Posts Tagged ‘security tools’

Security Testing Tools

Saturday, September 8th, 2007

A list of security testing tools, use it at your own risk.
Some of these are old software, but works. You can find it with Google.

Argus Network transaction monitoring tool (Linux)
broadscan Broadcast address scanner
Cerberus Internet Scanner Windows web server vulnerability tester
cgichk UNIX web server vulnerability tester
cgiexp UNIX web server vulnerability tester
cgiscan UNIX web server vulnerability tester
Cheops GUI based network mapping tool
Ciscocrack Password cracker for Cisco
Crack Password cracker for UNIX
Epan GUI based packet analyzer for Linux
Exscan Network scanner
Fergie DOS-based packet analyzer
firewalk Determines packet filtering rulesets
fping UNIX network discovery tool
getadmin Adds user to local Administrators group
gobbler DOS-based packet analyzer
Grinder Map web servers
hping Complex scanner with firewalking capability
Hunt Connection monitoring tool
ISS Network scanner
John the Ripper UNIX password cracker
Juggernaut TCP hijacking
L0phtCrack NT password cracker
Legion NetBIOS scanner
Linsniff Sniff Linux passwords
LOKI Wraps packets in UDP or ICMP headers
Mscan Vulnerability analysis
NAT NetBIOS Auditing Tool
NDSsnoop Graphically view all object and property details
Nessus Comprehensive vulnerability analysis tool
netcat TCP/IP multipurpose tool
Nmap Advanced port scanner, OS detection and analysis tool
Nscan Network scanner
NTFSDOS Defeat NTFS security from DOS
Nwpcrack NDS password cracker
Ogre Vulnerability assessment tool
NeoTrace Visual TRACEROUTE
PhoneTag War dialer
Pinger Ping sweep program
Portscan Network scanner
Pscan Network scanner
queso Remote host id
Remote password cracking Remotely crack NT passwords
Revelation Reveals stored passwords
SAINT Security Administrator’s Integrated Network Tool
Sam Spade Whois, nslookup and ping
SARA Security Auditor’s Research Assistant
SATAN HTML based vulnerability analysis tool
sechole Adds user to local Administrators group
Sniffit UNIX packet analyzer
SNMPscan UNIX network discovery tool
Solsniff Sniffer for Solaris
spade Simple network discovery tool
Strobe Network scanner
tcpdump Classic packet analyzer
THC-Scan War-dialer
ToneLoc War-dialer
Twinge Crashes any Windows box
twwwscan Web sever scanner
Ultrascan Network scanner
VisualRoute Visual TRACEROUTE
Whisker UNIX web server vulnerability tester
winfingerprint Fingerprint Windows host
wwwhack Brute force password attack
Xcrush 33 XWindows exploits
xwatchwin Monitor remote Xwindows sessions

Free SQL Injection Scanners

Monday, May 28th, 2007

SQLIer – SQLIer takes a vulnerable URL and attempts to determine all the necessary information to exploit the SQL Injection vulnerability by itself, requiring no user interaction at all. Get SQLIer.

SQLbftools – SQLbftools is a collection of tools to retrieve MySQL information available using a blind SQL Injection attack. Get SQLbftools.

SQL Injection Brute-forcer – SQLibf is a tool for automatizing the work of detecting and exploiting SQL Injection vulnerabilities. SQLibf can work in Visible and Blind SQL Injection. It works by doing simple logic SQL operations to determine the exposure level of the vulnerable application. Get SQLLibf.

SQLBrute – SQLBrute is a tool for brute forcing data out of databases using blind SQL injection vulnerabilities. It supports time based and error based exploit types on Microsoft SQL Server, and error based exploit on Oracle. It is written in Python, uses multi-threading, and doesn’t require non-standard libraries. Get SQLBrute.

BobCat – BobCat is a tool to aid an auditor in taking full advantage of SQL injection vulnerabilities. It is based on AppSecInc research. It can list the linked severs, database schema, and allow the retrieval of data from any table that the current application user has access to. Get BobCat.

SQLMap – SQLMap is an automatic blind SQL injection tool, developed in python, capable to perform an active database management system fingerprint, enumerate entire remote databases and much more. The aim of SQLMap is to implement a fully functional database management system tool which takes advantages of web application programming security flaws which lead to SQL injection vulnerabilities. Get SQLMap.

Absinthe – Absinthe is a GUI-based tool that automates the process of downloading the schema and contents of a database that is vulnerable to Blind SQL Injection. Get Absinthe.

SQL Injection Pen-testing Tool – The SQL Injection Tool is a GUI-based utility designed to examine database through vulnerabilities in web-applications. Get SQL Injection Pen-testing tool.

SQID – SQL Injection digger (SQLID) is a command line program that looks for SQL injections and common errors in websites. It can perform the follwing operations: look for SQL injection in a web pages and test submit forms for possible SQL injection vulnerabilities. Get SQID.

Blind SQL Injection Perl Tool – bsqlbf is a Perl script that lets auditors retrieve information from web sites that are vulnerable to SQL Injection. Get Blind SQL Injection Perl Tool.

SQL Power Injection Injector – SQL Power Injection helps the penetration tester to inject SQL commands on a web page. It’s main strength is its capacity to automate tedious blind SQL injection with several threads. Get SQL Power Injection.

FJ-Injector Framwork – FG-Injector is a free open source framework designed to help find SQL injection vulnerabilities in web applications. It includes a proxy feature for intercepting and modifying HTTP requests, and an interface for automating SQL injection exploitation. Get FJ-Injector Framework.

SQLNinja – SQLNinja is a tool to exploit SQL Injection vulnerabilities on a web application that uses Microsoft SQL Server as its back-end database. Get SQLNinja.

Automagic SQL Injector – The Automagic SQL Injector is an automated SQL injection tool designed to help save time on penetration testing. It is only designed to work with vanilla Microsoft SQL injection holes where errors are returned. Get Automagic SQL Injector.

NGSS SQL Injector – NGSS SQL Injector exploit vulnerabilities in SQL injection on disparate database servers to gain access to stored data. It currently supports the following databases: Access, DB2, Informix, MSSQL, MySQL, Oracle, Sysbase. Get NGSS SQL Injector.

VoIP Security Tool List

Thursday, May 17th, 2007

This VoIP Security Tool List provides categories, descriptions and links to current free and commercial VoIP security tools.
VOIPSA provide us a very good list here: