Financial Technologies (India) Ltd

Details of the Information Security Audit Tools

Freeware Tools

  1. Nessus - The Nessus™ vulnerability scanner, is one of the world-leader in active scanners, featuring high speed discovery, configuration auditing, asset profiling, sensitive data discovery and vulnerability analysis.
  2. NMAP - Nmap is a free security scanner. It is used to evaluate the security of computers, and to discover services or servers on a computer network.
  3. Microsoft Baseline Security Analyzer (MBSA) - MBSA provides a streamline method of identifying common security mis-configurations of Windows systems.
  4. Hping2 - hping is a command-line oriented TCP/IP packet assembler/analyzer. It supports TCP, UDP, ICMP and RAW-IP protocols, has a trace route mode, the ability to send files between a covered channel, and many other features.
  5. CIS Benchmark/Scoring tools - The Center for Internet Security's (CIS) Benchmark / Scoring Tools for security configuration of Operating Systems, Network Devices and applications.
  6. Achilles - Achilles is a web application security assessment tool, Achilles acts as a HTTP / HTTPs proxy that allow a user to intercept, log, and modify web traffic on the fly.
  7. Ethereal - Freeware Ethereal is a free network protocol analyzer for Unix and Windows. It is used to examine data in a live network or from a capture file on disk. It shows the summary and detail information for each packet captured.
  8. John the Ripper - John the Ripper is a password auditing tool that is used for detecting weak UNIX/Windows passwords.
  9. Nikto - Nikto is an Open Source web server scanner which performs comprehensive tests against web servers for multiple items, including over 3200 potentially dangerous files/CGIs, versions on over 625 servers, and version specific problems on over 230 servers.
  10. Brutus - Brutus is a remote password cracker. Brutus is used to recover valid access tokens (usually a username and password) for given target system.
  11. Xproble2 - Xprobe2 is a remote active operating system fingerprinting tool which uses advanced techniques, such as the usage of statistical analysis ('fuzzy logic') to match between probe response(s) to its signature database and others, in order to provide with accurate results regarding the underlying operating system of a probed element(s).

Commercial Tools

  1. Network General’s Sniffer with WAN book - Sniffer Portable™ is a multi-topology, software-only family of network fault and performance management solutions ideally suited for a range of usage scenarios By incorporating Expert analysis capabilities and advanced protocol decodes, Sniffer Portable can determine, pinpoint, and analyze the toughest performance problems automatically.

Proprietary Tools