|
Packet Shaper:
- Nemesis: a command line packet shaper
- Packit: The Packet Toolkit - A network packet shaper.
- Hping by Antirez: a command line TCP/IP packet shaper
- Sing: stands for 'Send ICMP Nasty Garbage'; sends fully customizeable ICMP packets
- Scapy: a new python-based packet generator
Password Cracker/Login Hacker:
- John the Ripper: a well-known password cracker for Windows and *nix Systems
- Djohn: a distributed password cracker based on "John the Ripper"
- Cain & Abel: an advanced password recovery tool for windows systems. It sniffs the network packets an cracks authentication brute-force or with dictionary attacks.
- Project RainbowCrack: Advanced instant NT password cracker
- Rainbowtables: The shmoo group provides pre-generated rainbow tables for bittorrent download. The tables are generated with RainbowCrack (see above).
- Windows NT password recovery tool by Peter Nordahl
- "THC-Dialup Login Hacker" by THC. It trys to guess username and password against the modem carrier. As far as I know the only available dialup password guesser for *NIX.
- "Hydra" by THC: a multi-protocol login hacker. Hydra is also integrated with Nessus.
- THC imap bruter: a very fast imap password brute forcer
- x25bru: a login/password bruteforcer for x25 pad
Advanced Sniffers:
- Dsniff by Dug Song: a combination of very useful sniffer and man-in-the-middle attack tools
- Ettercap: a multipurpose sniffer/interceptor/logger for switched LAN environments
- aimsniffer: monitors AOL instant messager communication on the network
- 4G8: a tool ,similar to ettercap, to capture network traffic in switched environments
- cdpsniffer: Cisco discovery protocol (CDP) decoding sniffer
Port Scanner:
- nmap: the currently most well-known port scanner. Since version 3.45 it supports version scans.
- ISECOM released their nmap wrapper NWRAP, which shows all known protocols for the discovered ports form the Open Protocol Resource Database
- Nmap::Scanner: Perl output parser for nmap
- Amap by THC: An advanced portscanner which determines the application behind a network port by its application handshake. Thus it detects well-known applications on non-standard ports or unknown applications on well-known ports.
- vmap by THC: version mapper for detemine version (sic!) of scanned daemons
- Unicornscan: a information gathering and correlation engine
Security Scanner:
- Nessus - In version 2 an OpenSource network scanner. Version 3 will be only available in binary form and under a proprietary license.
- Paul Clip from @stake released AUSTIN, a security scanner for Palm OS 3.5+. Unfortunately, @stake seems no longer support much of their free security tools. If anyone knows of an available download location, please drop me an email.
Fingerprinting:
- Winfingerprint: much more than a simple fingerprinting tool.It scans for Windows shares, enumerates usernames, groups, sids and much more.
- p0f 2: Michal Zalewski announced his new release of p0f 2, a passive OS fingerprinting tool. p0f 2 is a completely rewrite of the old p0f code.
- xprobe2: a remote active operating system fingerprinting tool from Ofir Arkin and the xprobe2 team
- Cron-OS: an active OS fingerprinting tool based on TCP timeout behavior. This project was formerly known as "RING" and is now published as a nmap addon.
Proxy Server:
- Burp proxy: an interactive HTTP/S proxy server for attacking and debugging web-enabled applications
- Screen-scraper: a http/https-proxy server with a scripting engine for data manipulation and searching
- Paros: a man-in-the-middle proxy and application vulnerability scanner
DNSA: DNS Auditing tool by Pierre Betouin
Nikto: a web server analyzer with anti IDS features. Based on Rain Forest Puppies libwhisker library.
ike-scan: an IPSec enumeration and fingerprinting tool
ikeprobe: ike scanning tool
ipsectrace: a tool for profiling ipsec traffic in a dump file. Initial alpha release
Hunt: a session hijacking tool with curses GUI
Metis: a java based information gathering tool for web sites
SMAC: a Windows MAC Address Modifying Utility. Supports Windows 2000 and XP.
The WebGoat Project: a web application written in Java with intentional vulnerabilities. Supports an interactive learning environment with individual lessons.
Netsed: alters content of network packets while forwarding the packets
packetstormsecurity.org: Huge collections of tools and exploits
TSCrack: a Windows Terminal Server brute forcer
Ollie Whitehouse from @stake released some new cellular phone based pentesting tools for scanning (NetScan, MobilePenTester). All tools require a Sony Ericsson P800 mobile phone. Unfortunately, @stake seems no longer to support much of their free security tools. So, use instead the alternativ download links above.
VPNMonitor: a Java application to observer network traffic. It graphically represents network connections and highlights all VPN connections. Nice for demonstrations, if somewhat of limited use in a real pen test.
ip6sic: a IPv6 stack integrity tester
THC-FuzzyFingerprint: generates fuzzy fingerprints that look almost nearly equal to a given fingerprint/hash-sum. Very useful for MITM attacks.
SecurityFriday released their new version of BeatLM, a password finder for LM/NTLM hashes. Currently, there is no support for NTLM2 hashes. In order to get the hashes from network traffic, try ScoopLM.
THC vlogger: a linux kernel based keylogger
The Metasploit Framework: an "advanced open-source platform for developing, testing, and using exploit code".
PassLoc: a tool which provides the means to locate keys within a buffer. Based on the article "Playing hide and seek with stored keys" by Adi Shamir.
Dl-Hell: identifies an executables dynamic link library (DLL) files
Athena: a search engine query tool for passive information gathering
CIS Oracle Database Scoring Tool: scans Oracle 8i/9i for compliance with the CIS Oracle Database Benchmark
DHCPing: a security tool for testing dhcp security
ldapenum: a perl script for enumeration against ldap servers.
SQLRecon: an active and passive scanner for MSSQL server. Works on Windows 2000, XP and 2003.
yersinia: a network tool designed to take advantage of some weakeness in different network protocols (STP, CDP, DTP, DHCP, HSRP, 802.1q, VTP)
absinthe: a gui-based tool that automates the process of downloading the schema & contents of a database that is vulnerable to Blind SQL Injection (see here and here).
WSDigger: a black box web pen testing from Foundstone (Windows based)
ElseNet Project: The project tries to publish an exploit for each MS Security Bulltin. A script kiddie dream come true.
Checkpwd: a dictionary based password checker for oracle databases |