Security Tools

See sectools.org for a more comprehensive list than this. These are the tools I have been using or want to try next.

Omnipotent

• nc, a.k.a. netcat (original by Hobbit, Windows version by Weld Pond)

Defense

• Zonealarm
• AVG antivirus
• Ad-aware and Spybot
• truecrypt
• md5deep
• putty
• Snort

Attack

• Metasploit framework
• dsniff, which includes a a suite of tools:
  • dniff - the basic a sniffer
  • macof - overflows switch's CAM table with tons of entries
  • arpspoof - to send out gratuitous ARPs for a MITM attack
  • dnsspoof
  • filesnarf - picks up a copy of NFS files it sees
  • msgsnarf
  • mailsnarf - copies SMTP mail it sees
  • urlsnarf - logs the URLs it sees in common log format (http only, URLS not content)
  • webmitm
  • sshmitm
• fragrouter - turns your box into a (user-mode) router, with various fragmentation and crafting possibilities
• fragroute - not a router, allows many more fragmentation and crafting possibilities than fragrouter, but only from the local host

Assessment

• nmap
• Nessus
• lsof
• Helix
• Cain and Abel
• xprobe2 - remote, active OS fingerprinting tool
• p0f - passive OS fingerprinting
• onesixtyone - SNMP scanner
• Nikto - web server scanner

Capture

• tcpdump
• windump
• winpcap
• ethereal
• wireshark
• driftnet

Packet crafting

• hping
• nemesis
• tcpreplay

Wireless

• Kismet
• Wellenreiter
• Netstumbler
• Karma