PSD & Associates

Details of the Information Security Audit Tools

Freeware Tools

1. Nessus : It is a remote security scanner for Linux, BSD, Solaris, and other Unices. It is plug-in-based, has a GTK interface, and performs over 1200 remote security checks. 
2. Snort : Snort is a network intrusion detection system, capable of performing real-time traffic analysis and packet logging on IP networks.  It can perform protocol analysis, content searching/matching and can be used to detect a variety of attacks and probes, such as buffer overflows, stealth port scans, CGI attacks, SMB probes, OS fingerprinting attempts, and much more. 
3. MBSA (Microsoft Baseline Security Analyser) : to detect common security misconfigurations and mission security updates on computer systems.
4. NMAP (Network Mapper) : A Port Scanner which lists what hosts are available on the network, what services (application name and version) those hosts are offering, what operating systems (and OS versions) they are running, what type of packet filters/firewalls are in use etc..
5. WIKTO: Web server/application vulnerability scanner
6. IIS exploit: Buffer Overflow
7. IIS Hack/IIS: Buffer Overflow
8. IIS Crack: Buffer Overflow
9. Web Cracker: Web based password cracking
10. Brutus: Web based password cracking
11. Trojan maker: For creating viruses, worms and trojans
12. CrypTool: A cryptanalysis utility

Commercial Tools

1. Symantec Net Recon: Network Scanner
2. Watchfire Appscan: Web server/application vulnerability scanner
3. Acunetix: Web server/application vulnerability scanner

Proprietary Tools

None