TOOLS for ITSEC
The author does not hold any responsibility for the bad use of this tool, remember that attacking targets without prior consent it’s illegal and punished by law.
PGP public key servers
Disposable Temporary E-Mail Address
- Guerrilla mail
- gilc.org remailer
Get OS for Pentest Labs
- Microsoft Evaluation Center : W2K16, W2K12, HyperV
- Metasploitable : Metasploitable is an intentionally vulnerable Linux virtual machine
- OWASP Mutillidae II : OWASP Mutillidae II is a free, open source, deliberately vulnerable web-application providing a target for web-security enthusiast
- OWASP Broken Web Applications Project : Open Web Application Security Project (OWASP) Broken Web Applications Project, a collection of vulnerable web applications that is distributed on a Virtual Machine in VMware format compatible with their no-cost and commercial VMware products
- Virtual Hacking Lab : A mirror of deliberately insecure applications and old softwares with known vulnerabilities. Used for proof-of-concept /security training/learning purposes. Available in either virtual images or live iso or standalone formats.
- Crips : get information about IP Address’s, Web Pages and DNS records
Online SSL checker
- Qualys SSL Server test – Qualys Online SSL checker
- SSLchecker : Online SSL checker
- SSL Certifcate checker – Online SSL checker
Sofware to check SSL
- SSLyze – Fast and powerful SSL/TLS server scanning library.
- SSLscan – sslscan tests SSL/TLS enabled services to discover supported cipher suites
- TLS-scan : An Internet scale, fast SSL/TLS scanner ( non-blocking, event-driven )
- DeepViolet : Tool for introspection of SSL\TLS sessions
- CypherScan : A very simple way to find out which SSL ciphersuites are supported by a target.
- SSLLabs-scan : A command-line reference-implementation client for SSL Labs APIs, designed for automated and/or bulk testing
- SSLaudit : SSLAudit is a tool that verifies SSL certificate and supported protocols/ciphers of a SSL-enabled webserver
- ssldiagnos – SSL Diagnos is used to test SSL strength; get information about SSL protocols (pct, ssl2, ssl3, tls, dtls) and cipher suites. It can also be used for testing and rating ciphers on SSL clients.
- Advanced IP scanner
- GFI Languard
- Retina network security scanner
- Wireless Network Watcher
- Nikto2 – web server scanner
- Qualys Web Application Scanning
- Arachni – web application security framework (free, multi-platform)
- W3af – web application attack and audit framework, the open source web vulnerability scanner
- Microsoft Baseline Security Analyzer
- WebReaver – Web Application Vulnerability Scanner for Mac.
- Secapps – Fully integrated web-based security platform
- Wapiti – Web-application vulnerability scanner (free)
- WMAP Web Scanner
- Personal Software inspector
- Vuls – Vulnerability scanner for Linux/FreeBSD
- angularjs-csti-scanner – Automated client-side template injection (sandbox escape/bypass) detection for AngularJS.
- Angry IP Scanner
- Ultra Ping Pro
- Friendly Pinger
- Ping Scanner Pro
- Colasoft Ping Tool (see post)
- WPScan – WPScan is a black box WordPress vulnerability scanner.
- WpCrack – Brute Force WordPress
- Joomscan – detect Joomla CMS vulnerabilities
- CMSExplorer – MS Explorer is designed to reveal the the specific modules, plugins, components and themes that various CMS driven web sites are running.
- Wireshark (ex Ethereal)
- tcpDump, winDump
- LEX – The LDAP Explorer
- AD Explorer – Active Director Explorer
- Softerra LDAP Administrator
- JXplorer – Java LDAP Browser
SNMP enumeration tools
- PackETH (packet generator)
- Packet Generator
- Cain and Abel
- Packet Crafter
- Cain and Abel
- DSniff (ARPspoof)
Social Engineering Tools
- Social Engineer Toolkit (SET)
- Beelogger – Generate Gmail Emailing Keyloggers to Windows
- Evilginx – Man-in-the-middle attack framework used for phishing credentials and session cookies of any web service.
- King Phisher
- Catphish – Generate similar-looking domains for phishing attacks.
- wifiphisher – The Rogue Access Point Framework
- Whapa – WhatsApp Parser Toolset
- sshLooter – Script to steal passwords from ssh.
- Burp Suite
Check vulnerabilities on Network devices
- Cisco Global Exploiter (CGE) – detects vulnerabilities on Cisco routers and switches
Website mirroring tools list
Tools to create a local copy of a website to your hard drive.
- GNU Wget
- Teleport Pro
- Backstreet Browser
- Cyotek Webcopy
- Website Ripper Copier
VPN Provider list & Software
- Private Internet Access VPN
IDS / IPS / HIDS
- McAfee Host Intrustion Prevention For Server
- Cisco Intrusion Prevention System (IPS)
- Juniper Networks Intrusion Detection & Prevention (IDP)
- Sourcefire Intrusion Prevention System (IPS)
- Strata Guard IDS/IPS
- Bro Intrusion Detection System (IPS)