Originally from Randy Marchany's post to ED-SEC 31 Oct 2006.

Vulnerability/Port Scanners

  • Nessus (mentioned in a previous note) is still the best even though their licensing has changed.
  • nmap - still the best of the port scanner, OS identification tools and builtin most Linux distros.
  • Active Ports - host based GUI version of netstat or lsof that attempts to map system processes to port listeners.

Configuration Tools

  • Center for Internet Security NG Tool/Benchmark for Windows - free from www.cisecurity.org. Provides a consensus benchmark and scanning
    tool that compares system settings with the benchmark. Provides a numeric score showing what % of your setting match the benchmark
  • Microsoft Baseline Security Analyzer v2.0 - scans local and remote systems and provides a nice report of system settings.
  • Belarc Advisor - similar to MBSA but harder to find these days
  • NSA security configuration guides
  • Bastille Linux

Exploit tools

  • Metasploit Framework - freeware suite of exploits and payloads for various platforms. Good to actually test your security.
  • Commercial pent test tools include CoreImpact and Canvas Immunity.
  • hping - command-line oriented TCP/IP packet assembler/analyzer

Web Application Security

  • Paros - excellent tool with spider capabilities, limited security scan capabilities, ability to freeze www transactions and allow for dynamic replacement of www strings. Also, does some minor cross site scripting tests.
  • WebScarab - available from www.owasp.org. Another good web security tool that allows you to replace session ID, cookie values to test web app security.

One Stop Shop

  • Backtrack (formerly Auditor) available from www.remote-exploit.org. This is the big daddy of toolkits. Standalone Knoppix implementation that contains most of the tools mentioned above plus a whole suite of password crackers, enumeration tools, wireless security tools and more. You need this suite to fully assess your assets.
  • No labels