From Collaborative InfoSec Tool Library

Jump to: navigation, search

Categorized by Tool Type


Tool name: NMAP
Rating: 5.0 (3 votes)
Author: Fyodor                        
Website: http://nmap.org
Current version: 5.21
Last updated: January 26, 2010
Direct D/L link: http://nmap.org/dist/
License type: Free / Open Source
Platform(s): Linux   Windows   Mac OS X   Unix (BSD/Solaris/etc)   
Description: The king of port scanners. Nmap ("Network Mapper") is a free and open source (license) utility for network exploration or security auditing. Many systems and network administrators also find it useful for tasks such as network inventory, managing service upgrade schedules, and monitoring host or service uptime. Nmap uses raw IP packets in novel ways to determine what hosts are available on the network, what services (application name and version) those hosts are offering, what operating systems (and OS versions) they are running, what type of packet filters/firewalls are in use, and dozens of other characteristics. It was designed to rapidly scan large networks, but works fine against single hosts. Nmap runs on all major computer operating systems, and both console and graphical versions are available.
Also listed in: OS Fingerprinting Tools, Port Scanners
More details: Click here for more details, screenshots, related URLs & comments for this tool! (or to update its entry)



Tool name: Scapy
Rating: 5.0 (2 votes)
Author: Philippe Biondi                        
Website: http://www.secdev.org/projects/scapy
Current version: 2.1
Last updated: December 14, 2009
Direct D/L link: http://www.secdev.org/projects/scapy/files/scapy-latest.tar.gz
License type: GPLv2
Platform(s): Platform independent (Java, script etc)   
Description: Scapy is a powerful interactive packet manipulation tool, packet generator, network scanner, network discovery tool, and packet sniffer. It provides classes to interactively create packets or sets of packets, manipulate them, send them over the wire, sniff other packets from the wire, match answers and replies, and more. Interaction is provided by the Python interpreter, so Python programming structures can be used (such as variables, loops, and functions). Report modules are possible and easy to make.
Also listed in: Network Discovery & Mapping Tools, Packet Crafting & Injection Tools, Protocol Sniffers
More details: Click here for more details, screenshots, related URLs & comments for this tool! (or to update its entry)



Tool name: Wireshark
Rating: 5.0 (1 vote)
Author: Gerald Combs                        
Website: http://www.wireshark.org
Current version: 1.2.6
Last updated: January 27, 2010
Direct D/L link: http://www.wireshark.org/download.html
License type: Free
Platform(s): Linux   Windows   Mac OS X   Unix (BSD/Solaris/etc)   
Description: Wireshark (known as Ethereal until a trademark dispute in Summer 2006) is a fantastic open source network protocol analyzer for Unix and Windows. It allows you to examine data from a live network or from a capture file on disk. You can interactively browse the capture data, delving down into just the level of packet detail you need. Wireshark has several powerful features, including a rich display filter language and the ability to view the reconstructed stream of a TCP session. It also supports hundreds of protocols and media types. A tcpdump-like console version named tethereal is included. One word of caution is that Ethereal has suffered from dozens of remotely exploitable security holes, so stay up-to-date and be wary of running it on untrusted or hostile networks (such as security conferences).
Also listed in: Packet Sniffers, Protocol Sniffers
More details: Click here for more details, screenshots, related URLs & comments for this tool! (or to update its entry)



Tool name: Cain & Abel
Rating: 4.0 (1 vote)
Author: Massimiliano Montoro                        
Website: http://www.oxid.it/cain.html
Current version: 4.9.31
Last updated: May 27, 2009
Direct D/L link: http://www.oxid.it/downloads/ca_setup.exe
License type: Free
Platform(s): Windows   
Description: Premier password recovery tool for Windows. UNIX users often smugly assert that the best free security tools support their platform first, and Windows ports are often an afterthought. They are usually right, but Cain & Abel is a glaring exception. This Windows-only password recovery tool handles an enormous variety of tasks. It can recover passwords by sniffing the network, cracking encrypted passwords using Dictionary, Brute-Force and Cryptanalysis attacks, recording VoIP conversations, decoding scrambled passwords, revealing password boxes, uncovering cached passwords and analyzing routing protocols. It is also well documented.
Also listed in: Windows Password Crackers
More details: Click here for more details, screenshots, related URLs & comments for this tool! (or to update its entry)



Tool name: Metasploit Framework
Rating: 4.0 (2 votes)
Author: Metasploit LLC                        
Website: http://www.metasploit.com
Current version: 3.3.3
Last updated: December 22, 2009
Direct D/L link: http://www.metasploit.com/framework/download/
License type: Free
Platform(s): Linux   Windows   Mac OS X   Unix (BSD/Solaris/etc)   
Description: Metasploit took the security world by storm when it was released in 2004. It is an advanced open-source platform for developing, testing, and using exploit code. The extensible model through which payloads, encoders, no-op generators, and exploits can be integrated has made it possible to use the Metasploit Framework as an outlet for cutting-edge exploitation research. It ships with hundreds of exploits, as you can see in their online exploit building demo. This makes writing your own exploits easier, and it certainly beats scouring the darkest corners of the Internet for illicit shellcode of dubious quality. Similar professional exploitation tools, such as Core Impact and Canvas already existed for wealthy users on all sides of the ethical spectrum. Metasploit simply brought this capability to the masses.
Also listed in: Exploit Utilities & Frameworks
More details: Click here for more details, screenshots, related URLs & comments for this tool! (or to update its entry)



Tool name: Volatility
Rating: 4.0 (1 vote)
Author: Volatile Systems                        
Website: https://www.volatilesystems.com/default/volatility
Current version: 1.3 (beta)
Last updated: August 14, 2008
Direct D/L link: N/A
License type: Free / Open Source
Platform(s): Linux   Windows   Mac OS X   Platform independent (Java, script etc)   
Description: The Volatility Framework is a completely open collection of tools, implemented in Python under the GNU General Public License, for the extraction of digital artifacts from volatile memory (RAM) samples. The extraction techniques are performed completely independent of the system being investigated but offer unprecedented visibilty into the runtime state of the system. The framework is intended to introduce people to the techniques and complexities associated with extracting digital artifacts from volatile memory samples and provide a platform for further work into this exciting area of research.


The Volatility Framework demonstrates our committment to and belief in the importance of open source digital investigation tools . Volatile Systems is committed to the belief that the technical procedures used to extract digital evidence should be open to peer analysis and review. We also believe this is in the best interest of the digital investigation community, as it helps increase the communal knowledge about systems we are forced to investigate. Similarly, we do not believe the availability of these tools should be restricted and therefore encourage people to modify, extend, and make derivative works, as permitted by the GPL.
Capabilities
The Volatility Framework currently provides the following extraction capabilities for memory samples

* Image date and time
* Running processes
* Open network sockets
* Open network connections
* DLLs loaded for each process
* Open files for each process
* Open registry handles for each process
* A process' addressable memory
* OS kernel modules
* Mapping physical offsets to virtual addresses (strings to process)
* Virtual Address Descriptor information
* Scanning examples: processes, threads, sockets, connections,modules
* Extract executables from memory samples
* Transparently supports a variety of sample formats (ie, Crash dump, Hibernation, DD)
* Automated conversion between formats

Also listed in: Forensic Tools
More details: Click here for more details, screenshots, related URLs & comments for this tool! (or to update its entry)



Tool name: Windd: Windows Physical Memory Imaging Utility
Rating: 4.0 (1 vote)
Author: Matthieu Suiche                        
Website: http://windd.msuiche.net/
Current version: 1.3
Last updated: November 13, 2009
Direct D/L link: http://www.msuiche.net/countcount/click.php?id=10
License type: free
Platform(s): Windows   
Description: Windd is a free Windows utility, by Matthieu Suiche, which aims at being used as a swiss-knife to acquire the physical memory by investigators, incident responses engineers, malware analysts, system administrators and kernel developpers. Please notice ALL (32-bits + 64-bits, driver + executable) windd binaries are digitally signed to confirm they are from a trusted source.
Also listed in: Forensic Tools
More details: Click here for more details, screenshots, related URLs & comments for this tool! (or to update its entry)



Tool name: Rootkit Revealer
Rating: 3.0 (1 vote)
Author: Bruce Cogswell, Mark Russinovich                        
Website: http://technet.microsoft.com/en-us/sysinternals/default.aspx
Current version: 1.71
Last updated: November 1, 2006
Direct D/L link: http://download.sysinternals.com/Files/RootkitRevealer.zip
License type: Sysinternal (not free)
Platform(s): Windows   
Description: RootkitRevealer is an advanced rootkit detection utility. It runs on Windows NT 4 and higher and its output lists Registry and file system API discrepancies that may indicate the presence of a user-mode or kernel-mode rootkit. RootkitRevealer successfully detects many persistent rootkits including AFX, Vanquish and HackerDefender (note: RootkitRevealer is not intended to detect rootkits like Fu that don't attempt to hide their files or registry keys). If you use it to identify the presence of a rootkit please let us know!
Also listed in: Rootkit Detection Tools
More details: Click here for more details, screenshots, related URLs & comments for this tool! (or to update its entry)



Tool name: Angry IP Scanner
Rating: 0.0 (0 votes)
Author: Anton Keks                        
Website: http://www.angryziber.com/w/Home
Current version: 3.0 (beta 3)
Last updated: July 26, 2007
Direct D/L link: N/A
License type: Free / Open Source
Platform(s): Platform independent (Java, script etc)   
Description: Angry IP Scanner is a small open source Java application which performs host discovery ("ping scan") and port scans. The old 2.x release was Windows-only, but the new 3.X series runs on Linux, Mac, or Windows as long as Java is installed. Version 3.X omits the vampire zebra logo. As with all connect()-based scanners, performance on Windows XP SP2 and Vista can be poor due to limitations added to tcpip.sys. The Angry FAQ provides details and workarounds. A short review was posted to nmap-dev.
Also listed in: Network Discovery & Mapping Tools
More details: Click here for more details, screenshots, related URLs & comments for this tool! (or to update its entry)



Tool name: Argus
Rating: 0.0 (0 votes)
Author: Carnegie Mellon's Software Engineering Institute                        
Website: http://www.qosient.com/argus
Current version: 3.0.0
Last updated: April 9, 2008
Direct D/L link: N/A
License type: Free / Open Source
Platform(s): Linux   Windows   Mac OS X   Unix (BSD/Solaris/etc)   
Description: A generic IP network transaction auditing tool. Argus is a fixed-model Real Time Flow Monitor designed to track and report on the status and performance of all network transactions seen in a data network traffic stream. Argus provides a common data format for reporting flow metrics such as connectivity, capacity, demand, loss, delay, and jitter on a per transaction basis. The record format that Argus uses is flexible and extensible, supporting generic flow identifiers and metrics, as well as application/protocol specific information.
Also listed in: Network Traffic Profiling Tools
More details: Click here for more details, screenshots, related URLs & comments for this tool! (or to update its entry)



Tool name: Arp scan
Rating: 0.0 (0 votes)
Author: NTA                        
Website: http://www.nta-monitor.com/tools/arp-scan/index.html
Current version: 1.6
Last updated: April 2007
Direct D/L link: N/A
License type: Free / Open Source
Platform(s): Linux   Unix (BSD/Solaris/etc)   
Description: Arp-scan is a command-line tool that uses the ARP protocol to discover and fingerprint IP hosts on the local network. It is available for Linux and BSD under the GPL licence.
Also listed in: Network Discovery & Mapping Tools, OS Fingerprinting Tools
More details: Click here for more details, screenshots, related URLs & comments for this tool! (or to update its entry)



Tool name: Autopsy
Rating: 0.0 (0 votes)
Author: Brian Carrier                        
Website: http://www.sleuthkit.org/autopsy/
Current version: 2.23
Last updated: February 18, 2010
Direct D/L link: http://www.sleuthkit.org/autopsy/download.php
License type: GPLv2
Platform(s): Linux   Mac OS X   Unix (BSD/Solaris/etc)   
Description: The Autopsy Forensic Browser is a graphical interface to the command line digital investigation analysis tools in The Sleuth Kit. Together, they can analyze Windows and UNIX disks and file systems (NTFS, FAT, UFS1/2, Ext2/3).

The Sleuth Kit and Autopsy are both Open Source and run on UNIX platforms. As Autopsy is HTML-based, you can connect to the Autopsy server from any platform using an HTML browser. Autopsy provides a "File Manager"-like interface and shows details about deleted data and file system structures.
Also listed in: Forensic Tools
More details: Click here for more details, screenshots, related URLs & comments for this tool! (or to update its entry)



Tool name: BASE
Rating: 0.0 (0 votes)
Author: Sean Muller                        
Website: http://sourceforge.net/projects/secureideas
Current version: 1.4.0
Last updated: April 25, 2008
Direct D/L link: N/A
License type: Free / Open Source
Platform(s): Platform independent (Java, script etc)   
Description: BASE is a PHP-based analysis engine to search and process a database of security events generated by various IDSs, firewalls, and network monitoring tools. Its features include a query-builder and search interface for finding alerts matching different patterns, a packet viewer/decoder, and charts and statistics based on time, sensor, signature, protocol, IP address, etc. It is based on the code from the Analysis Console for Intrusion Databases (ACID) project.
Also listed in: Log Analysis Tools
More details: Click here for more details, screenshots, related URLs & comments for this tool! (or to update its entry)



Tool name: BackTrack
Rating: 0.0 (0 votes)
Author: Remote-Exploit Team                        
Website: http://www.backtrack-linux.org/
Current version: 4.0
Last updated: January 11, 2010
Direct D/L link: http://www.backtrack-linux.org/downloads/
License type: Free
Platform(s): Self-bootable CD   
Description: This excellent bootable live-CD Linux distribution comes from the merger of Whax and Auditor. It boasts a huge variety of Security and Forensics tools and provides a rich development environment. User modularity is emphasized so the distribution can be easily customized by the user to include personal scripts, additional tools, customized kernels, etc.
Also listed in: Forensics Live CDs, Penetration Testing Live CDs
More details: Click here for more details, screenshots, related URLs & comments for this tool! (or to update its entry)



Tool name: Big Brother
Rating: 0.0 (0 votes)
Author: Quest Software Inc.                        
Website: http://bb4.com
Current version: 4.0
Last updated: 2008
Direct D/L link: N/A
License type: Commercial
Platform(s): Linux   Windows   Mac OS X   Unix (BSD/Solaris/etc)   
Description: Big Brother is a Web-based system and network monitoring solution. It provides a highly scalable, customizable and easy to maintain system with a small footprint for monitoring the real-time availability of network devices, servers (Windows, Unix, Linux) and all network delivered services in any IT infrastructure. Big Brother displays your system and network status on a color-coded Web page that proactively notifies you of problems immediately via e-mail, pager, or text message. Big Brother is built for System & Network administrators tasked with managing the availability and performance of hundreds or thousands of servers and network devices on a limited budget. Big Brother enables you to monitor any server, any device, on any network within minutes.
Also listed in: Availability Monitoring Tools
More details: Click here for more details, screenshots, related URLs & comments for this tool! (or to update its entry)



Tool name: Brutus
Rating: 0.0 (0 votes)
Author: Hoobie                        
Website: http://www.hoobie.net/brutus
Current version: 2
Last updated:
Direct D/L link: Locally archived copy
License type: Free
Platform(s): Windows   
Description: A network brute-force authentication cracker. This Windows-only cracker bangs against network services of remote systems trying to guess passwords by using a dictionary and permutations thereof. It supports HTTP, POP3, FTP, SMB, TELNET, IMAP, NTP, and more. No source code is available. UNIX users should take a look at THC Hydra.
Also listed in: System Password Crackers
More details: Click here for more details, screenshots, related URLs & comments for this tool! (or to update its entry)



Tool name: Burp Suite
Rating: 0.0 (0 votes)
Author: PortSwigger                        
Website: http://portswigger.net/suite
Current version: 1.1
Last updated: December 9, 2007
Direct D/L link: N/A
License type: Free
Platform(s): Platform independent (Java, script etc)   
Description: An integrated platform for attacking web applications. Burp suite allows an attacker to combine manual and automated techniques to enumerate, analyze, attack and exploit web applications. The various burp tools work together effectively to share information and allow findings identified within one tool to form the basis of an attack using another.
Also listed in: Web Application Tools
More details: Click here for more details, screenshots, related URLs & comments for this tool! (or to update its entry)



Tool name: CANVAS
Rating: 0.0 (0 votes)
Author: Immunity, Inc.                        
Website: http://www.immunitysec.com/products-canvas.shtml
Current version: 6.55
Last updated: February 9, 2010
Direct D/L link: http://www.immunitysec.com/downloads.shtml
License type: Commercial
Platform(s): Platform independent (Java, script etc)   
Description: Canvas is a commercial vulnerability exploitation tool from Dave Aitel's ImmunitySec. It includes more than 350 exploits and is less expensive than Core Impact, though it still costs thousands of dollars. You can also buy the optional VisualSploit Plugin for drag and drop GUI exploit creation. Zero-day exploits can occasionally be found within Canvas.
Also listed in: Exploit Utilities & Frameworks
More details: Click here for more details, screenshots, related URLs & comments for this tool! (or to update its entry)



Tool name: Cheops-ng
Rating: 0.0 (0 votes)
Author: Brent Priddy                        
Website: http://cheops-ng.sourceforge.net
Current version: 0.2.3
Last updated: October 18, 2005
Direct D/L link: N/A
License type: Free / Open Source
Platform(s): Linux   Mac OS X   Unix (BSD/Solaris/etc)   
Description: Cheops Gives a simple interface to many network utilities, maps local or remote networks and identifies OS of machines. It provides the functionality of many network utilities through a comfortable, powerful GUI. It has host/network discovery functionality as well as OS detection of hosts. Cheops-ng has the ability to probe hosts to see what services they are running. On some services, cheops-ng is actually able to see what program is running for a service and the version number of that program. The original Cheops program is currently not being developed or maintained so users are advised to use cheops-ng.
Also listed in: Network Discovery & Mapping Tools
More details: Click here for more details, screenshots, related URLs & comments for this tool! (or to update its entry)



Tool name: chkrootkit
Rating: 0.0 (0 votes)
Author: Nelson Murilo & Klaus Steding-Jessen                        
Website: http://www.chkrootkit.org
Current version: 0.48
Last updated: December 17, 2007
Direct D/L link: N/A
License type: Free / Open Source
Platform(s): Linux   Mac OS X   Unix (BSD/Solaris/etc)   
Description: Chkrootkit is a flexible, portable tool that can check for many signs of rootkit intrusion locally on Unix-based systems. Its features include detecting binary modification, utmp/wtmp/lastlog modifications, promiscuous interfaces, and malicious kernel modules.
Also listed in: Rootkit Detection Tools
More details: Click here for more details, screenshots, related URLs & comments for this tool! (or to update its entry)



Tool name: Cold Boot Attack Tools
Rating: 0.0 (0 votes)
Author: J. Alex Halderman, Seth D. Schoen, Nadia Heninger, William Clarkson, William Paul, Joseph A. Calandrino, Ariel J. Feldman, Jacob Appelbaum, & Edward W. Felten                        
Website: http://citp.princeton.edu/memory
Current version: 1.0
Last updated: July 16, 2008
Direct D/L link: Locally archived copy
License type: Free / Open Source
Platform(s): Platform independent (Java, script etc)   
Description: Contrary to popular assumption, DRAMs used in most modern computers retain their contents for seconds to minutes after power is lost, even at operating temperatures and even if removed from a motherboard. Although DRAMs become less reliable when they are not refreshed, they are not immediately erased, and their contents persist sufficiently for malicious (or forensic) acquisition of usable full-system memory images. We show that this phenomenon limits the ability of an operating system to protect cryptographic key material from an attacker with physical access. We use cold reboots to mount attacks on popular disk encryption systems — BitLocker, FileVault, dm-crypt, and TrueCrypt — using no special devices or materials. We experimentally characterize the extent and predictability of memory remanence and report that remanence times can be increased dramatically with simple techniques. We offer new algorithms for finding cryptographic keys in memory images and for correcting errors caused by bit decay. Though we discuss several strategies for partially mitigating these risks, we know of no simple remedy that would eliminate them.

Download includes paper and all tools + source code.
Also listed in: Disk Encryption Password Crackers
More details: Click here for more details, screenshots, related URLs & comments for this tool! (or to update its entry)



Tool name: Core Impact
Rating: 0.0 (0 votes)
Author: Core Security Technologies                        
Website: http://www.coresecurity.com/?module=ContentMod&action=item&id=32
Current version: v10
Last updated: 2009
Direct D/L link: N/A
License type: Commercial
Platform(s): Windows   
Description: An automated, comprehensive penetration testing product. Core Impact isn't cheap (be prepared to spend tens of thousands of dollars), but it is widely considered to be the most powerful exploitation tool available. It sports a large, regularly updated database of professional exploits, and can do neat tricks like exploiting one machine and then establishing an encrypted tunnel through that machine to reach and exploit other boxes. If you can't afford Impact, take a look at the cheaper Canvas or the excellent and free Metasploit Framework. Your best bet is to use all three.
Also listed in: Exploit Utilities & Frameworks, Vulnerability Scanners
More details: Click here for more details, screenshots, related URLs & comments for this tool! (or to update its entry)



Tool name: Dsniff
Rating: 0.0 (0 votes)
Author: Dug Song                        
Website: http://www.monkey.org/~dugsong/dsniff
Current version: 2.3
Last updated: December 17, 2000
Direct D/L link: http://www.monkey.org/~dugsong/dsniff/dsniff-2.3.tar.gz
License type: Free
Platform(s): Linux   Windows   Mac OS X   Unix (BSD/Solaris/etc)   
Description: This popular and well-engineered suite by Dug Song includes many tools. dsniff, filesnarf, mailsnarf, msgsnarf, urlsnarf, and webspy passively monitor a network for interesting data (passwords, e-mail, files, etc.). arpspoof, dnsspoof, and macof facilitate the interception of network traffic normally unavailable to an attacker (e.g, due to layer-2 switching). sshmitm and webmitm implement active monkey-in-the-middle attacks against redirected ssh and https sessions by exploiting weak bindings in ad-hoc PKI. A separately maintained partial Windows port is available here. Overall, this is a great toolset. It handles pretty much all of your password sniffing needs.
Also listed in: ARP Spoofing Tools, DNS Spoofing Tools, Email Sniffers, HTTP Sniffers, Instant Messaging Sniffers, SSH Proxy & MitM Tools, Web Proxy & MitM Tools
More details: Click here for more details, screenshots, related URLs & comments for this tool! (or to update its entry)



Tool name: Elcomsoft Password Recovery Bundle
Rating: 0.0 (0 votes)
Author: Elcomsoft                        
Website: http://www.elcomsoft.com/eprb.html
Current version:
Last updated: 2008
Direct D/L link: N/A
License type: Commercial
Platform(s): Windows   
Description: A complete suite of well-known ElcomSoft password recovery tools. Very fast, and supports a vast amount of different types archives, documents, applications and even several types of Windows operating system passwords/keys (login passwords, EFS keys etc).
Also listed in: Application Password Crackers, Archive Password Crackers, Document Password Crackers, Windows Password Crackers
More details: Click here for more details, screenshots, related URLs & comments for this tool! (or to update its entry)



Tool name: EtherApe
Rating: 0.0 (0 votes)
Author: Juan Toledo                        
Website: http://etherape.sourceforge.net
Current version: 0.9.7
Last updated: September 30, 2006
Direct D/L link: N/A
License type: Free / Open Source
Platform(s): Linux   Mac OS X   Unix (BSD/Solaris/etc)   
Description: EtherApe is a graphical network monitor for Unix modeled after etherman. Featuring link layer, IP and TCP modes, EtherApe displays network activity graphically with a color coded protocols display. Hosts and links change in size with traffic. It supports Ethernet, FDDI, Token Ring, ISDN, PPP and SLIP devices. It can filter traffic to be shown, and can read traffic from a file as well as live from the network.
Also listed in: Network Traffic Profiling Tools
More details: Click here for more details, screenshots, related URLs & comments for this tool! (or to update its entry)



Tool name: Ettercap
Rating: 0.0 (0 votes)
Author: Alberto Ornaghi & Marco Valleri                        
Website: http://ettercap.sourceforge.net
Current version: 0.7.3
Last updated: May 29, 2005
Direct D/L link: N/A
License type: Free / Open Source
Platform(s): Linux   Windows   Mac OS X   Unix (BSD/Solaris/etc)   
Description: Ettercap is a terminal-based network sniffer/interceptor/logger for ethernet LANs. It supports active and passive dissection of many protocols (even ciphered ones, like ssh and https). Data injection in an established connection and filtering on the fly is also possible, keeping the connection synchronized. Many sniffing modes were implemented to give you a powerful and complete sniffing suite. Plugins are supported. It has the ability to check whether you are in a switched LAN or not, and to use OS fingerprints (active or passive) to let you know the geometry of the LAN.
Also listed in: Packet Sniffers
More details: Click here for more details, screenshots, related URLs & comments for this tool! (or to update its entry)



Tool name: Fiddler
Rating: 0.0 (0 votes)
Author:                         
Website: http://fiddler2.com/fiddler2
Current version: 2.2.9.6
Last updated: June 24, 2010
Direct D/L link: Locally archived copy
License type: Free
Platform(s): Windows   
Description: Fiddler is a Web Debugging Proxy which logs all HTTP(S) traffic between your computer and the Internet. Fiddler allows you to inspect all HTTP(S) traffic, set breakpoints, and "fiddle" with incoming or outgoing data. Fiddler includes a powerful event-based scripting subsystem, and can be extended using any .NET language.

Fiddler is freeware and can debug traffic from virtually any application, including Internet Explorer, Mozilla Firefox, Opera, and thousands more.
Also listed in: Network Monitoring Tools, SSL Proxy & MitM Tools, Web Proxy & MitM Tools
More details: Click here for more details, screenshots, related URLs & comments for this tool! (or to update its entry)



Tool name: FireCAT
Rating: 0.0 (0 votes)
Author: Nabil Ouchn                        
Website: http://www.firecat.fr
Current version: 1.4
Last updated: May 12, 2008
Direct D/L link: N/A
License type: Free
Platform(s): Platform independent (Java, script etc)   
Description: FireCAT (Firefox Catalog of Auditing exTension) is a mindmap collection of the most efficient and useful Firefox extensions oriented towards application security auditing and assessment.
Also listed in: Firefox Extensions
More details: Click here for more details, screenshots, related URLs & comments for this tool! (or to update its entry)



Tool name: Firewalk
Rating: 0.0 (0 votes)
Author: Mike D. Schiffman & David Goldsmith                        
Website: http://www.packetfactory.net/projects/firewalk/
Current version: 5.0
Last updated: January 27, 2003
Direct D/L link: http://www.packetfactory.net/firewalk/dist/firewalk.tar.gz
License type: Free / Open Source
Platform(s): Linux   Windows   Mac OS X   Unix (BSD/Solaris/etc)   
Description: Firewalk is an active reconnaissance network security tool that attempts to determine what layer 4 protocols a given IP forwarding device will pass. Firewalk works by sending out TCP or UDP packets with a TTL one greater than the targeted gateway. If the gateway allows the traffic, it will forward the packets to the next hop where they will expire and elicit an ICMP_TIME_EXCEEDED message. If the gateway hostdoes not allow the traffic, it will likely drop the packets on the floor and we will see no response.

To get the correct IP TTL that will result in expired packets one beyond the gateway we need to ramp up hop-counts. We do this in the same manner that traceroute works. Once we have the gateway hopcount (at that point the scan is said to be `bound`) we can begin our scan.

It is significant to note the fact that the ultimate destination host does not have to be reached. It just needs to be somewhere downstream, on the other side of the gateway, from the scanning host.
Also listed in: Network Discovery & Mapping Tools
More details: Click here for more details, screenshots, related URLs & comments for this tool! (or to update its entry)



Tool name: fping
Rating: 0.0 (0 votes)
Author: Thomas Dzubin                        
Website: http://www.fping.com
Current version: 2.4 (b2)
Last updated: January 16, 2002
Direct D/L link: N/A
License type: Free / Open Source
Platform(s): Linux   Mac OS X   Unix (BSD/Solaris/etc)   
Description: fping is a ping(1) like program which uses the Internet Control Message Protocol (ICMP) echo request to determine if a host is up. fping is different from ping in that you can specify any number of hosts on the command line, or specify a file containing the lists of hosts to ping. Instead of trying one host until it timeouts or replies, fping will send out a ping packet and move on to the next host in a round-robin fashion. If a host replies, it is noted and removed from the list of hosts to check. If a host does not respond within a certain time limit and/or retry limit it will be considered unreachable.
Also listed in: Network Discovery & Mapping Tools
More details: Click here for more details, screenshots, related URLs & comments for this tool! (or to update its entry)



Tool name: fragroute
Rating: 0.0 (0 votes)
Author: Dug Song                        
Website: http://www.monkey.org/~dugsong/fragroute/
Current version: 1.2
Last updated: 1999
Direct D/L link: Locally archived copy
License type: Free / Open Source
Platform(s): Linux   Windows   Unix (BSD/Solaris/etc)   
Description: fragroute intercepts, modifies, and rewrites egress traffic destined for a specified host, implementing most of the attacks described in the Secure Networks "Insertion, Evasion, and Denial of Service: Eluding Network Intrusion Detection" paper of January 1998.

It features a simple ruleset language to delay, duplicate, drop, fragment, overlap, print, reorder, segment, source-route, or otherwise monkey with all outbound packets destined for a target host, with minimal support for randomized or probabilistic behaviour.

This tool was written in good faith to aid in the testing of network intrusion detection systems, firewalls, and basic TCP/IP stack behaviour. Please do not abuse this software.
Also listed in: Network Attack & Manipulation Tools
More details: Click here for more details, screenshots, related URLs & comments for this tool! (or to update its entry)



Tool name: fragrouter
Rating: 0.0 (0 votes)
Author: Dug Song                        
Website: http://packetstormsecurity.nl/UNIX/IDS/nidsbench/nidsbench.html
Current version: 1.1
Last updated: 1999
Direct D/L link: Locally archived copy
License type: Free / Open Source
Platform(s): Linux   Windows   Unix (BSD/Solaris/etc)   
Description: Fragrouter is a program for routing network traffic in such a way as to elude most network intrusion detection systems.

The attacks implemented correspond to those listed in the Secure Networks "Insertion, Evasion, and Denial of Service: Eluding Network Intrusion Detection" paper of January, 1998.
Also listed in: Network Attack & Manipulation Tools
More details: Click here for more details, screenshots, related URLs & comments for this tool! (or to update its entry)



Tool name: fuzzdb
Rating: 0.0 (0 votes)
Author: Adam Muntner                        
Website: http://code.google.com/p/fuzzdb/
Current version: 1.08
Last updated: July 10, 2010
Direct D/L link: N/A
License type: New BSD and Creative Commons by Attribution
Platform(s): Platform independent (Java, script etc)   
Description: fuzzdb helps identify security flaws in applications by aggregating known attack patterns, predictable resource names, and server response messages to create a comprehensive, repeatable set of malformed input test cases.

What's in fuzzdb?
-----------------
Because of the popularity of a small number of server types, platforms, and package formats, resources such as logfiles and administrative directories are typically located in a small number of predictable locations. A comprehensive database of these, sorted by platform type, makes brute force fuzz testing a scalpel-like approach.
Categorized by platform, language, and attack type, enumeration and attack patterns have been collected into highly injectable fuzz payload lists. fuzzdb contains comprehensive lists of attack payloads known to cause issues like OS command injection, directory listings, directory traversals, source exposure, file upload bypass, authentication bypass, http header crlf injections, and more.
Since system responses also contain predictable strings, fuzzdb contains a set of regex pattern dictionaries such as interesting error messages to aid detection software security defects, lists of common Session ID cookie names, and more.
Helpful documentation and cheatsheets sourced from around the web that are relevant to the payload categories are also provided.
New patterns and payloads are added frequently.

Why was fuzzdb created?
-----------------------
The sets of payloads currently built in to open source fuzzing and scanning software is poorly representative of the total body of potential attack patterns. Commercial scanners are a bit better, but not much, and tend to lock these patterns away in obfuscated binaries. It's impossible for a human pentester to encounter and memorize all permutations of the meta characters and hex encoding likely to cause error conditions to arise. The volume of patterns collected in fuzzdb implies that much application security testing in the past has utilized incomplete sets of malformed input test cases.
Fuzzdb was created to aggregate all known attack payloads and common predictable resource names into usable fuzzer payload lists, categorized by function and platform, and make them freely available under an open source license. It is immediately usable by web application penetration testers and security researchers, and the license permits it's use in improving the test cases built into open source and commercial testing software.

How was the data collected?
---------------------------
* researching old web exploits for repeatable attack strings
* scraping scanner patterns from http logs
* various books, articles, blog posts, mailing list threads
* patterns gleaned from other open source fuzzers and pentest tools
* analysis of default app installs
* system and application documentation
* error messages
It's like an open source web application security scanner, without the scanner.

How to Use fuzzdb
-----------------
* The most immediate, hands-on way is to use they payload files for web security testing with Burp Proxy's intruder module. The regex/errors.txt file can be loaded to pattern match the server responses.
* Use the patterns to test web services.
* Use the patterns as malicious input payloads for testing non-HTTP network aware application with custom fuzzing tools.
* Use the patterns as malicious input payloads for testing GUI or command line software with standard test automation tools.
* Incorporate the patterns into Open Source software, or into your own commercial product.
* Use the patterns in training materials and documentation.
Also listed in: Fuzzing Tools
More details: Click here for more details, screenshots, related URLs & comments for this tool! (or to update its entry)



Tool name: GFI LANguard Network Security Scanner
Rating: 0.0 (0 votes)
Author: GFI Software                        
Website: http://www.gfi.com/lannetscan
Current version: 8.0
Last updated:
Direct D/L link: N/A
License type: Commercial (with trial)
Platform(s): Windows   
Description: GFI LANguard scans IP networks to detect what machines are running. Then it tries to discern the host OS and what applications are running. I also tries to collect Windows machine's service pack level, missing security patches, wireless access points, USB devices, open shares, open ports, services/applications active on the computer, key registry entries, weak passwords, users and groups, and more. Scan results are saved to an HTML report, which can be customized/queried. It also includes a patch manager which detects and installs missing patches.

A free trial version is available, though it only works for up to 30 days.
Also listed in: Network Discovery & Mapping Tools, OS Fingerprinting Tools
More details: Click here for more details, screenshots, related URLs & comments for this tool! (or to update its entry)



Tool name: Helix
Rating: 0.0 (0 votes)
Author: e-fense                        
Website: http://www.e-fense.com/helix
Current version: 1.9a
Last updated: July 13, 2007
Direct D/L link: N/A
License type: Free / Open Source
Platform(s): Self-bootable CD   
Description: A Linux Distribution with Computer Forensics in Mind. Helix is a customized distribution of the Knoppix Live Linux CD. Helix is more than just a bootable live CD. You can still boot into a customized Linux environment that includes customized Linux kernels, excellent hardware detection and many applications dedicated to Incident Response and Forensics. Helix has been designed very carefully to NOT touch the host computer in any way and it is forensically sound. Helix will not auto mount swap space, or auto mount any attached devices. Helix also has a special Windows autorun side for Incident Response and Forensics.
Also listed in: Forensics Live CDs
More details: Click here for more details, screenshots, related URLs & comments for this tool! (or to update its entry)



Tool name: Honeyd
Rating: 0.0 (0 votes)
Author: Niels Provos                        
Website: http://www.honeyd.org
Current version: 1.5c
Last updated: May 27, 2007
Direct D/L link: N/A
License type: Free / Open Source
Platform(s): Linux   Unix (BSD/Solaris/etc)   
Description: Honeyd is a small daemon that creates virtual hosts on a network. The hosts can be configured to run arbitrary services, and their TCP personality can be adapted so that they appear to be running certain versions of operating systems. Honeyd enables a single host to claim multiple addresses on a LAN for network simulation. It is possible to ping the virtual machines, or to traceroute them. Any type of service on the virtual machine can be simulated according to a simple configuration file. It is also possible to proxy services to another machine rather than simulating them. It has many library dependencies, which can make compiling/installing Honeyd difficult.
Also listed in: Honeypot Tools
More details: Click here for more details, screenshots, related URLs & comments for this tool! (or to update its entry)



Tool name: hping
Rating: 0.0 (0 votes)
Author: Salvatore Sanfilippo                        
Website: http://www.hping.org
Current version: 2.0.0 (RC3)
Last updated: 2005?
Direct D/L link: N/A
License type: Free
Platform(s): Linux   Windows   Mac OS X   Unix (BSD/Solaris/etc)   
Description: This handy little utility assembles and sends custom ICMP, UDP, or TCP packets and then displays any replies. It was inspired by the ping command, but offers far more control over the probes sent. It also has a handy traceroute mode and supports IP fragmentation. This tool is particularly useful when trying to traceroute/ping/probe hosts behind a firewall that blocks attempts using the standard utilities. This often allows you to map out firewall rulesets. It is also great for learning more about TCP/IP and experimenting with IP protocols.
Also listed in: Packet Crafting & Injection Tools
More details: Click here for more details, screenshots, related URLs & comments for this tool! (or to update its entry)



Tool name: Hyenae -
Rating: 0.0 (0 votes)
Author: Robin Richter                        
Website: http://sourceforge.net/projects/hyenae/
Current version: 0.34-1
Last updated: 14.9.09
Direct D/L link: http://sourceforge.net/projects/hyenae/files/0.34-1/hyenae-0.34-1.tar.gz/download
License type: GPL3
Platform(s): Linux   Windows   Mac OS X   Unix (BSD/Solaris/etc)   
Description: Hyenae is a highly flexible and platform independent network packet generator.
It allows you to reproduce low level ethernet attack scenarios (such as MITM,
DoS and DDoS) to reveal potential security vulnerabilities of your network.
Besides smart wildcard-based address randomization, a highly customizable
packet generation control and an interactive attack assistant, Hyenae comes
with a clusterable remote daemon for setting up distributed attack networks.

Hyenae was developed with ease-of-use in mind while still remaining flexible
and configurable. To realize this aim, Hyenae uses address patterns, which
will minimize the number of arguments you have to provide because all
necessary parameters, such as the way you want to randomize your addresses or
the IP address version to use, can be derived from the pattern format you
provided. See section 5, "Address Patterns", for more detailed information.

(from the README)
Also listed in: ARP Spoofing Tools, Network Attack & Manipulation Tools, Packet Crafting & Injection Tools
More details: Click here for more details, screenshots, related URLs & comments for this tool! (or to update its entry)



Tool name: I2P
Rating: 0.0 (0 votes)
Author: jrandom                        
Website: http://www.i2p2.de
Current version: 0.6.2
Last updated: June 7, 2008
Direct D/L link: N/A
License type: Free / Open Source
Platform(s): Platform independent (Java, script etc)   
Description: I2P is an anonymizing network, offering a simple layer that identity-sensitive applications can use to securely communicate. All data is wrapped with several layers of encryption, and the network is both distributed and dynamic, with no trusted parties.

Many applications are available that interface with I2P, including mail, peer-peer file sharing, IRC chat, and others.
Also listed in: Anonymization Tools
More details: Click here for more details, screenshots, related URLs & comments for this tool! (or to update its entry)



Tool name: IOCTL-Proxy
Rating: 0.0 (0 votes)
Author: _g_                        
Website: http://www.orange-bat.com
Current version:
Last updated: December 21, 2008
Direct D/L link: Locally archived copy
License type:
Platform(s): Windows   
Description: POC IOCTL fuzzer. Very simple, but effective.
Also listed in: Fuzzing Tools
More details: Click here for more details, screenshots, related URLs & comments for this tool! (or to update its entry)



Tool name: John the Ripper
Rating: 0.0 (0 votes)
Author: Solar Designer                        
Website: http://www.openwall.com/john
Current version: 1.7.2
Last updated:
Direct D/L link: N/A
License type: Free
Platform(s): Linux   Windows   Mac OS X   Unix (BSD/Solaris/etc)   
Description: John the Ripper is a powerful, flexible, and fast multi-platform password hash cracker, currently available for many flavors of Unix (11 are officially supported, not counting different architectures), DOS, Win32, BeOS, and OpenVMS. Its primary purpose is to detect weak Unix passwords. It supports several crypt(3) password hash types which are most commonly found on various Unix flavors, as well as Kerberos AFS and Windows NT/2000/XP LM hashes. Several other hash types are added with contributed patches. You will want to start with some wordlists.

Besides several crypt(3) password hash types most commonly found on various Unix flavors, supported out of the box are Kerberos AFS and Windows NT/2000/XP/2003 LM hashes, plus several more with contributed patches.
Also listed in: Unix Password Crackers, Windows Password Crackers
More details: Click here for more details, screenshots, related URLs & comments for this tool! (or to update its entry)



Tool name: Knoppix
Rating: 0.0 (0 votes)
Author:                         
Website: http://www.knoppix.org
Current version: 5.3.1
Last updated: 2008
Direct D/L link: N/A
License type: Free / Open Source
Platform(s): Self-bootable CD   
Description: A general-purpose bootable live system on CD or DVD. Knoppix consists of a representative collection of GNU/Linux software, automatic hardware detection, and support for many graphics cards, sound cards, SCSI and USB devices and other peripherals. KNOPPIX can be used as a productive Linux system for the desktop, educational CD, rescue system, or as many nmap survey takers attest, a portable security tool.
Also listed in: Live CDs
More details: Click here for more details, screenshots, related URLs & comments for this tool! (or to update its entry)



Tool name: L0phtcrack
Rating: 0.0 (0 votes)
Author: Mudge (L0pht Heavy Industries) / Symantec                        
Website: http://www.l0phtcrack.com/
Current version: 6.0.6
Last updated: July 10, 2009
Direct D/L link: http://www.l0phtcrack.com/lc6setup_v6.0.6.exe
License type: Commercial (abandonware)
Platform(s): Windows   
Description: L0phtCrack, also known as LC5, attempts to crack Windows passwords from hashes which it can obtain (given proper access) from stand-alone Windows NT/2000 workstations, networked servers, primary domain controllers, or Active Directory. In some cases it can sniff the hashes off the wire. It also has numerous methods of generating password guesses (dictionary, brute force, etc). LC5 was discontinued by Symantec in 2006, but you can still find the LC5 installer floating around. The free trial only lasts 15 days, and Symantec won't sell you a key, so you'll either have to cease using it or find a key generator. Since it is no longer maintained, you are probably better off trying Cain and Abel, John the Ripper, or Ophcrack instead.
Also listed in: Windows Password Crackers
More details: Click here for more details, screenshots, related URLs & comments for this tool! (or to update its entry)



Tool name: MeMMoN
Rating: 0.0 (0 votes)
Author: palaniyappan                        
Website: http://code.google.com/p/vejovis/
Current version: 1.0.0.1
Last updated: August 9, 2011
Direct D/L link: Locally archived copy
License type:
Platform(s): Windows   
Description: MeMMoN is a user mode memory scanning tool . It scans the memory of all the processes in the system.

It enables users to add custom signatures to the dat file.
Also listed in: Malware Detection Tools
More details: Click here for more details, screenshots, related URLs & comments for this tool! (or to update its entry)



Tool name: Memoryze
Rating: 0.0 (0 votes)
Author: Mandiant                        
Website: http://www.mandiant.com/software/memoryze.htm
Current version:
Last updated:
Direct D/L link: http://fred.mandiant.com/MemoryzeSetup.msi
License type: Free
Platform(s): Windows   
Description: Memoryze is free memory forensic software that helps incident responders find evil in live memory. Memoryze can acquire and/or analyze memory images, and on live systems can include the paging file in its analysis.

Memoryze can:

* image the full range of system memory (not reliant on API calls).
* image a process’ entire address space to disk. This includes a process’ loaded DLLs, EXEs, heaps, and stacks.
* image a specified driver or all drivers loaded in memory to disk.
* enumerate all running processes (including those hidden by rootkits). For each process, Memoryze can:
o report all open handles in a process (for example, all files, registry keys, etc.).
o list the virtual address space of a given process including:
+ displaying all loaded DLLs.
+ displaying all allocated portions of the heap and execution stack.
o list all network sockets that the process has open, including any hidden by rootkits.
o output all strings in memory on a per process basis.
* identify all drivers loaded in memory, including those hidden by rootkits.
* report device and driver layering, which can be used to intercept network packets, keystrokes and file activity.
* identify all loaded kernel modules by walking a linked list.
* identify hooks (often used by rootkits) in the System Call Table, the Interrupt Descriptor Tables (IDTs), and driver function tables (IRP tables).

Memoryze can perform all these functions on live system memory or memory image files – whether they were acquired by Memoryze or other memory acquisition tools.
Also listed in: Forensic Tools
More details: Click here for more details, screenshots, related URLs & comments for this tool! (or to update its entry)



Tool name: msfgui (Metasploit Framework GUI)
Rating: 0.0 (0 votes)
Author: ScriptJunkie                        
Website: http://pauldotcom.com/2010/07/metasploit-new-gui.html
Current version:
Last updated: July 14, 2010
Direct D/L link: N/A
License type: Free / Open Source
Platform(s): Platform independent (Java, script etc)   
Description: Nice GUI for Metasploit.
Also listed in: Exploit Utilities & Frameworks
More details: Click here for more details, screenshots, related URLs & comments for this tool! (or to update its entry)



Tool name: NBTScan
Rating: 0.0 (0 votes)
Author:                         
Website: http://www.inetcat.net/software/nbtscan.html
Current version: 1.5.1
Last updated: June 2003
Direct D/L link: N/A
License type: Free / Open Source
Platform(s): Linux   Windows   Mac OS X   Unix (BSD/Solaris/etc)   
Description: NBTscan is a program for scanning IP networks for NetBIOS name information. It sends a NetBIOS status query to each address in supplied range and lists received information in human readable form. For each responded host it lists IP address, NetBIOS computer name, logged-in user name and MAC address.
Also listed in: Network Discovery & Mapping Tools
More details: Click here for more details, screenshots, related URLs & comments for this tool! (or to update its entry)



Tool name: Nagios
Rating: 0.0 (0 votes)
Author: Nagios Enterprises, LLC                        
Website: http://www.nagios.org
Current version: 3.0.2
Last updated: May 19, 2008
Direct D/L link: N/A
License type: Free / Open Source
Platform(s): Linux   Unix (BSD/Solaris/etc)   
Description: Nagios is a host and service monitor designed to inform you of network problems before your clients, end-users or managers do. It has been designed to run under the Linux operating system, but works fine under most *NIX variants as well. The monitoring daemon runs intermittent checks on hosts and services you specify using external "plugins" which return status information to Nagios. When problems are encountered, the daemon can send notifications out to administrative contacts in a variety of different ways (email, instant message, SMS, etc.). Current status information, historical logs, and reports can all be accessed via a web browser.
Also listed in: Availability Monitoring Tools
More details: Click here for more details, screenshots, related URLs & comments for this tool! (or to update its entry)



Tool name: Nemesis
Rating: 0.0 (0 votes)
Author: Mark Grimes                        
Website: http://www.packetfactory.net/projects/nemesis
Current version: 1.4 (beta 3)
Last updated: June 29, 2003
Direct D/L link: N/A
License type: Free / Open Source
Platform(s): Linux   Windows   Mac OS X   Unix (BSD/Solaris/etc)   
Description: The Nemesis Project is designed to be a commandline-based, portable human IP stack for UNIX/Linux (and now Windows!). The suite is broken down by protocol, and should allow for useful scripting of injected packet streams from simple shell scripts. If you enjoy Nemesis, you might also want to look at Hping as they complement each other well.
Also listed in: Packet Crafting & Injection Tools
More details: Click here for more details, screenshots, related URLs & comments for this tool! (or to update its entry)



Tool name: Nepenthes
Rating: 0.0 (0 votes)
Author:                         
Website: http://nepenthes.mwcollect.org
Current version: 0.2.2
Last updated: February 14, 2008
Direct D/L link: http://sourceforge.net/project/showfiles.php?group_id=137598
License type: Free / Open Source
Platform(s): Linux   Windows   Mac OS X   Unix (BSD/Solaris/etc)   
Description: By emulating widespread vulnerabilities the honeypot Nepenthes is able to catch and store viruses worms using these vulnerabilities. The api interface to add new vulnerability modules is easy to use, so there is no problem in writing new ones.
Also listed in: Honeypot Tools
More details: Click here for more details, screenshots, related URLs & comments for this tool! (or to update its entry)



Tool name: NetWitness Investigator
Rating: 0.0 (0 votes)
Author: NetWitness                        
Website: http://www.netwitness.com
Current version: 8.6.4.9
Last updated: November 17, 2008
Direct D/L link: http://download.netwitness.com/download.php?src=DIRECT
License type: Free
Platform(s): Windows   
Description: Good sniffer and analyzer tool, now released as freeware!

Product Features:

* Captures raw packets live from most wired or wireless interfaces
* Imports packets from any open-source, home-grown and commercial packet capture system (e.g. .pcap file import)
* License supports 25 simultaneous 1GB captures - far exceeding data manipulation capabilities of packet tools like Wireshark
* Real-time, patented layer 7 analytics
– Effectively analyze data starting from application layer entities like users, email, address, files , and actions.
– Infinite, free-form analysis paths
– Content starting points
– Patented port agnostic service identification
* Extensive network and application layer filtering (e.g. MAC, IP, User, Keywords, Etc.)
* IPv6 support
* Full content search, with Regex support
* Exports data in .pcap format
* Bookmarking & history tracking
* Integrated GeoIP for resolving IP addresses to city/county, supporting Google® Earth visualization
* NEW! SSL Decryption (with server certificate)
* NEW! Interactive time charts, and summary view
* NEW! Interactive packet view and decode
* NEW! Hash PCAP on Export
* NEW! Enhanced content views
Also listed in: Network Monitoring Tools
More details: Click here for more details, screenshots, related URLs & comments for this tool! (or to update its entry)



Tool name: Netcat
Rating: 0.0 (0 votes)
Author:                         
Website: http://www.vulnwatch.org/netcat
Current version:
Last updated:
Direct D/L link: N/A
License type: Free
Platform(s): Linux   Windows   Mac OS X   Unix (BSD/Solaris/etc)   
Description: This simple utility reads and writes data across TCP or UDP network connections. It is designed to be a reliable back-end tool that can be used directly or easily driven by other programs and scripts. At the same time, it is a feature-rich network debugging and exploration tool, since it can create almost any kind of connection you would need, including port binding to accept incoming connections. The original Netcat was released by Hobbit in 1995, but it hasn't been maintained despite its immense popularity. It can sometimes even be hard to find nc110.tgz. The flexibility and usefulness of this tool have prompted people to write numerous other Netcat implementations - often with modern features not found in the original. One of the most interesting is Socat, which extends Netcat to support many other socket types, SSL encryption, SOCKS proxies, and more. It even made this list on its own merits. There is also Chris Gibson's Ncat, which offers even more features while remaining portable and compact. Other takes on Netcat include OpenBSD's nc, Cryptcat, Netcat6, PNetcat, SBD, and so-called GNU Netcat.
Also listed in: Network Attack & Manipulation Tools
More details: Click here for more details, screenshots, related URLs & comments for this tool! (or to update its entry)



Tool name: ngrep
Rating: 0.0 (0 votes)
Author: Jordan Ritter                        
Website: http://www.packetfactory.net/projects/ngrep/
Current version: 1.43
Last updated: February 23, 2005
Direct D/L link: N/A
License type: Free / Open Source
Platform(s): Linux   Windows   Mac OS X   Unix (BSD/Solaris/etc)   
Description: ngrep strives to provide most of GNU grep's common features, applying them to the network layer. ngrep is a pcap-aware tool that will allow you to specify extended regular or hexadecimal expressions to match against data payloads of packets. It currently recognizes TCP, UDP, ICMP, IGMP and Raw protocols across Ethernet, PPP, SLIP, FDDI, Token Ring, 802.11 and null interfaces, and understands bpf filter logic in the same fashion as more common packet sniffing tools, such as tcpdump and snoop.
Also listed in: Packet Sniffers
More details: Click here for more details, screenshots, related URLs & comments for this tool! (or to update its entry)



Tool name: ntop
Rating: 0.0 (0 votes)
Author:                         
Website: http://www.ntop.org
Current version: 3.3
Last updated: June 9, 2007
Direct D/L link: N/A
License type: Free / Open Source
Platform(s): Linux   Windows   Mac OS X   Unix (BSD/Solaris/etc)   
Description: Ntop shows network usage in a way similar to what top does for processes. In interactive mode, it displays the network status on the user's terminal. In Web mode, it acts as a Web server, creating an HTML dump of the network status. It sports a NetFlow/sFlow emitter/collector, an HTTP-based client interface for creating ntop-centric monitoring applications, and RRD for persistently storing traffic statistics.
Also listed in: Network Traffic Profiling Tools
More details: Click here for more details, screenshots, related URLs & comments for this tool! (or to update its entry)



Tool name: OSSEC
Rating: 0.0 (0 votes)
Author: Daniel Cid / Third Brigade, Inc.                        
Website: http://www.ossec.net
Current version: 2.1.1
Last updated: July 2, 2009
Direct D/L link: http://www.ossec.net/files/
License type: Free / Open Source
Platform(s): Linux   Windows   Mac OS X   Unix (BSD/Solaris/etc)   
Description: OSSEC is an Open Source Host-based Intrusion Detection System. It performs log analysis, integrity checking, Windows registry monitoring, rootkit detection, real-time alerting and active response.

In addition to its IDS functionality, it is commonly used as a SEM/SIM solution. Because of its powerful log analysis engine, ISPs, universities and data centers are running OSSEC HIDS to monitor and analyze their firewalls, IDSs, web servers and authentication logs.

New in version 2.0:

This new version is the first one with support for agentless monitoring and include many others new features and bug fixes:

* Compiled Rules - Per popular demand, we are introducing the capability in the product to be able to use pre-compiled rules written in “C”. Customers who felt that the XML format for writing rules was very limiting, can now use the strong programming capabilities of C.
* Agentless Monitoring - Lot of enterprises are faced with the requirement to monitor devices where there are restrictions on Agents to be installed either because of scalability requirements or due to the lack of the native operating system support. In version 2.0, Ossec customers can perform integrity checking and real time logs inspection on remote systems (such as Linux based devices, firewall devices such as PIX and routers etc).
* New Language Support - We added support for the Dutch language in the install
* New Log Rules Support - We added support for Yum logs and fixed/improved many of the other rules for different messages.
* New reporting tool - We added a new tool to create and help generate reports
Also listed in: HIDS Tools
More details: Click here for more details, screenshots, related URLs & comments for this tool! (or to update its entry)



Tool name: OWASP: JbroFuzz
Rating: 0.0 (0 votes)
Author: OWASP Community                        
Website: http://www.owasp.org
Current version: 1.9
Last updated: January 2010
Direct D/L link: http://sourceforge.net/project/platformdownload.php?group_id=180679
License type: GPL
Platform(s): Platform independent (Java, script etc)   
Description: The OWASP JBroFuzz Project is a web application fuzzer for requests being made over HTTP and/or HTTPS. Its purpose is to provide a single, portable application that offers stable web protocol fuzzing capabilities.
Also listed in: Fuzzing Tools, Web Vulnerability Scanners
More details: Click here for more details, screenshots, related URLs & comments for this tool! (or to update its entry)



Tool name: pwdump
Rating: 0.0 (0 votes)
Author: fizzgig                        
Website: http://www.foofus.net/fizzgig/pwdump
Current version: 6.1.7.1
Last updated: April 25, 2008
Direct D/L link: N/A
License type: Free / Open Source
Platform(s): Windows   
Description: Pwdump is able to extract NTLM and LanMan hashes from a Windows target, regardless of whether Syskey is enabled. It is also capable of displaying password histories if they are available. It outputs the data in L0phtcrack-compatible form, and can write to an output file.
Also listed in: Windows Password Crackers
More details: Click here for more details, screenshots, related URLs & comments for this tool! (or to update its entry)



Tool name: RainbowCrack
Rating: 0.0 (0 votes)
Author: shuanglei                        
Website: http://project-rainbowcrack.com/
Current version: 1.3
Last updated: February 12, 2009
Direct D/L link: http://project-rainbowcrack.com/rainbowcrack-1.3-win.zip
License type: Free / Open Source
Platform(s): Linux   Windows   Mac OS X   Unix (BSD/Solaris/etc)   
Description: RainbowCrack is a general propose implementation of Philippe Oechslin's faster time-memory trade-off technique.
In short, the RainbowCrack tool is a hash cracker. A traditional brute force cracker try all possible plaintexts one by one in cracking time. It is time consuming to break complex password in this way. The idea of time-memory trade-off is to do all cracking time computation in advance and store the result in files so called "rainbow table". It does take a long time to precompute the tables. But once the one time precomputation is finished, a time-memory trade-off cracker can be hundreds of times faster than a brute force cracker, with the help of precomputed tables.
Also listed in: Password Cracking Tools
More details: Click here for more details, screenshots, related URLs & comments for this tool! (or to update its entry)



Tool name: Rootkit Hunter
Rating: 0.0 (0 votes)
Author: Michael Boelen                        
Website: http://www.rootkit.nl/projects/rootkit_hunter.html
Current version: 1.3.2
Last updated: February 27, 2008
Direct D/L link: N/A
License type: Free / Open Source
Platform(s): Linux   Unix (BSD/Solaris/etc)   
Description: Rootkit Hunter is scanning tool that checks for signs of various pieces of nasty software on your system like rootkits, backdoors and local exploits. It runs many tests, including MD5 hash comparisons, default filenames used by rootkits, wrong file permissions for binaries, and suspicious strings in LKM and KLD modules.
Also listed in: Rootkit Detection Tools
More details: Click here for more details, screenshots, related URLs & comments for this tool! (or to update its entry)



Tool name: SPIKE
Rating: 0.0 (0 votes)
Author: Immunity, Inc.                        
Website: http://www.immunitysec.com/resources-freesoftware.shtml
Current version: 2.9
Last updated:
Direct D/L link: N/A
License type: Free / Open Source
Platform(s): Linux   
Description: When you need to analyze a new network protocol for buffer overflows or similar weaknesses, the SPIKE is the tool of choice for professionals. While it requires a strong knowledge of C to use, it produces results second to none in the field.
Also listed in: Fuzzing Tools
More details: Click here for more details, screenshots, related URLs & comments for this tool! (or to update its entry)



Tool name: SecurityForest Exploitation Framework
Rating: 0.0 (0 votes)
Author:                         
Website: http://www.securityforest.com/wiki/index.php/Main_Page
Current version: 0.2 beta
Last updated:
Direct D/L link: http://www.securityforest.com/wiki/index.php/Exploitation_Framework_Download
License type:
Platform(s): Windows   
Description: SecurityForest's Exploitation Framework is similar in concept to the open-source Metasploit Framework (http://www.metasploit.com) and the commercial offerings such as Immunity's CANVAS (http://www.immunitysec.com) and Core Security Technology's Impact (http://www.corest.com).

The major difference between the above mentioned frameworks and the SecurityForest Exploitation Framework is that it leverages the massive amount of exploits available in the ExploitTree. These exploits are publically available and do not have to be re-written to be used in the framework (no matter what language and sometimes no matter what OS).
It basically acts as a Graphical User Interface to the ExploitTree which is dynamically updated at the same time as the ExploitTree.

The above mentioned frameworks are great and the Exploitataion Framework doesn't even compare to them on a technical level, it just fills the gap.

The Exploitation Framework is provided for legal penetration testing and research purposes only.
Also listed in: Exploit Utilities & Frameworks
More details: Click here for more details, screenshots, related URLs & comments for this tool! (or to update its entry)



Tool name: Sguil
Rating: 0.0 (0 votes)
Author: Bamm Visscher                        
Website: http://sguil.sourceforge.net
Current version: 0.7.0
Last updated: March 26, 2008
Direct D/L link: N/A
License type: Free / Open Source
Platform(s): Platform independent (Java, script etc)   
Description: Sguil (pronounced sgweel) is built by network security analysts for network security analysts. Sguil's main component is an intuitive GUI that provides realtime events from Snort/barnyard. It also includes other components which facilitate the practice of Network Security Monitoring and event driven analysis of IDS alerts.
Also listed in: Log Analysis Tools
More details: Click here for more details, screenshots, related URLs & comments for this tool! (or to update its entry)



Tool name: Snort
Rating: 0.0 (0 votes)
Author: Sourcefire, Inc.                        
Website: http://www.snort.org
Current version: 2.8.4.1
Last updated: April 24, 2009
Direct D/L link: http://www.snort.org/downloads
License type: Free
Platform(s): Linux   Windows   Mac OS X   Unix (BSD/Solaris/etc)   
Description: This lightweight network intrusion detection and prevention system excels at traffic analysis and packet logging on IP networks. Through protocol analysis, content searching, and various pre-processors, Snort detects thousands of worms, vulnerability exploit attempts, port scans, and other suspicious behavior. Snort uses a flexible rule-based language to describe traffic that it should collect or pass, and a modular detection engine. Also check out the free Basic Analysis and Security Engine (BASE), a web interface for analyzing Snort alerts.

Open source Snort works fine for many individuals, small businesses, and departments. Parent company SourceFire offers a complimentary product line with more enterprise-level features and real-time rule updates. They offer a free (with registration) 5-day-delayed rules feed, and you can also find many great free rules at Bleeding Edge Snort.
Also listed in: NIDS Tools
More details: Click here for more details, screenshots, related URLs & comments for this tool! (or to update its entry)



Tool name: socat
Rating: 5.0 (1 vote)
Author:                         
Website: http://www.dest-unreach.org/socat/
Current version: 2.0.0 (beta 1)
Last updated: April 20, 2008
Direct D/L link: N/A
License type: Free / Open Source
Platform(s): Linux   Mac OS X   Unix (BSD/Solaris/etc)   
Description: A utility similar to the venerable Netcat that works over a number of protocols and through a files, pipes, devices (terminal or modem, etc.), sockets (Unix, IP4, IP6 - raw, UDP, TCP), a client for SOCKS4, proxy CONNECT, or SSL, etc. It provides forking, logging, and dumping, different modes for interprocess communication, and many more options. It can be used, for example, as a TCP relay (one-shot or daemon), as a daemon-based socksifier, as a shell interface to Unix sockets, as an IP6 relay, for redirecting TCP-oriented programs to a serial line, or to establish a relatively secure environment (su and chroot) for running client or server shell scripts with network connections.
Also listed in: Network Attack & Manipulation Tools
More details: Click here for more details, screenshots, related URLs & comments for this tool! (or to update its entry)



Tool name: SolarWinds
Rating: 0.0 (0 votes)
Author: SolarWinds, Inc.                        
Website: http://www.solarwinds.com/products
Current version:
Last updated:
Direct D/L link: N/A
License type: Commercial
Platform(s): Windows   
Description: A plethora of network discovery/monitoring/attack tools. SolarWinds has created and sells dozens of special-purpose tools targeted at systems administrators. Security-related tools include many network discovery scanners, an SNMP brute-force cracker, router password decryption, a TCP connection reset program, one of the fastest and easiest router config download/upload applications available and more.
Also listed in: Network Discovery & Mapping Tools
More details: Click here for more details, screenshots, related URLs & comments for this tool! (or to update its entry)



Tool name: Splunk
Rating: 0.0 (0 votes)
Author: Nagios Enterprises, LLC                        
Website: http://www.nagios.org/products/enterprisesolutions/splunk
Current version: 3.2.4
Last updated: April 2008
Direct D/L link: N/A
License type: Commercial
Platform(s): Linux   Windows   Mac OS X   Unix (BSD/Solaris/etc)   
Description: Splunk is search software that indexes any fast moving IT data as it happens, making it possible to actually see inside the data center at runtime. From your Web browser, you can navigate logs, configuration files, message queues, JMX notifications, SNMP and database transactions from any system, application or device. System administrators, developers and support staff everywhere can now diagnose and resolve problems faster resulting in shorter mean time to repair (MTTR), better service availability and reduced cost of incident response.

Splunk is the perfect complement to Nagios. Nagios monitors your network for problems and Splunk helps you get to the root cause.
Also listed in: Log Analysis Tools
More details: Click here for more details, screenshots, related URLs & comments for this tool! (or to update its entry)



Tool name: SuperScan
Rating: 0.0 (0 votes)
Author: Foundstone                        
Website: http://www.foundstone.com/us/resources/proddesc/superscan4.htm
Current version: 4.0
Last updated: 2003
Direct D/L link: N/A
License type: Free
Platform(s): Windows   
Description: SuperScan is a free Windows-only closed-source TCP/UDP port scanner by Foundstone. It includes a variety of additional networking tools such as ping, traceroute, http head, and whois.
Also listed in: Port Scanners
More details: Click here for more details, screenshots, related URLs & comments for this tool! (or to update its entry)



Tool name: THC-Hydra
Rating: 0.0 (0 votes)
Author: THC                        
Website: http://freeworld.thc.org/thc-hydra
Current version: 5.4
Last updated: May 5, 2006
Direct D/L link: http://freeworld.thc.org/releases/hydra-5.4-src.tar.gz
License type: Free / Open Source
Platform(s): Linux   Windows   Mac OS X   Unix (BSD/Solaris/etc)   
Description: Number one of the biggest security holes are passwords, as every password security study shows.

Hydra is a parallized login cracker which supports numerous protocols to attack. New modules are easy to add, beside that, it is flexible and very fast.

Currently this tool supports:
TELNET, FTP, HTTP, HTTPS, HTTP-PROXY, SMB, SMBNT, MS-SQL, MYSQL, REXEC, RSH, RLOGIN, CVS, SNMP, SMTP-AUTH, SOCKS5, VNC, POP3, IMAP, NNTP, PCNFS, ICQ, SAP/R3, LDAP2, LDAP3, Postgres, Teamspeak, Cisco auth, Cisco enable, LDAP2, Cisco AAA (incorporated in telnet module).

This tool is a proof of concept code, to give researchers and security consultants the possiblity to show how easy it would be to gain unauthorized access from remote to a system.
Also listed in: System Password Crackers
More details: Click here for more details, screenshots, related URLs & comments for this tool! (or to update its entry)



Tool name: Tcpdump
Rating: 0.0 (0 votes)
Author: Van Jacobson, Craig Leres & Steven McCanne                        
Website: http://www.tcpdump.org
Current version: 3.9.8
Last updated: September 25, 2007
Direct D/L link: N/A
License type: Free
Platform(s): Linux   Windows   Mac OS X   Unix (BSD/Solaris/etc)   
Description: Tcpdump is the IP sniffer we all used before Ethereal (Wireshark) came on the scene, and many of us continue to use it frequently. It may not have the bells and whistles (such as a pretty GUI or parsing logic for hundreds of application protocols) that Wireshark has, but it does the job well and with fewer security holes. It also requires fewer system resources. While it doesn't receive new features often, it is actively maintained to fix bugs and portability problems. It is great for tracking down network problems or monitoring activity. There is a separate Windows port named WinDump. TCPDump is the source of the Libpcap/WinPcap packet capture library, which is used by Nmap among many other tools.
Also listed in: Packet Sniffers
More details: Click here for more details, screenshots, related URLs & comments for this tool! (or to update its entry)



Tool name: tcptraceroute
Rating: 0.0 (0 votes)
Author: Michael C. Toren                        
Website: http://michael.toren.net/code/tcptraceroute
Current version: 1.5 (beta 7)
Last updated: March 28, 2006
Direct D/L link: N/A
License type: Free / Open Source
Platform(s): Linux   Mac OS X   Unix (BSD/Solaris/etc)   
Description: A traceroute implementation using TCP packets. The problem is that with the widespread use of firewalls on the modern Internet, many of the packets that the conventional traceroute(8) sends out (ICMP echo or UDP) end up being filtered, making it impossible to completely trace the path to the destination. However, in many cases, these firewalls will permit inbound TCP packets to specific ports that hosts sitting behind the firewall are listening for connections on. By sending out TCP SYN packets instead of UDP or ICMP ECHO packets, tcptraceroute is able to bypass the most common firewall filters.
Also listed in: Network Discovery & Mapping Tools
More details: Click here for more details, screenshots, related URLs & comments for this tool! (or to update its entry)



Tool name: The Coroner's Toolkit
Rating: 0.0 (0 votes)
Author: Dan Farmer, Wietse Venema                        
Website: http://www.porcupine.org/forensics/tct.html
Current version: 1.19
Last updated: August 29, 2009
Direct D/L link: http://www.porcupine.org/forensics/tct-1.19.tar.gz
License type: free
Platform(s): Linux   Mac OS X   Unix (BSD/Solaris/etc)   
Description: TCT is a collection of programs by Dan Farmer and Wietse Venema for a post-mortem analysis of a UNIX system after break-in.
Also listed in: Forensic Tools
More details: Click here for more details, screenshots, related URLs & comments for this tool! (or to update its entry)



Tool name: Tor
Rating: 0.0 (0 votes)
Author: EFF                        
Website: http://www.torproject.org
Current version: 0.2.0.35
Last updated: June 25, 2009
Direct D/L link: hhttp://www.torproject.org/dist/win32/tor-0.2.0.35-win32.exe
License type: Free
Platform(s): Linux   Windows   Mac OS X   Unix (BSD/Solaris/etc)   
Description: Tor is a toolset for a wide range of organizations and people that want to improve their safety and security on the Internet. Using Tor can help you anonymize web browsing and publishing, instant messaging, irc, ssh, and other applications that use the TCP protocol. Tor also provides a platform on which software developers can build new applications with built-in anonymity, safety, and privacy features.
Also listed in: Anonymization Tools
More details: Click here for more details, screenshots, related URLs & comments for this tool! (or to update its entry)



Tool name: Unicornscan
Rating: 0.0 (0 votes)
Author: Robert Lee                        
Website: http://www.unicornscan.org
Current version: 0.4.7-2
Last updated: December 20, 2007
Direct D/L link: N/A
License type: Free / Open Source
Platform(s): Linux   Unix (BSD/Solaris/etc)   
Description: Unicornscan is an attempt at a User-land Distributed TCP/IP stack for information gathering and correlation. It is intended to provide a researcher a superior interface for introducing a stimulus into and measuring a response from a TCP/IP enabled device or network. Some of its features include asynchronous stateless TCP scanning with all variations of TCP flags, asynchronous stateless TCP banner grabbing, and active/passive remote OS, application, and component identification by analyzing responses. It isn't for the faint of heart.
Also listed in: Port Scanners
More details: Click here for more details, screenshots, related URLs & comments for this tool! (or to update its entry)



Tool name: UrlScan
Rating: 0.0 (0 votes)
Author: Microsoft                        
Website: http://learn.iis.net/page.aspx/473/using-urlscan
Current version: 3.0 (beta)
Last updated: 2008
Direct D/L link: N/A
License type: Free
Platform(s): Windows   
Description: UrlScan is a security tool that restricts the types of HTTP requests that Internet Information Services (IIS) will process. By blocking specific HTTP requests, UrlScan helps prevent potentially harmful requests from being processed by web applications on the server. UrlScan v3.0 Beta has feature upgrades and fixes from its predecessor (v2.5) such as the ability to scan query strings, the ability to custom tailor rules that scan parts of your HTTP requests and many others. UrlScan will install on IIS 5.1 and later, including the latest IIS 7.0 for Windows Server 2008.
Also listed in: Web Application IPS Tools
More details: Click here for more details, screenshots, related URLs & comments for this tool! (or to update its entry)



Tool name: Wepawet
Rating: 0.0 (0 votes)
Author: UCSB Computer Security Lab                        
Website: http://www.cs.ucsb.edu/~seclab/
Current version: alpha
Last updated:
Direct D/L link: http://wepawet.iseclab.org/index.php
License type:
Platform(s): Platform independent (Java, script etc)   
Description: Wepawet is a service for detecting and analyzing web-based malware. It currently handles Flash, JavaScript, and PDF files.

To use Wepawet:
Upload a sample or specify a URL
Wait for the resource to be analyzed
Review the generated report
Also listed in: Malware Detection Tools, Test & Sandbox Environments, Web Application Analysis Tools
More details: Click here for more details, screenshots, related URLs & comments for this tool! (or to update its entry)



Tool name: Yersinia
Rating: 0.0 (0 votes)
Author: Alfredo Andrés Omella & David Barroso Berrueta                        
Website: http://www.yersinia.net
Current version: 0.7.1
Last updated: January 26, 2007
Direct D/L link: N/A
License type: Free
Platform(s): Linux   Mac OS X   Unix (BSD/Solaris/etc)   
Description: Yersinia is a network tool designed to take advantage of some weakeness in different network protocols. It pretends to be a solid framework for analyzing and testing the deployed networks and systems.

Currently, there are some network protocols implemented, but others are coming (tell us which one is your preferred). Attacks for the following network protocols are implemented (but of course you are free for implementing new ones):

* Spanning Tree Protocol (STP)
* Cisco Discovery Protocol (CDP)
* Dynamic Trunking Protocol (DTP)
* Dynamic Host Configuration Protocol (DHCP)
* Hot Standby Router Protocol (HSRP)
* IEEE 802.1Q
* IEEE 802.1X
* Inter-Switch Link Protocol (ISL)
* VLAN Trunking Protocol (VTP)
Also listed in: Network Attack & Manipulation Tools
More details: Click here for more details, screenshots, related URLs & comments for this tool! (or to update its entry)


...

There were too many (recursive) child objects of this category to display them all, please use the sub categories below to increase the detail of your search criteria!



RSS feed Feed containing all updates and additions for this category.

RSS feed Feed containing all updates and additions for this category, including sub-categories.


Retrieved from "http://www.woodmann.com/collaborative/sectools/index.php/Category:Categorized_by_Tool_Type"



Views