Info request - Penetration Testing tools list

Hello,

I haven't played with the pen test tools lately (since 4 years). The most familiar tools are Nessus/nmap/strobe (from freeware world) and ISS/Cybercop and others from the (commercial world).

Recently, I have heard of metasploitz (sp). Is this a compilation of all the exploits?

A lot has changed in the last 2 years! I am trying to update my pen test skills. What are the current tools that I should be familiar with?

Thank you in advance for any information and advice.

Regards,

Subba Rao

Reply to
Subba Rao
Loading thread data ...

Consider giving the following security based live CDs a look.

Auditor

formatting link
(check the research blog also) WHoppix
formatting link
(nice flash based demos as well) Phlak
formatting link
These should have many of the tools that you will need to get started.

AW

Reply to
Anthony Williams

As from 'Auditor Security Live' collection:

--------------------------------- Security Auditing:

Footprinting Traceroute itrace - traceroute ICMP echo tctrace - traceroute TCP SYN packets Gnetutil 1.0 HTTP/HTTPS Curl - transfer a URL stunnel SNMP tkmib - MIB browser for SNMP arpfetch - eth/ip adress vio snmp LDAP gq - GTK based LDAP Client SMB LinNeighborhood - SMB Network Browser net - tool for administration od samba CIFS servers(samba packet) SMB DumpUsers 0.9.1 SMB ServerInfo 0.9.1 nmblookup - lookup NetBIOS names(samba packet) OS Detection xprobe2 - OS fingerprinting tool queso - OS fprint tool P0f - passive OS fingerprinting cheops - net monitor tools for sys administration

Scanning Security Scanners Nessus Raccess - Remote Access Session Metasploit Webserver Scanners whisker - CGI scanner Nikto - Server and CGI scanner ab - apachebench Network Scanners nmap /fe scanrand - Stateless TCP net analysis system ike-scan - discover and fingeprint IKE hosts (IPsec VPN) Application Scanners amap - app mapper scanssh - scans for open proxys and ssh servers SMB Scanners nbtscan - scans networks for NetBIOS name information smb-nat - NetBIOS auditing tool Router Scanner ass - autonomous system scanner

Analyzing Network Analyzers Ethereal Ettercap Etherape - graphical network browser Password Analyzers Dsniff Application Analyzers Mailsnarf - sniff mail messages urlsnarf - sniff HTTP requests spkproxy - web application auditing

Spoofing ARP arpspoof - intercept packets on a switched LAN macof - flood switched LAN's with random MAC's DNS dnsspoof - forge replies to DNS adress ICMP hping2 - send arbitrary TCP/IP packets to hosts icmpush - ICMP packet builder TCP tcpreply - reply packets from capture files IP Sorcery - packet generator Cisco/CDP cdp - cdp packet generator Routing Protocols igrp - igrp route injector Wireless Scanners/Analyzers Kismet Wellenreiter WEP Breaking Wep Crack Wep Decrypt AirSnort dwepcrack wepattack MACchanger

Bruteforce hydra - multi purpose bruteforcer (GTK Gui postoji) smb-nat k0ldS - LDAP bruteforcer ADMsnmp - SNMP bruteforcer ObiWan III - HTTP Bruteforcer guess-who - SSH bruteforcer

Password Crackers John the Ripper WIN RainbowCrack samdump2-linux ZIP fcrackzip - ZIP pass cracker Digital Forensics Data Recovery testdisk - scan and repair disk partitions ext2fs recovery recover - recover a deleted file Secure Delete Wipe - securely erase files

EXTRA IRPAS Internetwork Routing Protocol Attack Suite Nemesis Project

---------------------------------

Reply to
anrxc

GNU c compiler and perl.

regards c0ntex

Reply to
c0ntex

Cabling-Design.com Forums website is not affiliated with any of the manufacturers or service providers discussed here. All logos and trade names are the property of their respective owners.