Security Tools |
| Access Diver | AccessDiver is a software which can detect security failures on your web pages. It has multiple efficient tools which will verify the robustness of your accounts and directories accurately. So, you will know if your customers, your users and yourself can safely use your web site. Tests over 300 known security holes on your server's directories. |
| Ad-aware | Ad-aware identifies and removes these surreptitiously installed applications. Using updateable "reflists," which are sort of like antivirus DAT files, Ad-aware scours your system--including Registry and temporary Internet files--and looks for traces of recognized adware modules. When it's finished searching, it displays a list of what it found and lets you select the items you'd like to remove from your system. And when coupled with its companion program, RefUpdate, you're always assured of using the most comprehensive list of adware to search for. The main drawback is that some ad-supported programs, such as GoZilla Free, will no longer function if you remove their ad modules. If privacy is your main concern, Ad-aware will help keep you anonymous on the Web. A great tool if you're stuck on a windows box. |
| asleap | Easily demostrates weaknesses in the LEAP protocol. LEAP uses a modified ms-chapv2 exchange to authenticate users. This tool allows you to not only recover leap passwords, but pptp ones as well. Since many people are using pptp to secure their wireless networks. |
| AutoPatcher | AutoPatcher is based on the functionality of these special updates, automating their installation process. This way, with only a few mouse clicks and two minutes of your time, AutoPatcher is able to continue with the installation of the items you selected. In short, AutoPatcher combines the advantage of both Windows Update (presentation and description of updates and automated installation), and the special administrative updates (portability and installation without the need of an Internet connection). Great solution for getting a ton of machines up to date fast. |
| BCWipe | BCWipe securely erases data from magnetic and solid-state memory, by repeatedly overwriting special patterns in the files to be destroyed. In normal mode, 34 patterns are used (of which 8 are random); in quick mode, U.S. DoD (Department of Defence) 5200.28 standard are used with 7-pass wiping; and in custom mode, U.S. DoD 5200.28 standards are used with a user-defined number of passes. |
| bsd-airtools | bsd-airtools is a package that provides a complete toolset for wireless 802.11b auditing. Namely, it currently contains a BSD-based WEP cracking application called dweputils (as well as kernel patches for NetBSD, OpenBSD, and FreeBSD). It also contains a curses-based AP detection application similar to netstumbler (dstumbler) that can be used to detect wireless access points and connected nodes, view signal to noise graphs, interactively scroll through scanned APs, and view statistics for each. It also includes a couple other tools to provide a complete toolset for making use of all 14 of the prism2 debug modes as well as do basic analysis of the hardware-based link-layer protocols provided by prism2's monitor debug mode. |
| ClamSMTP | ClamSMTP is an SMTP filter that allows you to check for viruses using the ClamAV anti-virus software. It accepts SMTP connections and forwards the SMTP commands and responses to another SMTP server. The 'DATA' email body is intercepted and scanned before forwarding. ClamSMTP can also be used as a transparent proxy to filter an entire network's SMTP traffic at the router. |
| Core Impact | CORE IMPACT is the first automated, comprehensive penetration testing product for assessing specific information security threats to an organization. With CORE IMPACT, any network administrator can now safely and efficiently determine exactly how an attacker can get control of their valuable information assets. The closest thing to the "hack" button I've ever seen. |
| DansGuardian | DansGuardian is an award winning Open Source web content filter which currently runs on Linux, FreeBSD, OpenBSD, NetBSD, Mac OS X, HP-UX, and Solaris. It filters the actual content of pages based on many methods including phrase matching, PICS filtering and URL filtering. It does not purely filter based on a banned list of sites like lesser totally commercial filters. |
| Darik's Boot and Nuke | Darik's Boot and Nuke ("DBAN") is a self-contained boot floppy that securely wipes the hard disks of most computers. DBAN will automatically and completely delete the contents of any hard disk that it can detect, which makes it an appropriate utility for bulk or emergency data destruction. |
| DiskId32 | DiskId32 is a Win32 console utility for reading the manufacturor's information from your hard drives. It runs under Windows 9X, Win NT, Win 2K and Win XP (Pro/Home). |
| DiskInternals | Founded in 2003, DiskInternals is an award-winning, software-engineering company that has since developed, and continues to develop, a wide scope of high-quality software products. The DiskInternals software assortment comprises high-quality software products to be used in all major Windows™ systems, including: Windows 95, 98, NT4, 2000, XP, 2003. We specialize in disk utilities and ready-made solutions for recovering data from any storage media including hard disks, all types of removable disks, digital cameras, CDs and DVDs. |
| DSniff | A suite of powerful for sniffing networks for passwords and other information. Includes sophisticated techniques for defeating the "protection" of network switchers. |
| Ethereal | Network traffic analyzer Ethereal is a network traffic analyzer, or "sniffer", for Unix and Unix-like operating systems. It uses GTK+, a graphical user interface library, and libpcap, a packet capture and filtering library. |
| ettercap | Ettercap is a multipurpose sniffer/interceptor/logger for switched LAN. It supports active and passive dissection of many protocols (even ciphered ones) and includes many feature for network and host analysis. |
| F.I.R.E. | FIRE is a portable bootable cdrom based distribution with the goal of providing an immediate environment to perform forensic analysis, incident response, data recovery, virus scanning and vulnerability assessment. Also provides necessary tools for live forensics/analysis on win32, sparc solaris and x86 linux hosts just by mounting the cdrom and using trusted static binaries available in /statbins. |
| Fport | fport reports all open TCP/IP and UDP ports and maps them to the owning application. This is the same information you would see using the 'netstat -an' command, but it also maps those ports to running processes with the PID, process name and path. Fport can be used to quickly identify unknown open ports and their associated applications. Finally a tool for windows that gives you the output lsof -i or netstat -p would in *nix. |
| fwknop | fwknop stands for the "FireWall KNock OPerator", and implements an authorization scheme based around Netfilter and libpcap that requires only a single encrypted packet in order to communicate various pieces of information including desired access through a Netfilter policy and/or complete commands to execute on the target system. By using Netfilter to maintain a "default drop" stance, the main application of this program is to protect services such as OpenSSH with an additional layer of security in order to make the exploitation of vulnerabilities (both 0-day and unpatched code) much more difficult. The authorization server passively monitors authorization packets via libcap and hence there is no "server" to which to connect in the traditional sense. Access to a protected service is only granted after a valid encrypted and non-replayed packet is monitored. |
| Geobytes | A website that maps ip addresses to physical locations. |
| grsecurity | Grsecurity is the most extensive set of security patches to the 2.4 tree of Linux kernels to date. It features ports of popular security patches for the 2.2 tree of Linux kernels (such as Openwall, available at http://www.openwall.com/linux), its own ACL system, various other adapted features (such as the Trusted Path Execution and random IP ID implementations), as well as a great deal of enhanced auditing/logging features. |
| Hping2 | hping2 is a network tool able to send custom ICMP/UDP/TCP packets and to display target replies like ping does with ICMP replies. It handles fragmentation and arbitrary packet body and size, and can be used to transfer files under supported protocols. Using hping2, you can: test firewall rules, perform [spoofed] port scanning, test net performance using different protocols, packet size, TOS (type of service), and fragmentation, do path MTU discovery, tranfer files (even between really Fascist firewall rules), perform traceroute-like actions under different protocols, fingerprint remote OSs, audit a TCP/IP stack, etc. hping2 is a good tool for learning TCP/IP. |
| IIS Lockdown Tool | IIS Lockdown Wizard version 2.1 works by turning off unnecessary features, thus reducing attack surface available to attackers. To provide multiple layers of protection against attackers, URLscan, with customized templates for each supported server role, is integrated into the IIS Lockdown Wizard. |
| illMob | A greyhat site with alot of great tools, and links to other hacking sites. They have the latest dcom exploit compiled as a win32 executable. They mostly have win32 hacking utils, including nifty keyboard loggers... |
| IPFilter | IP Filter is a TCP/IP packet filter, suitable for use in a firewall environment. To use, it can either be used as a loadable kernel module orincorporated into your UNIX kernel; use as a loadable kernel module where possible is highly recommended. Scripts are provided to install and patch system files, as required. Widely considered to be the best opensource packet filter available. As well as the technological inspiration for many commerically available packet filtering firewalls. |
| Kerberos Module for Apache | Mod_auth_kerb is an Apache module designed to provide Kerberos authentication to the Apache web server. Using the Basic Auth mechanism, it retrieves a username/password pair from the browser and checks them against a Kerberos server as set up by your particular organization. The module also supports the Negotiate authentication method, which performs full Kerberos authentication based on ticket exchanges, and does not require users to insert their passwords to the browser. |
| Kismet | Kismet is an 802.11b network sniffer and network dissector. It is capable of sniffing using PRISM 2 or Linux-kernel supported wireless cards, automatic network IP block detection via UDP, ARP, and DHCP packets, Cisco equipment lists via Cisco Discovery Protocol, weak cryptographic packet logging, and Ethereal and tcpdump compatible packet dump files. |
| L0pht Crack | L0phtCrack is an NT password auditting tool. It will compute NT user passwords from the cryptographic hashes that are stored by the NT operation system. L0phtcrack can obtain the hashes through many sources (file, network sniffing, registry, etc) and it has numerous methods of generating password guesses (dictionary, brute force, etc). |
| loop-AES | This package provides loadable Linux kernel module (loop.o or loop.ko on 2.6 kernels) that has AES cipher built-in. The AES cipher can be used to encrypt local file systems and disk partitions. One of the most advanced and secure implementations of file system encryption I've ever seen. |
| MAC Address Lookup | A simple little online util that will look up the mfg of a particular mac address you supply it. Useful for finding out which device in your network is causing that annoying broadcast storm. |
| Metasploit Project | The Metasploit Framework is an advanced open-source platform for developing, testing, and using exploit code. This project initially started off as a portable network game and has evolved into a powerful tool for penetration testing, exploit development, and vulnerability research. Finally an open source version of Core Security Technology's Impact. |
| NBTScan | NetBIOS Name Network Scanner is a program for scanning IP networks for NetBIOS name information. It sends NetBIOS status query to each address in supplied range and lists received information in human readable form. For each responded host it lists IP address, NetBIOS computer name, logged-in user name and MAC address. |
| Nessus | The "Nessus" Project aims to provide to the internet community a free, powerful, up-to-date and easy to use remote security scanner. A security scanner is a software which will audit remotely a given network and determine whether bad guys (aka 'crackers') may break into it, or misuse it in some way. Unlike many other security scanners, Nessus does not take anything for granted. That is, it will not consider that a given service is running on a fixed port - that is, if you run your web server on port 1234, Nessus will detect it and test its security. It will not make its security tests regarding the version number of the remote services, but will really attempt to exploit the vulnerability. Nessus is very fast, reliable and has a modular architecture that allows you to fit it to your needs. |
| Net Stumbler | NetStumbler.com is a website dedicated to wireless networking technology and security of all kinds. We do our best to keep our website up to date with the latest wireless news - we really appreciate user submitted stories. NetStumbler.com is also the official home of the NetStumbler software. NetStumbler the program is a Windows utility for 802.11b based wireless network auditing written by Marius Milner. Considered the best war driving tool around. |
| Netcat | TCP/IP swiss army knife A simple Unix utility which reads and writes data across network connections using TCP or UDP protocol. It is designed to be a reliable "back-end" tool that can be used directly or easily driven by other programs and scripts. At the same time it is a feature-rich network debugging and exploration tool, since it can create almost any kind of connection you would need and has several interesting built-in capabilities. |
| netfilter | IP packet filter administration for 2.4.X kernels Iptables is used to set up, maintain, and inspect the tables of IP packet filter rules in the Linux kernel. The iptables tool also supports configuration of dynamic and static network address translation. The packet filtering suite in linux 2.4.x is excellent, it allows rate limiting, and related state connection filtering. As well as reverse nat and transparent proxying. |
| Nikto | Nikto is an Open Source (GPL) web server scanner which performs comprehensive tests against web servers for multiple items, including over 3200 potentially dangerous files/CGIs, versions on over 625 servers, and version specific problems on over 230 servers. Scan items and plugins are frequently updated and can be automatically updated (if desired). |
| NMAP | nmap is a utility for port scanning large networks, although it works fine for single hosts. The guiding philosophy for the creation of nmap was TMTOWTDI (There's More Than One Way To Do It). This is the Perl slogan, but it is equally applicable to scanners. Sometimes you need speed, other times you may need stealth. In some cases, bypassing firewalls may be required. Not to mention the fact that you may want to scan different protocols (UDP, TCP, ICMP, etc.). nmap also supports a number of performance and reliability features such as dynamic delay time calculations, packet timeout and retransmission, parallel port scanning, detection of down hosts via parallel pings. Nmap also offers flexible target and port specification, decoy scanning, determination of TCP sequence predictability characteristics, and output to machine parseable or human readable log files. In short NMAP is THE network portscanner.
|
| Ntop | Display network usage in top-like format ntop is a Network Top program. It displays a summary of network usage by machines on your network in a format reminicent of the unix top utility. It can also be run in web mode, which allows the display to be browsed with a web browser. |
| Open Source Digital Forensics | The Open Source Digital Forensics site is a reference for the use of open source software in digital forensics and incident response. Open source tools may have a legal benefit over closed source tools because they have a documented procedure and allow the investigator to verify that a tool does what it claims. |
| OpenVMPS | VMPS (VLAN Management Policy Server) is a way of assigning switch ports to specific VLANs based on MAC address of connecting device. OpenVMPS is a GPL implementation of VMPS. More about VMPS you can read on www.cisco.com. |
| OpenVPN | OpenVPN is a full-featured SSL VPN solution which can accomodate a wide range of configurations, including remote access, site-to-site VPNs, WiFi security, and enterprise-scale remote access solutions with load balancing, failover, and fine-grained access-controls. Runs on Linux, Windows 2000/XP and higher, OpenBSD, FreeBSD, NetBSD, Mac OS X, and Solaris.
|
| Openwall Linux kernel patch | The Openwall Linux kernel patch is a collection of security "hardening" features for the Linux kernel. In addition to the new features, some versions of the patch contain various security fixes. The "hardening" features of the patch, while not a complete method of protection, provide an extra layer of security against the easier ways to exploit certain classes of vulnerabilities and/or reduce the impact of those vulnerabilities. The patch can also add a little bit more privacy to the system by restricting access to parts of /proc so that users may not see what others are doing. |
| Orenosp Secure Reverse Proxy | Orenosp is a secure reverse proxy and load-balancer for HTTP/HTTPS and secure port forwarder for many TCP-based applications. It can be used as an low-cost alternative solution to VPNs using IPSec or PPTP. Orenosp runs on Windows platforms (NT, 2000, XP and 2003), Linux x86, and Mac OS X. |
| oxid | An assortment of interesting tools. Of interest is Cain & Abel which is password recovery tool for Microsoft Operating Systems. It allows easy recovery of various kind of passwords by sniffing the network, cracking encrypted passwords using Dictionary, Brute-Force and Cryptanalysis attacks, recording VoIP conversations, decoding scrambled passwords, recovering wireless network keys, revealing password boxes, uncovering cached passwords and analyzing routing protocols. |
| P0f v2 | P0f v2 is a versatile passive OS fingerprinting tool. All this even if the device in question is behind a fascist packet firewall. It's still passive. It does not generate any network traffic. No name lookups, no traffic to the victim, no ARIN queries, no traceroute. |
| Per Host RatE Limiter | PHREL is a Per Host RatE Limiter written in C to efficiently track the rate of incoming traffic on a per host basis and insert a chain into iptables when a configured threshold is crossed. The inserted chain may either rate limit or completely block the offending host for a period of time and will be automatically removed when the offending host's traffic levels return to normal. PHREL can be used with any type of traffic, but it is particularly well suited to protecting name servers from random hosts that flood DNS requests and preventing SSH brute force login attempts. |
| PF: The OpenBSD Packet Filter | Packet Filter (from here on referred to as PF) is OpenBSD's system for filtering TCP/IP traffic and doing Network Address Translation. PF is also capable of normalizing and conditioning TCP/IP traffic and providing bandwidth control and packet prioritization. PF has been a part of the GENERIC OpenBSD kernel since OpenBSD 3.0. Previous OpenBSD releases used a different firewall/NAT package which is no longer supported. PF has also been ported to FreeBSD. |
| pGina | A plugin alternative gina login for Windows that allows authentication against a variety of different mechanisms. |
| Policies with Samba | Just as the title says, how to implement policies for windows computers with samba as your domain controller. |
| PopUp Killer | PopUp Killer is the original and most powerful popups destroying- machine ever created. With PopUp Killer you will be able to browse the web without being molested by those annoying ads that popup when you visit some web sites. |
| Postgrey | Postgrey is a Postfix policy server implementing greylisting. |
| Privoxy | Privoxy is a web proxy with advanced filtering capabilities for protecting privacy, modifying web page content, managing cookies, controlling access, and removing ads, banners, pop-ups and other obnoxious Internet junk. Privoxy has a very flexible configuration and can be customized to suit individual needs and tastes. Privoxy has application for both stand-alone systems and multi-user networks. |
| Remote Access Session | "Remote Access Session" is a security tool to analyze the integrity of systems. The program tries to gain access to a system using the most advanced techniques of remote intrusion. It can either work in normal mode (which is fast) or hard mode (which is more intensive). There is a big difference between "Remote Access Session" and other remote security audit tools as "Nessus" or "Internet Scanner" - If "Remote Access Session" finds a remote vulnerability that gives a user account or root, it will try to exploit it and it will return a shell. In my honest opinion, this is the only way to discard false positives of remote vulnerabilities, and the only way to demonstrate that the danger is real to upper management. "Remote Access Session" is not a hacker tool. It has been designed for system administrators and security engineers, and does not attempt any kind of stealth. |
| RootkitRevealer | Since persistent rootkits work by changing API results so that a system view using APIs differs from the actual view in storage, RootkitRevealer compares the results of a system scan at the highest level with that at the lowest level. The highest level is the Windows API and the lowest level is the raw contents of a file system volume or Registry hive (a hive file is the Registry's on-disk storage format). Thus, rootkits, whether user mode or kernel mode, that manipulate the Windows API or native API to remove their presence from a directory listing, for example, will be seen by RootkitRevealer as a discrepancy between the information returned by the Windows API and that seen in the raw scan of a FAT or NTFS volume's file system structures. |
| Self Port Scan | A php script that will nmap the IP address connecting to it. Useful to see if you have any services you running you aren't aware of. |
| Send EICAR | The test is based on standard pattern known as "EICAR Standard Anti-Virus Test File". It is safe to pass around, because it is not a virus, and does not include any fragments of viral code. Most products react to it as if it were a virus (though they typically report it with an obvious name, such as "EICAR-AV-Test"). This site allows you to send an EICAR test email to verify your emails AV. |
| SMAC | SMAC is a Windows MAC Address Modifying Utility which allows users to change MAC address for almost any Network Interface Cards (NIC) on the Windows 2000, XP, and 2003 Server systems, regardless of whether the manufactures allow this option or not. For a long time most people believed that you couldn't change mac's in windows, or that you could only change your mac if the mfg allowed. In reality a mac address is nothing more then a register setting copied from the nic's rom. |
| Sniffit | packet sniffer and monitoring tool sniffit is a packet sniffer for TCP/UDP/ICMP packets. sniffit is able to give you very detailed technical info on these packets (SEC, ACK, TTL, Window, ...) but also packet contents in different formats (hex or plain text, etc. ). |
| Snort | flexible packet sniffer/logger that detects attacks Snort is a libpcap-based packet sniffer/logger which can be used as a lightweight network intrusion detection system. It features rules based logging and can perform content searching/matching in addition to being used to detect a variety of other attacks and probes, such as buffer overflows, stealth port scans, CGI attacks, SMB probes, and much more. Snort has a real-time alerting capability, with alerts being sent to syslog, a separate "alert" file, or even to a Windows computer via Samba. |
| SpyBot Search & Destroy | Spybot - Search & Destroy can detect and remove spyware of different kinds from your computer. Spyware is a relatively new kind of threat that common anti-virus applications do not yet cover. If you see new toolbars in your Internet Explorer that you didn't intentionally install, if your browser crashes, or if you browser start page has changed without your knowing, you most probably have spyware. But even if you don't see anything, you may be infected, because more and more spyware is emerging that is silently tracking your surfing behaviour to create a marketing profile of you that will be sold to advertisement companies. Spybot-S&D is free, so there's no harm in trying to see if something snooped into your computer, too. |
| SSH FileSystem | SSHFS (Secure SHell FileSystem) is a file system for Linux capable of operating on files on a remote computer using just a secure shell login on the remote computer. On the local computer where the SSHFS is mounted, the implementation makes use of the FUSE (Filesystem in Userspace) kernel module. The practical effect of this is that the end user can seamlessly interact with remote files being securely served over SSH just as if they were local files on his/her computer. |
| Tcpdump | A powerful tool for network monitoring and data acquisition This program allows you to dump the traffic on a network. It can be used to print out the headers of packets on a network interface that matches a given expression. You can use this tool to track down network problems, to detect "ping attacks" or to monitor the network activities. |
| Tor | Tor is a toolset for a wide range of organizations and people who want to improve their safety and security on the Internet. Using Tor can help you anonymize web browsing and publishing, instant messaging, IRC, SSH, and more. Tor also provides a platform on which software developers can build new applications with built-in anonymity, safety, and privacy features. |
| Tripwire | A file and directory integrity checker. Tripwire is a tool that aids system administrators and users in monitoring a designated set of files for any changes. Used with system files on a regular (e.g., daily) basis, Tripwire can notify system administrators of corrupted or tampered files, so damage control measures can be taken in a timely manner. |
| vpnc | An open source client for cisco vpn concentrator. Also works as a vpn client for the pix firewall. |
| Windows 2000/XP ipsec tool | A ipsec setup tool that runs on windows 2000 and xp. It creates an ipsec policy based off of the configuration you supply it from a simple .conf file. Great because it allows you to setup secure ipsec connections between windows and unix machines without the use of the l2tp protocol.
This tool takes alot of the work out of ipsec configuration on windows. Definitely a time saver... even allows road warrior style connectivity. Disabling the use of l2pt for ipsec connections normally requires alot of work, this tool makes the process much easier. |
| Winfingerprint | Winfingerprint is a Win32 based security tool that is able to Determine OS, enumerate users, groups, shares, transports, sessions, services, service pack and hotfix level, date and time, disks, and open tcp ports. |
| WinSCP | WinSCP is an open source freeware SFTP client for Windows using SSH. Legacy SCP protocol is also supported. Its main function is safe copying of files between a local and a remote computer. |
| WPA-PSK Rainbow Tables | This page is to give a little more insight into the methodology and logic behind conceiving and building the CoWF WPA-PSK Rainbow Tables. |
| Last Modified : September 14, 2009 |
