AirSnort: A wireless LAN (WLAN) tool that recovers encryption keys. AirSnort operates by passively monitoring transmissions, computing the encryption key when enough packets have been gathered. 802.11b, using the Wired Equivalent Protocol (WEP), is crippled with numerous security flaws. (http://airsnort.shmoo.com/ )
BiDiBlah: A tool that automates many attacking process, coordinating various aspects of recon, scanning and exploitation into one automated, point and click tool. (http://www.sensepost.com/research/bidiblah/ )
Cain & Abel: A password recovery tool for Microsoft Operating Systems. It allows easy recovery of various kind of passwords by sniffing the network, cracking encrypted passwords using Dictionary, Brute-Force and Cryptanalysis attacks, recording VoIP conversations, decoding scrambled passwords, revealing password boxes, uncovering cached passwords and analyzing routing protocols. The program does not exploit any software vulnerabilities or bugs that could not be fixed with little effort. It covers some security aspects/weakness present in protocol's standards, authentication methods and caching mechanisms; its main purpose is the simplified recovery of passwords and credentials from various sources, however it also ships some "non standard" utilities for Microsoft Windows users. (http://www.oxid.it/cain.html )
DSniff: A suite of programs that can be used in auditing and penetration testing.(Wired network or wireless.) dsniff, filesnarf, mailsnarf, msgsnarf, urlsnarf and webspy monitors networks for interesting data (e-mail, files, and passwords). Arpspoof, dnsspoof, and macof intercepts network traffic. All of these tools facilitate the man-in-the middle attack against networks. (Also known as monkey-in-the middle) (http://naughty.monkey.org/~dugsong/dsniff/ )
Etheral: An open source network sniffing tool used by network professionals around the world for troubleshooting, analysis, software and protocol development, and education. It is also used by attackers to view network traffic without authorization and forge traffic for illegal purposes. It runs on all popular computing platforms, including Unix, Linux, and Windows. (http://www.ethereal.com/)
EtherApe: A graphical network monitor for Unix modeled after etherman. Featuring link layer, ip and TCP modes, it displays network activity graphically. Hosts and links change in size with traffic. Color coded protocols display. It supports Ethernet, FDDI, Token Ring, ISDN, PPP and SLIP devices. It can filter traffic to be shown, and can read traffic from a file as well as live from the network. (http://etherape.sourceforge.net/ )
Ettercap: A suite for man in the middle attacks on LAN. It features sniffing of live connections, content filtering on the fly and many other interesting tricks. It supports active and passive dissection of many protocols (even ciphered ones) and includes many feature for network and host analysis. (http://ettercap.sourceforge.net/ )
Gooscan: A nix tool that automates queries against Google search systems to find vulnerable systems. For the security professional, gooscan serves as a front end for an external server assessment and aids in the information-gathering phase of a vulnerability assessment. For the web server administrator, gooscan helps discover what the web community may already know about a site http://johnny.ihackstuff.com/
Kismet : An 802.11 layer2 wireless network detector, sniffer, and intrusion detection system. Kismet will work with any wireless card which supports raw monitoring (rfmon) mode, and can sniff 802.11b, 802.11a, and 802.11g traffic. (http://www.kismetwireless.net/ )
Metasploit: A tool to provide useful information to people who perform penetration testing, IDS signature development, and exploit research. It also aids in the development and use of exploits for vulnerabilities (http://www.metasploit.com/)
Nemesis: A command-line network packet crafting and injection utility for UNIX-like and Windows systems. It is used for testing Network Intrusion Detection Systems, firewalls, IP stacks and a variety of other tasks. Nemesis is perfect for automation and scripting. Nemesis can natively craft and inject ARP, DNS, ETHERNET, ICMP, IGMP, IP, OSPF, RIP, TCP and UDP packets. Using the IP and the Ethernet injection modes, almost any custom packet can be crafted and injected. (http://nemesis.sourceforge.net/)
Netcat: A network swiss army knife type of Unix tool which reads and writes data across network connections, using TCP or UDP protocol. It is designed to be a reliable "back-end" tool that can be used directly or easily driven by other programs and scripts. At the same time, it is a feature-rich network debugging and exploration tool, since it can create almost any kind of connection you would need and has several interesting built-in capabilities. (http://netcat.sourceforge.net/ )
NetStumbler: A tool for Windows that allows you to detect Wireless Local Area Networks (WLANs) using 802.11b, 802.11a and 802.11g. (http://www.stumbler.net/ )
Nmap: Short of Network Mapper, Nmap is a free open source utility for network exploration (port scanning) or security auditing. It was designed to rapidly scan large networks. Nmap uses raw IP packets in novel ways to determine what hosts are available on the network, what services (application name and version) those hosts are offering, what operating systems (and OS versions) they are running, what type of packet filters/firewalls are in use, and dozens of other characteristics. Nmap runs on most types of computers and both console and graphical versions are available. (http://insecure.org/nmap/ )
Paros proxy: A tool to evaluate the security of their web applications. It is free of charge and completely written in Java. Through Paros's proxy nature, all HTTP and HTTPS data between server and client, including cookies and form fields, can be intercepted and modified. It can also be used to manipulate Web applications. (http://www.parosproxy.org/index.shtml )
PsTools: A set of command line utilities that allow you to manage local and remote systems. (http://www.microsoft.com/technet/sysinternals/utilities/PsTools.mspx )
- PsExec - execute processes remotely
- PsFile - shows files opened remotely
- PsGetSid - display the SID of a computer or a user
- PsKill - kill processes by name or process ID
- PsInfo - list information about a system
- PsList - list detailed information about processes
- PsLoggedOn - see who's logged on locally and via resource sharing (full source is included)
- PsLogList - dump event log records
- PsPasswd - changes account passwords
- PsService - view and control services
- PsShutdown - shuts down and optionally reboots a computer
- PsSuspend - suspends processes
- PsUptime - shows you how long a system has been running since its last reboot (PsUptime's functionality has been incorporated into PsInfo)
THC-Hydra: A tool for login hacker: for Samba, FTP, POP3, IMAP, Telnet, HTTP Auth, LDAP, NNTP, MySQL, VNC, ICQ, Socks5, PCNFS, Cisco and more. Includes SSL support and is part of Nessus. (http://www.thc.org/ )
Wellenreiter: A Linux tool for WLAN discovery and auditing. It can discover networks (BSS/IBSS), and detects ESSID broadcasting or non-broadcasting networks and their WEP capabilities and the manufacturer automatically. DHCP and ARP traffic are decoded and displayed to give you further information about the networks. (http://www.wellenreiter.net/ )
Yersinia: A network tool designed to take advantage of some weakeness in different layer 2 network protocols. It pretends to be a solid framework for analyzing and testing the deployed networks and systems. Attacks for the following network protocols are implemented:
- Spanning Tree Protocol (STP).
- Cisco Discovery Protocol (CDP).
- Dynamic Trunking Protocol (DTP).
- Dynamic Host Configuration Protocol (DHCP).
- Hot Standby Router Protocol (HSRP).
- 802.1q.
- 802.1x.
- Inter-Switch Link Protocol (ISL).
- VLAN Trunking Protocol (VTP).
Related Terms: Widely Used Attack Tools