Wednesday, 27 May 2009

Open Source Security Assessment Tools

100 Open Source Security Assessment, Vulnerability Auditing, & Security Tools

1
Stockade Virtual Appliance with Snort, BASE, Inprotect, CACTI, NTOP & Others
2

Nessus

Open source vulnerability assessment tool
3
Snort Intrusion Detection (IDS) tool
4
Wireshark TCP/IP Sniffer- AKA Ethereal
5

WebScarab

Analyze applications that communicate using the HTTP and HTTPS protocols
6
Wikto Web server assessment tool
7
BackTrack Penetration Testing live Linux distribution
8
Netcat The network Swiss army knife
9
Metasploit Framework Comprehensive hacking framework
10
Sysinternals Collection of windows utilities
11
Paros proxy Web application proxy
12
Enum Enumerate Windows information
13
P0F v2 Passive OS identification tool
14
IPPersonality Masquerade IP Stack
15
SLAN Freeware VPN utility
16
IKE Crack IKE/IPSEC cracking utility
17
ASLEAP LEAP cracking tool
18
Karma Wireless client assessment tool- dangerous
19
WEPCrack WEP cracking tool
20
Wellenreiter Wireless scanning application
21

SiteDigger

Great Google hacking tool
22
Several DDOS Tools Distributed Denial of Service(DDOS) tools
23
Achilles Web Proxy Tool
24
Firefox Web Developer Tool Manual web assessment
25
Scoopy Virtual Machine Identification tool
26
WebGoat Learning tool for web application pentests
27
FlawFinder Source code security analyzer
28
ITS4 Source code security analyzer
29
Slint

Source code security analyzer

30
PwDump3 Dumps Windows 2000 & NT passwords
31
Loki ICMP covert channel tool
32
Zodiac DNS testing tool
33
Hunt TCP hijacking tool
34
SniffIT Curses-Based sniffing tool
35
CactiEZ Network traffic analysis ISO
36
Inprotect Web-based Nessus administration tool
37
OSSIM Security Information Management (SIM)
38
Nemesis Command-Line network packet manipulation tool
39
NetDude TCPDump manipulation tool
40
TTY Watcher Terminal session hijacking
41
Stegdetect Detects stego-hidden data
42
Hydan Embeds data within x86 applications
43
S-Tools Embeds data within a BMP, GIF, & WAV Files
44
Nushu Passive covert channel tool
45
Ptunnel Transmit data across ICMP
46
Covert_TCP Transmit data over IP Header fields
47
THC-PBX Hacker PBX Hacking/Auditing Utility
48
THC-Scan Wardialer
49
Syslog-NG MySQL Syslog Service
50

WinZapper

Edit WinNT 4 & Win2000 log files
51
Rootkit Detective Rootkit identification tool
52
Rootkit Releaver Rootkit identification tool
53
RootKit Hunter Rootkit identification tool
54

Chkrootkit

Rootkit identification tool
55
LKM Linux Kernal Rootkit
56
TCPView Network traffic monitoring tool
57
NMAP Network mapping tool
58
Ollydbg Windows unpacker
59
UPX Windows packing application
60
Burneye Linux ELF encryption tool
61

SilkRpoe 2000

GUI-Based packer/wrapper
62
EliteWrap Backdoor wrapper tool
63
SubSeven

Remote-Control backdoor tool

64
MegaSecurity Site stores thousands of trojan horse backdoors
65
Netbus

Backdoor for Windows

66
Back Orfice 2000 Windows network administration tool
67
Tini Backdoor listener similar to Netcat
68

MBSA

Microsoft Baseline Security Analyzer
69
OpenVPN SSL VPN solution
70
Sguil An Analyst Console for network security/log Monitoring
71
Honeyd Create your own honeypot
72
Brutus Brute-force authentication cracker
73
cheops / cheops-ng Maps local or remote networks and identifies OS of machines
74
ClamAV A GPL anti-virus toolkit for UNIX
75
Fragroute/Fragrouter Intrusion detection evasion toolkit
76
Arpwatch Monitor ethernet/IP address pairings and can detect ARP Spoofing
77
Angry IP Scanner Windows port scanner
78
Firewalk Advanced traceroute
79
RainbowCrack Password Hash Cracker
80
EtherApe EtherApe is a graphical network monitor for Unix
81
WebInspect Web application scanner
82
Tripwire File integrity checker
83
Ntop Network traffic usage monitor
84
Sam Spade Windows network query tool
85
Scapy Interactive packet manipulation tool
86
Superscan A Windows-only port scanner
87
Airsnort 802.11 WEP Encryption Cracking Tool
88
Aircrack WEP/WPA cracking tool
89
NetStumbler Windows 802.11 Sniffer
90
Dsniff A suite of powerful network auditing and penetration-testing tools
91
John the Ripper Multi-platform password hash cracker
92
BASE The Basic Analysis and Security Engine- used to manage IDS data
93
Kismet Wireless sniffing tool
94

THC Hydra

Network authentication cracker
95
Nikto Web scanner
96
Tcpdump TCP/IP analysis tool
97

L0phtcrack

Windows password auditing and recovery application
98

Reverse WWW Shell

Shell access across port 80
99
THC-SecureDelete Ensure deleted files are unrecoverable
100
THC-AMAP Application mapping tool

3 comments:

Tharaka Weerasekara said...

Hope you will add OpenVas as an alternative to nessus.
http://www.openvas.org

Samer Azmy aka Kernel The Canine said...

Thank you for the comment, Now it is added by you
Please add anything you see relevant as well

Houcem HACHICHA said...

IMO, OSSIM is just great

FEEDJIT Live Traffic Feed