Top Security and Hacking Tools

DSniff

2009-07-17T09:10:00.000-07:00

"dsniff is a collection of tools for network auditing and penetration testing. dsniff, filesnarf, mailsnarf, msgsnarf, urlsnarf, and webspy passively monitor a network for interesting data (passwords, e-mail, files, etc.). arpspoof, dnsspoof, and macof facilitate the interception of network traffic normally unavailable to an attacker (e.g, due to layer-2 switching). sshmitm and webmitm implement active monkey-in-the-middle attacks against redirected SSH and HTTPS sessions by exploiting weak bindings in ad-hoc PKI." read more...

Website: http://www.monkey.org/~dugsong/dsniff/

John the Ripper

2009-07-17T09:03:00.000-07:00

"A powerful, flexible, and fast multi-platform password hash cracker John the Ripper is a fast password cracker, currently available for many flavors of Unix (11 are officially supported, not counting different architectures), DOS, Win32, BeOS, and OpenVMS. Its primary purpose is to detect weak Unix passwords. It supports several crypt(3) password hash types which are most commonly found on various Unix flavors, as well as Kerberos AFS and Windows NT/2000/XP LM hashes. Several other hash types are added with contributed patches. You will want to start with some wordlists, which you can find here or here. " read more...

Website: http://www.openwall.com/john

Cain and Abel

2009-07-17T08:55:00.000-07:00

"Cain & Abel is a password recovery tool for Microsoft Operating Systems. It allows easy recovery of various kind of passwords by sniffing the network, cracking encrypted passwords using Dictionary, Brute-Force and Cryptanalysis attacks, recording VoIP conversations, decoding scrambled passwords, recovering wireless network keys, revealing password boxes, uncovering cached passwords and analyzing routing protocols. The program does not exploit any software vulnerabilities or bugs that could not be fixed with little effort. It covers some security aspects/weakness present in protocol's standards, authentication methods and caching mechanisms; its main purpose is the simplified recovery of passwords and credentials from various sources, however it also ships some "non standard" utilities for Microsoft Windows users." read more...

Website: http://www.oxid.it/cain.html

Backtrack4

2009-02-12T05:54:00.000-08:00

The Remote Exploit Development Team has just announced BackTrack 4 Beta. BackTrack is a Linux based LiveCD intended for security testing and we’ve been watching the project since the very early days. They say this new beta is both stable and usable. They’ve moved towards behaving like an actual distribution: it’s based on Debian core, they use Ubuntu software, and they’re running their own BackTrack repositories for future updates. There are a lot of new features, but the one we’re most interested in is the built in Pico card support. You can use the FPGAs to generate rainbow tables and do lookups for things like WPA, GSM, and Bluetooth cracking. BackTrack ISO and VMWare images are available here.

Website: http://www.remote-exploit.org

Memoryze

2008-12-31T07:05:00.000-08:00

"MANDIANT Memoryze is free memory forensic software that helps incident responders find evil in live memory. Memoryze can acquire and/or analyze memory images, and on live systems can include the paging file in its analysis." read more...

Download: http://fred.mandiant.com/MemoryzeSetup.msi

THC-Hydra

2008-12-30T07:23:00.001-08:00

"A very fast network logon cracker which support many different services. Number one of the biggest security holes are passwords, as every password security study shows. Hydra is a parallized login cracker which supports numerous protocols to attack. This tool is a proof of concept code, to give researchers and security consultants the possibility to show how easy it would be to gain unauthorized access from remote to a system." read more...

Website: http://freeworld.thc.org/thc-hydra

Samurai: Web Testing Framework

2008-12-23T08:27:00.000-08:00

"The Samurai Web Testing Framework is a live linux environment that has been pre-configured to function as a web pen-testing environment. The CD contains the best of the open source and free tools that focus on testing and attacking websites. In developing this environment, we have based our tool selection on the tools we use in our security practice. We have included the tools used in all four steps of a web pen-test." read more...

Website: http://samurai.inguardians.com

Odysseus

2008-12-18T13:45:00.000-08:00

"Odysseus is a tool designed for testing the security of web applications. Odysseus is a proxy server, which acts as a man-in-the-middle during an HTTP session. A typical HTTP proxy will relay packets to and from a client browser and a web server. Odysseus will intercept an HTTP session's data in either direction and give the user the ability to alter the data before transmission. For example, during a normal HTTP SSL connection a typical proxy will relay the session between the server and the client and allow the two end nodes to negotiate SSL. In contrast, when in intercept mode, Odysseus will pretend to be the server and negotiate two SSL sessions, one with the client browser and another with the web server." read more...

Download: http://www.bindshell.net/tools/odysseus

ShellForge

2008-10-07T14:29:00.000-07:00

"ShellForge is a python program that builds shellcodes from C. It is inspired from Stealth's Hellkit. Some wrapper functions arround system calls are defined in header files. The C program uses them instead of libc calls. ShellForge uses gcc to convert it into assembler. It then modifies it a bit, compiles it, extract code from the object, may encode it and add a loader at the begining." read more...

Website: http://www.secdev.org/projects/shellforge/

BeEF: Browser Exploitation Framework

2008-09-23T07:51:00.000-07:00

"BeEF is the browser exploitation framework. A professional tool to demonstrate the real-time impact of XSS browser vulnerabilities. Development has focused on creating a modular structure making new module development a trivial process with the intelligence residing within BeEF. Current modules include the first public Inter-protocol Exploit, a traditional browser overflow exploit, port scanning, keylogging, clipboard theft and more." read more...

Website: http://www.bindshell.net/tools/beef

Exploit-Me

2008-09-23T07:46:00.000-07:00

"Exploit-Me is a suite of Firefox web application security testing tools designed to be lightweight and easy to use. The Exploit-Me series was originally introduced at the SecTor conference in Toronto. The slides for the presentation are available for download. Along with this SecTor is making the audio of the talk available." read more...

Website: http://securitycompass.com/exploitme.shtml

DirBuster: Brute Force Web Directories

2008-08-28T13:48:00.000-07:00

"DirBuster is a multi threaded java application designed to brute force directories and files names on web/application servers. Often is the case now of what looks like a web server in a state of default installation is actually not, and has pages and applications hidden within. DirBuster attempts to find these. However tools of this nature are often as only good as the directory and file list they come with. A different approach was taken to generating this. The list was generated from scratch, by crawling the Internet and collecting the directory and files that are actually used by developers! DirBuster comes a total of 9 different lists (Further information can be found below), this makes DirBuster extremely effective at finding those hidden files and directories. And if that was not enough DirBuster also has the option to perform a pure brute force, which leaves the hidden directories and files nowhere to hide! If you have the time ;) " read more...

Download: https://sourceforge.net/projects/dirbuster

W3AF

2008-08-13T18:02:00.000-07:00

"W3AF is a Web Application Attack and Audit Framework. The project goal is to create a framework to find and exploit web application vulnerabilities that is easy to use and extend. This project is currently hosted at SourceForge." read more...

Website: http://w3af.sourceforge.net

OSWA™

2008-08-12T15:34:00.000-07:00

"The OSWA™-Assistant is a self-contained, no Operating System required, freely downloadable, standalone toolkit which is solely focused on wireless auditing. As a result, in addition to the usual WiFi (802.11) auditing tools, it also covers Bluetooth and RFID auditing. Using the toolkit is as easy as popping it into your computer's CDROM and making your computer boot from it!" read more...

Website: http://oswa-assistant.securitystartshere.org

Ettercap: Man In The Middle (MITM)

2008-08-12T11:10:00.000-07:00

"Ettercap is a suite for man in the middle attacks on LAN. It features sniffing of live connections, content filtering on the fly and many other interesting tricks. It supports active and passive dissection of many protocols (even ciphered ones) and includes many feature for network and host analysis." read more...

Website: http://ettercap.sourceforge.net

RainbowCrack

2008-08-11T15:56:00.000-07:00

"RainbowCrack is a general purpose implementation of Philippe Oechslin's faster time-memory trade-off technique. In short, the RainbowCrack tool is a hash cracker. A traditional brute force cracker try all possible plaintexts one by one in cracking time. It is time consuming to break complex password in this way. The idea of time-memory trade-off is to do all cracking time computation in advance and store the result in files so called "rainbow table". It does take a long time to precompute the tables. But once the one time precomputation is finished, a time-memory trade-off cracker can be hundreds of times faster than a brute force cracker, with the help of precomputed tables." read more...

Website: http://www.antsight.com/zsl/rainbowcrack

Ophcrack

2008-08-11T15:51:00.000-07:00

" Ophcrack is an open source (GPL license) program that cracks Windows LM hashes using rainbow tables. The program includes the ability to import the hashes from a variety of formats, including dumping directly from the SAM files of Windows. There is also a Live CD version which automates the retrieval, decryption, and cracking of passwords from a Windows system. Rainbow tables for LM hashes of alphanumeric passwords are provided for free by the developers. These tables can crack 99.9% of alphanumeric passwords of up to 14 characters in usually a few seconds, and at most a few minutes. Larger rainbow tables (for LM hashes of passwords with all printable characters, including symbols and space) are available for purchase from Objectif Securité. Starting with version 2.3, Ophcrack also cracks NT hashes. This is necessary if generation of the LM hash is disabled (this is default on Windows Vista), or if the password is longer than 14 characters (in which case the LM hash is not stored)." read more...

Website: http://ophcrack.sourceforge.net

Airpwn: A Wireless Packet Injector

2008-08-11T08:40:00.000-07:00

"Airpwn is a framework for 802.11 (wireless) packet injection. Airpwn listens to incoming wireless packets, and if the data matches a pattern specified in the config files, custom content is injected "spoofed" from the wireless access point. From the perspective of the wireless client, airpwn becomes the server." read more...

Website: http://airpwn.sourceforge.net

PHoss: A Password Sniffer

2008-08-08T12:16:00.000-07:00

"PHoss is a sniffer. A normal sniffer software is designed to find problems in data communication on the network. PHoss is designed to know some protocols which use (or may use) clear text passwords. Many protocols are designed to use secure authentication. For fallback they define a lowest level of authentication using clear text. Many companies use this lowest fallback definition as standard setting to make the product working in many environments." read more...

Download: http://www.phenoelit-us.org/phoss/download.html

DMitry: Deepmagic Information Gathering Tool

2008-08-07T14:33:00.000-07:00

"DMitry (Deepmagic Information Gathering Tool) is a UNIX/(GNU)Linux Command Line Application coded in C. DMitry has the ability to gather as much information as possible about a host. Base functionality is able to gather possible subdomains, email addresses, uptime information, tcp port scan, whois lookups, and more." read more...

Download: http://packetstormsecurity.org/UNIX/misc/DMitry-1.2a.tar.gz

snmpcheck

2008-08-07T14:19:00.000-07:00

"snmpcheck is a free open source utility to get information via SNMP protocols. It works fine against Windows, Linux, Cisco, HP-UX, SunOS systems and any devices with SNMP protocol support. It could be useful for penetration testing or systems monitoring. snmpcheck has been tested on GNU/Linux, *BSD, Windows systems and Cygwin. snmpcheck is distributed under GPL license and based on Athena-2k script by jshaw. " read more...

Website: http://www.nothink.org/perl/snmpcheck

fragroute

2008-08-07T14:06:00.000-07:00

"fragroute intercepts, modifies, and rewrites egress traffic destined for a specified host, implementing most of the attacks described in the Secure Networks "Insertion, Evasion, and Denial of Service: Eluding Network Intrusion Detection" paper of January 1998. It features a simple ruleset language to delay, duplicate, drop, fragment, overlap, print, reorder, segment, source-route, or otherwise monkey with all outbound packets destined for a target host, with minimal support for randomized or probabilistic behaviour. This tool was written in good faith to aid in the testing of network intrusion detection systems, firewalls, and basic TCP/IP stack behaviour." read more...

Website: http://monkey.org/~dugsong/fragroute

Nemesis: A Packet Injection Utility

2008-08-07T14:02:00.000-07:00

"Nemesis is a command-line network packet injection utility for UNIX-like and Windows systems. You might think of it as an EZ-bake packet oven or a manually controlled IP stack. With Nemesis, it is possible to generate and transmit packets from the command line or from within a shell script. Nemesis attacks directed through fragrouter could be a most powerful combination for the system auditor to find security problems that could then be reported to the vendor(s)." read more...

Website: http://www.packetfactory.net/projects/nemesis

Aircrack-ng: The Next Generation of Aircrack

2008-08-06T13:35:00.000-07:00

"Aircrack-ng is an 802.11 WEP and WPA-PSK keys cracking program that can recover keys once enough data packets have been captured. It implements the standard FMS attack along with some optimizations like KoreK attacks, as well as the all-new PTW attack, thus making the attack much faster compared to other WEP cracking tools. In fact, Aircrack-ng is a set of tools for auditing wireless networks." read more...

Website: http://www.aircrack-ng.org

OpenVAS

2008-08-06T11:54:00.000-07:00

"OpenVAS stands for Open Vulnerability Assessment System and is a network security scanner with associated tools like a graphical user front-end. The core is a server component with a set of network vulnerability tests (NVTs) to detect security problems in remote systems and applications." read more...

Website: http://www.openvas.org

ngrep: network grep

2008-08-01T10:10:00.000-07:00

"ngrep strives to provide most of GNU grep's common features, applying them to the network layer. ngrep is a pcap-aware tool that will allow you to specify extended regular or hexadecimal expressions to match against data payloads of packets. It currently recognizes TCP, UDP, ICMP, IGMP and Raw protocols across Ethernet, PPP, SLIP, FDDI, Token Ring, 802.11 and null interfaces, and understands bpf filter logic in the same fashion as more common packet sniffing tools, such as tcpdump and snoop." read more...

Website: http://www.packetfactory.net/projects/ngrep

XPROBE: Active OS fingerprinting tool

2008-08-01T09:55:00.000-07:00

"Remote OS identification using ICMP packets Xprobe allows you to determine what operating system is running on a remote host. It sends several packets to a host and analyses the returned ICMP packets. The tool automates a logic of OS fingerprinting methods called "X". Xprobe's functionality is comparable to the OS fingerprinting feature in nmap, but has several advantages over it: - Faster: A maximum of 4 packets are sent to determine the remote OS. - Can detect whether the host is up, so pinging is no longer necessary. - Stealthier: Does not send any malformed datagrams. - Can distinguish between many variants of Microsoft operating systems." read more...

Website: http://xprobe.sourceforge.net

OpenXPKI

2008-08-01T09:38:00.000-07:00

" The OpenXPKI Project aims at creating an enterprise-grade PKI/Trustcenter software supporting well established infrastructure components like RDBMS and Hardware Security Modules. Flexibility and modularity are the project's key design objectives. Unlike many other OpenSource PKI projects OpenXPKI offers powerful features necessary for professional environments that are usually only found in commercial grade PKI products. However, we also target small scale installations by providing quick-start configuration examples that allow to get a usable PKI running quickly." read more...

Website: http://www.openxpki.org

JOSPKI Suite

2008-08-01T08:42:00.000-07:00

"Suite of services and tools for handling PKI requirements. The initial list of programs contains: 1) a viewer/encoding converter for X.509 certificates, 2) a viewer/editor/generator for PKCS#7 and 3) a viewer/editor/generator for various keystores types." read more...

Website: http://jospkisuite.sourceforge.net

Odyssi: Certificate Authority Server

2008-08-01T08:37:00.000-07:00

"The Odyssi CA Server is an enterprise-class certificate authority server, allowing an organization to build and deploy a full-fledged PKI. When completed, it will support most major existing PKI standards, while providing complete customizability in deployment. Odyssi CA is designed for today's identity management needs. By leveraging PKI, your organization will be able to effectively secure the identities of its users. This will provide your users with strong network authentication, e-mail signing and encryption, and wireless network access." read more...

Website: http://odyssipki.sourceforge.net

III ASN.1 Tool

2008-08-01T08:29:00.000-07:00

"The III ASN.1 Tool includes two parts : an ASN.1 compiler "asnparser" which compiles the Abstract Syntax to c++ files, and a runtime library which is used to link with the c++ files generated by asnparser. Based on the works of Open H.323 projects, it is developed for the needs of H.450 series protocol. Hence, it supports the information object class defined in X.681." read more...

Website: http://iiiasn1.sourceforge.net

Yersinia

2008-07-30T17:59:00.000-07:00

"Yersinia is a network tool designed to take advantage of some weakeness in different network protocols, It is useful for penetration testing. It pretends to be a solid framework for analyzing and testing the deployed networks and systems. Currently, attacks for the following network protocols are implemented; Spanning Tree Protocol (STP), Cisco Discovery Protocol (CDP), Dynamic Trunking Protocol (DTP), Dynamic Host Configuration Protocol (DHCP), Hot Standby Router Protocol (HSRP), 802.1q,802.1x, Inter-Switch Link Protocol (ISL) and VLAN Trunking Protocol (VTP)." read more...

Website: http://www.yersinia.net

LaBrea: "Sticky" Honeypot and IDS

2008-07-30T17:52:00.000-07:00

"LaBrea takes over unused IP addresses, and creates virtual servers that are attractive to worms, hackers, and other denizens of the Internet. The program answers connection attempts in such a way that the machine at the other end gets "stuck", sometimes for a very long time." read more...

Website: http://labrea.sourceforge.net

The Metasploit Framework

2008-07-27T20:54:00.000-07:00

"The Metasploit Framework is a development platform for creating security tools and exploits. The framework is used by network security professionals to perform penetration tests, system administrators to verify patch installations, product vendors to perform regression testing, and security researchers world-wide. The framework is written in the Ruby programming language and includes components written in C and assembler." read more...

Website: http://www.metasploit.com

Kismet: Wireless Packet Analyzer

2008-07-27T11:23:00.000-07:00

"Kismet is an 802.11 layer2 wireless network detector, sniffer, and intrusion detection system. Kismet will work with any wireless card which supports raw monitoring (rfmon) mode, and can sniff 802.11b, 802.11a, and 802.11g traffic. Kismet identifies networks by passively collecting packets and detecting standard named networks, detecting (and given time, decloaking) hidden networks, and infering the presence of nonbeaconing networks via data traffic." read more...

Website: http://www.kismetwireless.net

Tor: anonymity online

2008-07-26T10:18:00.000-07:00

"Tor is a software project that helps you defend against traffic analysis, a form of network surveillance that threatens personal freedom and privacy, confidential business activities and relationships, and state security. Tor protects you by bouncing your communications around a distributed network of relays run by volunteers all around the world: it prevents somebody watching your Internet connection from learning what sites you visit, and it prevents the sites you visit from learning your physical location. Tor works with many of your existing applications, including web browsers, instant messaging clients, remote login, and other applications based on the TCP protocol." read more...

Website: http://www.torproject.org

Privoxy

2008-07-26T09:59:00.000-07:00

"Privoxy is a non-caching web proxy with advanced filtering capabilities for enhancing privacy, modifying web page data, managing HTTP cookies, controlling access, and removing ads, banners, pop-ups and other obnoxious Internet junk. Privoxy has a flexible configuration and can be customized to suit individual needs and tastes. Privoxy has application for both stand-alone systems and multi-user networks." read more...

Website: http://www.privoxy.org

Winpooch

2008-07-26T09:40:00.000-07:00

"Winpooch is a Windows watchdog, free and open source. Anti spyware and anti trojan, it gives a full protection against local or external attacks by scanning the activity of programs in real time. Associated with ClamWin antivirus, Winpooch keeps safe your computer against virus." read more...

Download: http://sourceforge.net/project/showfiles.php?group_id=122629

SpamAssassin: An Open Source E-mail Filter

2008-07-25T10:48:00.000-07:00

"No list of open-source security tools would be complete without SpamAssassin. A two-time Datamation Product of the Year winner, this anti-spam tool is the "secret sauce" behind a number of commercial products, as well as being put to good use by a number of e-mail hosting vendors and spam filtering vendors. Experts often recognize SpamAssassin as the best open-source anti-spam tool available." read more...

Website: http://spamassassin.apache.org

PKIF: The PKI Framework

2008-07-23T17:52:00.000-07:00

"PKIF is a full-featured, standards compliant PKI enablement library. Its goal is to make it easy for your applications to take advantage of your PKI. PKIF runs on Windows and UNIX systems and is written in C++ with bindings for C# (and COM/.Net) and java. PKIF can validate certificates, create and verify signatures, encrypt and decrypt data, and much more." read more...

Website: http://pkif.sourceforge.net/index.html

OTPW: A One-time Password Login Package

2008-07-23T16:36:00.000-07:00

"The OTPW package consists of the one-time-password generator otpw-gen plus two verification routines otpw_prepare() and otpw_verify() that can easily be added to programs such as login or ftpd on POSIX systems. For platforms that support the Pluggable Authentication Method (PAM) interface, a suitable wrapper is included as well. Login software extended this way will allow reasonably secure user authentication over insecure network lines. The user carries a password list on paper. The scheme is designed to be robust against theft of the paper list and race-for-the-last-letter attacks. Cryptographic hash values of the one-time passwords are stored for verification in the user’s home directory." read more...

Website: http://www.cl.cam.ac.uk/~mgk25/otpw.html

The ASN.1 Compiler

2008-07-23T14:44:00.000-07:00

"The asn1c is a free, open source compiler of ASN.1 specifications into C source code. It supports a range of ASN.1 syntaxes, including ISO/IEC/ITU ASN.1 1988, '94, '97, 2002 and later amendments. The supported sets of encoding rules are a) BER: ITU-T Rec. X.690 | ISO/IEC 8825-1 (2002) (BER/DER/CER), b) PER: X.691|8825-2 (2002) (PER), c) XER: X.693|8825-3 (2001) (BASIC-XER/CXER)." read more...

Download: http://lionet.info/asn1c/download.html

FxCop: A Free Static Code Analysis Tool that Checks .NET managed code

2008-07-23T07:15:00.000-07:00

"FxCop is an application that analyzes managed code assemblies (code that targets the .NET Framework common language runtime) and reports information about the assemblies, such as possible design, localization, performance, and security improvements. Many of the issues concern violations of the programming and design rules set forth in the Design Guidelines for Class Library Developers, which are the Microsoft guidelines for writing robust and easily maintainable code by using the .NET Framework. FxCop is intended for class library developers. However, anyone creating applications that should comply with the .NET Framework best practices will benefit. FxCop is also useful as an educational tool for people who are new to the .NET Framework or who are unfamiliar with the .NET Framework Design Guidelines. FxCop is designed to be fully integrated into the software development cycle and is distributed as both a fully featured application that has a graphical user interface (FxCop.exe) for interactive work, and a command-line tool (FxCopCmd.exe) suited for use as part of automated build processes or integrated with Microsoft Visual Studio® .NET as an external tool." read more...

Website1: http://msdn.microsoft.com/en-us/library/bb429476(VS.80).aspx

Website2: FxCop and Code Analysis: Writing Your Own Custom Rules

OSSEC: An Open Source Host-based Intrusion Detection System

2008-07-21T20:41:00.000-07:00

"OSSEC is a scalable, multi-platform, open source Host-based Intrusion Detection System (HIDS). It has a powerful correlation and analysis engine, integrating log analysis, file integrity checking, Windows registry monitoring, centralized policy enforcement, rootkit detection, real-time alerting and active response. It runs on most operating systems, including Linux, OpenBSD, FreeBSD, MacOS, Solaris and Windows. A list with all supported platforms is available here." read more...

Website: http://www.ossec.net/

httprecon: An Advanced Web Server Fingerprinting Tool

2008-07-21T14:39:00.000-07:00

"The httprecon project is doing some research in the field of web server fingerprinting, also known as http fingerprinting. The goal is the highly accurate identification of given httpd implementations. This is very important within professional vulnerability analysis. Besides the discussion of different approaches and the documentation of gathered results also an implementation for automated analysis is provided. This software shall improve the easyness and efficiency of this kind of enumeration. Traditional approaches as like banner-grabbing, status code enumeration and header ordering analysis are used. However, many other analysis techniques were introduced to increase the possibilities of accurate web server fingerprinting." read more...

Website: http://www.computec.ch/projekte/httprecon

ATK: An Open-Source Exploiting Framework

2008-07-21T14:32:00.000-07:00

"This tool checks for leaks and vulnerabilities on any system with an easy interface ... and nice documentation - worth checking for sure!" - Prof. Dr. Urs E. Gattiker, Author of the books "Virus Revealed", "The Information Security Dictionary" and "Technology Management in Organizations" read more...

Website: http://www.computec.ch/projekte/atk

Burp Suite: An Integrated Platform for Penetration Test of Web Applications

2008-07-21T13:40:00.000-07:00

"Burp Suite is an integrated platform for attacking web applications. It contains all of the Burp tools with numerous interfaces between them designed to facilitate and speed up the process of attacking an application. All tools share the same robust framework for handling HTTP requests, authentication, downstream proxies, logging, alerting and extensibility." read more...

Download: http://portswigger.net/suite/download.html

SysAnalyzer: An Automated Malcode Analyzer

2008-07-19T22:08:00.000-07:00

"SysAnalyzer is an automated malcode run time analysis application that monitors various aspects of system and process states. SysAnalyzer was designed to enable analysts to quickly build a comprehensive report as to the actions a binary takes on a system. SysAnalyzer can automatically monitor and compare: Running Processes, Open Ports, Loaded Drivers, Injected Libraries, Key Registry Changes, APIs called by a target process, File Modifications, HTTP, IRC, and DNS traffic. SysAnalyzer also comes with a ProcessAnalyzer tool which can perform the following tasks: Create a memory dump of target process, parse memory dump for strings, parse strings output for exe, reg, and url references and scan memory dump for known exploit signatures." read more...

Website: http://labs.idefense.com/software/malcode.php

Honeywall CDROM

2008-07-19T21:52:00.000-07:00

"The Honeywall CDROM is a bootable CD that copies all the functionality of a Honeywall onto a hard drive. It comes with all the tools and functionality for you to implement data capture, data control, and data analysis. It creates an architecture that allows you to deploy both low-interaction and high-interaction honeypots within it. The purpose of the Honeywall CDROM is to make it easier to deploy, manage, and derive value from honeynet technologies. The CDROM supports several configuration methods, including an interactive menu and .iso customization scripts. The CDROM is an appliance, based on a minimized and secured Linux OS." read more...

Website: https://projects.honeynet.org/honeywall

BackTrack: Penetration Testing Live CD

2008-07-19T21:40:00.000-07:00

"BackTrack is the most Top rated Linux live distribution focused on penetration testing. With no installation whatsoever, the analysis platform is started directly from the CD-Rom and is fully accessible within minutes. It’s evolved from the merge of the two wide spread distributions Whax and Auditor Security Collection. BackTrack has a long history and was based on many different linux distribution until it is now based on a Slackware linux distribution and the corresponding live-CD scripts. Every packet, kernel configuration and scripts are optimized to be used by security penetration testers. Patches and automatism have been added, applied or developed to provide a neat and ready-to-go environment." read more...

Website: http://www.remote-exploit.org/backtrack.html

NST: Network Security Toolkit

2008-07-19T19:45:00.000-07:00

"NST is a bootable ISO live CD is based on Fedora. The toolkit was designed to provide easy access to best-of-breed Open Source Network Security Applications and should run on most x86 platforms. The main intent of developing this toolkit was to provide the network security administrator with a comprehensive set of Open Source Network Security Tools. The majority of tools published in the article: Top 100 Security Tools by insecure.org are available in the toolkit." read more...

Download: http://sourceforge.net/projects/nst

STD: Security Tools Distribution

2008-07-19T19:07:00.000-07:00

"STD is a Linux-based Security Tool. Actually, it is a collection of hundreds if not thousands of open source security tools. It's a Live Linux Distro, which means it runs from a bootable CD in memory without changing the native operating system of the host computer. Its sole purpose in life is to put as many security tools at your disposal with as slick an interface as it can." read more...

Website: http://www.knoppix-std.org

Ratproxy: A Web Application Security Audit Tool

2008-07-19T17:03:00.000-07:00

"A semi-automated, largely passive web application security audit tool, optimized for an accurate and sensitive detection, and automatic annotation, of potential problems and security-relevant design patterns based on the observation of existing, user-initiated traffic in complex web 2.0 environments. Detects and prioritizes broad classes of security problems, such as dynamic cross-site trust model considerations, script inclusion issues, content serving problems, insufficient XSRF and XSS defenses, and much more." read more...

Website: http://code.google.com/p/ratproxy

msramdmp: McGrew Security RAM Dumper

2008-07-19T14:19:00.000-07:00

"Creating bootable USB drives for capturing the contents of memory: A short while back, a paper was published by researchers at Princeton University, in which they talk about the process of recovering encryption keys out of memory after a cold boot. This was surprising to many people, as most just assume that, since RAM is volatile storage, it is erased when power is removed. This is an incorrect assumption." read more...

Website: http://mcgrewsecurity.com/projects/msramdmp

Hping: TCP/IP Packet Assembler/Analyzer

2008-07-19T14:09:00.000-07:00

"Hping is a command-line oriented TCP/IP packet assembler/analyzer. The interface is inspired to the ping(8) unix command, but hping isn't only able to send ICMP echo requests. It supports TCP, UDP, ICMP and RAW-IP protocols, has a traceroute mode, the ability to send files between a covered channel, and many other features." read more...

Download: http://www.hping.org/download.php

Nmap - Free Security Scanner

2008-07-19T13:59:00.000-07:00

"Nmap is a free and open source utility for network exploration or security auditing. Many systems and network administrators also find it useful for tasks such as network inventory, managing service upgrade schedules, and monitoring host or service uptime. Nmap uses raw IP packets in novel ways to determine what hosts are available on the network, what services (application name and version) those hosts are offering, what operating systems (and OS versions) they are running, what type of packet filters/firewalls are in use, and dozens of other characteristics. It was designed to rapidly scan large networks, but works fine against single hosts. Nmap runs on all major computer operating systems, and both console and graphical versions are available." read more...

Website: http://nmap.org

Scapy: A Powerful Packet Manipulation Tool

2008-07-19T13:53:00.000-07:00

" Scapy is a powerful interactive packet manipulation program. It is able to forge or decode packets of a wide number of protocols, send them on the wire, capture them, match requests and replies, and much more. It can easily handle most classical tasks like scanning, tracerouting, probing, unit tests, attacks or network discovery (it can replace hping, 85% of nmap, arpspoof, arp-sk, arping, tcpdump, tethereal, p0f, etc.). It also performs very well at a lot of other specific tasks that most other tools can't handle, like sending invalid frames, injecting your own 802.11 frames, combining technics (VLAN hopping+ARP cache poisoning, VOIP decoding on WEP encrypted channel, ...), etc." read more...

Website: http://www.secdev.org/projects/scapy

SSL Man in the Middle Proxy

2008-07-18T15:59:00.000-07:00

"mitm-proxy is an Java-based SSL proxy that acts as a "man in the middle". In other words, proxied HTTPS requests are terminated by the proxy and resent to the remote webserver. The server certificates presented to the client (i.e. a web browser) are dynamically generated/signed by the proxy and contain most of the same fields as the original webserver certificate. The subject DN, serial number, validity dates, and extensions are preserved. However, the issuer DN is now set to the name of the proxy's self-signed certificate and the public/private keys of the proxy are used in creating the forged certificate. These forged certificates are cached (in memory) by the proxy, for better performance." read more...

Download: http://crypto.stanford.edu/ssl-mitm/#download

PacketStormSecurity.org

2008-07-18T14:23:00.000-07:00

"Packet Storm offers an abundant resource of up-to-date and historical security tools, exploits, and advisories. We are a non-profit organization comprised of security professionals that are dedicated to providing the information necessary to secure networks on a global scale. We accomplish this goal by publishing new security information on a global network of websites. " read more...

Website: http://packetstormsecurity.org

Crypto++ Library

2008-07-18T10:46:00.000-07:00

Crypto++ Library is a free C++ class library of cryptographic schemes. This library supports following algorithms: Panama, Salsa20, Sosemanuk,ES (Rijndael), RC6, MARS, Twofish, Serpent, CAST-256, IDEA, Triple-DES (DES-EDE2 and DES-EDE3), Camellia, RC5, Blowfish, TEA, XTEA, Skipjack, SHACAL-2, VMAC, HMAC, CBC-MAC, DMAC, Two-Track-MAC, SHA-1, SHA-2 (SHA-224, SHA-256, SHA-384, and SHA-512), Tiger, WHIRLPOOL, RIPEMD-128, RIPEMD-256, RIPEMD-160, RIPEMD-320, RSA, DSA, ElGamal, Nyberg-Rueppel (NR), Rabin, Rabin-Williams (RW), LUC, LUCELG, DLIES (variants of DHAES), ESIGN, Diffie-Hellman (DH), Unified Diffie-Hellman (DH2), Menezes-Qu-Vanstone (MQV), LUCDIF, XTR-DH, ECDSA, ECNR, ECIES, ECDH, ECMQV.

Website: http://www.cryptopp.com

Honeyd - Network Rhapsody for You

2008-07-18T10:26:00.001-07:00

"Honeyd is a small daemon that creates virtual hosts on a network. The hosts can be configured to run arbitrary services, and their personality can be adapted so that they appear to be running certain operating systems. Honeyd enables a single host to claim multiple addresses - I have tested up to 65536 - on a LAN for network simulation. Honeyd improves cyber security by providing mechanisms for threat detection and assessment. It also deters adversaries by hiding real systems in the middle of virtual systems." read more...

Website: http://www.honeyd.org

Helix - Incident Response & Computer Forensics Live CD

2008-07-18T10:19:00.000-07:00

"Helix is a customized distribution of the Knoppix Live Linux CD. Helix is more than just a bootable live CD. You can still boot into a customized Linux environment that includes customized linux kernels, excellent hardware detection and many applications dedicated to Incident Response and Forensics.

Helix has been modified very carefully to NOT touch the host computer in any way and it is forensically sound. Helix wil not auto mount swap space, or auto mount any attached devices. Helix also has a special Windows autorun side for Incident Response and Forensics." read more...

Download: http://www.e-fense.com/helix/downloads.php

Clam AntiVirus

2008-07-18T09:48:00.000-07:00

"Clam AntiVirus is an open source (GPL) anti-virus toolkit for UNIX, designed especially for e-mail scanning on mail gateways. It provides a number of utilities including a flexible and scalable multi-threaded daemon, a command line scanner and advanced tool for automatic database updates. The core of the package is an anti-virus engine available in a form of shared library." read more...

Website: http://www.clamav.net

Nikto: A Web Server Scanner

2008-07-18T09:38:00.000-07:00

"Nikto is an Open Source (GPL) web server scanner which performs comprehensive tests against web servers for multiple items, including over 3500 potentially dangerous files/CGIs, versions on over 900 servers, and version specific problems on over 250 servers. Scan items and plugins are frequently updated and can be automatically updated (if desired).

Nikto is not designed as an overly stealthy tool. It will test a web server in the shortest timespan possible, and it's fairly obvious in log files. However, there is support for LibWhisker's anti-IDS methods in case you want to give it a try (or test your IDS system)." read more...

Website: http://www.cirt.net/nikto2

WinPcap: The Windows Packet Capture Library

2008-07-18T09:19:00.000-07:00

"WinPcap is the industry-standard tool for link-layer network access in Windows environments: it allows applications to capture and transmit network packets bypassing the protocol stack, and has additional useful features, including kernel-level packet filtering, a network statistics engine and support for remote packet capture.

WinPcap consists of a driver, that extends the operating system to provide low-level network access, and a library that is used to easily access the low-level network layers. This library also contains the Windows version of the well known libpcap Unix API." read more...

Website: http://www.winpcap.org

Open Reverse Code Engineering Community

2008-07-18T07:59:00.000-07:00

"OpenRCE.org founded in June of 2005 as the brainchild of Pedram Amini, the Open Reverse Code Engineering community was created to foster a shared learning environment among researchers interested in the field of reverse engineering. Heavily modeled on the architecture of Greg Hoglund's rootkit.com, OpenRCE aims to serve as a centralized r esource for reverse engineers (currently heavilywin32/security/malcode biased) by hosting files, blogs, forums articles and more." read more...

Website: http://www.openrce.org

Portable Executable File Viewer/Disassembler

2008-07-18T07:41:00.000-07:00

"PEBrowse Professional is a static-analysis tool and disassembler for Win32/Win64 executables and Microsoft .NET assemblies produced according to the Portable Executable specifications published by Microsoft. For Microsoft Windows Vista, Windows XP, Windows 2000, and others.

With the PEBrowse disassembler, one can open and examine any executable without the need to have it loaded as part of an active process with a debugger. Applications, system DLLs, device-drivers and Microsoft .NET assemblies are all candidates for offline analysis using PEBrowse." read more...

Download:
http://www.smidgeonsoft.com/download/PEBrowse.zip

OpenSSL: The Open Source toolkit for SSL/TLS

2008-07-17T21:40:00.000-07:00

" The OpenSSL Project is a collaborative effort to develop a robust, commercial grade, full featured, and Open Source toolkit implementing the Secure Sockets Layer (SSL) and Transport Layer Security (TLSv1) protocols as well as a full-strength general purpose cryptography library. The project is managed by a worldwide community of volunteers that use the Internet to communicate, plan, and develop the OpenSSL toolkit and its related documentation. " read more...

Website: http://www.openssl.org

Snort - An Intrusion Detection/Prevention System

2008-07-17T21:00:00.000-07:00

"SNORT^® is an open source network intrusion prevention and detection system utilizing a rule-driven language, which combines the benefits of signature, protocol and anomaly based inspection methods. With millions of downloads to date, Snort is the most widely deployed intrusion detection and prevention technology worldwide and has become the de facto standard for the industry." read more...

Download: http://www.snort.org/dl/

Sysinternals utilities

2008-07-17T16:24:00.000-07:00

"One of my favorite set of free developer utilities on Windows is the sysinternals.com collection. Whether it's filemon to see what's writing to a file, regmon for the registry or process explorer to see what DLLs are in action (and much more), I find myself reaching for one or more utilities several times a year. Of course Microsoft bought the site a couple of years ago and the domain now redirects into Microsoft's site which thankfully is a bit quicker than it used to be." read more...

Website: http://sysinternals.com

Wireshark - A Network Protocol Analyzer

2008-07-17T13:24:00.000-07:00

"Wireshark is the world's foremost network protocol analyzer, and is the de facto (and often de jure) standard across many industries and educational institutions.

Wireshark development thrives thanks to the contributions of networking experts across the globe. It is the continuation of a project that started in 1998." read more...

Website: http://www.wireshark.org

OllyDbg - A Powerful Debugger

2008-07-17T13:12:00.000-07:00

"OllyDbg is a 32-bit assembler level analyzing debugger for Microsoft Windows. Emphasis on binary code analysis makes it particularly useful in cases where source is unavailable. It predicts contents of registers, recognizes procedures, API calls, switches, tables, constants and strings, locates routines from object files and libraries, allows custom labels and comments in disassembled code, writes patches back to executable file and more." read more...

Website: http://www.OllyDbg.de