From Collaborative RCE Tool Library

Jump to: navigation, search

Network Tools


Tool name: Burp Suite
Rating: 5.0 (2 votes)
Author: PortSwigger                        
Website: http://www.portswigger.net/suite/
Current version: 1.1
Last updated:
Direct D/L link: http://portswigger.net/suite/download.html
License type: Free / Open Source
Description: Burp Suite is an integrated platform for attacking web applications. It contains all of the Burp tools with numerous interfaces between them designed to facilitate and speed up the process of attacking an application. All tools share the same robust framework for handling HTTP requests, authentication, downstream proxies, logging, alerting and extensibility.

Burp Suite allows you to combine manual and automated techniques to enumerate, analyse, attack and exploit web applications. The various Burp tools work together effectively to share information and allow findings identified within one tool to form the basis of an attack using another.

Key features unique to Burp Suite include:

* Ability to "passively" spider an application in a non-intrusive manner, with all requests originating from the user's browser.
* One-click transfer of interesting requests between tools, e.g. from the Burp Proxy request history, or the Burp Spider results tree.
* Detailed analysis and rendering of requests and responses.
* Extensibility via the IBurpExtender interface, which allows third-party code to extend the functionality of Burp Suite. Data processed by one tool can be used in arbitrary ways to affect the behaviour and results of other tools.
* Centrally configured settings for downstream proxies, web and proxy authentication, and logging.
* Tools can run in a single tabbed window, or be detached in individual windows.
* All tool and suite configuration is optionally persistent across program loads.
* Runs in both Linux and Windows.

New features in version 1.1 include:

* Improved analysis of HTTP requests and responses wherever they appear, with browser-quality HTML and media rendering.
* Burp Sequencer, a new tool for analysing session token randomness.
* Burp Decoder, a new tool for performing manual and intelligent decoding and encoding of application data.
* Burp Comparer, a new utility for performing a visual diff of any two data items.
* Support for custom client and server SSL certificates.
* Ability to follow 3xx redirects in Burp Intruder and Repeater attacks.
* Improved interception and match-and-replace rules in Burp Proxy.
* A "lean mode", for users who prefer less functionality and a smaller resource footprint.

Burp Suite is a Java application, and runs on any platform for which a Java Runtime Environment is available. It requires version 1.5 or later. The JRE can be obtained for free from java.sun.com.
Also listed in: Web Application Tools, HTTP Proxy Tools, SSL Proxy Tools
More details: Click here for more details, screenshots, related URLs & comments for this tool! (or to update its entry)



Tool name: SysAnalyzer
Rating: 5.0 (1 vote)
Author: David Zimmer (iDefense Labs)                        
Website: http://labs.idefense.com/files/labs/releases/previews/SysAnalyzer/
Current version:
Last updated: January 19, 2007
Direct D/L link: http://labs.idefense.com/software/download/?downloadID=15
License type: GPL2
Description: SysAnalyzer is an automated malcode run time analysis application that monitors various aspects of system and process states. SysAnalyzer was designed to enable analysts to quickly build a comprehensive report as to the actions a binary takes on a system. SysAnalyzer can automatically monitor and compare:

* Running Processes
* Open Ports
* Loaded Drivers
* Injected Libraries
* Key Registry Changes
* APIs called by a target process
* File Modifications
* HTTP, IRC, and DNS traffic

SysAnalyzer also comes with a ProcessAnalyzer tool which can perform the following tasks:

* Create a memory dump of target process
* parse memory dump for strings
* parse strings output for exe, reg, and url references
* scan memory dump for known exploit signatures

Full GPL source for SysAnalyzer is included in the installation package.
Also listed in: Disk Monitoring Tools, Registry Monitoring Tools, Network Monitoring Tools, Install Monitoring Tools, API Monitoring Tools, File Monitoring Tools, Memory Dumpers
More details: Click here for more details, screenshots, related URLs & comments for this tool! (or to update its entry)



Tool name: TCPView
Rating: 5.0 (1 vote)
Author: Mark Russinovich                        
Website: http://www.microsoft.com/technet/sysinternals/Networking/TcpView.mspx
Current version: 2.54
Last updated: March 17, 2009
Direct D/L link: http://download.sysinternals.com/Files/TcpView.zip
License type: Free
Description: TCPView is a Windows program that will show you detailed listings of all TCP and UDP endpoints on your system, including the local and remote addresses and state of TCP connections. On Windows Server 2008, Vista, NT, 2000 and XP TCPView also reports the name of the process that owns the endpoint. TCPView provides a more informative and conveniently presented subset of the Netstat program that ships with Windows. The TCPView download includes Tcpvcon, a command-line version with the same functionality.
Also listed in: Network Monitoring Tools
More details: Click here for more details, screenshots, related URLs & comments for this tool! (or to update its entry)



Tool name: tcpdump
Rating: 5.0 (2 votes)
Author: The Tcpdump team                        
Website: http://www.tcpdump.org/
Current version: 4.0.0
Last updated: July 18, 2009
Direct D/L link: http://www.tcpdump.org/release/tcpdump-4.0.0.tar.gz
License type: BSD
Description: From wikipedia's entry for tcpdump:

tcpdump is a common computer network debugging tool that runs under the command line. It allows the user to intercept and display TCP/IP and other packets being transmitted or received over a network to which the computer is attached. It was originally written by Van Jacobson, Craig Leres and Steven McCanne who were, at the time, working in the Lawrence Berkeley Laboratory Network Research Group.

Distributed under a permissive free software licence, tcpdump is free software.

Tcpdump works on most Unix-like operating systems: Linux, Solaris, BSD, Mac OS X, HP-UX and AIX among others. In those systems, tcpdump uses the libpcap library to capture packets.

There is also a port of tcpdump for Windows called WinDump; this uses WinPcap, which is a port of libpcap to Windows.

In some Unix-like operating systems, a user must have superuser privileges to use tcpdump because the packet capturing mechanisms on those systems require elevated privileges. However, the -Z option may be used to drop privileges to a specific unprivileged user after capturing has been set up. In other Unix-like operating systems, the packet capturing mechanism can be configured to allow non-privileged users to use it; if that is done, superuser privileges are not required.

The user may optionally apply a BPF-based filter to limit the number of packets seen by tcpdump; this renders the output more usable on networks with a high volume of traffic.
Also listed in: Network Sniffers
More details: Click here for more details, screenshots, related URLs & comments for this tool! (or to update its entry)



Tool name: Wireshark
Rating: 5.0 (4 votes)
Author: Gerald Combs                        
Website: http://www.wireshark.org
Current version: 1.2.1
Last updated: July 20, 2009
Direct D/L link: http://www.wireshark.org/download/win32/wireshark-win32-1.2.1.exe
License type: Free / Open Source
Description: Wireshark (previously Ethereal) is the world's foremost network protocol analyzer, and is the standard in many industries.

It is the continuation of a project that started in 1998. Hundreds of developers around the world have contributed to it, and it is still under active development.

Wireshark has a rich feature set which includes the following:

* Hundreds of protocols are supported, with more being added all the time
* Live capture and offline analysis are supported
* Standard three-pane packet browser
* Multi-platform: Runs on Windows, Linux, OS X, Solaris, FreeBSD, NetBSD, and many others
* Captured network data can be browsed via a GUI, or via the TTY-mode TShark utility
* The most powerful display filters in the industry
* Rich VoIP analysis
* Read/write many different capture file formats: tcpdump (libpcap), Catapult DCT2000, Cisco Secure IDS iplog, Microsoft Network Monitor, Network General Sniffer® (compressed and uncompressed), Sniffer® Pro, and NetXray®, Network Instruments Observer, Novell LANalyzer, RADCOM WAN/LAN Analyzer, Shomiti/Finisar Surveyor, Tektronix K12xx, Visual Networks Visual UpTime, WildPackets EtherPeek/TokenPeek/AiroPeek, and many others
* Capture files compressed with gzip can be decompressed on the fly
* Live data can be read from Ethernet, IEEE 802.11, PPP/HDLC, ATM, Bluetooth, USB, Token Ring, Frame Relay, FDDI, and others (depending on your platfrom)
* Decryption support for many protocols, including IPsec, ISAKMP, Kerberos, SNMPv3, SSL/TLS, WEP, and WPA/WPA2
* Coloring rules can be applied to the packet list, which eases analysis
* Output can be exported to XML, PostScript®, CSV, or plain text
Also listed in: Network Sniffers
More details: Click here for more details, screenshots, related URLs & comments for this tool! (or to update its entry)



Tool name: Fport
Rating: 0.0 (0 votes)
Author: Foundstone, Inc.                        
Website: http://www.foundstone.com/us/resources/proddesc/fport.htm
Current version: 2.0
Last updated: 2002
Direct D/L link: Locally archived copy
License type: Free
Description: fport reports all open TCP/IP and UDP ports and maps them to the owning application. This is the same information you would see using the 'netstat -an' command, but it also maps those ports to running processes with the PID, process name and path. Fport can be used to quickly identify unknown open ports and their associated applications.

Usage:

C:\>fport
FPort v2.0 - TCP/IP Process to Port Mapper
Copyright 2000 by Foundstone, Inc.
http://www.foundstone.com

Pid Process Port Proto Path
392 svchost -> 135 TCP C:\WINNT\system32\svchost.exe
8 System -> 139 TCP
8 System -> 445 TCP
508 MSTask -> 1025 TCP C:\WINNT\system32\MSTask.exe
392 svchost -> 135 UDP C:\WINNT\system32\svchost.exe
8 System -> 137 UDP
8 System -> 138 UDP
8 System -> 445 UDP
224 lsass -> 500 UDP C:\WINNT\system32\lsass.exe
212 services -> 1026 UDP C:\WINNT\system32\services.exe

The program contains five (5) switches. The switches may be utilized using either a '/'
or a '-' preceding the switch. The switches are;

Usage:
/? usage help
/p sort by port
/a sort by application
/i sort by pid
/ap sort by application path

fport supports Windows NT4, Windows 2000 and Windows XP
Also listed in: Network Monitoring Tools
More details: Click here for more details, screenshots, related URLs & comments for this tool! (or to update its entry)



Tool name: LSOF
Rating: 0.0 (0 votes)
Author: Victor A. Abell                        
Website: http://people.freebsd.org/~abe/
Current version:
Last updated:
Direct D/L link: N/A
License type: Free / Open Source
Description: The lsof (LiSt Open Files) diagnostic and forensics tool lists information about any files that are open by processes currently running on the system. It can also list communications sockets open by each process.
Also listed in: File Monitoring Tools, Network Monitoring Tools
More details: Click here for more details, screenshots, related URLs & comments for this tool! (or to update its entry)



Tool name: Malcode Analysis Pack
Rating: 0.0 (0 votes)
Author: David Zimmer (iDefense Labs)                        
Website: http://labs.idefense.com/files/labs/releases/previews/map/
Current version:
Last updated: November 13, 2006
Direct D/L link: http://labs.idefense.com/software/download/?downloadID=8
License type: GPL2
Description: The Malcode Analyst Pack contains a series of utilities that were found to be necessary tools while doing rapid malcode analysis.

Included in this package are:

• ShellExt - 4 explorer shell extensions
• socketTool - manual TCP Client for probing functionality.
• MailPot - mail server capture pot
• fakeDNS - spoofs dns responses to controlled ip's
• sniff_hit - HTTP, IRC, and DNS sniffer
• sclog - Shellcode research and analysis application
• IDCDumpFix - aids in quick RE of packed applications
• Shellcode2Exe - embeds multiple shellcode formats in exe husk
• GdiProcs - detect hidden processes
Also listed in: Malware Analysis Tools, Process Monitoring Tools, TCP Proxy Tools, Network Sniffers, Import Editors, Reverse Engineering Frameworks, API Monitoring Tools
More details: Click here for more details, screenshots, related URLs & comments for this tool! (or to update its entry)



Tool name: Matasano Port Forwarding Interceptor
Rating: 0.0 (0 votes)
Author: Matasano / s7ephen                        
Website: http://github.com/s7ephen/projects/tree/master
Current version:
Last updated: May 22, 2009
Direct D/L link: Locally archived copy
License type: Free / Open Source
Description: Do you ever find yourself on a reversing or pen-testing project with the need to peek into a TCP stream and modify a little bit of data?

Do you find yourself annoyed, feeling that you’ve hacked together code to do this many times before, but simply can’t find it?

Do you find yourself hobbling together other tools to do what you need? Do you find yourself wishing you had a Burp for raw TCP connections?

No MORE! Using Matasano’s Port Forwarding Interceptor you have the tool you need right at your fingertips!
Also listed in: TCP Proxy Tools
More details: Click here for more details, screenshots, related URLs & comments for this tool! (or to update its entry)



Tool name: Paros Proxy
Rating: 0.0 (0 votes)
Author: Chinotec Technologies Company                        
Website: http://www.parosproxy.org
Current version: 3.2.13
Last updated: August 8, 2006
Direct D/L link: Locally archived copy
License type: Free / Open Source
Description: A Java based HTTP/HTTPS proxy for assessing web application vulnerability. It supports editing/viewing HTTP messages on-the-fly. Other featuers include spiders, client certificate, proxy-chaining, intelligent scanning for XSS and SQL injections etc.
Also listed in: HTTP Proxy Tools, Web Application Tools, SSL Proxy Tools
More details: Click here for more details, screenshots, related URLs & comments for this tool! (or to update its entry)



Tool name: Stunnel
Rating: 0.0 (0 votes)
Author:                         
Website: http://www.stunnel.org
Current version: 4.20
Last updated: November 30, 2006
Direct D/L link: Locally archived copy
License type: Free / Open Source
Description: Stunnel -- Universal SSL Wrapper

Stunnel is a program that allows you to encrypt arbitrary TCP connections inside SSL (Secure Sockets Layer) available on both Unix and Windows. Stunnel can allow you to secure non-SSL aware daemons and protocols (like POP, IMAP, LDAP, etc) by having Stunnel provide the encryption, requiring no changes to the daemon's code.

The Stunnel source code is not a complete product -- you still require a functioning SSL library such as OpenSSL or SSLeay in order to compile stunnel. This means that stunnel can support whatever (and only) that which your SSL library can, without making any changes in the Stunnel code.

The Stunnel source code is available under the GNU General Public License, meaning it is free to use in both commercial and non commercial applications as you see fit, as long as you provide source code (and any modifications) with the software. Your compiled Stunnel binary is 'restricted' by whatever license your chosen SSL library is under, however both OpenSSL and SSLeay are open source and similarly liberal in their licensing.
Also listed in: SSL Proxy Tools
More details: Click here for more details, screenshots, related URLs & comments for this tool! (or to update its entry)


RSS feed Feed containing all updates and additions for this category.

RSS feed Feed containing all updates and additions for this category, including sub-categories.


Subcategories

There are 2 subcategories to this category.


Retrieved from "http://www.woodmann.com/collaborative/tools/index.php/Category:Network_Tools"



Views
Category Navigation Tree
RCE Tools
   Categorized by Target Type  (176)
   Categorized by Tool Type  (973)
   Anti Anti Test Tools  (15)
   Assemblers  (15)
   Code Coverage Tools  (12)
   Code Injection Tools  (32)
   Code Ripping Tools  (2)
   Crypto Tools  (5)
   Data Extraction Tools  (19)
   Debuggers  (42)
   Decompilers  (20)
   Deobfuscation Tools  (11)
   Dependency Analyzer Tools  (5)
   Diff Tools  (29)
   Disassemblers  (45)
   Dongle Analysis Tools  (24)
   Exe Analyzers  (31)
   Firefox Extensions  (1)
   GUI Manipulation Tools  (15)
   Hardware Reversing Tools  (24)
   Hex Editors  (12)
   IDA Signature Creation Tools  (5)
   Kernel Tools  (12)
   Memory Data Tracing Tools  (6)
   Memory Patchers  (3)
   Memory Search Tools  (7)
   Monitoring Tools  (110)
   Network Tools  (15)
   PE Executable Editors  (78)
   Packers  (16)
   Patch Packaging Tools  (7)
   Profiler Tools  (10)
   Programming Libraries  (31)
   Regular Expression Tools  (3)
   Resource Editors  (11)
   Reverse Engineering Frameworks  (7)
   Source Code Tools  (11)
   String Finders  (5)
   Symbol Tools  (11)
   System Information Extraction Tools  (7)
   Technical PoC Tools  (7)
   Test and Sandbox Environments  (16)
   Tool Extensions  (135)
   Tool Hiding Tools  (5)
   Tool Signatures  (21)
   Tracers  (17)
   Unpacking Tools  (58)
   Needs New Category  (1)