TOOLS | June 9, 2009

Open Source Technology

The scanning platform at HackerTarget.com is comprised of a number of geographically diverse hosts at world class Data Centers in Europe and the USA.

The tools we use are cutting edge open source security tools that are comparable, if not better, than any of the current commercial offerings. Here is a list of open source tools that are well proven and backed by strong technology and large communities.

Scanning

Nmap - Detect open ports and the service listening. Worlds leading port scanner, as featured in the Matrix!

Click here to run a Nmap scan.
OpenVas - A fork of the original open source Nessus code base, this Vulnerability scanner examines your system for network services and then tests them against a list of known vulnerabilities.
OpenVas Scanning Available here.
Kismet - Wireless network scanning and packet sniffing.
Aircrack-ng - Wireless network scanning and breaking.

Web Application Assessment

Nikto - Web scanning excellence. Tests your web server and web applications against a list of known vulnerabilities.
Click here to run a Nikto scan
w3af - w3af is a Web Application Attack and Audit Framework. The project goal is to create a framework to find and exploit web application vulnerabilities that is easy to use and extend.
DirBuster - DirBuster is an auditing tool that brute forces your web server for web directories. A high quality tool that will find all sorts of things lying around in a forgotten directory.

SQL Scanners

Sqlmap - SQL injection scanner capable of enumerating entire remote databases, and perform an active database fingerprinting.
SQLiX - SQL Injection scanner, able to crawl, detect SQL injection vectors, identify the back-end database and grab function call/UDF results.

Intrusion Detection / Prevention (IPS / IDS)

Snort - Powerful Network Intrusion Detection with optional Intrusion Prevention capabilities. Extensive community and signature support.
OSSEC : Open Source Host-based Intrusion Detection System – Host based IDS solution. Also contains malware detection and log analysis software.
Click here to learn more about OSSEC

Exploitation (for testing purposes)

Metasploit - Leading open source exploitation framework. Automates exploitation of systems with a long list of possible payloads.

Monitoring

OSSIM - An open source security information management application. Collates data from a number of open source security products to ease the intrusion analysis burden.
Nagios - Network monitoring tool. Detect problems quickly and immediately. Automated alerts, extensive plugins - this is the most stable network monitoring applications out there.
BASE - Puts Snort IDS data into an easy to use web interface.

Firewall and Gateway Appliances

Untangle - Malware, firewall, IPS and VPN all in one.
PFSense - BSD based Firewall, IPS and VPN with addons for other useful utilities.

PREVIOUS
Automated Web Application Scanners

NEXT
Guide to Nessus 4 on Ubuntu 9.04

Network

Web

CMS Apps

Recon

Network Tests

DNS Queries

IP Address

Web Tools

Blog

Most Popular