دسته: Tools
-
THC Amap
THC Amap : An application fingerprinting scanner Amap is a great tool for determining what application is listening on a given port. Their database isn’t as large as what Nmap uses for its version detection feature, but it is definitely worth trying for a 2nd opinion or if Nmap fails to detect a service. Amap…
-
NetStumbler
NetStumbler : Free Windows 802.11 Sniffer Netstumbler is the best known Windows tool for finding open wireless access points (“wardriving”). They also distribute a WinCE version for PDAs and such named Ministumbler. The tool is currently free but Windows-only and no source code is provided. It uses a more active approach to finding WAPs than…
-
Dsniff
Dsniff : A suite of powerful network auditing and penetration-testing tools This popular and well-engineered suite by Dug Song includes many tools. dsniff, filesnarf, mailsnarf, msgsnarf, urlsnarf, and webspy passively monitor a network for interesting data (passwords, e-mail, files, etc.). arpspoof, dnsspoof, and macof facilitate the interception of network traffic normally unavailable to an attacker…
-
Paros proxy
Paros proxy : A web application vulnerability assessment proxy A Java based web proxy for assessing web application vulnerability. It supports editing/viewing HTTP/HTTPS messages on-the-fly to change items such as cookies and form fields. It includes a web traffic recorder, web spider, hash calculator, and a scanner for testing common web application attacks such as…
-
THC Hydra
THC Hydra : A Fast network authentication cracker which support many different services When you need to brute force crack a remote authentication service, Hydra is often the tool of choice. It can perform rapid dictionary attacks against more then 30 protocols, including telnet, ftp, http, https, smb, several databases, and much more. Like THC…
-
OpenSSH_PuTTY_SSH
OpenSSH / PuTTY / SSH : A secure way to access remote computers SSH (Secure Shell) is the now ubiquitous program for logging into or executing commands on a remote machine. It provides secure encrypted communications between two untrusted hosts over an insecure network, replacing the hideously insecure telnet/rlogin/rsh alternatives. Most UNIX users run the…
-
Ping_telnet_dig_traceroute_whois_netstat
Ping/telnet/dig/traceroute/whois/netstat : The basics While there are many whiz-bang high-tech tools out there to assist in security auditing, don’t forget about the basics! Everyone should be very familiar with these tools as they come with most operating systems (except that Windows omits whois and uses the name tracert). They can be very handy in a…