Awareness and Training
Awareity MOAT
Birch Systems Privacy Posters
Greenidea Visible Statement
Interpact, Inc. Awareness Resources
www.thesecurityawarenesscompany.com
NIST resources
SANS Security Awareness Program
www.sans.org/awareness/awareness.php
Security Awareness, Inc. Awareness Resources
Bluetooth
BlueScanner
www.networkchemistry.com/products/bluescanner.php
Bluesnarfer
www.alighieri.org/tools/bluesnarfer.tar.gz
BlueSniper rifle
www.tomsnetworking.com/2005/03/08/how_to_bluesniper_pt
Blooover
http://trifinite.org/trifinite_stuff_blooover.html
Bluejacking community site
Detailed presentation on the various Bluetooth attacks
http://trifinite.org/Downloads/21c3_Bluetooth_Hacking.pdf
NIST Special Publication 800-48
http://csrc.nist.gov/publications/nistpubs/800-48/NIST_SP_800-48.pdf
Certifications
Certified Ethical Hacker
Dictionary Files and Word Lists
ftp://ftp.cerias.purdue.edu/pub/dict
ftp://ftp.ox.ac.uk/pub/wordlists
http://packetstormsecurity.nl/Crackers/wordlists
www.outpost9.com/files/WordLists.html
Default vendor passwords
www.cirt.net/cgi-bin/passwd.pl
Exploit Tools
CORE IMPACT
Metasploit
www.metasploit.com/projects/Framework
General Research Tools
AfriNIC
APNIC
ARIN
CERT/CC Vulnerability Notes Database
ChoicePoint
Common Vulnerabilities and Exposures
DNSstuff.com
Government domains
Hoover's business information
LACNIC
Military domains
NIST National Vulnerability Database
RIPE Network Coordination Centre
Sam Spade
SecurityTracker
Switchboard.com
U.S. Patent and Trademark Office
U.S. Search.com
U.S. Securities and Exchange Commission
Whois.org
Yahoo! Finance site
Hacker Stuff
2600 @@md The Hacker Quarterly magazine
Blacklisted 411
Computer Underground Digest
Hacker T-shirts, equipment, and other trinkets
Honeypots: Tracking Hackers
The Online Hacker Jargon File
PHRACK
Linux
Amap
http://packages.debian.org/unstable/net/amap
Bastille Linux Hardening Program
BackTrack
www.remote-exploit.org/index.php/BackTrack
Comprehensive listing of live bootable Linux toolkits
www.frozentech.com/content/livecd.php
Debian Linux Security Alerts
Linux Administrator's Security Guide
Linux Kernel Updates
Linux Security Auditing Tool (LSAT)
Metasploit
Network Security Toolkit
www.networksecuritytoolkit.org
Red Hat Linux Security Alerts
www.redhat.com/securityupdates
Security Tools Distribution
Slackware Linux Security Advisories
SUSE Linux Security Alerts
www.suse.com/us/business/security.html
Tiger
ftp://ftp.debian.org/debian/pool/main/t/tiger
VLAD the Scanner
www.bindview.com/Services/RAZOR/Utilities/Unix_Linux/vlad.cfm
Log Analysis
ArcSight Enterprise Security Manager
GFI LANguard Security Event Log Monitor
Internet Security Systems Managed Services
www.iss.net/products_services/managed_services
LogAnalysis.org system logging resources
Malware
chkrootkit
EICAR Anti-Virus test file
www.eicar.org/anti_virus_test_file.htm
The File Extension Source
McAfee AVERT Stinger
http://vil.nai.com/vil/stinger
Rkdet
http://vancouver-webpages.com/rkdet
Wotsit's Format
Messaging
Abuse.net SMTP relay checker
Brutus
http://securitylab.ru/_tools/brutus-aet2.zip
Cain and Abel
DNSstuff.com relay checker
GFI e-mail security test
How to disable SMTP relay on various e-mail servers
www.mail-abuse.com/an_sec3rdparty.html
mailsnarf
www.monkey.org/~dugsong/dsniff or
www.datanerds.net/~mike/dsniff.html for the Windows version
Sam Spade for Windows
smtpscan
NetWare
Adrem Freecon
Craig Johnson's BorderManager resources
JRB Software
NCPQuery
www.bindview.com/resources/razor/files/ncpquery-1.2.tar.gz
NetServerMon
www.simonsware.com/Products.shtml
Novell Product Updates
http://support.novell.com/filefinder
Pandora
Rcon program
http://packetstormsecurity.nl/Netware/penetration/rcon.zip
Remote
www.securityfocus.com/data/vulnerabilities/exploits/Remote.zip
UserDump
www.hammerofgod.com/download/userdump.zip
Networks
Cain and Abel
CommView
www.tamos.com/products/commview
dsniff
www.monkey.org/~dugsong/dsniff
Essential NetTools
www.tamos.com/products/nettools
Ethereal network analyzer
EtherPeek
packets.com/products/etherpeek/overview
ettercap
http://ettercap.sourceforge.net
Firewalk
www.packetfactory.net/firewalk
Getif
www.wtcs.org/snmp4tpc/getif.htm
GFI LANguard Network Scanner
GNU MAC Changer
IETF RFCs
www.rfc-editor.org/rfcxx00.html
LanHound
www.sunbelt-software.com/LanHound.cfm
MAC address vendor lookup
http://standards.ieee.org/regauth/oui/index.shtml
Nessus vulnerability scanner
Netcat
www.vulnwatch.org/netcat/nc111nt.zip
NetScanTools Pro all-in-one network testing tool
Nmap port scanner
NMapWin
http://sourceforge.net/projects/nmapwin
Port number listing
www.iana.org/assignments/port-numbers
Port number lookup
www.cotse.com/cgi-bin/port.cgi
QualysGuard vulnerability assessment tool
SNMPUTIL
www.wtcs.org/snmp4tpc/FILES/Tools/SNMPUTIL/SNMPUTIL.zip
Sunbelt Network Security Inspector
www.sunbelt-software.com/SunbeltNetworkSecurityInspector.cfm
SuperScan port scanner
www.foundstone.com/resources/proddesc/superscan.htm
TrafficIQ Pro
WhatIsMyIP
Password Cracking
BIOS passwords
http://labmice.techtarget.com/articles/BIOS_hack.htm
Brutus
http://securitylab.ru/_tools/brutus-aet2.zip
Cain and Abel
Chknull
www.phreak.org/archives/exploits/novell/chknull.zip
Crack
ftp://coast.cs.purdue.edu/pub/tools/unix/pwdutils/crack
Elcomsoft Distributed Password Recovery
John the Ripper
Ophcrack
www.objectif-securite.ch/ophcrack
Proactive Password Auditor
Proactive System Password Recovery
pwdump3
www.openwall.com/passwords/dl/pwdump/pwdump3v2.zip
NetBIOS Auditing Tool
www.securityfocus.com/tools/543
NTAccess
RainbowCrack
www.antsight.com/zsl/rainbowcrack
RainbowCrack-Online
Rainbow tables
http://rainbowtables.shmoo.com
TSGrinder
www.hammerofgod.com/download/tsgrinder-2.03.zip
WinHex
Patch Management
BigFix Enterprise Suite Patch Management
www.igfix.com/products/patch.html
Ecora Patch Manager
www.ecora.com/ecora/products/patchmanager.asp
GFI LANguard Network Security Scanner
HFNetChkPro from Shavlik Technologies
www.shavlik.com/product_cat_patch_mang.aspx
Patch Authority Plus
www.scriptlogic.com/products/patchauthorityplus
PatchLink
SysUpdate
UpdateEXPERT from St. Bernard Software
www.stbernard.com/products/updateexpert/products_updateexpert.asp
Windows Server Update Services from Microsoft
www.microsoft.com/windowsserversystem/updateservices/default.mspx
Source Code Analysis
Compuware
www.compuware.com/products/devpartner/securitychecker.htm
Fortify Software
Klocwork
Ounce Labs
SPI Dynamics
www.spidynamics.com/products/devinspect/index.html
Security Standards
Center for Internet Security's Benchmarks/Scoring Tools
NIST Special Publications
http://csrc.nist.gov/publications/nistpubs/index.html
Open Source Security Testing Methodology Manual
SANS Step-by-Step Guides
Security Education
Kevin Beaver's Security on Wheels podcasts and information security training resources
Privacy Rights Clearinghouse's Chronology of Data Breaches Reported Since the ChoicePoint Incident
www.privacyrights.org/ar/ChronDataBreaches.htm
Storage
CHAP Password Tester
www.isecpartners.com/tools.html#CPT
CIFSShareBF
www.isecpartners.com/SecuringStorage/CIFShareBF.zip
GrabiQNs
www.isecpartners.com/SecuringStorage/GrabiQNs.zip
NASanon
www.isecpartners.com/SecuringStorage/NASanon.zip
StorScan
www.isecpartners.com/tools.html#StorScan
Risk Analysis and Threat Modeling
SecureITree
Software Engineering Institute's OCTAVE methodology
Voice over IP
Cain and Abel
NIST's SP800-58 document
http://csrc.nist.gov/publications/nistpubs/800-58/SP800-58-final.pdf
PROTOS
www.ee.oulu.fi/research/ouspg/protos
SearchVoIP.com
http://searchvoip.techtarget.com
SIP Forum Test Framework
www.sipfoundry.org/sftf/index.html
sipsak
SiVuS
www.vopsecurity.org/html/tools.html
vomit
War Dialing
Sandstorm Enterprises PhoneSweep
www.sandstorm.net/products/phonesweep
Sandstorm Enterprises Sandtrap wardialing honepot
www.sandstorm.net/products/sandtrap
THC-Scan
http://packetstormsecurity.org/groups/thc/thc-ts201.zip
ToneLoc
www.securityfocus.com/data/tools/auditing/pstn/tl110.zip
Web Applications and Databases
2600's Hacked Pages
Acunetix Web Vulnerability Scanner
AppDetective
www.appsecinc.com/products/appdetective
Brutus
http://securitylab.ru/_tools/brutus-aet2.zip
HTTrack Website Copier
Foundstone's Hacme Tools
http://www.foundstone.com/resources/s3i_tools.htm
Google Hacking Database
http://johnny.ihackstuff.com/index.php?module=prodreviews
Netcraft
NGSSquirrel
www.ngssoftware.com/software.htm
N-Stealth Security Scanner
www.nstalker.com/eng/products/nstealth
Paros Proxy
Pete Finnigan's listing of Oracle scanning tools
www.petefinnigan.com/tools.htm
Port 80 Software's ServerMask
www.port80software.com/products/servermask
Port 80 Software's Custom Error
www.port80software.com/products/customerror
SiteDigger
www.foundstone.com/resources/proddesc/sitedigger.htm
SQLPing2 and SQLRecon
www.sqlsecurity.com/Tools/FreeTools/tabid/65/Default.aspx
WebInspect
www.spidynamics.com/products/webinspect/index.html
WebGoat
www.owasp.org/index.php/Category:OWASP_WebGoat_Project
Windows
CORE IMPACT
DumpSec
Effective File Search
FileLocator Pro
www.mythicsoft.com/filelocatorpro
Legion
http://packetstormsecurity.nl/groups/rhino9/legionv21.zip
Metasploit
Microsoft Baseline Security Analyzer
www.microsoft.com/technet/security/tools/mbsahome.mspx
Microsoft TechNet Security Center
www.microsoft.com/technet/security/Default.asp
Network Users
www.optimumx.com/download/netusers.zip
Rpcdump
www.bindview.com/Services/RAZOR/Utilities/Windows/rpctools1.0-readme.cfm
SMAC MAC address changer
Vision
www.foundstone.com/knowledge/proddesc/vision.html
Walksam
www.bindview.com/Services/RAZOR/Utilities/Windows/rpctools1.0-readme.cfm
Winfo
www.ntsecurity.nu/toolbox/winfo
Wireless Networks
Aircrack
http://freshmeat.net/projects/aircrack
AirMagnet Laptop Analyzer
www.airmagnet.com/products/laptop.htm
AiroPeek SE
www.wildpackets.com/products/airopeek/airopeek_se/overview
AirSnort
Cantenna war-driving kit
http://mywebpages.comcast.net/hughpep
CommView for Wi-Fi
www.tamos.com/products/commwifi
Digital Hotspotter
Homebrew WiFi antenna
www.turnpoint.net/wireless/has.html
KisMAC
http://kismac.binaervarianz.de
Kismet
Lucent Orinoco Registry Encryption/Decryption program
NetStumbler
OmniPeek
www.wildpackets.com/products/omni/overview/omnipeek_analyzers
RFprotect Mobile
www.networkchemistry.com/products/rfprotectmobile.php
SeattleWireless HardwareComparison page
www.seattlewireless.net/index.cgi/HardwareComparison
Security of the WEP Algorithm
www.isaac.cs.berkeley.edu/isaac/wep-faq.html
The Unofficial 802.11 Security Web Page
Wellenreiter
WiGLE database of wireless networks at
WinAirsnort
Wireless Vulnerabilities and Exploits
WPA Cracker
www.tinypeap.com/html/wpa_cracker.html