Reading...
Play button
Play button
Use LEFT and RIGHT arrow keys to navigate between flashcards;
Use UP and DOWN arrow keys to flip the card;
H to show hint;
A reads text to speech;
188 Cards in this Set
- Front
- Back
|
Footprinting. An internet utility that returns information about the domain name and IP address.
|
Whois
|
|
|
Footprinting. A free network query tool. Whois, DNS Query and ZT, traceroute, email header analysis, ping, website download, abuse address query, finger. Runs on Windows.
|
Sam Spade
|
|
|
Footprinting. Inherent in Windows command line. Enables you to query DNS and performe zone transfers.
|
NSLookup
|
|
|
Allows you to look up all available information about an IP address, hostname, or domain, including country, state or province, city, name of network provider, administrator or tech support contact. Automatically delivers information associated with an IP address no matter where it is registered geographically.
|
Smart Whois
|
|
|
Footprinting. An e-mail analysis tool that allows you to track Internet e-mails back to the sender.tp://www.visualware.com/emailtrackerpro/index.html)
|
eMailTracking Pro
|
|
|
Footprinting. Reliably find out when your email gets opened, how long it gets read for, whether or not it gets forwarded to someone else or published on the internet, where the reader is located, and more.
|
MailTracking.com
|
|
|
Footprinting. Regional Internet Registries (RIR's) that manage, distribute, and register public IP's for regions. Online query tool enables users to find the address range of the network.
|
ARIN, APNIC, RIPE, LACNIC, (AFRINIC)
|
|
|
Footprinting/Route Determination. Unix/Linux tool that enables user to trace hops or computers between source and target computer. Increments TTL value in packets.
|
Traceroute
|
|
|
Footprinting/Route Determination. Windows tool that enables user to trace hops or computers between source and target computer. Increments TTL value in packets.
|
Tracert
|
|
|
Footprinting/Route Determination. Enhanced GUI-based Traceroute tool that provides more feedback regarding failed connections than typical traceroute programs. Features include printer and HTML output, a detailed whois display, continuous ping, instant browser access to nodes.
|
NeoTrace
|
|
|
Footprinting/Route Determination. Gui-based Traceroute tool. Tabbed GUI, traceroute, ping, reverse DNS query, IP Location reporting, network provider reporting, domain whois lookups, browser integration, email address tracing, ICMP traceroutes.
|
Visual Route
|
|
|
Footprinting/Route Determination. Monitors connections to open ports and alerts you to suspicious activity. Allows specific ports, domain names or IP addresses to be singled out for scrutiny and tracking. Identifies which country the connection to your computer is coming from. A real-time “Netstat” that also provides history and a rich set of features to help locate unwelcome visitors.
|
Visual Lookout
|
|
|
Scanning. A project that monitors end-to-end performance of Internet links using ICMP Echo (Ping).
|
Pinger
|
|
|
Scanning. Network diagnosis tool using SNMP, ICMP and other methods. Verify connectivity to a specific device, quantitatively test data connections, trace path to network host, obtain information on hostnames/IP's, view summary info about a network host or device, including official hostname, IP address, and contact info. View SNMP values as well as Windows domains, hosts, and ws's, and search LDAP.
|
WS_Ping_Pro
|
|
|
Scanning. Network diagnosis tool using SNMP, ICMP and other methods. DNS checking via Nslookup, advanced whois and rwhois query tool, ping sweep, netbios share detection, SNMPv1v2 tools, port scanner, DHCP server discovery, IP packet viewer, email address validation, subnet calculator.
|
Netscan Tools Pro 2000
|
|
|
Scanning. Command-line oriented TCP/IP packet assembler/analyzer. Used to traceroute/ping/probe hosts behind a firewall that blocks attempts using the standard utilities. Supports TCP, UDP, ICMP and RAW-IP protocols, has a traceroute mode, the ability to send files between a covered channel. Also, Firewall testing, Advanced port scanning, using different protocols, TOS, fragmentation, Manual path MTU discovery, Advanced traceroute, Remote OS fingerprinting, Remote uptime guessing, TCP/IP stacks auditing.
|
Hping2
|
|
|
Scanning. Host enumeration tool; uses ICMP Echo packets to probe networks, AND ICMP Timestamp and ICMP Information packets as well. Supports spoofing and promiscuous listening for reply packets.
|
Icmpenum
|
|
|
Scanning. Website that reports a site's OS, web server, and netblock owner and, if available, a graphical view of the time since last reboot for each of the computers serving the site.
|
netcraft.com
|
|
|
Scanning. A W2k and XP TCP port scanner that can do SYN, FIN, Null and Xmas scans.
|
IPEye
|
|
|
Scanning. A Windows tool that can scan either a single IP address or a range of IP addresses looking for systems that are IPSec enabled.
|
IPSECSCAN
|
|
|
Scanning. A free open source utility for network exploration or security auditing. Designed to rapidly scan large networks, although it works fine against single hosts. Uses raw IP packets in novel ways to determine what hosts are available on the network, what services (application name and version) those hosts are offering, what operating systems (and OS versions) they are running, what type of packet filters/firewalls are in use, and dozens of other characteristics. Runs on most types of computers and both console and graphical versions are available. Free and open source.
|
Nmap
|
|
|
Scanning. Allows you to download a World Wide Web site from the Internet to a local directory, building recursively all directories, getting HTML, images, and other files from the server to your computer. Arranges the original site's relative link-structure. Simply open a page of the "mirrored" website in your browser, and you can browse the site from link to link, as if you were viewing it online. Can also update an existing mirrored site, and resume interrupted downloads.
|
HTTrack Web Copier
|
|
|
Scanning. Remote OS detector. Sends obscure TCP packets to determine remote OS. Fully configurable. Runs on Linux, Solaris and probably any OS with libpcap support.
|
Queso
|
|
|
Scanning. A Network management tool for mapping and monitoring your network. It has host/network discovery functionality as well as OS detection of hosts. Has the ability to probe hosts to see what services they are running. On some services, it is actually able to see what program is running for a service and the version number of that program.
|
Cheops
|
|
|
Scanning. A program that allows to work with any Internet service through a chain of SOCKS or HTTP proxies to hide the real IP-address. Can function as a usual SOCKS-server that transmits queries through a chain of proxies. Can be used with client programs that do not support the SOCKS protocol, but work with one TCP-connection, such as TELNET, HTTP, IRC... (FTP uses 2 connections). And your IP-address will not be seen in the server's logs or mail headers;
|
SocksChain
|
|
|
Scanning. Allows you to bypass an HTTP proxy to use e-mail, IRC, ICQ, news, FTP, AIM, any SOCKS capable software, etc.
|
HTTPort
|
|
|
Scanning. The act of using a modem to dial every telephone number in a local area to find out where computers are available, then attempting to access them by guessing passwords.
|
War Dialing
|
|
|
Scanning. Uses a modem to dial a range of telephone numbers to find carriers, PBX's, voice mail boxes, and so on. Although this program is a DOS program, it can be successfully run on a range of UNIX-based systems, using a DOS emulator such as Dosemu.
|
THC-Scan
|
|
|
Scanning. Commercial wardialer. Supports and identifies MS-Chap v2. A robust, multi-line scanner. Can operate in 3 modes, connect identify and penetrate.
|
PhoneSweep
|
|
|
Enumeration. A security auditing program for Microsoft Windows® NT/XP/200x. It dumps the permissions (DACLs) and audit settings (SACLs) for the file system, registry, printers and shares in a concise, readable format, so that holes in system security are readily apparent. DumpSec also dumps user, group and replication information.
|
DumpSec
|
|
|
Enumeration. The intention of this package is to perform various security checks on remote servers running NetBIOS file sharing services. It is designed to explore the NETBIOS file-sharing services offered by the target system. It implements a stepwise approach to gather information and attempt to obtain file system-level access as though it were a legitimate local client.
|
NAT (NetBIOS Auditing Tool)
|
|
|
Enumeration/SNMP. A command line utility (included with Windows resource kits) that allows the querying of MIB information from a network device. While it supports GET/GETNEXT and WALK, most people use it to GET information and to WALK OID trees. Can access the SNMP OID and get the information you want from a command line.
|
SNMPUtil
|
|
|
Enumeration/SNMP. SNMP enumeration and management tool
|
SolarWinds (IP Network Browser)
|
|
|
Enumeration/Windows. A command line interface to a WIN32 function LookupAccountName.
|
User2SID
|
|
|
Enumeration/Windows. A command line interface to a WIN32 function LookupSidName.
|
SID2User
|
|
|
Enumeration/Windows. Combines allmost all possible attacks against NETBIOS (users and computers - shares - password policy). It establishes a NETBIOS Null Session and keeps it open during the attack. Based on dictionaries or given values this tool will try to guess passwords.
|
Enum
|
|
|
Enumeration/Windows. A small command line function that retrieves all available information about any know user from any NT/Win2k system that you can hit 139 on. Returns standard info like SID, Primary group, logon restrictions, etc., but it also dumps special group information, pw expiration info, pw age, smartcard requirements, and lots of other stuff. Works as a null user, even if the system has RA set to 1 to specifically deny anonymous enumeration.
|
UserInfo
|
|
|
Enumeration/Windows. Sidesteps "RestrictAnonymous=1" and acquires account information on Windows NT/2000 machines. Shows the information that leaks by opening an anonymous login and showing the following information: An enumeration of user IDs, account names and full names, Password age, User groups the user is a member of, Account type, Whether the account is disabled or locked, Password policies, Last logon time, Number of logons, Bad password count, Quotas
|
GetAcct
|
|
|
System Hacking. NetBIOS scanner which can enumerate NetBIOS file shares across large ranges of IP addresses. Also provides a brute force password cracking component which can be directed against a single NetBIOS file share.
|
Legion
|
|
|
System Hacking. Allows you to scan an NT machine for information concerning its configuration, including ftp services, telnet services, web services, system account information, file systems and permissions.
|
NTInfoScan
|
|
|
System Hacking. Provides insight into the NT event logs to assess the activity of a distributed network more accurately and efficiently
|
VisualLast
|
|
|
System Hacking. A password auditing and recovery application. used to test password strength and sometimes to recover lost Microsoft Windows passwords, by using dictionary, brute-force, and hybrid attacks. It was one of the crackers' tools of choice, although most use old versions because of its price and low availability.
|
L0phtCrack
|
|
|
System Hacking. Consists of two programs. The sniffer listens on the network and captures Windows 2000/XP Kerberos logins. The cracker can be used to find the passwords from the capture file using a brute force attack or a dictionary attack.
|
KerbCrack
|
|
|
System Hacking/Privilege Escalation. Allows any normal user to join the administrator group.
|
GetAdmin
|
|
|
System Hacking/Privilege Escalation. Takes advantage of the Server Message Block (SMB) file sharing protocol. It collects NTLM password hashes and writes them to hashes.txt in a format usable by L0phtcrack so the passwords can be cracked later. It is an SMB man-in-the-middle attack.
|
SMBRelay/SMBRelay2
|
|
|
System Hacking/Privilege Escalation. Attempts to determine a user password by actually trying to log on to a computer remotely using SAMBA (the SMB protocol).
|
SMBGrinder
|
|
|
System Hacking/Privilege Escalation. Tool that crashes Windows machines with Netbios enabled by sending a specially crafted SMB request. Tested against Windows NT/2k/XP/.NET RC1.
|
SMBDie
|
|
|
System Hacking/Privilege Escalation. Rregisters a NetBIOS computer name on the network and is ready to respond to NetBT name-query requests. Works nicely with SMBRelay. Helps to resolve IP address from NetBIOS computer name. Similar to Proxy ARP.
|
NBTDeputy
|
|
|
System Hacking/Privilege Escalation. Decodes and displays all NetBIOS name packets it receives on UDP port 137.
|
Nbname
|
|
|
System Hacking/Privilege Escalation. A fast password cracker, currently available for many flavors of Unix, Windows, DOS, BeOS, and OpenVMS. Its primary purpose is to detect weak Unix passwords. Besides several crypt(3) password hash types most commonly found on various Unix flavors, supported out of the box are Kerberos AFS and Windows NT/2000/XP/2003 LM hashes, plus several more with contributed patches.
|
John the Ripper
|
|
|
System Hacking/Keystroke Loggers. Keylogger software. Records emails, chats, IM, web sites visited, keystrokes, programs launched, PTP file sharing, screen snapshots, and passwords.
|
Spector
|
|
|
System Hacking/Keystroke Loggers. Small tool which detects and removes the installed surveillance tool Spector.
|
AntiSpector
|
|
|
System Hacking/Keystroke Loggers. Keylogger software. Captures emails and immediately forwards them to you. Also captures both sides of chat conversations, IM's, keystrokes typed, applications launched, and websites visited – then sends you a detailed activity report every hour.
|
EBlaster
|
|
|
System Hacking/Keystroke Loggers. Keylogger software that allows you to remotely control/monitor your PC via a web browser. Allows you to view system activity and user actions in real time, shutdown/restart, lockdown/freeze, and browse the file system of a remote PC.
|
SpyAnywhere
|
|
|
System Hacking/Keystroke Loggers. A desktop activity logger that is powered by a kernel mode driver. This driver enables it to run silently at the lowest level of windows 2000/XP operating systems. Extremely difficult to detect, primarily because of it's steath surveillance methods.
|
IKS Software Logger
|
|
|
System Hacking/Checksum. Checksum utility that automatically verifies data and file integrity against a known good source file stored in a database and quickly notifies you of changes.
|
Tripwire
|
|
|
System Hacking/Covering Tracks. A command-line tool that enables the user to modify the audit policy of the local computer or of any remote computer. To run it, the user must have administrator privileges on the target computer.
|
Auditpol
|
|
|
System Hacking/Covering Tracks. Deletes all the logs in the nt/2k machine so any audits taken are removed from the machine.
|
Elslave
|
|
|
System Hacking/Covering Tracks. Lets you erase event records selectively from the Security Log in Windows NT 4.0 and Windows 2000.
|
Winzapper
|
|
|
System Hacking/Covering Tracks. Purges local sensitive info from system; covers tracks typically accessible through EnCase-type Forensics analysis.
|
Evidence Eliminator
|
|
|
System Hacking/Covering Tracks. Allows data to be stored in hidden files that are linked to a normal visible file. Streams are not limited in size and there can be more than one stream linked to a normal file. Streams are almost completely hidden and represent possibly the closest thing to a perfect hiding spot on a file system - something trojans can and will take advantage of. Streams can easily be created/written to/read from, allowing any trojan or virus author to take advantage of a hidden file area. Streams are easily be used, and only found with specialized software.
|
NTFS File Streaming
|
|
|
System Hacking/Covering Tracks. Moves data from a commandline-specified file into a hidden Alternate Data Stream attached to the original.
|
makestrm
|
|
|
Steganography. Hide loads of text in images; Simple encrypt and decrypt of data
|
ImageHide
|
|
|
Steganography. Hides information in MP3 files during the compression process.
|
MP3Stego
|
|
|
Steganography. Conceals messages in ASCII text by appending whitespace to the end of lines.
|
Snow
|
|
|
Steganography. Detects data at the end of image files hidden with tools like appendX or camouflage.
|
StegDetect
|
|
|
Steganography. Sector editor for Windows 2000. Allows a user with local Administrator rights to directly edit, save, and copy data on the physical hard drive that is not accessible in any other way.
|
Dskprobe
|
|
|
Steganography. Lists the users who have ordinary decryption keys or recovery keys for an EFS encrypted file.
|
EFSView
|
|
|
System Hacking/Buffer Overflows. Exploit for Outlook / Outlook Express GMT Field Buffer Overflow Vulnerability
|
Outoutlook
|
|
|
Trojans and Backdoors. Malicious code spreads within a network of shared computer systems, infecting the Notepad.exe file.
|
QAZ
|
|
|
Trojans and Backdoors. 3 kilobyte trojan written in Assembly. It uses telnet as its client. Uses cmd.exe to run commands received on port 7777.
|
Tini
|
|
|
Trojans and Backdoors. Utility that is able to write and read data across TCP and UDP network connections.
|
Netcat
|
|
|
Trojans and Backdoors. A powerful remote control system for workstations running Windows 95, 98 or NT 4.0. Implemented to replace well-known trojans, and to be invisible for existing antiviruses. File system - full access: browse, create, remove directories; erase, rename, copy, upload, download files; set date/time of file. Processes and threads: browse, terminate; run programs; additionally for processes - set priority; for threads - suspend, resume. Registry - full access: browse, create, remove keys and values; set values. System: get/set system time (you can perform Y2K compliance test ;) ); shutdown/logoff/reboot/power off; query system info, query/set system parameters. Windows: get list of windows; query and set system colors; get screenshot or the shot for particular window; send messages to window.
|
Donald Dick
|
|
|
Trojans and Backdoors. Goes beyond NetBus, including: File controls, Monitoring, Network control.
|
SubSeven
|
|
|
Trojans and Backdoors. Trojan, whose communication port is 31337.
|
BackOrifice 2000
|
|
|
Trojans and Backdoors. Allows a remote user to access and control your machine by way of its Internet link.
|
NetBus
|
|
|
Trojans and Backdoors. An .exe wrapper to facilitate remote installation of Back Orifice server and execution of specified applications. Binds a BO installer with any program to create a single file.
|
Silk Rope 2000
|
|
|
Trojans and Backdoors. Used to pack various Trojan files together into a single executable.
|
EliteWrap
|
|
|
Trojans and Backdoors. IRC backdoor
|
IconPlus
|
|
|
Trojans and Backdoors. Increases the Trojan qualities of Netbus and others, by giving the user an incentive to run the program.
|
Whack a Mole
|
|
|
Trojans and Backdoors. BackOrifice trojan detecter that is a trojan itself. Distributed as a cure for Back Orifice infections.
|
BoSniffer
|
|
|
Trojans and Backdoors. Malware that disables AV and software firewalls.
|
FireKiller 2000
|
|
|
Trojans and Backdoors. Backdoor working through any firewall which has got the security policy to allow users to surf the WWW.
|
Reverse WWW Shell:
|
|
|
Port Monitoring. Reports all open TCP/IP and UDP ports and maps them to the owning application. Same information you would see using the “netstat -an” command, but it also maps those ports to running processes with the PID, process name and path. Can be used to quickly identify unknown open ports and their associated applications.
|
FPort
|
|
|
Port Monitoring. A Windows program that displays all active TCP and UDP endpoints on your system, indicating which process is associated with each local and remote IP address and relaying continuous, detailed real-time data on system's TCP/IP activity.
|
TCPView
|
|
|
Port Monitoring. Lists the current processes in your Windows system and which ports they listen on. Written to work on Windows NT and Windows 9x.
|
Inzider
|
|
|
Port Monitoring. Destructive virus affecting MS-DOS computers. This virus infects the boot sector, then hides itself by marking unused blocks on floppy or hard disks as bad.
|
Hard Disk Killer
|
|
|
Man In The Middle. A collection of tools for network auditing and penetration testing. Some modules passively monitor a network for interesting data (passwords, email, files, etc.) and others facilitate the interception of network traffic normally unavailable to an attacker(due to layer-2 switching). Others implement active monkey-in-the-middle attacks against redirected SSH and HTTPS sessions by exploiting weak bindings in ad-hoc PKI.
|
Dsniff
|
|
|
Sniffers. A protocol analyzer. Has all of the standard features of a protocol analyzer. Functionality is very similar to tcpdump, but it has a GUI front-end, and many more information sorting and filtering options. Allows user to see all traffic being passed over the network (usually an Ethernet network but support is being added for others) by putting the network card into promiscuous mode. Runs on most Unix and Unix-compatible systems, including Linux, Solaris, FreeBSD, NetBSD, OpenBSD, Mac OS X and Windows.
|
Ethereal
|
|
|
Sniffers. An open source network intrusion prevention and detection system utilizing a rule-driven language, which combines the benefits of signature, protocol and anomaly based inspection methods.
|
Snort
|
|
|
Sniffers. The Windows version of tcpdump, the command line network analyzer for UNIX. Fully compatible with tcpdump and can be used to watch, diagnose and save to disk network traffic according to various complex rules. It can run under Windows 95, 98, ME, NT, 2000, XP, 2003 and Vista.
|
WinDump
|
|
|
Sniffers. Performs traffic monitoring and packet capture. Can decode over 1,000 protocols, but support is limited to Ethernet networks. Packet information can be viewed without stopping the capture, and statistics are updated in real time. Traffic capture can be customized with triggers, alarms, and filters. Triggers can be set off by a time event or by network traffic. Alarms warn you of abnormalities in LAN activity, such as bottlenecks, when traffic deviates from a specified limit.
|
EtherPeek
|
|
|
Sniffers. Floods a switched network with Ethernet frames with random hardware addresses. The effect on some switches is that they start sending all traffic out on all ports so you can sniff all traffic on the network.
|
EtherFlood
|
|
|
Sniffers. Freeware program for reporting the URLs loaded by both Internet Explorer and Netscape Navigator in real time.
|
Webspy
|
|
|
Sniffers. A suite for man in the middle attacks on LAN. It features sniffing of live connections, content filtering on the fly and many other interesting tricks. It supports active and passive dissection of many protocols (even ciphered ones) and includes many feature for network and host analysis.
|
Ettercap
|
|
|
Sniffers. Windows MAC Address Modifying Utility
|
SMAC
|
|
|
Sniffers. Utility for viewing/manipulating the MAC addresses of network interfaces
|
MAC Changer
|
|
|
Sniffers. A simple DNS ID Spoofer for Windows 9x/2K
|
WinDNSSpoof
|
|
|
Sniffers. Easy to use password sniffer for Windos 95/98/NT/2000. Allows network administrators to capture passwords of any network user. Monitors incoming and outgoing network traffic and decodes FTP, POP3, HTTP, ICQ, SMTP, Telnet, IMAP, and NNTP usernames and passwords. Has advanced, integrated technology that allows it to reconstruct network traffic in a format that is simple to use and understand. Will reconstruct each of those packets individually. Thus, capturing a clear and concise image of the integrity of an organizations entire network.
|
WinSniffer
|
|
|
Sniffers. Allows you to ‘sniff’ and record network traffic, then completely reconstruct the data into its original format.
|
IRIS
|
|
|
Sniffers. Captures whole packets (not just headers), and archives that traffic for future analysis. Reconstructs sessions, and uses heuristic traffic analysis to detect spoofing and non-standard port usage, unwraps compressed files, reconstructs files sent over the network, and searches for key words and phrases. Maintains a database of session data, powerful search tools for investigation and analysis, graphs and reports, and access to all the reconstructed files. Raw packet-by-packet data available as well.
|
NetIntercept
|
|
|
Sniffers. An OpenSource implementation of a set of tests for remote sniffers detection in TCP/IP network environments. Implements various tests for the detection of machines running in promiscuous mode or with a sniffer. Also provides ICMP test, ARP test, DNS test, LATENCY test.
|
SniffDet
|
|
|
Sniffers. A TCP connection killer for Windows 9x/2K.; requires the ability to use a sniffer to sniff incoming/outgoing traffic of the target. If you are in a switched network you can to bypass the switching capabilities by using an ARP Cache Poisoning tool like winarp_sk or winarp_mim
|
WinTCPKill
|
|
|
DOS/Ping of Death. A program that can freeze any computer connected to the Internet or on a network running Windows 95, Windows NT, and older versions of the MacOS that are not behind a firewall that blocks ICMP (Internet Control Message Protocol) data packets.
|
SSPing
|
|
|
DOS/Ping of Death. Sending a packet to a machine with the source host/port the same as the destination host/port crashes a lot of boxes.
|
Land
|
|
|
DOS/Ping of Death. Attack uses a forged ICMP (InternetControl Message Protocol) echo request.
|
Smurf
|
|
|
DOS/Ping of Death. A Denial of Service (DOS) attack that completely disables networking on many Win95 and WinNT machines.
|
Win Nuke
|
|
|
DOS/Ping of Death. Variant of the Ping-of-Death attack. It sends an IP fragment that beyond the maximum length of a legal IP packet.
|
Jolt2
|
|
|
DOS/Ping of Death. DoS on Windows systems. Sends TCP packets with bad header. As a result, CPU graph stays over 90% in the kernel.
|
Bubonic
|
|
|
DOS/Ping of Death. Freeware. It integrates bonk, jolt, land, nestea, netear, syndrop, teardrop, and winnuke into one multi-platform DoS attack.
|
Targa
|
|
|
Dos/DDoS. Not a virus, but an attack tool released in late December 1999 that performs a distributed Denial of Service attack.
|
Trinoo
|
|
|
Dos/DDoS. Made up of client and daemon programs, which implement a distributed network denial of service tool capable of waging ICMP flood, SYN flood, UDP flood, and Smurf style attacks, as well as providing an "on demand" root shell bound to a TCP port.
|
TFN
|
|
|
Dos/DDoS. Designed to launch coordinated denial-of-service attacks from many sources against one or more targets simultaneously. Includes features designed specifically to make its traffic difficult to recognize and filter, to remotely execute commands, to obfuscate the true source of the traffic, to transport its traffic over multiple transport protocols including UDP, TCP, and ICMP, and features to confuse attempts to locate other nodes by sending "decoy" packets. Designed to work on various UNIX and UNIX-like systems and Windows NT. Obfuscates the true source of attacks by spoofing IP addresses. In networks that employ ingress filtering, it can forge packets that appear to come from neighboring machines. Can flood networks by sending large amounts of data to the victim machine. Includes attacks designed to crash or introduce instabilities in systems by sending malformed or invalid packets.
|
TFN2K
|
|
|
Dos/DDoS. Became available in 1999. A network of this type looks conceptually similar to a trinoo; it is a packet flooding attack and the client controls the size of the flooding packets and duration of the attack. One interesting signature of this DDOS tool is that the sequence number for all TCP packets is 0x28374839.
|
Shaft
|
|
|
Dos/DDoS. Tool consists of a handler and an agent portion, much like previously known DDOS tools such as Trinoo. Handler can be controlled remotely by one or more intruders using a password-protected interactive login to a running handler. Simple commands issued to the handler cause instructions to be sent to agents deployed on compromised systems. The communications between intruder and handler, and the handler and agents, are configurable at compile time and have varied significantly from incident to incident. The default protocol and destination socket numbers in source code recently released to the public are 6723/tcp -> handler (intruder), 7983/udp -> agent (handler), and 9325/udp -> handler (agent).
|
Mstream
|
|
|
Dos/DDoS. A third generation network security analysis tool that operates under Unix, Linux, MAC OS/X or Windows (through coLinux) OS'. Integrates the National Vulnerability Database (NVD). Can adapt to many firewalled environments. Supports remote self scan and API facilities. Based on the SATAN model
|
SARA (Security Auditor's Research Assistant)
|
|
|
Dos/DDoS. A remote scanner for the most common Distributed Denial of Service programs (Zombies). Will detect Trinoo, Stacheldraht and Tribe Flood Network programs running with their default settings, although setup of each program type is possible from the configuration screen. Scanning is performed by sending the appropriate UDP and ICMP messages at a controlable rate to a user defined range of addresses.
|
DdoSPing
|
|
|
Dos/DDoS. Uses intrusion fingerprints to track down compromised hosts. It is capable of remotely detecting Stacheldraht, TFN, and Trinoo if the attacker did not change the default ports.
|
RID Remote Intrusion Detector
|
|
|
Dos/DDoS. A free, open source tool that can tell a zombie system flooding packets to stop flooding. Works against Trinoo (including the Windows Trinoo agent), TFN, Stacheldraht, and Shaft. It does assume various defaults used by these attack tools are still in place, but allows you to put the zombies to sleep.
|
Zombie Zapper
|
|
|
Session Hijacking. A network sniffer that can also be used to hijack TCP sessions.
|
Juggernaut
|
|
|
Session Hijacking. Sniffer/Session Hijacker that includes a handy ARP cache poisoning feature specifically designed to disable the isolation normally provided by Ethernet switches
|
Hunt
|
|
|
Session Hijacking. A utility program that monitors and controls users on a single system. The program can share an existing, in-use tty so that when the user types something into the monitored window, the information will also appear on the
|
TTYWatcher
|
|
|
Session Hijacking. A network tool that can control any login session on a network by performing session hijacking
|
IP Watcher
|
|
|
Session Hijacking. Advanced intrusion investigation and response tool to monitor network connections in real-time. Real time monitoring, reporting and graphing, active countermeasures, alarms, and filters.
|
T-Sight
|
|
|
Hacking Web Servers. Exploit c code for hacking Win2K IIS servers
|
Jill32
|
|
|
Hacking Web Servers. IIS 5.0 remote win32 exploit for the null.printer buffer overflow.
|
IIS5-Koei
|
|
|
Hacking Web Servers. Printer overflow exploit, like IIS-Koei.
|
IIS5Hack
|
|
|
Hacking Web Servers. Web site traffic analysis software
|
LogAnalyzer
|
|
|
Hacking Web Servers. Used to view the SAM file on a server which is vulnerable to a certain IIS hole.
|
IISExploit
|
|
|
Hacking Web Servers. Unicode vulnerability exploit script
|
UnicodeUploader.pl
|
|
|
Hacking Web Servers. An interactive ASP page command prompt that will show you how vulnerable your IIS web server is to the IUSR_COMPUTER, IWAM_COMPUTER and SYSTEM user accounts. It runs in the context of the web server as a standard ASP page, and simulates a backdoor to any IIS web server.
|
cmdasp.asp
|
|
|
Hacking Web Servers. Backdoor allowing upload via http.
|
IISCrack.dll
|
|
|
Hacking Web Servers. IIS privilege escalation tool-- makes use of the IIS 5.0 + SP0 (SP1, SP2)
|
ispc.exe
|
|
|
Hacking Web Servers. Windows software patch management tool that helps you secure your systems by remotely managing service packs and hotfixes.
|
UpdateExpert
|
|
|
Hacking Web Servers. Resource Kit Utility for changing permissions
|
Cacls utility
|
|
|
Hacking Web Servers. A Very stealthy CGI scanner that is scriptable.
|
Whisker
|
|
|
Hacking Web Servers. HTTP security scanning tool.
|
N-Stealth Scanner
|
|
|
Hacking Web Servers. Comprehensive and intuitive Web application scanner.
|
WebInspect
|
|
|
Hacking Web Servers. Designed to identify known and unknown vulnerabilities, suggest fixes to identified vulnerabilities, and report possible security holes within a network's internet, intranet, and extranet environments
|
Shadow Security Scanner
|
|
|
Web App Vulnerabilties. A text browser for the World Wide Web. Rruns on Un*x, VMS, Windows 95/98/NT, DOS386+ but not 3.1, 3.11, or OS/2 EMX.
|
Lynx
|
|
|
Web App Vulnerabilties. A free software package for retrieving files using HTTP, HTTPS and FTP, the most widely-used Internet protocols.
|
Wget
|
|
|
Web App Vulnerabilties. A common name used for rogue Java applets available in the WWW.
|
Black Widow
|
|
|
Web App Vulnerabilties. Web application security auditing tool. It is not just one application, it is a complete toolbox of applications that come together to let you do some unique things. Focuses only on trying to give auditors the tools they need to manually disassemble the web application by hand and to efficiently test it in any manner they can conceive.
|
WebSleuth
|
|
|
Web App Vulnerabilties. Taking over a session via stealing a session cookie.
|
Cookie Stealing
|
|
|
Web App Vulnerabilties. Remotely controls Internet Explorer using DCOM. Captures data sent and received using Internet Explorer. Even on SSL encrypted websites (e.g. Hotmail), it can capture user ID and password in plain text.
|
IEEN
|
|
|
Web Based Password Cracking. An HTTPS Man in the Middle attacking tool. It includes FakeCert, a tool to make fake certificates (like the DCA of sslmim found in Phrack 57). It can be used to exploit the Certificate Chain vulnerability in Internet Explorer. The tool works under Windows 9x/2000.
|
WinSSLMiM
|
|
|
Web Based Password Cracking. This program exploits a rather large hole in web site authentication methods. Password protected websites can be easily brute-force hacked, because there is no set limit on the number of time an incorrect password or User ID can be tried.
|
WebCracker
|
|
|
Web Based Password Cracking. Flexible remote password cracker.
|
Brutus
|
|
|
Web Based Password Cracking. Brute force authentication attack against Webserver with authentication requests.
|
ObiWan
|
|
|
Web Based Password Cracking. A utility utilizing the HTTP protocol to brute force into any login mechanism/system that requires a username and password, on a web page (or HTML form).
|
Munga Bunga
|
|
|
Web Based Password Cracking. A tool for transferring files with URL syntax, supporting FTP, FTPS, HTTP, HTTPS, GOPHER, TELNET, DICT, FILE and LDAP. Supports HTTPS certificates, HTTP POST, HTTP PUT, FTP uploading, kerberos, HTTP form based upload, proxies, cookies, user+password authentication, file transfer resume, http proxy tunneling and a busload of other useful tricks.
|
CURL
|
|
|
Web Based Password Cracking. Taking over a session via stealing a session cookie.
|
Stealing Cookies
|
|
|
Web Based Password Cracking. A custom explorer bar. This extension was created for the monitoring of cookie activity and for the possibility to add and edit cookies.
|
CookieSpy
|
|
|
Web Based Password Cracking. Displays cookie information.
|
ReadCookies
|
|
|
Web Based Password Cracking. Pulls passwords from cookies.
|
SnadBoy
|
|
|
SQL Injection. A dictionary attack tool for SQL Server
|
SQLDict
|
|
|
SQL Injection. SQL Server password brute force tool.
|
SQLExec
|
|
|
SQL Injection. A password guesser, designed to try to break through a password system by guessing millions of passwords until it gets the correct one. Can set up the password guesser directly on the machine to try to log in to the network, and let it run until it does. That way, admin traces attempts back to legitimate machine.
|
SQLbf
|
|
|
SQL Injection. A UNIX Based Remote Command Execution for MSSQL.
|
SQLSmack
|
|
|
SQL Injection. MSSQL Server 2000 SP0 - SP2 remote exploit which uses UDP to overflow a buffer and send a shell to tcp port 53. Windows binary, C++ source code.
|
SQL2.exe
|
|
|
Wireless Hacking. A tool for Windows that facilitates detection of Wireless LANs using the 802.11b, 802.11a and 802.11g WLAN standards. A trimmed-down version is available for Windows CE. Used for wardriving, verifying network configurations, finding locations with poor coverage in one's WLAN, detecting causes of wireless inteference, detecting unauthorized ("rogue") access points, and aiming directional antennas for long-haul WLAN links.
|
NetStumbler
|
|
|
Wireless Hacking. A Linux utility (using GTK+) for decrypting WEP encryption. A Windows port also exists.
|
AirSnort
|
|
|
Wireless Hacking. Performs packet analysis of IEEE 802.11 wireless LANs in support of security audits, site surveys, network management, and troubleshooting. Rich security auditing features, broad protocol support, and flexible packet filtering.
|
AiroPeek
|
|
|
Wireless Hacking. A PASSIVE network detector, packet sniffer, and intrusion detection system for 802.11 wireless LANs. Will work with any wireless card which supports raw monitoring mode, and can sniff 802.11b, 802.11a and 802.11g traffic. The program runs under Linux, FreeBSD, NetBSD, OpenBSD, and Mac OS X. The client can also run on Windows, although a drone is the only compatible packet source.
|
Kismet
|
|
|
Wireless Hacking. IDS system for 802.11 that guards an AP(s) and Monitors local frequencies for potentially malevolent activity. It detects scans, association floods, and bogus/Rogue AP's. It can easily be integrated with SNORT or RealSecure.
|
WIDZ- Wireless IDS
|
|
|
Linux Hacking. A third-generation security analysis tool that is based on the SATAN model.
|
SARA (Security Auditor's Research Assistant)
|
|
|
Linux Hacking. A set of scripts that scan a Un*x system looking for security problems.
|
TARA
|
|
|
Buffer Overflows. A compiler that emits programs hardened against "stack smashing" attacks. Uses canaries.
|
StackGuard
|
|
|
Buffer Overflows. A family of tools designed to enhance system integrity by hardening system components and platforms against security attacks. Secures a Linux OS and applications. Works by hardening existing software components and platforms so that attempts to exploit security vulnerabilities will fail safe, i.e. the compromised process halts instead of giving control to the attacker, and then is restarted. The software components are effectively "laminated" with technologies to harden them against attack.
|
Immunix
|
|
|
Novell Hacking. Checks for users that have no password. For both Netware 3.x and 4.x.
|
Chknull
|
|
|
Novell Hacking. Simple bruteforce hacker for Novell.
|
nwpcrack
|
|
|
Novell Hacking. Tools for the opening of Novell's Netware Directory Services.
|
Pandora
|
|
|
Novell Hacking. UserDump simply lists all users in the Bindery.
|
userdump
|
|
|
Novell Hacking. Novell hacking and cracking tool.
|
Bindery/BinCrack
|
|
|
Novell Hacking. NLM which will create supervisor account from server.
|
Burglar
|
|
|
Novell Hacking. TSR program for recording typed passwords.
|
Getit
|
|
|
Novell Hacking. Popular Packet Sniffers for Ethernet networks.
|
Gobbler
|
|
|
Novell Hacking. Brute force cracker.
|
Kock
|
|
|
Novell Hacking. Brute force cracker
|
NOVELBFH
|
|
|
Novell Hacking. Emulates a fake Novell file server.
|
Novelffs
|
|
|
Novell Hacking. Resets any user password, including that of supervisor.
|
SETPWD.NLM
|
|
|
Novell Hacking. Login spoofing utility for all versions of NetWare.
|
Spooflog
|
|
|
IDS, Firewalls, and Honeypots. An open source network intrusion prevention and detection system utilizing a rule-driven language, which combines the benefits of signature, protocol and anomaly based inspection methods. The most widely deployed intrusion detection and prevention technology worldwide and has become the de facto standard for the industry.
|
Snort
|
|
|
IDS, Firewalls, and Honeypots. A network intrusion detection evasion toolkit. It implements most of the attacks described in the Secure Networks "Insertion, Evasion, and Denial of Service: Eluding Network Intrusion Detection" paper of January 1998. Was written in the hopes that a more precise testing methodology might be applied to the area of network intrusion detection, which is still a black art at best.
|
Fragrouter
|
|
|
IDS, Firewalls, and Honeypots. Tool to replay saved tcpdump or snoop files at arbitrary speeds.
|
TCPReplay
|
|
|
IDS, Firewalls, and Honeypots. An IDS evasion tool.
|
SideStep
|
|
|
IDS, Firewalls, and Honeypots. A network intrusion detection system test suite.
|
NIDSbench
|
|
|
IDS, Firewalls, and Honeypots. API that can mask buffer overflow exploit signatures from Network IDS systems so that they are more difficult to detect.
|
ADMutate
|
