Jump to content
sekuristu

My open tools list with links

Recommended Posts

Posted

Here's some tools I found useful in the past..

(credit goes to my blog)

John the Ripper - John the Ripper password cracker

Damn fast password cracker; good for getting weak Unix passwords

Metasploit Framework - Penetration Testing | The Metasploit Project

Open-source platform for all the goodies like dev, testing and using exploits. Anyone said request time out?

Nessus - Tenable Network Security

Identify potential server vulnerabilities. Yes it's 1200$/year. Worth every penny of it.

Nmap or Network Mapper - Nmap - Free Security Scanner For Network Exploration & Security Audits.

It's free and it will map your network for sure. Also OS fingerprinting, stealth scan, etc.

Nikto - Nikto2 | CIRT.net

Nikto is open source; it performs tests against web server to enumarate common vulnerabilities and brute force for files and directories.

Sing - SING | Get SING at SourceForge.net

Sing = Send ICMP Nasty Garbage. Name says it all; practically you can send anything you want over ICMP.

SQLmap - sqlmap: automatic SQL injection and database takeover tool

SQLmap allows you to do some sql injection tests. It's main purpose is "to take over of back-end database servers" as it's stated in the introduction on their webpage.

Firefox (yes, the old lovely Firefox browser) with Websecapp extensions

- https://addons.mozilla.org/en-US/firefox/collection/secfox

- https://addons.mozilla.org/en-US/firefox/collection/webappsec

You will probably need both Firefox 2.x and Firefox 3.x installed. Extensions go from SQL injection tools to. They are not very advanced but they could be usefull for small tests.

SSLcheck - can use online tools like SSL Certificate Tester - Check Certificates

They should really install a Captcha plugin on that website..

Wireshark - Wireshark Go deep.

Yes. Go deep.

Best tool available. Can detect any vulnerability if you read hexa in real time :)

Well seriously, can help anyone make a good evaluation of traffic. Nice to use when conducting tests to see what's happening.

Of course there is tcpdump too.

Hydra - THC-HYDRA - fast and flexible network login hacker

Best brute forcer ever. Can login in about anything if you are patient enough :)

And yes, it also has a Windows version compiled. But if you want to hack something from Windows, go away please. I think compiling Hydra for Windows Users is some kind of jailbait..

Netcat - The GNU Netcat -- Official homepage

Reads and writes using TCP/IP protocol. That's all. You can built damn good trojan scripts without knowing even what a socket is. But don't do it.

Many more I can't remember..

Enjoy some script kiddie work

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.



×
×
  • Create New...