Information Gathering:

Domain


• Sam Spade   Online tools for investigating IP addresses and tracking down spammers.
• WHOIS Lookup   Online access to detailed domain contact information.
• VisualRoute   An integrated ping, whois, and traceroute that display results on a world map.
• Lock Down Hacker Tracker   Ping, whois, nslookup, traceroute, and other tools to track hackers.



Network

• Cheops   A GTK based network "Swiss-army-knife" Cheops gives a simple interface to most network utilities, maps local or remote networks, and can determine OS types of network machines.
• Firewalk   Firewalk uses traceroute-like techniques to analyze IP packet responses to determine gateway ACL filters and map networks. The tool can also determine the filter rules in place on a packet-forwarding device. The newest version of the tool, firewalk/GTK introduces the option of using a graphical interface.
• Hping2   Hping2 is a network tool that can send custom ICMP/UDP/TCP packets and display target replies like ping does with ICMP replies. It handles fragmentation and arbitrary packet body and size, and can be used to transfer files under supported protocols. Using hping2 you can test firewall rules, perform [spoofed] port scanning, test net performance using different protocols, packet size, TOS (type of service), and fragmentation, do path MTU discovery, transfer files (even between really Fascist firewall rules), perform traceroute-like actions under different protocols, fingerprint remote OSs, audit a TCP/IP stack, etc. Hping2 is a good tool for learning TCP/IP.
• Nessus   A Remote network security auditor that tests security modules in an attempt to find vulnerable spots that should be fixed. It is made up of two parts: a server, and a client. The server/daemon, nessusd, is in charge of the attacks, whereas the client, nessus, interferes with the user through nice X11/GTK+ interface. Available on several platforms.
• Ngrep   Ngrep strives to provide most of GNU grep's common features, only apply them to network traffic instead of files. Ngrep is a pcap-aware tool that will allow you to specify extended regular expressions to match against data payloads of packets. It currently recognizes TCP, UDP, and ICMP across Ethernet, PPP, SLIP and null interfaces, and understands bpf filter logic in the same fashion as more common packet sniffing tools, such as tcpdump and snoop.
• Tcpdump   A powerful tool for network monitoring and data acquisition. Tcpdump allows you to dump the traffic of a network. It can be used to print out the headers of packets on a network interface that match a given expression. You can use this tool to track down network problems, to detect "ping attacks" or to monitor network activities.
• Saint  (Security Administrator's Integrated Network Tool) is a security assessment tool based on SATAN. Features include scanning through a firewall, updated security checks from CERT & CIAC bulletins, 4 levels of severity (red, yellow, brown, & green) and a feature rich HTML interface.
• SATAN   Security Auditing Tool for Analyzing Networks. This is a powerful tool for analyzing networks for vulnerabilities. Developed for sysadmins that cannot keep a constant look at bugtraq, rootshell, etc.
• Sguil   Sguil is an intuitive GUI that provides realtime events from snort/barnyard. It also includes other components which facilitate the practice of Network Security Monitoring and event driven analysis of IDS alerts. The sguil client is written in tcl/tk and can be run on any operating system that supports tcl/tk (including Linux, BSD, Solaris, MacOS, and Win32).



Machine

• Cybercop Scanner   A pricey, popular commercial scanner that does not come with source code. However, a powerful demo version is available for testing.
• NAT (NetBIOS Auditing Tool)  The NetBIOS Auditing Tool (NAT) is designed to explore the NETBIOS file-sharing services offered by the target system. It implements a stepwise approach to gather information and attempt to obtain file system-level access as though it were a legitimate local client.
• Nmap   A Classic high-speed TCP port scanner.
• VetesCan   VetesCan is a bulk vulnerability scanner, which contains programs to check for and/or exploit many remote network security exploits that are known for Windows or UNIX. It includes various programs for doing different kinds of scanning. Fixes for vulnerabilities are included along with the exploits.



Web Site

• Grab-a-Site   Blue Squirrel's very effective site grabbing software.
• Netcraft   Online tool that queries site OS and webserver information.
• Whisker   Rain.Forest.Puppy's excellent CGI vulnerability scanner.

Hacking:

Obtaining Access


• Crack / Libcrack   Crack 5 is a local password cracker. A good tool for sysadmins to help verify that all users have strong passwords.
• DSniff   A suite of powerful tools for sniffing networks for passwords and other information. Includes sophisticated techniques for defeating the "protection" of network switchers.
• Ethereal   Network traffic analyzer Ethereal is a network traffic analyzer, or "sniffer", for Unix and Unix-like operating systems. It uses GTK+, a graphical user interface library, and libpcap, a packet capture and filtering library.
• Hunt   Advanced packet sniffer and connection intrusion; a program for intruding into a connection, watching it and resetting it. Hunt operates on Ethernet and is best used for connections that can be watched through it. However, it is possible to do something even for hosts on another segments or hosts that are on switched ports.
• L0pht Crack  L0phtCrack is an NT password auditing tool. It will compute NT user passwords from the cryptographic hashes that are stored by the NT operation system. L0phtcrack can obtain the hashes through many sources (file, network sniffing, registry, etc) and it has numerous methods of generating password guesses (dictionary, brute force, etc).
• NFR   A commercial sniffing application for creating intrusion detection systems.
• Sniffit   A packet sniffer for TCP/UDP/ICMP packets. Sniffit is able to give you very detailed technical info on these packets (SEC, ACK, TTL, Window, etc) but also packet contents in different formats (hex or plain text, etc.).
• Snort  Snort is a flexible libpcap-based packet sniffer/logger that can be used as a lightweight network intrusion detection system. It features rules based logging and can perform content searching/matching in addition to being used to detect a variety of other attacks and probes, such as buffer overflows, stealth port scans, CGI attacks, SMB probes, and much more. Snort has a real-time alerting capability, with alerts being sent to syslog, a separate "alert" file, or even to a Windows computer via Samba.



Maintaining Access


• John The Ripper   An active password cracker.
• Netcat  A simple Unix utility, which reads and writes data across network connections using TCP or UDP protocol. It is designed to be a reliable "back-end" tool that can be used directly or easily driven by other programs and scripts. It is also a good network debugging and exploration tool since it can create almost any kind of connection.



Concealing Access


• Log Wipers   Wipe-1.00.tgz and zap.c allow fast wiping of log file tracks.

Prevention:

Personal Firewalls

• BlackICE
• Conseal
• eSafe
• McAfee Firewall
• Norton
• Sygate
• Tiny
• VirusMD
• ZoneAlarm



Various Other Tools


• Access Data   Computer Forensics Software
• Abacus PortSentry   PortSentry has the ability to detect portscans(including stealth scans) on the network interfaces of your machine. Upon alarm it can block the attacker via hosts, deny dropped route, or firewall rule.
• Cerberus Internet Scanner   A free security scanner written and maintained by Cerberus Information Security Ltd, designed to help administrators locate and fix security holes in their computer systems. Runs on Windows NT or 2000.
• GPG/PGP   The GNU Privacy Guard (GnuPG) is a complete and free replacement for PGP, developed in Europe. Because it does not use IDEA or RSA it can be used without any restrictions. GnuPG is a RFC2440 (OpenPGP) compliant application. PGP is the famous encryption program which helps secure your data from eavesdroppers and other risks.
• IPFilter   A TCP/IP packet filter, suitable for use in a firewall environment. The program can either be used as a loadable kernel module or incorporated into your UNIX kernel; a loadable kernel module is recommended. Scripts are also provided to install and patch system files.
• IPLog   A TCP/IP traffic logger capable of logging TCP, UDP and ICMP traffic. The newest version also includes a packet filter and a scan and attack detector. It currently runs on Linux, FreeBSD, OpenBSD, BSDI and Solaris.
• IPtables/netfilter/ipchains/ipfwadm   IP packet filter administration for 2.4.X kernels IPtables is used to set up, maintain, and inspect the tables of IP packet filter rules in the Linux kernel. The IPtables tool also supports configuration of dynamic and static network address translation. -->
• IPTraf   Interactive Colorful IP LAN Monitor IPTraf is an ncurses-based IP LAN monitor that generates various network statistics including TCP info, UDP counts, ICMP and OSPF information, Ethernet load info, node stats, IP checksum errors, and others. Requires a kernel greater than 2.2.
• Libnet   A program for the construction and handling of network packets. Libnet provides a portable framework for low-level network packet writing and handling. Libnet features portable packet creation interfaces at the IP layer and link layer, as well as a host of supplementary functionality. With experience, complex programs can be written.
• Logcheck   A free program that finds problems and security violations in the system logfiles and emails the results to the administrator.
• LSOF   LiSt Open Files is a Unix-specific tool that lists information about file processes currently running on the system.
• Ntop   Displays network usage in a top-like format(like the Unix top utility). Ntop can also be run in web mode with a web browser.
• OpenSSH and SSH   The ssh.com version costs money for some uses, but source code is available. Secure rlogin/rsh/rcp replacement (OpenSSH) is derived from OpenBSD's version of ssh. Secure Shell is a program for logging into a remote machine and for executing commands on a remote machine. It provides secure encrypted communications between two untrusted hosts over an insecure network. X11 connections and arbitrary TCP/IP ports can also be forwarded over the secure channel. It is intended as a replacement for rlogin, rsh and rcp, and can be used to provide rdist, and rsync with a secure communication channel.
• SARA   The Security Auditor's Research Assistant (SARA) is a third generation security analysis tool that is based on SATAN. Updated twice each month.
• Scanlogd   A portscan detecting tool designed to detect portscan attacks on your machine.
• Retina   Retina has the ability to scan, monitor, and fix vulnerabilities within a network’s Internet, Intranet, and Extranet. Thus, giving the network administrator complete control across all possible points of attack within an organization.
• Swatch   Swatch was originally written to actively monitor messages as they were written to a log file via the UNIX syslog utility. It has multiple methods of alarming, both visually and by triggering events. The perfect tools for a master loghost. Works great on Linux (RH5), BSDI and Solaris 2.6 (patched).
• TCP wrappers  Also known as TCPD or LOG_TCP. These programs log the client host name of incoming telnet, ftp, rsh, rlogin, finger, etc. requests. Security options are: access control per host, domain and/or service; detection of host name spoofing or host address spoofing; booby traps to implement an early-warning system.
• Tripwire   This tool may have expensive licensing fees associated with its use. Tripwire is a tool that aids system administrators and users in monitoring a designated set of files for any changes. Used with system files on a regular (e.g., daily) basis, Tripwire can notify system administrators of corrupted or tampered files, so damage control measures can be taken in a timely manner.

Sites for Additional Tools
 

• Hacking Exposed  
  
• Security Focus  

If you know of a security tool we should include on this list then send us feedback.