Unix administration - Info request - Penetration Testing tools list

This is Interesting: Free IT Magazines  
Home > Archive > Unix administration > May 2005 > Info request - Penetration Testing tools list





You are viewing an archived Text-only version of the thread. To view this thread in it's original format and/or if you want to reply to this thread please [click here]

Author Info request - Penetration Testing tools list
Subba Rao

2005-05-19, 8:48 pm

Hello,

I haven't played with the pen test tools lately (since 4 years). The
most familiar tools are Nessus/nmap/strobe (from freeware world) and
ISS/Cybercop and others from the (commercial world).

Recently, I have heard of metasploitz (sp). Is this a compilation of
all the exploits?

A lot has changed in the last 2 years! I am trying to update my pen
test skills. What are the current tools that I should be familiar with?

Thank you in advance for any information and advice.

Regards,

Subba Rao
--
SR
castellan2004-mail@SPAMBUSTER.yahoo.com
Please remove SPAMBUSTER to reply via email.
anrxc

2005-05-20, 6:03 pm

Subba Rao wrote:
> What are the current tools that I should be familiar with?

As from 'Auditor Security Live' collection:
---------------------------------
Security Auditing:

Footprinting
Traceroute
itrace - traceroute ICMP echo
tctrace - traceroute TCP SYN packets
Gnetutil 1.0
HTTP/HTTPS
Curl - transfer a URL
stunnel
SNMP
tkmib - MIB browser for SNMP
arpfetch - eth/ip adress vio snmp
LDAP
gq - GTK based LDAP Client
SMB
LinNeighborhood - SMB Network Browser
net - tool for administration od samba CIFS servers(samba packet)
SMB DumpUsers 0.9.1
SMB ServerInfo 0.9.1
nmblookup - lookup NetBIOS names(samba packet)
OS Detection
xprobe2 - OS fingerprinting tool
queso - OS fprint tool
P0f - passive OS fingerprinting
cheops - net monitor tools for sys administration

Scanning
Security Scanners
Nessus
Raccess - Remote Access Session
Metasploit
Webserver Scanners
whisker - CGI scanner
Nikto - Server and CGI scanner
ab - apachebench
Network Scanners
nmap /fe
scanrand - Stateless TCP net analysis system
ike-scan - discover and fingeprint IKE hosts (IPsec VPN)
Application Scanners
amap - app mapper
scanssh - scans for open proxys and ssh servers
SMB Scanners
nbtscan - scans networks for NetBIOS name information
smb-nat - NetBIOS auditing tool
Router Scanner
XXX - autonomous system scanner

Analyzing
Network Analyzers
Ethereal
Ettercap
Etherape - graphical network browser
Password Analyzers
Dsniff
Application Analyzers
Mailsnarf - sniff mail messages
urlsnarf - sniff HTTP requests
spkproxy - web application auditing

Spoofing
ARP
arpspoof - intercept packets on a switched LAN
macof - flood switched LAN's with random MAC's
DNS
dnsspoof - forge replies to DNS adress
ICMP
hping2 - send arbitrary TCP/IP packets to hosts
icmpush - ICMP packet builder
TCP
tcpreply - reply packets from capture files
IP Sorcery - packet generator
Cisco/CDP
cdp - cdp packet generator
Routing Protocols
igrp - igrp route injector

Wireless
Scanners/Analyzers
Kismet
Wellenreiter
WEP Breaking
Wep Crack
Wep Decrypt
AirSnort
dwepcrack
wepattack
MACchanger

Bruteforce
hydra - multi purpose bruteforcer (GTK Gui postoji)
smb-nat
k0ldS - LDAP bruteforcer
ADMsnmp - SNMP bruteforcer
ObiWan III - HTTP Bruteforcer
guess-who - SSH bruteforcer

Password Crackers
John the Ripper
WIN
RainbowCrack
samdump2-linux
ZIP
fcrackzip - ZIP pass cracker

Digital Forensics
Data Recovery
testdisk - scan and repair disk partitions
ext2fs recovery
recover - recover a deleted file
Secure Delete
Wipe - securely erase files



EXTRA
IRPAS
Internetwork Routing Protocol Attack Suite
Nemesis Project
---------------------------------

--
"Not mind. Not code. Not things.
Always changing, yet never changing."
---
GPG:0xA8916BBD | xmpp:anrxc@jabber.org
Anthony Williams

2005-05-20, 6:03 pm

Subba Rao wrote:
> Hello,
>
> I haven't played with the pen test tools lately (since 4 years). The
> most familiar tools are Nessus/nmap/strobe (from freeware world) and
> ISS/Cybercop and others from the (commercial world).
>
> Recently, I have heard of metasploitz (sp). Is this a compilation of
> all the exploits?
>
> A lot has changed in the last 2 years! I am trying to update my pen
> test skills. What are the current tools that I should be familiar with?
>
> Thank you in advance for any information and advice.
>
> Regards,
>
> Subba Rao

Consider giving the following security based live CDs a look.

Auditor http://www.remote-exploit.org (check the research blog also)
WHoppix http://www.whoppix.net (nice flash based demos as well)
Phlak http://www.phlak.org

These should have many of the tools that you will need to get started.


AW
c0ntex

2005-05-21, 5:49 pm


> A lot has changed in the last 2 years! I am trying to update my pen
> test skills. What are the current tools that I should be familiar
with?


GNU c compiler and perl.

regards
c0ntex

Sponsored Links






Free braindumps | Software forum | Database administration forum

Copyright 2003 - 2008 webservertalk.com