Insecure

Argus

Argus : A generic IP network transaction auditing tool Argus is a fixed-model Real Time Flow Monitor designed to track and report on the status and performance of all network transactions seen in a data network traffic stream. Argus provides a common data format for reporting flow metrics such as connectivity, capacity, demand, loss, delay, […]

Argus Read More »

MBSA

MBSA : Microsoft Baseline Security Analyzer Microsoft Baseline Security Analyzer (MBSA) is an easy-to-use tool designed for the IT professional that helps small and medium-sized businesses determine their security state in accordance with Microsoft security recommendations and offers specific remediation guidance. Built on the Windows Update Agent and Microsoft Update infrastructure, MBSA ensures consistency with

MBSA Read More »

N-Stealth

N-Stealth : Web server scanner N-Stealth is a commercial web server security scanner. It is generally updated more frequently than free web scanners such as Whisker/libwhisker and Nikto, but do take their web site with a grain of salt. The claims of “30,000 vulnerabilities and exploits” and “Dozens of vulnerability checks are added every day”

N-Stealth Read More »

Watchfire AppScan

Watchfire AppScan : Commercial Web Vulnerability Scanner AppScan provides security testing throughout the application development lifecycle, easing unit testing and security assurance early in the development phase. Appscan scans for many common vulnerabilities, such as cross site scripting, HTTP response splitting, parameter tampering, hidden field manipulation, backdoors/debug options, buffer overflows and more.

Watchfire AppScan Read More »

TrueCrypt

TrueCrypt : Open-Source Disk Encryption Software for Windows and Linux TrueCrypt is an excellent open source disk encryption system. Users can encrypt entire filesystems, which are then on-the-fly encrypted/decrypted as needed without user intervention beyond entering their passphrase intially. A clever hidden volume feature allows you to hide a 2nd layer of particularly sensitive content

TrueCrypt Read More »

Acunetix WVS

Acunetix WVS : Commercial Web Vulnerability Scanner Acunetix WVS automatically checks web applications for vulnerabilities such as SQL Injections, cross site scripting, arbitrary file creation/deletion, weak password strength on authentication pages. AcuSensor technology detects vulnerabilities which typical black box scanners miss. Acunetix WVS boasts a comfortable GUI, an ability to create professional security audit and

Acunetix WVS Read More »

Bastille

Bastille : Security hardening script for Linux, Mac OS X, and HP-UX The Bastille Hardening program “locks down” an operating system, proactively configuring the system for increased security and decreasing its susceptibility to compromise. Bastille can also assess a system’s current state of hardening, granularly reporting on each of the security settings with which it

Bastille Read More »

Helix

Helix : A Linux Distribution with Computer Forensics in Mind Helix is a customized distribution of the Knoppix Live Linux CD. Helix is more than just a bootable live CD. You can still boot into a customized Linux environment that includes customized Linux kernels, excellent hardware detection and many applications dedicated to Incident Response and

Helix Read More »

OllyDbg

OllyDbg : An assembly level Windows debugger OllyDbg is a 32-bit assembler level analyzing debugger for Microsoft Windows. Emphasis on binary code analysis makes it particularly useful in cases where source is unavailable. OllyDbg features an intuitive user interface, advanced code analysis capable of recognizing procedures, loops, API calls, switches, tables, constants and strings, an

OllyDbg Read More »

OpenVPN

OpenVPN : A full-featured SSL VPN solution OpenVPN is an open-source SSL VPN package which can accommodate a wide range of configurations, including remote access, site-to-site VPNs, WiFi security, and enterprise-scale remote access solutions with load balancing, failover, and fine-grained access-controls. OpenVPN implements OSI layer 2 or 3 secure network extension using the industry standard

OpenVPN Read More »

SAINT

SAINT : Security Administrator’s Integrated Network Tool SAINT is another commercial vulnerability assessment tool (like Nessus, ISS Internet Scanner, or Retina). It runs on UNIX and used to be free and open source, but is now a commercial product.

SAINT Read More »

Fping

Fping : A parallel ping scanning program fping is a ping(1) like program which uses the Internet Control Message Protocol (ICMP) echo request to determine if a host is up. fping is different from ping in that you can specify any number of hosts on the command line, or specify a file containing the lists

Fping Read More »

Tcptraceroute

Tcptraceroute : A traceroute implementation using TCP packets The problem is that with the widespread use of firewalls on the modern Internet, many of the packets that the conventional traceroute(8) sends out (ICMP echo or UDP) end up being filtered, making it impossible to completely trace the path to the destination. However, in many cases,

Tcptraceroute Read More »

VMware

VMware : Multi-platform Virtualization Software VMware virtualization software lets you run one operating system within another. This is quite useful for security researchers who commonly need to test code, exploits, etc on multiple platforms. It only runs on Windows and Linux as the host OS, but pretty much any x86 OS will run inside the

VMware Read More »

IP Filter

IP Filter : Portable UNIX Packet Filter IP Filter is a software package that can be used to provide network address translation (NAT) or firewall services. It can either be used as a loadable kernel module or incorporated into your UNIX kernel; use as a loadable kernel module where possible is highly recommended. Scripts are

IP Filter Read More »

Scanrand

Scanrand : An unusually fast stateless network service and topology discovery system Scanrand is a stateless host-discovery and port-scanner similar in design to Unicornscan. It trades off reliability for amazingly fast speeds and uses cryptographic techniques to prevent attackers from manipulating scan results. This utility is a part of a software package called Paketto Keiretsu,

Scanrand Read More »

Sguil

Sguil : The Analyst Console for Network Security Monitoring Sguil (pronounced sgweel) is built by network security analysts for network security analysts. Sguil’s main component is an intuitive GUI that provides realtime events from Snort/barnyard. It also includes other components which facilitate the practice of Network Security Monitoring and event driven analysis of IDS alerts.

Sguil Read More »

اسکرول به بالا