En esta entrada dejo una recopilación de 100 utilidades de seguridad Open Source que he encontrado vía jeromiejackson.com, y que dejo publicada con el objetivo de revisar y comparar con el Top 100 Network Security Tools de sectools.org
Ni que decir tiene que esta recopilación tiene ya un tiempo, y que las urls puede que no funcionen o apunten a algún sitio fraudulento asi que ¡mucho ojito!
| Orden | Utilidad | Descripcion | Dirección |
| 1 | Stockade | Virtual Appliance with Snort, BASE, Inprotect, CACTI, NTOP & Others | http://www.comsecinc.com/stockade.php |
| 2 | Nessus | Open source vulnerability assessment tool | http://www.nessus.org/ |
| 3 | Snort | Intrusion Detection (IDS) tool | http://www.snort.org/ |
| 4 | Wireshark | TCP/IP Sniffer- AKA Ethereal | http://www.wireshark.org/ |
| 5 | WebScarab | Analyze applications that communicate using the HTTP and HTTPS protocols |
http://www.owasp.org/index.php/Category:OWASP_WebScarab_Project
|
| 6 | Wikto | Web server assessment tool | http://www.sensepost.com/research/wikto/ |
| 7 | BackTrack | Penetration Testing live Linux distribution | http://www.remote-exploit.org/index.php/BackTrack |
| 8 | Netcat | The network Swiss army knife | http://www.vulnwatch.org/netcat/ |
| 9 | Metasploit Framework | Comprehensive hacking framework | http://www.metasploit.com/ |
| 10 | Sysinternals | Collection of windows utilities | http://www.microsoft.com/technet/sysinternals/default.mspx |
| 11 | Paros proxy | Web application proxy | http://www.parosproxy.org/ |
| 12 | Enum | Enumerate Windows information | http://www.darkridge.com/%7Ejpr5/src/enum.tar.gz |
| 13 | P0F v2 | Passive OS identification tool | http://lcamtuf.coredump.cx/p0f.shtml |
| 14 | IPPersonality | Masquerade IP Stack | http://ippersonality.sourceforge.net/ |
| 15 | SLAN | Freeware VPN utility | http://slan.sourceforge.net/ |
| 16 | IKE Crack | IKE/IPSEC cracking utility | http://ikecrack.sourceforge.net/ |
| 17 | ASLEAP | LEAP cracking tool | http://asleap.sourceforge.net/ |
| 18 | Karma | Wireless client assessment tool- dangerous | https://theta44.org/svn/public/karma/releases/karma-0.3/ |
| 19 | WEPCrack | WEP cracking tool | http://wepcrack.sourceforge.net/ |
| 20 | Wellenreiter | Wireless scanning application | http://sourceforge.net/projects/wellenreiter |
| 21 | SiteDigger | Great Google hacking tool | http://www.foundstone.com/us/resources/proddesc/sitedigger.htm |
| 22 | Several DDOS Tools | Distributed Denial of Service(DDOS) tools | http://www.packetstormsecurity.org/distributed/ |
| 23 | Achilles | Web Proxy Tool | http://www.mavensecurity.com/achilles |
| 24 | Firefox Web Developer Tool | Manual web assessment | https://addons.mozilla.org/en-US/firefox/addon/60 |
| 25 | Scoopy | Virtual Machine Identification tool | http://www.trapkit.de/research/vmm/scoopydoo/index.html |
| 26 | WebGoat | Learning tool for web application pentests | http://www.owasp.org/index.php/OWASP_WebGoat_Project |
| 27 | FlawFinder | Source code security analyzer | http://www.dwheeler.com/flawfinder/ |
| 28 | ITS4 | Source code security analyzer | http://www.cigital.com/its4/ |
| 29 | Slint | Source code security analyzer | http://www.l0pht.com/slint.html |
| 30 | PwDump3 | Dumps Windows 2000 & NT passwords | http://www.ebiz-tech.com/pwdump3 |
| 31 | Loki | ICMP covert channel tool | http://www.phrack.com/Archives/phrack51.tgz |
| 32 | Zodiac | DNS testing tool | http://packetstormsecurity.org/UNIX/audit/zodiac-0.4.6.tar.gz |
| 33 | Hunt | TCP hijacking tool |
http://ce.sharif.ac.ir/courses/79-80/2/ce443/projects/delivered/6/hunt-1.5.tgz
|
| 34 | SniffIT | Curses-Based sniffing tool |
http://www.programmersheaven.com/download/13658/download.aspx
|
| 35 | CactiEZ | Network traffic analysis ISO | http://cactiusers.org/index.php |
| 36 | Inprotect | Web-based Nessus administration tool | http://inprotect.sourceforge.net/ |
| 37 | OSSIM | Security Information Management (SIM) | http://www.ossim.net/ |
| 38 | Nemesis | Command-Line network packet manipulation tool |
http://www.l0t3k.net/tools/PacketGenerator/nemesis-1.4beta3.tar.gz
|
| 39 | NetDude | TCPDump manipulation tool | http://netdude.sourceforge.net/ |
| 40 | TTY Watcher | Terminal session hijacking |
ftp://ftp.cerias.purdue.edu/pub/tools/unix/sysutils/ttywatcher/ttywatcher-1.2.tar.gz
|
| 41 | Stegdetect | Detects stego-hidden data | http://www.outguess.org/detection.php |
| 42 | Hydan | Embeds data within x86 applications | http://www.crazyboy.com/hydan/ |
| 43 | S-Tools | Embeds data within a BMP, GIF, & WAV Files | http://www.spychecker.com/program/stools.html |
| 44 | Nushu | Passive covert channel tool | http://www.invisiblethings.org/tools/nushu/nushu.tar.gz |
| 45 | Ptunnel | Transmit data across ICMP | http://www.cs.uit.no/%7Edaniels/PingTunnel/ |
| 46 | Covert_TCP | Transmit data over IP Header fields | http://www.firstmonday.org/issues/issue2_5/rowland/#app |
| 47 | THC-PBX Hacker | PBX Hacking/Auditing Utility | http://freeworld.thc.org/download.php?t=r&f=thc-ph11.zip |
| 48 | THC-Scan | Wardialer | http://freeworld.thc.org/download.php?t=r&f=THC-Scan-2.01.zip |
| 49 | Syslog-NG | MySQL Syslog Service | http://freshmeat.net/projects/syslog-ng/ |
| 50 | WinZapper | Edit WinNT 4 & Win2000 log files | http://www.ntsecurity.nu/toolbox/winzapper/ |
| 51 | Rootkit Detective | Rootkit identification tool |
http://download.nai.com/products/mcafee-avert/McafeeRootkitDetective.zip
|
| 52 | Rootkit Releaver | Rootkit identification tool | http://technet.microsoft.com/en-us/sysinternals/bb897445.aspx |
| 53 | RootKit Hunter | Rootkit identification tool | http://www.rootkit.nl/projects/rootkit_hunter.html |
| 54 | Chkrootkit | Rootkit identification tool | http://www.chkrootkit.org/ |
| 55 | LKM | Linux Kernal Rootkit |
http://packetstormsecurity.org/UNIX/penetration/rootkits/index3.html
|
| 56 | TCPView | Network traffic monitoring tool | http://download.sysinternals.com/Files/TcpView.zip |
| 57 | NMAP | Network mapping tool | http://nmap.org/download.html |
| 58 | Ollydbg | Windows unpacker | http://www.openrce.org/downloads/browse/OllyDbg_OllyScripts |
| 59 | UPX | Windows packing application | http://upx.sourceforge.net/ |
| 60 | Burneye | Linux ELF encryption tool | http://bismark.extracon.it/exploits/directory/index.php?dl=46 |
| 61 | SilkRpoe 2000 | GUI-Based packer/wrapper | http://digilander.iol.it/obscure/files/SilkRope20.zip |
| 62 | EliteWrap | Backdoor wrapper tool | http://homepage.ntlworld.com/chawmp/elitewrap/ |
| 63 | SubSeven | Remote-Control backdoor tool |
http://www.megasecurity.org/trojans/s/subseven/Subseven_all.html
|
| 64 | MegaSecurity | Site stores thousands of trojan horse backdoors | http://www.megasecurity.org/Main.html |
| 65 | Netbus | Backdoor for Windows | http://www.tcp-ip-info.de/trojaner_und_viren/netbus_eng.htm |
| 66 | Back Orfice 2000 | Windows network administration tool | http://www.bo2k.com/ |
| 67 | Tini | Backdoor listener similar to Netcat | http://ntsecurity.nu/toolbox/tini |
| 68 | MBSA | Microsoft Baseline Security Analyzer | http://www.microsoft.com/technet/security/tools/mbsahome.mspx |
| 69 | OpenVPN | SSL VPN solution | http://openvpn.net/ |
| 70 | Sguil | An Analyst Console for network security/log Monitoring | http://sguil.sourceforge.net/ |
| 71 | Honeyd | Create your own honeypot | http://www.citi.umich.edu/u/provos/honeyd/ |
| 72 | Brutus | Brute-force authentication cracker | http://www.hoobie.net/brutus/ |
| 73 | cheops / cheops-ng | Maps local or remote networks and identifies OS of machines | |
| 74 | ClamAV | A GPL anti-virus toolkit for UNIX | http://www.clamav.net/ |
| 75 | Fragroute/Fragrouter | Intrusion detection evasion toolkit | |
| 76 | Arpwatch | Monitor ethernet/IP address pairings and can detect ARP Spoofing | http://www-nrg.ee.lbl.gov/ |
| 77 | Angry IP Scanner | Windows port scanner | http://www.angryziber.com/ipscan/ |
| 78 | Firewalk | Advanced traceroute | http://www.packetfactory.net/projects/firewalk/ |
| 79 | RainbowCrack | Password Hash Cracker | http://www.antsight.com/zsl/rainbowcrack/ |
| 80 | EtherApe | EtherApe is a graphical network monitor for Unix | http://etherape.sourceforge.net/ |
| 81 | WebInspect | Web application scanner | http://www.spidynamics.com/products/webinspect/ |
| 82 | Tripwire | File integrity checker | http://www.tripwire.com/ |
| 83 | Ntop | Network traffic usage monitor | http://www.ntop.org/ |
| 84 | Sam Spade | Windows network query tool | http://www.samspade.org/ssw/ |
| 85 | Scapy | Interactive packet manipulation tool | http://www.secdev.org/projects/scapy/ |
| 86 | Superscan | A Windows-only port scanner | http://www.foundstone.com/resources/proddesc/superscan.htm |
| 87 | Airsnort | 802.11 WEP Encryption Cracking Tool | http://airsnort.shmoo.com/ |
| 88 | Aircrack | WEP/WPA cracking tool | http://www.aircrack-ng.org/ |
| 89 | NetStumbler | Windows 802.11 Sniffer | http://www.stumbler.net/ |
| 90 | Dsniff | A suite of powerful network auditing and penetration-testing tools | http://www.monkey.org/%7Edugsong/dsniff/ |
| 91 | John the Ripper | Multi-platform password hash cracker | http://www.openwall.com/john/ |
| 92 | BASE | The Basic Analysis and Security Engine- used to manage IDS data | http://sourceforge.net/projects/secureideas/ |
| 93 | Kismet | Wireless sniffing tool | http://www.kismetwireless.net/ |
| 94 | THC Hydra | Network authentication cracker | http://www.thc.org/thc-hydra/ |
| 95 | Nikto | Web scanner | http://www.cirt.net/code/nikto.shtml |
| 96 | Tcpdump | TCP/IP analysis tool | http://www.tcpdump.org/ |
| 97 | L0phtcrack | Windows password auditing and recovery application | http://insecure.org/stf/lc15src.tgz |
| 98 | Reverse WWW Shell | Shell access across port 80 | http://freeworld.thc.org/download.php?t=r&f=thc-uht1.tgz |
| 99 | THC-SecureDelete | Ensure deleted files are unrecoverable |
http://freeworld.thc.org/download.php?t=r&f=secure_delete-3.1.tar.gz
|
| 100 | THC-AMAP | Application mapping tool | http://freeworld.thc.org/download.php?t=r&f=amap-5.2.tar.gz |