SecTools

Fping : A parallel ping scanning program
fping is a ping(1) like program which uses the Internet Control Message Protocol (ICMP) echo request to determine if a host is up. fping is different from ping in that you can specify any number of hosts on the command line, or specify a file containing the lists of […]

Fport : Foundstone’s enhanced netstat
Fport reports all open TCP/IP and UDP ports on the machine you run it on and shows what application opened each port. So it can be used to quickly identify unknown open ports and their associated applications. It only runs on Windows, but many UNIX systems now provided this information via […]

Arpwatch : Keeps track of ethernet/IP address pairings and can detect certain monkey business
Arpwatch is the classic ARP man-in-the-middle attack detector from LBNL’s Network Research Group. It syslogs activity and reports certain changes via email. Arpwatch uses LibPcap to listen for ARP packets on a local ethernet interface.

These icons link to social bookmarking sites where […]

LSoF : LiSt Open Files
This Unix-specific diagnostic and forensics tool lists information about any files that are open by processes currently running on the system. It can also list communications sockets open by each process. For a Windows equivalent, check out Process Explorer from Sysinternals.

These icons link to social bookmarking sites where readers can share […]

Perl / Python / Ruby : Portable, general-purpose scripting languages
While many canned security tools are available on this site for handling common tasks, scripting languages allow you to write your own (or modify existing ones) when you need something more custom. Quick, portable scripts can test, exploit, or even fix systems. Archives like CPAN are […]

Ping/telnet/dig/traceroute/whois/netstat : The basics
While there are many whiz-bang high-tech tools out there to assist in security auditing, don’t forget about the basics! Everyone should be very familiar with these tools as they come with most operating systems (except that Windows omits whois and uses the name tracert). They can be very handy in a pinch, […]