I think everyone has heard of this one, recently evolved into the 4.x series.
Nmap (“Network Mapper”) is a free open source utility for network
exploration or security auditing. It was designed to rapidly scan large
networks, although it works fine against single hosts. Nmap uses raw IP
packets in novel ways to determine what hosts are available on the
network, what services (application name and version) those hosts are
offering, what operating systems (and OS versions) they are running,
what type of packet filters/firewalls are in use, and dozens of other
characteristics. Nmap runs on most types of computers and both console
and graphical versions are available. Nmap is free and open source.
Can be used by beginners (-sT) or by pros alike (–packet_trace). A very versatile tool, once you fully understand the results.
Get Nmap Here
2. Nessus Remote Security Scanner
Recently went closed source, but is still essentially free. Works with a client-server framework.
Nessus is the world’s most popular
used in over 75,000 organizations world-wide. Many of the world’s
largest organizations are realizing significant cost savings by using
Nessus to audit business-critical enterprise devices and applications.
Get Nessus Here
3. John the Ripper
Yes, JTR 1.7 was recently released!
John the Ripper is a fast password cracker, currently available for
many flavors of Unix (11 are officially supported, not counting
different architectures), DOS, Win32, BeOS, and OpenVMS. Its primary
purpose is to detect weak Unix passwords. Besides several crypt(3)
password hash types most commonly found on various Unix flavors,
supported out of the box are Kerberos AFS and Windows NT/2000/XP/2003 LM
hashes, plus several more with contributed patches.
You can get JTR Here
Nikto is an Open Source (GPL) web server scanner which performs
comprehensive tests against web servers for multiple items, including
over 3200 potentially dangerous files/CGIs, versions on over 625
servers, and version specific problems on over 230 servers. Scan items
and plugins are frequently updated and can be automatically updated (if
Nikto is a good CGI scanner, there are some other tools that go well
with Nikto (focus on http fingerprinting or Google hacking/info
gathering etc, another article for just those).
Get Nikto Here
Powerful TCP port scanner, pinger, resolver. SuperScan 4 is an update
of the highly popular Windows port scanning tool, SuperScan.
If you need an alternative for nmap on Windows with a decent interface, I suggest you check this out, it’s pretty nice.
Get SuperScan Here
P0f v2 is a versatile passive OS fingerprinting tool. P0f can identify the operating system on:
– machines that connect to your box (SYN mode),
– machines you connect to (SYN+ACK mode),
– machine you cannot connect to (RST+ mode),
– machines whose communications you can observe.
Basically it can fingerprint anything, just by listening, it doesn’t make ANY active connections to the target machine.
Get p0f Here
7. Wireshark (Formely Ethereal)
Wireshark is a GTK+-based network protocol analyzer, or sniffer, that
lets you capture and interactively browse the contents of network
frames. The goal of the project is to create a commercial-quality
analyzer for Unix and to give Wireshark features that are missing from
Works great on both Linux and Windows (with a GUI), easy to use and
can reconstruct TCP/IP Streams! Will do a tutorial on Wireshark later.
Get Wireshark Here
Yersinia is a network tool designed to take advantage of some
weakeness in different Layer 2 protocols. It pretends to be a solid
framework for analyzing and testing the deployed networks and systems.
Currently, the following network protocols are implemented: Spanning
Tree Protocol (STP), Cisco Discovery Protocol (CDP), Dynamic Trunking
Protocol (DTP), Dynamic Host Configuration Protocol (DHCP), Hot Standby
Router Protocol (HSRP), IEEE 802.1q, Inter-Switch Link Protocol (ISL),
VLAN Trunking Protocol (VTP).
The best Layer 2 kit there is.
Get Yersinia Here
Eraser is an advanced security tool (for Windows), which
allows you to completely remove sensitive data from your hard drive by
overwriting it several times with carefully selected patterns. Works
with Windows 95, 98, ME, NT, 2000, XP and DOS. Eraser is Free software
and its source code is released under GNU General Public License.
An excellent tool for keeping your data really safe, if you’ve
deleted it..make sure it’s really gone, you don’t want it hanging around
to bite you in the ass.
Get Eraser Here.
PuTTY is a free implementation of Telnet and SSH for Win32 and Unix
platforms, along with an xterm terminal emulator. A must have for any
h4x0r wanting to telnet or SSH from Windows without having to use the
crappy default MS command line clients.
Get PuTTY Here.
Main purpose of LCP program is user account passwords auditing and
recovery in Windows NT/2000/XP/2003. Accounts information import,
Passwords recovery, Brute force session distribution, Hashes computing.
A good free alternative to L0phtcrack.
LCP was briefly mentioned in our well read Rainbow Tables and RainbowCrack article.
Get LCP Here
12. Cain and Abel
My personal favourite for password cracking of any kind.
Cain & Abel is a password recovery
tool for Microsoft Operating Systems. It allows easy recovery of
various kind of passwords by sniffing the network, cracking encrypted
passwords using Dictionary, Brute-Force and Cryptanalysis attacks,
recording VoIP conversations, decoding scrambled passwords, revealing
password boxes, uncovering cached passwords and analyzing routing
protocols. The program does not exploit any software vulnerabilities or bugs that could not be fixed with little effort.
Get Cain and Abel Here
Kismet is an 802.11 layer2 wireless network detector, sniffer, and
system. Kismet will work with any wireless card which supports raw
monitoring (rfmon) mode, and can sniff 802.11b, 802.11a, and 802.11g
A good wireless tool as long as your card supports rfmon (look for an orinocco gold).
Get Kismet Here
Yes a decent wireless tool for Windows! Sadly not as powerful as it’s
Linux counterparts, but it’s easy to use and has a nice interface, good
for the basics of war-driving.
NetStumbler is a tool for Windows that allows you to detect Wireless
Local Area Networks (WLANs) using 802.11b, 802.11a and 802.11g. It has
- Verify that your network is set up the way you intended.
- Find locations with poor coverage in your WLAN.
- Detect other networks that may be causing interference on your network.
- Detect unauthorized “rogue” access points in your workplace.
- Help aim directional antennas for long-haul WLAN links.
- Use it recreationally for WarDriving.
Get NetStumbler Here
To finish off, something a little more advanced if you want to test your TCP/IP packet monkey skills.
hping is a command-line oriented TCP/IP packet assembler/analyzer.
The interface is inspired to the ping unix command, but hping isn’t only
able to send ICMP echo requests. It supports TCP, UDP, ICMP and RAW-IP
protocols, has a traceroute mode, the ability to send files between a
covered channel, and many other features.
Get hping Here
Yah I’ve stayed away from commercial products in this article, perhaps I’ll cover those another day.
Digg This Article
You can also check out the Top 10 Security Live CDs for Pen-Testing, Forensics and Recovery Here.
source from darknet