"dsniff is a collection of tools for network auditing and penetration testing. dsniff, filesnarf, mailsnarf, msgsnarf, urlsnarf, and webspy passively monitor a network for interesting data (passwords, e-mail, files, etc.). arpspoof, dnsspoof, and macof facilitate the interception of network traffic normally unavailable to an attacker (e.g, due to layer-2 switching). sshmitm and webmitm implement active monkey-in-the-middle attacks against redirected SSH and HTTPS sessions by exploiting weak bindings in ad-hoc PKI." read more...
Website: http://www.monkey.org/~dugsong/dsniff/
Website: http://www.monkey.org/~dugsong/dsniff/
John the Ripper
"A powerful, flexible, and fast multi-platform password hash cracker John the Ripper is a fast password cracker, currently available for many flavors of Unix (11 are officially supported, not counting different architectures), DOS, Win32, BeOS, and OpenVMS. Its primary purpose is to detect weak Unix passwords. It supports several crypt(3) password hash types which are most commonly found on various Unix flavors, as well as Kerberos AFS and Windows NT/2000/XP LM hashes. Several other hash types are added with contributed patches. You will want to start with some wordlists, which you can find here or here. "
Website: http://www.openwall.com/johnCain and Abel
"Cain & Abel is a password recovery tool for Microsoft Operating Systems. It allows easy recovery of various kind of passwords by sniffing the network, cracking encrypted passwords using Dictionary, Brute-Force and Cryptanalysis attacks, recording VoIP conversations, decoding scrambled passwords, recovering wireless network keys, revealing password boxes, uncovering cached passwords and analyzing routing protocols. The program does not exploit any software vulnerabilities or bugs that could not be fixed with little effort. It covers some security aspects/weakness present in protocol's standards, authentication methods and caching mechanisms; its main purpose is the simplified recovery of passwords and credentials from various sources, however it also ships some "non standard" utilities for Microsoft Windows users."..
Website: http://www.oxid.it/cain.htmlBacktrack4
The Remote Exploit Development Team has just announced BackTrack 4 Beta. BackTrack is a Linux based LiveCD intended for security testing and we’ve been watching the project since the very early days. They say this new beta is both stable and usable. They’ve moved towards behaving like an actual distribution: it’s based on Debian core, they use Ubuntu software, and they’re running their own BackTrack repositories for future updates. There are a lot of new features, but the one we’re most interested in is the built in Pico card support. You can use the FPGAs to generate rainbow tables and do lookups for things like WPA, GSM, and Bluetooth cracking. BackTrack ISO and VMWare images are available h
Website: http://www.remote-exploit.org
Memoryze
"MANDIANT Memoryze is free memory forensic software that helps incident responders find evil in live memory. Memoryze can acquire and/or analyze memory images, and on live systems can include the paging file in its analysis."
Download: http://fred.mandiant.com/MemoryzeSetup.msi
THC-Hydra
"A very fast network logon cracker which support many different services. Number one of the biggest security holes are passwords, as every password security study shows. Hydra is a parallized login cracker which supports numerous protocols to attack. This tool is a proof of concept code, to give researchers and security consultants the possibility to show how easy it would be to gain unauthorized access from remote to a system."
Website: http://freeworld.thc.org/thc-hydra
Samurai: Web Testing Framework
"The Samurai Web Testing Framework is a live linux environment that has been pre-configured to function as a web pen-testing environment. The CD contains the best of the open source and free tools that focus on testing and attacking websites. In developing this environment, we have based our tool selection on the tools we use in our security practice. We have included the tools used in all four steps of a web pen-test.
Website: http://samurai.inguardians.com
OdysseusL
"Odysseus is a tool designed for testing the security of web applications. Odysseus is a proxy server, which acts as a man-in-the-middle during an HTTP session. A typical HTTP proxy will relay packets to and from a client browser and a web server. Odysseus will intercept an HTTP session's data in either direction and give the user the ability to alter the data before transmission. For example, during a normal HTTP SSL connection a typical proxy will relay the session between the server and the client and allow the two end nodes to negotiate SSL. In contrast, when in intercept mode, Odysseus will pretend to be the server and negotiate two SSL sessions, one with the client browser and another with the web server."
Download: http://www.bindshell.net/tools/odysseus
Download: http://www.bindshell.net/tools/odysseus
ShellForge
"ShellForge is a python program that builds shellcodes from C. It is inspired from Stealth'sHellkit. Some wrapper functions arround system calls are defined in header files. The C program uses them instead of libc calls. ShellForge uses gcc to convert it into assembler. It then modifies it a bit, compiles it, extract code from the object, may encode it and add a loader at the begining."
BeEF: Browser Exploitation Framework
"BeEF is the browser exploitation framework. A professional tool to demonstrate the real-time impact of XSS browser vulnerabilities. Development has focused on creating a modular structure making new module development a trivial process with the intelligence residing within BeEF. Current modules include the first public Inter-protocol Exploit, a traditional browser overflow exploit, port scanning, keylogging, clipboard theft and more."
Website: http://www.bindshell.net/tools/beef
Website: http://www.bindshell.net/tools/beef
Exploit-Me
"Exploit-Me is a suite of Firefox web application security testing tools designed to be lightweight and easy to use. The Exploit-Me series was originally introduced at the SecTor conference in Toronto. The slides for the presentation areavailable for download. Along with this SecTor is making the audio of the talk available."
Website: http://securitycompass.com/exploitme.shtml
DirBuster: Brute Force Web Directories
"DirBuster is a multi threaded java application designed to brute force directories and files names on web/application servers. Often is the case now of what looks like a web server in a state of default installation is actually not, and has pages and applications hidden within. DirBuster attempts to find these. However tools of this nature are often as only good as the directory and file list they come with. A different approach was taken to generating this. The list was generated from scratch, by crawling the Internet and collecting the directory and files that are actually used by developers! DirBuster comes a total of 9 different lists (Further information can be found below), this makes DirBuster extremely effective at finding those hidden files and directories. And if that was not enough DirBuster also has the option to perform a pure brute force, which leaves the hidden directories and files nowhere to hide! If you have the time ;
Download: https://sourceforge.net/projects/dirbuster
Download: https://sourceforge.net/projects/dirbuster
W3AF
"W3AF is a Web Application Attack and Audit Framework. The project goal is to create a framework to find and exploit web application vulnerabilities that is easy to use and extend. This project is currently hosted at SourceForge."
Website: http://w3af.sourceforge.net
OSWA™
"The OSWA™-Assistant is a self-contained, no Operating System required, freely downloadable, standalone toolkit which is solely focused on wireless auditing. As a result, in addition to the usual WiFi (802.11) auditing tools, it also covers Bluetooth and RFID auditing. Using the toolkit is as easy as popping it into your computer's CDROM and making your computer boot from it!"
Website: http://oswa-assistant.securitystartshere.org
Ettercap: Man In The Middle (MITM)
"Ettercap is a suite for man in the middle attacks on LAN. It features sniffing of live connections, content filtering on the fly and many other interesting tricks. It supports active and passive dissection of many protocols (even ciphered ones) and includes many feature for network and host analysis.
Website: http://ettercap.sourceforge.net
RainbowCrack
"RainbowCrack is a general purpose implementation of Philippe Oechslin's faster time-memory trade-off technique. In short, the RainbowCrack tool is a hash cracker. A traditional brute force cracker try all possible plaintexts one by one in cracking time. It is time consuming to break complex password in this way. The idea of time-memory trade-off is to do all cracking time computation in advance and store the result in files so called "rainbow table". It does take a long time to precompute the tables. But once the one time precomputation is finished, a time-memory trade-off cracker can be hundreds of times faster than a brute force cracker, with the help of precomputed tables.
Website: http://www.antsight.com/zsl/rainbowcrack
Ophcrack
" Ophcrack is an open source (GPL license) program that cracks Windows LM hashes using rainbow tables. The program includes the ability to import the hashes from a variety of formats, including dumping directly from the SAM files of Windows. There is also a Live CD version which automates the retrieval, decryption, and cracking of passwords from a Windows system. Rainbow tables for LM hashes of alphanumeric passwords are provided for free by the developers. These tables can crack 99.9% of alphanumeric passwords of up to 14 characters in usually a few seconds, and at most a few minutes. Larger rainbow tables (for LM hashes of passwords with all printable characters, including symbols and space) are available for purchase from Objectif Securité. Starting with version 2.3, Ophcrack also cracks NT hashes. This is necessary if generation of the LM hash is disabled (this is default on Windows Vista), or if the password is longer than 14 characters (in which case the LM hash is not stored).
Website: http://ophcrack.sourceforge.net
Airpwn: A Wireless Packet Injector
"Airpwn is a framework for 802.11 (wireless) packet injection. Airpwn listens to incoming wireless packets, and if the data matches a pattern specified in the config files, custom content is injected "spoofed" from the wireless access point. From the perspective of the wireless client, airpwn becomes the server." read more...
Website: http://airpwn.sourceforge.net
PHoss: A Password Sniffer
"PHoss is a sniffer. A normal sniffer software is designed to find problems in data communication on the network. PHoss is designed to know some protocols which use (or may use) clear text passwords. Many protocols are designed to use secure authentication. For fallback they define a lowest level of authentication using clear text. Many companies use this lowest fallback definition as standard setting to make the product working in many environments."
Download: http://www.phenoelit-us.org/phoss/download.html
DMitry: Deepmagic Information Gathering Tool
"DMitry (Deepmagic Information Gathering Tool) is a UNIX/(GNU)Linux Command Line Application coded in C. DMitry has the ability to gather as much information as possible about a host. Base functionality is able to gather possible subdomains, email addresses, uptime information, tcp port scan, whois lookups, and more
Download: http://packetstormsecurity.org/UNIX/misc/DMitry-1.2a.tar.gz
snmpcheck
"snmpcheck is a free open source utility to get information via SNMP protocols. It works fine against Windows, Linux, Cisco, HP-UX, SunOS systems and any devices with SNMP protocol support. It could be useful for penetration testing or systems monitoring. snmpcheck has been tested on GNU/Linux, *BSD, Windows systems and Cygwin. snmpcheck is distributed under GPL license and based on Athena-2k script by jshaw. "
Website: http://www.nothink.org/perl/snmpcheck
fragroute
"fragroute intercepts, modifies, and rewrites egress traffic destined for a specified host, implementing most of the attacks described in the Secure Networks "Insertion, Evasion, and Denial of Service: Eluding Network Intrusion Detection" paper of January 1998. It features a simple ruleset language to delay, duplicate, drop, fragment, overlap, print, reorder, segment, source-route, or otherwise monkey with all outbound packets destined for a target host, with minimal support for randomized or probabilistic behaviour. This tool was written in good faith to aid in the testing of network intrusion detection systems, firewalls, and basic TCP/IP stack behaviour."
Website: http://monkey.org/~dugsong/fragroute
Nemesis: A Packet Injection Utility
"Nemesis is a command-line network packet injection utility for UNIX-like and Windows systems. You might think of it as an EZ-bake packet oven or a manually controlled IP stack. With Nemesis, it is possible to generate and transmit packets from the command line or from within a shell script. Nemesis attacks directed through fragrouter could be a most powerful combination for the system auditor to find security problems that could then be reported to the vendor(s).
Website: http://www.packetfactory.net/projects/nemesis
WEDNESDAY, AUGUST 6, 2008
Aircrack-ng: The Next Generation of Aircrack
"Aircrack-ng is an 802.11 WEP and WPA-PSK keys cracking program that can recover keys once enough data packets have been captured. It implements the standard FMS attack along with some optimizations like KoreK attacks, as well as the all-new PTW attack, thus making the attack much faster compared to other WEP cracking tools. In fact, Aircrack-ng is a set of tools for auditing wireless networks."
Website: http://www.aircrack-ng.org
OpenVAS
"OpenVAS stands for Open Vulnerability Assessment System and is a network security scanner with associated tools like a graphical user front-end. The core is a server component with a set of network vulnerability tests (NVTs) to detect security problems in remote systems and applications."
Website: http://www.openvas.org
ngrep: network grep
"ngrep strives to provide most of GNU grep's common features, applying them to the network layer. ngrep is a pcap-aware tool that will allow you to specify extended regular or hexadecimal expressions to match against data payloads of packets. It currently recognizes TCP, UDP, ICMP, IGMP and Raw protocols across Ethernet, PPP, SLIP, FDDI, Token Ring, 802.11 and null interfaces, and understands bpf filter logic in the same fashion as more common packet sniffing tools, such as tcpdump and snoop."
Website: http://www.packetfactory.net/projects/ngrep
XPROBE: Active OS fingerprinting tool
"Remote OS identification using ICMP packets Xprobe allows you to determine what operating system is running on a remote host. It sends several packets to a host and analyses the returned ICMP packets. The tool automates a logic of OS fingerprinting methods called "X". Xprobe's functionality is comparable to the OS fingerprinting feature in nmap, but has several advantages over it: - Faster: A maximum of 4 packets are sent to determine the remote OS. - Can detect whether the host is up, so pinging is no longer necessary. - Stealthier: Does not send any malformed datagrams. - Can distinguish between many variants of Microsoft operating systems.
Website: http://xprobe.sourceforge.net
OpenXPKI
" The OpenXPKI Project aims at creating an enterprise-grade PKI/Trustcenter software supporting well established infrastructure components like RDBMS and Hardware Security Modules. Flexibility and modularity are the project's key design objectives. Unlike many other OpenSource PKI projects OpenXPKI offers powerful features necessary for professional environments that are usually only found in commercial grade PKI products. However, we also target small scale installations by providing quick-start configuration examples that allow to get a usable PKI running quickly."
Website: http://www.openxpki.org
JOSPKI Suite
"Suite of services and tools for handling PKI requirements. The initial list of programs contains: 1) a viewer/encoding converter for X.509 certificates, 2) a viewer/editor/generator for PKCS#7 and 3) a viewer/editor/generator for various keystores types."
Website: http://jospkisuite.sourceforge.net
Odyssi: Certificate Authority Server
"The Odyssi CA Server is an enterprise-class certificate authority server, allowing an organization to build and deploy a full-fledged PKI. When completed, it will support most major existing PKI standards, while providing complete customizability in deployment. Odyssi CA is designed for today's identity management needs. By leveraging PKI, your organization will be able to effectively secure the identities of its users. This will provide your users with strong network authentication, e-mail signing and encryption, and wireless network access."
Website: http://odyssipki.sourceforge.net
III ASN.1 Tool
"The III ASN.1 Tool includes two parts : an ASN.1 compiler "asnparser" which compiles the Abstract Syntax to c++ files, and a runtime library which is used to link with the c++ files generated by asnparser. Based on the works of Open H.323 projects, it is developed for the needs of H.450 series protocol. Hence, it supports the information object class defined in X.681."
Website: http://iiiasn1.sourceforge.net
Website: http://iiiasn1.sourceforge.net
Yersinia
"Yersinia is a network tool designed to take advantage of some weakeness in different network protocols, It is useful for penetration testing. It pretends to be a solid framework for analyzing and testing the deployed networks and systems. Currently, attacks for the following network protocols are implemented; Spanning Tree Protocol (STP), Cisco Discovery Protocol (CDP), Dynamic Trunking Protocol (DTP), Dynamic Host Configuration Protocol (DHCP), Hot Standby Router Protocol (HSRP), 802.1q,802.1x, Inter-Switch Link Protocol (ISL) and VLAN Trunking Protocol (VTP)."
Website: http://www.yersinia.netLaBrea: "Sticky" Honeypot and IDS
"LaBrea takes over unused IP addresses, and creates virtual servers that are attractive to worms, hackers, and other denizens of the Internet. The program answers connection attempts in such a way that the machine at the other end gets "stuck", sometimes for a very long time."
Website: http://labrea.sourceforge.net
The Metasploit Framework
"The Metasploit Framework is a development platform for creating security tools and exploits. The framework is used by network security professionals to perform penetration tests, system administrators to verify patch installations, product vendors to perform regression testing, and security researchers world-wide. The framework is written in the Ruby programming language and includes components written in C and assembler."
Website: http://www.metasploit.com
Kismet: Wireless Packet Analyzer
"Kismet is an 802.11 layer2 wireless network detector, sniffer, and intrusion detection system. Kismet will work with any wireless card which supports raw monitoring (rfmon) mode, and can sniff 802.11b, 802.11a, and 802.11g traffic. Kismet identifies networks by passively collecting packets and detecting standard named networks, detecting (and given time, decloaking) hidden networks, and infering the presence of nonbeaconing networks via data traffic."
Website: http://www.kismetwireless.net
Tor: anonymity online
"Tor is a software project that helps you defend against traffic analysis, a form of network surveillance that threatens personal freedom and privacy, confidential business activities and relationships, and state security. Tor protects you by bouncing your communications around a distributed network of relays run by volunteers all around the world: it prevents somebody watching your Internet connection from learning what sites you visit, and it prevents the sites you visit from learning your physical location. Tor works with many of your existing applications, including web browsers, instant messaging clients, remote login, and other applications based on the TCP protocol.
Privoxy
"Privoxy is a non-caching web proxy with advanced filtering capabilities for enhancing privacy, modifying web page data, managing HTTP cookies, controlling access, and removing ads, banners, pop-ups and other obnoxious Internet junk. Privoxy has a flexible configuration and can be customized to suit individual needs and tastes. Privoxy has application for both stand-alone systems and multi-user networks."
Winpooch
FRIDAY, JULY 25, 2008
SpamAssassin: An Open Source E-mail Filter
"No list of open-source security tools would be complete without SpamAssassin. A two-timeDatamation Product of the Year winner, this anti-spam tool is the "secret sauce" behind a number of commercial products, as well as being put to good use by a number of e-mail hosting vendors and spam filtering vendors. Experts often recognize SpamAssassin as the best open-source anti-spam tool available."
Website: http://spamassassin.apache.org
WEDNESDAY, JULY 23, 2008
PKIF: The PKI Framework
"PKIF is a full-featured, standards compliant PKIenablement library. Its goal is to make it easy for your applications to take advantage of your PKI. PKIF runs on Windows and UNIX systems and is written in C++ with bindings for C# (andCOM/.Net) and java. PKIF can validate certificates, create and verify signatures, encrypt and decrypt data, and much more."
OTPW: A One-time Password Login Package
"The OTPW package consists of the one-time-password generator otpw-gen plus two verification routines otpw_prepare() andotpw_verify() that can easily be added to programs such as login or ftpd on POSIX systems. For platforms that support the Pluggable Authentication Method (PAM) interface, a suitable wrapper is included as well. Login software extended this way will allow reasonably secure user authentication over insecure network lines. The user carries a password list on paper. The scheme is designed to be robust against theft of the paper list and race-for-the-last-letter attacks. Cryptographic hash values of the one-time passwords are stored for verification in the user’s home directory."
The ASN.1 Compiler
"The asn1c is a free, open source compiler of ASN.1 specifications into C source code. It supports a range of ASN.1 syntaxes, including ISO/IEC/ITU ASN.1 1988, '94, '97, 2002 and later amendments. The supported sets of encoding rules are a) BER: ITU-T Rec. X.690 | ISO/IEC 8825-1 (2002) (BER/DER/CER), b) PER: X.691|8825-2 (2002) (PER), c) XER: X.693|8825-3 (2001) (BASIC-XER/CXER)." .
Download: http://lionet.info/asn1c/download.html
FxCop: A Free Static Code Analysis Tool that Checks .NET managed code
"FxCop is an application that analyzes managed code assemblies (code that targets the .NET Framework common language runtime) and reports information about the assemblies, such as possible design, localization, performance, and security improvements. Many of the issues concern violations of the programming and design rules set forth in the Design Guidelines for Class Library Developers, which are the Microsoft guidelines for writing robust and easily maintainable code by using the .NET Framework. FxCop is intended for class library developers. However, anyone creating applications that should comply with the .NET Framework best practices will benefit. FxCop is also useful as an educational tool for people who are new to the .NET Framework or who are unfamiliar with the .NET Framework Design Guidelines. FxCop is designed to be fully integrated into the software development cycle and is distributed as both a fully featured application that has a graphical user interface (FxCop.exe) for interactive work, and a command-line tool (FxCopCmd.exe) suited for use as part of automated build processes or integrated with Microsoft Visual Studio® .NET as an external tool."
MONDAY, JULY 21, 2008
OSSEC: An Open Source Host-based Intrusion Detection System
"OSSEC is a scalable, multi-platform, open source Host-based Intrusion Detection System (HIDS). It has a powerful correlation and analysis engine, integrating log analysis, file integrity checking, Windows registry monitoring, centralized policy enforcement, rootkit detection, real-time alerting and active response. It runs on most operating systems, including Linux, OpenBSD, FreeBSD, MacOS, Solaris and Windows. A list with all supported platforms is available
Website: http://www.ossec.net/
httprecon: An Advanced Web Server Fingerprinting Tool
"The httprecon project is doing some research in the field of web server fingerprinting, also known as http fingerprinting. The goal is the highly accurate identification of given httpd implementations. This is very important within professional vulnerability analysis. Besides the discussion of different approaches and the documentation of gathered results also an implementation for automated analysis is provided. This software shall improve the easyness and efficiency of this kind of enumeration. Traditional approaches as like banner-grabbing, status code enumeration and header ordering analysis are used. However, many other analysis techniques were introduced to increase the possibilities of accurate web server fingerprinting."
ATK: An Open-Source Exploiting Framework
"This tool checks for leaks and vulnerabilities on any system with an easy interface ... and nice documentation - worth checking for sure!" - Prof. Dr. Urs E. Gattiker, Author of the books "Virus Revealed", "The Information Security Dictionary" and "Technology Management in Organizations" read more...
Burp Suite: An Integrated Platform for Penetration Test of Web Applications
"Burp Suite is an integrated platform for attacking web applications. It contains all of the Burp tools with numerous interfaces between them designed to facilitate and speed up the process of attacking an application. All tools share the same robust framework for handling HTTP requests, authentication, downstream proxies, logging, alerting and extensibility."
SysAnalyzer: An Automated Malcode Analyzer
"SysAnalyzer is an automated malcode run time analysis application that monitors various aspects of system and process states. SysAnalyzer was designed to enable analysts to quickly build a comprehensive report as to the actions a binary takes on a system. SysAnalyzer can automatically monitor and compare: Running Processes, Open Ports, Loaded Drivers, Injected Libraries, Key Registry Changes, APIs called by a target process, File Modifications, HTTP, IRC, and DNS traffic. SysAnalyzer also comes with a ProcessAnalyzer tool which can perform the following tasks: Create a memory dump of target process, parse memory dump for strings, parse strings output for exe, reg, and url references and scan memory dump for known exploit signatures."
Website: http://labs.idefense.com/software/malcode.php
Website: http://labs.idefense.com/software/malcode.php
Honeywall CDROM
"The Honeywall CDROM is a bootable CD that copies all the functionality of a Honeywall onto a hard drive. It comes with all the tools and functionality for you to implement data capture, data control, and data analysis. It creates an architecture that allows you to deploy both low-interaction and high-interaction honeypots within it. The purpose of the Honeywall CDROM is to make it easier to deploy, manage, and derive value from honeynet technologies. The CDROM supports several configuration methods, including an interactive menu and .iso customization scripts. The CDROM is an appliance, based on a minimized and secured Linux OS.
BackTrack: Penetration Testing Live CD
"BackTrack is the most Top rated Linux live distribution focused on penetration testing. With no installation whatsoever, the analysis platform is started directly from the CD-Rom and is fully accessible within minutes. It’s evolved from the merge of the two wide spread distributions Whax and Auditor Security Collection. BackTrack has a long history and was based on many different linux distribution until it is now based on a Slackware linux distribution and the corresponding live-CD scripts. Every packet, kernel configuration and scripts are optimized to be used by security penetration testers. Patches and automatism have been added, applied or developed to provide a neat and ready-to-go environment."
Website: http://www.remote-exploit.org/backtrack.html
Website: http://www.remote-exploit.org/backtrack.html
Comments