Info request - Penetration Testing tools list - Unix

This is a discussion on Info request - Penetration Testing tools list - Unix ; Hello, I haven't played with the pen test tools lately (since 4 years). The most familiar tools are Nessus/nmap/strobe (from freeware world) and ISS/Cybercop and others from the (commercial world). Recently, I have heard of metasploitz (sp). Is this a ...

+ Reply to Thread
Results 1 to 4 of 4

Thread: Info request - Penetration Testing tools list

  1. Info request - Penetration Testing tools list

    Hello,

    I haven't played with the pen test tools lately (since 4 years). The
    most familiar tools are Nessus/nmap/strobe (from freeware world) and
    ISS/Cybercop and others from the (commercial world).

    Recently, I have heard of metasploitz (sp). Is this a compilation of
    all the exploits?

    A lot has changed in the last 2 years! I am trying to update my pen
    test skills. What are the current tools that I should be familiar with?

    Thank you in advance for any information and advice.

    Regards,

    Subba Rao
    --
    SR
    castellan2004-mail@SPAMBUSTER.yahoo.com
    Please remove SPAMBUSTER to reply via email.

  2. Re: Info request - Penetration Testing tools list

    Subba Rao wrote:
    > What are the current tools that I should be familiar with?


    As from 'Auditor Security Live' collection:
    ---------------------------------
    Security Auditing:

    Footprinting
    Traceroute
    itrace - traceroute ICMP echo
    tctrace - traceroute TCP SYN packets
    Gnetutil 1.0
    HTTP/HTTPS
    Curl - transfer a URL
    stunnel
    SNMP
    tkmib - MIB browser for SNMP
    arpfetch - eth/ip adress vio snmp
    LDAP
    gq - GTK based LDAP Client
    SMB
    LinNeighborhood - SMB Network Browser
    net - tool for administration od samba CIFS servers(samba packet)
    SMB DumpUsers 0.9.1
    SMB ServerInfo 0.9.1
    nmblookup - lookup NetBIOS names(samba packet)
    OS Detection
    xprobe2 - OS fingerprinting tool
    queso - OS fprint tool
    P0f - passive OS fingerprinting
    cheops - net monitor tools for sys administration

    Scanning
    Security Scanners
    Nessus
    Raccess - Remote Access Session
    Metasploit
    Webserver Scanners
    whisker - CGI scanner
    Nikto - Server and CGI scanner
    ab - apachebench
    Network Scanners
    nmap /fe
    scanrand - Stateless TCP net analysis system
    ike-scan - discover and fingeprint IKE hosts (IPsec VPN)
    Application Scanners
    amap - app mapper
    scanssh - scans for open proxys and ssh servers
    SMB Scanners
    nbtscan - scans networks for NetBIOS name information
    smb-nat - NetBIOS auditing tool
    Router Scanner
    ass - autonomous system scanner

    Analyzing
    Network Analyzers
    Ethereal
    Ettercap
    Etherape - graphical network browser
    Password Analyzers
    Dsniff
    Application Analyzers
    Mailsnarf - sniff mail messages
    urlsnarf - sniff HTTP requests
    spkproxy - web application auditing

    Spoofing
    ARP
    arpspoof - intercept packets on a switched LAN
    macof - flood switched LAN's with random MAC's
    DNS
    dnsspoof - forge replies to DNS adress
    ICMP
    hping2 - send arbitrary TCP/IP packets to hosts
    icmpush - ICMP packet builder
    TCP
    tcpreply - reply packets from capture files
    IP Sorcery - packet generator
    Cisco/CDP
    cdp - cdp packet generator
    Routing Protocols
    igrp - igrp route injector

    Wireless
    Scanners/Analyzers
    Kismet
    Wellenreiter
    WEP Breaking
    Wep Crack
    Wep Decrypt
    AirSnort
    dwepcrack
    wepattack
    MACchanger

    Bruteforce
    hydra - multi purpose bruteforcer (GTK Gui postoji)
    smb-nat
    k0ldS - LDAP bruteforcer
    ADMsnmp - SNMP bruteforcer
    ObiWan III - HTTP Bruteforcer
    guess-who - SSH bruteforcer

    Password Crackers
    John the Ripper
    WIN
    RainbowCrack
    samdump2-linux
    ZIP
    fcrackzip - ZIP pass cracker

    Digital Forensics
    Data Recovery
    testdisk - scan and repair disk partitions
    ext2fs recovery
    recover - recover a deleted file
    Secure Delete
    Wipe - securely erase files



    EXTRA
    IRPAS
    Internetwork Routing Protocol Attack Suite
    Nemesis Project
    ---------------------------------

    --
    "Not mind. Not code. Not things.
    Always changing, yet never changing."
    ---
    GPG:0xA8916BBD | xmpp:anrxc@jabber.org

  3. Re: Info request - Penetration Testing tools list

    Subba Rao wrote:
    > Hello,
    >
    > I haven't played with the pen test tools lately (since 4 years). The
    > most familiar tools are Nessus/nmap/strobe (from freeware world) and
    > ISS/Cybercop and others from the (commercial world).
    >
    > Recently, I have heard of metasploitz (sp). Is this a compilation of
    > all the exploits?
    >
    > A lot has changed in the last 2 years! I am trying to update my pen
    > test skills. What are the current tools that I should be familiar with?
    >
    > Thank you in advance for any information and advice.
    >
    > Regards,
    >
    > Subba Rao


    Consider giving the following security based live CDs a look.

    Auditor http://www.remote-exploit.org (check the research blog also)
    WHoppix http://www.whoppix.net (nice flash based demos as well)
    Phlak http://www.phlak.org

    These should have many of the tools that you will need to get started.


    AW

  4. Re: Info request - Penetration Testing tools list


    > A lot has changed in the last 2 years! I am trying to update my pen
    > test skills. What are the current tools that I should be familiar

    with?


    GNU c compiler and perl.

    regards
    c0ntex


+ Reply to Thread