1. No category

Tools of the Trade

Information Security - Tools of the Trade
Sajeev Nair
CEH, GCFW, GCWN, CCNP
mlist[at]networkpentest.com
This is a compilation of a variety of tools that has proven useful for various security assessment /
penetration testing assignments. Some of the tools listed here may appear in multiple categories and there
may be other tools which may do the same job, I leave that to the reader’s judgment.
Tool Category
Tool
Link
Passive Intelligence gathering
Google
samspade
netcraft
web archive
edgar
wikto (with GHDB)
Whois, dig
http://Google.com
http://samspade.org/
http://netcraft.com
http://www.archive.org/
http://www.sec.gov/edgar.shtml
http://www.sensepost.com/research/wikto/
Unix tools
Web Anonymizer
Tor
http://tor.eff.org
Wardialers
Phonesweep
THC-Scan
http://www.sandstorm.net/
http://www.thc.org
Ping Tools
Angry IP scanner
WS_ping_propack
Superscan
NMAP
http://www.angryziber.com/ipscan/
http://www.ipswitch.com/
http://foundstone.com/
http://insecure.org/
Traceroute tools
Trout
Visualroute
tcptraceroute
http://foundstone.com/
http://www.visualroute.com/
http://michael.toren.net/code/tcptraceroute/
Router / Firewall enumeration
Hping2
NMAP
Firewalk
http://www.hping.org/
http://insecure.org/
http://packetfactory.net
Scanning
NMAP
Superscan
Unicornscan
SMTP Relay scanner
scanssh
Txdns
Ike-scan
PBNJ
http://insecure.org/
http://foundstone.com/
http://www.unicornscan.org/
http://www.cirt.dk/tools/relayscanner/
http://www.monkey.org/%7Eprovos/scanssh/
http://www.txdns.net/
http://www.nta-monitor.com/tools/ike-scan/
http://pbnj.sourceforge.net/
Banner grabber
Netcat
scanline
http://www.vulnwatch.org/netcat/
http://foundstone.com/
Passive fingerprinting
P0f
http://lcamtuf.coredump.cx/p0f.shtml
Active fingerprinting
Xprobe2
http://www.sys-security.com/index.php?page=xprobe
NMAP
AMAP
http://insecure.org/
http://www.thc.org
Windows Enumeration
user2sid & sid2user
dumpsec
LDP
superscan
Cain & abel
CredDigger
Pstools
http://evgenii.rudnyi.ru/soft/sid/
http://www.somarsoft.com/
Resource kit tool
http://foundstone.com/
http://www.oxid.it/cain.html
http://foundstone.com/
http://www.sysinternals.com/Utilities/PsTools.html
SNMP tools
SolarWinds
SNMPUtil
SNScan
Cain & abel
net-snmp
ADMsnmp
http://www.solarwinds.net
Resource Kit tool
http://www.foundstone.com/resources/proddesc/snscan.htm
http://www.oxid.it/cain.html
http://net-snmp.sourceforge.net/
http://examples.oreilly.com/networksa/tools/
Vulnerability Assessment
Nessus
GFI Languard
Retina
Core Impact
Cisco torch
http://www.nessus.org/
http://www.gfi.com/lannetscan/
http://www.eeye.com
http://www.coresecurity.com
http://www.arhont.com/
Application level scanner
Wikto
Webinspect
Paros
Nessus
http://www.sensepost.com/research/wikto/
http://www.spidynamics.com/products/webinspect/
http://www.parosproxy.org
http://www.nessus.org/
Offline browser / site ripper
Teleport pro
wget
http://tenmax.com
http://www.gnu.org/software/wget/
Web proxy
Paros
Burp proxy
http://www.parosproxy.org
http://portswigger.net/proxy/
Password audit / cracker
NAT
Cain & Abel
Kerbcrack
THC-Hydra
pwdump
John
ophcrack
http://www.cotse.com/tools/netbios.htm
http://www.oxid.it/cain.html
http://ntsecurity.nu/toolbox/kerbcrack/
http://thc.org
http://www.foofus.net/fizzgig/pwdump/
http://www.openwall.com/john/
http://ophcrack.sourceforge.net/
SQL tools
SQLDict
Database tools
Paros
THC-Hydra
NGSSQuirreL
http://ntsecurity.nu/toolbox/sqldict/
http://www.cqure.net/wp/
http://www.parosproxy.org
http://thc.org
http://www.ngssoftware.com
Source Code scanner
Flaw finder
RATS
SLAM
http://www.dwheeler.com/flawfinder/
http://www.securesoftware.com
http://research.microsoft.com/slam
Vulnerability / exploit research
securityfocus
secunia
milw0rm
packtstorm
SANS
securiteam
secwatch
WVE
OSVDB
http://www.securityfocus.com
http://secunia.com/
http://milw0rm.com/
http://packetstormsecurity.org
http://isc.sans.org
http://www.securiteam.com/
http://secwatch.org/
http://wve.org
http://www.osvdb.org/
Vulnerability exploitation
Metasploit
Core Impact
CGE
http://www.metasploit.com/
http://www.coresecurity.com
http://www.vulnerabilityassessment.co.uk/cge.htm
Traffic monitor
EtherApe
SolarWinds
http://etherape.sourceforge.net/
http://www.solarwinds.net
Sniffers
Wireshark
Tcpdump
dsniff
Cain
NGSsniff
Ettercap
http://www.wireshark.org/
http://www.tcpdump.org/
http://www.monkey.org/~dugsong/dsniff/
http://www.oxid.it/cain.html
http://www.ngssoftware.com
http://ettercap.sourceforge.net/
Port redirectors
Fpipe
Netcat / cryptcat
http://foundstone.com/
http://www.vulnwatch.org/netcat/
Packet crafting
Hping2
http://www.hping.org/
MAC flooding
Etherflood
Macof
http://ntsecurity.nu/toolbox/etherflood/
http://www.monkey.org/~dugsong/dsniff/
MAC spoofer
SMAC
http://www.klcconsulting.net/smac/
ARP spoofing / MitM attacks
Ettercap
Cain & Abel
dsniff
http://ettercap.sourceforge.net/
http://www.oxid.it/cain.html
http://www.monkey.org/~dugsong/dsniff/
Layer 2 attacks
Yersinia
http://www.yersinia.net/
Trojans / Rootkits
BackOrifice
Tini
Netcat
http://www.bo2k.com/
http://ntsecurity.nu/toolbox/tini/
http://www.vulnwatch.org/netcat/
Covert channels
Loki
ACKCMD
Netcat
http://www.packetstormsecurity.org
http://www.ntsecurity.nu/toolbox/ackcmd/
http://www.vulnwatch.org/netcat/
log erasers
auditpol
winzapper
Unix log wipers
Resource Kit tool
http://ntsecurity.nu/toolbox/winzapper/
http://packetstormsecurity.org/UNIX/penetration/log-wipers/
Rootkit detection
chkrootkit
Rootkit Hunter
RootkitRevealer
http://www.chkrootkit.org
http://www.rootkit.nl/projects/rootkit_hunter.html
http://www.sysinternals.com
Wrapping tools
Elitewrap
Restorator
http://homepage.ntlworld.com/chawmp/elitewrap/
http://www.bome.com/Restorator/
DoS tools
TFN2K
stacheldraht
Mstream
http://www.packetstormsecurity.org/distributed
http://www.packetstormsecurity.org/distributed
http://www.packetstormsecurity.org/distributed
Keystroke loggers
keyghost
FakeGina
Eblaster
www.keyghost.com
http://ntsecurity.nu/toolbox/fakegina/
http://www.eblaster.com/
Process Viewer
Tlist
Inzider
TCPview
lsof
Resource kit tool
http://ntsecurity.nu/toolbox/inzider/
http://www.sysinternals.com/Utilities/TcpView.html
ftp://ftp.cerias.purdue.edu/pub/tools/unix/sysutils/lsof/
Bootable OS
NTFSDOS
Auditor
BackTrack
http://www.sysinternals.com/Utilities/NtfsDos.html
http://www.remote-exploit.org
http://www.remote-exploit.org
Cookie viewing
cookie viewer
http://www.karenware.com/powertools/ptcookie.asp
IDS evasion
Mendax
http://www.packetstormsecurity.org
ADS detection tools
sfind
LNS
http://foundstone.com/
http://ntsecurity.nu/toolbox/lns/
Steganography
Imagehide
S-Tools
http://www.dancemammal.com/
ftp://idea.sec.dsi.unimi.it/pub/security/crypt/code/
Wireless Detection / Sniffer
Kismet
Netstumbler
Wireshark
http://www.kismetwireless.net/
http://www.netstumbler.com/
http://www.wireshark.org/
Wireless key cracking
Aircrack-ng
www.aircrack-ng.org
wepattack
cowPatty
asleap
wepwedgie
http://wepattack.sourceforge.net/
http://www.churchofwifi.org/
http://asleap.sourceforge.net/
http://sourceforge.net/projects/wepwedgie/
Wireless packet crafting
file2air
airjack
http://802.11ninja.net/code/file2air-1.0RC1.tgz
http://sourceforge.net/projects/airjack/
Wireless Honeypots
Karma
FakeAP
http://www.theta44.org/karma/
http://www.blackalchemy.to/project/fakeap/
Wireless DoS tools
void11
file2air
airjack
http://www.wlsec.net/void11/
http://802.11ninja.net/code/file2air-1.0RC1.tgz
http://sourceforge.net/projects/airjack/
Bluetooth tools
Redfang
Bluesniff
Btscanner
BT audit
http://www.net-security.org/software.php?id=519
http://bluesniff.shmoo.com/
http://www.pentest.co.uk/
http://trifinite.org/trifinite_stuff_btaudit.html

 Download  Report

Paperzz.com

Your Paperzz

© Copyright 2026 Paperzz