Blog

Top 100 Security Assessment, Vulnerability Auditing, & Network Security Tools

En esta entrada dejo una recopilación de 100 utilidades de seguridad Open Source que he encontrado vía jeromiejackson.com, y que dejo publicada con el objetivo de revisar y comparar con el Top 100 Network Security Tools de sectools.org

Ni que decir tiene que esta recopilación tiene ya un tiempo, y que las urls puede que no funcionen o apunten a algún sitio fraudulento asi que ¡mucho ojito!

Orden Utilidad Descripcion Dirección
1 Stockade Virtual Appliance with Snort, BASE, Inprotect, CACTI, NTOP & Others http://www.comsecinc.com/stockade.php
2 Nessus Open source vulnerability assessment tool http://www.nessus.org/
3 Snort Intrusion Detection (IDS) tool http://www.snort.org/
4 Wireshark TCP/IP Sniffer- AKA Ethereal http://www.wireshark.org/
5 WebScarab Analyze applications that communicate using the HTTP and HTTPS protocols
http://www.owasp.org/index.php/Category:OWASP_WebScarab_Project
6 Wikto Web server assessment tool http://www.sensepost.com/research/wikto/
7 BackTrack Penetration Testing live Linux distribution http://www.remote-exploit.org/index.php/BackTrack
8 Netcat The network Swiss army knife http://www.vulnwatch.org/netcat/
9 Metasploit Framework Comprehensive hacking framework http://www.metasploit.com/
10 Sysinternals Collection of windows utilities http://www.microsoft.com/technet/sysinternals/default.mspx
11 Paros proxy Web application proxy http://www.parosproxy.org/
12 Enum Enumerate Windows information http://www.darkridge.com/%7Ejpr5/src/enum.tar.gz
13 P0F v2 Passive OS identification tool http://lcamtuf.coredump.cx/p0f.shtml
14 IPPersonality Masquerade IP Stack http://ippersonality.sourceforge.net/
15 SLAN Freeware VPN utility http://slan.sourceforge.net/
16 IKE Crack IKE/IPSEC cracking utility http://ikecrack.sourceforge.net/
17 ASLEAP LEAP cracking tool http://asleap.sourceforge.net/
18 Karma Wireless client assessment tool- dangerous https://theta44.org/svn/public/karma/releases/karma-0.3/
19 WEPCrack WEP cracking tool http://wepcrack.sourceforge.net/
20 Wellenreiter Wireless scanning application http://sourceforge.net/projects/wellenreiter
21 SiteDigger Great Google hacking tool http://www.foundstone.com/us/resources/proddesc/sitedigger.htm
22 Several DDOS Tools Distributed Denial of Service(DDOS) tools http://www.packetstormsecurity.org/distributed/
23 Achilles Web Proxy Tool http://www.mavensecurity.com/achilles
24 Firefox Web Developer Tool Manual web assessment https://addons.mozilla.org/en-US/firefox/addon/60
25 Scoopy Virtual Machine Identification tool http://www.trapkit.de/research/vmm/scoopydoo/index.html
26 WebGoat Learning tool for web application pentests http://www.owasp.org/index.php/OWASP_WebGoat_Project
27 FlawFinder Source code security analyzer http://www.dwheeler.com/flawfinder/
28 ITS4 Source code security analyzer http://www.cigital.com/its4/
29 Slint Source code security analyzer http://www.l0pht.com/slint.html
30 PwDump3 Dumps Windows 2000 & NT passwords http://www.ebiz-tech.com/pwdump3
31 Loki ICMP covert channel tool http://www.phrack.com/Archives/phrack51.tgz
32 Zodiac DNS testing tool http://packetstormsecurity.org/UNIX/audit/zodiac-0.4.6.tar.gz
33 Hunt TCP hijacking tool
http://ce.sharif.ac.ir/courses/79-80/2/ce443/projects/delivered/6/hunt-1.5.tgz
34 SniffIT Curses-Based sniffing tool
http://www.programmersheaven.com/download/13658/download.aspx
35 CactiEZ Network traffic analysis ISO http://cactiusers.org/index.php
36 Inprotect Web-based Nessus administration tool http://inprotect.sourceforge.net/
37 OSSIM Security Information Management (SIM) http://www.ossim.net/
38 Nemesis Command-Line network packet manipulation tool
http://www.l0t3k.net/tools/PacketGenerator/nemesis-1.4beta3.tar.gz
39 NetDude TCPDump manipulation tool http://netdude.sourceforge.net/
40 TTY Watcher Terminal session hijacking
ftp://ftp.cerias.purdue.edu/pub/tools/unix/sysutils/ttywatcher/ttywatcher-1.2.tar.gz
41 Stegdetect Detects stego-hidden data http://www.outguess.org/detection.php
42 Hydan Embeds data within x86 applications http://www.crazyboy.com/hydan/
43 S-Tools Embeds data within a BMP, GIF, & WAV Files http://www.spychecker.com/program/stools.html
44 Nushu Passive covert channel tool http://www.invisiblethings.org/tools/nushu/nushu.tar.gz
45 Ptunnel Transmit data across ICMP http://www.cs.uit.no/%7Edaniels/PingTunnel/
46 Covert_TCP Transmit data over IP Header fields http://www.firstmonday.org/issues/issue2_5/rowland/#app
47 THC-PBX Hacker PBX Hacking/Auditing Utility http://freeworld.thc.org/download.php?t=r&f=thc-ph11.zip
48 THC-Scan Wardialer http://freeworld.thc.org/download.php?t=r&f=THC-Scan-2.01.zip
49 Syslog-NG MySQL Syslog Service http://freshmeat.net/projects/syslog-ng/
50 WinZapper Edit WinNT 4 & Win2000 log files http://www.ntsecurity.nu/toolbox/winzapper/
51 Rootkit Detective Rootkit identification tool
http://download.nai.com/products/mcafee-avert/McafeeRootkitDetective.zip
52 Rootkit Releaver Rootkit identification tool http://technet.microsoft.com/en-us/sysinternals/bb897445.aspx
53 RootKit Hunter Rootkit identification tool http://www.rootkit.nl/projects/rootkit_hunter.html
54 Chkrootkit Rootkit identification tool http://www.chkrootkit.org/
55 LKM Linux Kernal Rootkit
http://packetstormsecurity.org/UNIX/penetration/rootkits/index3.html
56 TCPView Network traffic monitoring tool http://download.sysinternals.com/Files/TcpView.zip
57 NMAP Network mapping tool http://nmap.org/download.html
58 Ollydbg Windows unpacker http://www.openrce.org/downloads/browse/OllyDbg_OllyScripts
59 UPX Windows packing application http://upx.sourceforge.net/
60 Burneye Linux ELF encryption tool http://bismark.extracon.it/exploits/directory/index.php?dl=46
61 SilkRpoe 2000 GUI-Based packer/wrapper http://digilander.iol.it/obscure/files/SilkRope20.zip
62 EliteWrap Backdoor wrapper tool http://homepage.ntlworld.com/chawmp/elitewrap/
63 SubSeven Remote-Control backdoor tool
http://www.megasecurity.org/trojans/s/subseven/Subseven_all.html
64 MegaSecurity Site stores thousands of trojan horse backdoors http://www.megasecurity.org/Main.html
65 Netbus Backdoor for Windows http://www.tcp-ip-info.de/trojaner_und_viren/netbus_eng.htm
66 Back Orfice 2000 Windows network administration tool http://www.bo2k.com/
67 Tini Backdoor listener similar to Netcat http://ntsecurity.nu/toolbox/tini
68 MBSA Microsoft Baseline Security Analyzer http://www.microsoft.com/technet/security/tools/mbsahome.mspx
69 OpenVPN SSL VPN solution http://openvpn.net/
70 Sguil An Analyst Console for network security/log Monitoring http://sguil.sourceforge.net/
71 Honeyd Create your own honeypot http://www.citi.umich.edu/u/provos/honeyd/
72 Brutus Brute-force authentication cracker http://www.hoobie.net/brutus/
73 cheops / cheops-ng Maps local or remote networks and identifies OS of machines
74 ClamAV A GPL anti-virus toolkit for UNIX http://www.clamav.net/
75 Fragroute/Fragrouter Intrusion detection evasion toolkit
76 Arpwatch Monitor ethernet/IP address pairings and can detect ARP Spoofing http://www-nrg.ee.lbl.gov/
77 Angry IP Scanner Windows port scanner http://www.angryziber.com/ipscan/
78 Firewalk Advanced traceroute http://www.packetfactory.net/projects/firewalk/
79 RainbowCrack Password Hash Cracker http://www.antsight.com/zsl/rainbowcrack/
80 EtherApe EtherApe is a graphical network monitor for Unix http://etherape.sourceforge.net/
81 WebInspect Web application scanner http://www.spidynamics.com/products/webinspect/
82 Tripwire File integrity checker http://www.tripwire.com/
83 Ntop Network traffic usage monitor http://www.ntop.org/
84 Sam Spade Windows network query tool http://www.samspade.org/ssw/
85 Scapy Interactive packet manipulation tool http://www.secdev.org/projects/scapy/
86 Superscan A Windows-only port scanner http://www.foundstone.com/resources/proddesc/superscan.htm
87 Airsnort 802.11 WEP Encryption Cracking Tool http://airsnort.shmoo.com/
88 Aircrack WEP/WPA cracking tool http://www.aircrack-ng.org/
89 NetStumbler Windows 802.11 Sniffer http://www.stumbler.net/
90 Dsniff A suite of powerful network auditing and penetration-testing tools http://www.monkey.org/%7Edugsong/dsniff/
91 John the Ripper Multi-platform password hash cracker http://www.openwall.com/john/
92 BASE The Basic Analysis and Security Engine- used to manage IDS data http://sourceforge.net/projects/secureideas/
93 Kismet Wireless sniffing tool http://www.kismetwireless.net/
94 THC Hydra Network authentication cracker http://www.thc.org/thc-hydra/
95 Nikto Web scanner http://www.cirt.net/code/nikto.shtml
96 Tcpdump TCP/IP analysis tool http://www.tcpdump.org/
97 L0phtcrack Windows password auditing and recovery application http://insecure.org/stf/lc15src.tgz
98 Reverse WWW Shell Shell access across port 80 http://freeworld.thc.org/download.php?t=r&f=thc-uht1.tgz
99 THC-SecureDelete Ensure deleted files are unrecoverable
http://freeworld.thc.org/download.php?t=r&f=secure_delete-3.1.tar.gz
100 THC-AMAP Application mapping tool http://freeworld.thc.org/download.php?t=r&f=amap-5.2.tar.gz
Etiquetas: , ,

Deja un comentario