TOP 50 Security Tools

TOP 50 Security Tools
http://www.insecure.org/tools.html
Top 100 security sites
http://www.secureroot.com/topsites/

---01
Nessus  http://www.nessus.org
Description: Remote network security auditor, the client The Nessus Security
 Scanner is a security auditing tool. It makes possible to test security mod
ules in an attempt to find vulnerable spots that should be fixed. . It is ma
de up of two parts: a server, and a client. The server/daemon, nessusd, is i
n charge of the attacks, whereas the client, nessus, interferes with the use
r through nice X11/GTK+ interface. . This package contains the GTK+ 1.2 clie
nt, which exists in other forms and on other platforms, too.
---02
Netcat  http://www.atstake.com/research/tools/index.html
Note: This is an unofficial siteDescription: TCP/IP swiss army knife A simpl
e Unix utility which reads and writes data across network connections using
TCP or UDP protocol. It is designed to be a reliable "back-end" tool that ca
n be used directly or easily driven by other programs and scripts. At the sa
me time it is a feature-rich network debugging and exploration tool, since i
t can create almost any kind of connection you would need and has several in
teresting built-in capabilities.
---03
Tcpdump  http://www.tcpdump.org
Description: A powerful tool for network monitoring and data acquisition Thi
s program allows you to dump the traffic on a network. It can be used to pri
nt out the headers of packets on a network interface that matches a given ex
pression. You can use this tool to track down network problems, to detect "p
ing attacks" or to monitor the network activities.
---04
Snort  http://www.snort.org
Description: flexible packet sniffer/logger that detects attacks Snort is a
libpcap-based packet sniffer/logger which can be used as a lightweight netwo
rk intrusion detection system. It features rules based logging and can perfo
rm content searching/matching in addition to being used to detect a variety
of other attacks and probes, such as buffer overflows, stealth port scans, C
GI attacks, SMB probes, and much more. Snort has a real-time alerting capabi
lity, with alerts being sent to syslog, a separate "alert" file, or even to
a Windows computer via Samba.
---05
Saint http://www.saintcorporation.com/saint
Description: SAINT (Security Administrator's Integrated Network Tool) is a s
ecurity assesment tool based on SATAN. Features include scanning through a f
irewall, updated security checks from CERT & CIAC bulletins, 4 levels of sev
erity (red, yellow, brown, & green) and a feature rich HTML interface.
---06
Ethereal  http://www.ethereal.com/
Description: Network traffic analyzer Ethereal is a network traffic analyzer
, or "sniffer", for Unix and Unix-like operating systems. It uses GTK+, a gr
aphical user interface library, and libpcap, a packet capture and filtering
library.
---07
Whisker http://www.wiretrip.net/rfp/p/doc.asp?id=21&iface=2
Description: Rain.Forest.Puppy's excellent CGI vulnerability scanner
---08
Internet Security Scanner www.iss.net
Note: This tool costs significant $$$ to use, and does not come with source
code.Description: A popular commercial network security scanner.
---09
Abacus Portsentry  http://www.psionic.com/products/portsentry.html
Description: Portscan detection daemon PortSentry has the ability to detect
portscans(including stealth scans) on the network interfaces of your machine
. Upon alarm it can block the attacker via hosts.deny, dropped route or fire
wall rule. It is part of the Abacus program suite. . Note: If you have no id
ea what a port/stealth scan is, I'd recommend to have a look at http://www.p
sionic.com/products/portsentry.html before installing this package. Otherwis
e you might easily block hosts you'd better not(e.g. your NFS-server, name-s
erver, ...).
---10
DSniff http://naughty.monkey.org/~dugsong/dsniff/
Description: A suite of powerful for sniffing networks for passwords and oth
er information. Includes sophisticated techniques for defeating the "protect
ion" of network switchers.
---11
Tripwire  http://www.tripwire.com/
Note: Depending on usage, this tool may have expensive licensing fees associ
ated with it. Description: A file and directory integrity checker. Tripwire
is a tool that aids system administrators and users in monitoring a designat
ed set of files for any changes. Used with system files on a regular (e.g.,
daily) basis, Tripwire can notify system administrators of corrupted or tamp
ered files, so damage control measures can be taken in a timely manner.
---12
Cybercop Scanner http://www.pgp.com/asp_set/products/tns/ccscanner_intro.asp

Note: This tool costs significant $$$ to use, and does not come with source
code. A powerful demo version is available for testing.Description: Another
popular commercial scanner
---13
Hping2 http://www.hping.org/
Description: hping2 is a network tool able to send custom ICMP/UDP/TCP packe
ts and to display target replies like ping does with ICMP replies. It handle
s fragmentation and arbitrary packet body and size, and can be used to trans
fer files under supported protocols. Using hping2, you can: test firewall ru
les, perform [spoofed] port scanning, test net performance using different p
rotocols, packet size, TOS (type of service), and fragmentation, do path MTU
 discovery, tranfer files (even between really Fascist firewall rules), perf
orm traceroute-like actions under different protocols, fingerprint remote OS
s, audit a TCP/IP stack, etc. hping2 is a good tool for learning TCP/IP.
---14
SARA http://www-arc.com/sara/
Description: The Security Auditor's Research Assistant (SARA) is a third gen
eration security analysis tool that is based on the SATAN model which is cov
ered by the GNU GPL-like open license. It is fostering a collaborative envir
onment and is updated periodically to address latest threats.
---15
Sniffit  http://reptile.rug.ac.be/~coder/sniffit/sniffit.html
Description: packet sniffer and monitoring tool sniffit is a packet sniffer
for TCP/UDP/ICMP packets. sniffit is able to give you very detailed technica
l info on these packets (SEC, ACK, TTL, Window, ...) but also packet content
s in different formats (hex or plain text, etc. ).
---16
SATAN  http://www.fish.com/satan/
Description: Security Auditing Tool for Analysing Networks This is a powerfu
l tool for analyzing networks for vulnerabilities created for sysadmins that
 cannot keep a constant look at bugtraq, rootshell and the like.
---17
IPFilter http://coombs.anu.edu.au/ipfilter/
Description: IP Filter is a TCP/IP packet filter, suitable for use in a fire
wall environment. To use, it can either be used as a loadable kernel module
or incorporated into your UNIX kernel; use as a loadable kernel module where
 possible is highly recommended. Scripts are provided to install and patch s
ystem files, as required.
---18
iptables/netfilter/ipchains/ipfwadm http://netfilter.kernelnotes.org/
Description: IP packet filter administration for 2.4.X kernels Iptables is u
sed to set up, maintain, and inspect the tables of IP packet filter rules in
 the Linux kernel. The iptables tool also supports configuration of dynamic
and static network address translation.
---19
Firewalk http://www.packetfactory.net/Projects/Firewalk/
Description: Firewalking is a technique developed by MDS and DHG that employ
s traceroute-like techniques to analyze IP packet responses to determine gat
eway ACL filters and map networks. Firewalk the tool employs the technique t
o determine the filter rules in place on a packet forwarding device. The new
est version of the tool, firewalk/GTK introduces the option of using a graph
ical interface and a few bug fixes.
---20
Strobe http://www.insecure.org/nmap/index.html#other
Description: A "Classic" high-speed TCP port scanner
---21
L0pht Crack http://www.atstake.com/research/lc3/
Note: No source code is included (except in research version) and there is a
 $100 registration fee.Description: L0phtCrack is an NT password auditting t
ool. It will compute NT user passwords from the cryptographic hashes that ar
e stored by the NT operation system. L0phtcrack can obtain the hashes throug
h many sources (file, network sniffing, registry, etc) and it has numerous m
ethods of generating password guesses (dictionary, brute force, etc).
---22
John The Ripper  http://www.openwall.com/john/
Description: An active password cracking tool john, normally called john the
 ripper, is a tool to find weak passwords of your users.
---23
Hunt  http://lin.fsid.cvut.cz/~kra/index.html#HUNT
Description: Advanced packet sniffer and connection intrusion. Hunt is a pro
gram for intruding into a connection, watching it and resetting it. . Note t
hat hunt is operating on Ethernet and is best used for connections which can
 be watched through it. However, it is possible to do something even for hos
ts on another segments or hosts that are on switched ports.
---24
OpenSSH / SSH http://www.openssh.com/http://www.ssh.com/commerce/index.html
Note: The ssh.com version cost money for some uses, but source code is avail
able.Description: Secure rlogin/rsh/rcp replacement (OpenSSH) OpenSSH is der
ived from OpenBSD's version of ssh, which was in turn derived from ssh code
from before the time when ssh's license was changed to be non-free. Ssh (Sec
ure Shell) is a program for logging into a remote machine and for executing
commands on a remote machine. It provides secure encrypted communications be
tween two untrusted hosts over an insecure network. X11 connections and arbi
trary TCP/IP ports can also be forwarded over the secure channel. It is inte
nded as a replacement for rlogin, rsh and rcp, and can be used to provide rd
ist, and rsync with a secure communication channel.
---25
tcp wrappers  ftp://ftp.porcupine.org/pub/security/index.html
Description: Wietse Venema's TCP wrappers library Wietse Venema's network lo
gger, also known as TCPD or LOG_TCP. . These programs log the client host na
me of incoming telnet, ftp, rsh, rlogin, finger etc. requests. Security opti
ons are: access control per host, domain and/or service; detection of host n
ame spoofing or host address spoofing; booby traps to implement an early-war
ning system.
---26
Ntop  http://www.ntop.org
Description: display network usage in top-like format ntop is a Network Top
program. It displays a summary of network usage by machines on your network
in a format reminicent of the unix top utility. . It can also be run in web
mode, which allows the display to be browsed with a web browser.
---27
traceroute/ping/telnet http://www.linux.com
Description: These are utilities that virtually all UNIX boxes already have.
 In fact, even Windows NT has them ( but the traceroute command is called tr
acert ).
---28
NAT (NetBIOS Auditing Tool) http://www.tux.org/pub/security/secnet/tools/nat
10/
Note: This is an unofficial download site.Description: The NetBIOS Auditing
Tool (NAT) is designed to explore the NETBIOS file-sharing services offered
by the target system. It implements a stepwise approach to gather informatio
n and attempt to obtain file system-level access as though it were a legitim
ate local client.
---29
scanlogd  http://www.openwall.com/scanlogd/
Description: A portscan detecting tool Scanlogd is a daemon written by Solar
 Designer to detect portscan attacks on your maschine.
---30
Sam Spade http://samspade.org/t/http://www.samspade.org/
Description: Online tools for investigating IP addresses and tracking down s
pammers.
---31
NFR http://www.nfr.com
Note: Source code was once freely available but I do not know if this is sti
ll the case. Some usage may cost money.Description: A commercial sniffing ap
plication for creating intrusion detection systems. Source code was at one t
ime available, but I do not know if that is still the case.
---32
logcheck  http://www.psionic.com/products/logsentry.html
Description: Mails anomalies in the system logfiles to the administrator Log
check is part of the Abacus Project of security tools. It is a program creat
ed to help in the processing of UNIX system logfiles generated by the variou
s Abacus Project tools, system daemons, Wietse Venema's TCP Wrapper and Log
Daemon packages, and the Firewall Toolkit? by Trusted Information Systems In
c.(TIS). . Logcheck helps spot problems and security violations in your logf
iles automatically and will send the results to you in e-mail. This program
is free to use at any site. Please read the disclaimer before you use any of
 this software.
---33
Perl  http://www.perl.org
Description: A very powerful scripting language which is often used to creat
e "exploits" for the purpose of verifying security vulnerabilities. Of cours
e, it is also used for all sorts of other things.
---34
Ngrep  http://www.packetfactory.net/Projects/ngrep/
Description: grep for network traffic ngrep strives to provide most of GNU g
rep's common features, applying them to the network layer. ngrep is a pcap-a
ware tool that will allow you to specify extended regular expressions to mat
ch against data payloads of packets. It currently recognizes TCP, UDP and IC
MP across Ethernet, PPP, SLIP and null interfaces, and understands bpf filte
r logic in the same fashion as more common packet sniffing tools, such as tc
pdump and snoop.
---35
Cheops  http://www.marko.net/cheops/
Description: A GTK based network "swiss-army-knife" Cheops gives a simple in
terface to most network utilities, maps local or remote networks and can sho
w OS types of the machines on the network.
---36
Vetescan http://www.self-evident.com/
Description: Vetescan is a bulk vulnerability scanner which contains program
s to check for and/or exploit many remote network security exploits that are
 known for Windows or UNIX. It includes various programs for doing different
 kinds of scanning. Fixes for vulnerablities are included along with the exp
loits.
---37
Retina http://www.eeye.com/html/Products/Retina.html
Note: Commercial product with no source code available. A demo binary is ava
ilable for testing.Description: A commercial security scanner by the great g
uys at eeye.
---38
Libnet  http://www.packetfactory.net/libnet/
Description: Routines for the construction and handling of network packets.
libnet provides a portable framework for low-level network packet writing an
d handling. . Libnet features portable packet creation interfaces at the IP
layer and link layer, as well as a host of supplementary functionality. Stil
l in it's infancy however, the library is evolving quite a bit. Additional f
unctionality and stability are added with each release. . Using libnet, quic
k and simple packet assembly applications can be whipped up with little effo
rt. With a bit more time, more complex programs can be written (Traceroute a
nd ping were easily rewritten using libnet and libpcap).
---39
Crack / Cracklib http://www.users.dircon.co.uk/~crypto/
Description: Crack 5 is an update version of Alec Muffett's classic local pa
ssword cracker. Traditionally these allowed any user of a system to crack th
e /etc/passwd and determine the passwords of other users (or root) on the sy
stem. Modern systems require you to obtain read access to /etc/shadow in ord
er to perform this. It is still a good idea for sysadmins to run a cracker o
ccasionally to verify that all users have strong passwords.
---40
Cerberus Internet Scanner http://www.cerberus-infosec.co.uk/cis.shtml
Description: CIS is a free security scanner written and maintained by Cerber
us Information Security, Ltd and is designed to help administrators locate a
nd fix security holes in their computer systems. Runs on Windows NT or 2000.
 No source code is provided.
---41
Swatch http://www.oit.ucsb.edu/~eta/swatch/
Description: Swatch was originally written to actively monitor messages as t
hey were written to a log file via the UNIX syslog utility. It has multiple
methods of alarming, both visually and by triggering events. The perfect too
ls for a master loghost. This is a beta release of version 3.0, so please us
e it with caution. The code is still slightly ahead of the documentation, bu
t examples exist. NOTE: Works flawlessly on Linux (RH5), BSDI and Solaris 2.
6 (patched).
---42
OpenBSD http://www.openbsd.org
Description: The OpenBSD project produces a FREE, multi-platform 4.4BSD-base
d UNIX-like operating system. Our efforts place emphasis on portability, sta
ndardization, correctness, security, and cryptography. OpenBSD supports bina
ry emulation of most programs from SVR4 (Solaris), FreeBSD, Linux, BSDI, Sun
OS, and HPUX.
---43
Nemesis http://jeff.wwti.com/nemesis/
Description: The Nemesis Project is designed to be a commandline-based, port
able human IP stack for UNIX/Linux. The suite is broken down by protocol, an
d should allow for useful scripting of injected packet streams from simple s
hell scripts.
---44
LSOF  ftp://vic.cc.purdue.edu/pub/tools/unix/lsof/
Description: List open files. Lsof is a Unix-specific diagnostic tool. Its n
ame stands for LiSt Open Files, and it does just that. It lists information
about any files that are open by processes current running on the system. Th
e binary is specific to kernel version 2.2
---45
Lids http://www.lids.org/
Description: The LIDS is an intrusion detection/defense system in the Linux
kernel. The goal is to protect linux systems against root intrusions, by dis
abling some system calls in the kernel itself. As you sometimes need to admi
nistrate the system, you can disable LIDS protection.
---46
IPTraf  http://cebu.mozcom.com/riker/iptraf/
Description: Interactive Colorful IP LAN Monitor IPTraf is an ncurses-based
IP LAN monitor that generates various network statistics including TCP info,
 UDP counts, ICMP and OSPF information, Ethernet load info, node stats, IP c
hecksum errors, and others. . Note that since 2.0.0 IPTraf requires a kernel
 >= 2.2
---47
IPLog http://ojnk.sourceforge.net/
Description: iplog is a TCP/IP traffic logger. Currently, it is capable of l
ogging TCP, UDP and ICMP traffic. iplog 2.0 is a complete re-write of iplog
1.x, resulting in greater portability and better performance. iplog 2.0 cont
ains all the features of iplog 1.x as well as several new ones. Major new fe
atures include a packet filter and detection of more scans and attacks. It c
urrently runs on Linux, FreeBSD, OpenBSD, BSDI and Solaris. Ports to other s
ystems, as well as any contributions at all, are welcome at this time.
---48
Fragrouter http://packetstorm.widexs.nl/UNIX/IDS/nidsbench/nidsbench.html
Description: Fragrouter is aimed at testing the correctness of a NIDS,accord
ing to the specific TCP/IP attacks listed in the Secure Networks NIDS evasio
n paper. [2] Other NIDS evasion toolkits which implement these attacks are i
n circulation among hackers or publically available, and it is assumed that
they are currently being used to bypass NIDSs
---49
Queso  http://www.apostols.org/projectz/queso/
Note: A couple of the OS detection tests in Queso were later incorporated in
to Nmap. A paper we wrote on OS detection is available here.Description: Gue
ss the operating system of a remote machine by looking in the TCP replies.
---50
GPG/PGP http://www.gnupg.org/http://www.pgp.com
Description: The GNU Privacy Guard (GnuPG) is a complete and free replacemen
t for PGP, developed in Europe. Because it does not use IDEA or RSA it can b
e used without any restrictions. GnuPG is a RFC2440 (OpenPGP) compliant appl
ication. PGP is the famous encryption program which helps secure your data f
rom eavesdroppers and other risks.