Spectrum Networks Solutions Pvt Ltd

Details of the Information Security Audit Tools

Freeware Tools

  1. Achilles - A tool designed for testing the security of web applications
  2. ADMFtp, ADMSnmp - Tools for remote brute-forcing
  3. Brutus- An Windows GUI brute-force tool for FTP, telnet, POP3, SMB, HTTP, etc
  4. Crack - A password cracker
  5. CrypTool - A cryptanalysis utility
  6. Curl - Curl is a tool for transferring files with URL syntax, supporting FTP, FTPS, HTTP, HTTPS, GOPHER, TELNET, DICT, FILE and LDAP
  7. Different network mapping tools - ping, traceroute, whois, snmp tools, dig, nslookup, DNS tools etc
  8. Elza - A family of tools for arbitrary HTTP communication with picky web sites for the purpose of penetration testing and information gathering
  9. Exploits - publicly available and home made exploit code for the different vulnerabilities around
  10. FScan - A command-line port scanner. Supports TCP and UDP
  11. Fragrouter - Utility that allows to fragment packets in funny ways
  12. HPing - HPing is a command-line oriented TCP/IP packet assembler/analyzer. It supports TCP, UDP, ICMP and RAW-IP protocols, has a traceroute mode, the ability to send files between a covered channel, and many other features.
  13. ISNprober - Check an IP address for load-balancing.
  14. ICMPush - ICMPush is a tool that sends ICMP packets fully customized from command line
  15. John The Ripper - A password cracker
  16. L0phtcrack - NTLM/Lanman password auditing and recovery application (read: cracker)
  17. Nessus - A free, powerful, up-to-date and easy to use remote security scanner. This tool could be used when scanning a large range of IP addresses, or to verify the results of manual work.
  18. Netcat - The swiss army knife of network tools. A simple utility which reads and writes data across network connections, using TCP or UDP protocol
  19. NMAP - The best known port scanner around.
  20. p0f - Passive OS Fingerprinting: A tool that listens on the network and tries to identify the OS versions from the information in the packets.
  21. Pwdump - Tools that grab the hashes out of the SAM database, to use with a brute-forcer like L0phtcrack or John
  22. SamSpade - Graphical tool that allows to perform different network queries: ping, nslookup, whois, IP block whois, dig, traceroute, finger, SMTP VRFY, web browser keep-alive, DNS zone transfer, SMTP relay check,etc.
  23. ScanDNS - Script that scans a range of IP addresses to find DNS names
  24. Scripts - A number of custom developed scripts to test different security issues.
  25. Sing - Send ICMP Nasty Garbage. A little tool that sends ICMP packets fully customized from command line
  26. SSLProxy, STunnel - Tools that allow to run non SSL-aware tools/programs over SSL.
  27. Strobe - A command-line port scanner that also performs banner grabbing
  28. Telesweep Secure - A commercial wardialer that also does fingerprinting and brute-forcing.
  29. THC - A freeware wardialer
  30. TCPdump - A packet sniffer
  31. TCPtraceroute - Traceroute over TCP
  32. UCD-Snmp - (aka NET-Snmp): Various tools relating to the Simple Network Management Protocol including snmpget, snmpwalk and snmpset.
  33. Web Session Editor - Custom made utility that allows to intercept and edit HTTP sessions.
  34. Webinspect - CGI scanning, web crawling, etc.
  35. Webreaper, wget - Software that mirrors websites to your hard disk
  36. Whisker - The most famous CGI scanner. has updated the scanning databases with checks for the latest vulnerabilities.

Commercial Tools

Proprietary Tools