Les presentamos el listado denominado " Security Tools List - The security list from security auditors for security auditors " que actualiza la web securitytoolslist.domandhost.com donde se muestra las principales herramientas de seguridad que se utilizan en la actualidad para auditoría informática y cumplimiento de medidas relacionadas con la seguridad de la Información.
| Num | Tool name | License | Platform | License price |
|---|---|---|---|---|
| 1 | BRO-IDS | Free (Unrestricted free. License type GPL, GNU,...) | *NIX (Any system derived of UNIX) | Free! |
| Type of tool | Sniffer / network analyzer | |||
| Description | Bro is an open-source, Unix-based Network Intrusion Detection System | |||
| URL | http://www.bro-ids.org/ | |||
| 2 | Acunetix | Non-free (free with restrictions) | Windows | Free! |
| Type of tool | Analysis of web environments | |||
| Description | Acunetix is a web vulnerability scanner. Can check XSS, SQL injection, and much more attacks | |||
| URL | http://www.acunetix.com/ | |||
| 3 | IceSword | Free (Unrestricted free. License type GPL, GNU,...) | Windows | Free! |
| Type of tool | rootkits detectors | |||
| Description | IceSword has a Windows Explorer-like interface but displays hidden processes and resources that Windows Explorer would never show. | |||
| URL | http://www.antirootkit.com | |||
| 4 | FTester | Free (Unrestricted free. License type GPL, GNU,...) | *NIX (Any system derived of UNIX) | Free! |
| Type of tool | Firewall / perimetral security testing | |||
| Description | The Firewall Tester (FTester) is a tool designed for testing firewalls filtering policies and Intrusion Detection System (IDS) capabilities | |||
| URL | http://dev.inversepath.com/trac/ftester | |||
| 5 | GMER | Free (Unrestricted free. License type GPL, GNU,...) | Windows | Free! |
| Type of tool | rootkits detectors | |||
| Description | GMER is an application that detects and removes | |||
| URL | http://www.gmer.net/ | |||
| 6 | GFI Languard | Non-free (free with restrictions) | Windows | Free! |
| Type of tool | Exploitation / vulnerability analysis | |||
| Description | GFI LANguard is the award-winning network and security scanner. | |||
| URL | http://www.gfi.com/lannetscan | |||
| 7 | FG-Injector | Free (Unrestricted free. License type GPL, GNU,...) | Multiplatform (Run in different environments: Linux, Windows, MAC OS... | Free! |
| Type of tool | Exploitation / vulnerability analysis | |||
| Description | Injection Framework is a security tool designed to detect and research SQL injections. | |||
| URL | http://sourceforge.net/projects/injection-fwk/ | |||
| 8 | netcat | Non-free (free with restrictions) | Linux | Free! |
| Type of tool | Management | |||
| Description | netcat is a computer networking utility for reading from and writing to network connections using either TCP or UDP. It goes by the tag-line of "The Swiss-army knife for TCP/IP | |||
| URL | http://netcat.sourceforge.net/ | |||
| 9 | rkhunter | Free (Unrestricted free. License type GPL, GNU,...) | Linux | Free! |
| Type of tool | rootkits detectors | |||
| Description | Rootkit scanner is scanning tool to ensure you for about 99.9%* you're clean of nasty tools. This tool scans for rootkits, backdoors and local exploits. | |||
| URL | http://www.rootkit.nl/projects/rootkit_hunter.html | |||
| 10 | Secure Auditor | Commercial | Windows | $300-1500 |
| Type of tool | Exploitation / vulnerability analysis | |||
| Description | Secure Auditor is a Unified Risk Management Solution which enables user to perform Enumeration, Scanning, Auditing, Penetration Testing and Forensics on different operational systems | |||
| URL | http://www.secure-bytes.com/ | |||
| 11 | metasploit | Non-free (free with restrictions) | Independent (Languages like java, python, perl, ruby...) | Free! |
| Type of tool | Exploitation / vulnerability analysis | |||
| Description | Metasploit provides useful information to people who perform penetration testing, IDS signature development, and exploit research | |||
| URL | http://www.metasploit.com/ | |||
| 12 | OpenSQLi-NG | Free (Unrestricted free. License type GPL, GNU,...) | Independent (Languages like java, python, perl, ruby...) | Free! |
| Type of tool | Analysis of web environments | |||
| Description | OpenSQLi-NG (pronounced Open SQLi N-G) is the next generation open source sql injection tool, | |||
| URL | http://opensqling.sourceforge.net/?page_id=8 | |||
| 13 | OpenVAS | Free (Unrestricted free. License type GPL, GNU,...) | Linux | Free! |
| Type of tool | Exploitation / vulnerability analysis | |||
| Description | OpenVAS stands for Open Vulnerability Assessment System and is a network security scanner with associated tools like a graphical user front-end. OpenVAS products are Free Software under GNU GPL and a fork of Nessus. | |||
| URL | http://www.openvas.org/ | |||
| 14 | Cain & Abel | Free (Unrestricted free. License type GPL, GNU,...) | Windows | Free! |
| Type of tool | multiuse | |||
| Description | Cain & Abel is a password recovery tool for Microsoft Operating Systems. It allows easy recovery of various kind of passwords by sniffing the network, cracking encrypted passwords using Dictionary, Brute-Force and Cryptanalysis attacks, recording VoIP conversations, decoding scrambled passwords, recovering wireless network keys, revealing password boxes, uncovering cached passwords and analyzing routing protocols | |||
| URL | http://www.oxid.it/cain.html | |||
| 15 | tor | Free (Unrestricted free. License type GPL, GNU,...) | Linux | Free! |
| Type of tool | anonymity / security | |||
| Description | Tor is a network of virtual tunnels that allows people and groups to improve their privacy and security on the Internet | |||
| URL | https://www.torproject.org/ | |||
| 16 | XPL | Non-free (free with restrictions) | Linux | Free! |
| Type of tool | Exploitation / vulnerability analysis | |||
| Description | ISO custom for pentest | |||
| URL | www.ginux.ufla.br/~sandro | |||
| 17 | p0f | Free (Unrestricted free. License type GPL, GNU,...) | Linux | Free! |
| Type of tool | Protocols scanner/ fingerprinting | |||
| Description | passive OS fingerorinting | |||
| URL | http://lcamtuf.coredump.cx/p0f.shtml | |||
| 18 | oSpy | Free (Unrestricted free. License type GPL, GNU,...) | Windows | Free! |
| Type of tool | Exploitation / vulnerability analysis | |||
| Description | oSpy is a tool which aids in reverse-engineering software running on the Windows platform. | |||
| URL | http://code.google.com/p/ospy/ | |||
| 19 | sqlbrute | Free (Unrestricted free. License type GPL, GNU,...) | Multiplatform (Run in different environments: Linux, Windows, MAC OS... | Free! |
| Type of tool | Exploitation / vulnerability analysis | |||
| Description | Blind SQL injection | |||
| URL | http://www.justinclarke.com/security/sqlbrute.py | |||
| 20 | Gamja | Free (Unrestricted free. License type GPL, GNU,...) | Independent (Languages like java, python, perl, ruby...) | Free! |
| Type of tool | Scanner / VPN detector | |||
| Description | Gamja will find XSS(Cross site scripting) & SQL Injection weak point also URL parameter validation error. Who knows that which parameter is weak parameter? Gamja will be helpful for finding vulnerability[ XSS , Validation Error , SQL Injection]. | |||
| URL | gamja.sf.net | |||
| 21 | AuditPro Enterprise | Commercial | Multiplatform (Run in different environments: Linux, Windows, MAC OS... | Free! |
| Type of tool | multiuse | |||
| Description | AuditPro® is a comprehensive enterprise security assessment solution featuring critical asset identification, policy compliance, risk analysis, real time vulnerability views, enhanced reporting capability, graphical progress analysis and more. Supporting multiple operating systems and databases, AuditPro® brings you the state-of-the-art in information systems security evaluation and risk management. | |||
| URL | http://www.niiconsulting.com/products/auditpro.html | |||
| 22 | Firesec | Commercial | Windows | Free! |
| Type of tool | Management | |||
| Description | Firesec is a comprehensive solution for firewall rulebase analysis in medium to large enterprise environments. It addresses the problems inherent with large rule sets and helps purge and update a rule base as per network requirements. Firesec provides multiple functions such as removing redundant rules, grouping similar rules, and searching for vulnerable rule patterns. | |||
| URL | http://www.niiconsulting.com/products/Firesec.html | |||
| 23 | Technitium MAC Address Changer | Free (Unrestricted free. License type GPL, GNU,...) | Windows | Free! |
| Type of tool | Management | |||
| Description | Technitium MAC Address Changer allows you to change Media Access Control (MAC) Address of your Network Interface Card (NIC) irrespective to your NIC manufacturer or its driver. It has a very simple user interface and provides ample information regarding each NIC in the machine. Every NIC has a MAC address hard coded in its circuit by the manufacturer. This hard coded MAC address is used by windows drivers to access Ethernet Network (LAN). This tool can set a new MAC address to your NIC, bypassing the original hard coded MAC address. Technitium MAC Address Changer is a must tool in every security professionals tool box. Technitium MAC Address Changer is coded in Visual Basic 6.0. | |||
| URL | http://www.technitium.com/tmac/index.html | |||
| 24 | sam spade | Free (Unrestricted free. License type GPL, GNU,...) | Windows | Free! |
| Type of tool | target information gain | |||
| Description | Tool that provides various tools for obtaining information on a given objective | |||
| URL | http://preview.samspade.org/ssw/download.html | |||
| 25 | scanssh | Free (Unrestricted free. License type GPL, GNU,...) | *NIX (Any system derived of UNIX) | Free! |
| Type of tool | Scanner / VPN detector | |||
| Description | The network scanner more versatile and extended | |||
| URL | http://monkey.org/~provos/scanssh/ | |||
| 26 | THC amap | Free (Unrestricted free. License type GPL, GNU,...) | Multiplatform (Run in different environments: Linux, Windows, MAC OS... | Free! |
| Type of tool | Scanner / VPN detector | |||
| Description | network scanner. The perfect complement to nmap | |||
| URL | http://freeworld.thc.org/thc-amap/ | |||
| 27 | superscan | Free (Unrestricted free. License type GPL, GNU,...) | Windows | Free! |
| Type of tool | Scanner / VPN detector | |||
| Description | A Foundstone tool. Powerful TCP port scanner, pinger, resolver. | |||
| URL | http://www.foundstone.com/us/resources/proddesc/superscan.htm | |||
| 28 | nbtscan | Free (Unrestricted free. License type GPL, GNU,...) | Multiplatform (Run in different environments: Linux, Windows, MAC OS... | Free! |
| Type of tool | Scanner / VPN detector | |||
| Description | Netbios scanner | |||
| URL | http://unixwiz.net/tools/nbtscan.html#download | |||
| 29 | Xprobe2 | Free (Unrestricted free. License type GPL, GNU,...) | *NIX (Any system derived of UNIX) | Free! |
| Type of tool | Scanner / VPN detector | |||
| Description | fingerprinting OS tool | |||
| URL | http://xprobe.sourceforge.net/ | |||
| 30 | Ike-scan | Free (Unrestricted free. License type GPL, GNU,...) | Multiplatform (Run in different environments: Linux, Windows, MAC OS... | Free! |
| Type of tool | Scanner / VPN detector | |||
| Description | IPsec VPN scanning, fingerprinting and testing tool | |||
| URL | http://www.nta-monitor.com/tools/ike-scan/ | |||
| 31 | unicornscan | Free (Unrestricted free. License type GPL, GNU,...) | *NIX (Any system derived of UNIX) | Free! |
| Type of tool | Scanner / VPN detector | |||
| Description | A very fast information gathering and correlation engine. | |||
| URL | http://www.unicornscan.org/ | |||
| 32 | scanrand | Free (Unrestricted free. License type GPL, GNU,...) | *NIX (Any system derived of UNIX) | Free! |
| Type of tool | Scanner / VPN detector | |||
| Description | An unusually fast stateless network service and topology discovery system, part of Paketto Keiretsu suite | |||
| URL | http://www.doxpara.com/read.php/code/paketto.html | |||
| 33 | upnpscan | Free (Unrestricted free. License type GPL, GNU,...) | *NIX (Any system derived of UNIX) | Free! |
| Type of tool | Scanner / VPN detector | |||
| Description | A tool that scans the LAN or a given address range for UPnP capable devices | |||
| URL | http://www.cqure.net/wp/upnpscan/ | |||
| 34 | netifera | Free (Unrestricted free. License type GPL, GNU,...) | Independent (Languages like java, python, perl, ruby...) | Free! |
| Type of tool | Security Framework for create custom tools | |||
| Description | Netifera is a new modular open source platform for creating network security tools | |||
| URL | http://netifera.com/downloads/ | |||
| 35 | usb-watcher | Free (Unrestricted free. License type GPL, GNU,...) | Windows | Free! |
| Type of tool | cryptography | |||
| Description | USB-Watcher makes a system-shut-down if hardware-changes were noticed. Some police are using USB-Exploits to access running systems with encrypted filesystems (f.e. by TrueCrypt) and USB-Watcher (not only listening on USB) blocks the intruder. | |||
| URL | http://keksa.de/?q=usb_watcher | |||
| 36 | proslo | Free (Unrestricted free. License type GPL, GNU,...) | Windows | Free! |
| Type of tool | Management | |||
| Description | Proslo (process slowdown) uses an undocumented function in the windows-API to choke a process. It freezes the process and resumes it in a self-defined time period. | |||
| URL | http://keksa.de/?q=proslo | |||
| 37 | mangleme in PHP | Free (Unrestricted free. License type GPL, GNU,...) | Windows | Free! |
| Type of tool | Exploitation / vulnerability analysis | |||
| Description | mangleme (original coded by http://lcamtuf.coredump.cx/) is a HTML-fuzzer. I redesigned it in PHP to make fast code-changes and additions possible. | |||
| URL | http://keksa.de/?q=mangleme_fuzzing_in_php | |||
| 38 | GreenSQL | Free (Unrestricted free. License type GPL, GNU,...) | Independent (Languages like java, python, perl, ruby...) | Free! |
| Type of tool | Management | |||
| Description | GreenSQL is an Open Source database firewall used to protect databases from SQL injection attacks | |||
| URL | http://www.greensql.net/ | |||
| 39 | AutoRuns | Non-free (free with restrictions) | Windows | Free! |
| Type of tool | Forensic | |||
| Description | Allows the user to view all software that automatically runs when windows starts up. | |||
| URL | www.sysinternals.com | |||
| 40 | txdns | Free (Unrestricted free. License type GPL, GNU,...) | Windows | Free! |
| Type of tool | Target information gain | |||
| Description | TXDNS is a Win32 aggressive multithreaded DNS digger. Capable of placing, on the wire, thousands of DNS queries per minute. TXDNS main goal is to expose a domain namespace trough a number of techniques: Typos, TLD rotation, Dictionary attack, Brute force. | |||
| URL | http://www.txdns.net/ | |||
| 41 | txdns | Free (Unrestricted free. License type GPL, GNU,...) | Windows | Free! |
| Type of tool | Protocols scanner/ fingerprinting | |||
| Description | dns brute force | |||
| URL | www.txdns.net | |||
| 42 | nmap | Free (Unrestricted free. License type GPL, GNU,...) | Multiplatform (Run in different environments: Linux, Windows, MAC OS... | Free! |
| Type of tool | Protocols scanner/ fingerprinting | |||
| Description | A popular tool that is probably already on the list | |||
| URL | http://nmap.org/ | |||
| 43 | Lynis | Free (Unrestricted free. License type GPL, GNU,...) | *NIX (Any system derived of UNIX) | Free! |
| Type of tool | Management | |||
| Description | System and security auditing tool for UNIX based systems. | |||
| URL | http://www.rootkit.nl/projects/lynis.html | |||
| 44 | Cenzic Hailstorm | Non-free (free with restrictions) | Windows | Starting at $13K |
| Type of tool | Exploitation / vulnerability analysis | |||
| Description | Cenzic Hailstorm is a Web application scanner. The product integrates with source code scanners and Web application firewalls as well as VMWare for virtualization of production apps | |||
| URL | http://www.cenzic.com/products/overview/ | |||
| 45 | dirb | Free (Unrestricted free. License type GPL, GNU,...) | Linux | Free! |
| Type of tool | Analysis of web environments | |||
| Description | Website directory discovery via brute force. Supply your own dictionary file. I have a difficult time finding much support, as the name is not easily searchable. If you know how to use it, it's a good tool to add to the arsenal. | |||
| URL | http://dirb.sourceforge.net/ | |||
| 46 | UCSniff | Free (Unrestricted free. License type GPL, GNU,...) | Linux | Free! |
| Type of tool | Sniffer / network analyzer | |||
| Description | UCSniff is an exciting new VoIP Security Assessment tool that leverages existing open source software into several useful features | |||
| URL | http://ucsniff.sourceforge.net/ | |||
| 47 | voiphopper | Free (Unrestricted free. License type GPL, GNU,...) | Linux | Free! |
| Type of tool | Creation / manipulation packet network | |||
| Description | VoIP Hopper is a GPLv3 licensed security tool, written in C, that rapidly runs a VLAN Hop into the Voice VLAN on specific Ethernet switches | |||
| URL | http://voiphopper.sourceforge.net/ | |||
| 48 | sipp | Free (Unrestricted free. License type GPL, GNU,...) | Multiplatform (Run in different environments: Linux, Windows, MAC OS... | Free! |
| Type of tool | multiuse | |||
| Description | SIPp is a free Open Source test tool / traffic generator for the SIP protocol | |||
| URL | http://sipp.sourceforge.net/ | |||
| 49 | Protos | Free (Unrestricted free. License type GPL, GNU,...) | Independent (Languages like java, python, perl, ruby...) | Free! |
| Type of tool | Creation / manipulation packet network | |||
| Description | The purpose of this test-suite is to evaluate implementation level security and robustness of numerous protocols: WAP-wsp-request, WAP-wmlc, HTTP-reply, LDAPv3, SNMPv1, SIP, H2250v4, ISAKMP, DNS. | |||
| URL | http://www.ee.oulu.fi/research/ouspg/protos/ | |||
| 50 | firebug | Free (Unrestricted free. License type GPL, GNU,...) | Multiplatform (Run in different environments: Linux, Windows, MAC OS... | Free! |
| Type of tool | Firefox pluggins | |||
| Description | You can edit, debug, and monitor CSS, HTML, and JavaScript live in any web page. | |||
| URL | http://getfirebug.com/ | |||
| 51 | grendal-scan | Non-free (free with restrictions) | Windows | Free! |
| Type of tool | Management | |||
| Description | Hi test | |||
| URL | www.grendal.cm | |||
| 52 | Nikto | Non-free (free with restrictions) | Multiplatform (Run in different environments: Linux, Windows, MAC OS... | Free! |
| Type of tool | Scanner / VPN detector | |||
| Description | Nikto is an Open Source (GPL) web server scanner which performs comprehensive tests against web servers for multiple items, including over 3500 potentially dangerous files/CGIs, versions on over 900 servers, and version specific problems on over 250 servers. Scan items and plugins are frequently updated and can be automatically updated (if desired). | |||
| URL | http://www.cirt.net/nikto2 | |||
| 53 | wireshark | Free (Unrestricted free. License type GPL, GNU,...) | Multiplatform (Run in different environments: Linux, Windows, MAC OS... | Free! |
| Type of tool | Sniffer / network analyzer | |||
| Description | Wireshark is the world's foremost network protocol analyzer | |||
| URL | http://www.wireshark.org | |||
| 54 | kismet | Free (Unrestricted free. License type GPL, GNU,...) | Multiplatform (Run in different environments: Linux, Windows, MAC OS... | Free! |
| Type of tool | Sniffer / network analyzer | |||
| Description | Kismet is an 802.11 layer2 wireless network detector, sniffer, and intrusion detection system | |||
| URL | http://www.kismetwireless.net/ | |||
| 55 | tcpdump | Free (Unrestricted free. License type GPL, GNU,...) | Multiplatform (Run in different environments: Linux, Windows, MAC OS... | Free! |
| Type of tool | Sniffer / network analyzer | |||
| Description | tcpdump is a common packet sniffer that runs under the command line. It allows the user to intercept and display TCP/IP and other packets being transmitted or received over a network to which the computer is attached | |||
| URL | http://www.tcpdump.org/ | |||
| 56 | windump | Free (Unrestricted free. License type GPL, GNU,...) | Windows | Free! |
| Type of tool | Sniffer / network analyzer | |||
| Description | WinDump is the Windows version of tcpdump, the command line network analyzer for UNIX. | |||
| URL | http://www.winpcap.org/windump/ | |||
| 57 | Ettercap | Free (Unrestricted free. License type GPL, GNU,...) | Multiplatform (Run in different environments: Linux, Windows, MAC OS... | Free! |
| Type of tool | Sniffer / network analyzer | |||
| Description | Ettercap is a suite for man in the middle attacks on LAN. It features sniffing of live connections, content filtering on the fly and many other interesting tricks | |||
| URL | http://ettercap.sourceforge.net/ | |||
| 58 | dsniff | Free (Unrestricted free. License type GPL, GNU,...) | Multiplatform (Run in different environments: Linux, Windows, MAC OS... | Free! |
| Type of tool | Sniffer / network analyzer | |||
| Description | Dsniff is a collection of tools for network auditing and penetration testing: dsniff, filesnarf, mailsnarf, msgsnarf, urlsnarf, webspy, arpspoof, dnsspoof, macof, sshmitm and webmitm. | |||
| URL | http://monkey.org/~dugsong/dsniff/ | |||
| 59 | ngrep | Free (Unrestricted free. License type GPL, GNU,...) | Multiplatform (Run in different environments: Linux, Windows, MAC OS... | Free! |
| Type of tool | Sniffer / network analyzer | |||
| Description | ngrep strives to provide most of GNU grep's common features, applying them to the network layer | |||
| URL | http://ngrep.sourceforge.net/ | |||
| 60 | Ntop | Free (Unrestricted free. License type GPL, GNU,...) | Multiplatform (Run in different environments: Linux, Windows, MAC OS... | Free! |
| Type of tool | Sniffer / network analyzer | |||
| Description | ntop is a network traffic probe that shows the network usage, similar to what the popular top Unix command does | |||
| URL | http://www.ntop.org/ | |||
| 61 | EtherApe | Free (Unrestricted free. License type GPL, GNU,...) | *NIX (Any system derived of UNIX) | Free! |
| Type of tool | Sniffer / network analyzer | |||
| Description | EtherApe is a graphical network monitor for Unix modeled after etherman | |||
| URL | http://etherape.sourceforge.net/ | |||
| 62 | SolarWinds | Commercial | Windows | Starting at $199 |
| Type of tool | Sniffer / network analyzer | |||
| Description | Network Management Software for All | |||
| URL | http://www.solarwinds.com/ | |||
| 63 | firewalk | Free (Unrestricted free. License type GPL, GNU,...) | Multiplatform (Run in different environments: Linux, Windows, MAC OS... | Free! |
| Type of tool | Sniffer / network analyzer | |||
| Description | Firewalk is an active reconnaissance network security tool that attempts to determine what layer 4 protocols a given IP forwarding device. | |||
| URL | www.packetfactory.net/projects/firewalk/ | |||
| 64 | Cheops-ng | Free (Unrestricted free. License type GPL, GNU,...) | *NIX (Any system derived of UNIX) | Free! |
| Type of tool | Sniffer / network analyzer | |||
| Description | Cheops-ng is a Network management tool for mapping and monitoring your network | |||
| URL | http://cheops-ng.sourceforge.net/ | |||
| 65 | fping | Free (Unrestricted free. License type GPL, GNU,...) | *NIX (Any system derived of UNIX) | Free! |
| Type of tool | Sniffer / network analyzer | |||
| Description | fping is a ping(1) like program which uses the Internet Control Message Protocol (ICMP). fping is different from ping in that you can specify any number of hosts on the command line, or specify a file containing the lists of hosts to ping. | |||
| URL | http://fping.sourceforge.net/ | |||
| 66 | tcptraceroute | Free (Unrestricted free. License type GPL, GNU,...) | *NIX (Any system derived of UNIX) | Free! |
| Type of tool | Sniffer / network analyzer | |||
| Description | tcptraceroute is a traceroute implementation using TCP packets | |||
| URL | http://michael.toren.net/code/tcptraceroute/ | |||
| 67 | MBSA | Non-free (free with restrictions) | Windows | Free! |
| Type of tool | Exploitation / vulnerability analysis | |||
| Description | Microsoft Baseline Security Analyzer (MBSA) is an easy-to-use tool that helps small and medium businesses determine their security state in accordance with Microsoft security recommendations and offers specific remediation guidance. | |||
| URL | http://technet.microsoft.com/en-us/security/cc184924.aspx | |||
| 68 | w3af | Free (Unrestricted free. License type GPL, GNU,...) | Independent (Languages like java, python, perl, ruby...) | Free! |
| Type of tool | Analysis of web environments | |||
| Description | w3af, is a Web Application Attack and Audit Framework. The w3af core and it's plugins are fully written in python. The project has more than 130 plugins, which check for SQL injection, cross site scripting (xss), local and remote file inclusion and much | |||
| URL | http://sourceforge.net/projects/w3af/ | |||
| 69 | MSAT | Non-free (free with restrictions) | Windows | Free! |
| Type of tool | Management of risk / methodologies / ISO | |||
| Description | The Microsoft Security Assessment Tool (MSAT) is a free tool designed to help organizations like yours assess weaknesses in your current IT security environment, reveal a prioritized list of issues, and help provide specific guidance to minimize those risks | |||
| URL | http://technet.microsoft.com/en-us/security/cc185712.aspx | |||
| 70 | paros | Free (Unrestricted free. License type GPL, GNU,...) | Independent (Languages like java, python, perl, ruby...) | Free! |
| Type of tool | Analysis of web environments | |||
| Description | Through Paros's proxy nature, all HTTP and HTTPS data between server and client, including cookies and form fields, can be intercepted and modified | |||
| URL | http://www.parosproxy.org/ | |||
| 71 | WebScarab | Free (Unrestricted free. License type GPL, GNU,...) | Independent (Languages like java, python, perl, ruby...) | Free! |
| Type of tool | Analysis of web environments | |||
| Description | WebScarab is a HTTP and HTTPS proxy. Has several modes of operation and implement numbers plugins:Fragments, Proxy, Manual, Beanshell, Revealhiddenfields, Bandwidthsimulator, Spider, Manualrequest, SessionIDanalysis, Scripted, Parameterfuzzer, Search, Compare, SOAP, Extensions, XSS/CRLF. | |||
| URL | http://www.owasp.org/index.php/Category:OWASP_WebScarab_Project | |||
| 72 | WebInspect | Commercial | Windows | Free! |
| Type of tool | Analysis of web environments | |||
| Description | Webinspect is an URLchecker. This is a service that test your website or special pages of your website and warn you when if an important status change is made or if the page is not reachable from the internet | |||
| URL | http://www.webinspect.net/ | |||
| 73 | SPIKE Proxy | Free (Unrestricted free. License type GPL, GNU,...) | Independent (Languages like java, python, perl, ruby...) | Free! |
| Type of tool | Analysis of web environments | |||
| Description | SPIKE Proxy is a tool for looking for application-level vulnerabilities in web applications. SPIKE Proxy covers the basics, such as SQL Injection and cross-site-scripting | |||
| URL | http://www.immunitysec.com/resources-freesoftware.shtml | |||
| 74 | QualysGuard | Commercial | Windows | Starting at $2500 |
| Type of tool | Analysis of web environments | |||
| Description | The QualysGuard Security and Compliance Suite automates the process of vulnerability management and policy compliance across the enterprise, providing network discovery and mapping, asset prioritization, vulnerability assessment reporting and remediation tracking according to business risk. | |||
| URL | http://www.qualys.com/products/qg_suite/ | |||
| 75 | BurpSuite | Non-free (free with restrictions) | Independent (Languages like java, python, perl, ruby...) | Free! |
| Type of tool | Analysis of web environments | |||
| Description | Burp Suite is an integrated platform for attacking web applications. It contains a Suite tools: Proxy, Spider, Scanner, Intruder, Repeater, Sequencer, Decoder, Comparer. | |||
| URL | http://portswigger.net/suite/ | |||
| 76 | Wikto | Non-free (free with restrictions) | Windows | Free! |
| Type of tool | Analysis of web environments | |||
| Description | Wikto is a Web Server Assessment Tool. It works by trying to find interesting directories and files on the web site, it looks for sample scripts that can be abused or finds known vulnerabilities in the web server implementation itself. | |||
| URL | http://www.sensepost.com/research/wikto/ | |||
| 77 | Watchfire AppScan | Commercial | Windows | Starting at $14,000 |
| Type of tool | Analysis of web environments | |||
| Description | From IBM Rational automate content scanning and analysis to help ensure compliance with privacy, accessibility, and key industry regulations such as Sarbanes-Oxley and HIPAA, as well as internal Web quality standards | |||
| URL | http://www.watchfire.com | |||
| 78 | N-Stealth | Non-free (free with restrictions) | Windows | Free! |
| Type of tool | Analysis of web environments | |||
| Description | N-Stalker is a Web Application Security Scanner with 18,000 signatures, web Server security check, Backup check, XSS... | |||
| URL | http://www.nstalker.com/products | |||
| 79 | SpiDynamics WebInspect | Commercial | Windows | Starting at $2500 |
| Type of tool | Exploitation / vulnerability analysis | |||
| Description | WebInspect complements firewalls and intrusion detection systems by identifying Web application vulnerabilities | |||
| URL | http://www.whitehatinc.com/products/spi_dynamics/webinspect/ | |||
| 80 | NetStumbler | Free (Unrestricted free. License type GPL, GNU,...) | Windows | Free! |
| Type of tool | Wifi password cracker / sniffer / others wifi tools | |||
| Description | Tool for Windows that allows you to detect Wireless Local Area Networks (WLANs) using 802.11b, 802.11a and 802.11g | |||
| URL | http://stumbler.net/ | |||
| 81 | Airsnort | Free (Unrestricted free. License type GPL, GNU,...) | Multiplatform (Run in different environments: Linux, Windows, MAC OS... | Free! |
| Type of tool | Wifi password cracker / sniffer / others wifi tools | |||
| Description | AirSnort is a wireless LAN (WLAN) tool which recovers encryption keys. AirSnort operates by passively monitoring transmissions, computing the encryption key when enough packets have been gathered | |||
| URL | http://airsnort.shmoo.com/ | |||
| 82 | Aircrack-ng | Free (Unrestricted free. License type GPL, GNU,...) | Multiplatform (Run in different environments: Linux, Windows, MAC OS... | Free! |
| Type of tool | Wifi password cracker / sniffer / others wifi tools | |||
| Description | Aircrack-ng is an 802.11 WEP and WPA-PSK keys cracking program that can recover keys once enough data packets have been captured. | |||
| URL | http://aircrack-ng.org/ | |||
| 83 | KisMAC | Free (Unrestricted free. License type GPL, GNU,...) | MAC OS | Free! |
| Type of tool | Wifi password cracker / sniffer / others wifi tools | |||
| Description | KisMAC is an open-source and free stumbler/scanner application for Mac OS X. It has an advantage over MacStumbler / iStumbler / NetStumbler in that it uses monitor mode and passive scanning | |||
| URL | http://trac.kismac-ng.org/ | |||
| 84 | Hping2 | Free (Unrestricted free. License type GPL, GNU,...) | Multiplatform (Run in different environments: Linux, Windows, MAC OS... | Free! |
| Type of tool | Creation / manipulation packet network | |||
| Description | Hping is a command-line oriented TCP/IP packet assembler/analyzer. The interface is inspired to the ping unix command, but hping isn't only able to send ICMP echo requests. It supports TCP, UDP, ICMP and RAW-IP protocols, has a traceroute mode, the ability to send files between a covered channel, and many other features. | |||
| URL | http://www.hping.org/ | |||
| 85 | Scapy | Free (Unrestricted free. License type GPL, GNU,...) | Independent (Languages like java, python, perl, ruby...) | Free! |
| Type of tool | Creation / manipulation packet network | |||
| Description | Scapy is a powerful interactive, and easy to use, packet manipulation program. It is able to forge or decode packets of a wide number of protocols, send them on the wire, capture them, match requests and replies, and much more. It is writen in python. | |||
| URL | http://www.secdev.org/projects/scapy/ | |||
| 86 | Scaperl | Free (Unrestricted free. License type GPL, GNU,...) | Independent (Languages like java, python, perl, ruby...) | Free! |
| Type of tool | Creation / manipulation packet network | |||
| Description | Scaperl is a clon of scapy, but it's writen in perl | |||
| URL | http://sylv1.tuxfamily.org/projects/scaperl.html | |||
| 87 | nemesis | Free (Unrestricted free. License type GPL, GNU,...) | Multiplatform (Run in different environments: Linux, Windows, MAC OS... | Free! |
| Type of tool | Creation / manipulation packet network | |||
| Description | Nemesis is a command-line network packet crafting and injection utility. Nemesis, is well suited for testing Network Intrusion Detection Systems, firewalls, IP stacks and a variety of other tasks. As a command-line driven utility, Nemesis is perfect for automation and scripting. | |||
| URL | http://nemesis.sourceforge.net/ | |||
| 88 | yersinia | Free (Unrestricted free. License type GPL, GNU,...) | Multiplatform (Run in different environments: Linux, Windows, MAC OS... | Free! |
| Type of tool | Creation / manipulation packet network | |||
| Description | Yersinia is a network tool designed to take advantage of some weakeness in different network protocols. It pretends to be a solid framework for analyzing and testing the deployed networks and systems | |||
| URL | http://www.yersinia.net/ | |||
| 89 | Tcpreplay | Free (Unrestricted free. License type GPL, GNU,...) | *NIX (Any system derived of UNIX) | Free! |
| Type of tool | Creation / manipulation packet network | |||
| Description | Tcpreplay si part of ndisbench suite. Tcpreplay is aimed at testing the performance of a NIDS by replaying real background network traffic in which to hide attacks. | |||
| URL | http://packetstormsecurity.nl/UNIX/IDS/nidsbench/nidsbench.html | |||
| 90 | fragrouter | Free (Unrestricted free. License type GPL, GNU,...) | *NIX (Any system derived of UNIX) | Free! |
| Type of tool | Creation / manipulation packet network | |||
| Description | Fragrouter is aimed at testing the correctness of a NIDS, according to the specific TCP/IP attacks listed in the Secure Networks NIDS evasion paper | |||
| URL | http://packetstormsecurity.nl/UNIX/IDS/nidsbench/nidsbench.html | |||
| 91 | Retina | Commercial | Windows | Starting at $575.00 |
| Type of tool | Exploitation / vulnerability analysis | |||
| Description | Retina Network Security Scanner is a vulnerability assessment, identifies known network and machine security vulnerabilities and assists in prioritizing threats for remediation. | |||
| URL | http://www.eeye.com/ | |||
| 92 | Core Impact | Commercial | Windows | $25000 |
| Type of tool | Exploitation / vulnerability analysis | |||
| Description | Core impact allow you to see your network, endpoint, email-user and web application security as an attacker would. | |||
| URL | http://www.coresecurity.com/ | |||
| 93 | ISS Internet scanner | Commercial | Windows | Free! |
| Type of tool | Exploitation / vulnerability analysis | |||
| Description | Internet Scanner can identify more than 1,300 types of networked devices on your network, including desktops, servers, routers/switches, firewalls, security devices and application routers | |||
| URL | http://www-935.ibm.com/services/us/index.wss/offerfamily/iss/a1026710 | |||
| 94 | X-scan | Free (Unrestricted free. License type GPL, GNU,...) | Windows | Free! |
| Type of tool | Exploitation / vulnerability analysis | |||
| Description | X-Scan is a general scanner for scanning network vulnerabilities for specific IP address scope or stand-alone computer by multi-threading method, plug-ins are supportable | |||
| URL | http://www.xfocus.org/programs/200507/18.html | |||
| 95 | Sara | Free (Unrestricted free. License type GPL, GNU,...) | Independent (Languages like java, python, perl, ruby...) | Free! |
| Type of tool | Exploitation / vulnerability analysis | |||
| Description | SARA is a third generation network security analysis tool that that has been available and actively updated for over 10 years | |||
| URL | http://www-arc.com/sara/ | |||
| 96 | CANVAS | Commercial | Independent (Languages like java, python, perl, ruby...) | $1450 |
| Type of tool | Exploitation / vulnerability analysis | |||
| Description | CANVAS makes available hundreds of exploits, an automated exploitation system, and a comprehensive, reliable exploit development framework to penetration testers. | |||
| URL | http://www.immunitysec.com/products-canvas.shtml | |||
| 97 | Saint | Commercial | Independent (Languages like java, python, perl, ruby...) | Starting at $425 |
| Type of tool | Exploitation / vulnerability analysis | |||
| Description | SAINT offers the only integrated vulnerability assessment and penetration testing tools available anywhere | |||
| URL | http://www.saintcorporation.com/ | |||
| 98 | Nessus | Non-free (free with restrictions) | Multiplatform (Run in different environments: Linux, Windows, MAC OS... | Free! |
| Type of tool | Exploitation / vulnerability analysis | |||
| Description | Nessus is the world-leader in active scanners, featuring high speed discovery, configuration auditing, asset profiling, sensitive data discovery and vulnerability analysis of your security posture | |||
| URL | http://www.nessus.org | |||
| 99 | john the ripper | Free (Unrestricted free. License type GPL, GNU,...) | Multiplatform (Run in different environments: Linux, Windows, MAC OS... | Free! |
| Type of tool | password cracker | |||
| Description | John the Ripper is a fast password cracker | |||
| URL | http://www.openwall.com/john/ | |||
| 100 | THC hydra | Free (Unrestricted free. License type GPL, GNU,...) | Multiplatform (Run in different environments: Linux, Windows, MAC OS... | Free! |
| Type of tool | password cracker | |||
| Description | A very fast network logon cracker which support many different services | |||
| URL | http://freeworld.thc.org/thc-hydra/ | |||
| 101 | brutus | Free (Unrestricted free. License type GPL, GNU,...) | Windows | Free! |
| Type of tool | password cracker | |||
| Description | It works online, trying to break telnet, POP3, FTP, HTTP, RAS or IMAP by simply trying to login as a legitimate users. Brutus imitates a real outside attack (unlike other password cracking applications that simulate an internal attack) and thus serves as a valuable security-auditing tool. | |||
| URL | http://www.bujarra.com/Brutus.html | |||
| 102 | RainbowCrack | Free (Unrestricted free. License type GPL, GNU,...) | Multiplatform (Run in different environments: Linux, Windows, MAC OS... | Free! |
| Type of tool | password cracker | |||
| Description | The RainbowCrack software is a hash cracker that use time-memory tradeoff algorithm | |||
| URL | http://project-rainbowcrack.com/index.htm | |||
| 103 | Ophcrack | Commercial | Windows | Free! |
| Type of tool | password cracker | |||
| Description | Ophcrack is a free Windows password cracker based on rainbow tables | |||
| URL | http://ophcrack.sourceforge.net/ | |||
| 104 | Angry IP scanner | Free (Unrestricted free. License type GPL, GNU,...) | Independent (Languages like java, python, perl, ruby...) | Free! |
| Type of tool | password cracker | |||
| Description | Angry IP Scanner (or simply ipscan) is a network scanner designed to be fast and simple to use. It scans IP addresses and ports as well as has many other features. | |||
| URL | http://www.angryziber.com/ | |||
| 105 | pwdump | Free (Unrestricted free. License type GPL, GNU,...) | Windows | Free! |
| Type of tool | password cracker | |||
| Description | This handy utility dumps the password database of an NT machine that is held in the NT registry. | |||
| URL | http://samba.org/samba/ftp/pwdump/ | |||
| 106 | pwdump2 | Free (Unrestricted free. License type GPL, GNU,...) | Windows | Free! |
| Type of tool | password cracker | |||
| Description | PWDump2 is an application which dumps the password hashes (OWFs) from NT's SAM database, whether or not SYSKEY is enabled on the system | |||
| URL | http://www.securiteam.com/tools/5ZQ0G000FU.html | |||
| 107 | pwdump3v2 | Free (Unrestricted free. License type GPL, GNU,...) | Windows | Free! |
| Type of tool | password cracker | |||
| Description | It works in a similar way of pwdump2, but works over the network. | |||
| URL | http://limestone.truman.edu/pub/win32/apps/pwdump3/ | |||
| 108 | pwdump6 | Free (Unrestricted free. License type GPL, GNU,...) | Windows | Free! |
| Type of tool | password cracker | |||
| Description | Improvement of pwdump3e | |||
| URL | http://www.foofus.net/fizzgig/pwdump/ | |||
| 109 | fgdump | Free (Unrestricted free. License type GPL, GNU,...) | Windows | Free! |
| Type of tool | password cracker | |||
| Description | .improvement of pwdump6 with addons | |||
| URL | http://www.foofus.net/fizzgig/fgdump/ | |||
| 110 | pwdump7 | Free (Unrestricted free. License type GPL, GNU,...) | Windows | Free! |
| Type of tool | password cracker | |||
| Description | It works as pwdump6 but uses own filesystem drivers. | |||
| URL | http://www.tarasco.org/atarasco/2007/06/pwdump7.html | |||
- Agregar mas herramientas
- Ultima version del listado
1 comentario:
Hola, que tal.
La lista de seguridad ha sido actualizada, añadiendo un par de secciones e incluyendo nada menos que 91 herramientas nuevas!
Actualmente la lista ya tiene 201 herramientas diferentes.
Como siempre cualquier ayuda es bien recibida.
Un saludo.
Publicar un comentario