To fulfil the purpose of this site, I am reposting a collection of tools. The Top 10 Security Assessment Tools.
| Number |
Name |
Assessment Tool Description |
| 1 |
Metasploit |
Download Metasploit |
|
The Metasploit Framework provides a framework which consists of vulnerabilities, exploits, and payloads. Once a vulnerability is identified, the tester can then correlate the vulnerability to exploits stored in the framework. The exploit carries varying types of payloads which can gather passwords, provide a remote command channel, etc. |
| 2 |
Nessus |
Download Nessus |
|
Nessus is the de-facto standard for open-source vulnerability scanning. Available for both Windows and Linux. There is a commercial offering, and also Inprotect at Sourceforge however development on Inprotect has stopped. |
| 3 |
Nmap |
Download Nmap |
|
A network mapping tool that is another de-facto open-source tool. This is used to identify active hosts, running services, OS fingerprinting, etc- very fast! |
| 4 |
Webscarab |
Download Webscarab |
|
Webscarab is one of my personal favorites when it comes to hacking and conducting web-application security testing. This proxy application is Java-Based and provides an HTTP editor, Fuzzer, Decoders, and session ID analysis tools. |
| 5 |
Firefox Development Tools |
Download Firefox Development Tools |
|
Firefox is the preferable browser for most web-application security auditors/assessors. The Development plug-ins facilitate circumventing client-side security including input validation, lethth requirements, etc. Also can convert POST to GET commands. |
| 6 |
Phishers Toolkit |
Download Phishers Toolkit |
|
Up until this software was developed I had to construe my own hacks for conducting remote social engineering/phishing for my security assessments. This application simplifies creating a server, distributing the nefarious content, and gaining remote command-line-interface on the pwned machine. |
| 7 |
Wireshark |
Download Wireshark |
|
Wireshark, previously known as Ethereal, is a great network sniffing tool. Another standard, this is the most comprehensive network sniffing tool outside of the commercial space. |
| 8 |
Aircrack-NG |
Download Aircrack-NG |
|
Hacking WEP, and Hacking WPA, are both easily accomplished leveraging the Aircrack-NG toolset. Network monitoring, wireless sniffing, WEP cracking, & WPA Hack acquisition are all easily conducted with the Aircrack-NG suite. |
| 9 |
USB Switchblade |
Download Switchblade |
|
The primary purpose of this tool is to silently recover information from Windows systems, such as password hashes, LSA secrets, IP information as well as browser history and autofill information as well as create a backdoor to the target system for later access. |
| 10 |
Brutus |
Download Brutus |
|
Brutus is a great brute-force password hacking tool. Great for banging on passwords on SSH, Telnet, FTP, etc.. |
Security, tools, Vulnerability
If you are like me and have trouble really understanding where the candidates stand on issues, then you should check out the VoteMatch Quiz provided by OnTheIssues.org. It is a simple 20 question quiz that asks you your position on a handful of topics. It then takes your respones and compares the to the candidates voting records and public statements on their position. You can also click through to see the details behind those scores. Show how your specific responses compare to the candidates responses.
Overall, I find the site very useful. Their position data is fully cited so you are free to make your own judgements of their positions.
politics, tools
A year or so ago a friend of mine told me about this little app called Synergy. It is an open source utility which allows you to use a single KB/mouse to manage multiple PCs. It is a very slick little tool that works on linux, windows, and OS X.
It is a client-server setup. The server is the PC which has the keyboard and mouse attached to it. The client is a very small agent running on each PC. Configuration for the client is simply providing the DNS name or IP of the server. The server config is a just a hair more involved. You have to tell it which clients are connecting to it and how they relate to each other for mouse movement.
The behaviour acts like you have multiple monitors. Simple move the mouse to the edge of the screen you have defined in the layout and it starts moving on the other PC. I don’t see any limitations to the number of PCs you can have connected, though I am sure there is a point where it would become cumbersome to move between all of the screens.
Of course Ubuntu Communities has nice documentation on how to configure it including for autostartup at various points.
Linux, Synergy, tools, Ubuntu
I nice guide that covers the most common commands and functions in VI.
commands, Linux, tools, vi
A nice set of Linux How-tos and guides over at linuxscrew.com covering Bash, utils, the file system, iptables, advanced routing topics and hardening.
commands, Linux, Security, tools
After 20 minutes of searching the history files, I finally found the posting I was looking for.
It is the instructions on how to complile vmware-tools when they won’t due to kernel updates.
Install the needed packages.
sudo apt-get install build-essential xinetd linux-headers-$(uname -r)
sudo apt-get install libproc-dev libdumbnet-dev xorg-dev libgtk2.0-dev (Only need if using X)
Change to /tmp to do the install.
cd /tmp
Browse over to the SourceForge Open VM Tools project page and grab the link to download the latest version.
Which as of 8/6/2008 is http://mesh.dl.sourceforge.net/sourceforge/open-vm-tools/open-vm-tools-2008.07.01-102166.tar.gz
Grab a copy.
wget http://mesh.dl.sourceforge.net/sourceforge/open-vm-tools/open-vm-tools-2008.07.01-102166.tar.gz
Grab a copy of the vmware tools.
Untar/gzip them.
tar xzvf VMware*.gz
tar xzvf open-vm-tools*.gz
Build some modules.
cd open-vm-tools-2008.07.01-102166/
./configure && make
cd modules/linux/
Tar them up.
for i in *; do mv ${i} ${i}-only; tar -cf ${i}.tar ${i}-only; done
Copy them over the included modules.
cp -f *.tar /tmp/vmware-tools-distrib/lib/modules/source/
CD into the VMWare tools dir and run the install.
cd /tmp/vmware-tools-distrib
sudo ./vmware-install.pl
compile, errors, kernel, tools, VMWare