TOOLS |

Open Source Technology

The scanning platform at HackerTarget.com is comprised of a number of geographically diverse hosts at world class Data Centers in Europe and the USA.

The tools we use are cutting edge open source security tools that are comparable, if not better, than any of the current commercial offerings. Here is a list of open source tools that are well proven and backed by strong technology and large communities.

Scanning

  • Nmap - Detect open ports and the service listening. Worlds leading port scanner, as featured in the Matrix!
  • OpenVas - A fork of the original open source Nessus code base, this Vulnerability scanner examines your system for network services and then tests them against a list of known vulnerabilities.
  • Kismet - Wireless network scanning and packet sniffing.
  • Aircrack-ng - Wireless network scanning and breaking.

Web Application Assessment

  • Nikto - Web scanning excellence. Tests your web server and web applications against a list of known vulnerabilities.
  • w3af - w3af is a Web Application Attack and Audit Framework. The project goal is to create a framework to find and exploit web application vulnerabilities that is easy to use and extend.
  • DirBuster - DirBuster is an auditing tool that brute forces your web server for web directories. A high quality tool that will find all sorts of things lying around in a forgotten directory.

SQL Scanners

  • Sqlmap - SQL injection scanner capable of enumerating entire remote databases, and perform an active database fingerprinting.
  • SQLiX - SQL Injection scanner, able to crawl, detect SQL injection vectors, identify the back-end database and grab function call/UDF results.

Intrusion Detection / Prevention (IPS / IDS)

Exploitation (for testing purposes)

  • Metasploit - Leading open source exploitation framework. Automates exploitation of systems with a long list of possible payloads.

Monitoring

  • OSSIM - An open source security information management application. Collates data from a number of open source security products to ease the intrusion analysis burden.
  • Nagios - Network monitoring tool. Detect problems quickly and immediately. Automated alerts, extensive plugins - this is the most stable network monitoring applications out there.
  • BASE - Puts Snort IDS data into an easy to use web interface.

Firewall and Gateway Appliances

  • Untangle - Malware, firewall, IPS and VPN all in one.
  • PFSense - BSD based Firewall, IPS and VPN with addons for other useful utilities.