[转载]Top 100 Network Security Tools(页 1) - 业界新闻快报{ News and Reports } - 邪恶八进制信息安全团队技术讨论组努力为祖国的信息安全撑起一片蓝天

pub!1c 2006-9-21 17:35

[转载]Top 100 Network Security Tools

<p>信息来源: sectools.org</p><p>After the tremendously successful <a href="tools2000.html">2000</a> and <a href="tools2003.html">2003</a> security tools surveys, <a href="http://www.insecure.org/">Insecure.Org</a> is delighted to release this 2006 survey. I (<a href="http://www.insecure.org/myworld.html">Fyodor</a>) asked users from the <a href="http://seclists.org/#nmap-hackers">nmap-hackers</a> mailing list to share their favorite tools, and 3,243 people responded. This allowed me to expand the list to 100 tools, and even subdivide them into categories. Anyone in the security field would be well advised to go over the list and investigate tools they are unfamiliar with. I discovered several powerful new tools this way. I also point newbies to this site whenever they write me saying “I don't know where to start”. </p><p>Respondents were allowed to list open source or commercial tools on any platform. Commercial tools are noted as such in the list below. No votes for the <a href="http://www.insecure.org/nmap">Nmap Security Scanner</a> were counted because the survey was taken on a Nmap mailing list. This audience also biases the list slightly toward “attack” hacking tools rather than defensive ones. </p><p>Each tool is described by one ore more attributes: <table><tbody><tr><td align="center"><img title="New" height="11" alt="new" src="http://mirror.sectools.org/flags/new_28x11.gif" width="28" /></td><td valign="middle">Did not appear on the <a href="tools2003.html">2003 list</a></td></tr><tr><td align="center"><img height="14" src="http://mirror.sectools.org/flags/up_g_10x14.gif" width="10" />/<img height="14" src="http://mirror.sectools.org/flags/down_r_10x14.gif" width="10" /></td><td valign="middle">Popularity ranking <img height="14" src="http://mirror.sectools.org/flags/up_g_10x14.gif" width="10" /><font color="#008800">rose</font> / <img height="14" src="http://mirror.sectools.org/flags/down_r_10x14.gif" width="10" /><font color="#cc0000">fell</font> the given number since the <a href="tools2003.html">2003 survey</a></td></tr><tr><td align="center"><img height="30" alt=" TITLE=" src="http://mirror.sectools.org/flags/dollarlogo_20x30.gif" width="20" /></td><td valign="middle">Generally costs money. A free limited/demo/trial version may be available.</td></tr><tr><td align="center"><img title="Runs on Linux" height="30" alt="Linux" src="http://mirror.sectools.org/flags/linuxpenguinlogo_30x30.gif" width="30" /></td><td valign="middle">Works natively on Linux</td></tr><tr><td align="center"><img title="Runs on *BSD" height="30" alt="*BSD" src="http://mirror.sectools.org/flags/openbsdheadlogo_30x30.gif" width="30" /></td><td valign="middle">Works natively on OpenBSD, FreeBSD, Solaris, and/or other UNIX variants</td></tr><tr><td align="center"><img title="Runs on Mac OS X" height="30" alt="OS X" src="http://mirror.sectools.org/flags/osx-30x30.png" width="30" /></td><td valign="middle">Works natively on Apple Mac OS X</td></tr><tr><td align="center"><img title="Runs on Windows" height="30" alt="Windows" src="http://mirror.sectools.org/flags/winlogo_30x30.gif" width="30" /></td><td valign="middle">Works natively on Microsoft Windows</td></tr><tr><td align="center"><img title="Command-line interface" height="30" alt="Command-line interface" src="http://mirror.sectools.org/flags/term-30x30.png" width="30" /></td><td valign="middle">Features a command-line interface</td></tr><tr><td align="center"><img title="GUI Interface" height="30" alt="GUI Interface" src="http://mirror.sectools.org/flags/mouse-30x30.png" width="30" /></td><td valign="middle">Offers a GUI (point and click) interface</td></tr><tr><td align="center"><img title="Source code available" height="19" alt="Source code" src="http://mirror.sectools.org/flags/magnifying-glass-30x19.png" width="30" /></td><td valign="middle">Source code available for inspection.</td></tr></tbody></table></p><p>Please send updates and suggestions (or better tool logos) to <a href="mailto:fyodor@insecure.org">Fyodor</a>. If your tool is featured or you think your site visitors might enjoy this list, you are welcome to use our <a href="banners.html">link banners</a>. Here is the list, starting with the most popular:<br /><a name="nessus"><table><tbody><tr valign="top"><td valign="top" width="30"><font size="+1">#1</font><br /><img height="30" alt=" TITLE=" src="http://mirror.sectools.org/flags/dollarlogo_20x30.gif" width="20" /><br /><img title="Runs on Linux" height="30" alt="Linux" src="http://mirror.sectools.org/flags/linuxpenguinlogo_30x30.gif" width="30" /><br /><img title="Runs on *BSD" height="30" alt="*BSD" src="http://mirror.sectools.org/flags/openbsdheadlogo_30x30.gif" width="30" /><br /><img title="Runs on Mac OS X" height="30" alt="OS X" src="http://mirror.sectools.org/flags/osx-30x30.png" width="30" /><br /><img title="Runs on Windows" height="30" alt="Windows" src="http://mirror.sectools.org/flags/winlogo_30x30.gif" width="30" /><br /><img title="GUI Interface" height="30" alt="GUI Interface" src="http://mirror.sectools.org/flags/mouse-30x30.png" width="30" /> </td><td valign="top"><a href="http://www.nessus.org/"><img height="77" src="http://mirror.sectools.org/logos/nessus-80x77.png" width="80" align="right" border="0" /></a> <a href="http://www.nessus.org/">Nessus</a> : Premier UNIX vulnerability assessment tool<br />Nessus is the best free network vulnerability scanner available, and the best to run on UNIX at any price. It is constantly updated, with more than 11,000 plugins for the free (but registration and EULA-acceptance required) feed. Key features include remote and local (authenticated) security checks, a client/server architecture with a GTK graphical interface, and an embedded scripting language for writing your own plugins or understanding the existing ones. Nessus 3 is <a href="http://software.newsforge.com/article.pl?sid=05/10/06/1716257&tid=132&tid=78&tid=27">now closed source</a>, but is still free-of-cost unless you want the very newest plugins. <p>See all <a href="vuln-scanners.html">vulnerability scanners</a> </p></td></tr></tbody></table></a><a name="wireshark"><table><tbody><tr valign="top"><td valign="top" width="30"><font size="+1">#2</font><br /><img title="Runs on Linux" height="30" alt="Linux" src="http://mirror.sectools.org/flags/linuxpenguinlogo_30x30.gif" width="30" /><br /><img title="Runs on *BSD" height="30" alt="*BSD" src="http://mirror.sectools.org/flags/openbsdheadlogo_30x30.gif" width="30" /><br /><img title="Runs on Mac OS X" height="30" alt="OS X" src="http://mirror.sectools.org/flags/osx-30x30.png" width="30" /><br /><img title="Runs on Windows" height="30" alt="Windows" src="http://mirror.sectools.org/flags/winlogo_30x30.gif" width="30" /><br /><img title="Command-line interface" height="30" alt="Command-line interface" src="http://mirror.sectools.org/flags/term-30x30.png" width="30" /><br /><img title="GUI Interface" height="30" alt="GUI Interface" src="http://mirror.sectools.org/flags/mouse-30x30.png" width="30" /><br /><img title="Source code available" height="19" alt="Source code" src="http://mirror.sectools.org/flags/magnifying-glass-30x19.png" width="30" /> </td><td valign="top"><a href="http://www.wireshark.org/"><img height="90" src="http://mirror.sectools.org/logos/wireshark-80x90.png" width="80" align="right" border="0" /></a> <a href="http://www.wireshark.org/">Wireshark</a> : Sniffing the glue that holds the Internet together<br />Wireshark (known as <a href="http://www.ethereal.com/">Ethereal</a> until a trademark dispute in Summer 2006) is a fantastic open source network protocol analyzer for Unix and Windows. It allows you to examine data from a live network or from a capture file on disk. You can interactively browse the capture data, delving down into just the level of packet detail you need. Wireshark has several powerful features, including a rich display filter language and the ability to view the reconstructed stream of a TCP session. It also supports hundreds of protocols and media types. A tcpdump-like console version named tethereal is included. One word of caution is that Ethereal has suffered from dozens of remotely exploitable security holes, so stay up-to-date and be wary of running it on untrusted or hostile networks (such as security conferences). <p>See all <a href="sniffers.html">packet sniffers</a> </p></td></tr></tbody></table></a><a name="snort"><table><tbody><tr valign="top"><td valign="top" width="30"><font size="+1">#3</font><br /><img height="30" alt=" TITLE=" src="http://mirror.sectools.org/flags/dollarlogo_20x30.gif" width="20" /><br /><img title="Runs on Linux" height="30" alt="Linux" src="http://mirror.sectools.org/flags/linuxpenguinlogo_30x30.gif" width="30" /><br /><img title="Runs on *BSD" height="30" alt="*BSD" src="http://mirror.sectools.org/flags/openbsdheadlogo_30x30.gif" width="30" /><br /><img title="Runs on Mac OS X" height="30" alt="OS X" src="http://mirror.sectools.org/flags/osx-30x30.png" width="30" /><br /><img title="Runs on Windows" height="30" alt="Windows" src="http://mirror.sectools.org/flags/winlogo_30x30.gif" width="30" /><br /><img title="Command-line interface" height="30" alt="Command-line interface" src="http://mirror.sectools.org/flags/term-30x30.png" width="30" /><br /><img title="Source code available" height="19" alt="Source code" src="http://mirror.sectools.org/flags/magnifying-glass-30x19.png" width="30" /> </td><td valign="top"><a href="http://www.snort.org/"><img height="62" src="http://mirror.sectools.org/logos/snort-80x62.png" width="80" align="right" border="0" /></a> <a href="http://www.snort.org/">Snort</a> : A Everyone's favorite open source IDS<br />This lightweight network intrusion detection and prevention system excels at traffic analysis and packet logging on IP networks. Through protocol analysis, content searching, and various pre-processors, Snort detects thousands of worms, vulnerability exploit attempts, port scans, and other suspicious behavior. Snort uses a flexible rule-based language to describe traffic that it should collect or pass, and a modular detection engine. Also check out the free <a href="http://secureideas.sourceforge.net/">Basic Analysis and Security Engine (BASE)</a>, a web interface for analyzing Snort alerts. <p>Open source Snort works fine for many individuals, small businesses, and departments. Parent company <a href="http://www.sourcefire.com/">SourceFire</a> offers a complimentary product line with more enterprise-level features and real-time rule updates. They offer a free (with registration) 5-day-delayed rules feed, and you can also find many great free rules at <a href="http://www.bleedingsnort.com/">Bleeding Edge Snort</a>. </p><p>See all <a href="ids.html">intrusion detection systems</a> </p></td></tr></tbody></table></a><a name="netcat"><table><tbody><tr valign="top"><td valign="top" width="30"><font size="+1">#4</font><br /><img title="Runs on Linux" height="30" alt="Linux" src="http://mirror.sectools.org/flags/linuxpenguinlogo_30x30.gif" width="30" /><br /><img title="Runs on *BSD" height="30" alt="*BSD" src="http://mirror.sectools.org/flags/openbsdheadlogo_30x30.gif" width="30" /><br /><img title="Runs on Mac OS X" height="30" alt="OS X" src="http://mirror.sectools.org/flags/osx-30x30.png" width="30" /><br /><img title="Runs on Windows" height="30" alt="Windows" src="http://mirror.sectools.org/flags/winlogo_30x30.gif" width="30" /><br /><img title="Command-line interface" height="30" alt="Command-line interface" src="http://mirror.sectools.org/flags/term-30x30.png" width="30" /><br /><img title="Source code available" height="19" alt="Source code" src="http://mirror.sectools.org/flags/magnifying-glass-30x19.png" width="30" /> </td><td valign="top"><a href="http://www.vulnwatch.org/netcat/"><img height="155" src="http://mirror.sectools.org/logos/netcat-80x155.png" width="80" align="right" border="0" /></a> <a href="http://www.vulnwatch.org/netcat/">Netcat</a> : The network Swiss army knife<br />This simple utility reads and writes data across TCP or UDP network connections. It is designed to be a reliable back-end tool that can be used directly or easily driven by other programs and scripts. At the same time, it is a feature-rich network debugging and exploration tool, since it can create almost any kind of connection you would need, including port binding to accept incoming connections. The original Netcat was <a href="http://seclists.org/bugtraq/1995/Oct/0028.html">released</a> by Hobbit in 1995, but it hasn't been maintained despite its immense popularity. It can sometimes even be hard to find <a href="http://www.insecure.org/stf/nc110.tgz">nc110.tgz</a>. The flexibility and usefulness of this tool have prompted people to write numerous other Netcat implementations - often with modern features not found in the original. One of the most interesting is <a href="tools3.html#socat">Socat</a>, which extends Netcat to support many other socket types, SSL encryption, SOCKS proxies, and more. It even made this list on its own merits. There is also <a href="http://sourceforge.net/projects/nmap-ncat/">Chris Gibson's Ncat</a>, which offers even more features while remaining portable and compact. Other takes on Netcat include <a href="http://www.openbsd.org/cgi-bin/cvsweb/src/usr.bin/nc/">OpenBSD's nc</a>, <a href="http://farm9.org/Cryptcat/">Cryptcat</a>, <a href="http://www.deepspace6.net/projects/netcat6.html">Netcat6</a>, <a href="http://dcs.nac.uci.edu/~strombrg/pnetcat.html">PNetcat</a>, <a href="http://tigerteam.se/dl/sbd/">SBD</a>, and so-called <a href="http://netcat.sourceforge.net/">GNU Netcat</a>. <p>See all <a href="netcats.html">Netcats</a> </p></td></tr></tbody></table></a><a name="metasploit"><table><tbody><tr valign="top"><td valign="top" width="30"><font size="+1">#5</font><br /><img height="11" alt="new" src="http://mirror.sectools.org/flags/new_28x11.gif" width="28" /><br /><img title="Runs on Linux" height="30" alt="Linux" src="http://mirror.sectools.org/flags/linuxpenguinlogo_30x30.gif" width="30" /><br /><img title="Runs on *BSD" height="30" alt="*BSD" src="http://mirror.sectools.org/flags/openbsdheadlogo_30x30.gif" width="30" /><br /><img title="Runs on Mac OS X" height="30" alt="OS X" src="http://mirror.sectools.org/flags/osx-30x30.png" width="30" /><br /><img title="Runs on Windows" height="30" alt="Windows" src="http://mirror.sectools.org/flags/winlogo_30x30.gif" width="30" /><br /><img title="Command-line interface" height="30" alt="Command-line interface" src="http://mirror.sectools.org/flags/term-30x30.png" width="30" /><br /><img title="Source code available" height="19" alt="Source code" src="http://mirror.sectools.org/flags/magnifying-glass-30x19.png" width="30" /> </td><td valign="top"><a href="http://www.metasploit.com/"><img height="69" src="http://mirror.sectools.org/logos/metasploit-40x69.png" width="40" align="right" border="0" /></a> <a href="http://www.metasploit.com/">Metasploit Framework</a> : Hack the Planet<br />Metasploit took the security world by storm when it was released in 2004. No other new tool even broke into the top 15 of this list, yet Metasploit comes in at #5, ahead of many well-loved tools that have been developed for more than a decade. It is an advanced open-source platform for developing, testing, and using exploit code. The extensible model through which payloads, encoders, no-op generators, and exploits can be integrated has made it possible to use the Metasploit Framework as an outlet for cutting-edge exploitation research. It ships with hundreds of exploits, as you can see in their <a href="http://metasploit.com:55555/">online exploit building demo</a>. This makes writing your own exploits easier, and it certainly beats scouring the darkest corners of the Internet for illicit shellcode of dubious quality. Similar professional exploitation tools, such as <a href="tools2.html#impact">Core Impact</a> and <a href="tools4.html#canvas">Canvas</a> already existed for wealthy users on all sides of the ethical spectrum. Metasploit simply brought this capability to the masses. <p>See all <a href="sploits.html">vulnerability exploitation tools</a> </p></td></tr></tbody></table></a><a name="hping"><table><tbody><tr valign="top"><td valign="top" width="30"><font size="+1">#6</font><br /><img title="Runs on Linux" height="30" alt="Linux" src="http://mirror.sectools.org/flags/linuxpenguinlogo_30x30.gif" width="30" /><br /><img title="Runs on *BSD" height="30" alt="*BSD" src="http://mirror.sectools.org/flags/openbsdheadlogo_30x30.gif" width="30" /><br /><img title="Runs on Mac OS X" height="30" alt="OS X" src="http://mirror.sectools.org/flags/osx-30x30.png" width="30" /><br /><img title="Command-line interface" height="30" alt="Command-line interface" src="http://mirror.sectools.org/flags/term-30x30.png" width="30" /><br /><img title="Source code available" height="19" alt="Source code" src="http://mirror.sectools.org/flags/magnifying-glass-30x19.png" width="30" /> </td><td valign="top"><a href="http://www.hping.org/"><img height="31" src="http://mirror.sectools.org/logos/hping-80x31.png" width="80" align="right" border="0" /></a> <a href="http://www.hping.org/">Hping2</a> : A network probing utility like ping on steroids<br />This handy little utility assembles and sends custom ICMP, UDP, or TCP packets and then displays any replies. It was inspired by the ping command, but offers far more control over the probes sent. It also has a handy traceroute mode and supports IP fragmentation. This tool is particularly useful when trying to traceroute/ping/probe hosts behind a firewall that blocks attempts using the standard utilities. This often allows you to map out firewall rulesets. It is also great for learning more about TCP/IP and experimenting with IP protocols. <p>See all <a href="packet-crafters.html">packet crafting tools</a> </p></td></tr></tbody></table></a><a name="kismet"><table><tbody><tr valign="top"><td valign="top" width="30"><font size="+1">#7</font><br /><img height="14" src="http://mirror.sectools.org/flags/up_g_10x14.gif" width="10" /><font color="#008800">10</font><br /><img title="Runs on Linux" height="30" alt="Linux" src="http://mirror.sectools.org/flags/linuxpenguinlogo_30x30.gif" width="30" /><br /><img title="Runs on *BSD" height="30" alt="*BSD" src="http://mirror.sectools.org/flags/openbsdheadlogo_30x30.gif" width="30" /><br /><img title="Runs on Mac OS X" height="30" alt="OS X" src="http://mirror.sectools.org/flags/osx-30x30.png" width="30" /><br /><img title="Runs on Windows" height="30" alt="Windows" src="http://mirror.sectools.org/flags/winlogo_30x30.gif" width="30" /><br /><img title="Command-line interface" height="30" alt="Command-line interface" src="http://mirror.sectools.org/flags/term-30x30.png" width="30" /><br /><img title="Source code available" height="19" alt="Source code" src="http://mirror.sectools.org/flags/magnifying-glass-30x19.png" width="30" /> </td><td valign="top"><a href="http://www.kismetwireless.net/"><img height="46" src="http://mirror.sectools.org/logos/kismet-80x46.png" width="80" align="right" border="0" /></a> <a href="http://www.kismetwireless.net/">Kismet</a> : A powerful wireless sniffer<br />Kismet is an console (ncurses) based 802.11 layer2 wireless network detector, sniffer, and intrusion detection system. It identifies networks by passively sniffing (as opposed to more active tools such as <a href="#netstumbler">NetStumbler</a>), and can even decloak hidden (non-beaconing) networks if they are in use. It can automatically detect network IP blocks by sniffing TCP, UDP, ARP, and DHCP packets, log traffic in Wireshark/TCPDump compatible format, and even plot detected networks and estimated ranges on downloaded maps. As you might expect, this tool is commonly used for <a href="http://en.wikipedia.org/wiki/Wardriving">wardriving</a>. Oh, and also <a href="http://en.wikipedia.org/wiki/Warwalking">warwalking</a>, <a href="http://www.tgdaily.com/2004/04/30/thg_takes_to_the_air_for_wi/print.html">warflying</a>, and <a href="http://www.oldskoolphreak.com/tfiles/wifi/warskating/warskating.html">warskating</a>, ... <p>See all <a href="wireless.html">wireless tools</a>, and <a href="sniffers.html">packet sniffers</a> </p></td></tr></tbody></table></a><a name="tcpdump"><table><tbody><tr valign="top"><td valign="top" width="30"><font size="+1">#8</font><br /><img height="14" src="http://mirror.sectools.org/flags/down_r_10x14.gif" width="10" /><font color="#cc0000">3</font><br /><img title="Runs on Linux" height="30" alt="Linux" src="http://mirror.sectools.org/flags/linuxpenguinlogo_30x30.gif" width="30" /><br /><img title="Runs on *BSD" height="30" alt="*BSD" src="http://mirror.sectools.org/flags/openbsdheadlogo_30x30.gif" width="30" /><br /><img title="Runs on Mac OS X" height="30" alt="OS X" src="http://mirror.sectools.org/flags/osx-30x30.png" width="30" /><br /><img title="Runs on Windows" height="30" alt="Windows" src="http://mirror.sectools.org/flags/winlogo_30x30.gif" width="30" /><br /><img title="Command-line interface" height="30" alt="Command-line interface" src="http://mirror.sectools.org/flags/term-30x30.png" width="30" /><br /><img title="Source code available" height="19" alt="Source code" src="http://mirror.sectools.org/flags/magnifying-glass-30x19.png" width="30" /> </td><td valign="top"><a href="http://www.tcpdump.org/"><img height="70" src="http://mirror.sectools.org/logos/tcpdump-80x70.png" width="80" align="right" border="0" /></a> <a href="http://www.tcpdump.org/">Tcpdump</a> : The classic sniffer for network monitoring and data acquisition<br />Tcpdump is the IP sniffer we all used before Ethereal (Wireshark) came on the scene, and many of us continue to use it frequently. It may not have the bells and whistles (such as a pretty GUI or parsing logic for hundreds of application protocols) that Wireshark has, but it does the job well and with fewer security holes. It also requires fewer system resources. While it doesn't receive new features often, it is actively maintained to fix bugs and portability problems. It is great for tracking down network problems or monitoring activity. There is a separate Windows port named <a href="http://windump.polito.it/">WinDump</a>. TCPDump is the source of the <a href="http://www.tcpdump.org/">Libpcap</a>/<a href="http://winpcap.polito.it/">WinPcap</a> packet capture library, which is used by <a href="http://www.insecure.org/">Nmap</a> among many other tools. <p>See all <a href="sniffers.html">packet sniffers</a> </p></td></tr></tbody></table></a><a name="cain"><table><tbody><tr valign="top"><td valign="top" width="30"><font size="+1">#9</font><br /><img height="14" src="http://mirror.sectools.org/flags/up_g_10x14.gif" width="10" /><font color="#008800">23</font><br /><img title="Runs on Windows" height="30" alt="Windows" src="http://mirror.sectools.org/flags/winlogo_30x30.gif" width="30" /><br /><img title="GUI Interface" height="30" alt="GUI Interface" src="http://mirror.sectools.org/flags/mouse-30x30.png" width="30" /> </td><td valign="top"><a href="http://www.oxid.it/cain.html"><img height="32" src="http://mirror.sectools.org/logos/cain-80x32.png" width="80" align="right" border="0" /></a> <a href="http://www.oxid.it/cain.html">Cain and Abel</a> : The top password recovery tool for Windows<br />UNIX users often smugly assert that the best free security tools support their platform first, and Windows ports are often an afterthought. They are usually right, but Cain & Abel is a glaring exception. This Windows-only password recovery tool handles an enormous variety of tasks. It can recover passwords by sniffing the network, cracking encrypted passwords using Dictionary, Brute-Force and Cryptanalysis attacks, recording VoIP conversations, decoding scrambled passwords, revealing password boxes, uncovering cached passwords and analyzing routing protocols. It is also <a href="http://www.oxid.it/ca_um/">well documented</a>. <p>See all <a href="crackers.html">password crackers</a>, and <a href="sniffers.html">packet sniffers</a> </p></td></tr></tbody></table></a><a name="john"><table><tbody><tr valign="top"><td valign="top" width="30"><font size="+1">#10</font><br /><img height="14" src="http://mirror.sectools.org/flags/up_g_10x14.gif" width="10" /><font color="#008800">1</font><br /><img title="Runs on Linux" height="30" alt="Linux" src="http://mirror.sectools.org/flags/linuxpenguinlogo_30x30.gif" width="30" /><br /><img title="Runs on *BSD" height="30" alt="*BSD" src="http://mirror.sectools.org/flags/openbsdheadlogo_30x30.gif" width="30" /><br /><img title="Runs on Mac OS X" height="30" alt="OS X" src="http://mirror.sectools.org/flags/osx-30x30.png" width="30" /><br /><img title="Runs on Windows" height="30" alt="Windows" src="http://mirror.sectools.org/flags/winlogo_30x30.gif" width="30" /><br /><img title="Command-line interface" height="30" alt="Command-line interface" src="http://mirror.sectools.org/flags/term-30x30.png" width="30" /><br /><img title="Source code available" height="19" alt="Source code" src="http://mirror.sectools.org/flags/magnifying-glass-30x19.png" width="30" /> </td><td valign="top"><a href="http://www.openwall.com/john/"><img height="163" src="http://mirror.sectools.org/logos/john-80x163.png" width="80" align="right" border="0" /></a> <a href="http://www.openwall.com/john/">John the Ripper</a> : A powerful, flexible, and <i>fast</i> multi-platform password hash cracker<br />John the Ripper is a fast password cracker, currently available for many flavors of Unix (11 are officially supported, not counting different architectures), DOS, Win32, BeOS, and OpenVMS. Its primary purpose is to detect weak Unix passwords. It supports several crypt(3) password hash types which are most commonly found on various Unix flavors, as well as Kerberos AFS and Windows NT/2000/XP LM hashes. Several other hash types are added with contributed patches. You will want to start with some wordlists, which you can find <a href="ftp://ftp.mirrorgeek.com/openwall/wordlists">here</a>, <a href="ftp://ftp.ox.ac.uk/pub/wordlists/">here</a>, or <a href="http://www.outpost9.com/files/WordLists.html">here</a>. <p>See all <a href="crackers.html">password crackers</a> </p></td></tr></tbody></table></a><a name="ettercap"><table><tbody><tr valign="top"><td valign="top" width="30"><font size="+1">#11</font><br /><img height="14" src="http://mirror.sectools.org/flags/down_r_10x14.gif" width="10" /><font color="#cc0000">2</font><br /><img title="Runs on Linux" height="30" alt="Linux" src="http://mirror.sectools.org/flags/linuxpenguinlogo_30x30.gif" width="30" /><br /><img title="Runs on *BSD" height="30" alt="*BSD" src="http://mirror.sectools.org/flags/openbsdheadlogo_30x30.gif" width="30" /><br /><img title="Runs on Mac OS X" height="30" alt="OS X" src="http://mirror.sectools.org/flags/osx-30x30.png" width="30" /><br /><img title="Runs on Windows" height="30" alt="Windows" src="http://mirror.sectools.org/flags/winlogo_30x30.gif" width="30" /><br /><img title="Command-line interface" height="30" alt="Command-line interface" src="http://mirror.sectools.org/flags/term-30x30.png" width="30" /><br /><img title="GUI Interface" height="30" alt="GUI Interface" src="http://mirror.sectools.org/flags/mouse-30x30.png" width="30" /><br /><img title="Source code available" height="19" alt="Source code" src="http://mirror.sectools.org/flags/magnifying-glass-30x19.png" width="30" /> </td><td valign="top"><a href="http://ettercap.sourceforge.net/"><img height="22" src="http://mirror.sectools.org/logos/ettercap-80x22.png" width="80" align="right" border="0" /></a> <a href="http://ettercap.sourceforge.net/">Ettercap</a> : In case you still thought switched LANs provide much extra security<br />Ettercap is a terminal-based network sniffer/interceptor/logger for ethernet LANs. It supports active and passive dissection of many protocols (even ciphered ones, like ssh and https). Data injection in an established connection and filtering on the fly is also possible, keeping the connection synchronized. Many sniffing modes were implemented to give you a powerful and complete sniffing suite. Plugins are supported. It has the ability to check whether you are in a switched LAN or not, and to use OS fingerprints (active or passive) to let you know the geometry of the LAN. <p>See all <a href="sniffers.html">packet sniffers</a> </p></td></tr></tbody></table></a><a name="nikto"><table><tbody><tr valign="top"><td valign="top" width="30"><font size="+1">#12</font><br /><img height="14" src="http://mirror.sectools.org/flags/up_g_10x14.gif" width="10" /><font color="#008800">4</font><br /><img title="Runs on Linux" height="30" alt="Linux" src="http://mirror.sectools.org/flags/linuxpenguinlogo_30x30.gif" width="30" /><br /><img title="Runs on *BSD" height="30" alt="*BSD" src="http://mirror.sectools.org/flags/openbsdheadlogo_30x30.gif" width="30" /><br /><img title="Runs on Mac OS X" height="30" alt="OS X" src="http://mirror.sectools.org/flags/osx-30x30.png" width="30" /><br /><img title="Runs on Windows" height="30" alt="Windows" src="http://mirror.sectools.org/flags/winlogo_30x30.gif" width="30" /><br /><img title="Command-line interface" height="30" alt="Command-line interface" src="http://mirror.sectools.org/flags/term-30x30.png" width="30" /><br /><img title="Source code available" height="19" alt="Source code" src="http://mirror.sectools.org/flags/magnifying-glass-30x19.png" width="30" /> </td><td valign="top"><a href="http://www.cirt.net/code/nikto.shtml"><img height="98" src="http://mirror.sectools.org/logos/nikto-80x98.png" width="80" align="right" border="0" /></a> <a href="http://www.cirt.net/code/nikto.shtml">Nikto</a> : A more comprehensive web scanner<br />Nikto is an open source (GPL) web server scanner which performs comprehensive tests against web servers for multiple items, including over 3200 potentially dangerous files/CGIs, versions on over 625 servers, and version specific problems on over 230 servers. Scan items and plugins are frequently updated and can be automatically updated (if desired). It uses <a href="tools3.html#whisker-libwhisker">Whisker/libwhisker</a> for much of its underlying functionality. It is a great tool, but the value is limited by its infrequent updates. The newest and most critical vulnerabilities are often not detected. <p>See all <a href="web-scanners.html">web vulnerability scanners</a> </p></td></tr></tbody></table></a><a name="os-tools"><table><tbody><tr valign="top"><td valign="top" width="30"><font size="+1">#13</font><br /><img title="Runs on Linux" height="30" alt="Linux" src="http://mirror.sectools.org/flags/linuxpenguinlogo_30x30.gif" width="30" /><br /><img title="Runs on *BSD" height="30" alt="*BSD" src="http://mirror.sectools.org/flags/openbsdheadlogo_30x30.gif" width="30" /><br /><img title="Runs on Mac OS X" height="30" alt="OS X" src="http://mirror.sectools.org/flags/osx-30x30.png" width="30" /><br /><img title="Runs on Windows" height="30" alt="Windows" src="http://mirror.sectools.org/flags/winlogo_30x30.gif" width="30" /><br /><img title="Command-line interface" height="30" alt="Command-line interface" src="http://mirror.sectools.org/flags/term-30x30.png" width="30" /><br /><img title="Source code available" height="19" alt="Source code" src="http://mirror.sectools.org/flags/magnifying-glass-30x19.png" width="30" /> </td><td valign="top">Ping/telnet/dig/traceroute/whois/netstat : The basics<br />While there are many whiz-bang high-tech tools out there to assist in security auditing, don't forget about the basics! Everyone should be very familiar with these tools as they come with most operating systems (except that Windows omits whois and uses the name tracert). They can be very handy in a pinch, although for more advanced usage you may be better off with <a href="#hping">Hping2</a> and <a href="#netcat">Netcat</a>. </td></tr></tbody></table></a><a name="ssh"><table><tbody><tr valign="top"><td valign="top" width="30"><font size="+1">#14</font><br /><img height="14" src="http://mirror.sectools.org/flags/down_r_10x14.gif" width="10" /><font color="#cc0000">2</font><br /><img title="Runs on Linux" height="30" alt="Linux" src="http://mirror.sectools.org/flags/linuxpenguinlogo_30x30.gif" width="30" /><br /><img title="Runs on *BSD" height="30" alt="*BSD" src="http://mirror.sectools.org/flags/openbsdheadlogo_30x30.gif" width="30" /><br /><img title="Runs on Mac OS X" height="30" alt="OS X" src="http://mirror.sectools.org/flags/osx-30x30.png" width="30" /><br /><img title="Runs on Windows" height="30" alt="Windows" src="http://mirror.sectools.org/flags/winlogo_30x30.gif" width="30" /><br /><img title="Command-line interface" height="30" alt="Command-line interface" src="http://mirror.sectools.org/flags/term-30x30.png" width="30" /><br /><img title="Source code available" height="19" alt="Source code" src="http://mirror.sectools.org/flags/magnifying-glass-30x19.png" width="30" /> </td><td valign="top"><img height="85" src="http://mirror.sectools.org/logos/ssh-85x85.gif" width="85" align="right" border="0" /> <a href="http://www.openssh.com/">OpenSSH</a> / <a href="http://www.chiark.greenend.org.uk/~sgtatham/putty/">PuTTY</a> / <a href="http://www.ssh.com/commerce/index.html">SSH</a> : A secure way to access remote computers<br />SSH (Secure Shell) is the now ubiquitous program for logging into or executing commands on a remote machine. It provides secure encrypted communications between two untrusted hosts over an insecure network, replacing the hideously insecure telnet/rlogin/rsh alternatives. Most UNIX users run the open source <a href="http://www.openssh.com/">OpenSSH</a> server and client. Windows users often prefer the free <a href="http://www.chiark.greenend.org.uk/~sgtatham/putty/">PuTTY</a> client, which is also available for many mobile devices. Other Windows users prefer the nice terminal-based port of OpenSSH that comes with <a href="http://www.cygwin.com/">Cygwin</a>. Dozens of other free and proprietary clients exist. You can explore them <a href="http://freessh.org/">here</a> or <a href="http://linuxmafia.com/ssh/">here</a>. </td></tr></tbody></table></a><a name="hydra"><table><tbody><tr valign="top"><td valign="top" width="30"><font size="+1">#15</font><br /><img height="14" src="http://mirror.sectools.org/flags/up_g_10x14.gif" width="10" /><font color="#008800">35</font><br /><img title="Runs on Linux" height="30" alt="Linux" src="http://mirror.sectools.org/flags/linuxpenguinlogo_30x30.gif" width="30" /><br /><img title="Runs on *BSD" height="30" alt="*BSD" src="http://mirror.sectools.org/flags/openbsdheadlogo_30x30.gif" width="30" /><br /><img title="Runs on Mac OS X" height="30" alt="OS X" src="http://mirror.sectools.org/flags/osx-30x30.png" width="30" /><br /><img title="Runs on Windows" height="30" alt="Windows" src="http://mirror.sectools.org/flags/winlogo_30x30.gif" width="30" /><br /><img title="Command-line interface" height="30" alt="Command-line interface" src="http://mirror.sectools.org/flags/term-30x30.png" width="30" /><br /><img title="GUI Interface" height="30" alt="GUI Interface" src="http://mirror.sectools.org/flags/mouse-30x30.png" width="30" /><br /><img title="Source code available" height="19" alt="Source code" src="http://mirror.sectools.org/flags/magnifying-glass-30x19.png" width="30" /> </td><td valign="top"><a href="http://thc.segfault.net/thc-hydra/"><img height="79" src="http://mirror.sectools.org/logos/hydra-80x79.png" width="80" align="right" border="0" /></a> <a href="http://thc.segfault.net/thc-hydra/">THC Hydra</a> : A Fast network authentication cracker which support many different services<br />When you need to brute force crack a remote authentication service, Hydra is often the tool of choice. It can perform rapid dictionary attacks against more then 30 protocols, including telnet, ftp, http, https, smb, several databases, and much more. Like <a href="#amap">THC Amap</a> this release is from the fine folks at <a href="http://www.thc.segfault.net/">THC</a>. <p>See all <a href="crackers.html">password crackers</a> </p></td></tr></tbody></table></a><a name="paros"><table><tbody><tr valign="top"><td valign="top" width="30"><font size="+1">#16</font><br /><img height="11" alt="new" src="http://mirror.sectools.org/flags/new_28x11.gif" width="28" /><br /><img title="Runs on Linux" height="30" alt="Linux" src="http://mirror.sectools.org/flags/linuxpenguinlogo_30x30.gif" width="30" /><br /><img title="Runs on *BSD" height="30" alt="*BSD" src="http://mirror.sectools.org/flags/openbsdheadlogo_30x30.gif" width="30" /><br /><img title="Runs on Mac OS X" height="30" alt="OS X" src="http://mirror.sectools.org/flags/osx-30x30.png" width="30" /><br /><img title="Runs on Windows" height="30" alt="Windows" src="http://mirror.sectools.org/flags/winlogo_30x30.gif" width="30" /><br /><img title="Command-line interface" height="30" alt="Command-line interface" src="http://mirror.sectools.org/flags/term-30x30.png" width="30" /><br /><img title="GUI Interface" height="30" alt="GUI Interface" src="http://mirror.sectools.org/flags/mouse-30x30.png" width="30" /><br /><img title="Source code available" height="19" alt="Source code" src="http://mirror.sectools.org/flags/magnifying-glass-30x19.png" width="30" /> </td><td valign="top"><a href="http://www.parosproxy.org/"><img height="41" src="http://mirror.sectools.org/logos/paros-80x41.png" width="80" align="right" border="0" /></a> <a href="http://www.parosproxy.org/">Paros proxy</a> : A web application vulnerability assessment proxy<br />A Java based web proxy for assessing web application vulnerability. It supports editing/viewing HTTP/HTTPS messages on-the-fly to change items such as cookies and form fields. It includes a web traffic recorder, web spider, hash calculator, and a scanner for testing common web application attacks such as SQL injection and cross-site scripting. <p>See all <a href="web-scanners.html">web vulnerability scanners</a> </p></td></tr></tbody></table></a><a name="dsniff"><table><tbody><tr valign="top"><td valign="top" width="30"><font size="+1">#17</font><br /><img height="14" src="http://mirror.sectools.org/flags/down_r_10x14.gif" width="10" /><font color="#cc0000">10</font><br /><img title="Runs on Linux" height="30" alt="Linux" src="http://mirror.sectools.org/flags/linuxpenguinlogo_30x30.gif" width="30" /><br /><img title="Runs on *BSD" height="30" alt="*BSD" src="http://mirror.sectools.org/flags/openbsdheadlogo_30x30.gif" width="30" /><br /><img title="Runs on Mac OS X" height="30" alt="OS X" src="http://mirror.sectools.org/flags/osx-30x30.png" width="30" /><br /><img title="Runs on Windows" height="30" alt="Windows" src="http://mirror.sectools.org/flags/winlogo_30x30.gif" width="30" /><br /><img title="Command-line interface" height="30" alt="Command-line interface" src="http://mirror.sectools.org/flags/term-30x30.png" width="30" /><br /><img title="Source code available" height="19" alt="Source code" src="http://mirror.sectools.org/flags/magnifying-glass-30x19.png" width="30" /> </td><td valign="top"><a href="http://www.monkey.org/~dugsong/dsniff/"><img height="96" src="http://mirror.sectools.org/logos/dsniff-80x96.png" width="80" align="right" border="0" /></a> <a href="http://www.monkey.org/~dugsong/dsniff/">Dsniff</a> : A suite of powerful network auditing and penetration-testing tools<br />This popular and well-engineered suite by Dug Song includes many tools. dsniff, filesnarf, mailsnarf, msgsnarf, urlsnarf, and webspy passively monitor a network for interesting data (passwords, e-mail, files, etc.). arpspoof, dnsspoof, and macof facilitate the interception of network traffic normally unavailable to an attacker (e.g, due to layer-2 switching). sshmitm and webmitm implement active monkey-in-the-middle attacks against redirected ssh and https sessions by exploiting weak bindings in ad-hoc PKI. A separately maintained partial Windows port is available <a href="http://www.datanerds.net/~mike/dsniff.html">here</a>. Overall, this is a great toolset. It handles pretty much all of your password sniffing needs. <p>See all <a href="sniffers.html">packet sniffers</a> </p></td></tr></tbody></table></a><a name="netstumbler"><table><tbody><tr valign="top"><td valign="top" width="30"><font size="+1">#18</font><br /><img height="14" src="http://mirror.sectools.org/flags/up_g_10x14.gif" width="10" /><font color="#008800">7</font><br /><img title="Runs on Windows" height="30" alt="Windows" src="http://mirror.sectools.org/flags/winlogo_30x30.gif" width="30" /><br /><img title="GUI Interface" height="30" alt="GUI Interface" src="http://mirror.sectools.org/flags/mouse-30x30.png" width="30" /> </td><td valign="top"><a href="http://www.stumbler.net/"><img height="26" src="http://mirror.sectools.org/logos/netstumbler-80x26.png" width="80" align="right" border="0" /></a> <a href="http://www.stumbler.net/">NetStumbler</a> : Free Windows 802.11 Sniffer<br />Netstumbler is the best known Windows tool for finding open wireless access points ("wardriving"). They also distribute a WinCE version for PDAs and such named <a href="http://www.stumbler.net/">Ministumbler</a>. The tool is currently free but Windows-only and no source code is provided. It uses a more active approach to finding WAPs than passive sniffers such as <a href="#kismet">Kismet</a> or <a href="tools3.html#kismac">KisMAC</a>. <p>See all <a href="wireless.html">wireless tools</a>, and <a href="sniffers.html">packet sniffers</a> </p></td></tr></tbody></table></a><a name="amap"><table><tbody><tr valign="top"><td valign="top" width="30"><font size="+1">#19</font><br /><img height="14" src="http://mirror.sectools.org/flags/up_g_10x14.gif" width="10" /><font color="#008800">18</font><br /><img title="Runs on Linux" height="30" alt="Linux" src="http://mirror.sectools.org/flags/linuxpenguinlogo_30x30.gif" width="30" /><br /><img title="Runs on *BSD" height="30" alt="*BSD" src="http://mirror.sectools.org/flags/openbsdheadlogo_30x30.gif" width="30" /><br /><img title="Runs on Mac OS X" height="30" alt="OS X" src="http://mirror.sectools.org/flags/osx-30x30.png" width="30" /><br /><img title="Runs on Windows" height="30" alt="Windows" src="http://mirror.sectools.org/flags/winlogo_30x30.gif" width="30" /><br /><img title="Command-line interface" height="30" alt="Command-line interface" src="http://mirror.sectools.org/flags/term-30x30.png" width="30" /><br /><img title="Source code available" height="19" alt="Source code" src="http://mirror.sectools.org/flags/magnifying-glass-30x19.png" width="30" /> </td><td valign="top"><a href="http://thc.segfault.net/thc-amap/"><img height="79" src="http://mirror.sectools.org/logos/amap-80x79.png" width="80" align="right" border="0" /></a> <a href="http://thc.segfault.net/thc-amap/">THC Amap</a> : An application fingerprinting scanner<br />Amap is a great tool for determining what application is listening on a given port. Their database isn't as large as what <a href="http://www.insecure.org/nmap">Nmap</a> uses for its <a href="http://www.insecure.org/nmap/vscan/">version detection</a> feature, but it is definitely worth trying for a 2nd opinion or if Nmap fails to detect a service. Amap even knows how to parse Nmap output files. This is yet another valuable tool from the great guys at <a href="http://thc.segfault.net/">THC</a>. <p>See all <a href="app-scanners.html">application-specific scanners</a> </p></td></tr></tbody></table></a><a name="gfi"><table><tbody><tr valign="top"><td valign="top" width="30"><font size="+1">#20</font><br /><img height="14" src="http://mirror.sectools.org/flags/down_r_10x14.gif" width="10" /><font color="#cc0000">12</font><br /><img height="30" alt=" TITLE=" src="http://mirror.sectools.org/flags/dollarlogo_20x30.gif" width="20" /><br /><img title="Runs on Windows" height="30" alt="Windows" src="http://mirror.sectools.org/flags/winlogo_30x30.gif" width="30" /><br /><img title="GUI Interface" height="30" alt="GUI Interface" src="http://mirror.sectools.org/flags/mouse-30x30.png" width="30" /> </td><td valign="top"><a href="http://www.gfi.com/lannetscan/"><img height="28" src="http://mirror.sectools.org/logos/gfi-70x28.png" width="70" align="right" border="0" /></a> <a href="http://www.gfi.com/lannetscan/">GFI LANguard</a> : A commercial network security scanner for Windows<br />GFI LANguard scans IP networks to detect what machines are running. Then it tries to discern the host OS and what applications are running. I also tries to collect Windows machine's service pack level, missing security patches, wireless access points, USB devices, open shares, open ports, services/applications active on the computer, key registry entries, weak passwords, users and groups, and more. Scan results are saved to an HTML report, which can be customized/queried. It also includes a patch manager which detects and installs missing patches. A free trial version is available, though it only works for up to 30 days. <p>See all <a href="vuln-scanners.html">vulnerability scanners</a> </p></td></tr></tbody></table></a><a name="aircrack"><table><tbody><tr valign="top"><td valign="top" width="30"><font size="+1">#21</font><br /><img height="11" alt="new" src="http://mirror.sectools.org/flags/new_28x11.gif" width="28" /><br /><img title="Runs on Linux" height="30" alt="Linux" src="http://mirror.sectools.org/flags/linuxpenguinlogo_30x30.gif" width="30" /><br /><img title="Runs on *BSD" height="30" alt="*BSD" src="http://mirror.sectools.org/flags/openbsdheadlogo_30x30.gif" width="30" /><br /><img title="Runs on Mac OS X" height="30" alt="OS X" src="http://mirror.sectools.org/flags/osx-30x30.png" width="30" /><br /><img title="Runs on Windows" height="30" alt="Windows" src="http://mirror.sectools.org/flags/winlogo_30x30.gif" width="30" /><br /><img title="Command-line interface" height="30" alt="Command-line interface" src="http://mirror.sectools.org/flags/term-30x30.png" width="30" /><br /><img title="Source code available" height="19" alt="Source code" src="http://mirror.sectools.org/flags/magnifying-glass-30x19.png" width="30" /> </td><td valign="top"><a href="http://www.aircrack-ng.org/"><img height="63" src="http://mirror.sectools.org/logos/aircrack-80x63.png" width="80" align="right" border="0" /></a> <a href="http://www.aircrack-ng.org/">Aircrack</a> : The fastest available WEP/WPA cracking tool<br />Aircrack is a suite of tools for 802.11a/b/g WEP and WPA cracking. It can recover a 40 through 512-bit WEP key once enough encrypted packets have been gathered. It can also attack WPA 1 or 2 networks using advanced cryptographic methods or by brute force. The suite includes airodump (an 802.11 packet capture program), aireplay (an 802.11 packet injection program), aircrack (static WEP and WPA-PSK cracking), and airdecap (decrypts WEP/WPA capture files). <p>See all <a href="wireless.html">wireless tools</a>, and <a href="crackers.html">password crackers</a> </p></td></tr></tbody></table></a><a name="superscan"><table><tbody><tr valign="top"><td valign="top" width="30"><font size="+1">#22</font><br /><img height="14" src="http://mirror.sectools.org/flags/down_r_10x14.gif" width="10" /><font color="#cc0000">4</font><br /><img title="Runs on Windows" height="30" alt="Windows" src="http://mirror.sectools.org/flags/winlogo_30x30.gif" width="30" /><br /><img title="GUI Interface" height="30" alt="GUI Interface" src="http://mirror.sectools.org/flags/mouse-30x30.png" width="30" /> </td><td valign="top"><a href="http://www.foundstone.com/resources/proddesc/superscan.htm">Superscan</a> : A Windows-only port scanner, pinger, and resolver<br />SuperScan is a free Windows-only closed-source TCP/UDP port scanner by Foundstone. It includes a variety of additional networking tools such as ping, traceroute, http head, and whois. <p>See all <a href="port-scanners.html">port scanners</a> </p></td></tr></tbody></table></a><a name="netfilter"><table><tbody><tr valign="top"><td valign="top" width="30"><font size="+1">#23</font><br /><img height="14" src="http://mirror.sectools.org/flags/down_r_10x14.gif" width="10" /><font color="#cc0000">2</font><br /><img title="Runs on Linux" height="30" alt="Linux" src="http://mirror.sectools.org/flags/linuxpenguinlogo_30x30.gif" width="30" /><br /><img title="Command-line interface" height="30" alt="Command-line interface" src="http://mirror.sectools.org/flags/term-30x30.png" width="30" /><br /><img title="Source code available" height="19" alt="Source code" src="http://mirror.sectools.org/flags/magnifying-glass-30x19.png" width="30" /> </td><td valign="top"><a href="http://www.netfilter.org/"><img height="21" src="http://mirror.sectools.org/logos/netfilter-80x21.png" width="80" align="right" border="0" /></a> <a href="http://www.netfilter.org/">Netfilter</a> : The current Linux kernel packet filter/firewall<br />Netfilter is a powerful packet filter implemented in the standard Linux kernel. The userspace iptables tool is used for configuration. It now supports packet filtering (stateless or stateful), all kinds of network address and port translation (NAT/NAPT), and multiple API layers for 3rd party extensions. It includes many different modules for handling unruly protocols such as FTP. For other UNIX platforms, see <a href="tools3.html#openbsd-pf">Openbsd PF</a> (OpenBSD specific), or <a href="tools4.html#ipfilter">IP Filter</a>. Many <a href="http://en.wikipedia.org/wiki/Personal_firewall">personal firewalls</a> are available for Windows (<a href="http://www.tinysoftware.com/">Tiny</a>,<a href="http://www.zonelabs.com/">Zone Alarm</a>, <a>Norton</a>, <a href="http://www.kerio.com/">Kerio</a>, ...), though none made this list. Microsoft included a very basic firewall in Windows XP SP2, and will nag you incessantly until you install it. <p>See all <a href="firewalls.html">firewalls</a> </p></td></tr></tbody></table></a><a name="sysinternals"><table><tbody><tr valign="top"><td valign="top" width="30"><font size="+1">#24</font><br /><img height="11" alt="new" src="http://mirror.sectools.org/flags/new_28x11.gif" width="28" /><br /><img title="Runs on Windows" height="30" alt="Windows" src="http://mirror.sectools.org/flags/winlogo_30x30.gif" width="30" /><br /><img title="Command-line interface" height="30" alt="Command-line interface" src="http://mirror.sectools.org/flags/term-30x30.png" width="30" /><br /><img title="GUI Interface" height="30" alt="GUI Interface" src="http://mirror.sectools.org/flags/mouse-30x30.png" width="30" /> </td><td valign="top"><a href="http://www.sysinternals.com/">Sysinternals</a> : An extensive collection of powerful windows utilities<br />Sysinternals provides many small windows utilities that are quite useful for low-level windows hacking. Some are free of cost and/or include source code, while others are proprietary. Survey respondents were most enamored with: <ul><li><a href="http://www.sysinternals.com/Utilities/ProcessExplorer.html">ProcessExplorer</a> for keeping an eye on the files and directories open by any process (like <a href="tools2.html#lsof">LSoF</a> on UNIX). </li><li><a href="http://www.sysinternals.com/Utilities/PsTools.html">PsTools</a> for managing (executing, suspending, killing, detailing) local and remote processes. </li><li><a href="http://www.sysinternals.com/Utilities/Autoruns.html">Autoruns</a> for discovering what executables are set to run during system boot up or login. </li><li><a href="http://www.sysinternals.com/utilities/rootkitrevealer.html">RootkitRevealer</a> for detecting registry and file system API discrepancies that may indicate the presence of a user-mode or kernel-mode rootkit. </li><li><a href="http://www.sysinternals.com/Utilities/TcpView.html">TCPView</a>, for viewing TCP and UDP traffic endpoints used by each process (like Netstat on UNIX). </li></ul>Future product direction is uncertain since Microsoft acquired the whole company in 2006. <p>See all <a href="rootkit-detectors.html">rootkit detectors</a> </p></td></tr></tbody></table></a><a name="retina"><table><tbody><tr valign="top"><td valign="top" width="30"><font size="+1">#25</font><br /><img height="14" src="http://mirror.sectools.org/flags/down_r_10x14.gif" width="10" /><font color="#cc0000">5</font><br /><img height="30" alt=" TITLE=" src="http://mirror.sectools.org/flags/dollarlogo_20x30.gif" width="20" /><br /><img title="Runs on Windows" height="30" alt="Windows" src="http://mirror.sectools.org/flags/winlogo_30x30.gif" width="30" /><br /><img title="GUI Interface" height="30" alt="GUI Interface" src="http://mirror.sectools.org/flags/mouse-30x30.png" width="30" /> </td><td valign="top"><a href="http://www.eeye.com/html/Products/Retina/index.html"><img height="48" src="http://mirror.sectools.org/logos/retina-106x48.png" width="106" align="right" border="0" /></a> <a href="http://www.eeye.com/html/Products/Retina/index.html">Retina</a> : Commercial vulnerability assessment scanner by eEye<br />Like <a href="#nessus">Nessus</a>, Retina's function is to scan all the hosts on a network and report on any vulnerabilities found. It was written by <a href="http://www.eeye.com/">eEye</a>, who are well known for their <a href="http://www.eeye.com/html/research/index.html">security research</a>. <p>See all <a href="vuln-scanners.html">vulnerability scanners</a> </p></td></tr></tbody></table></a></p><p /><p><table width="100%"><tbody><tr><td align="left" width="40%"></td><td align="center" width="20%"><a accesskey="h" href="index.html"></a></td><td align="right" width="40%"><a accesskey="n" href="tools2.html"></a></td></tr></tbody></table></p>

pub!1c 2006-9-21 17:40

<p>Welcome to page 2 of the top network security tools site, covering tools ranked #26-50. Survey methedology and icon descriptions can be found on <a href="index.html">page 1</a>. <a name="perl-python"><table><tbody><tr valign="top"><td valign="top" width="30"><font size="+1">#26</font><br /><img title="Runs on Linux" height="30" alt="Linux" src="http://mirror.sectools.org/flags/linuxpenguinlogo_30x30.gif" width="30" /><br /><img title="Runs on *BSD" height="30" alt="*BSD" src="http://mirror.sectools.org/flags/openbsdheadlogo_30x30.gif" width="30" /><br /><img title="Runs on Mac OS X" height="30" alt="OS X" src="http://mirror.sectools.org/flags/osx-30x30.png" width="30" /><br /><img title="Runs on Windows" height="30" alt="Windows" src="http://mirror.sectools.org/flags/winlogo_30x30.gif" width="30" /><br /><img title="Command-line interface" height="30" alt="Command-line interface" src="http://mirror.sectools.org/flags/term-30x30.png" width="30" /><br /><img title="Source code available" height="19" alt="Source code" src="http://mirror.sectools.org/flags/magnifying-glass-30x19.png" width="30" /> </td><td valign="top"><a href="http://www.perl.org/">Perl</a> / <a href="http://www.python.org/">Python</a> / <a href="http://www.ruby-lang.org/">Ruby</a> : Portable, general-purpose scripting languages<br />While many canned security tools are available on this site for handling common tasks, scripting languages allow you to write your own (or modify existing ones) when you need something more custom. Quick, portable scripts can test, exploit, or even fix systems. Archives like <a href="http://www.cpan.org/">CPAN</a> are filled with modules such as <a href="http://www.ic.al.lg.ua/~ksv/">Net::RawIP</a> and protocol implementations to make your tasks even easier. </td></tr></tbody></table></a><a name="l0phtcrack"><table><tbody><tr valign="top"><td valign="top" width="30"><font size="+1">#27</font><br /><img height="14" src="http://mirror.sectools.org/flags/down_r_10x14.gif" width="10" /><font color="#cc0000">8</font><br /><img height="30" alt=" TITLE=" src="http://mirror.sectools.org/flags/dollarlogo_20x30.gif" width="20" /><br /><img title="Runs on Windows" height="30" alt="Windows" src="http://mirror.sectools.org/flags/winlogo_30x30.gif" width="30" /><br /><img title="GUI Interface" height="30" alt="GUI Interface" src="http://mirror.sectools.org/flags/mouse-30x30.png" width="30" /> </td><td valign="top"><img height="64" src="http://mirror.sectools.org/logos/l0phtcrack-64x64.gif" width="64" align="right" border="0" /> L0phtcrack : Windows password auditing and recovery application<br />L0phtCrack, also known as LC5, attempts to crack Windows passwords from hashes which it can obtain (given proper access) from stand-alone Windows NT/2000 workstations, networked servers, primary domain controllers, or Active Directory. In some cases it can sniff the hashes off the wire. It also has numerous methods of generating password guesses (dictionary, brute force, etc). LC5 was discontinued by Symantec in 2006, but you can still find the <a href="http://www.insecure.org/stf/lc5-setup.exe">LC5 installer</a> floating around. The free trial only lasts 15 days, and Symantec won't sell you a key, so you'll either have to cease using it or find a <a href="http://www.insecure.org/stf/lc5-crack.zip">key generator</a>. Since it is no longer maintained, you are probably better off trying <a href="index.html#cain">Cain and Abel</a> or <a href="index.html#john">John the Ripper</a> instead. <p>See all <a href="crackers.html">password crackers</a> </p></td></tr></tbody></table><hr /></a><a name="scapy"><table><tbody><tr valign="top"><td valign="top" width="30"><font size="+1">#28</font><br /><img height="11" alt="new" src="http://mirror.sectools.org/flags/new_28x11.gif" width="28" /><br /><img title="Runs on Linux" height="30" alt="Linux" src="http://mirror.sectools.org/flags/linuxpenguinlogo_30x30.gif" width="30" /><br /><img title="Runs on *BSD" height="30" alt="*BSD" src="http://mirror.sectools.org/flags/openbsdheadlogo_30x30.gif" width="30" /><br /><img title="Runs on Mac OS X" height="30" alt="OS X" src="http://mirror.sectools.org/flags/osx-30x30.png" width="30" /><br /><img title="Command-line interface" height="30" alt="Command-line interface" src="http://mirror.sectools.org/flags/term-30x30.png" width="30" /><br /><img title="Source code available" height="19" alt="Source code" src="http://mirror.sectools.org/flags/magnifying-glass-30x19.png" width="30" /> </td><td valign="top"><a href="http://www.secdev.org/projects/scapy/">Scapy</a> : Interactive packet manipulation tool<br />Scapy is a powerful interactive packet manipulation tool, packet generator, network scanner, network discovery tool, and packet sniffer. It provides classes to interactively create packets or sets of packets, manipulate them, send them over the wire, sniff other packets from the wire, match answers and replies, and more. Interaction is provided by the Python interpreter, so Python programming structures can be used (such as variables, loops, and functions). Report modules are possible and easy to make. <p>See all <a href="packet-crafters.html">packet crafting tools</a> </p></td></tr></tbody></table><hr /></a><a name="sam"><table><tbody><tr valign="top"><td valign="top" width="30"><font size="+1">#29</font><br /><img height="14" src="http://mirror.sectools.org/flags/down_r_10x14.gif" width="10" /><font color="#cc0000">16</font><br /><img title="Runs on Windows" height="30" alt="Windows" src="http://mirror.sectools.org/flags/winlogo_30x30.gif" width="30" /><br /><img title="GUI Interface" height="30" alt="GUI Interface" src="http://mirror.sectools.org/flags/mouse-30x30.png" width="30" /> </td><td valign="top"><a href="http://www.samspade.org/ssw/">Sam Spade</a> : Freeware Windows network query tool<br />Sam Spade provides a consistent GUI and implementation for many handy network query tasks. It was designed with tracking down spammers in mind, but can be useful for many other network exploration, administration, and security tasks. It includes tools such as ping, nslookup, whois, dig, traceroute, finger, raw HTTP web browser, DNS zone transfer, SMTP relay check, website search, and more. Non-Windows users can enjoy online versions of many of their tools. </td></tr></tbody></table><hr /></a><a name="gnupg-pgp"><table><tbody><tr valign="top"><td valign="top" width="30"><font size="+1">#30</font><br /><img title="Runs on Linux" height="30" alt="Linux" src="http://mirror.sectools.org/flags/linuxpenguinlogo_30x30.gif" width="30" /><br /><img title="Runs on *BSD" height="30" alt="*BSD" src="http://mirror.sectools.org/flags/openbsdheadlogo_30x30.gif" width="30" /><br /><img title="Runs on Mac OS X" height="30" alt="OS X" src="http://mirror.sectools.org/flags/osx-30x30.png" width="30" /><br /><img title="Runs on Windows" height="30" alt="Windows" src="http://mirror.sectools.org/flags/winlogo_30x30.gif" width="30" /><br /><img title="Command-line interface" height="30" alt="Command-line interface" src="http://mirror.sectools.org/flags/term-30x30.png" width="30" /><br /><img title="GUI Interface" height="30" alt="GUI Interface" src="http://mirror.sectools.org/flags/mouse-30x30.png" width="30" /><br /><img title="Source code available" height="19" alt="Source code" src="http://mirror.sectools.org/flags/magnifying-glass-30x19.png" width="30" /> </td><td valign="top"><a href="http://www.gnupg.org/">GnuPG</a> / <a href="http://www.pgp.com/">PGP</a> : Secure your files and communication w/advanced encryption<br />PGP is the famous encryption program by Phil Zimmerman which helps secure your data from eavesdroppers and other risks. GnuPG is a very well-regarded open source implementation of the PGP standard (the actual executable is named gpg). While GnuPG is always free, PGP costs money for some uses. <p>See all <a href="crypto.html">encryption tools</a> </p></td></tr></tbody></table><hr /></a><a name="airsnort"><table><tbody><tr valign="top"><td valign="top" width="30"><font size="+1">#31</font><br /><img height="14" src="http://mirror.sectools.org/flags/down_r_10x14.gif" width="10" /><font color="#cc0000">3</font><br /><img title="Runs on Linux" height="30" alt="Linux" src="http://mirror.sectools.org/flags/linuxpenguinlogo_30x30.gif" width="30" /><br /><img title="Runs on *BSD" height="30" alt="*BSD" src="http://mirror.sectools.org/flags/openbsdheadlogo_30x30.gif" width="30" /><br /><img title="Runs on Mac OS X" height="30" alt="OS X" src="http://mirror.sectools.org/flags/osx-30x30.png" width="30" /><br /><img title="Runs on Windows" height="30" alt="Windows" src="http://mirror.sectools.org/flags/winlogo_30x30.gif" width="30" /><br /><img title="Command-line interface" height="30" alt="Command-line interface" src="http://mirror.sectools.org/flags/term-30x30.png" width="30" /><br /><img title="Source code available" height="19" alt="Source code" src="http://mirror.sectools.org/flags/magnifying-glass-30x19.png" width="30" /> </td><td valign="top"><a href="http://airsnort.shmoo.com/"><img height="41" src="http://mirror.sectools.org/logos/airsnort-80x41.png" width="80" align="right" border="0" /></a> <a href="http://airsnort.shmoo.com/">Airsnort</a> : 802.11 WEP Encryption Cracking Tool<br />AirSnort is a wireless LAN (WLAN) tool that recovers encryption keys. It was developed by the <a href="http://www.shmoo.com/">Shmoo Group</a> and operates by passively monitoring transmissions, computing the encryption key when enough packets have been gathered. You may also be interested in the similar <a href="index.html#aircrack">Aircrack</a>. <p>See all <a href="wireless.html">wireless tools</a>, and <a href="crackers.html">password crackers</a> </p></td></tr></tbody></table><hr /></a><a name="backtrack"><table><tbody><tr valign="top"><td valign="top" width="30"><font size="+1">#32</font><br /><img height="11" alt="new" src="http://mirror.sectools.org/flags/new_28x11.gif" width="28" /><br /><img title="Runs on Linux" height="30" alt="Linux" src="http://mirror.sectools.org/flags/linuxpenguinlogo_30x30.gif" width="30" /><br /><img title="Command-line interface" height="30" alt="Command-line interface" src="http://mirror.sectools.org/flags/term-30x30.png" width="30" /><br /><img title="GUI Interface" height="30" alt="GUI Interface" src="http://mirror.sectools.org/flags/mouse-30x30.png" width="30" /><br /><img title="Source code available" height="19" alt="Source code" src="http://mirror.sectools.org/flags/magnifying-glass-30x19.png" width="30" /> </td><td valign="top"><a href="http://www.remote-exploit.org/index.php/BackTrack"><img height="76" src="http://mirror.sectools.org/logos/backtrack-80x76.png" width="80" align="right" border="0" /></a> <a href="http://www.remote-exploit.org/index.php/BackTrack">BackTrack</a> : An Innovative Penetration Testing live Linux distribution<br />This excellent bootable live-CD Linux distribution comes from the merger of Whax and Auditor. It boasts a huge variety of Security and Forensics tools and provides a rich development environment. User modularity is emphasized so the distribution can be easily customized by the user to include personal scripts, additional tools, customized kernels, etc. <p>See all <a href="sec-distros.html">security-oriented operating systems</a> </p></td></tr></tbody></table><hr /></a><a name="p0f"><table><tbody><tr valign="top"><td valign="top" width="30"><font size="+1">#33</font><br /><img height="11" alt="new" src="http://mirror.sectools.org/flags/new_28x11.gif" width="28" /><br /><img title="Runs on Linux" height="30" alt="Linux" src="http://mirror.sectools.org/flags/linuxpenguinlogo_30x30.gif" width="30" /><br /><img title="Runs on *BSD" height="30" alt="*BSD" src="http://mirror.sectools.org/flags/openbsdheadlogo_30x30.gif" width="30" /><br /><img title="Runs on Mac OS X" height="30" alt="OS X" src="http://mirror.sectools.org/flags/osx-30x30.png" width="30" /><br /><img title="Runs on Windows" height="30" alt="Windows" src="http://mirror.sectools.org/flags/winlogo_30x30.gif" width="30" /><br /><img title="Command-line interface" height="30" alt="Command-line interface" src="http://mirror.sectools.org/flags/term-30x30.png" width="30" /><br /><img title="Source code available" height="19" alt="Source code" src="http://mirror.sectools.org/flags/magnifying-glass-30x19.png" width="30" /> </td><td valign="top"><a href="http://lcamtuf.coredump.cx/p0f.shtml"><img height="99" src="http://mirror.sectools.org/logos/p0f-80x99.png" width="80" align="right" border="0" /></a> <a href="http://lcamtuf.coredump.cx/p0f.shtml">P0f</a> : A versatile passive OS fingerprinting tool<br />P0f is able to identify the operating system of a target host simply by examining captured packets even when the device in question is behind an overzealous packet firewall. P0f does not generate ANY additional network traffic, direct or indirect. No name lookups, no mysterious probes, no ARIN queries, nothing. In the hands of advanced users, P0f can detect firewall presence, NAT use, existence of load balancers, and more! <p>See all <a href="os-detectors.html">OS detection tools</a> </p></td></tr></tbody></table><hr /></a><a name="google"><table><tbody><tr valign="top"><td valign="top" width="30"><font size="+1">#34</font><br /><img height="11" alt="new" src="http://mirror.sectools.org/flags/new_28x11.gif" width="28" /><br /><img title="Runs on Linux" height="30" alt="Linux" src="http://mirror.sectools.org/flags/linuxpenguinlogo_30x30.gif" width="30" /><br /><img title="Runs on *BSD" height="30" alt="*BSD" src="http://mirror.sectools.org/flags/openbsdheadlogo_30x30.gif" width="30" /><br /><img title="Runs on Mac OS X" height="30" alt="OS X" src="http://mirror.sectools.org/flags/osx-30x30.png" width="30" /><br /><img title="Runs on Windows" height="30" alt="Windows" src="http://mirror.sectools.org/flags/winlogo_30x30.gif" width="30" /><br /><img title="GUI Interface" height="30" alt="GUI Interface" src="http://mirror.sectools.org/flags/mouse-30x30.png" width="30" /> </td><td valign="top"><a href="http://www.google.com/"><img height="32" src="http://mirror.sectools.org/logos/google-80x32.png" width="80" align="right" border="0" /></a> <a href="http://www.google.com/">Google</a> : Everyone's Favorite Search Engine<br />While it is far more than a security tool, Google's massive database is a good mind for security researchers and penetration testers. You can use it to dig up information about a target company by using directives such as “site:target-domain.com” and find employee names, sensitive information that they wrongly thought was hidden, vulnerable software installations, and more. Similarly, when a bug is found in yet another popular webapp, Google can often provide a list of vulnerable servers worldwide within seconds. The master of Google hacking is <a href="http://johnny.ihackstuff.com/">Johny Long</a>. Check out his <a href="http://johnny.ihackstuff.com/">Google Hacking Database</a> or his excellent book: <a href="http://www.amazon.com/exec/obidos/ASIN/1931836361/secbks-20">Google Hacking for Penetration Testers</a>. </td></tr></tbody></table><hr /></a><a name="webscarab"><table><tbody><tr valign="top"><td valign="top" width="30"><font size="+1">#35</font><br /><img height="11" alt="new" src="http://mirror.sectools.org/flags/new_28x11.gif" width="28" /><br /><img title="Runs on Linux" height="30" alt="Linux" src="http://mirror.sectools.org/flags/linuxpenguinlogo_30x30.gif" width="30" /><br /><img title="Runs on *BSD" height="30" alt="*BSD" src="http://mirror.sectools.org/flags/openbsdheadlogo_30x30.gif" width="30" /><br /><img title="Runs on Mac OS X" height="30" alt="OS X" src="http://mirror.sectools.org/flags/osx-30x30.png" width="30" /><br /><img title="Runs on Windows" height="30" alt="Windows" src="http://mirror.sectools.org/flags/winlogo_30x30.gif" width="30" /><br /><img title="GUI Interface" height="30" alt="GUI Interface" src="http://mirror.sectools.org/flags/mouse-30x30.png" width="30" /><br /><img title="Source code available" height="19" alt="Source code" src="http://mirror.sectools.org/flags/magnifying-glass-30x19.png" width="30" /> </td><td valign="top"><a href="http://www.owasp.org/index.php/Category:OWASP_WebScarab_Project"><img height="87" src="http://mirror.sectools.org/logos/webscarab-80x87.png" width="80" align="right" border="0" /></a> <a href="http://www.owasp.org/index.php/Category:OWASP_WebScarab_Project">WebScarab</a> : A framework for analyzing applications that communicate using the HTTP and HTTPS protocols<br />In its simplest form, WebScarab records the conversations (requests and responses) that it observes, and allows the operator to review them in various ways. WebScarab is designed to be a tool for anyone who needs to expose the workings of an HTTP(S) based application, whether to allow the developer to debug otherwise difficult problems, or to allow a security specialist to identify vulnerabilities in the way that the application has been designed or implemented. <p>See all <a href="web-scanners.html">web vulnerability scanners</a> </p></td></tr></tbody></table><hr /></a><a name="ntop"><table><tbody><tr valign="top"><td valign="top" width="30"><font size="+1">#36</font><br /><img height="14" src="http://mirror.sectools.org/flags/up_g_10x14.gif" width="10" /><font color="#008800">3</font><br /><img title="Runs on Linux" height="30" alt="Linux" src="http://mirror.sectools.org/flags/linuxpenguinlogo_30x30.gif" width="30" /><br /><img title="Runs on *BSD" height="30" alt="*BSD" src="http://mirror.sectools.org/flags/openbsdheadlogo_30x30.gif" width="30" /><br /><img title="Runs on Mac OS X" height="30" alt="OS X" src="http://mirror.sectools.org/flags/osx-30x30.png" width="30" /><br /><img title="Runs on Windows" height="30" alt="Windows" src="http://mirror.sectools.org/flags/winlogo_30x30.gif" width="30" /><br /><img title="Command-line interface" height="30" alt="Command-line interface" src="http://mirror.sectools.org/flags/term-30x30.png" width="30" /><br /><img title="GUI Interface" height="30" alt="GUI Interface" src="http://mirror.sectools.org/flags/mouse-30x30.png" width="30" /><br /><img title="Source code available" height="19" alt="Source code" src="http://mirror.sectools.org/flags/magnifying-glass-30x19.png" width="30" /> </td><td valign="top"><a href="http://www.ntop.org/"><img height="42" src="http://mirror.sectools.org/logos/ntop-80x42.png" width="80" align="right" border="0" /></a> <a href="http://www.ntop.org/">Ntop</a> : A network traffic usage monitor<br />Ntop shows network usage in a way similar to what top does for processes. In interactive mode, it displays the network status on the user's terminal. In Web mode, it acts as a Web server, creating an HTML dump of the network status. It sports a NetFlow/sFlow emitter/collector, an HTTP-based client interface for creating ntop-centric monitoring applications, and RRD for persistently storing traffic statistics. <p>See all <a href="sniffers.html">packet sniffers</a>, and <a href="traffic-monitors.html">traffic monitoring tools</a> </p></td></tr></tbody></table><hr /></a><a name="tripwire"><table><tbody><tr valign="top"><td valign="top" width="30"><font size="+1">#37</font><br /><img height="14" src="http://mirror.sectools.org/flags/down_r_10x14.gif" width="10" /><font color="#cc0000">22</font><br /><img height="30" alt=" TITLE=" src="http://mirror.sectools.org/flags/dollarlogo_20x30.gif" width="20" /><br /><img title="Runs on Linux" height="30" alt="Linux" src="http://mirror.sectools.org/flags/linuxpenguinlogo_30x30.gif" width="30" /><br /><img title="Runs on *BSD" height="30" alt="*BSD" src="http://mirror.sectools.org/flags/openbsdheadlogo_30x30.gif" width="30" /><br /><img title="Runs on Mac OS X" height="30" alt="OS X" src="http://mirror.sectools.org/flags/osx-30x30.png" width="30" /><br /><img title="Runs on Windows" height="30" alt="Windows" src="http://mirror.sectools.org/flags/winlogo_30x30.gif" width="30" /><br /><img title="Command-line interface" height="30" alt="Command-line interface" src="http://mirror.sectools.org/flags/term-30x30.png" width="30" /><br /><img title="Source code available" height="19" alt="Source code" src="http://mirror.sectools.org/flags/magnifying-glass-30x19.png" width="30" /> </td><td valign="top"><a href="http://www.tripwire.com/"><img height="30" src="http://mirror.sectools.org/logos/tripwire-80x30.png" width="80" align="right" border="0" /></a> <a href="http://www.tripwire.com/">Tripwire</a> : The grand-daddy of file integrity checkers<br />A file and directory integrity checker. Tripwire is a tool that aids system administrators and users in monitoring a designated set of files for any changes. Used with system files on a regular (e.g., daily) basis, Tripwire can notify system administrators of corrupted or tampered files, so damage control measures can be taken in a timely manner. An open source Linux version is freely available at <a href="http://www.tripwire.org/">Tripwire.Org</a>. UNIX users may also want to consider <a href="http://www.cs.tut.fi/~rammer/aide.html">AIDE</a>, which has been designed to be a free Tripwire replacement. Or you may wish to investigate <a href="http://www.radmind.org/">Radmind</a>, <a href="tools3.html#rkhunter">RKHunter</a>, or <a href="tools3.html#chkrootkit">chkrootkit</a>. Windows users may like <a href="http://www.sysinternals.com/utilities/rootkitrevealer.html">RootkitRevealer</a> from <a href="index.html#sysinternals">Sysinternals</a>. <p>See all <a href="rootkit-detectors.html">rootkit detectors</a> </p></td></tr></tbody></table><hr /></a><a name="ngrep"><table><tbody><tr valign="top"><td valign="top" width="30"><font size="+1">#38</font><br /><img height="14" src="http://mirror.sectools.org/flags/down_r_10x14.gif" width="10" /><font color="#cc0000">3</font><br /><img title="Runs on Linux" height="30" alt="Linux" src="http://mirror.sectools.org/flags/linuxpenguinlogo_30x30.gif" width="30" /><br /><img title="Runs on *BSD" height="30" alt="*BSD" src="http://mirror.sectools.org/flags/openbsdheadlogo_30x30.gif" width="30" /><br /><img title="Runs on Mac OS X" height="30" alt="OS X" src="http://mirror.sectools.org/flags/osx-30x30.png" width="30" /><br /><img title="Runs on Windows" height="30" alt="Windows" src="http://mirror.sectools.org/flags/winlogo_30x30.gif" width="30" /><br /><img title="Command-line interface" height="30" alt="Command-line interface" src="http://mirror.sectools.org/flags/term-30x30.png" width="30" /><br /><img title="Source code available" height="19" alt="Source code" src="http://mirror.sectools.org/flags/magnifying-glass-30x19.png" width="30" /> </td><td valign="top"><a href="http://www.packetfactory.net/projects/ngrep/">Ngrep</a> : Convenient packet matching & display<br />ngrep strives to provide most of GNU grep's common features, applying them to the network layer. ngrep is a pcap-aware tool that will allow you to specify extended regular or hexadecimal expressions to match against data payloads of packets. It currently recognizes TCP, UDP and ICMP across Ethernet, PPP, SLIP, FDDI, Token Ring and null interfaces, and understands bpf filter logic in the same fashion as more common packet sniffing tools, such as tcpdump and snoop. <p>See all <a href="sniffers.html">packet sniffers</a>, and <a href="traffic-monitors.html">traffic monitoring tools</a> </p></td></tr></tbody></table><hr /></a><a name="nbtscan"><table><tbody><tr valign="top"><td valign="top" width="30"><font size="+1">#39</font><br /><img height="14" src="http://mirror.sectools.org/flags/down_r_10x14.gif" width="10" /><font color="#cc0000">10</font><br /><img title="Runs on Linux" height="30" alt="Linux" src="http://mirror.sectools.org/flags/linuxpenguinlogo_30x30.gif" width="30" /><br /><img title="Runs on *BSD" height="30" alt="*BSD" src="http://mirror.sectools.org/flags/openbsdheadlogo_30x30.gif" width="30" /><br /><img title="Runs on Mac OS X" height="30" alt="OS X" src="http://mirror.sectools.org/flags/osx-30x30.png" width="30" /><br /><img title="Runs on Windows" height="30" alt="Windows" src="http://mirror.sectools.org/flags/winlogo_30x30.gif" width="30" /><br /><img title="Command-line interface" height="30" alt="Command-line interface" src="http://mirror.sectools.org/flags/term-30x30.png" width="30" /><br /><img title="GUI Interface" height="30" alt="GUI Interface" src="http://mirror.sectools.org/flags/mouse-30x30.png" width="30" /><br /><img title="Source code available" height="19" alt="Source code" src="http://mirror.sectools.org/flags/magnifying-glass-30x19.png" width="30" /> </td><td valign="top"><a href="http://www.inetcat.org/software/nbtscan.html">Nbtscan</a> : Gathers NetBIOS info from Windows networks<br />NBTscan is a program for scanning IP networks for NetBIOS name information. It sends a NetBIOS status query to each address in supplied range and lists received information in human readable form. For each responded host it lists IP address, NetBIOS computer name, logged-in user name and MAC address. <p>See all <a href="app-scanners.html">application-specific scanners</a> </p></td></tr></tbody></table><hr /></a><a name="webinspect"><table><tbody><tr valign="top"><td valign="top" width="30"><font size="+1">#40</font><br /><img height="11" alt="new" src="http://mirror.sectools.org/flags/new_28x11.gif" width="28" /><br /><img height="30" alt=" TITLE=" src="http://mirror.sectools.org/flags/dollarlogo_20x30.gif" width="20" /><br /><img title="Runs on Windows" height="30" alt="Windows" src="http://mirror.sectools.org/flags/winlogo_30x30.gif" width="30" /><br /><img title="GUI Interface" height="30" alt="GUI Interface" src="http://mirror.sectools.org/flags/mouse-30x30.png" width="30" /> </td><td valign="top"><a href="http://www.spidynamics.com/products/webinspect/"><img height="13" src="http://mirror.sectools.org/logos/webinspect-80x13.png" width="80" align="right" border="0" /></a> <a href="http://www.spidynamics.com/products/webinspect/">WebInspect</a> : A Powerful Web Application Scanner<br />SPI Dynamics' WebInspect application security assessment tool helps identify known and unknown vulnerabilities within the Web application layer. WebInspect can also help check that a Web server is configured properly, and attempts common web attacks such as parameter injection, cross-site scripting, directory traversal, and more. <p>See all <a href="web-scanners.html">web vulnerability scanners</a> </p></td></tr></tbody></table><hr /></a><a name="openssl"><table><tbody><tr valign="top"><td valign="top" width="30"><font size="+1">#41</font><br /><img height="14" src="http://mirror.sectools.org/flags/down_r_10x14.gif" width="10" /><font color="#cc0000">3</font><br /><img title="Runs on Linux" height="30" alt="Linux" src="http://mirror.sectools.org/flags/linuxpenguinlogo_30x30.gif" width="30" /><br /><img title="Runs on *BSD" height="30" alt="*BSD" src="http://mirror.sectools.org/flags/openbsdheadlogo_30x30.gif" width="30" /><br /><img title="Runs on Mac OS X" height="30" alt="OS X" src="http://mirror.sectools.org/flags/osx-30x30.png" width="30" /><br /><img title="Runs on Windows" height="30" alt="Windows" src="http://mirror.sectools.org/flags/winlogo_30x30.gif" width="30" /><br /><img title="Command-line interface" height="30" alt="Command-line interface" src="http://mirror.sectools.org/flags/term-30x30.png" width="30" /><br /><img title="Source code available" height="19" alt="Source code" src="http://mirror.sectools.org/flags/magnifying-glass-30x19.png" width="30" /> </td><td valign="top"><a href="http://www.openssl.org/"><img height="24" src="http://mirror.sectools.org/logos/openssl-80x24.png" width="80" align="right" border="0" /></a> <a href="http://www.openssl.org/">OpenSSL</a> : The premier SSL/TLS encryption library<br />The OpenSSL Project is a collaborative effort to develop a robust, commercial-grade, full-featured, and open source toolkit implementing the Secure Sockets Layer (SSL v2/v3) and Transport Layer Security (TLS v1) protocols as well as a full-strength general purpose cryptography library. The project is managed by a worldwide community of volunteers that use the Internet to communicate, plan, and develop the OpenSSL toolkit and its related documentation. <p>See all <a href="crypto.html">encryption tools</a> </p></td></tr></tbody></table><hr /></a><a name="xprobe2"><table><tbody><tr valign="top"><td valign="top" width="30"><font size="+1">#42</font><br /><img height="14" src="http://mirror.sectools.org/flags/down_r_10x14.gif" width="10" /><font color="#cc0000">9</font><br /><img title="Runs on Linux" height="30" alt="Linux" src="http://mirror.sectools.org/flags/linuxpenguinlogo_30x30.gif" width="30" /><br /><img title="Runs on *BSD" height="30" alt="*BSD" src="http://mirror.sectools.org/flags/openbsdheadlogo_30x30.gif" width="30" /><br /><img title="Runs on Mac OS X" height="30" alt="OS X" src="http://mirror.sectools.org/flags/osx-30x30.png" width="30" /><br /><img title="Command-line interface" height="30" alt="Command-line interface" src="http://mirror.sectools.org/flags/term-30x30.png" width="30" /><br /><img title="Source code available" height="19" alt="Source code" src="http://mirror.sectools.org/flags/magnifying-glass-30x19.png" width="30" /> </td><td valign="top"><a href="http://www.sys-security.com/index.php?page=xprobe"><img height="108" src="http://mirror.sectools.org/logos/xprobe2-80x108.png" width="80" align="right" border="0" /></a> <a href="http://www.sys-security.com/index.php?page=xprobe">Xprobe2</a> : Active OS fingerprinting tool<br />XProbe is a tool for determining the operating system of a remote host. They do this using some of the <a href="http://www.insecure.org/nmap/osdetect/">same techniques</a> as <a href="http://www.insecure.org/nmap/">Nmap</a> as well as some of their own ideas. Xprobe has always emphasized the ICMP protocol in its fingerprinting approach. <p>See all <a href="os-detectors.html">OS detection tools</a> </p></td></tr></tbody></table><hr /></a><a name="etherape"><table><tbody><tr valign="top"><td valign="top" width="30"><font size="+1">#43</font><br /><img height="14" src="http://mirror.sectools.org/flags/up_g_10x14.gif" width="10" /><font color="#008800">21</font><br /><img title="Runs on Linux" height="30" alt="Linux" src="http://mirror.sectools.org/flags/linuxpenguinlogo_30x30.gif" width="30" /><br /><img title="Runs on *BSD" height="30" alt="*BSD" src="http://mirror.sectools.org/flags/openbsdheadlogo_30x30.gif" width="30" /><br /><img title="Runs on Mac OS X" height="30" alt="OS X" src="http://mirror.sectools.org/flags/osx-30x30.png" width="30" /><br /><img title="GUI Interface" height="30" alt="GUI Interface" src="http://mirror.sectools.org/flags/mouse-30x30.png" width="30" /><br /><img title="Source code available" height="19" alt="Source code" src="http://mirror.sectools.org/flags/magnifying-glass-30x19.png" width="30" /> </td><td valign="top"><a href="http://etherape.sourceforge.net/"><img height="48" src="http://mirror.sectools.org/logos/etherape-48x48.png" width="48" align="right" border="0" /></a> <a href="http://etherape.sourceforge.net/">EtherApe</a> : EtherApe is a graphical network monitor for Unix modeled after etherman<br />Featuring link layer, IP and TCP modes, EtherApe displays network activity graphically with a color coded protocols display. Hosts and links change in size with traffic. It supports Ethernet, FDDI, Token Ring, ISDN, PPP and SLIP devices. It can filter traffic to be shown, and can read traffic from a file as well as live from the network. <p>See all <a href="sniffers.html">packet sniffers</a>, and <a href="traffic-monitors.html">traffic monitoring tools</a> </p></td></tr></tbody></table><hr /></a><a name="impact"><table><tbody><tr valign="top"><td valign="top" width="30"><font size="+1">#44</font><br /><img height="11" alt="new" src="http://mirror.sectools.org/flags/new_28x11.gif" width="28" /><br /><img height="30" alt=" TITLE=" src="http://mirror.sectools.org/flags/dollarlogo_20x30.gif" width="20" /><br /><img title="Runs on Windows" height="30" alt="Windows" src="http://mirror.sectools.org/flags/winlogo_30x30.gif" width="30" /><br /><img title="GUI Interface" height="30" alt="GUI Interface" src="http://mirror.sectools.org/flags/mouse-30x30.png" width="30" /> </td><td valign="top"><a href="http://www.coresecurity.com/products/coreimpact/"><img height="50" src="http://mirror.sectools.org/logos/impact-80x50.gif" width="80" align="right" border="0" /></a> <a href="http://www.coresecurity.com/products/coreimpact/">Core Impact</a> : An automated, comprehensive penetration testing product<br />Core Impact isn't cheap (be prepared to spend tens of thousands of dollars), but it is widely considered to be the most powerful exploitation tool available. It sports a large, regularly updated database of professional exploits, and can do neat tricks like exploiting one machine and then establishing an encrypted tunnel through that machine to reach and exploit other boxes. If you can't afford Impact, take a look at the cheaper <a href="tools4.html#canvas">Canvas</a> or the excellent and free <a href="index.html#metasploit">Metasploit Framework</a>. Your best bet is to use all three. <p>See all <a href="vuln-scanners.html">vulnerability scanners</a>, and <a href="sploits.html">vulnerability exploitation tools</a> </p></td></tr></tbody></table><hr /></a><a name="ida"><table><tbody><tr valign="top"><td valign="top" width="30"><font size="+1">#45</font><br /><img height="11" alt="new" src="http://mirror.sectools.org/flags/new_28x11.gif" width="28" /><br /><img height="30" alt=" TITLE=" src="http://mirror.sectools.org/flags/dollarlogo_20x30.gif" width="20" /><br /><img title="Runs on Linux" height="30" alt="Linux" src="http://mirror.sectools.org/flags/linuxpenguinlogo_30x30.gif" width="30" /><br /><img title="Runs on Windows" height="30" alt="Windows" src="http://mirror.sectools.org/flags/winlogo_30x30.gif" width="30" /><br /><img title="GUI Interface" height="30" alt="GUI Interface" src="http://mirror.sectools.org/flags/mouse-30x30.png" width="30" /><br /><img title="Source code available" height="19" alt="Source code" src="http://mirror.sectools.org/flags/magnifying-glass-30x19.png" width="30" /> </td><td valign="top"><a href="http://www.datarescue.com/idabase/"><img height="57" src="http://mirror.sectools.org/logos/ida-58x57.png" width="58" align="right" border="0" /></a> <a href="http://www.datarescue.com/idabase/">IDA Pro</a> : A Windows or Linux disassembler and debugger<br />Disassembly is a big part of security research. It will help you dissect that Microsoft patch to discover the silently fixed bugs they don't tell you about, or more closely examine a server binary to determine why your exploit isn't working. Many disassemblers are available, but IDA Pro has become the de-facto standard for the analysis of hostile code and vulnerability research. This interactive, programmable, extensible, multi-processor disassembler now supports Linux (console mode) as well as Windows. <p>See all <a href="disassemblers.html">disassemblers</a> </p></td></tr></tbody></table><hr /></a><a name="solarwinds"><table><tbody><tr valign="top"><td valign="top" width="30"><font size="+1">#46</font><br /><img height="14" src="http://mirror.sectools.org/flags/down_r_10x14.gif" width="10" /><font color="#cc0000">12</font><br /><img height="30" alt=" TITLE=" src="http://mirror.sectools.org/flags/dollarlogo_20x30.gif" width="20" /><br /><img title="Runs on Windows" height="30" alt="Windows" src="http://mirror.sectools.org/flags/winlogo_30x30.gif" width="30" /><br /><img title="GUI Interface" height="30" alt="GUI Interface" src="http://mirror.sectools.org/flags/mouse-30x30.png" width="30" /> </td><td valign="top"><a href="http://www.solarwinds.net/"><img height="47" src="http://mirror.sectools.org/logos/solarwinds-80x47.png" width="80" align="right" border="0" /></a> <a href="http://www.solarwinds.net/">SolarWinds</a> : A plethora of network discovery/monitoring/attack tools<br />SolarWinds has created and sells dozens of special-purpose tools targeted at systems administrators. Security-related tools include many network discovery scanners, an SNMP brute-force cracker, router password decryption, a TCP connection reset program, one of the fastest and easiest router config download/upload applications available and more. <p>See all <a href="traffic-monitors.html">traffic monitoring tools</a>, and <a href="crackers.html">password crackers</a> </p></td></tr></tbody></table><hr /></a><a name="pwdump"><table><tbody><tr valign="top"><td valign="top" width="30"><font size="+1">#47</font><br /><img height="14" src="http://mirror.sectools.org/flags/up_g_10x14.gif" width="10" /><font color="#008800">6</font><br /><img title="Runs on Windows" height="30" alt="Windows" src="http://mirror.sectools.org/flags/winlogo_30x30.gif" width="30" /><br /><img title="Command-line interface" height="30" alt="Command-line interface" src="http://mirror.sectools.org/flags/term-30x30.png" width="30" /><br /><img title="Source code available" height="19" alt="Source code" src="http://mirror.sectools.org/flags/magnifying-glass-30x19.png" width="30" /> </td><td valign="top"><a href="http://www.foofus.net/fizzgig/pwdump/">Pwdump</a> : A window password recovery tool<br />Pwdump is able to extract NTLM and LanMan hashes from a Windows target, regardless of whether Syskey is enabled. It is also capable of displaying password histories if they are available. It outputs the data in L0phtcrack-compatible form, and can write to an output file. <p>See all <a href="crackers.html">password crackers</a> </p></td></tr></tbody></table><hr /></a><a name="lsof"><table><tbody><tr valign="top"><td valign="top" width="30"><font size="+1">#48</font><br /><img height="14" src="http://mirror.sectools.org/flags/down_r_10x14.gif" width="10" /><font color="#cc0000">7</font><br /><img title="Runs on Linux" height="30" alt="Linux" src="http://mirror.sectools.org/flags/linuxpenguinlogo_30x30.gif" width="30" /><br /><img title="Runs on *BSD" height="30" alt="*BSD" src="http://mirror.sectools.org/flags/openbsdheadlogo_30x30.gif" width="30" /><br /><img title="Runs on Mac OS X" height="30" alt="OS X" src="http://mirror.sectools.org/flags/osx-30x30.png" width="30" /><br /><img title="Command-line interface" height="30" alt="Command-line interface" src="http://mirror.sectools.org/flags/term-30x30.png" width="30" /><br /><img title="Source code available" height="19" alt="Source code" src="http://mirror.sectools.org/flags/magnifying-glass-30x19.png" width="30" /> </td><td valign="top"><a href="ftp://vic.cc.purdue.edu/pub/tools/unix/lsof/">LSoF</a> : LiSt Open Files<br />This Unix-specific diagnostic and forensics tool lists information about any files that are open by processes currently running on the system. It can also list communications sockets open by each process. For a Windows equivalent, check out Process Explorer from <a href="index.html#sysinternals">Sysinternals</a>. </td></tr></tbody></table><hr /></a><a name="rainbowcrack"><table><tbody><tr valign="top"><td valign="top" width="30"><font size="+1">#49</font><br /><img height="11" alt="new" src="http://mirror.sectools.org/flags/new_28x11.gif" width="28" /><br /><img title="Runs on Linux" height="30" alt="Linux" src="http://mirror.sectools.org/flags/linuxpenguinlogo_30x30.gif" width="30" /><br /><img title="Runs on *BSD" height="30" alt="*BSD" src="http://mirror.sectools.org/flags/openbsdheadlogo_30x30.gif" width="30" /><br /><img title="Runs on Mac OS X" height="30" alt="OS X" src="http://mirror.sectools.org/flags/osx-30x30.png" width="30" /><br /><img title="Runs on Windows" height="30" alt="Windows" src="http://mirror.sectools.org/flags/winlogo_30x30.gif" width="30" /><br /><img title="Command-line interface" height="30" alt="Command-line interface" src="http://mirror.sectools

邪恶八进制信息安全团队技术讨论组's Archiver

[转载]Top 100 Network Security Tools