Hello,

I haven't played with the pen test tools lately (since 4 years).  The
most familiar tools are Nessus/nmap/strobe (from freeware world) and
ISS/Cybercop and others from the (commercial world).

Recently, I have heard of metasploitz (sp).  Is this a compilation of
all the exploits?

A lot has changed in the last 2 years!  I am trying to update my pen
test skills.   What are the current tools that I should be familiar with?

Thank you in advance for any information and advice.

Regards,

Subba Rao
--
SR
castellan2004-mail@SPAMBUSTER.yahoo.com
Please remove SPAMBUSTER to reply via email.

[ Post a follow-up to this message ]

Subba Rao wrote:
> What are the current tools that I should be familiar with?

As from 'Auditor Security Live' collection:
---------------------------------
Security Auditing:

Footprinting
Traceroute
itrace  -  traceroute ICMP echo
tctrace -  traceroute TCP SYN packets
Gnetutil 1.0
HTTP/HTTPS
Curl - transfer a URL
stunnel
SNMP
tkmib -  MIB browser for SNMP
arpfetch - eth/ip adress vio snmp
LDAP
gq - GTK based LDAP Client
SMB
LinNeighborhood - SMB Network Browser
net - tool for administration od samba CIFS servers(samba packet)
SMB DumpUsers 0.9.1
SMB ServerInfo 0.9.1
nmblookup - lookup NetBIOS names(samba packet)
OS Detection
xprobe2  - OS fingerprinting tool
queso -  OS fprint tool
P0f - passive OS fingerprinting
cheops - net monitor tools for sys administration

Scanning
Security Scanners
Nessus
Raccess - Remote Access Session
Metasploit
Webserver Scanners
whisker - CGI scanner
Nikto - Server and CGI scanner
ab - apachebench
Network Scanners
nmap /fe
scanrand - Stateless TCP net analysis system
ike-scan  - discover and fingeprint IKE hosts (IPsec VPN)
Application Scanners
amap - app mapper
scanssh - scans for open proxys and ssh servers
SMB Scanners
nbtscan - scans networks for NetBIOS name information
smb-nat - NetBIOS auditing tool
Router Scanner
XXX - autonomous system scanner

Analyzing
Network Analyzers
Ethereal
Ettercap
Etherape - graphical network browser
Password Analyzers
Dsniff
Application Analyzers
Mailsnarf - sniff mail messages
urlsnarf - sniff HTTP requests
spkproxy - web application auditing

Spoofing
ARP
arpspoof - intercept packets on a switched LAN
macof - flood switched LAN's with random MAC's
DNS
dnsspoof - forge replies to DNS adress
ICMP
hping2 - send arbitrary TCP/IP packets to hosts
icmpush - ICMP packet builder
TCP
tcpreply - reply packets from capture files
IP Sorcery - packet generator
Cisco/CDP
cdp - cdp packet generator
Routing Protocols
igrp - igrp route injector

Wireless
Scanners/Analyzers
Kismet
Wellenreiter
WEP Breaking
Wep Crack
Wep Decrypt
AirSnort
dwepcrack
wepattack
MACchanger

Bruteforce
hydra - multi purpose bruteforcer (GTK Gui postoji)
smb-nat
k0ldS - LDAP bruteforcer
ADMsnmp - SNMP bruteforcer
ObiWan III - HTTP Bruteforcer
guess-who - SSH bruteforcer

Password Crackers
John the Ripper
WIN
RainbowCrack
samdump2-linux
ZIP
fcrackzip - ZIP pass cracker

Digital Forensics
Data Recovery
testdisk - scan and repair disk partitions
ext2fs recovery
recover - recover a deleted file
Secure Delete
Wipe - securely erase files



EXTRA
IRPAS
Internetwork Routing Protocol Attack Suite
Nemesis Project
---------------------------------

--
"Not mind. Not code. Not things.
Always changing, yet never changing."
---
GPG:0xA8916BBD | xmpp:anrxc@jabber.org

[ Post a follow-up to this message ]

Subba Rao wrote:
> Hello,
>
> I haven't played with the pen test tools lately (since 4 years).  The
> most familiar tools are Nessus/nmap/strobe (from freeware world) and
> ISS/Cybercop and others from the (commercial world).
>
> Recently, I have heard of metasploitz (sp).  Is this a compilation of
> all the exploits?
>
> A lot has changed in the last 2 years!  I am trying to update my pen
> test skills.   What are the current tools that I should be familiar with?
>
> Thank you in advance for any information and advice.
>
> Regards,
>
> Subba Rao

Consider giving the following security based live CDs a look.

Auditor http://www.remote-exploit.org  (check the research blog also)
WHoppix http://www.whoppix.net (nice flash based demos as well)
Phlak   http://www.phlak.org

These should have many of the tools that you will need to get started.


AW

[ Post a follow-up to this message ]

> A lot has changed in the last 2 years!  I am trying to update my pen
> test skills.   What are the current tools that I should be familiar
with?


GNU c compiler and perl.

regards
c0ntex

[ Post a follow-up to this message ]