Sep
30
To fulfil the purpose of this site, I am reposting a collection of tools. The Top 10 Security Assessment Tools.
| Number | Name | Assessment Tool Description |
| 1 | Metasploit | Download Metasploit |
| The Metasploit Framework provides a framework which consists of vulnerabilities, exploits, and payloads. Once a vulnerability is identified, the tester can then correlate the vulnerability to exploits stored in the framework. The exploit carries varying types of payloads which can gather passwords, provide a remote command channel, etc. | ||
| 2 | Nessus | Download Nessus |
| Nessus is the de-facto standard for open-source vulnerability scanning. Available for both Windows and Linux. There is a commercial offering, and also Inprotect at Sourceforge however development on Inprotect has stopped. | ||
| 3 | Nmap | Download Nmap |
| A network mapping tool that is another de-facto open-source tool. This is used to identify active hosts, running services, OS fingerprinting, etc- very fast! | ||
| 4 | Webscarab | Download Webscarab |
| Webscarab is one of my personal favorites when it comes to hacking and conducting web-application security testing. This proxy application is Java-Based and provides an HTTP editor, Fuzzer, Decoders, and session ID analysis tools. | ||
| 5 | Firefox Development Tools | Download Firefox Development Tools |
| Firefox is the preferable browser for most web-application security auditors/assessors. The Development plug-ins facilitate circumventing client-side security including input validation, lethth requirements, etc. Also can convert POST to GET commands. | ||
| 6 | Phishers Toolkit | Download Phishers Toolkit |
| Up until this software was developed I had to construe my own hacks for conducting remote social engineering/phishing for my security assessments. This application simplifies creating a server, distributing the nefarious content, and gaining remote command-line-interface on the pwned machine. | ||
| 7 | Wireshark | Download Wireshark |
| Wireshark, previously known as Ethereal, is a great network sniffing tool. Another standard, this is the most comprehensive network sniffing tool outside of the commercial space. | ||
| 8 | Aircrack-NG | Download Aircrack-NG |
| Hacking WEP, and Hacking WPA, are both easily accomplished leveraging the Aircrack-NG toolset. Network monitoring, wireless sniffing, WEP cracking, & WPA Hack acquisition are all easily conducted with the Aircrack-NG suite. | ||
| 9 | USB Switchblade | Download Switchblade |
| The primary purpose of this tool is to silently recover information from Windows systems, such as password hashes, LSA secrets, IP information as well as browser history and autofill information as well as create a backdoor to the target system for later access. | ||
| 10 | Brutus | Download Brutus |
| Brutus is a great brute-force password hacking tool. Great for banging on passwords on SSH, Telnet, FTP, etc.. | ||