After a very successful launch of the Security Tool Survey in 2000 and 2003, Insecure.org was delighted to bring the 2006 Security Tool Survey. I-fyodor a survey of users in the Nmap-hackers mailing list to share their favorite tools, with 3,243 users providing feedback. I picked out the top 100 favorite tools from the feedback and sorted them out. It would be helpful to suggest that the security community read the list carefully and study the tools that are unfamiliar or unheard of. I've found a lot of tools that I've never used before but are very useful. When a lot of rookies ask me, "I don't know where a hacker should start," I'll let them read this article.
Respondents were asked to list open source and business tools on various platforms. The business tools are annotated in the list. Nmap security Scanner did not vote because the survey was conducted in Nmap's mailing list. Because the respondents are more than the reason for hackers, so this list of attack-type tools more, less defensive type.
Each tool in the list has one or more of the following properties: Tools not appearing in the 2003 survey list; it is up or down relative to the 2003 survey list; But free access to restrictions, demos, beta software, can work on Linux platforms, work on OpenBSD, FreeBSD, Solaris, or other Unix platforms, and work on Apple Mac OS x platforms Can work on Microsoft Windows platform, provide command-line operation, provide graphical user interface, and can find source code on Internet.
If you find that the tools in the list are updated or have other suggestions-or have better tool icons, you can send me a message. If your tool is selected for this list, or if you think your site's visitors may be interested in this list, you are welcome to link this article to your site via link banners. The following starts as an official list, sorted by popularity:
#1 Nessus: The best Unix Vulnerability scanning Tool
Nessus is the best free network vulnerability scanner that can run on almost any UNIX platform. It is not only permanently upgraded, it also provides up to 11000 plugins free of charge (but requires registration and acceptance of the eula-acceptance--End User Licensing agreement). Its main functions are remote or local (authorized) security checks, client/server architectures, GTK (a graphical interface under Linux), a built-in scripting language compiler that can be used to write custom plug-ins, or to read Plug-ins written by others. Nessus 3 has been developed (now closed source) and is still free at this stage unless you want to get the latest plugin.
--------------------------------------------------------------------------------
#2 Wireshark: A network sniffer tool
Wireshark (previously called Ethereal in the summer of 2006) is an excellent open Source Network Protocol Analyzer on UNIX and Windows. It can detect the network communication data in real time, and also can detect the network communication data snapshot files that it crawls. This data can be browsed through the graphical interface to view the details of each layer in the network communication packet. Wireshark has many powerful features: a strong display filter language (Rich display filter language) and the ability to view TCP session refactoring streams; It supports hundreds of protocols and media types; has a command-line version named Tethereal that resembles Tcpdump (a Network Protocol analysis tool under Linux). I have to say that ethereal has been plagued by a number of remotely exploitable vulnerabilities, so always upgrade it and use it sparingly in insecure networks or hostile networks, such as a security conferencing network.
--------------------------------------------------------------------------------
#3 Snort: A popular open source IDs (Intrusion detection System) (Intrusion detection systems) tool
This small intrusion detection and prevention system specializes in communication analytics and IP packet logons (packet logging). In addition to being able to perform protocol analysis, content search, and many other preprocessor applications, snort can also detect thousands of worms, vulnerabilities, port scans, and other suspicious behavior detection. Snort uses a simple rule-based language to describe network traffic, and to determine if the network data is released or blocked, its detection engine is modular. The engine Basic Analysis and Security Engine (BASE), which is used to parse the Web page of snort alerts, is available for free.
Open source Snort provides a good service for individuals, small businesses, and group users. Its parent company Sourcefire provides rich enterprise-class features and regular upgrades to enrich its product lines. Provide (must be registered) 5 days free rule trial, you can also find many free rules on bleeding Edge snort.
--------------------------------------------------------------------------------
#4 Netcat: Network Swiss Army Knife
This simple gadget can read and write data that is connected to a TCP or UDP network. It is designed to be a reliable background tool that can be used directly and simply by other programs or scripts. It is also a versatile network debugging and checking tool because it generates almost all of the network connections you want, including through port bindings to accept input connections. Netcat was first released by Hobbit in 1995, but it has not been well maintained in its widespread circumstances. Now the nc110.tgz is hard to find. This easy-to-use tool has led many people to write many other netcat applications, many of which are not available in the original version. The most interesting of these is Socat, which expands netcat into a more powerful tool that can support a variety of other socket types, SSL encryption, SOCKS proxies, and other extensions. It also gets its place in this list (71st place). And Chris Gibson ' s ncat to provide more support for portable devices. Other tools based on Netcat are OpenBSD ' s NC,CRYPTCAT,NETCAT6,PNETCAT,SBD, also known as the GNU Netcat.
--------------------------------------------------------------------------------
#5 Metasploit Framework: Black out the entire planet
The release of the Metasploit in 2004 triggered a strong earthquake in the security world. No new tool can squeeze into the top 15 of the list as soon as it is released (that is, the 2000 and 2003 surveys do not), not to mention that the tool is in the top 5, surpassing many of the old tools that have been widely circulated for decades. It is a powerful open source platform for developing, testing, and using malicious code. This extensible model integrates load control, encoder, Metasploit and vulnerabilities, making the framework a way to study high-risk vulnerabilities. It brings hundreds of vulnerabilities and can also see how to generate vulnerabilities in the online exploit building demo (on-Line Vulnerability generation demo). This makes it easier to write your own vulnerabilities, which is bound to elevate the level of illegal shellcode code and extend the dark side of the network. Similar professional vulnerability tools, such as core impact and canvas, have been used by many professional domain users. Metasploit lowers the threshold for this ability and promotes it to the public.
--------------------------------------------------------------------------------
#6 Hping2: A network Detection tool, a super variant of ping
This gadget can send custom ICMP,UDP and TCP packets and receive all feedback. It is inspired by the ping command, but it functions far more than ping. It also includes a small route tracking module and supports IP segmentation. This tool can be useful when common tools do not have a firewall-protected host for route tracking/ping/detection. It can often help you find the rule set of the firewall, and of course, you can learn the TCP/IP protocol and experiment with some IP protocols.
--------------------------------------------------------------------------------
#7 Kismet: An ultra strong wireless sniffer
Kismet is a command line (ncurses) based 802.11 layer2 wireless network detector, sniffer, and intrusion detection system. It carries out passive sniffing of the network (in relation to many active tools, such as NetStumbler), The Invisible Network (non beacon) can be found. It can detect the network IP segment by sniffing TCP, UDP, ARP and DHCP packets, and record the communication log in Wireshark/tcpdump compatible format, which can be used to block the detected network and estimate the range according to the downloaded map. As you can imagine, this tool is generally used by wardriving. Well! There are warwalking, warflying and warskating ...
--------------------------------------------------------------------------------
#8 Tcpdump: The most classic network monitoring and data capture sniffer
Before the advent of ethereal (Wireshark), everyone used tcpdump, and many people are still using it. It may not have wireshark so many flashy things (such as a nice graphical interface, or hundreds of application protocol logic), but it can do a lot of good work, with very few vulnerabilities and very little consumption of system resources. It rarely adds new features, but often fixes bugs and maintains smaller volumes. It can well track the source of network problems, and can monitor network activities. Its version under Windows is called Windump. Libpcap/winpcap's packet Capture library is based on tcpdump, and it is also used in other tools such as Nmap.
--------------------------------------------------------------------------------
#9 The best password recovery tool on the Cain and abel:windows platform
UNIX users often claim that UNIX is the best platform for a number of very good free security tools under the UNIX platform, and Windows platforms are generally outside their purview. They may be right, but Cain & Abel is really a bright sight. This password recovery tool, which runs only on the Windows platform, can do a lot of things. It can sniff the network to find passwords, use dictionaries to crack encrypted passwords, brute-force password and password analysis, record VoIP sessions, decode very complex passwords, star view, split cache passwords, and analyze routing protocols. In addition, its documentation is complete (well documented).
--------------------------------------------------------------------------------
#10 John the Ripper: A powerful, simple and platform-enabled password cracker
John the Ripper is the fastest password cracker that currently supports a variety of mainstream UNIX (11 official support, no computing architecture), DOS, Win32, Beo, and OpenVMS. Its main function is to detect weak UNIX passwords. It supports multiple (3) password hash encryption types under mainstream UNIX, which are Kerberos, AFS, and Windows Nt/2000/xp LM. Other hash types can be loaded through a patch package. If you want to start with some word lists, you can find them here, here and here.
--------------------------------------------------------------------------------
#11 Ettercap: Provide more protection for switched LANs
Ettercap is a terminal-based Ethernet LAN sniffer/interceptor/logger. It supports both active and passive resolution of multiple protocols (even SSH and HTTPS are encrypted). You can also make connected data injection and real-time filtering to keep the connection synchronized. Most sniffer models are powerful and comprehensive sniffer combinations. Support Plug-ins. Ability to identify whether you are out of a switched LAN and use the operating system fingerprint (active or passive) technology to derive the LAN structure.
--------------------------------------------------------------------------------
#12 Nikto: A very comprehensive web scanning device
Nikto is an open source (GPL) Web server scanner that can perform a comprehensive range of scans of Web servers, containing more than 3200 potentially dangerous file/cgis, more than 625 server versions, and more than 230 specific server issues. Scan items and plug-ins can be updated automatically, if required. Complete its underlying functionality based on Whisker/libwhisker. This is a great tool, but the software itself is not constantly updated, and the latest and most dangerous may not be detected.
--------------------------------------------------------------------------------
#13 Ping/telnet/dig/traceroute/whois/netstat: Basic commands
Although there are a lot of heavy High-tech network security tools, but do not forget its foundation! All network security people are familiar with these basic commands because they apply to most platforms (Whois is tracert on the Windows platform). They can be conveniently pinched, of course, if you need to use some more advanced features to choose Hping2 and Netcat.
--------------------------------------------------------------------------------
#14 Openssh/putty/ssh: A secure way to access a remote computer
SSH (Secure Shell) is now commonly used to log on to or execute commands on a remote computer. It provides secure encryption for the communication between two unreliable computers on insecure networks, instead of the very unreliable Telnet/rlogin/rsh interactive content. Most Unix uses open source OpenSSH servers and client programs. Windows users prefer a free putty client, which can also run on a variety of mobile devices. There are also Windows users who prefer to use terminal based OpenSSH emulator Cygwin. There are many other charges and free clients. You can find it here and here.
--------------------------------------------------------------------------------
#15 THC Hydra: The fastest network authentication cracker to support multiple services
If you need brute force to hack a remote Authentication service, Hydra will often be the object of choice. It can also perform fast dictionary-based cracking on more than 30 ports, including Telnet, FTP, HTTP, HTTPS, SMB, multiple databases, and other services. As with THC AMAP, this Hydra version comes from the civil organization THC.
--------------------------------------------------------------------------------
#16 Paros Proxy: Web page Program Vulnerability Assessment Agent
Java-based Web page Program Vulnerability Assessment Agent. Supports real-time editing and browsing of Http/https information, and modifying content such as cookies and table fields. It contains web communication recorders, Web thieves (web spider), hash calculators, and a common Web-page program attack scanner, such as SQL injection and Cross-site scripting.
--------------------------------------------------------------------------------
#17 Dsniff: An ultra strong network evaluation and penetration detection Tool Set
The package, carefully designed and popular by dug song, contains many tools. Dsniff, Filesnarf, Mailsnarf, Msgsnarf, Urlsnarf, and Webspy gain sensitive data (such as passwords, mail addresses, files, and so on) by passively monitoring the network. Arpspoof, Dnsspoof, and MACOF can intercept network traffic information that is generally difficult to obtain (for example, because of the use of a second-tier conversion (Layer-2 switching)). SSHMITM and Webmitm implement dynamic Monkey-in-the-middle (hijacking the session with Man-in-the-middle attack technology) by redirecting SSH and HTTPS sessions ad-hoc the weak-bind vulnerability in PKI. The version of Windows can be obtained here. In short, this is a very useful toolset. It can accomplish almost any password sniffing needed to do the job.
--------------------------------------------------------------------------------
#18 NetStumbler: Free Windows 802.11 sniffer
NetStumbler is a well-known Windows tool ("Wardriving") looking for open wireless access points. The wince system version on its PDA is called Ministumbler. This software is currently free, but can only be run on the Windows platform and the code is not public. It uses many active methods to find WAP, while Kismet or kismac use passive sniffing more.
--------------------------------------------------------------------------------
#19 THC Amap: An application fingerprint scanner
AMAP is a great program that detects what programs are being monitored at one end of the port. Because of its unique version detection feature, its database does not become as large as nmap, and can be considered when Nmap detects a service failure or other software does not work. Another feature of AMAP is its ability to parse Nmap output files. This is another valuable tool for THC contribution.
--------------------------------------------------------------------------------
#20 GFI Languard: A commercial network security scanner on a Windows platform
GFI Languard discovers a running computer by scanning the IP network, and then attempts to collect the operating system version and running applications running on the host. I've tried to collect service pack levels on Windows hosts, missing security updates, wireless access access points, USB devices, open sharing, open ports, running services and applications, primary registry keys, weak passwords, users and groups, and more. The results of the scan are saved in a customizable/query-based HTML reporting document. It also contains a patch manager that can check for and install the missing patches. The trial version is available for free, but only 30 days.
--------------------------------------------------------------------------------
#21 Aircrack: The fastest WEP/WPA crack tool
Aircrack is a set of tools for cracking 802.11a/b/g WEP and WPA. Once enough encrypted packets are collected it can crack 40 to 512-bit WEP keys, and it can also crack WPA 1 or 2 networks through advanced encryption or brute force cracking. The kit contains AIRODUMP (802.11 packet Capture program), Aireplay (802.11 packet injection program), Aircrack (static WEP and WPA-PSK cracking), and airdecap (decrypt WEP/WPA capture file).
--------------------------------------------------------------------------------
#22 Superscan: Port scanners, ping tools, and parsers running only on Windows platforms
Superscan is a foundstone developed free TCP/UDP Port scanner that runs on only the Windows platform. It also contains a number of other network tools, such as Ping, route tracking, HTTP head, and whois.
--------------------------------------------------------------------------------
#23 NetFilter: The latest Linux core packet filters/Firewalls
NetFilter is a powerful packet filter running on the core of Standard Linux. It integrates the User space IP list tool. Currently, it supports packet filtering (stateless or stateful), all types of network addresses and port conversions (NAT/NAPT), and supports multiple API layer Third-party extensions. It contains a number of different modules used to handle irregular protocols, such as FTP. Other Unix platforms refer to OpenBSD PF (for OpenBSD only) or IP Filter. Many personal firewalls (personal firewalls) support Windows (Tiny, Zone Alarm, Norton, Kerio ...). , but none of these IP lists are available. Microsoft has integrated a very basic firewall in Windows XP SP2 and will be constantly prompted to install it if you do not install it.
--------------------------------------------------------------------------------
#24 Sysinternals: A powerful, very comprehensive collection of Windows tools
Sysinternals provides many useful gadgets for Windows low-level intrusion. Some of them are free, some are with source code, and others are paid for. Respondents preferred the following tools in this collection:
Processexplorer monitors all files and directories open by all processes (similar to lsof on Unix).
PsTools manages (executes, hangs, kills, views) local and remote processes.
Autoruns found which executable programs were loaded when the system was started and landed.
RootkitRevealer detects registry and file system API exceptions to discover user-mode or kernel-mode rootkit tools.
TCPView browses the TCP and UDP communication endpoints of each process (similar to Netstat on Unix).
The company that produced the software has been acquired by Microsoft in 2005, so its future product line features are unpredictable.
--------------------------------------------------------------------------------
Commercial vulnerability Evaluation scanner, #25 Retina:eeye
Like Nessus, Retina's function is to scan all hosts in the network and report all vulnerabilities found. Eeye, the company is known for its security.
Current 1/4 page
1234 Next read the full text
