Security Assessment, Risks, Threats, Security Tools

Security Assessment reviews should include a comprehensive analysis of internal & external technical vulnerabilities, policies, procedures, standards, and regulatory gap-analysis. Deviation from best-practice, regulations, and prudent security posture are documented along with recommendations for remediation. Executive management should respond in writing to the results to ensure proper documentation for auditors.

 

Top 100 Security Assessment, Vulnerability Auditing, & Security Tools

1
 Stockade Virtual Appliance with Snort, BASE, Inprotect, CACTI, NTOP & Others
2

Nessus

 Open source vulnerability assessment tool
3
 Snort Intrusion Detection (IDS) tool
4
 Wireshark TCP/IP Sniffer- AKA Ethereal
5

WebScarab

Analyze applications that communicate using the HTTP and HTTPS protocols
6
 Wikto Web server assessment tool
7
 BackTrack Penetration Testing live Linux distribution
8
 Netcat The network Swiss army knife
9
 Metasploit Framework Comprehensive hacking framework
10
 Sysinternals Collection of windows utilities
11
 Paros proxy Web application proxy
12
 Enum Enumerate Windows information
13
 P0F v2 Passive OS identification tool
14
 IPPersonality Masquerade IP Stack
15
 SLAN Freeware VPN utility
16
 IKE Crack IKE/IPSEC cracking utility
17
 ASLEAP LEAP cracking tool
18
 Karma Wireless client assessment tool- dangerous
19
 WEPCrack WEP cracking tool
20
 Wellenreiter Wireless scanning application
21

SiteDigger

 Great Google hacking tool
22
 Several DDOS Tools Distributed Denial of Service(DDOS) tools
23
 Achilles Web Proxy Tool
24
 Firefox Web Developer Tool Manual web assessment
25
 Scoopy Virtual Machine Identification tool
26
 WebGoat Learning tool for web application pentests
27
 FlawFinder Source code security analyzer
28
 ITS4 Source code security analyzer
29
 Slint

Source code security analyzer
30
 PwDump3 Dumps Windows 2000 & NT passwords
31
 Loki ICMP covert channel tool
32
 Zodiac DNS testing tool
33
 Hunt TCP hijacking tool
34
 SniffIT Curses-Based sniffing tool
35
 CactiEZ Network traffic analysis ISO
36
 Inprotect Web-based Nessus administration tool
37
 OSSIM Security Information Management (SIM)
38
 Nemesis Command-Line network packet manipulation tool
39
 NetDude TCPDump manipulation tool
40
 TTY Watcher Terminal session hijacking
41
 Stegdetect Detects stego-hidden data
42
 Hydan Embeds data within x86 applications
43
 S-Tools Embeds data within a BMP, GIF, & WAV Files
44
 Nushu Passive covert channel tool
45
 Ptunnel Transmit data across ICMP
46
 Covert_TCP Transmit data over IP Header fields
47
 THC-PBX Hacker PBX Hacking/Auditing Utility
48
 THC-Scan Wardialer
49
 Syslog-NG MySQL Syslog Service
50

WinZapper

 Edit WinNT 4 & Win2000 log files
51
 Rootkit Detective Rootkit identification tool
52
 Rootkit Releaver Rootkit identification tool
53
 RootKit Hunter Rootkit identification tool
54

Chkrootkit

 Rootkit identification tool
55
 LKM Linux Kernal Rootkit
56
 TCPView Network traffic monitoring tool
57
 NMAP Network mapping tool
58
 Ollydbg Windows unpacker
59
 UPX Windows packing application
60
 Burneye Linux ELF encryption tool
61

SilkRpoe 2000

 GUI-Based packer/wrapper
62
 EliteWrap Backdoor wrapper tool
63
 SubSeven

Remote-Control backdoor tool
64
 MegaSecurity Site stores thousands of trojan horse backdoors
65
 Netbus

Backdoor for Windows
66
 Back Orfice 2000 Windows network administration tool
67
 Tini Backdoor listener similar to Netcat
68

MBSA

 Microsoft Baseline Security Analyzer
69
 OpenVPN SSL VPN solution
70
 Sguil An Analyst Console for network security/log Monitoring
71
 Honeyd Create your own honeypot
72
 Brutus Brute-force authentication cracker
73
 cheops / cheops-ng Maps local or remote networks and identifies OS of machines
74
 ClamAV A GPL anti-virus toolkit for UNIX
75
 Fragroute/Fragrouter Intrusion detection evasion toolkit
76
 Arpwatch Monitor ethernet/IP address pairings and can detect ARP Spoofing
77
 Angry IP Scanner Windows port scanner
78
 Firewalk Advanced traceroute
79
 RainbowCrack Password Hash Cracker
80
 EtherApe EtherApe is a graphical network monitor for Unix
81
 WebInspect Web application scanner
82
 Tripwire File integrity checker
83
 Ntop Network traffic usage monitor
84
 Sam Spade Windows network query tool
85
 Scapy Interactive packet manipulation tool
86
 Superscan A Windows-only port scanner
87
 Airsnort 802.11 WEP Encryption Cracking Tool
88
 Aircrack WEP/WPA cracking tool
89
 NetStumbler Windows 802.11 Sniffer
90
 Dsniff A suite of powerful network auditing and penetration-testing tools
91
 John the Ripper Multi-platform password hash cracker
92
 BASE The Basic Analysis and Security Engine- used to manage IDS data
93
 Kismet Wireless sniffing tool
94

THC Hydra

 Network authentication cracker
95
 Nikto Web scanner
96
 Tcpdump TCP/IP analysis tool
97

L0phtcrack

 Windows password auditing and recovery application
98

Reverse WWW Shell

 Shell access across port 80
99
 THC-SecureDelete Ensure deleted files are unrecoverable
100
 THC-AMAP Application mapping tool

 

Security Assessments

(c) Copyright 2008 ComSec, Inc.