sekuristu Posted May 9, 2010 Report Posted May 9, 2010 Here's some tools I found useful in the past..(credit goes to my blog)John the Ripper - John the Ripper password crackerDamn fast password cracker; good for getting weak Unix passwordsMetasploit Framework - Penetration Testing | The Metasploit ProjectOpen-source platform for all the goodies like dev, testing and using exploits. Anyone said request time out?Nessus - Tenable Network SecurityIdentify potential server vulnerabilities. Yes it's 1200$/year. Worth every penny of it.Nmap or Network Mapper - Nmap - Free Security Scanner For Network Exploration & Security Audits. It's free and it will map your network for sure. Also OS fingerprinting, stealth scan, etc.Nikto - Nikto2 | CIRT.netNikto is open source; it performs tests against web server to enumarate common vulnerabilities and brute force for files and directories.Sing - SING | Get SING at SourceForge.netSing = Send ICMP Nasty Garbage. Name says it all; practically you can send anything you want over ICMP.SQLmap - sqlmap: automatic SQL injection and database takeover toolSQLmap allows you to do some sql injection tests. It's main purpose is "to take over of back-end database servers" as it's stated in the introduction on their webpage.Firefox (yes, the old lovely Firefox browser) with Websecapp extensions- https://addons.mozilla.org/en-US/firefox/collection/secfox- https://addons.mozilla.org/en-US/firefox/collection/webappsecYou will probably need both Firefox 2.x and Firefox 3.x installed. Extensions go from SQL injection tools to. They are not very advanced but they could be usefull for small tests. SSLcheck - can use online tools like SSL Certificate Tester - Check CertificatesThey should really install a Captcha plugin on that website..Wireshark - Wireshark Go deep. Yes. Go deep.Best tool available. Can detect any vulnerability if you read hexa in real time Well seriously, can help anyone make a good evaluation of traffic. Nice to use when conducting tests to see what's happening. Of course there is tcpdump too.Hydra - THC-HYDRA - fast and flexible network login hackerBest brute forcer ever. Can login in about anything if you are patient enough And yes, it also has a Windows version compiled. But if you want to hack something from Windows, go away please. I think compiling Hydra for Windows Users is some kind of jailbait.. Netcat - The GNU Netcat -- Official homepageReads and writes using TCP/IP protocol. That's all. You can built damn good trojan scripts without knowing even what a socket is. But don't do it. Many more I can't remember..Enjoy some script kiddie work Quote
Bebe1911 Posted May 9, 2010 Report Posted May 9, 2010 Random stuff o_O: 4/25/10 - 5/2/10vrei sa ma impresionezi asa e? Quote
sekuristu Posted May 9, 2010 Author Report Posted May 9, 2010 (edited) Random stuff o_O: 4/25/10 - 5/2/10vrei sa ma impresionezi asa e?Din moment ce e blog-ul meu pot da copy/paste Gave you some credits, though on the original post Edited May 9, 2010 by sekuristu Quote
sekuristu Posted May 9, 2010 Author Report Posted May 9, 2010 =)Astept si pe blog orice cereri de mini-tutoriale vreti. Le postez si aici si pe blog. Facem viata mai interesanta. Si nu, nu scot bani din asta. Nici reclame n-am, sunt amarat Quote