Advertisement
Not a member of Pastebin yet?
Sign Up,
it unlocks many cool features!
- DUMP OF http://www.hacktoolrepository.com/platform/14/Ubuntu BY BLIZZERK
- GOD DAMN THIS TOOK FOREVER TO DUMP IT WAS 13 PAGES
- Installed with build-essential libgtk2.0-dev libncurses5-dev flex bison libperl-dev tcllib libreadline5-dev ruby libopenssl-ruby libpq-dev sqlite python-wxgtk2.8 gcj-jdk graphviz
- ADNS
- adns is a resolver library for C (and C++) programs, and a collection of useful DNS resolver utilities.
- Site: http://www.chiark.greenend.org.uk/~ian/adns/
- Aircrack-ng
- aircrack is an 802.11 WEP and WPA-PSK keys cracking program that can recover keys once enough data packets have been captured. It implements the standard FMS attack along with some optimizations like KoreK attacks, thus making the attack much faster compared to other WEP cracking tools. In fact aircrack is a set of tools for auditing wireless networks.
- Site: http://www.aircrack-ng.org/
- AlienVault Feed
- As part of the effort to proving a richer OSSIM experience to the community, and after reading Tenables announcement regarding the licensing policy change, AlienVault has decided to continue with the provision of a free, quality, Plugin feed. The initial release of this feed has been developed with the support and sponsorship of the Telefonica VRT.
- Site: http://www.alienvault.com/free_feed_for_nessu
- Amap
- Amap is a next-generation scanning tool, which identifies applications and services even if they are not listening on the default port by creating a bogus-communication and analyzing the responses.
- Site: http://freeworld.thc.org/thc-amap/
- APR
- The mission of the Apache Portable Runtime (APR) project is to create and maintain software libraries that provide a predictable and consistent interface to underlying platform-specific implementations. The primary goal is to provide an API to which software developers may code and be assured of predictable if not identical behaviour regardless of the platform on which their software is built, relieving them of the need to code special-case conditions to work around or take advantage of platform...
- Site: http://apr.apache.org/
- apr-util
- APR-util provides a number of helpful abstractions on top of APR.
- Site: http://apr.apache.org/
- Berkeley DB
- Oracle Berkeley DB is a family of open source, embeddable databases that allows developers to incorporate within their applications a fast, scalable, transactional database engine with industrial grade reliability and availability.
- Site: http://www.oracle.com/database/berkeley-db/in
- CAL9000
- CAL9000 brings together a host of web application security testing tools into one convenient package. It is designed to be used in the Firefox browser. CAL9000 functionality may be limited when used with other browsers.
- Site: http://www.owasp.org/index.php/Category:OWASP
- db2utils
- db2utils is a small collection of db2 utilities. It currently features three different tools db2disco, db2fakesrv and db2getprofile.db2disco is used to discover hosts running db2 on the network. It sends an UDP discovery packet either to the broadcast address or to a specific host and collects information regarding the hostname and db2 version.db2fakesrv responds to discovery packets with a forged hostname and version. The tool was initially written to test the discovery program.db2getprofile fe...
- Site: http://www.cqure.net/wp/db2utils/
- dnsenum
- A tool written in Perl to enumerate information on a domain. It uses the Net::DNS module. The tool consists of 5 stages: Lookup and return the nameservers of a domain, Try zonetransfers on these nameservers, Do a 'bruteforce' style lookup on the domain with a dictionary, Gather IP address information and return a list of class C networks, Do a reverse lookup on the nameservers of all addresses in this Class C network space
- Site: http://code.google.com/p/dnsenum/
- Dr. Morena
- Dr.Morena is a tool to confirm the rule configuration of a Firewall. The configuration of a Firewall is done by combining more than one rule. Sometimes a rule configuration may reside in a place other than the basic rule configuration place. In such a case, it is difficult to confirm whether it is an intended configuration by the system administrators. (Is an unnecessary hole open, or is a necessary hole open?) So, we developed a tool which checks the rule of a Firewall. We prepare a computer w...
- Site: http://www.securityfriday.com/tools/DrMorena.
- dsniff
- dsniff is a collection of tools for network auditing and penetration testing. dsniff, filesnarf, mailsnarf, msgsnarf, urlsnarf, and webspy passively monitor a network for interesting data (passwords, e-mail, files, etc.). arpspoof, dnsspoof, and macof facilitate the interception of network traffic normally unavailable to an attacker (e.g, due to layer-2 switching). sshmitm and webmitm implement active monkey-in-the-middle attacks against redirected SSH and HTTPS sessions by exploiting weak bindi...
- Site: http://monkey.org/~dugsong/dsniff/
- Ettercap
- Ettercap is a suite for man in the middle attacks on LAN. It features sniffing of live connections, content filtering on the fly and many other interesting tricks.
- Site: http://ettercap.sourceforge.net/
- Firewalk
- Firewalk is an active reconnaissance network security tool that attempts to determine what layer 4 protocols a given IP forwarding device will pass. Firewalk works by sending out TCP or UDP packets with a TTL one greater than the targeted gateway. If the gateway allows the traffic, it will forward the packets to the next hop where they will expire and elicit an ICMP_TIME_EXCEEDED message. If the gateway hostdoes not allow the traffic, it will likely drop the packets on the floor and we wi...
- Site: http://www.packetfactory.net/projects/firewal
- FreeTDS version 0.62.4
- FreeTDS is a set of libraries for Unix and Linux that allows your programs to natively talk to Microsoft SQL Server and Sybase databases.
- Technically speaking, FreeTDS is an open source implementation of the TDS (Tabular Data Stream) protocol used by these databases for their own clients. It supports many different flavors of the protocol and three APIs to access it. Additionally FreeTDS works with other software such as Perl and PHP, providing access from those languages as well.
- Site: http://www.freetds.org/
- GNU Netcat
- Netcat is a featured networking utility which reads and writes data across network connections, using the TCP/IP protocol. It is designed to be a reliable 'back-end' tool that can be used directly or easily driven by other programs and scripts. At the same time, it is a feature-rich network debugging and exploration tool, since it can create almost any kind of connection you would need and has several interesting built-in capabilities.
- Site: http://netcat.sourceforge.net/
- GnuPG Made Easy
- GPGME (GnuPG Made Easy) is a C language library that allows to add support for cryptography to a program. It is designed to make access to public key crypto engines like GnuPG or GpgSM easier for applications. GPGME provides a high-level crypto API for encryption, decryption, signing, signature verification and key management.
- Site: http://www.gnupg.org/gpgme.html
- GnuTLS
- GnuTLS is a project that aims to develop a library which provides a secure layer, over a reliable transport layer. Currently the GnuTLS library implements the proposed standards by the IETF's TLS working group.
- Site: http://www.gnu.org/software/gnutls/
- Grendel-Scan
- Grendel-Scan is an open-source web application security testing tool. It has automated testing module for detecting common web application vulnerabilities, and features geared at aiding manual penetration tests. The only system requirement is Java 5; Windows, Linux and Macintosh builds are available.
- Site: http://grendel-scan.com/
- hping
- hping is a command-line oriented TCP/IP packet assembler/analyzer. The interface is inspired to the ping(8) unix command, but hping isn't only able to send ICMP echo requests. It supports TCP, UDP, ICMP and RAW-IP protocols, has a traceroute mode, the ability to send files between a covered channel, and many other features.
- Site: http://www.hping.org/
- httpedit
- httpedit is a 'low-level' interface to HTTP. The application allows you to write a raw HTTP request, send it against a web server and review the response, all from within the same app.
- Site: http://www.neutralbit.com/
- httprint
- httprint is a web server fingerprinting tool. It relies on web server characteristics to accurately identify web servers, despite the fact that they may have been obfuscated by changing the server banner strings, or by plug-ins such as mod_security or servermask.
- Site: http://www.net-square.com/httprint/index.shtm
- HTTrack
- HTTrack is a free and easy-to-use offline browser utility. It allows you to download a World Wide Web site from the Internet to a local directory, building recursively all directories, getting HTML, images, and other files from the server to your computer.
- Site: http://www.httrack.com/
- Hydra
- A very fast network logon cracker which support many different services.Number one of the biggest security holes are passwords, as every password security study shows. Hydra is a parallized login cracker which supports numerous protocols to attack. New modules are easy to add, beside that, it is flexible and very fast.Currently this tool supports: TELNET, FTP, HTTP, HTTPS, HTTP-PROXY, SMB, SMBNT, MS-SQL, MYSQL, REXEC, RSH, RLOGIN, CVS, SNMP, SMTP-AUTH, SOCKS5, VNC, POP3, IMAP, NNTP, PCNFS, ICQ, ...
- Site: http://freeworld.thc.org/thc-hydra/
- ike-scan
- ike-scan is a command-line tool that uses the IKE protocol to discover, fingerprint and test IPsec VPN servers. It is available for Linux, Unix, MacOS and Windows under the GPL license.
- Site: http://www.nta-monitor.com/tools/ike-scan/
- John the Ripper
- John the Ripper is a fast password cracker, currently available for many flavors of Unix (11 are officially supported, not counting different architectures), Windows, DOS, BeOS, and OpenVMS. Its primary purpose is to detect weak Unix passwords. Besides several crypt(3) password hash types most commonly found on various Unix flavors, supported out of the box are Kerberos AFS and Windows NT/2000/XP/2003 LM hashes, plus several more with contributed patches.
- Site: http://www.openwall.com/john/
- Kismet
- Kismet is an 802.11 layer2 wireless network detector, sniffer, and intrusion detection system. Kismet will work with any wireless card which supports raw monitoring (rfmon) mode, and can sniff 802.11b, 802.11a, and 802.11g traffic.
- Site: http://www.kismetwireless.net/
- libdnet
- libdnet provides a simplified, portable interface to several low-level networking routines
- Site: http://libdnet.sourceforge.net/
- Libgcrypt
- This is a general purpose cryptographic library based on the code from GnuPG. It provides functions for all cryptograhic building blocks: symmetric ciphers (AES, DES, Blowfish, CAST5, Twofish, Arcfour), hash algorithms (MD4, MD5, RIPE-MD160, SHA-1, TIGER-192), MACs (HMAC for all hash algorithms), public key algorithms (RSA, ElGamal, DSA), large integer functions, random numbers and a lot of supporting functions.
- Site: http://directory.fsf.org/project/libgcrypt/
- Libgpg-error
- Libgpg-error is a small library that defines common error values for all GnuPG components. Among these are GPG, GPGSM, GPGME, GPG-Agent, libgcrypt, Libksba, DirMngr, Pinentry, SmartCard Daemon and possibly more in the future.
- Site: http://www.gnupg.org/related_software/libgpg-
- Libnet
- net is a high-level API (toolkit) allowing the application programmer to construct and inject network packets. It provides a portable and simplified interface for low-level network packet shaping, handling and injection. Libnet hides much of the tedium of packet creation from the application programmer such as multiplexing, buffer management, arcane packet header information, byte-ordering, OS-dependent issues, and much more. Libnet features portable packet creation interfaces at both the IP-lay...
- Site: http://www.packetfactory.net/libnet/
- libnet version 1.0.2a
- Libnet is a high-level API (toolkit) allowing the application programmer to construct and inject network packets. It provides a portable and simplified interface for low-level network packet shaping, handling and injection. Libnet hides much of the tedium of packet creation from the application programmer such as multiplexing, buffer management, arcane packet header information, byte-ordering, OS-dependent issues, and much more. Libnet features portable packet creation interfaces at both the IP-...
- Site: http://www.packetfactory.net/
- libnids
- Libnids is an implementation of an E-component of Network Intrusion Detection System. It emulates the IP stack of Linux 2.0.x. Libnids offers IP defragmentation, TCP stream assembly and TCP port scan detection. The most valuable feature of libnids is reliability. A number of tests were conducted, which proved that libnids predicts behaviour of protected Linux hosts as closely as possible.
- Site: http://www.packetfactory.net/projects/libnids
- libpcap
- The Packet Capture library provides a high level interface to packet capture systems. All packets on the network, even those destined for other hosts, are accessible through this mechanism.
- Site: http://www.tcpdump.org/
- libsmi
- The core of the libsmi distribution is a library that allows management applications to access SMI MIB module definitions. On top of this library, there are tools to check, analyze dump, convert, and compare MIB definitions. Finally, the distribution contains a steadily maintained and revised archive of all IETF and IANA maintained standard MIB and PIB modules.
- Site: http://www.ibr.cs.tu-bs.de/projects/libsmi/
- libssh v0.11
- The ssh library was designed to be used by programmers needing a working SSH implementation by the mean of a library. The complete control of the client is made by the programmer. With libssh, you can remotely execute programs, transfer files, use a secure and transparent tunnel for your remote programs. With its Secure FTP implementation, you can play with remote files easily, without third-party programs others than libcrypto (from openssl).
- Site: http://www.libssh.org/
- libssh2
- libssh2 is a library implementing the SSH2 protocol as defined by Internet Drafts: SECSH-TRANS, SECSH-USERAUTH, SECSH-CONNECTION, SECSH-ARCH, SECSH-FILEXFER, SECSH-DHGEX, SECSH-NUMBERS, and SECSH-PUBLICKEY.
- Site: http://www.libssh2.org/
- Libwhisker
- Libwhisker is a Perl module geared specificly for HTTP testing. Libwhisker has a few design principles:
- * Portable: runs with 0 changes on Unix, Windows, etc (100% Perl)
- * Flexible: designed with a 'no rules' approach
- * Contained: designed to not require external modules when possible
- * Localized: does not require installation to use
- Site: http://www.wiretrip.net/rfp/lw.asp
- LUA
- Lua is a powerful, fast, light-weight, embeddable scripting language. Lua combines simple procedural syntax with powerful data description constructs based on associative arrays and extensible semantics. Lua is dynamically typed, runs by interpreting bytecode for a register-based virtual machine, and has automatic memory management with incremental garbage collection, making it ideal for configuration, scripting, and rapid prototyping.
- Site: http://www.lua.org/
- Medusa
- Medusa is intended to be a speedy, massively parallel, modular, login brute-forcer. The goal is to support as many services which allow remote authentication as possible. The author considers following items as some of the key features of this application:Thread-based parallel testing. Brute-force testing can be performed against multiple hosts, users or passwords concurrently.Flexible user input. Target information (host/user/password) can be specified in a variety of ways. For example, each it...
- Site: http://www.foofus.net/jmk/medusa/medusa.html
- Metasploit Framework
- The Metasploit Framework is an advanced open-source platform for developing, testing, and using exploit code. This project initially started off as a portable network game and has evolved into a powerful tool for penetration testing, exploit development, and vulnerability research.
- Site: http://www.metasploit.com/framework/
- ncpfs
- This is ncpfs, a free NetWare client filesystem for Linux. Besides some little utilities it also contains nprint, which enables you to print on NetWare print queues. The opposite side, pserver, is also provided. ncpfs works with NetWare versions 3.x and following. It does NOT work with NetWare version 2.x. Some of the NetWare look-alikes, such as CD-ROM servers WinNT 3.51 Server are also NOT supported. This restriction comes from the fact that ncpfs relies heavily on the name space facilities Ne...
- Site: ftp://platan.vc.cvut.cz/pub/linux/ncpfs/
- ncpfspatch
- Patch for ncpfs 2.2.6
- Site: http://www.hacktoolrepository.com
- Net DNS
- Net::DNS is a DNS resolver implemented in Perl. It allows the programmer to perform nearly any type of DNS query from a Perl script. For details and examples, please read the Net::DNS manual pages. To read about the latest features, see the Changes file. To find out about known bugs and to see what's planned for future versions, see the TODO file.Net::DNS does not depend on any C libraries. However, if possible Net::DNS tries to link to the libresolv library. This provides a notable speed increa...
- Site: http://www.net-dns.org/
- Net SSLeay
- This module offers some high level convinience functions for accessing web pages on SSL servers (for symmetry, same API is offered for accessing http servers, too), a sslcat() function for writing your own clients, and finally access to the SSL api of SSLeay/OpenSSL package so you can write servers or clients for more complicated applications.
- For high level functions it is most convinient to import them to your main namespace as indicated in the synopsis.
- Site: http://search.cpan.org/~flora/Net-SSLeay-1.32
- Net-SNMP
- Simple Network Management Protocol (SNMP) is a widely used protocol for monitoring the health and welfare of network equipment (eg. routers), computer equipment and even devices like UPSs. Net-SNMP is a suite of applications used to implement SNMP v1, SNMP v2c and SNMP v3 using both IPv4 and IPv6. The suite includes:Command-line applications to:retrieve information from an SNMP-capable device, either using single requests (snmpget, snmpgetnext), or multiple requests (snmpwalk, snmptable, snmpdel...
- Site: http://net-snmp.sourceforge.net/
- Nikto
- Nikto is an Open Source (GPL) web server scanner which performs comprehensive tests against web servers for multiple items, including over 3200 potentially dangerous files/CGIs, versions on over 625 servers, and version specific problems on over 230 servers. Scan items and plugins are frequently updated and can be automatically updated (if desired).
- Site: http://www.cirt.net/code/nikto.shtml
- nmap
- Nmap ('Network Mapper') is a free open source utility for network exploration or security auditing. It was designed to rapidly scan large networks, although it works fine against single hosts. Nmap uses raw IP packets in novel ways to determine what hosts are available on the network, what services (application name and version) those hosts are offering, what operating systems (and OS versions) they are running, what type of packet filters/firewalls are in use, and dozens of other characteristic...
- Site: http://nmap.org/
- onesixtyone
- The SNMP protocol is a stateless, datagram oriented protocol. An SNMP scanner is a program that sends SNMP requests to multiple IP addresses, trying different community strings and waiting for a reply. Unfortunately SNMP servers don't respond to requests with invalid community strings and the underlying UDP protocol does not reliably report closed UDP ports. This means that 'no response' from the probed IP address can mean either of the following:machine unreachableSNMP server not runninginvalid...
- Site: http://www.phreedom.org/solar/onesixtyone/
- OpenSSH
- OpenSSH is a FREE version of the SSH connectivity tools that technical users of the Internet rely on. Users of telnet, rlogin, and ftp may not realize that their password is transmitted across the Internet unencrypted, but it is. OpenSSH encrypts all traffic (including passwords) to effectively eliminate eavesdropping, connection hijacking, and other attacks. Additionally, OpenSSH provides secure tunneling capabilities and several authentication methods, and supports all SSH protocol versions.
- Site: http://www.openssh.com/
- OpenSSL
- The OpenSSL Project is a collaborative effort to develop a robust, commercial-grade, full-featured, and Open Source toolkit implementing the Secure Sockets Layer (SSL v2/v3) and Transport Layer Security (TLS v1) protocols as well as a full-strength general purpose cryptography library. The project is managed by a worldwide community of volunteers that use the Internet to communicate, plan, and develop the OpenSSL toolkit and its related documentation.
- Site: http://www.openssl.org/
- OpenVAS-Client
- OpenVAS-Client is a terminal and GUI client application for OpenVAS. It implements the OpenVAS Transfer Protocol (OTP) which has superseded the Nessus Transfer Protocol (NTP) in OpenVAS. The GUI is implemented using GTK+ 2.4 and allows you to control an OpenVAS server, to conduct network vulnerability scans and to manage the results of your scans.OpenVAS-Client is a successor of NessusClient 1.X. The fork happened with NessusClient CVS HEAD 20070704. The reason was that the original authors of N...
- Site: http://www.openvas.org
- openvas-libnasl
- The OpenVAS Server is the core application of the OpenVAS project. It is a scanner that runs many network vulnerability tests against many target hosts and delivers the results. It uses a communication protocol to have client tools (graphical end-user or batched) connect to it, configure and execute a scan and finally receive the results for reporting. Tests are implemented in the form of plugins which need to be updated to cover recently identified security issues.The server consists of 4 modul...
- Site: http://www.openvas.org
- openvas-libraries
- The OpenVAS Server is the core application of the OpenVAS project. It is a scanner that runs many network vulnerability tests against many target hosts and delivers the results. It uses a communication protocol to have client tools (graphical end-user or batched) connect to it, configure and execute a scan and finally receive the results for reporting. Tests are implemented in the form of plugins which need to be updated to cover recently identified security issues.The server consists of 4 modul...
- Site: http://www.openvas.org/
- openvas-plugins
- The OpenVAS Server is the core application of the OpenVAS project. It is a scanner that runs many network vulnerability tests against many target hosts and delivers the results. It uses a communication protocol to have client tools (graphical end-user or batched) connect to it, configure and execute a scan and finally receive the results for reporting. Tests are implemented in the form of plugins which need to be updated to cover recently identified security issues.The server consists of 4 modul...
- Site: http://www.openvas.org/
- openvas-server
- The OpenVAS Server is the core application of the OpenVAS project. It is a scanner that runs many network vulnerability tests against many target hosts and delivers the results. It uses a communication protocol to have client tools (graphical end-user or batched) connect to it, configure and execute a scan and finally receive the results for reporting. Tests are implemented in the form of plugins which need to be updated to cover recently identified security issues.The server consists of 4 modul...
- Site: http://www.openvas.org/
- Oracle Auditing Tools
- The Oracle Auditing Tools is a toolkit that could be used to audit security within Oracle database servers. The OAT use CREATE LIBRARY to be able to access the WinExec function in the kernel32.dll in Windows or the system call in libc on Un*x. Having access to this function makes it possible to execute anything on the server with the same security context as the user who started the Oracle Service. So basicaly all accounts with default passwords, or easy guessable password, having this privelege...
- Site: http://www.cqure.net/wp/test/
- Oracle9i JDBC Drivers
- JDBC classes
- Site: http://www.oracle.com/
- OScanner
- Oscanner is an Oracle assessment framework developed in Java. It has a plugin-based architecture and comes with a couple of plugins that currently do:
- - Sid Enumeration
- - Passwords tests (common & dictionary)
- - Enumerate Oracle version
- - Enumerate account roles
- - Enumerate account privileges
- - Enumerate account hashes
- - Enumerate audit information
- - Enumerate password policies
- - Enumerate database links
- The results are given in a graphical java tree.
- Site: http://www.cqure.net/wp/oscanner/
- Paros
- We wrote a program called 'Paros' for people who need to evaluate the security of their web applications. It is free of charge and completely written in Java. Through Paros's proxy nature, all HTTP and HTTPS data between server and client, including cookies and form fields, can be intercepted and modified.
- Site: http://www.parosproxy.org/index.shtml
- PCRE
- PCRE - Perl Compatible Regular Expressions. The PCRE library is a set of functions that implement regular expression pattern matching using the same syntax and semantics as Perl 5. PCRE has its own native API, as well as a set of wrapper functions that correspond to the POSIX regular expression API. The PCRE library is free, even for building commercial software.
- Site: http://www.pcre.org/
- porkbind
- In light of the new DNS cache poisoning issue and now that everyone has had plenty of time to apply patches, I've decided to release a new version of my nameserver security scanner called porkbind. It is a multi-threaded nameserver scanner that can recursively query nameservers of subdomains for version strings. (i.e. sub.host.dom's nameservers then host.dom's nameservers) After acquiring the version strings it tests them against version numbers from CERT advisories and reports back to the user....
- Site: http://innu.org/~super/
- PortAudio
- PortAudio is a free, cross platform, open-source, audio I/O library. It lets you write simple audio programs in 'C' that will compile and run on many platforms including Windows, Macintosh (8,9,X), Unix (OSS), SGI, and BeOS. PortAudio is intended to promote the exchange of audio synthesis software between developers on different platforms.
- Site: http://www.portaudio.com/
- Powerfuzzer
- Powerfuzzer is a highly automated and fully customizable web fuzzer (HTTP protocol based application fuzzer) based on many other Open Source fuzzers available and information gathered from numerous security resources and websites. It was designed to be user friendly, modern, effective and working. Yes, there was a gap on the market in that arena and that's why Powerfuzzer project was created. It is capable of spidering website and identifying inputs. From practical view, pen tester point of view...
- Site: http://www.powerfuzzer.com/
- rdesktop
- rdesktop is an open source client for Windows NT Terminal Server and Windows 2000/2003 Terminal Services, capable of natively speaking Remote Desktop Protocol (RDP) in order to present the user's NT desktop. Unlike Citrix ICA, no server extensions are required.
- Site: http://www.rdesktop.org/
- rdp-brute-force
- The following patch to rdesktop adds the ability to perform brute-force password guessing against Microsoft Terminal Servers. This functionality was initially based off of a patch found at cqure.net. However, significant modifications were made to allow testing against Windows 2000 and detection of error messages beyond simple pass/fail. The following is a brief summary of the included changes:Fixed segfault with original cqure.net patch when no dictionary file was supplied.Enhanced success dete...
- Site: http://www.foofus.net/jmk/rdesktop.html
- SQL Auditing Tools
- SQLAT is a suite of tools which could be usefull for pentesting a MS SQL Server. The tools are still in development but tend to be quite stable.
- The tools do dictionary attacks, upload files, read registry and dump the SAM. They do this by wrapping extended stored procedures. There is also a tool for doing a minimal analysis of a SQL Server with output as HTML. You need to be �sa� to run some of the tools, but this usually isn�t a problem.
- Site: http://www.cqure.net/wp/sql-auditing-tools/
- subversion
- The goal of the Subversion project is to build a version control system that is a compelling replacement for CVS in the open source community.
- Site: http://subversion.tigris.org/
- tcpdump
- Tcpdump prints out the headers of packets on a network interface that match the boolean expression. It can also be run with the -w flag, which causes it to save the packet data to a file for later analysis, and/or with the -b flag, which causes it to read from a saved packet file rather than to read packets from a network interface. In all cases, only packets that match expression will be pro� cessed by tcpdump.
- Site: http://www.tcpdump.org/
- Tcpreplay
- Tcpreplay is a suite of BSD licensed tools written by Aaron Turner for UNIX (and Win32 under Cygwin) operating systems which gives you the ability to use previously captured traffic in libpcap format to test a variety of network devices. It allows you to classify traffic as client or server, rewrite Layer 2, 3 and 4 headers and finally replay the traffic back onto the network and through other devices such as switches, routers, firewalls, NIDS and IPS's. Tcpreplay supports both single and dual N...
- Site: http://tcpreplay.synfin.net/trac/
- w3af
- w3af is a Web Application Attack and Audit Framework. The project's goal is to create a framework to find and exploit web application vulnerabilities that is easy to use and extend. The project's long term objectives to be achieved in the projects lifetime are:Create the biggest community of Web Application HackersBecome the best Web Application ScannerBecome the best Web Application Exploitation FrameworkCombine static code analysis and black box testing into one frameworkBecome the nmap for th...
- Site: http://w3af.sourceforge.net/
- Wapiti
- Wapiti allows you to audit the security of your web applications. It performs 'black-box' scans, i.e. it does not study the source code of the application but will scans the webpages of the deployed webapp, looking for scripts and forms where it can inject data. Once it gets this list, Wapiti acts like a fuzzer, injecting payloads to see if a script is vulnerable.Wapiti can detect the following vulnerabilities:File Handling Errors (Local and remote include/require, fopen, readfile...)Database In...
- Site: http://wapiti.sourceforge.net/
- webfuzzer
- Webfuzzer is a tool that can be useful for both pen testers and web masters, it's a poor man web vulnerability scanner. Its aim is to find common errors and vulnerabilities in all kind of web application, including perl scripts, php, asp, cgi. The original idea was just to investigate sql injection vulnerabilities (sql injection scanner). The idea was taken from wpoison and then the project grew a little. It was tested on Linux but should work and compile on most Unix variant.
- Site: http://gunzip.altervista.org/g.php?f=projects
- WebGoat
- WebGoat is a deliberately insecure J2EE web application maintained by OWASP designed to teach web application security lessons. In each lesson, users must demonstrate their understanding of a security issue by exploiting a real vulnerability in the WebGoat application.
- Site: http://www.owasp.org/index.php/Category:OWASP
- websecurify
- Websecurify is a web and web2.0 security initiative specializing in researching security issues and building the next generation of tools to defeat and protect web technologies. Our latest project is a web application security testing tool which automatically identifies vulnerabilities by using advanced scanning and fuzzing technologies.
- Site: http://www.websecurify.com/
- Wireshark
- Wireshark� is used by network professionals around the world for troubleshooting, analysis, software and protocol development, and education. It has all of the standard features you would expect in a protocol analyzer, and several features not seen in any other product.
- Site: http://www.wireshark.org/
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement