Top 100 Herramientas de Seguridad Open Source
Jeromie Jackson, reconocido consultor de seguridad informática, publicó lo que a su parecer serian las mejores 100 herramientas de seguridad opensource, aunque faltan algunas herramientas como lo es el w3af (excelente framework desarrollado por el argentino andrés riancho), el SSLstrip presentado hace poco en el Black Hat DC 2009 y algunas de las herramientas expuestas (como Back Orfice 2000) ya han dejado de mantenerse, no deja de ser un excelente listado en el que seguro encontraras algunas herramientas que desconocías.
|
1
|
Stockade | Virtual Appliance with Snort, BASE, Inprotect, CACTI, NTOP & Others |
|
2
|
Open source vulnerability assessment tool | |
|
3
|
Snort | Intrusion Detection (IDS) tool |
|
4
|
Wireshark | TCP/IP Sniffer- AKA Ethereal |
|
5
|
Analyze applications that communicate using the HTTP and HTTPS protocols | |
|
6
|
Wikto | Web server assessment tool |
|
7
|
BackTrack | Penetration Testing live Linux distribution |
|
8
|
Netcat | The network Swiss army knife |
|
9
|
Metasploit Framework | Comprehensive hacking framework |
|
10
|
Sysinternals | Collection of windows utilities |
|
11
|
Paros proxy | Web application proxy |
|
12
|
Enum | Enumerate Windows information |
|
13
|
P0F v2 | Passive OS identification tool |
|
14
|
IPPersonality | Masquerade IP Stack |
|
15
|
SLAN | Freeware VPN utility |
|
16
|
IKE Crack | IKE/IPSEC cracking utility |
|
17
|
ASLEAP | LEAP cracking tool |
|
18
|
Karma | Wireless client assessment tool- dangerous |
|
19
|
WEPCrack | WEP cracking tool |
|
20
|
Wellenreiter | Wireless scanning application |
|
21
|
Great Google hacking tool | |
|
22
|
Several DDOS Tools | Distributed Denial of Service(DDOS) tools |
|
23
|
Achilles | Web Proxy Tool |
|
24
|
Firefox Web Developer Tool | Manual web assessment |
|
25
|
Scoopy | Virtual Machine Identification tool |
|
26
|
WebGoat | Learning tool for web application pentests |
|
27
|
FlawFinder | Source code security analyzer |
|
28
|
ITS4 | Source code security analyzer |
|
29
|
Slint |
Source code security analyzer |
|
30
|
PwDump3 | Dumps Windows 2000 & NT passwords |
|
31
|
Loki | ICMP covert channel tool |
|
32
|
Zodiac | DNS testing tool |
|
33
|
Hunt | TCP hijacking tool |
|
34
|
SniffIT | Curses-Based sniffing tool |
|
35
|
CactiEZ | Network traffic analysis ISO |
|
36
|
Inprotect | Web-based Nessus administration tool |
|
37
|
OSSIM | Security Information Management (SIM) |
|
38
|
Nemesis | Command-Line network packet manipulation tool |
|
39
|
NetDude | TCPDump manipulation tool |
|
40
|
TTY Watcher | Terminal session hijacking |
|
41
|
Stegdetect | Detects stego-hidden data |
|
42
|
Hydan | Embeds data within x86 applications |
|
43
|
S-Tools | Embeds data within a BMP, GIF, & WAV Files |
|
44
|
Nushu | Passive covert channel tool |
|
45
|
Ptunnel | Transmit data across ICMP |
|
46
|
Covert_TCP | Transmit data over IP Header fields |
|
47
|
THC-PBX Hacker | PBX Hacking/Auditing Utility |
|
48
|
THC-Scan | Wardialer |
|
49
|
Syslog-NG | MySQL Syslog Service |
|
50
|
Edit WinNT 4 & Win2000 log files | |
|
51
|
Rootkit Detective | Rootkit identification tool |
|
52
|
Rootkit Releaver | Rootkit identification tool |
|
53
|
RootKit Hunter | Rootkit identification tool |
|
54
|
Rootkit identification tool | |
|
55
|
LKM | Linux Kernal Rootkit |
|
56
|
TCPView | Network traffic monitoring tool |
|
57
|
NMAP | Network mapping tool |
|
58
|
Ollydbg | Windows unpacker |
|
59
|
UPX | Windows packing application |
|
60
|
Burneye | Linux ELF encryption tool |
|
61
|
GUI-Based packer/wrapper | |
|
62
|
EliteWrap | Backdoor wrapper tool |
|
63
|
SubSeven |
Remote-Control backdoor tool |
|
64
|
MegaSecurity | Site stores thousands of trojan horse backdoors |
|
65
|
Netbus |
Backdoor for Windows |
|
66
|
Back Orfice 2000 | Windows network administration tool |
|
67
|
Tini | Backdoor listener similar to Netcat |
|
68
|
Microsoft Baseline Security Analyzer | |
|
69
|
OpenVPN | SSL VPN solution |
|
70
|
Sguil | An Analyst Console for network security/log Monitoring |
|
71
|
Honeyd | Create your own honeypot |
|
72
|
Brutus | Brute-force authentication cracker |
|
73
|
cheops / cheops-ng | Maps local or remote networks and identifies OS of machines |
|
74
|
ClamAV | A GPL anti-virus toolkit for UNIX |
|
75
|
Fragroute/Fragrouter | Intrusion detection evasion toolkit |
|
76
|
Arpwatch | Monitor ethernet/IP address pairings and can detect ARP Spoofing |
|
77
|
Angry IP Scanner | Windows port scanner |
|
78
|
Firewalk | Advanced traceroute |
|
79
|
RainbowCrack | Password Hash Cracker |
|
80
|
EtherApe | EtherApe is a graphical network monitor for Unix |
|
81
|
WebInspect | Web application scanner |
|
82
|
Tripwire | File integrity checker |
|
83
|
Ntop | Network traffic usage monitor |
|
84
|
Sam Spade | Windows network query tool |
|
85
|
Scapy | Interactive packet manipulation tool |
|
86
|
Superscan | A Windows-only port scanner |
|
87
|
Airsnort | 802.11 WEP Encryption Cracking Tool |
|
88
|
Aircrack | WEP/WPA cracking tool |
|
89
|
NetStumbler | Windows 802.11 Sniffer |
|
90
|
Dsniff | A suite of powerful network auditing and penetration-testing tools |
|
91
|
John the Ripper | Multi-platform password hash cracker |
|
92
|
BASE | The Basic Analysis and Security Engine- used to manage IDS data |
|
93
|
Kismet | Wireless sniffing tool |
|
94
|
Network authentication cracker | |
|
95
|
Nikto | Web scanner |
|
96
|
Tcpdump | TCP/IP analysis tool |
|
97
|
Windows password auditing and recovery application | |
|
98
|
Shell access across port 80 | |
|
99
|
THC-SecureDelete | Ensure deleted files are unrecoverable |
|
100
|
THC-AMAP | Application mapping tool |
Para mas Información:
Top 100 Open Source Security Tools