Security Tools

 

These are all tools I’ve used to conduct an audit of an agency or university.  I have working knowledge of all of these tools and would be able to offer advice or assistance in their use.  I would also suggest getting familiar with all of the tools listed in the Security List Top 100 Tools (http://sectools.org/)

Footprinting

BiDiBlah (http://www.sensepost.com)
SiteDigger (http://www.foundstone.com)

Network/Port Scanning

Nmap (http://www.nmap.org)
Scapy (http://www.secdev.org)
Scanline (http://www.foundstone.com) [Stand-Alone]

Windows Enumeration

net view (Windows Default)
nbtstat (Windows Default)
Browstat (exe) [Stand-Alone]
- (Windows XP Support Tools)
- (Windows 2000 Resource Kit)
- Command Help
Nbtscan (http://www.unixwiz.net) [Stand-Alone]
Enum (http://www.darkridge.com) [Stand-Alone]
Dumpsec (http://www.somarsoft.com) [Stand-Alone]
- (needs to be installed by then you can just copy the DumpSec exe file)
Solarwinds Tools (http://www.solarwinds.com)

Sniffing

Ettercap (http://ettercap.sourceforge.net)
Cain & Abel (http://www.oxid.it)
Tcpdump (http://www.tcpdump.org)
Wireshark (http://www.wireshark.org)

Password Tools

Cain & Abel (http://www.oxid.it)
John the Ripper (http://www.openwall.com)
Cifspwscan (http://www.cqure.net) [Stand-Alone (Needs Java)]
THC-Hydra (http://freeworld.thc.org/thc-hydra/)
PwdumpX (http://www.packetstormsecurity.org)[Stand-Alone]
Pwdump2 (http://www.packetstormsecurity.org)[Stand-Alone]
Cachedump (http://www.packetstormsecurity.org)[Stand-Alone]
SamInside (http://www.insidepro.com)[Stand-Alone]
creddump (http://code.google.com/p/creddump/) [Needs Python]

Vulnerability Scanners

Tenable Nessus (http://www.nessus.org)
eEye Retina (http://www.eeye.com)
HP WebInspect (http://www.hp.com)
Application Security AppDetective (http://www.appsecinc.com)
Nikto (http://www.cirt.net)

Wireless

Kismet (http://www.kismetwireless.net)
Aircrack-ng (http://www.aircrack-ng.org)
Karmasploit (http://trac.metasploit.com/wiki/Karmetasploit)

Database Tools

Navicat (http://www.navicat.com)
SQL Ninja (http://sqlninja.sourceforge.net)
SQLat (http://www.cqure.com)[Stand-Alone]
Automagic (http://packetstormsecurity.org/UNIX/scanners/automagic.zip)
Oracle Audit Tools (OAT) (http://www.cqure.com)[Stand-Alone (Needs Java)]
Oracle Assessment Kit (OAK) (http://www.databasesecurity.com) [Stand-Alone]

Exploitation

Metasploit (http://www.metasploit.com)

 Posted by at 12:15 pm

  One Response to “Security Tools”

  1. [...] you need when you connect to the auditee’s network. I’ve made changes to the Security Tools page to highlight which tools are stand-alone and do not require installation.  Also for reference [...]

 Leave a Reply

(required)

(required)

You may use these HTML tags and attributes: <a href="" title=""> <abbr title=""> <acronym title=""> <b> <blockquote cite=""> <cite> <code> <del datetime=""> <em> <i> <q cite=""> <strike> <strong>