Security Tools

2015 – This page is so damn old. Back in 2008 I thought I can post some tools that an IS Auditor should know about and could learn to use on an audit. If you are an IS auditor, a penetration tester, or anybody who happened to stumble I apologize.

These are all tools I’ve used to conduct an audit of an agency or university.  I have working knowledge of all of these tools and would be able to offer advice or assistance in their use.  I would also suggest getting familiar with all of the tools listed in the Security List Top 100 Tools (http://sectools.org/)

Footprinting

BiDiBlah (http://www.sensepost.com)
SiteDigger (http://www.foundstone.com)

Network/Port Scanning

Nmap (http://www.nmap.org)
Scapy (http://www.secdev.org)
Scanline (http://www.foundstone.com) [Stand-Alone]

Windows Enumeration

net view (Windows Default)
nbtstat (Windows Default)
Browstat (exe) [Stand-Alone]
– (Windows XP Support Tools)
– (Windows 2000 Resource Kit)
– Command Help
Nbtscan (http://www.unixwiz.net) [Stand-Alone]
Enum (http://www.darkridge.com) [Stand-Alone]
Dumpsec (http://www.somarsoft.com) [Stand-Alone]
– (needs to be installed by then you can just copy the DumpSec exe file)
Solarwinds Tools (http://www.solarwinds.com)

Sniffing

Ettercap (http://ettercap.sourceforge.net)
Cain & Abel (http://www.oxid.it)
Tcpdump (http://www.tcpdump.org)
Wireshark (http://www.wireshark.org)

Password Tools

Cain & Abel (http://www.oxid.it)
John the Ripper (http://www.openwall.com)
Cifspwscan (http://www.cqure.net) [Stand-Alone (Needs Java)]
THC-Hydra (http://freeworld.thc.org/thc-hydra/)
PwdumpX (http://www.packetstormsecurity.org)[Stand-Alone]
Pwdump2 (http://www.packetstormsecurity.org)[Stand-Alone]
Cachedump (http://www.packetstormsecurity.org)[Stand-Alone]
SamInside (http://www.insidepro.com)[Stand-Alone]
creddump (http://code.google.com/p/creddump/) [Needs Python]

Vulnerability Scanners

Tenable Nessus (http://www.nessus.org)
eEye Retina (http://www.eeye.com)
HP WebInspect (http://www.hp.com)
Application Security AppDetective (http://www.appsecinc.com)
Nikto (http://www.cirt.net)

Wireless

Kismet (http://www.kismetwireless.net)
Aircrack-ng (http://www.aircrack-ng.org)
Karmasploit (http://trac.metasploit.com/wiki/Karmetasploit)

Database Tools

Navicat (http://www.navicat.com)
SQL Ninja (http://sqlninja.sourceforge.net)
SQLat (http://www.cqure.com)[Stand-Alone]
Automagic (http://packetstormsecurity.org/UNIX/scanners/automagic.zip)
Oracle Audit Tools (OAT) (http://www.cqure.com)[Stand-Alone (Needs Java)]
Oracle Assessment Kit (OAK) (http://www.databasesecurity.com) [Stand-Alone]

Exploitation

Metasploit (http://www.metasploit.com)

One thought to “Security Tools”

Leave a Reply

Your email address will not be published. Required fields are marked *

 

This site uses Akismet to reduce spam. Learn how your comment data is processed.