Microland Ltd

Details of the Information Security Audit Tools

Freeware Tools

Vulnerability Assessment and Penetration Testing

  1. Nessus : Vulnerability scanner - Port scan/ Vulnerability scan /web application security scan
  2. Nikto : Web application vulnerability scanner
  3. Superscan : Port scanner
  4. Dsniff : collection of tools for network auditing and penetration testing
  5. Whisker/Libwhisker : CGI vulnerability scanner
  6. Network Stumbler : Tool to find open wireless access points
  7. SARA : vulnerability assessment tool
  8. Achillies : Web application security - proxy
  9. Brutus : Password brute forcing tool
  10. SPIKE Proxy : HTTP proxy for finding security flaws in web sites
  11. Winfingerprint : Win32 Host/Network Enumeration Scanner
  12. Auditor : Collection of Tools to conduct security audit.

Footprinting

  1. Greenwhich
  2. Whois
  3. Gnetutil : Network Utilities
  4. Itrace : ICMP traceroot
  5. Tctrace : TCP traceroute
  6. Traceroute
  7. DNSwalk : DNS verification
  8. Dig : DNS lookup
  9. Host : DNS lookup
  10. NSTXCD : IP over DNS client
  11. NSTXD : IP over DNS server
  12. Oxyman : DNS tunnel
  13. Curl : URL transfer
  14. Elinks : Console web browser
  15. Konqueror : Web browser
  16. Socat : Socket Cat
  17. Stunnel : Universal SSL tunnel
  18. Arpfetch : SNMP ARP/IP fetcher
  19. SNMP Walk : SNMP tree walk
  20. TKMib : Mib brower
  21. Komba2 : KDE SMB browser
  22. LinNeighborhood : Graphical SMB browser
  23. Net utils : NET utilities
  24. SMBClient : SMB client
  25. SMBGet : SMB downloader
  26. Smb4K : SMB share browser
  27. Xsmbrowser : Graphical SMB browser
  28. nmblookup : Netbios name lookup
  29. smbdumpusers : User browser
  30. smbgetserverinfo : Get server info
  31. Cheops : Network neighborhood
  32. NTP-fingerprint : Detection based on ntp fingerprint
  33. Nmap : Network scanner
  34. NmapFE : Graphical network scanner
  35. P0f : Passive OS detection
  36. Queso : OS detection
  37. XProbe2 : OS detection

Scanning

  1. Cisco global exploiter : Cisco scanner
  2. Cisco torch : Cisco oriented scanner
  3. ExploitTree search : ExploitTree collection
  4. Metasploit : Metasploit commandline
  5. Metasploit : Metasploit console GUI
  6. Metasploit : Metasploit web interface
  7. Nessus : security Scanner
  8. Raccess : remote Scanner
  9. Httprint : Webserver fingerprinting
  10. Nikto : Webserver scanner
  11. Stunnel : Universal SSL tunnel
  12. Cheops : Network neighborhood
  13. GTK-Knocker : Simple GUI portscanner
  14. IKE-Scan : IKE scanner
  15. Knocker : Simple portscanner
  16. Netenum : Pingsweep
  17. Netmask : Request neetmask
  18. Nmap : Network Scanner
  19. NmapFE : Graphical network scanner
  20. Proxychains : Proxifier
  21. Scanrand : Stateless scanner
  22. Timestamp : Requests timestamp
  23. Unicornscan : Fast port scanner
  24. Isrscan : Source routed packets scanner
  25. Amap : Application identification
  26. Bed.pl : Application fuzzer
  27. SNMP-Fuzzer : SNMP protocol fuzzer
  28. ScanSSH : SSH identification
  29. Nbtscan : Netbios scanner
  30. SMB-Nat : SMB access scanner
  31. Ozyman : DNS tunnel
  32. Ass : Autonomous system scanner
  33. Protos : Protocol identification

Analyzer

  1. AIM-SNIFF : AIM sniffer
  2. Driftnet : Image sniffer
  3. Mailsnart : Mail sniffer
  4. Paros : HTTP interception proxy
  5. URLsnarf : URL sniffer
  6. smbspy : SMB sniffer
  7. Etherape : Network monitor
  8. Ethereal : Network analyzer
  9. Ettercap : Sniffer/Interceptor/Logger
  10. Hunt : Sniffer/Interceptor
  11. IPTraf : Traffic monitor
  12. Ngrep : Network grep
  13. NetSed : Network edit
  14. SSLDump : SSLv3/TLS analyzer
  15. Sniffit : Sniffer
  16. TcPick : Packet stream editor
  17. Dsniff : Password sniffer

Spoofing

  1. Arpspoof : ARP spoofer
  2. Macof : ARP spoofer/generator
  3. Nemesis-ARP : ARP packet generator
  4. Nemesis-Ethernet : Ethernet packet generator
  5. CDP : CDP generator
  6. DNSSpoof : DNS spoofer
  7. Nemesis-DNS : DNS packet generator
  8. DHCPX : DHCP flooder
  9. Hping2 : Packet generator
  10. ICMRRedirect : ICMP redirect packet generator
  11. ICMPUSH : ICMP packet generator
  12. Nemesis-ICMP : ICMP packet generator
  13. Packit : Traffic inject/modify
  14. TcPick : Packet stream editor
  15. Yersinia : Layer 2 protocol injector
  16. Fragroute : Egress rewrite
  17. HSRP : HSRP generator
  18. IGRP : IGRP injector
  19. IRDP : IRDP generator
  20. IRDPresponder : IRDP response generator
  21. Nemesis-IGMP : IGMP generator
  22. Nemesis-RIP : RIP generator
  23. File2Cable : Traffic replay
  24. Fragrouter : IDS evasion toolkit
  25. Nemesis-IP : IP packet generator
  26. Nemesis-TCP : TCP packet generator
  27. Nemesis-UDP : UDP traffic generator
  28. SendIP : IP packet generator
  29. TCPReplay : Traffic replay
  30. Etherwake : Generate wake-on-LAN

Bluetooth

  1. BTScanner : Bluetooth scanner
  2. Bluesnarfer : Bluesnarf attack
  3. Ghettotooth : Bluetooth scanner
  4. Kandy : Mobile phone tool
  5. Obexftp Obexftp ftp client
  6. Phone manager
  7. RFComm : Bluetooth serial
  8. RedFang : Bluetooth bruteforce
  9. USSP-Push : Obex-push
  10. Xminicom : Terminal

Wireless

  1. apmde.sht : Act as accesspoin
  2. Airpwn : Client penetration
  3. Hotspotter : Client penetration
  4. GpsDrive
  5. start-gps-daemon : GPS daemon
  6. stop-gps-daemon : GPS daemon
  7. ASLeap : LEAP/PPTP cracker
  8. Genkeys : Hash generator for ASLeap
  9. Airforge
  10. File2air : Packet injector
  11. Void11
  12. Void11-Hopper : Channel hopper
  13. Gkismet : Graphical wireless scanner
  14. GPSMAP : wireless mapping
  15. KLV : Kismet Log Viewer
  16. Kismet : Ncurses wireless scanner
  17. Wellenreiter : Graphical Wireless scanner
  18. 802ether : Dumpfile format convertor
  19. airodump : Traffic recorder
  20. aircrack : Modern WEP cracker
  21. Aireplay : Wireless packet injector
  22. Wep-Crack : Wep Cracker
  23. Wep_Decrypt : Decrypt dump files
  24. Airsnort : GUI based WEP cracker
  25. ChopChop : Active WEP attack
  26. DWEPCrack : WEP cracker
  27. Decrypt : Dump file decrypter
  28. WEPAtttack : Dictionary attack
  29. WEPlab : Modem WEP cracker
  30. Cowpatty : WPA PSK bruteforcer
  31. changemac.sh : MAC address changer

Bruteforce

  1. ADMsnmp : SNMP bruteforce
  2. Guess-who : SSH bruteforce
  3. Hydra : Multi purpose bruteforce
  4. K0ldS : LDAP bruteforce
  5. Obiwan III : HTTP bruteforce
  6. SMB-Nat : SMB access scanner
  7. TFTP : bruteforce
  8. VNCrack : VNC bruteforce
  9. Xhydra : Graphical bruteforcer

Password Cracker

  1. BKHive : SAM recovery
  2. Fcrackzip : Zip password cracker
  3. John : Multi-purpose password cracker
  4. Default password list :
  5. Nasty : GPG secret key cracker
  6. Rainbowcrack : Hash cracker
  7. Samdump2 : SAM file dumper
  8. Wordlists : Collection of wordlists

Forensics

  1. Autopsy : Forensic GUI
  2. Recover : Ext2 file recovery
  3. Testdisk : Partition scanner
  4. Wipe : Securely delete files

Honeypot

  1. IMAP
  2. POP3
  3. Honeyd : Honeypot
  4. IISEmulator : Honeypot
  5. Tinyhoneypot : Simple honeypot

Commercial Tools

Proprietary Tools