1. Nmap
I think everyone has heard of this one, recently evolved into the 4.x series.
Nmap (Network Mapper) is a free open source utility for network exploration
or security auditing. It was designed to rapidly scan large networks, although
it works fine against single hosts. Nmap uses raw IP packets in novel ways to
determine what hosts are available on the network, what services (application
name and version) those hosts are offering, what operating systems (and OS
versions) they are running, what type of packet filters/firewalls are in use,
and dozens of other characteristics. Nmap runs on most types of computers and
both console and graphical versions are available. Nmap is free and open source.
or security auditing. It was designed to rapidly scan large networks, although
it works fine against single hosts. Nmap uses raw IP packets in novel ways to
determine what hosts are available on the network, what services (application
name and version) those hosts are offering, what operating systems (and OS
versions) they are running, what type of packet filters/firewalls are in use,
and dozens of other characteristics. Nmap runs on most types of computers and
both console and graphical versions are available. Nmap is free and open source.
Can be used by beginners (-sT) or by pros alike (packet_trace). A very
versatile tool, once you fully understand the results.
versatile tool, once you fully understand the results.
Get Nmap Here - http://www.insecure.org/nmap/download.html
2. Nessus Remote Security Scanner
Recently went closed source, but is still essentially free. Works with a client-
server framework.
server framework.
Nessus is the worlds most popular vulnerability scanner used in over 75,000
organizations world-wide. Many of the worlds largest organizations are
realizing significant cost savings by using Nessus to audit business-critical
enterprise devices and applications.
organizations world-wide. Many of the worlds largest organizations are
realizing significant cost savings by using Nessus to audit business-critical
enterprise devices and applications.
Get Nessus Here - http://www.nessus.org/download/
3. John the Ripper
Yes, JTR 1.7 was recently released!
John the Ripper is a fast password cracker, currently available for many
flavors of Unix (11 are officially supported, not counting different
architectures), DOS, Win32, BeOS, and OpenVMS. Its primary purpose is to detect
weak Unix passwords. Besides several crypt(3) password hash types most commonly
found on various Unix flavors, supported out of the box are Kerberos AFS and
Windows NT/2000/XP/2003 LM hashes, plus several more with contributed patches.
flavors of Unix (11 are officially supported, not counting different
architectures), DOS, Win32, BeOS, and OpenVMS. Its primary purpose is to detect
weak Unix passwords. Besides several crypt(3) password hash types most commonly
found on various Unix flavors, supported out of the box are Kerberos AFS and
Windows NT/2000/XP/2003 LM hashes, plus several more with contributed patches.
You can get JTR Here - http://www.openwall.com/john/
4. Nikto
Nikto is an Open Source (GPL) web server scanner which performs comprehensive
tests against web servers for multiple items, including over 3200 potentially
dangerous files/CGIs, versions on over 625 servers, and version specific
problems on over 230 servers. Scan items and plugins are frequently updated and
can be automatically updated (if desired).
tests against web servers for multiple items, including over 3200 potentially
dangerous files/CGIs, versions on over 625 servers, and version specific
problems on over 230 servers. Scan items and plugins are frequently updated and
can be automatically updated (if desired).
Nikto is a good CGI scanner, there are some other tools that go well with Nikto
(focus on http fingerprinting or Google hacking/info gathering etc, another
article for just those).
(focus on http fingerprinting or Google hacking/info gathering etc, another
article for just those).
Get Nikto Here - http://www.cirt.net/code/nikto.shtml
5. SuperScan
Powerful TCP port scanner, pinger, resolver. SuperScan 4 is an update of the
highly popular Windows port scanning tool, SuperScan.
highly popular Windows port scanning tool, SuperScan.
If you need an alternative for nmap on Windows with a decent interface, I
suggest you check this out, it’s pretty nice.
suggest you check this out, it’s pretty nice.
Get SuperScan Here - http://www.foundstone.com/index.htm
subnav=resources/navigation.htm&subcontent=/resources/proddesc/superscan4.htm
subnav=resources/navigation.htm&subcontent=/resources/proddesc/superscan4.htm
6. p0f
P0f v2 is a versatile passive OS fingerprinting tool. P0f can identify the
operating system on:
operating system on:
- machines that connect to your box (SYN mode),
- machines you connect to (SYN+ACK mode),
- machine you cannot connect to (RST+ mode),
- machines whose communications you can observe.
- machines you connect to (SYN+ACK mode),
- machine you cannot connect to (RST+ mode),
- machines whose communications you can observe.
Basically it can fingerprint anything, just by listening, it doesn’t make ANY
active connections to the target machine.
active connections to the target machine.
Get p0f Here - http://lcamtuf.coredump.cx/p0f/p0f.shtml
7. Wireshark (Formely Ethereal)
Wireshark is a GTK+-based network protocol analyzer, or sniffer, that lets you
capture and interactively browse the contents of network frames. The goal of
the project is to create a commercial-quality analyzer for Unix and to give
Wireshark features that are missing from closed-source sniffers.
capture and interactively browse the contents of network frames. The goal of
the project is to create a commercial-quality analyzer for Unix and to give
Wireshark features that are missing from closed-source sniffers.
Works great on both Linux and Windows (with a GUI), easy to use and can
reconstruct TCP/IP Streams! Will do a tutorial on Wireshark later.
reconstruct TCP/IP Streams! Will do a tutorial on Wireshark later.
Get Wireshark Here - http://www.wireshark.org/
8. Yersinia
Yersinia is a network tool designed to take advantage of some weakeness in
different Layer 2 protocols. It pretends to be a solid framework for analyzing
and testing the deployed networks and systems. Currently, the following network
protocols are implemented: Spanning Tree Protocol (STP), Cisco Discovery
Protocol (CDP), Dynamic Trunking Protocol (DTP), Dynamic Host Configuration
Protocol (DHCP), Hot Standby Router Protocol (HSRP), IEEE 802.1q, Inter-Switch
Link Protocol (ISL), VLAN Trunking Protocol (VTP).
different Layer 2 protocols. It pretends to be a solid framework for analyzing
and testing the deployed networks and systems. Currently, the following network
protocols are implemented: Spanning Tree Protocol (STP), Cisco Discovery
Protocol (CDP), Dynamic Trunking Protocol (DTP), Dynamic Host Configuration
Protocol (DHCP), Hot Standby Router Protocol (HSRP), IEEE 802.1q, Inter-Switch
Link Protocol (ISL), VLAN Trunking Protocol (VTP).
The best Layer 2 kit there is.
Get Yersinia Here - http://yersinia.sourceforge.net/
9. Eraser
Eraser is an advanced security tool (for Windows), which allows you to
completely remove sensitive data from your hard drive by overwriting it several
times with carefully selected patterns. Works with Windows 95, 98, ME, NT,
2000, XP and DOS. Eraser is Free software and its source code is released under
GNU General Public License.
completely remove sensitive data from your hard drive by overwriting it several
times with carefully selected patterns. Works with Windows 95, 98, ME, NT,
2000, XP and DOS. Eraser is Free software and its source code is released under
GNU General Public License.
An excellent tool for keeping your data really safe, if you’ve deleted it..make
sure it’s really gone, you don’t want it hanging around to bite you in the ass.
sure it’s really gone, you don’t want it hanging around to bite you in the ass.
Get Eraser Here - http://www.heidi.ie/eraser/download.php
10. PuTTY
PuTTY is a free implementation of Telnet and SSH for Win32 and Unix platforms,
along with an xterm terminal emulator. A must have for any h4. 0r wanting to
telnet or SSH from Windows without having to use the crappy default MS command
line clients.
along with an xterm terminal emulator. A must have for any h4. 0r wanting to
telnet or SSH from Windows without having to use the crappy default MS command
line clients.
Get PuTTY Here. - http://www.chiark.greenend.org.uk/~sgtatham/putty/
11. LCP
Main purpose of LCP program is user account passwords auditing and recovery in
Windows NT/2000/XP/2003. Accounts information import, Passwords recovery, Brute
force session distribution, Hashes computing.
Windows NT/2000/XP/2003. Accounts information import, Passwords recovery, Brute
force session distribution, Hashes computing.
A good free alternative to L0phtcrack.
LCP was briefly mentioned in our well read Rainbow Tables and RainbowCrack
article.
article.
Get LCP Here - http://www.lcpsoft.com/english/download.htm
12. Cain and Abel
My personal favourite for password cracking of any kind.
Cain & Abel is a password recovery tool for Microsoft Operating Systems. It
allows easy recovery of various kind of passwords by sniffing the network,
cracking encrypted passwords using Dictionary, Brute-Force and Cryptanalysis
attacks, recording VoIP conversations, decoding scrambled passwords, revealing
password boxes, uncovering cached passwords and analyzing routing protocols.
The program does not exploit any software vulnerabilities or bugs that could
not be fixed with little effort.
allows easy recovery of various kind of passwords by sniffing the network,
cracking encrypted passwords using Dictionary, Brute-Force and Cryptanalysis
attacks, recording VoIP conversations, decoding scrambled passwords, revealing
password boxes, uncovering cached passwords and analyzing routing protocols.
The program does not exploit any software vulnerabilities or bugs that could
not be fixed with little effort.
Get Cain and Abel Here - http://www.oxid.it/cain.html
13. Kismet
Kismet is an 802.11 layer2 wireless network detector, sniffer, and intrusion
detection system. Kismet will work with any wireless card which supports raw
monitoring (rfmon) mode, and can sniff 802.11b, 802.11a, and 802.11g traffic.
detection system. Kismet will work with any wireless card which supports raw
monitoring (rfmon) mode, and can sniff 802.11b, 802.11a, and 802.11g traffic.
A good wireless tool as long as your card supports rfmon (look for an orinocco
gold).
gold).
Get Kismet Here - http://www.kismetwireless.net/download.shtml
14. NetStumbler
Yes a decent wireless tool for Windows! Sadly not as powerful as it’s Linux
counterparts, but it’s easy to use and has a nice interface, good for the
basics of war-driving.
counterparts, but it’s easy to use and has a nice interface, good for the
basics of war-driving.
NetStumbler is a tool for Windows that allows you to detect Wireless Local Area
Networks (WLANs) using 802.11b, 802.11a and 802.11g. It has many uses:
Networks (WLANs) using 802.11b, 802.11a and 802.11g. It has many uses:
Verify that your network is set up the way you intended.
Find locations with poor coverage in your WLAN.
Detect other networks that may be causing interference on your network.
Detect unauthorized rogue access points in your workplace.
Help aim directional antennas for long-haul WLAN links.
Use it recreationally for WarDriving.
Find locations with poor coverage in your WLAN.
Detect other networks that may be causing interference on your network.
Detect unauthorized rogue access points in your workplace.
Help aim directional antennas for long-haul WLAN links.
Use it recreationally for WarDriving.
Get NetStumbler Here - http://www.stumbler.net/
15. Hping
To finish off, something a little more advanced if you want to test your TCP/IP
packet monkey skills.
packet monkey skills.
hping is a command-line oriented TCP/IP packet assembler/analyzer. The
interface is inspired to the ping unix command, but hping isn’t only able to
send ICMP echo requests. It supports TCP, UDP, ICMP and RAW-IP protocols, has a
traceroute mode, the ability to send files between a covered channel, and many
other features.
interface is inspired to the ping unix command, but hping isn’t only able to
send ICMP echo requests. It supports TCP, UDP, ICMP and RAW-IP protocols, has a
traceroute mode, the ability to send files between a covered channel, and many
other features.
Get hping Here - http://www.hping.org/
Havij v1.15 Advanced SQL InjectionHavij is an automated SQL Injection tool that helps penetration testers to find and exploit SQL Injection vulnerabilities on a web page.
Download
Ani-Shell
Ani-Shell is a simple PHP shell with some unique features like Mass Mailer , A simple Web-Server Fuzzer , DDoser, Back Connect , Bind Shell etc etc ! This shell has immense capabilities and have been written with some coding standards in mind for better editing and customization.
Customisation
1. Email Trace back is set to Off as default and emails will not be sent , If you are setting
this feature on make sure you change the default email address (lionaneesh@gmail.com)
to Your email address , Please Change it before using.
2. Username and Passwords are set to lionaneesh and lionaneesh respectively , Please change them for better
security.
3. As a default Lock Mode is set to on! This should not be change unless you want your shell exposed.
Default Login
Username : lionaneesh
Password : lionaneesh
Features
Shell
Platform Independent
Mass - Mailer
Small Web-Server Fuzzer
DDoser
Design
Secure Login
Deletion of Files
Bind Shell
Back Connect
Fixed Some Coding errors!
Rename Files
Encoded Title
Traceback (Email Alerts)
PHP Evaluate
Better Command Execution (even supports older version of PHP)
Mass Code Injector (Appender and Overwriter)
Lock Mode Customization
Latest Version Addition
Mail Bomber (With Less Spam detection feature)
PHP Decoder
Better Uploader
Fixed some Coding errors
Download
SQL MAP 0.9
sqlmap 0.9 has been released and has a considerable amount of changes including an almost entirely re-written SQL Injection detection engine.
Sqlmap is an open source penetration testing tool that automates the process of detecting and exploiting SQL injection flaws and taking over of database servers. It comes with a kick-ass detection engine, many niche features for the ultimate penetration tester and a broad range of switches lasting from database fingerprinting, over data fetching from the database, to accessing the underlying file system and executing commands on the operating system via out-of-band connections. Its a good tools for find Sql Vulnerability.
New Features/Changes-->
Rewritten SQL injection detection engine (Bernardo and Miroslav).
Support to directly connect to the database without passing via a SQL injection, -d switch (Bernardo and Miroslav).
Added full support for both time-based blind SQL injection and error-based SQL injection techniques (Bernardo and Miroslav).
Implemented support for SQLite 2 and 3 (Bernardo and Miroslav).
Implemented support for Firebird (Bernardo and Miroslav).
Implemented support for Microsoft Access, Sybase and SAP MaxDB (Miroslav).
Added support to tamper injection data with –tamper switch (Bernardo and Miroslav).
Added automatic recognition of password hashes format and support to crack them with a dictionary-based attack (Miroslav).
Added support to fetch unicode data (Bernardo and Miroslav).
Added support to use persistent HTTP(s) connection for speed improvement, –keep-alive switch (Miroslav).
Implemented several optimization switches to speed up the exploitation of SQL injections (Bernardo and Miroslav).
Support to parse and test forms on target url, –forms switch (Bernardo and Miroslav).
Added switches to brute-force tables names and columns names with a dictionary attack, –common-tables and –common-columns.
Download
DRIL – Domain Reverse IP Lookup Tool:
DRIL (Domain Reverse IP Lookup) Tool is a Reverse Domain Tool that will really be useful for penetration testers to find out the domain names which are listed in the the target host, DRIL is a GUI, JAVA based application which uses a Bing API key.
DRIL has a simple user friendly interface which will be helpful for penetration tester to do their work fast without a mess, this is only tested on Linux but as it is JAVA it should work on Windows too.
There are various other tools which carry out similar tasks..
Download
Net Tools 5.0 (Net Tools 5.x)
This tools is a hacker friendly. Net Tools is a comprehensive set of host monitoring, network scanning, security, administration tools and much more, all with a highly intuitive user interface. It's an ideal tool for those who work in the network security, administration, training, internet forensics or law enforcement internet crimes fields. Net Tools is mainly written in Microsoft Visual Basic 6, Visual C++, Visual C# and Visual Studio .NET.
There has a 175 tools list in one software.. Tools Content
Download
0 comments:
Post a Comment