Windows).
Download: http://www.netfilter.org/
traceroute/ping/telnet/whois:
Platform: Linux License: GNU GPL
Description: While there are many whiz-bang high-tech tools out there to assist in security auditing, don’t forget about the basics! Everyone should be very familiar with these tools as they come with most operating systems (except that Windows omits whois and uses
the name tracert). They can be very handy in a pinch, although for more advanced usage you may be betteroff with Hping2 and Netcat.
Download: —
Fport:
Platform: Windows, Linux, FreeBSD/NetBSD/OpenBSD and/or proprietary UNIX systems (Solaris, HP-UX, IRIX, etc.) License: GNU GPL
Foundstone’s enhanced netstat.
Description: fport reports all open TCP/IP and UDP ports on the machine you run it on and shows what application opened each port. So it can be used to quickly identify unknown open ports and their associated applications. It only runs on Windows, but many UNIX systems now provide this information via netstat (try ‘netstat -pan’ on
Linux).
Download: foundstone.com
SAINT:
Platform: Windows License: Freeware
Security Administrator’s Integrated Network Tool
Description: Saint is another commercial vulnerability assessment tool (like ISS Internet Scanner or eEye Retina). Unlike those Windows-only tools, SAINT runs exclusively on
UNIX. Saint used to be free and open source, but is now a commercial product.
Download: saint corporation
Network Stumbler:
Platform: Linux, FreeBSD/NetBSD/OpenBSD and/or proprietary UNIX systems (Solaris, HP-UX, IRIX, etc.) License: Shareware
Free Windows 802.11 Sniffer
Description: Netstumbler is the best known Windows tool for finding open wireless access points.They also distribute a WinCE version for PDAs and such called Ministumbler. The tool is currently free but Windows-only and no source code is provided. UNIX users (and advanced Win users) may want to look at Kismet instead.
Download: stumbler.net
SARA:
Platform: Windows License: Freeware
Security Auditor’s Research Assistant
Description: SARA is a vulnerability assessment tool that was derived from the infamous SATAN scanner. They try to release updates twice a month and try to leverage other software created by the open source community such as Nmap and Samba.
Download: www-arc.com/sara/
N-Stealth:
Platform: Linux, FreeBSD/NetBSD/OpenBSD and/or proprietary UNIX systems (Solaris, HP-UX, IRIX, etc.) License: Freeware
Web server scanner
Description: N-Stealth is a commercial web server security scanner. It is generally updated more frequently than free web scanners such as whisker and nikto, but do take
their web site with a grain of salt. The claims of “30,000 vulnerabilities and exploits” and
“Dozens of vulnerability checks are added every day” are highly questionable. Also note that essentially all general VA tools such as nessus, ISS, Retina, SAINT, and SARA include web scanning components. They may not all be as up-to-date or flexible though.
N-stealth is Windows only and no source code is provided.
Download: nstalker.com
AirSnort:
Platform: Windows License: Shareware
802.11 WEP Encryption Cracking Tool
Description: AirSnort is a wireless LAN (WLAN) tool that recovers encryption keys. It was developed by the Shmoo Group and operates by passively monitoring transmissions,
computing the encryption key when enough packets have been gathered. Windows support is still very preliminary.
Download: airsnort.shmoo.com
GnuPG / PGP:
Platform: Windows, Linux, FreeBSD/NetBSD/OpenBSD and/or proprietary UNIX systems (Solaris, HP-UX, IRIX, etc.) License: Freeware
Secure your files and communication w/advanced encryption.
Description: PGP is the famous encryption program by Phil Zimmerman which helps secure your data from eavesdroppers and other risks. GnuPG is a very well-regarded open source implentation of the PGP standard (the actual executable is named gpg). While GnuPG is always free, PGP costs money for some uses.
Download: gnupg.or
Firewalk:
Platform: Windows, Linux, FreeBSD/NetBSD/OpenBSD and/or proprietary UNIX systems (Solaris, HP-UX, IRIX, etc.) License: Freeware, Shareware
Advanced traceroute.
Description: Firewalk employs traceroute-like techniques to analyze IP packet responses to determine gateway ACL filters and map networks. This classic tool was rewritten from scratch in October 2002. Note that much or all of this functionality can also be performed by the Hping2 –traceroute option.
Download: packetfactory.net/projects/firewalk/
Cain & Abel:
Platform: Linux, FreeBSD/NetBSD/OpenBSD and/or proprietary UNIX systems (Solaris, HP-UX, IRIX, etc.) License: Freeware
The poor man’s L0phtcrack.
Description: Cain & Abel is a free password recovery tool for Microsoft Operating Systems. It allows easy recovery of various kind of passwords by sniffing the network,
cracking encrypted passwords using Dictionary & Brute-Force attacks, decoding scrambled passwords, revealing password boxes, uncovering cached passwords and analyzing routing protocols.
Download: oxid.it/cain.html
XProbe2:
Platform: Windows License: Freeware
Active OS fingerprinting tool.
Description: XProbe is a tool for determining the operating system of a remote host. They do this using some of the same techniques as Nmap as well as many different ideas. Xprobe has always emphasized the ICMP protocol in their fingerprinting approach.
Download: sys-security.com/html/projects/X.html
SolarWinds Toolsets:
Platform: Linux, FreeBSD/NetBSD/OpenBSD and/or proprietary UNIX systems (Solaris, HP-UX, IRIX, etc.) License: Freeware
A plethora of network discovery/monitoring/attack tools.
Description: SolarWinds has created and sells dozens of special-purpose tools targeted at systems administrators. Security related tools include many network discovery scanners
and an SNMP brute-force cracker. These tools are Windows only, cost big money, and do not include source code.
Download: solarwinds.com
NGrep:
Platform: Windows License: Freeware, Shareware
Convenient packet matching & display tool.
Description: ngrep strives to provide most of GNU grep’s common features, applying them to the network layer. ngrep is a pcap-aware tool that will allow you to specify extended regular or hexadecimal expressions to match against data payloads of packets. It currently recognizes TCP, UDP and ICMP across Ethernet, PPP, SLIP, FDDI, Token Ring and null interfaces, and understands bpf filter logic in the same fashion as more common packet sniffing tools, such as tcpdump and snoop.
Download: packetfactory.net/projects/ngrep/
Perl / Python:
Platform: Windows, Linux, FreeBSD/NetBSD/OpenBSD and/or proprietary UNIX systems (Solaris, HP-UX, IRIX, etc.) License: Freeware
Portable, general-purpose scripting languages.
Description: While many canned security tools are available on this page for handling common tasks, it is important to have the ability to write your own (or modify the
existing ones) when you need something more custom. Perl and Python make it very easy to write quick, portable scripts to test, exploit, or fix systems! Archives like CPAN are filled with modules such as Net::RawIP and protocol implementations to make your
tasks even easier.
Download: perl.org
THC-Amap:
Platform: Windows, Linux, FreeBSD/NetBSD/OpenBSD and/or proprietary UNIX systems (Solaris, HP-UX, IRIX, etc.) License: Freeware
An application fingerprinting scanner. Description: Amap (by THC) is a fairly new but powerful scanner which probes each port to identify applications and services rather than relying on static port mapping.
Download: thc.org
OpenSSL:
Platform: Linux, FreeBSD/NetBSD/OpenBSD and/or proprietary UNIX systems (Solaris, HP-UX, IRIX, etc.) License: Freeware
The premier SSL/TLS encryption library.
Description: The OpenSSL Project is a collaborative effort to develop a robust, commercial-grade, full-featured, and Open Source toolkit implementing the Secure Sockets Layer (SSL v2/v3) and Transport Layer Security (TLSv1) protocols as well as a full-strength general purpose cryptography library. The project is managed by a
worldwide community of volunteers that use the Internet to communicate, plan, and develop the OpenSSL toolkit and its related documentation.
Download: openssl.org
NTop:
Platform: Windows, Linux, FreeBSD/NetBSD/OpenBSD and/or proprietary UNIX systems (Solaris, HP-UX, IRIX, etc.) License: Freeware
A network traffic usage monitor.
Description: Ntop shows network usage in a way similar to what top does for processes. In interactive mode, it displays the network status on the user’s terminal. In Web mode, it acts as a Web server, creating an HTML dump of the network status. It sports a NetFlow/sFlow emitter/collector, an HTTP-based client interface for creating ntop-centric monitoring applications, and RRD for persistently storing traffic statistics.
Download: ntop.org
Nemesis:
Platform: Windows, Linux, FreeBSD/NetBSD/OpenBSD and/or proprietary UNIX systems (Solaris, HP-UX, IRIX, etc.) License: Freeware
Simplified Packet injection.
Description: The Nemesis Project is designed to be a commandline-based, portable human IP stack for UNIX/Linux and Windows!.The suite is broken down by protocol, and should allow for useful scripting of injected packet streams from simple shell scripts. If you enjoy Nemesis, you might also want to look at hping2. They complement each other well.
Download: packetfactory.net/projects/nemesis/
LSOF:
Platform: Windows, Linux, FreeBSD/NetBSD/OpenBSD and/or proprietary UNIX systems (Solaris, HP-UX, IRIX, etc.) License: Freeware
LiSt Open Files.
Description: Lsof is an extremely powerful unix diagnostic tool. Its name stands for LiSt Open Files, and it does that very well. It lists information about any files that are
open by processes currently running on the system. It is useful for pinpointing which process is using each network socket. Supports reporting of TCP flags, socket options, and
states. Improved POSIX support and good compatability with newer OS’s.
Download: Homepage
Honeyd:
Platform: Linux License: Freeware
Your own personal honeynet.
Description: Honeyd is a small daemon that creates virtual hosts on a network. The hosts can be configured to run arbitrary services, and their TCP personality can be adapted
so that they appear to be running certain versions of operating systems. Honeyd enables a single host to claim multiple addresses on a LAN for network simulation. It is possible to ping the virtual machines, or to traceroute them. Any type of service on the virtual
machine can be simulated according to a simple configuration file. It is also possible to proxy services to another machine rather than simulating them.
Download: citi.umich.edu/u/provos/honeyd/
Achille:
Platform: Windows, Linux, FreeBSD/NetBSD/OpenBSD and/or proprietary UNIX systems (Solaris, HP-UX, IRIX, etc.) License: Freeware
A Windows web attack proxy
Description: Achilles is a tool designed for testing the security of web applications. Achilles is a proxy server, which acts as a man-in-the-middle during an HTTP session. A typical HTTP proxy will relay packets to and from a client browser and a web server. Achilles will intercept an HTTP session’s data in either direction and give the user the ability to alter the data before transmission. For example, during a normal HTTP SSL connection a
typical proxy will relay the session between the server and the client and allow the two end nodes to negotiate SSL. In contrast, when in intercept mode, Achilles will pretend to be the server and negotiate two SSL sessions, one with the client browser and another
with the web server. As data is transmitted between the two nodes, Achilles decrypts the data and gives the user the ability to alter and/or log the data in clear text before transmission.
Download: mavensecurity.com/achilles
Stunnel:
Platform: Windows License: Freeware
A general-purpose SSL cryptographic wrapper.
Description: The stunnel program is designed to work as an SSL encryption wrapper between remote client and local(inetd-startable) or remote server. It can be used to add SSL functionality to commonly used inetd daemons like POP2, POP3, and IMAP servers without any changes in the programs’ code. It will negotiate an SSL connection using the OpenSSL or SSLeay libraries.
Download: stunnel.org
Paketto Keiretsu:
Platform: Windows, Linux, FreeBSD/NetBSD/OpenBSD and/or proprietary UNIX systems (Solaris, HP-UX, IRIX, etc.) License: Freeware
Extreme TCP/IP.
Description: The Paketto Keiretsu is a collection of tools that use new and unusual strategies for manipulating TCP/IP networks. They tap functionality within existing infrastructure and stretch protocols beyond what they were originally intended for. It includes Scanrand, an unusually fast network service and topology discovery system, Minewt, a user space NAT/MAT router, linkcat, which presents a Ethernet link to stdio, Paratrace, which traces network paths without spawning new connections, and Phentropy, which uses OpenQVIS to render arbitrary amounts of entropy from data sources in three dimensional phase space.
Download: doxpara.com/read.php/code/paketto.html
Fragroute:
Platform: Linux, FreeBSD/NetBSD/OpenBSD and/or proprietary UNIX systems (Solaris, HP-UX, IRIX, etc.) License: Freeware
IDS systems’ worst nightmare!
Description: Fragroute intercepts, modifies, and rewrites egress traffic, implementing most of the attacks described in the Secure Networks IDS Evasion paper. It features
a simple ruleset language to delay, duplicate, drop, fragment, overlap, print, reorder, segment, source-route, or otherwise monkey with all outbound packets destined
for a target host, with minimal support for randomized or probabilistic behaviour. This tool was written in good faith to aid in the testing of intrusion detection systems, firewalls, and basic TCP/IP stack behaviour. Like Dsniff, and Libdnet, this excellent tool was
written by Dug Song.
Download: monkey.org/~dugsong/fragroute/
SPIKE Proxy:
Platform: Windows, Linux, FreeBSD/NetBSD/OpenBSD and/or proprietary UNIX systems (Solaris, HP-UX, IRIX, etc.) License: Freeware
HTTP Hacking tool.
Description: Spike Proxy is an open source HTTP proxy for finding security flaws in web sites. It is part of the Spike Application Testing Suite and supports automated SQL injection detection, web site crawling, login form brute forcing, overflow detection, and directory traversal detection.
Download: ntop.org
THC-Hydra:
Platform: Windows, Linux, FreeBSD/NetBSD/OpenBSD and/or proprietary UNIX systems (Solaris, HP-UX, IRIX, etc.) License: Freeware
Parallized network authentication cracker.
Description: This tool allows for rapid dictionary attacks against network login systems, including FTP, POP3, IMAP, Netbios, Telnet, HTTP Auth, LDAP NNTP, VNC, ICQ, Socks5, PCNFS, and more. It includes SSL support and is apparently now part of Nessus. Like Amap, this release is from the fine folks at THC.
Download: ntop.org
