Safe

Hacking Tools -over 300 listed
Home
Rs item list
Newbies start here
Hacking Tools -over 300 listed
Forgery
Hacking Web pages
General Hackers FAQ
THE RULES OF HACKING
CONTACT ME FOR COMENTS OR QUESTIONS
Some Games

Some good security tools

The UNIX operating system has gone through many different and interesting incarnations since it was invented in the early 70's, but one thing is clear: It's a real fun system for a hacker to play with. Once you get past the initial halting steps of learning what you can do with it, UNIX provides many avenues of exploration, and many opportunities to get it to do things that the owners of the machine didn't expect you (as a user) to be able to do.

What's interesting about technical files like those below is that the authors will often give you a basic set of skills with UNIX before immediately delving into the arcana and weirdness necessary to do the trickery they're attempting. It must have made for a mighty odd way to learn about an operating system for a young person on a BBS. Maybe it was even the better way.

rm -rf .


Filename
 Size
 Description of the Textfile
admin2.txt 51966
Improving the Security of Your Site by Breaking Into It, by Dan Farmer and Wietse Venema
begin.txt 85336
UNIX For Beginners Second Edition, by Brian W. Kernighan
berkly42.txt 14848
Understanding the UNIX Operating System (Berkeley 4.2) Patched Together by The War
bestunix.hac 7476
My Favourite UNIX Commands, By ZeeBee Australia Inc. 1990
betunix.txt 9517
Gaining Better Access On Any Unix System, by Doctor Dissector
bhacking.txt 5898
A Beginner's Guide to Hacking UNIX by Jester Sluggo (October 8, 1985)
bible.txt 16109
A Unix "Bible" (Actually a Glossary
breinhar.txt 37427
White Paper on UNIX Security Issues, by Robert B. Reinhardt, November 11, 1992
curry.txt 140288
Improving the Security of your UNIX System, by David A. Curry (April, 1990)
dirfind.txt 4242
Newbie Tips: (Changing to / Hidden Directories) 1.1
hack.txt 10708
Hacking Servers 101 by ChronicK of The E0D
hack1 8753
UNIX Odds and Ends: Keeping Users Off the System
hack2 11957
UNIX Trojan Horses
hack3.hac 7198
The Basics of Hacking, by The Knights of Shadow (VAXs/UNIX)
hacking_unix.txt 41819
An Indepth Guide to Hacking UNIX and the Concept of Basic Networking Utility by Red Knight of Phreakers/Hackers Undergound Network (June 10, 1989)
hackunix 7408
How to Hack UNIX and VAX Systems by Thief and Wizard (1989)
hackunix.txt 41972
An Indepth Guide in Hacking UNIX and the concept of Basic Networking Utility by Red Knight of Phreakers/Hackers Underground Network (June 10, 1989)
hide.hac 4486
UNIX Abuse Collection, by ZeeBee Australia
hss.txt 6292
Hacking Servers: A Beginner's Guide, by Lord Dredd
interunx.txt 355153
UNIX For Intermediate users
linux_mo.asc 4634
A Vulnerability in All known linux Distributions, by Bloodmask (August 13, 1996)
maccrac.txt 25503
SOFTDOCS: Maccrac Version 0.1a by Ole Buzzard
metaunix.hac 5970
A Beginner's Guide to Hacking Unix
muh.hac 6400
A Beginner's Guide to Hacking UNIX By Jester Sluggo
nfstricks.txt 1944
A List of NFS Tricks by Lord Pyro
nis.txt 1526
NIS Explained by Virtual Circuit and Psychotic
p500unix.txt 34118
A Flaw in the Berkeley 4.3 UNIX Passwd Program, with Code and History
phelon1.txt 9119
PHELON #1: Some Information About Unix (For Beginners)
ports.txt 1559
Some UNIX Ports and What to Do With Them
secdoc.hac 156965
Improving the Security of your UNIX System, by David Curry
securesu.txt 29313
How to Improve Security on a Newly Installed SunOS 4.1.3 System by Thomas M. Kroeger (July 1994)
security.txt 154698
Improving the Securit of Your Unix System, by David A. Curry (April 1990)
sendmail.fun 2313
A Little Sendmail Stuff, using the passwd file
sirsunix.hac 87805
UNIX: A Hacking Tutorial, by Sir Hackalot
sobunix.txt 128483
UNIX and Today's Hacker by Syncomm of (SOB 513)
socket.txt 3164
The UNIX Socket Services
stupid.unx 10046
Yet Even More Stupid Things to Do With Unix! by Shooting Snark
sysadmin.txt 14091
Know your UNIX System Administrator
troj.hac 4790
Basic Unix Use, by Lord Lawless
uhacknfo.hac 497325
Security and the UNIX Operating System, 1990
uhcom.txt 23536
A List of Some of the Most Useful UNIX Hacking Commands, and Some Hints on Their Usage
unix-nas.txt 5084
UNIX Nasties by Shooting Shark (April 6, 1986)
unix-tro.txt 12412
UNIX Trojan Horses by Shooting Shark of Tiburon Systems (June 26, 1986)
unix.001 141735
UNIX Use and Security from the Ground Up by The Prophet (December 5, 1986)
unix.hal 22197
A Guide to UNIX Systems Part I by Hackers Against Law Enforcements (September 1, 1989)
unix.inf 14710
UNIX Primer and Command Reference by Frosty of Mechwarriors
unix.info 4174
Things to Know about UNIX, by Sir Charles Hansen
unix.sec 120683
Improving the Security of your UNIX System, by David A. Curry (April, 1990)
unix.txt 6016
The Fundamentals of UNIX Passwords, by Mr. Slippery
unix.wek 5248
Unix Conversions (From DOS to UNIX) by David Johnson
unix001.hac 141523
UNIX Use and Security from the Ground Up, by The Prophet
unix001.txt 138851
UNIX Use and Security from the Ground Up, by The Prophet (December 5, 1986)
unix1.hac 9992
Hackers Against Law Enforcement Present A Guide to UNIX Systems
unix2.hac 11624
COSMOS, by Doctor Who
unixacct.txt 10995
Creating UNIX Accounts by the Kryptic Night and the Servants of the Mushroom Cloud
unixart.hac 9099
Mitch Wagner of UNIX Today on an interesting Hacking Case
unixcall.txt 2048
Using UNIX to do an Outdial
unixdos.fil 3986
UNIX Conversions (The Filing System) by David Johnson
unixgrou.txt 141649
Unix Use and Security from the Ground Up by The Prophet (December 5, 1986)
unixhak1.hac 5498
Tutorial on hacking through a UNIX system
unixhak2.hac 12384
On the Security of UNIX
unixhak3.hac 3971
Things to Know about UNIX by Sir Charles Hansen
unixhck.hac 5260
UNIX Hacking Made Easy by Shadow Lord
unixhell.txt 13528
Raising Hell with UNIX by the Kryptic Night
unixhold.txt 141525
Unix Use and Security From The Ground Up by The Prophet (December 5, 1986)
unixinfo.hac 3072
Unix System Basics by the Terminal Technician
unixmyth.txt 14012
Is UNIX Really That Bad? The Myths of UNIX
unixsec.txt 28235
Imporving the Security of your UNIX System by David Curry (April 1990)
unixsir.hac 86374
UNIX: A Hacking Tutorial by Sir Hackalot
unixsysv.hac 11408
Hacking UNIX System V
unixsysv.txt 11197
How to Hack UNIX SYstem V (January 18, 1989)
unixtips 23535
A List Of Some OF The Most Useful UNIX Hacking Commands, and Some Hints On Their Usage
unixtroj.hac 11958
UNIX Trojan Horses (A List)
unix~1.txt 34534
An Indepth Guide in Hacking UNIX and The Concept of Basic Networking Utility by Evil Ernie of No Lamers Allowed
virpassw.txt 3780
The Passwords Used by the Internet Worm
x86bsd_m.asc 4461
L0pht Security Advisory (December 9, 1996)
xenix.txt 4909
XENIX Commands and Information by Stingray
xwindows.txt 13072
FAQ: A Crash Course in X Security
zenixinf.hac 4967
XENIX COmmands and Information, by Stingray

The Above are hacker know how

General Security Tool Sites

Hackersclub

http://www.hackersclub.com

NewOrder

http://neworder.box.sk

Security-Focus

http://www.securityfocus.com

Technotronic

http://www.technotronic.com

Countermeasure Tools

BlackICE by NetworkICE

http://www.networkice.com

CyberCop Monitor by Network Associates Inc.

http://www.nai.com

Hidden Object Locator

http://www.netwarefiles.com/utils/hobjloc.zip

Ippl

http://www.via.ecp.fr/~hugo/ippl/

ITA from Axent

http://www.axent.com

Kane Security Monitor

http://www.intrusion.com

Netguard

http://www.Genocide2600.com/~tattooman/unix-loggers/netguard-1.0.0.tar.gz

Network Flight Recorder

http://www.nfr.net

Perro (formerly Protolog)

http://www.grigna.com/diego/linux/protolog/index.html

Psionic Portsentry from the Abacus project

http://www.psionic.com/abacus/

RealSecure by Internet Security Systems (ISS)

http://www.iss.net

Scanlogd

http://www.openwall.com/scanlogd/

Secured by Memco

http://www.memco.com

Secure Shell (SSH)

http://www.ssh.fi
http://www.f-secure.com

SessionWall-3 by Abirnet/Platinum Technology

http://www.abirnet.com

Denial of Service

Land and Latierra

http://www.rootshell.com/archive-j457nxiqi3gq59dv/199711/land.c.html
http://www.rootshell.com/archive-j457nxiqi3gq59dv/199711/latierra.c.html

Portfuck

http://www.stargazer.net/~flatline/filez/portfuck.zip

Smurf & Fraggle

http://www.rootshell.com/archive-j457nxiqi3gq59dv/199710/smurf.c.html
http://www.rootshell.com/archive-j457nxiqi3gq59dv/199803/fraggle.c.html

Synk4

http://www.jabukie.com/Unix_Sourcez/synk4.c

Teardrop, newtear, bonk, syndrop

http://www.rootshell.com/archive-j457nxiqi3gq59dv/199711/teardrop.c.html
http://www.rootshell.com/archive-j457nxiqi3gq59dv/199801/newtear.c.html
http://www.rootshell.com/archive-j457nxiqi3gq59dv/199801/bonk.c.html
http://www.rootshell.com/archive-j457nxiqi3gq59dv/199804/syndrop.c.html

Enumeration Tools

Bindery

http://www.nmrc.org/files/netware/bindery.zip

Bindin

ftp://ftp.edv-himmelbauer.co.at/Novell.3x/TESTPROG/BINDIN.EXE

Epdump

http://www.ntshop.net/security/tools/def.htm

Finger

ftp://ftp.cdrom.com/.1/novell/finger.zip

Legion

ftp://ftp.technotronic.com/rhino9-products/legion.zip

NDSsnoop

ftp://ftp.iae.univ-poitiers.fr/pc/netware/UTIL/ndssnoop.exe

NetBios Auditing Tool (NAT)

ftp://ftp.technotronic.com/microsoft/nat10bin.zip

Netcat by Hobbit

http://www.l0pht.com/~weld/netcat/

Netviewx

http://www.ibt.ku.dk/jesper/NTtools/

Nslist

http://www.nmrc.org/files/snetware/nut18.zip

On-Site Admin

ftp://ftp.cdrom.com/.1/novell/onsite.zip

Snlist

ftp://ftp.it.ru/pub/netware/util/NetWare4.Toos/snlist.exe

Somarsoft (dumpacl, dumpreg, etc.)

http://38.15.19.115/

user2sid and sid2user

http://www.chem.msu.su:8080/~rudnyi/NT/sid.txt

Userdump

ftp://ftp.cdrom.com/.1/novell/userdump.zip

Userinfo

ftp://ftp.cdrom.com/.1/novell/userinfo.zip

Footprinting Tools

ARIN database

http://www.arin.net/whois/

Cyberarmy

http://www.cyberarmy.com

Dogpile (meta search engine)

http://www.dogpile.com

DomTools (axfr)

http://www.domtools.com/pub/domtools1.4.0.tar.gz

Ferretsoft

http://www.ferretsoft.com

Sam Spade

http://www.samspade.org

Securities and Exchange Commission (SEC)

http://www.sec.gov/

USENET Searching

http://www.deja.com
http://www.dogpile.com

VisualRoute

http://www.visualroute.com

WHOIS database

http://www.networksolutions.com

WS_ Ping Pack Pro

http://www.ipswitch.com

Gaining Access

L0phtcrack's Readsmb

http://www.l0pht.com/

Legion

http://www.rhino9.com

NetBios Auditing Tool (NAT)

ftp://ftp.technotronic.com/microsoft/nat10bin.zip

Nwpcrack

http:www.nmrc.org/files/netware/nwpcrack.zip

SMBgrind by NAI

Included with CyberCop Scanner from Network Associates (http://www.nai.com)

Sniffit

http://newdata.box.sk/neworder/a/sniffit.0.3.2.tar.gz

SNMPsniff

http://www.AntiCode.com/archives/network-sniffers/snmpsniff-1_0.tgz

THC login/telnet

http://thc.pimmel.com/files/thc/thc-lh11.zip

Privilege Escalation and Back Door Tools

Elitewrap

http://www.multimania.com/trojanbuster/elite.zip

Getadmin

http://www.ntsecurity.net/security/getadmin.htm

Hunt

http://www.cri.cz/kra/index.html#HUNT

Imp

http://www.wastelands.gen.nz/

Invisible Keystroke Logger

http://www.amecisco.com/iksnt.htm

Jcmd

http://www.jrbsoftware.com

John the Ripper

http://www.openwall.com/john/

Netbus

http://www.netbus.org

Netcat

http://www.l0pht.com/netcat

NTFSDOS

http://www.sysinternals.com

NTuser

http://www.pedestalsoftware.com

Pandora by NMRC

http://www.nmrc.org/pandora/download.html

Pwdump2

http://www.webspan.net/~tas/pwdump2/

Revelation by Snadboy

http://www.snadboy.com

Sechole

http://www.ntsecurity.net/security/sechole.htm

SNMPsniff

http://packetstorm.harvard.edu/sniffers/snmpsniff-1.0.tar.gz

Unhide

http://www.webdon.com

Virtual Network Computing (VNC)

http://www.uk.research.att.com/vnc

Pilfering

File Wrangler

http://www.tucows.com

PowerDesk's ExplorerPlus

http://www.mijenix.com/powerdesk98.asp

Revelation

http://www.snadboy.com

Rootkits and Cover Tracks

Cygwin Win32 (cp and touch commands)

http://www.cygnus.com

Wipe

ftp://ftp.technotronic.com/unix/log-tools/wipe-1.00.tgz

Zap

ftp://ftp.technotronic.com/unix/log-tools/zap.c

Scanning Tools

BindView

http://www.bindview.com

Chknull

http://www.nmrc.org/files/netware/chknull.zip

CyberCop Scanner by NAI

http://www.nai.com

Firewalk

http://www.packetfactory.net/firewalk/

Fping

http://packetstorm.harvard.edu/

HackerShield by Bindview

http://www.bindview.com/netect

Hping

http://www.kyuzz.org/antirez/

InspectorScan by Shavlik

http://www.shavlik.com

Internet Scanner by ISS

http:/www.iss.net

Kane Security Analyst

http://www.intrusion.com

Network Mapper (Nmap)

http://www.insecure.org/nmap

NTInfoscan

http://www.infowar.co.uk/mnemonix/

Pinger

ftp://ftp.technotronic.com/rhino9-products/pinger.zip

Scan

http://www.prosolve.com

Solarwinds

http://www.solarwinds.net

Strobe

http://www.hack-net.com/cgibin/download.cgi?strobe-1_03.tgz

Udpscan

ftp://ftp.technotronic.com/unix/network-scanners/udpscan.c

WebTrends Security Analyzer by WebTrends

http://www.webtrends.com

WS_Ping Pack Pro

http://www.ipswitch.com

War Dialing Tools

PhoneSweep by Sandstorm

http://www.sandstorm.net

THC

http://www.infowar.co.uk/thc/

ToneLoc

http://www.hackersclub.com/km/files/pfiles/Tl110.zip

This material is the authors only no part in small or whole may be copied without the authors consent if material is copied the author will be notified if illigaly copied this website has a ip adress tracking system and when caught you may be punished to the full extent of the law and high money fine.
COPYRIGHT 2004

Top 75 Security Tools.

These icons are used:
Did not appear on the 2000 list
Generally costs money. These rarely includes source code. A free limited/demo/trial version may be available.
Works on Linux
Works on FreeBSD/NetBSD/OpenBSD and/or proprietary UNIX systems (Solaris, HP-UX, IRIX, etc.)
Supports Microsoft Windows

Translations:
Spanish Translation by ThiOsk (os_k&at&softhome.net) and Kerozene (kerozene&at&hackemate.com.ar)
Portuguese Translation by André Zúquete (avz&at&det.ua.pt)

Here is the list (starting with the most popular):


 Nessus: The premier Open Source vulnerability assessment tool
Nessus is a remote security scanner for Linux, BSD, Solaris, and other Unices. It is plug-in-based, has a GTK interface, and performs over 1200 remote security checks. It allows for reports to be generated in HTML, XML, LaTeX, and ASCII text, and suggests solutions for security problems.



Ethereal: Sniffing the glue that holds the Internet together
Ethereal is a free network protocol analyzer for Unix and Windows. It allows you to examine data from a live network or from a capture file on disk. You can interactively browse the capture data, viewing summary and detail information for each packet. Ethereal has several powerful features, including a rich display filter language and the ability to view the reconstructed stream of a TCP session. A text-based version called tethereal is included.



Snort: A free intrusion detection system (IDS) for the masses
Snort is a lightweight network intrusion detection system, capable of performing real-time traffic analysis and packet logging on IP networks. It can perform protocol analysis, content searching/matching and can be used to detect a variety of attacks and probes, such as buffer overflows, stealth port scans, CGI attacks, SMB probes, OS fingerprinting attempts, and much more. Snort uses a flexible rule based language to describe traffic that it should collect or pass, and a modular detection engine. Many people also suggested that the Analysis Console for Intrusion Databases (ACID) be used with Snort.



Netcat: The network swiss army knife
A simple Unix utility which reads and writes data across network connections, using TCP or UDP protocol. It is designed to be a reliable "back-end" tool that can be used directly or easily driven by other programs and scripts. At the same time, it is a feature-rich network debugging and exploration tool, since it can create almost any kind of connection you would need and has several interesting built-in capabilities.



TCPDump / WinDump: The classic sniffer for network monitoring and data acquisition
Tcpdump is a well-known and well-loved text-based network packet analyzer ("sniffer"). It can be used to print out the headers of packets on a network interface that matches a given expression. You can use this tool to track down network problems or to monitor network activities. There is a separate Windows port named WinDump. TCPDump is also the source of the Libpcap/WinPcap packet capture library, which is used by Nmap among many other utilities. Note that many users prefer the newer Ethereal sniffer.


Hping2: A network probing utility like ping on steroids
hping2 assembles and sends custom ICMP/UDP/TCP packets and displays any replies. It was inspired by the ping command, but offers far more control over the probes sent. It also has a handy traceroute mode and supports IP fragmentation. This tool is particularly useful when trying to traceroute/ping/probe hosts behind a firewall that blocks attempts using the standard utilities.



DSniff: A suite of powerful network auditing and penetration-testing tools
This popular and well-engineered suite by Dug Song includes many tools. dsniff, filesnarf, mailsnarf, msgsnarf, urlsnarf, and webspy passively monitor a network for interesting data (passwords, e-mail, files, etc.). arpspoof, dnsspoof, and macof facilitate the interception of network traffic normally unavailable to an attacker (e.g, due to layer-2 switching). sshmitm and webmitm implement active monkey-in-the-middle attacks against redirected SSH and HTTPS sessions by exploiting weak bindings in ad-hoc PKI. A separately maintained partial Windows port is available here.




GFI LANguard: A commercial network security scanner for Windows
LANguard scans networks and reports information such as service pack level of each machine, missing security patches, open shares, open ports, services/applications active on the computer, key registry entries, weak passwords, users and groups, and more. Scan results are outputted to an HTML report, which can be customized/queried. Apparently a limited free version is available for non-commercial/trial use.




Ettercap: In case you still thought switched LANs provide much extra security
Ettercap is a terminal-based network sniffer/interceptor/logger for ethernet LANs. It supports active and passive dissection of many protocols (even ciphered ones, like SSH and HTTPS). Data injection in an established connection and filtering on the fly is also possible, keeping the connection synchronized. Many sniffing modes were implemented to give you a powerful and complete sniffing suite. Plugins are supported. It has the ability to check whether you are in a switched LAN or not, and to use OS fingerprints (active or passive) to let you know the geometry of the LAN.



Whisker/Libwhisker: Rain.Forest.Puppy's CGI vulnerability scanner and library
Whisker is a scanner which allows you to test HTTP servers for many known security holes, particularly the presence of dangerous CGIs. Libwhisker is a perl library (used by Whisker) which allows for the creation of custom HTTP scanners. If you wish to audit more than just web servers, have a look at Nessus.



John the Ripper: An extraordinarily powerful, flexible, and fast multi-platform password hash cracker
John the Ripper is a fast password cracker, currently available for many flavors of Unix (11 are officially supported, not counting different architectures), DOS, Win32, BeOS, and OpenVMS. Its primary purpose is to detect weak Unix passwords. It supports several crypt(3) password hash types which are most commonly found on various Unix flavors, as well as Kerberos AFS and Windows NT/2000/XP LM hashes. Several other hash types are added with contributed patches.



OpenSSH / SSH: A secure way to access remote computers
Ssh (Secure Shell) is a program for logging into or executing commands on a remote machine. It provides secure encrypted communications between two untrusted hosts over an insecure network. X11 connections and arbitrary TCP/IP ports can also be forwarded over the secure channel. It is intended as a replacement for rlogin, rsh and rcp, and can be used to provide rdist, and rsync with a secure communication channel. OpenSSH is affiliated with the OpenBSD project, though a portable version runs on most UNIX systems. Note that the SSH.Com link above costs money for some uses, while OpenSSH is always free. Windows users may want to try the free PuTTY SSH Client or the nice terminal-based port of OpenSSH that comes with Cygwin. There are dozens of other clients (free or prorietary) available for most platforms - here is a huge list.


Sam Spade: Freeware Windows network query tool
SamSpade provides a consistent GUI and implementation for many handy network query tasks. It was designed with tracking down spammers in mind, but can be useful for many other network exploration, administration, and security tasks. It includes tools such as ping, nslookup, whois, dig, traceroute, finger, raw HTTP web browser, DNS zone transfer, SMTP relay check, website search, and more. Non-Windows users can enjoy online versions of many of their tools.



ISS Internet Scanner: Application-level vulnerability assessment
Internet Scanner started off in '92 as a tiny Open Source scanner by Christopher Klaus. Now he has grown ISS into a billion-dollar company with a myriad of security products. ISS Internet Scanner is pretty good, but is not cheap. So companies on a tight budget may wish to look at Nessus instead. A March 2003 Information Security magazine review of 5 VA tools (including these) is available here. Note that VA tools only report vulnerabilities. Commercial tools for actually exploiting them include CORE Impact and Dave Aitel's Canvas. Free exploits for some vulnerabilities can be found at sites like Packet Storm and SecurityFocus




Tripwire: The grand-daddy of file integrity checkers
A file and directory integrity checker. Tripwire is a tool that aids system administrators and users in monitoring a designated set of files for any changes. Used with system files on a regular (e.g., daily) basis, Tripwire can notify system administrators of corrupted or tampered files, so damage control measures can be taken in a timely manner. An Open Source Linux version is freely available at Tripwire.Org. UNIX users may also want to consider AIDE, which has been designed to be a free Tripwire replacement. Or you may wish to investigate Radmind.




Nikto: A more comprehensive web scanner
Nikto is a web server scanner which looks for over 2000 potentially dangerous files/CGIs and problems on over 200 servers. It uses LibWhisker but is generally updated more frequently than Whisker itself.




Kismet: A powerful wireless sniffer
Kismet is an 802.11b network sniffer and network dissector. It is capable of sniffing using most wireless cards, automatic network IP block detection via UDP, ARP, and DHCP packets, Cisco equipment lists via Cisco Discovery Protocol, weak cryptographic packet logging, and Ethereal and tcpdump compatible packet dump files. It also includes the ability to plot detected networks and estimated network ranges on downloaded maps or user supplied image files. Windows support is currently preliminary, so those users may want to look at Netstumbler if they run into trouble. Linux (and Linux PDAs like Zaurus) users may wish to also look at the Wellenreiter wireless scanner.



SuperScan: Foundstone's Windows TCP port scanner
A connect-based TCP port scanner, pinger and hostname resolver. No source code is provided. It can handle ping scans and port scans using specified IP ranges. It can also connect to any discovered open port using user-specified "helper" applications (e.g. Telnet, Web browser, FTP).



L0phtCrack 4 (now called "LC4"): Windows password auditing and recovery application
L0phtCrack attempts to crack Windows passwords from hashes which it can obtain (given proper access) from stand-alone Windows NT/2000 workstations, networked servers, primary domain controllers, or Active Directory. In some cases it can sniff the hashes off the wire. It also has numerous methods of generating password guesses (dictionary, brute force, etc). L0phtcrack currently costs $350/machine and no source code is provided. Companies on a tight budget may want to look at John the Ripper, Cain & Abel, and pwdump3.



Retina: Commertial vulnerability assessment scanner by eEye
Like Nessus and ISS Internet Scanner mentioned previously, Retina's function is to scan all the hosts on a network and report on any vulnerabilities found.

Netfilter: The current Linux kernel packet filter/firewall
Netfilter is a powerful packet filter which is implemented in the standard Linux kernel. The userspace iptables tool is used for configuration. It now supports packet filtering (stateless or stateful), all different kinds of NAT (Network Address Translation) and packet mangling. For non-Linux platforms, see pf (OpenBSD), ipfilter (many other UNIX variants), or even the Zone Alarm personal firewall (Windows).



traceroute/ping/telnet/whois: The basics
While there are many whiz-bang high-tech tools out there to assist in security auditing, don't forget about the basics! Everyone should be very familiar with these tools as they come with most operating systems (except that Windows omits whois and uses the name tracert). They can be very handy in a pitch, although for more advanced usage you may be better off with Hping2 and Netcat.



Fport: Foundstone's enhanced netstat
fport reports all open TCP/IP and UDP ports on the machine you run it on and shows what application opened each port. So it can be used to quickly identify unknown open ports and their associated applications. It only runs on Windows, but many UNIX systems now provided this information via netstat (try 'netstat -pan' on Linux). Here is a PDF-Format SANS article on using Fport and analyzing the results.



SAINT: Security Administrator's Integrated Network Tool
Saint is another commercial vulnerability assessment tool (like ISS Internet Scanner or eEye Retina). Unlike those Windows-only tools, SAINT runs exclusively on UNIX. Saint used to be free and open source, but is now a commercial product.



Network Stumbler: Free Windows 802.11 Sniffer
Netstumbler is the best known Windows tool for finding open wireless access points ("wardriving"). They also distribute a WinCE version for PDAs and such called Ministumbler. The tool is currently free but Windows-only and no source code is provided. They note that "the author reserves the right to change this license agreement as he sees fit, without notice." UNIX users (and advanced Win users) may want to look at Kismet instead.


SARA: Security Auditor's Research Assistant
SARA is a vulnerability assessment tool that was derived from the infamous SATAN scanner. They try to release updates twice a month and try to leverage other software created by the open source community (such as Nmap and Samba).




N-Stealth: Web server scanner
N-Stealth is a commercial web server security scanner. It is generally updated more frequently than free web scanners such as whisker and nikto, but do take their web site with a grain of salt. The claims of "30,000 vulnerabilities and exploits" and "Dozens of vulnerability checks are added every day" are highly questionable. Also note that essentially all general VA tools such as nessus, ISS, Retina, SAINT, and SARA include web scanning components. They may not all be as up-to-date or flexible though. N-stealth is Windows only and no source code is provided.




AirSnort: 802.11 WEP Encryption Cracking Tool
AirSnort is a wireless LAN (WLAN) tool that recovers encryption keys. It was developed by the Shmoo Group and operates by passively monitoring transmissions, computing the encryption key when enough packets have been gathered. Windows support is still very preliminary.




NBTScan: Gathers NetBIOS info from Windows networks
NBTscan is a program for scanning IP networks for NetBIOS name information. It sends NetBIOS status query to each address in supplied range and lists received information in human readable form. For each responded host it lists IP address, NetBIOS computer name, logged-in user name and MAC address.



GnuPG / PGP: Secure your files and communication w/advanced encryption
PGP is the famous encryption program by Phil Zimmerman which helps secure your data from eavesdroppers and other risks. GnuPG is a very well-regarded open source implentation of the PGP standard (the actual executable is named gpg). While GnuPG is always free, PGP costs money for some uses.


Firewalk: Advanced traceroute
Firewalk employs traceroute-like techniques to analyze IP packet responses to determine gateway ACL filters and map networks. This classic tool was rewritten from scratch in October 2002. Note that much or all of this functionality can also be performed by the Hping2 --traceroute option.



Cain & Abel: The poor man's L0phtcrack
Cain & Abel is a free password recovery tool for Microsoft Operating Systems. It allows easy recovery of various kind of passwords by sniffing the network, cracking encrypted passwords using Dictionary & Brute-Force attacks, decoding scrambled passwords, revealing password boxes, uncovering cached passwords and analyzing routing protocols. Source code is not provided.



XProbe2: Active OS fingerprinting tool
XProbe is a tool for determining the operating system of a remote host. They do this using some of the same techniques as Nmap as well as many different ideas. Xprobe has always emphasized the ICMP protocol in their fingerprinting approach.




SolarWinds Toolsets: A plethora of network discovery/monitoring/attack tools
SolarWinds has created and sells dozens of special-purpose tools targetted at systems administrators. Security related tools include many network discovery scanners and an SNMP brute-force cracker. These tools are Windows only, cost money, and do not include source code.



NGrep: Convenient packet matching & display
ngrep strives to provide most of GNU grep's common features, applying them to the network layer. ngrep is a pcap-aware tool that will allow you to specify extended regular or hexadecimal expressions to match against data payloads of packets. It currently recognizes TCP, UDP and ICMP across Ethernet, PPP, SLIP, FDDI, Token Ring and null interfaces, and understands bpf filter logic in the same fashion as more common packet sniffing tools, such as tcpdump and snoop.



Perl / Python: Portable, general-purpose scripting languages
While many canned security tools are available on this page for handling common tasks, it is important to have the ability to write your own (or modify the existing ones) when you need something more custom. Perl and Python make it very easy to write quick, portable scripts to test, exploit, or even fix systems! Archives like CPAN are filled with modules such as Net::RawIP and protocol implementations to make your tasks even easier.



THC-Amap: An application fingerprinting scanner
Amap (by THC) is a new but powerful scanner which probes each port to identify applications and services rather than relying on static port mapping.




OpenSSL: The premier SSL/TLS encryption library
The OpenSSL Project is a collaborative effort to develop a robust, commercial-grade, full-featured, and Open Source toolkit implementing the Secure Sockets Layer (SSL v2/v3) and Transport Layer Security (TLS v1) protocols as well as a full-strength general purpose cryptography library. The project is managed by a worldwide community of volunteers that use the Internet to communicate, plan, and develop the OpenSSL toolkit and its related documentation.



NTop: A network traffic usage monitor
Ntop shows network usage in a way similar to what top does for processes. In interactive mode, it displays the network status on the user's terminal. In Web mode, it acts as a Web server, creating an HTML dump of the network status. It sports a NetFlow/sFlow emitter/collector, an HTTP-based client interface for creating ntop-centric monitoring applications, and RRD for persistently storing traffic statistics.



Nemesis: Packet injection simplified
The Nemesis Project is designed to be a commandline-based, portable human IP stack for UNIX/Linux (and now Windows!). The suite is broken down by protocol, and should allow for useful scripting of injected packet streams from simple shell scripts. If you enjoy Nemesis, you might also want to look at hping2. They complement each other well.


LSOF: LiSt Open Files
This Unix-specific diagnostic and forensics tool lists information about any files that are open by processes currently running on the system. It can also list communications sockets open by each process.

Hunt: An advanced packet sniffing and connection intrusion tool for Linux
Hunt can watch TCP connections, intrude into them, or reset them. Hunt is meant to be used on ethernet, and has active mechanisms to sniff switched connections. Advanced features include selective ARP relaying and connection synchronization after attacks. If you like Hunt, also take a look at Ettercap and Dsniff.




Honeyd: Your own personal honeynet
Honeyd is a small daemon that creates virtual hosts on a network. The hosts can be configured to run arbitrary services, and their TCP personality can be adapted so that they appear to be running certain versions of operating systems. Honeyd enables a single host to claim multiple addresses on a LAN for network simulation. It is possible to ping the virtual machines, or to traceroute them. Any type of service on the virtual machine can be simulated according to a simple configuration file. It is also possible to proxy services to another machine rather than simulating them. The web page is currently down for legal reasons, but the V. 0.5 tarball is still available here.



Achilles: A Windows web attack proxy
Achilles is a tool designed for testing the security of web applications. Achilles is a proxy server, which acts as a man-in-the-middle during an HTTP session. A typical HTTP proxy will relay packets to and from a client browser and a web server. Achilles will intercept an HTTP session's data in either direction and give the user the ability to alter the data before transmission. For example, during a normal HTTP SSL connection a typical proxy will relay the session between the server and the client and allow the two end nodes to negotiate SSL. In contrast, when in intercept mode, Achilles will pretend to be the server and negotiate two SSL sessions, one with the client browser and another with the web server. As data is transmitted between the two nodes, Achilles decrypts the data and gives the user the ability to alter and/or log the data in clear text before transmission.



Brutus: A network brute-force authentication cracker
This Windows-only cracker bangs against network services of remote systems trying to guess passwords by using a dictionary and permutations thereof. It supports HTTP, POP3, FTP, SMB, TELNET, IMAP, NTP, and more. No source code is available. UNIX users should take a look at THC-Hydra.




Stunnel: A general-purpose SSL cryptographic wrapper
The stunnel program is designed to work as an SSL encryption wrapper between remote client and local (inetd-startable) or remote server. It can be used to add SSL functionality to commonly used inetd daemons like POP2, POP3, and IMAP servers without any changes in the programs' code. It will negotiate an SSL connection using the OpenSSL or SSLeay libraries.



Paketto Keiretsu: Extreme TCP/IP
The Paketto Keiretsu is a collection of tools that use new and unusual strategies for manipulating TCP/IP networks. They tap functionality within existing infrastructure and stretch protocols beyond what they were originally intended for. It includes Scanrand, an unusually fast network service and topology discovery system, Minewt, a user space NAT/MAT router, linkcat, which presents a Ethernet link to stdio, Paratrace, which traces network paths without spawning new connections, and Phentropy, which uses OpenQVIS to render arbitrary amounts of entropy from data sources in three dimensional phase space. Got all that? :).



Fragroute: IDS systems' worst nightmare
Fragroute intercepts, modifies, and rewrites egress traffic, implementing most of the attacks described in the Secure Networks IDS Evasion paper. It features a simple ruleset language to delay, duplicate, drop, fragment, overlap, print, reorder, segment, source-route, or otherwise monkey with all outbound packets destined for a target host, with minimal support for randomized or probabilistic behaviour. This tool was written in good faith to aid in the testing of intrusion detection systems, firewalls, and basic TCP/IP stack behaviour. Like Dsniff, and Libdnet, this excellent tool was written by Dug Song.




SPIKE Proxy: HTTP Hacking
Spike Proxy is an open source HTTP proxy for finding security flaws in web sites. It is part of the Spike Application Testing Suite and supports automated SQL injection detection, web site crawling, login form brute forcing, overflow detection, and directory traversal detection.



THC-Hydra: Parallized network authentication cracker
This tool allows for rapid dictionary attacks against network login systems, including FTP, POP3, IMAP, Netbios, Telnet, HTTP Auth, LDAP NNTP, VNC, ICQ, Socks5, PCNFS, and more. It includes SSL support and is apparently now part of Nessus. Like Amap, this release is from the fine folks at THC.

The Next 25

To save space & time, the next 25 best tools are listed in a more compact table:

  • OpenBSD: The proactively secure operating system.
  • TCP Wrappers: A classic IP-based access control and logging mechanism
  • pwdump3: Allows for retreiving Windows password hashes locally or across the network whether or not syskey is enabled.
  • LibNet: A high-level API (toolkit) allowing the application programmer to construct and inject network packets
  • IpTraf: IP Network Monitoring Software
  • Fping: A parallel ping scanning program
  • Bastille: Security hardening script for Linux, Mac OS X, and HP-UX
  • Winfingerprint: A Win32 Host/Network Enumeration Scanner
  • TCPTraceroute: A traceroute implementation using TCP packets
  • Shadow Security Scanner: A commercial vulnerability assessment tool
  • pf: The innovative packet filter in OpenBSD
  • LIDS: A Linux kernel intrusion detection/defense system
  • hfnetchk: Microsoft tool for checking the patch status of all the Windows machines on a network from a central location
  • etherape: A graphical network monitor for Unix modeled after etherman
  • dig: A handy DNS query tool that comes free with Bind
  • Crack / Cracklib: Alec Muffett's classic local password cracker
  • cheops / cheops-ng: Gives a simple interface to many network utilities, maps local or remote networks and identifies OS of machines
  • zone alarm: Windows Personal firewall software. They offer a limited free version, but much of the functionality is disabled. Some users prefer Kerio Personal Firewall, which also sports free and commercial versions.
  • Visual Route: Obtains traceroute/whois data and plots it on a World map
  • The Coroner's Toolkit (TCT): A collection of tools that are either oriented towards gathering or analyzing forensic data on a Unix system
  • tcpreplay: a tool to replay saved tcpdump or snoop files at arbitrary speeds
  • snoop: A well-known gangsta rapper (Snoop Dogg)! It is also a network sniffer that comes with Solaris.
  • putty: An excellent Windows SSH client
  • pstools: A suite of free command-line tools for managing Windows systems (process listings, command execution, etc)
  • arpwatch: Keeps track of ethernet/ip address pairings and can detect certain monkey business

THIS WEBSITE IS DISTRIBUTED FOR EDUCATIONAL
PURPESES ONLY WE ARE NOT RESONSIBLE FOR THE USE OF THIS INFORMATION IN ANYWAY OR ANY DAMAGE IT MAY CAUSE, ONCE YOU ENTER THIS WEBSITE YOU ARE AGREEING TO BE RESPONSIBLE FOR ANYTHING THIS WEBSITE MIGHT CONFLIGHT WITH AND WAVE ALL RIGHTS THAT INVOLE THIS WEBSITE IN ANYWAY NO ONE EXCEPT THE AUTHOR MAY OVERIDE THESE RISTRECTIONS AND WHEN THEY ARE OVERWRITEN THIS SHOULD NOT APPEAR.
THESE TERMS TAKE EFFECT THE MOMENT YOU ACCESS THIS WEBPAGE IN ANY WAY
 

Copyright: