TOOLS

Page

TOOLS for ITSEC

LEGAL DISCLAMER

The author does not hold any responsibility for the bad use of this tool, remember that attacking targets without prior consent it’s illegal and punished by law.

PGP public key servers

Anonymous Emails

Disposable Temporary E-Mail Address

Get OS for Pentest Labs

  • Microsoft Evaluation Center : W2K16, W2K12, HyperV
  • Metasploitable : Metasploitable is an intentionally vulnerable Linux virtual machine
  • OWASP Mutillidae II : OWASP Mutillidae II is a free, open source, deliberately vulnerable web-application providing a target for web-security enthusiast
  • OWASP Broken Web Applications Project : Open Web Application Security Project (OWASP) Broken Web Applications Project, a collection of vulnerable web applications that is distributed on a Virtual Machine in VMware format compatible with their no-cost and commercial VMware products
  • Virtual Hacking Lab : A mirror of deliberately insecure applications and old softwares with known vulnerabilities. Used for proof-of-concept /security training/learning purposes. Available in either virtual images or live iso or standalone formats.

 

 

IP

  • Crips : get information about IP Address’s, Web Pages and DNS records

SSL

Online SSL checker

Sofware to check SSL

  • SSLyze – Fast and powerful SSL/TLS server scanning library.
  • SSLscan – sslscan tests SSL/TLS enabled services to discover supported cipher suites
  • TLS-scan : An Internet scale, fast SSL/TLS scanner ( non-blocking, event-driven )
  • DeepViolet :  Tool for introspection of SSL\TLS sessions
  • CypherScan : A very simple way to find out which SSL ciphersuites are supported by a target.
  • SSLLabs-scan :  A command-line reference-implementation client for SSL Labs APIs, designed for automated and/or bulk testing
  • SSLaudit : SSLAudit is a tool that verifies SSL certificate and supported protocols/ciphers of a SSL-enabled webserver
  • ssldiagnos – SSL Diagnos is used to test SSL strength; get information about SSL protocols (pct, ssl2, ssl3, tls, dtls) and cipher suites. It can also be used for testing and rating ciphers on SSL clients.

Scanner

infra scanner

WebApp scanner

Ping Sweep

CMS

  • WPScan – WPScan is a black box WordPress vulnerability scanner.
  • WpCrack –  Brute Force WordPress
  • Joomscan – detect Joomla CMS vulnerabilities
  • CMSExplorer – MS Explorer is designed to reveal the the specific modules, plugins, components and themes that various CMS driven web sites are running.

Sniffer

  • Wireshark (ex Ethereal)
  • tcpDump, winDump
  • Ettercap
  • WinSniffer
  • EtherPeek

LDAP enumeration

SNMP enumeration tools

IDS,NIDS evasion

  • Nessus
  • ADMmutate
  • IDSInformer
  • Inundator
  • NIDSbench
  • PackETH (packet generator)
  • Packet Generator
  • Tomahawk
  • Torr3n7

MAC Spoofing

  • Scapy
  • Cain and Abel
  • Packet Crafter
  • SMAC

ARP flooding

  • Cain and Abel
  • DSniff (ARPspoof)
  • UfaSoft
  • WINARPAttacker

Social Engineering Tools

Messaging

  • Whapa – WhatsApp Parser Toolset

WIFI

Bluetooth

  • bluepot – Bluetooth Honeypot
  • btlejuice – Bluetooth Smart (LE) Man-in-the-Middle framework

SSH

  • sshLooter – Script to steal passwords from ssh.

WEBAPP CHECK

  • HttPrint
  • Burp Suite
  • WebScarab

Check vulnerabilities on Network devices

Website mirroring tools list

Tools to create a local copy of a website to your hard drive.

VPN Provider list & Software

IDS / IPS / HIDS

  • Snort
  • AirMagnet
  • CounterACT
  • McAfee Host Intrustion Prevention For Server
  • Cisco Intrusion Prevention System (IPS)
  • Juniper Networks Intrusion Detection & Prevention (IDP)
  • Sourcefire Intrusion Prevention System (IPS)
  • Strata Guard IDS/IPS
  • Bro Intrusion Detection System (IPS)

SIEM