Beranda > Documents > 100 Tools

100 Tools

setelah luarbiasa sukses 2000 dan 2003 survei alat-alat keamanan, tidak kuat. org diseronokkan mengeluarkan ini 2006 survei. saya (fyodor bertanya pengguna dari nmap-hacker mengeposkan daftar ke alat-alat yang disukai mereka berbagi,  dan 3,243 orang menjawab. mengizinkan ini saya mengekspansi daftar ke 100 alat-alat,  dan bahkan membagi lagi mereka ke categorie. siapa saja di ladang keamanan akan menasihati memeriksa daftar baik dan periksa alat-alat mereka tidak lazim dengan. saya menemukan beberapa alat-alat baru bertenaga jalan ini. saya juga poin newbie pada  ini situs kapanpun mereka menulis saya mengatakan “i tidak tahu dimana ke start”.

responden mengizinkan ke daftar membuka sumber atau alat-alat komersial di beberapa serambi stasiun. alat-alat komersial dicam seperti halnya di daftar di bawah. tidak memilih nmap penyaring gambar tv keamanan menghitung karena survei diambil di nmap mengeposkan daftar. hadirin ini juga biase daftar agak menuju “attack” mencincang alat-alat daripada orang-orang defensif.

setelah luarbiasa sukses 2000 dan 2003 survei alat-alat keamanan, tidak kuat. org diseronokkan mengeluarkan ini 2006 survei. saya (fyodor bertanya pengguna dari nmap-hacker mengeposkan daftar ke alat-alat yang disukai mereka berbagi,  dan 3,243 orang menjawab. mengizinkan ini saya mengekspansi daftar ke 100 alat-alat,  dan bahkan membagi lagi mereka ke categorie. siapa saja di ladang keamanan akan menasihati memeriksa daftar baik dan periksa alat-alat mereka tidak lazim dengan. saya menemukan beberapa alat-alat baru bertenaga jalan ini. saya juga poin newbie pada  ini situs kapanpun mereka menulis saya mengatakan “i tidak tahu dimana ke start”.  responden mengizinkan ke daftar membuka sumber atau alat-alat komersial di beberapa serambi stasiun. alat-alat komersial dicam seperti halnya di daftar di bawah. tidak memilih nmap penyaring gambar tv keamanan menghitung karena survei diambil di nmap mengeposkan daftar. hadirin ini juga biase daftar agak menuju “attack” mencincang alat-alat daripada orang-orang defensif.

setiap alat dijelaskan sifatnya satu per satu :

new tidak muncul di 2003 list
/ Popularity ranking rosefell the given number since the 2003 survey
  TITLE= Generally costs money. A free limited/demo/trial version may be available.
Linux Works natively on Linux
*BSD Works natively on OpenBSD, FreeBSD, Solaris, and/or other UNIX variants
OS X Works natively on Apple Mac OS X
Windows Works natively on Microsoft Windows
Command-line interface Features a command-line interface
GUI Interface Offers a GUI (point and click) interface
Source code Source code available for inspection.

Silakan mengirim pembaruan dan saran (atau alat yang lebih baik logo) untuk Fyodor. Jika alat ini fitur atau anda pikir pengunjung situs Anda bisa menikmati daftar ini, Anda dipersilakan untuk menggunakan banner link kami. Berikut adalah daftar, dimulai dengan yang paling populer:

#1
  TITLE=
Linux
*BSD
OS X
Windows
GUI Interface
Nessus : Premier UNIX vulnerability assessment tool
Nessus was a popular free and open source vulnerability scanner until they closed the source code in 2005 andremoved the free “registered feed” version in 2008. A limited “Home Feed” is still available, though it is only licensed for home network use. Some people avoid paying by violating the “Home Feed” license, or by avoiding feeds entirely and using just the plugins included with each release. But for most users, the cost has increased from free to $1200/year. Despite this, Nessus is still the best UNIX vulnerability scanner available and among the best to run on Windows. Nessus is constantly updated, with more than 20,000 plugins. Key features include remote and local (authenticated) security checks, a client/server architecture with a GTK graphical interface, and an embedded scripting language for writing your own plugins or understanding the existing ones.See all vulnerability scanners

#15
35
Linux
*BSD
OS X
Windows
Command-line interface
GUI Interface
Source code
THC Hydra : A Fast network authentication cracker which supports many different services
When you need to brute force crack a remote authentication service, Hydra is often the tool of choice. It can perform rapid dictionary attacks against more then 30 protocols, including telnet, ftp, http, https, smb, several databases, and much more. Like THC Amap this release is from the fine folks at THC.See all password crackers

#16
new
Linux
*BSD
OS X
Windows
Command-line interface
GUI Interface
Source code
Paros proxy : A web application vulnerability assessment proxy
A Java based web proxy for assessing web application vulnerability. It supports editing/viewing HTTP/HTTPS messages on-the-fly to change items such as cookies and form fields. It includes a web traffic recorder, web spider, hash calculator, and a scanner for testing common web application attacks such as SQL injection and cross-site scripting.See all web vulnerability scanners

#17
10
Linux
*BSD
OS X
Windows
Command-line interface
Source code
Dsniff : A suite of powerful network auditing and penetration-testing tools
This popular and well-engineered suite by Dug Song includes many tools. dsniff, filesnarf, mailsnarf, msgsnarf, urlsnarf, and webspy passively monitor a network for interesting data (passwords, e-mail, files, etc.). arpspoof, dnsspoof, and macof facilitate the interception of network traffic normally unavailable to an attacker (e.g, due to layer-2 switching). sshmitm and webmitm implement active monkey-in-the-middle attacks against redirected ssh and https sessions by exploiting weak bindings in ad-hoc PKI. A separately maintained partial Windows port is available here. Overall, this is a great toolset. It handles pretty much all of your password sniffing needs.See all packet sniffers

#18
7
Windows
GUI Interface
NetStumbler : Free Windows 802.11 Sniffer
Netstumbler is the best known Windows tool for finding open wireless access points (“wardriving”). They also distribute a WinCE version for PDAs and such named Ministumbler. The tool is currently free but Windows-only and no source code is provided. It uses a more active approach to finding WAPs than passive sniffers such as Kismet or KisMAC.See all wireless tools, and packet sniffers

#19
18
Linux
*BSD
OS X
Windows
Command-line interface
Source code
THC Amap : An application fingerprinting scanner
Amap is a great tool for determining what application is listening on a given port. Their database isn’t as large as whatNmap uses for its version detection feature, but it is definitely worth trying for a 2nd opinion or if Nmap fails to detect a service. Amap even knows how to parse Nmap output files. This is yet another valuable tool from the great guys atTHC.See all application-specific scanners

#20
12
  TITLE=
Windows
GUI Interface
GFI LANguard : A commercial network security scanner for Windows
GFI LANguard scans IP networks to detect what machines are running. Then it tries to discern the host OS and what applications are running. I also tries to collect Windows machine’s service pack level, missing security patches, wireless access points, USB devices, open shares, open ports, services/applications active on the computer, key registry entries, weak passwords, users and groups, and more. Scan results are saved to an HTML report, which can be customized/queried. It also includes a patch manager which detects and installs missing patches. A free trial version is available, though it only works for up to 30 days.See all vulnerability scanners

#21
new
Linux
*BSD
OS X
Windows
Command-line interface
Source code
Aircrack : The fastest available WEP/WPA cracking tool
Aircrack is a suite of tools for 802.11a/b/g WEP and WPA cracking. It can recover a 40 through 512-bit WEP key once enough encrypted packets have been gathered. It can also attack WPA 1 or 2 networks using advanced cryptographic methods or by brute force. The suite includes airodump (an 802.11 packet capture program), aireplay (an 802.11 packet injection program), aircrack (static WEP and WPA-PSK cracking), and airdecap (decrypts WEP/WPA capture files).See all wireless tools, and password crackers

#22
4
Windows
GUI Interface
Superscan : A Windows-only port scanner, pinger, and resolver
SuperScan is a free Windows-only closed-source TCP/UDP port scanner by Foundstone. It includes a variety of additional networking tools such as ping, traceroute, http head, and whois.See all port scanners

#23
2
Linux
Command-line interface
Source code
Netfilter : The current Linux kernel packet filter/firewall
Netfilter is a powerful packet filter implemented in the standard Linux kernel. The userspace iptables tool is used for configuration. It now supports packet filtering (stateless or stateful), all kinds of network address and port translation (NAT/NAPT), and multiple API layers for 3rd party extensions. It includes many different modules for handling unruly protocols such as FTP. For other UNIX platforms, see Openbsd PF (OpenBSD specific), or IP Filter. Many personal firewalls are available for Windows (Tiny,Zone AlarmNortonKerio, …), though none made this list. Microsoft included a very basic firewall in Windows XP SP2, and will nag you incessantly until you install it.See all firewalls

#24
new
Windows
Command-line interface
GUI Interface
Sysinternals : An extensive collection of powerful windows utilities
Sysinternals provides many small windows utilities that are quite useful for low-level windows hacking. Some are free of cost and/or include source code, while others are proprietary. Survey respondents were most enamored with:

  • ProcessExplorer for keeping an eye on the files and directories open by any process (like LSoF on UNIX).
  • PsTools for managing (executing, suspending, killing, detailing) local and remote processes.
  • Autoruns for discovering what executables are set to run during system boot up or login.
  • RootkitRevealer for detecting registry and file system API discrepancies that may indicate the presence of a user-mode or kernel-mode rootkit.
  • TCPView, for viewing TCP and UDP traffic endpoints used by each process (like Netstat on UNIX).

Update: Microsoft acquired Sysinternals in July 2006, promising that “Customers will be able to continue building on Sysinternals’ advanced utilities, technical information and source code”. Less than four months later, Microsoft removed most of that source code. Future product direction is uncertain.See all rootkit detectors

#25
5
  TITLE=
Windows
GUI Interface
Retina : Commercial vulnerability assessment scanner by eEye
Like Nessus, Retina’s function is to scan all the hosts on a network and report on any vulnerabilities found. It was written by eEye, who are well known for their security research.See all vulnerability scanners



Kategori:Documents
  1. 21 April 2011 pukul 5:08 pm

    Tekst

  1. 10 Juni 2010 pukul 4:01 am

Tinggalkan Balasan

Isikan data di bawah atau klik salah satu ikon untuk log in:

Logo WordPress.com

You are commenting using your WordPress.com account. Logout / Ubah )

Gambar Twitter

You are commenting using your Twitter account. Logout / Ubah )

Foto Facebook

You are commenting using your Facebook account. Logout / Ubah )

Foto Google+

You are commenting using your Google+ account. Logout / Ubah )

Connecting to %s

%d blogger menyukai ini: