This document provides information on various open source and low-cost security tools and solutions, including test email servers, phishing training modules, phishing frameworks, password checking tools, email alerts, network mapping tools, and more. It also lists free business intelligence software, and resources on avoiding business email compromise scams.

1. BEC Open Source or low-cost Solutions (Mostly) offerings:
Test Email Server with KnowBe4 Can your email system (Server) be Spoofed for a BEC spear
Phishing Attack.
https://info.knowbe4.com/dst-sweepstakes-102017
PhishMe CBT: 15 Free securityawarenessComputerBasedTraining(CBT) modules
Can be used with a LMS. Each module takes5‐15 minutesto complete,withanoptional 5minutesof
interactive Q&A. https://phishme.com/cbfree-computer-based-training-enjoy-awareness
Gophish:Anopensource Phishingframework/tool. https://getgophish.com/
Pwned: Has your email password been compromised? Have I Been Pwned
Check Personal/Work accounts https://haveibeenpwned.com/
Check all users of your email domain https://haveibeenpwned.com/DomainSearch
Google Alerts to protect/trackyour Staff, Company, Websites online
https://www.google.com/alerts#
Maltego is capable of querying various public data sources and graphically depicting the
relationships between entities such as people, companies, websites, and documents.
https://www.paterva.com/web7/buy/maltego-clients/maltego-ce.php
Digital Shadows: Prevent & Mitigate Increasingly Targeted Attacks
Situational Awareness
https://www.digitalshadows.com/
Great Free Digital Detox kit https://myshadow.org/detox
About the Data What is stored about you online by trackers:
https://aboutthedata.com/portal/registration/step1
Panopticlick tool that will tell if online trackers and the site itself may be able to identify you
https://panopticlick.eff.org
Photo MetaData: What is hidden in your photos http://regex.info/exif.cgi
Private Internet Access: A good VPN Service: For secure use of Internet on public WiFi
https://www.privateinternetaccess.com

2. Security IQ Free Personal
https://securityiq.infosecinstitute.com/
What’s Included:
Maximum Learners 10 Drive By Phishing Attacks
Automated Campaign Limit 5 Core Security Awareness Modules
Report Open, Phish, Avoid Rates and Learner Progress
Check your Systems Find Open Source:
IoT Scanner: Do you have IoT devices that are putting a hole in your network?
A free IoT Scanner https://iotscanner.bullguard.com
CheckPoints free Firewall Check
•Ransomware •Anonymizer Usage
•Identity Theft / Phishing •Sensitive Data leakage
•Zero Day Vulnerability •Browser Attack
•Bot Infection
http://www.cpcheckme.com/checkme/
OpenVas: A great Open Source vulnerability scannerand manager http://www.openvas.org
NTOP: Does flow analysis that can be configured for anomaly detection http://www.ntop.org
Xplico: Network Forensic Analysis Tool (NFAT) https://www.xplico.org
Google Rapid Response: GRR (Google Rapid Response) is an incident response framework to
help with remote live forensics.
https://github.com/google/grr
Skyline: a real-time anomaly detection systemthat enables us to monitor hundreds of
thousands of metrics https://github.com/etsy/skyline
SQLMap: Detects SQL injection vulnerability in a website http://sqlmap.org/
Google Nogotofail: Network traffic security testing tool for SSL/TLS
https://github.com/google/nogotofail
FOCA What MetaData is leaking on your websites:
https://www.elevenpaths.com/labstools/foca/index.html
A Long list of Open Source Security Software : http://sectools.org/

3. Open Source Threat Intel TC Open
https://www.threatconnect.com/register-for-free/
What’s Included:
 1 user license
 Access to 100+ open source intelligence feeds (OSINT)
 Access to threat, incident, and adversary data
DCEPT: Anopensource Active DirectoryHoneytokensystem. https://github.com/secureworks/dcept
15 Essential Open Source Security Tools
1. Nmap - map your network and ports with the number one port scanning tool. Nmap now
features powerful NSE scripts that can detect vulnerabilities, misconfiguration and security
related information around network services.
2. OpenVAS - open source vulnerability scanning suite that grew from a fork of the Nessus
engine when it went commercial.
3. OSSEC - host based intrusion detection systemor HIDS, easy to setup and configure. OSSEC
has far reaching benefits for both security and operations staff.
4. Security Onion - a network security monitoring distribution. Detect everything from brute
force scanning kids to those nasty APT's.
5. Metasploit Framework - test all aspects of your security with an offensive focus. Primarily a
penetration testing tool, Metasploit has modules that not only include exploits but also
scanning and auditing.
6. OpenSSH - secure all your traffic between two points by tunnelling insecure protocols
through an SSH tunnel.
7. Wireshark - view traffic in as much detail as you want. Use Wireshark to follow network
streams and find problems.
8. Kali Linux Kali is a security testing Linux distribution. It comes prepackaged with hundreds of
powerful security testing tools.
9. Nikto - is great for firing at a web server to find known vulnerable scripts, configuration
mistakes and related security problems.

4. 10. Truecrypt - encrypt all the things. As of 2014, the TrueCrypt product is no longer being
maintained. VeraCrypt was forked and has been through extensive security audits.
Website https://veracrypt.codeplex.com
11. Moloch is packet capture analysis, and has great support for protocol decoding and display
of captured data.
12. Bro IDS totes itself as more than an Intrusion Detection System, it decodes protocols and
looks for anomalies within the traffic.
13. Snort is a real time traffic analysis and packet logging tool.
14. OSQuery monitors a host for changes and is built to be performant from the ground up.
15. GRR - Google Rapid Response a tool developed by Google for security incident response.
Open Source Tools for Developers and Network Admins:
Commit Watcher:Check code repos for secrets
SourceClearcame upwith CommitWatcher,a free opensource tool that looksforpotentiallyhazardous
commitsinpublicandprivate Git repositories.
Jak: Encrypt your secrets inGit
It’sDeveloper101 to keepsecretsoutof yourcode.Instead,youshouldkeeptheminaconfiguration
file,thenaddthe configfile tothe .gitignore listtopreventitfrombeingcommittedtothe code
repository.Keystoconnecttoitemslike paymentsystems,emailers,andvirtual machines,whichhave
to be manuallyplaceddirectlyontoapplicationservers,mustbe managedcompletelyseparatelyfrom
the source code.This presentschallengeswhenthose keysneedtobe shared.
The Pythonproject Jak tacklesthisproblembylettingdeveloperscommitencryptedversionsof sensitive
filesintoGit.Insteadof .gitignore,developerslistsensitivefilesinajakfile,andwhenit’stime to
commit,Jakensuresthatonlythe encryptedversionsof the fileswindupinthe repository.Jaktakes
care of encryptinganddecryptingthe fileasnecessary,anditautomaticallygeneratesandupdatesthe
encryptionkeys.
Yara: Use pattern-matchingto find trouble
Malware researcherslike touse Yara, to identifyandclassifymaliciousfilesamples.Itcanalsobe useful
as part of incidentresponse andforensicsinvestigations.Youcreate rules—composedof textstrings,
hexadecimalvalues,orregularexpressions—andYaracrawlsthroughthe suspiciousdirectoriesandfiles
lookingforanymatches.
ProcFilter:Use pattern-matchingto stop trouble

5. ProcFilter,anopensource project, allowsyoutoapplyYara rulestorunningprocesses,aswell asblock
or log executables(andquarantine associatedfiles) basedonmatches.
ProcFilterrunsasa Windowsservice andintegrateswithMicrosoft’sEventTracingforWindows(ETW)
API,so itcan log itsactivitiesdirectlyintoWindowsEventLog.
OSquery: Querythe endpointfor systemstate
Locate maliciousprocesses,rogue plugins,orsoftware vulnerabilitiesinyourWindows,MacOS,and
Linux endpoints byusingaSQL query. OSquery,anopensource tool collectsoperatingsystem
informationsuchasrunningprocesses,loadedkernel modules,opennetworkconnections,browser
plugins,hardware events,andfilehashesintoarelational database.If youcanwrite a SQL query,that’s
all youneedto getanswersto securityquestions—nocomplex code required.
For example,the followingquerywouldfindall processeslisteningonnetworkports:
SELECT DISTINCTprocess.name,listening.port,listening.address,process.pidFROMprocessesAS
processJOIN listening_portsASlisteningON process.pid=listening.pid;
Thisquerywouldfindanomaliesinthe AddressResolutionProtocol (ARP) cache,whichcontains
informationaboutIPaddressesandtheirresolvedEthernetphysical addresses:
SELECT address,mac,COUNT (mac)ASmac_countFROMarp_cache GROUP BY mac HAVING
COUNT(mac)>1;
40 Open Source and Free Business Intelligence Software in 2017
https://www.predictiveanalyticstoday.com/open-source-free-business-intelligence-solutions
https://www.highya.com/articles-guides/how-to-avoid-business-email-compromise-bec-scams
https://www.fincen.gov/resources/advisories/fincen-advisory-fin-2016-a003
https://verafin.com/wp-content/uploads/2016/12/email-compromise-fraud-schemes-IG-Verafin-161004.pdf
https://verafin.com/2017/07/business-email-compromise-bec-fraud/
https://www.us-cert.gov/ncas/current-activity/2017/05/04/IC3-Warns-Increase-BECEAC-Schemes