List of 244 Hacking Tools and Resources
To stay up to date with the latest and greatest ethical
hacking tools and resources, you have to know where to turn to. This post
contains my favorite security sites, tools, resources, and more that you will
ever need. Some multi-purpose tools fall in more than one category, so there
might be a single tool in more than one category, but there number is
negligible.
Bluetooth
BlueScanner — https://labs.arubanetworks.com
Bluesnarfer — www.alighieri.org/tools/bluesnarfer.tar.gz
BlueSniper rifle — www.tomsguide.com/us/how-to-bluesniperpt1,
review-408.html
Bluejacking community site — www.bluejackq.com
BTScanner for XP — www.pentest.co.uk/src/btscanner_1_0_0.zip
Car Whisperer — http://trifinite.org/trifinite_stuff_carwhisperer.html
Detailed presentation on the various Bluetooth attacks — http://trifinite.org/Downloads/21c3_Bluetooth_Hacking.pdf
NIST Special Publication 800-48 — http://csrc.nist.gov/publications/nistpubs/800-48-rev1/SP800-48r1.pdf
Smurf — www.gatefold.co.uk/smurf
Certifications
Certified Ethical Hacker — www.eccouncil.org/CEH.htm
Certified Information Security Manager — www.isaca.org
Certified Information Systems Security Professional — www.isc2.org/cissp/default.aspx
Certified Wireless Security Professional — www.cwnp.com/cwsp/index.html
CompTIA Security+ — www.comptia.org/certifications/listed/security.aspx
SANS GIAC — www.giac.org
Databases
Advanced Access Password Recovery — www.elcomsoft.com/acpr.html
Advanced SQL Password Recovery — www.elcomsoft.com/asqlpr.html
AppDetectivePro — www.appsecinc.com/products/appdetective
Elcomsoft Distributed Password Recovery — www.elcomsoft.com/edpr.html
Microsoft SQL Server Management Studio Express — www.microsoft.com/express/sql/default.aspx
NGSSQuirreL — www.ngssoftware.com/products/database-security
Pete Finnigan’s listing of Oracle scanning tools — www.petefinnigan.com/tools.htm
QualysGuard — www.qualys.com
Exploit Tools
Metasploit — www.metasploit.com
Milw0rm — www.milw0rm.com
General Research Tools
AfriNIC — www.afrinic.net
APNIC — www.apnic.net
Bing — www.bing.com
DNSstuff.com — www.DNSstuff.com
dnstools.com — www.dnstools.com
The File Extension Source — http://filext.com
Google — www.google.com
Government domains — www.dotgov.gov
Hoover’s business information — www.hoovers.com
LACNIC — www.lacnic.net
Military domains — www.nic.mil
Netcraft’s What’s that site running? — www.netcraft.com
RIPE Network Coordination Centre — www.db.ripe.net/whois
Switchboard.com — www.switchboard.com
U.S. Patent and Trademark Office — www.uspto.gov
US Search.com — www.ussearch.com
U.S. Securities and Exchange Commission — www.sec.gov/edgar.shtml
Wotsit’s Format — www.wotsit.org
Whois.net — www.whois.net
Whatismyip.com — www.whatismyip.com
Yahoo! Finance — http://finance.yahoo.com
Zabasearch — www.zabasearch.com
Hacker Stuff
2600 The Hacker Quarterly — www.2600.com
Computer Underground Digest — http://cu-digest.org/
Hacker T-shirts, equipment, and other trinkets — www.thinkgeek.com
Hackin9 — http://hakin9.org
Honeypots: Tracking Hackers — www.tracking-hackers.com
The Online Hacker Jargon File — www.jargon.8hz.com
PHRACK — www.phrack.org
KeyLogger
Invisible KeyLogger Stealth — www.amecisco.com/iks.htm
KeyGhost — www.keyghost.com
SpectorSoft — www.spectorsoft.com
Laws and Regulations
Gramm-Leach-Bliley Act (GLBA) Safeguards Rule — www.ftc.gov/os/2002/05/67fr36585.pdf
Health Information Technology for Economic and Clinical
Health (HITECH) Act — www.oig.dot.gov/files/Recovery_Act.pdf
Health Insurance Portability and Accountability Act (HIPAA)
Security Rule —
Payment Card Industry Data Security Standard (PCI DSS) — www.pcisecuritystandards.org/security_standards/pci_dss.shtml
U.S. state breach notification laws — www.ncsl.org/programs/lis/cip/priv/breachlaws.htm
Linux
BackTrack — www.remote-exploit.org/backtrack.html
freshmeat.net — http://freshmeat.net
GFI LANguard — www.gfi.com/lannetscan
Linux Security Auditing Tool (LSAT) — http://usat.sourceforge.net
QualysGuard — www.qualys.com
SourceForge — http://sourceforge.net
THC-Amap — http://freeworld.thc.org/thc-amap
Tiger — www.nongnu.org/tiger
Live Toolkits
BackTrack — www.remote-exploit.org/backtrack.html
Comprehensive listing of live bootable Linux toolkits — www.frozentech.com/content/livecd.php
Knoppix — www.knoppix.net
Network Security Toolkit — www.networksecuritytoolkit.org
Security Tools Distribution — http://s-t-d.org
Log Analysis
ArcSight Logger — www.arcsight.com/products/products-logger
GFI EventsManager — www.gfi.com/eventsmanager
LogAnalysis.org system logging resources — www.loganalysis.org
Messaging
Abuse.net SMTP relay checker — www.abuse.net/relay.html
Brutus — www.hoobie.net/brutus
Cain & Abel — www.oxid.it/cain.html
DNSstuff.com relay checker — www.dnsstuff.com
EICAR Anti-Virus test file — www.eicar.org/anti_virus_test_file.htm
GFI e-mail security test — www.gfi.com/emailsecuritytest
mailsnarf — www.monkey.org/~dugsong/dsniff
smtpscan — www.freshports.org/security/smtpscan
Miscellaneous Tools
WinZip — www.winzip.com
NetWare
Craig Johnson’s BorderManager resources — http://nscsysop.hypermart.net
JRB Software — www.jrbsoftware.com
NetServerMon — www.simonsware.com/nsmdesc.html
Pandora — www.nmrc.org/project/pandora
Rcon program — http://packetstormsecurity.nl/Netware/penetration/rcon.zip
UserDump — www.hammerofgod.com/download/userdump.zip
Networks
Arpwatch — http://linux.maruhn.com/sec/arpwatch.html
Cain & Abel — www.oxid.it/cain.html
CommView — www.tamos.com/products/commview
dsniff — www.monkey.org/~dugsong/dsniff
Essential NetTools — www.tamos.com/products/nettools
ettercap — http://ettercap.sourceforge.net
Getif — www.wtcs.org/snmp4tpc/getif.htm
GFI LANguard — www.gfi.com/lannetscan
IETF RFCs — www.rfc-editor.org/rfcxx00.html
IKEcrack — http://ikecrack.sourceforge.net
MAC address vendor lookup — http://standards.ieee.org/regauth/oui/index.shtml
MAC Changer — www.alobbs.com/macchanger
Nessus vulnerability scanner — www.nessus.org
Netcat — http://netcat.sourceforge.net
Netfilter/iptables — www.netfilter.org
NetResident — www.tamos.com/products/netresident
NetScanTools Pro — www.netscantools.com
Nmap port scanner — http://nmap.org
NMapWin — http://sourceforge.net/projects/nmapwin
Port number listing — www.iana.org/assignments/port-numbers
Port number lookup — www.cotse.com/cgi-bin/port.cgi
PortSentry — http://sourceforge.net/projects/sentrytools
PromiscDetect — http://ntsecurity.nu/toolbox/promiscdetect
QualysGuard vulnerability scanner — www.qualys.com
SMAC MAC address changer — www.klcconsulting.net/smac
sniffdet — http://sniffdet.sourceforge.net
SuperScan port scanner — www.foundstone.com/us/resources/proddesc/superscan.htm
TCP Wrappers — http://itso.iu.edu/TCP_Wrappers
TrafficIQ Pro — www.karalon.com
WhatIsMyIP — www.whatismyip.com
Wireshark — www.wireshark.org
Password Cracking
Advanced Archive Password Recovery — www.elcomsoft.com/archpr.html
BIOS passwords — http://labmice.techtarget.com/articles/BIOS_hack.htm
Brutus — www.hoobie.net/brutus
Cain & Abel — www.oxid.it/cain.html
Default vendor passwords — www.cirt.net/passwords
Dictionary files and word lists
Elcomsoft Distributed Password Recovery — www.elcomsoft.com/edpr.html
Elcomsoft System Recovery — www.elcomsoft.com/esr.html
John the Ripper — www.openwall.com/john
ophcrack — http://ophcrack.sourceforge.net
Pandora — www.nmrc.org/project/pandora
Password Safe — http://passwordsafe.sourceforge.net
Proactive Password Auditor — www.elcomsoft.com/ppa.html
Proactive System Password Recovery — www.elcomsoft.com/pspr.html
NetBIOS Auditing Tool — www.securityfocus.com/tools/543
NIST Guide to Enterprise Password Management — http://csrc.nist.gov/publications/drafts/800-118/draft-sp800-118.pdf
NTAccess — www.mirider.com/ntaccess.html
RainbowCrack — http://project-rainbowcrack.com
Rainbow tables — http://rainbowtables.shmoo.com
TSGrinder — www.hammerofgod.com/download/tsgrinder-2.03.zip
WinHex — www.winhex.com
Patch Management
BigFix Patch Management — www.bigfix.com/content/patchmanagement
Debian Linux Security Alerts — www.debian.org/security
Ecora Patch Manager — www.ecora.com/ecora/products/patchmanager.asp
GFI LANguard — www.gfi.com/lannetscan
Linux Kernel Updates — www.linuxhq.com
Lumension Patch and Remediation — www.lumension.com/vulnerability-management/patch-management-software.jsp
Novell Patches and Security — http://support.novell.com/patches.html
Microsoft TechNet Security Center — http://technet.microsoft.com/en-us/security/default.aspx
Red Hat Linux Security Alerts — http://updates.redhat.com
Slackware Linux Security Advisories — www.slackware.com/security
SUSE Linux Security Alerts — www.novell.com/linux/download/updates/
Windows Server Update Services from Microsoft — www.microsoft.com/windowsserversystem/updateservices/default.mspx
Security Education and Learning Resources
Kevin Beaver’s information security articles, whitepapers,
webcasts, podcasts,and screencasts — www.principlelogic.com/resources.html
Kevin Beaver’s Security On Wheels information
security audio programs —
Kevin Beaver’s Security On Wheels blog — http://securityonwheels.com/blog
Kevin Beaver’s Twitter page — www.twitter.com/kevinbeaver
Security Methods and Models
Open Source Security Testing Methodology Manual — www.isecom.org/osstmm
OWASP www.owasp.org
SecurITree — www.amenaza.com
Software Engineering Institute’s OCTAVE methodology — www.cert.org/octave
Source Code Analysis
Checkmarx — www.checkmarx.com
Fortify Software — www.fortifysoftware.com
Klocwork — www.klocwork.com
Ounce Labs — www.ouncelabs.com
Storage
CHAP Password Tester — www.isecpartners.com/tools.html#CPT
CIFSShareBF — www.isecpartners.com/SecuringStorage/CIFShareBF.zip
Effective File Search — www.sowsoft.com/search.htm
FileLocator Pro — www.mythicsoft.com/filelocatorpro
GFI LANguard — www.gfi.com/lannetscan
Google Desktop — http://desktop.google.com
Identity Finder — www.identityfinder.com
StorScan — www.isecpartners.com/tools.html#StorScan
System Hardening
Bastille Linux Hardening Program — http://bastille-linux.sourceforge.net
Center for Internet Security Benchmarks — www.cisecurity.org
Deep Freeze — www.faronics.com/html/deepfreeze.asp
Fortres 101 — www.fortresgrand.com
How to disable SMTP relay on various e-mail servers — www.mail-abuse.com/an_sec3rdparty.html
Linux Administrator’s Security Guide — www.seifried.org/lasg
PGP Whole Disk Encryption — www.pgp.com/products/wholediskencryption
Pyn Logic — www.pynlogic.com/enzoinfo2.aspx
SecureIIS — www.eeye.com/html/products/secureiis/index.html
ServerDefender — www.port80software.com/products/serverdefender
TrueCrypt — www.truecrypt.org
User Awareness and Training
Awareity MOAT — www.awareity.com
Dogwood Management Partners Security Posters — www.securitposters.net
Greenidea Visible Statement — www.greenidea.com
Interpact, Inc. Awareness Resources — www.thesecurityawarenesscompany.com
Managing an Information Security and Privacy Awareness
and Training
Program by Rebecca Herold (Auerbach) — www.amazon.com/Managing-Information-Security-Awareness-Training/dp/0849329639
NIST Awareness, Training, & Education resources — http://csrc.nist.gov/ATE
Security Awareness, Inc. — www.securityawareness.com
Voice over IP
Cain & Abel — www.oxid.it/cain.html
CommView — www.tamos.com/products/commview
Listing of various VoIP tools — www.voipsa.org/Resources/tools.php
NIST’s SP800-58 document — http://csrc.nist.gov/publications/nistpubs/800-58/SP800-58-final.pdf
PROTOS — www.ee.oulu.fi/research/ouspg/protos
sipsak — http://sipsak.org
vomit — http://vomit.xtdnet.nl
VoIP Hopper — http://voiphopper.sourceforge.net
Vulnerability Databases
Common Vulnerabilities and Exposures — http://cve.mitre.org
CWE/SANS Top 25 Most Dangerous Programming Errors — www.sans.org/top25errors
National Vulnerability Database — http://nvd.nist.gov
Privacy Rights Clearinghouse’s A Chronology of Data
Breaches —
SANS Top 20 Internet Security Problems, Threats, and Risks —
www.sans.org/top20
US-CERT Vulnerability Notes Database — www.kb.cert.org/vuls
Wireless Vulnerabilities and Exploits — www.wve.org
Web Applications
Absinthe — www.0x90.org/releases/absinthe
Acunetix Web Vulnerability Scanner — www.acunetix.com
Brutus — www.hoobie.net/brutus/index.html
Defaced Web sites — http://zone-h.org/archive
HTTrack Website Copier — www.httrack.com
Firefox Web Developer — http://chrispederick.com/work/web-developer
Foundstone’s Hacme Tools — www.foundstone.com/us/resourcesfree-tools.asp
Google Hack Honeypot — http://ghh.sourceforge.net
Google Hacking Database — http://johnny.ihackstuff.com/ghdb
NGSSquirrel — www.ngssoftware.com/software.htm
N-Stealth Web Application Security Scanner — www.nstalker.com/eng/products/nstealth
Paros Proxy — www.parosproxy.org
Port 80 Software’s ServerMask — www.port80software.com/products/servermask
WebInspect — www.spidynamics.com/products/webinspect/index.html
Windows
GFI LANguard — www.gfi.com/lannetscan
Microsoft Baseline Security Analyzer — www.microsoft.com/technet/security/tools/mbsahome.mspx
Network Users — www.optimumx.com/download/netusers.zip
QualysGuard — www.qualys.com
Sysinternals — http://technet.microsoft.com/en-us/sysinternals/default.aspx
Winfo — www.ntsecurity.nu/toolbox/winfo
Wireless Networks
Aircrack — http://aircrack-ng.org
AirMagnet WiFi Analyzer — www.airmagnet.com/products/wifi_analyzer
AirSnort — http://airsnort.shmoo.com
Asleap — http://asleap.sourceforge.net
Cantenna war-driving kit — http://mywebpages.comcast.net/hughpep
CommView for Wi-Fi — www.tamos.com/products/commwifi
Digital Hotspotter — www.canarywireless.com
Elcomsoft Wireless Security Auditor — www.elcomsoft.com/ewsa.html
Homebrew WiFi antenna — www.turnpoint.net/wireless/has.html
KisMAC — http://trac.kismac-ng.org
Kismet — www.kismetwireless.net
NetStumbler — www.netstumbler.com
SeattleWireless Hardware Comparison page — www.seattlewireless.net/index.cgi/HardwareComparison
Super Cantenna — www.cantenna.com
Wellenreiter — http://sourceforge.net/projects/wellenreiter/
WEPCrack — http://wepcrack.sourceforge.net
WiGLE database of wireless networks — www.wigle.net
WifiMaps — www.wifimaps.com
WiFinder — www.wifinder.com
WildPackets’ OmniPeek — www.wildpackets.com/products/distributed_network_analysis/omnipeek_network_analyzer
WinAirsnort — http://winairsnort.free.fr
No comments:
Post a Comment