شنبه - ۲۹ شهریور ۱۳۹۹

BASIC Tools

Fping

Fping : A parallel ping scanning program fping is a ping(1) like program which uses the Internet Control Message Protocol (ICMP) echo request to determine if a host is up. fping is different from ping in that you can specify any number of hosts on the command line, or specify a file containing the lists of hosts to ping. Instead of trying one host until it timeouts or replies, fping will send out a ping …

بیشتر بخوانید »

VMware

VMware : Multi-platform Virtualization Software VMware virtualization software lets you run one operating system within another. This is quite useful for security researchers who commonly need to test code, exploits, etc on multiple platforms. It only runs on Windows and Linux as the host OS, but pretty much any x86 OS will run inside the virtualized environment. It is also useful for setting up sandboxes. You can browse from within a VMware window so the …

بیشتر بخوانید »

Honeyd

Honeyd : Your own personal honeynet Honeyd is a small daemon that creates virtual hosts on a network. The hosts can be configured to run arbitrary services, and their TCP personality can be adapted so that they appear to be running certain versions of operating systems. Honeyd enables a single host to claim multiple addresses on a LAN for network simulation. It is possible to ping the virtual machines, or to traceroute them. Any type …

بیشتر بخوانید »

cheops_cheops-ng

cheops / cheops-ng : Gives a simple interface to many network utilities, maps local or remote networks and identifies OS of machines Cheops provides the functionality of many network utilities through a comfortable, powerful GUI. It has host/network discovery functionality as well as OS detection of hosts. Cheops-ng has the ability to probe hosts to see what services they are running. On some services, cheops-ng is actually able to see what program is running for …

بیشتر بخوانید »

ClamAV

ClamAV : A GPL anti-virus toolkit for UNIX ClamAV is a powerful AntiVirus scanner focused towards integration with mail servers for attachment scanning. It provides a flexible and scalable multi-threaded daemon, a command line scanner, and a tool for automatic updating via the Internet. Clam AntiVirus is based on a shared library distributed with the Clam AntiVirus package, which you can use with your own software. Most importantly, the virus database is kept up to …

بیشتر بخوانید »

Fport

Fport : Foundstone’s enhanced netstat Fport reports all open TCP/IP and UDP ports on the machine you run it on and shows what application opened each port. So it can be used to quickly identify unknown open ports and their associated applications. It only runs on Windows, but many UNIX systems now provided this information via netstat (try ‘netstat -pan’ on Linux). Here is a PDF-Format SANS article on using Fport and analyzing the results.

بیشتر بخوانید »

Arpwatch

Arpwatch : Keeps track of ethernet/IP address pairings and can detect certain monkey business Arpwatch is the classic ARP man-in-the-middle attack detector from LBNL’s Network Research Group. It syslogs activity and reports certain changes via email. Arpwatch uses LibPcap to listen for ARP packets on a local ethernet interface.

بیشتر بخوانید »

LSoF

LSoF : LiSt Open Files This Unix-specific diagnostic and forensics tool lists information about any files that are open by processes currently running on the system. It can also list communications sockets open by each process. For a Windows equivalent, check out Process Explorer from Sysinternals.

بیشتر بخوانید »