EtherApe : EtherApe is a graphical network monitor for Unix modeled after etherman
Featuring link layer, IP and TCP modes, EtherApe displays network activity graphically with a color coded protocols display. Hosts and links change in size with traffic. It supports Ethernet, FDDI, Token Ring, ISDN, PPP and SLIP devices. It can filter traffic to be shown, and can read traffic from a file as well as live from the network.
Xprobe2 : Active OS fingerprinting tool
XProbe is a tool for determining the operating system of a remote host. They do this using some of the same techniques as Nmap as well as some of their own ideas. Xprobe has always emphasized the ICMP protocol in its fingerprinting approach.
OpenSSL : The premier SSL/TLS encryption library
The OpenSSL Project is a collaborative effort to develop a robust, commercial-grade, full-featured, and open source toolkit implementing the Secure Sockets Layer (SSL v2/v3) and Transport Layer Security (TLS v1) protocols as well as a full-strength general purpose cryptography library. The project is managed by a worldwide community of volunteers that use the Internet to communicate, plan, and develop the OpenSSL toolkit and its related documentation.
WebInspect : A Powerful Web Application Scanner
SPI Dynamics’ WebInspect application security assessment tool helps identify known and unknown vulnerabilities within the Web application layer. WebInspect can also help check that a Web server is configured properly, and attempts common web attacks such as parameter injection, cross-site scripting, directory traversal, and more.
Nbtscan : Gathers NetBIOS info from Windows networks
NBTscan is a program for scanning IP networks for NetBIOS name information (similar to what the Windows nbtstat tool provides against single hosts). It sends a NetBIOS status query to each address in a supplied range and lists received information in human readable form. For each responded host it lists IP address, NetBIOS computer name, logged-in user name and MAC address. The original nbtscan was written by Alla Bezroutchko. Steve Friedl has written an alternate implementation.
Ngrep : Convenient packet matching & display
ngrep strives to provide most of GNU grep’s common features, applying them to the network layer. ngrep is a pcap-aware tool that will allow you to specify extended regular or hexadecimal expressions to match against data payloads of packets. It currently recognizes TCP, UDP and ICMP across Ethernet, PPP, SLIP, FDDI, Token Ring and null interfaces, and understands bpf filter logic in the same fashion as more common packet sniffing tools, such as tcpdump and snoop.
Tripwire : The grand-daddy of file integrity checkers
A file and directory integrity checker. Tripwire is a tool that aids system administrators and users in monitoring a designated set of files for any changes. Used with system files on a regular (e.g., daily) basis, Tripwire can notify system administrators of corrupted or tampered files, so damage control measures can be taken in a timely manner. Traditionally an open souce tool, Tripwire Corp is now focused on their commercial enterprise configuration control offerings. An open source Linux version can still be found at SourceForge. UNIX users may also want to consider AIDE, which has been designed to be a free Tripwire replacement. Or you may wish to investigate Radmind, RKHunter, or chkrootkit. Windows users may like RootkitRevealer from Sysinternals.
Ntop : A network traffic usage monitor
Ntop shows network usage in a way similar to what top does for processes. In interactive mode, it displays the network status on the user’s terminal. In Web mode, it acts as a Web server, creating an HTML dump of the network status. It sports a NetFlow/sFlow emitter/collector, an HTTP-based client interface for creating ntop-centric monitoring applications, and RRD for persistently storing traffic statistics.
WebScarab : A framework for analyzing applications that communicate using the HTTP and HTTPS protocols
In its simplest form, WebScarab records the conversations (requests and responses) that it observes, and allows the operator to review them in various ways. WebScarab is designed to be a tool for anyone who needs to expose the workings of an HTTP(S) based application, whether to allow the developer to debug otherwise difficult problems, or to allow a security specialist to identify vulnerabilities in the way that the application has been designed or implemented.
Google : Everyone’s Favorite Search Engine
While it is far more than a security tool, Google’s massive database is a good mind for security researchers and penetration testers. You can use it to dig up information about a target company by using directives such as “site:target-domain.com” and find employee names, sensitive information that they wrongly thought was hidden, vulnerable software installations, and more. Similarly, when a bug is found in yet another popular webapp, Google can often provide a list of vulnerable servers worldwide within seconds. The master of Google hacking is Johny Long. Check out his Google Hacking Database or his excellent book: Google Hacking for Penetration Testers.
Written by