Security Tools


2015 – This page is so damn old. Back in 2008 I thought I can post some tools that an IS Auditor should know about and could learn to use on an audit. If you are an IS auditor, a penetration tester, or anybody who happened to stumble I apologize.

These are all tools I’ve used to conduct an audit of an agency or university.  I have working knowledge of all of these tools and would be able to offer advice or assistance in their use.  I would also suggest getting familiar with all of the tools listed in the Security List Top 100 Tools (


BiDiBlah (
SiteDigger (

Network/Port Scanning

Nmap (
Scapy (
Scanline ( [Stand-Alone]

Windows Enumeration

net view (Windows Default)
nbtstat (Windows Default)
Browstat (exe) [Stand-Alone]
– (Windows XP Support Tools)
– (Windows 2000 Resource Kit)
– Command Help
Nbtscan ( [Stand-Alone]
Enum ( [Stand-Alone]
Dumpsec ( [Stand-Alone]
– (needs to be installed by then you can just copy the DumpSec exe file)
Solarwinds Tools (


Ettercap (
Cain & Abel (
Tcpdump (
Wireshark (

Password Tools

Cain & Abel (
John the Ripper (
Cifspwscan ( [Stand-Alone (Needs Java)]
THC-Hydra (
PwdumpX ([Stand-Alone]
Pwdump2 ([Stand-Alone]
Cachedump ([Stand-Alone]
SamInside ([Stand-Alone]
creddump ( [Needs Python]

Vulnerability Scanners

Tenable Nessus (
eEye Retina (
HP WebInspect (
Application Security AppDetective (
Nikto (


Kismet (
Aircrack-ng (
Karmasploit (

Database Tools

Navicat (
SQL Ninja (
SQLat ([Stand-Alone]
Automagic (
Oracle Audit Tools (OAT) ([Stand-Alone (Needs Java)]
Oracle Assessment Kit (OAK) ( [Stand-Alone]


Metasploit (

 Posted by at 12:15 pm

  One Response to “Security Tools”

  1. […] you need when you connect to the auditee’s network. I’ve made changes to the Security Tools page to highlight which tools are stand-alone and do not require installation.  Also for reference […]

 Leave a Reply



You may use these HTML tags and attributes: <a href="" title=""> <abbr title=""> <acronym title=""> <b> <blockquote cite=""> <cite> <code> <del datetime=""> <em> <i> <q cite=""> <s> <strike> <strong>