AUDITime Information Systems (I) Pvt. Ltd., Mumbai
Details of the Audit Tools
Freeware Tools
1. Achilles - A tool designed for testing the security of web applications
2. ADMFtp, ADMSnmp - Tools for remote brute-forcing
3. Brutus- An Windows GUI brute-force tool for FTP, telnet, POP3, SMB, HTTP, etc
4. Crack - A password cracker
5. CrypTool - A cryptanalysis utility
6. cURL - Curl is a tool for transferring files with URL syntax, supporting FTP, FTPS, HTTP, HTTPS, GOPHER, TELNET, DICT, FILE and LDAP
7. Different network mapping tools - ping, traceroute, whois, snmp tools, dig, nslookup, DNS tools etc
8. Elza - A family of tools for arbitrary HTTP communication with picky web sites for the purpose of penetration testing and information gathering
9. Exploits - publicly available and home made exploit code for the different vulnerabilities around
10. FScan - A command-line port scanner. Supports TCP and UDP
11. Fragrouter - Utility that allows to fragment packets in funny ways
12. HPing - HPing is a command-line oriented TCP/IP packet assembler/analyzer. It supports TCP, UDP, ICMP and RAW-IP protocols, has a traceroute mode, the ability to send files between a covered channel, and many other features.
13 .ISNprober - Check an IP address for load-balancing.
14. ICMPush - ICMPush is a tool that sends ICMP packets fully customized from command line
15. John The Ripper - A password cracker
16. L0phtcrack - NTLM/Lanman password auditing and recovery application (read: cracker)
17. Nessus - A free, powerful, up-to-date and easy to use remote security scanner. This tool could be used when scanning a large range of IP addresses, or to verify the results of manual work.
18.Netcat - The swiss army knife of network tools. A simple utility which reads and writes data across network connections, using TCP or UDP protocol
19. NMAP - The best known port scanner around.
20.p0f - Passive OS Fingerprinting: A tool that listens on the network and tries to identify the OS versions from the information in the packets.
21. Pwdump - Tools that grab the hashes out of the SAM database, to use with a brute-forcer like L0phtcrack or John
22. SamSpade - Graphical tool that allows to perform different network queries: ping, nslookup, whois, IP block whois, dig, traceroute, finger, SMTP VRFY, web browser keep-alive, DNS zone transfer, SMTP relay check,etc.
23.ScanDNS - Script that scans a range of IP addresses to find DNS names
24. Scripts - A number of custom developed scripts to test different security issues.
25. Sing - Send ICMP Nasty Garbage. A little tool that sends ICMP packets fully customized from command line
26.SSLProxy, STunnel - Tools that allow to run non SSL-aware tools/programs over SSL.
27. Strobe - A command-line port scanner that also performs banner grabbing
28.Telesweep Secure - A commercial wardialer that also does fingerprinting and brute-forcing.
29. THC - A freeware wardialer
30. TCPdump - A packet sniffer
31. TCPtraceroute - Traceroute over TCP
32. UCD-Snmp - (aka NET-Snmp): Various tools relating to the Simple Network Management Protocol including snmpget, snmpwalk and snmpset.
33.Web Session Editor - Custom made utility that allows to intercept and edit HTTP sessions.
34. Webinspect - CGI scanning, web crawling, etc.
35. Webreaper, wget - Software that mirrors websites to your hard disk
36. Whisker - The most famous CGI scanner. has updated the scanning databases with checks for the latest vulnerabilities.
Commercial Tools
Proprietary Tools
None