Qualche mese fa (aprile) su jeromiejackson.com è stato pubblicato un elenco di strumenti relativi alla sicurezza Open Source. I tools - catalogati per esperti nel settore - sono ben 100
Eccoli:
1
Stockade
Virtual Appliance with Snort, BASE, Inprotect, CACTI, NTOP & Others
2
Nessus
Open source vulnerability assessment tool
3
Snort
Intrusion Detection (IDS) tool
4
Wireshark
TCP/IP Sniffer- AKA Ethereal
5
WebScarab
Analyze applications that communicate using the HTTP and HTTPS protocols
6
Wikto
Web server assessment tool
7
BackTrack
Penetration Testing live Linux distribution
8
Netcat
The network Swiss army knife
9
Metasploit Framework
Comprehensive hacking framework
10
Sysinternals
Collection of windows utilities
11
Paros proxy
Web application proxy
12
Enum
Enumerate Windows information
13
P0F v2
Passive OS identification tool
14
IPPersonality
Masquerade IP Stack
15
SLAN
Freeware VPN utility
16
IKE Crack
IKE/IPSEC cracking utility
17
ASLEAP
LEAP cracking tool
18
Karma
Wireless client assessment tool- dangerous
19
WEPCrack
WEP cracking tool
20
Wellenreiter
Wireless scanning application
21
SiteDigger
Google hacking tool
22
Several DDOS Tools
Distributed Denial of Service(DDOS) tools
23
Achilles
Web Proxy Tool
24
Firefox Web Developer Tool
Manual web assessment
25
Scoopy
Virtual Machine Identification tool
26
WebGoat
Learning tool for web application pentests
27
FlawFinder
Source code security analyzer
28
ITS4
Source code security analyzer
29
Slint
Source code security analyzer
30
PwDump3
Dumps Windows 2000 & NT passwords
31
Loki
ICMP covert channel tool
32
Zodiac
DNS testing tool
33
Hunt
TCP hijacking tool
34
SniffIT
Curses-Based sniffing tool
35
CactiEZ
Network traffic analysis ISO
36
Inprotect
Web-based Nessus administration tool
37
OSSIM
Security Information Management (SIM)
38
Nemesis
Command-Line network packet manipulation tool
39
NetDude
TCPDump manipulation tool
40
TTY Watcher
Terminal session hijacking
41
Stegdetect
Detects stego-hidden data
42
Hydan
Embeds data within x86 applications
43
S-Tools
Embeds data within a BMP, GIF, & WAV Files
44
Nushu
Passive covert channel tool
45
Ptunnel
Transmit data across ICMP
46
Covert_TCP
Transmit data over IP Header fields
47
THC-PBX Hacker
PBX Hacking/Auditing Utility
48
THC-Scan
Wardialer
49
Syslog-NG
MySQL Syslog Service
50
WinZapper
Edit WinNT 4 & Win2000 log files
51
Rootkit Detective
Rootkit identification tool
52
Rootkit Releaver
Rootkit identification tool
53
RootKit Hunter
Rootkit identification tool
54
Chkrootkit
Rootkit identification tool
55
LKM
Linux Kernal Rootkit
56
TCPView
Network traffic monitoring tool
57
NMAP
Network mapping tool
58
Ollydbg
Windows unpacker
59
UPX
Windows packing application
60
Burneye
Linux ELF encryption tool
61
SilkRpoe 2000
GUI-Based packer/wrapper
62
EliteWrap
Backdoor wrapper tool
63
SubSeven
Remote-Control backdoor tool
64
MegaSecurity
Site stores thousands of trojan horse backdoors
65
Netbus
Backdoor for Windows
66
Back Orfice 2000
Windows network administration tool
67
Tini
Backdoor listener similar to Netcat
68
MBSA
Microsoft Baseline Security Analyzer
69
OpenVPN
SSL VPN solution
70
Sguil
An Analyst Console for network security/log Monitoring
71
Honeyd
Create your own honeypot
72
Brutus
Brute-force authentication cracker
73
cheops/ cheops-ng
Maps local or remote networks and identifies OS of machines
74
ClamAV
A GPL anti-virus toolkit for UNIX
75
Fragroute/Fragrouter
Intrusion detection evasion toolkit
76
Arpwatch
Monitor ethernet/IP address pairings and can detect ARP Spoofing
77
Angry IP Scanner
Windows port scanner
78
Firewalk
Advanced traceroute
79
RainbowCrack
Password Hash Cracker
80
EtherApe
EtherApe is a graphical network monitor for Unix
81
WebInspect
Web application scanner
82
Tripwire
File integrity checker
83
Ntop
Network traffic usage monitor
84
Sam Spade
Windows network query tool
85
Scapy
Interactive packet manipulation tool
86
Superscan
A Windows-only port scanner
87
Airsnort
802.11 WEP Encryption Cracking Tool
88
Aircrack
WEP/WPA cracking tool
89
NetStumbler
Windows 802.11 Sniffer
90
Dsniff
A suite of powerful network auditing and penetration-testing tools
91
John the Ripper
Multi-platform password hash cracker
92
BASE
The Basic Analysis and Security Engine- used to manage IDS data
93
Kismet
Wireless sniffing tool
94
THC Hydra
Network authentication cracker
95
Nikto
Web scanner
96
Tcpdump
TCP/IP analysis tool
97
L0phtcrack
Windows password auditing and recovery application
98
Reverse WWW Shell
Shell access across port 80
99
THC-SecureDelete
Ensure deleted files are unrecoverable
100
THC-AMAP
Application mapping tool
Fonte:
http://www.jeromiejackson.com/index.php/top-100-security-tools