Selasa, 11 Maret 2008

Draft Hacking

Awareness and Training Awareity MOAT
www.awareity.com

Birch Systems Privacy Posters
www.privacyposters.com

Greenidea Visible Statement
www.greenidea.com

Interpact, Inc. Awareness Resources
www.thesecurityawarenesscompany.com

NIST resources
http://csrc.nist.gov/ATE

SANS Security Awareness Program
www.sans.org/awareness/awareness.php

Security Awareness, Inc. Awareness Resources
www.securityawareness.com

Bluetooth BlueScanner
www.networkchemistry.com/products/bluescanner.php

Bluesnarfer
www.alighieri.org/tools/bluesnarfer.tar.gz

BlueSniper rifle
www.tomsnetworking.com/2005/03/08/how_to_bluesniper_pt

Blooover
http://trifinite.org/trifinite_stuff_blooover.html

Bluejacking community site
www.bluejackq.com

Detailed presentation on the various Bluetooth attacks
http://trifinite.org/Downloads/21c3_Bluetooth_Hacking.pdf

NIST Special Publication 800-48
http://csrc.nist.gov/publications/nistpubs/800-48/NIST_SP_800-48.pdf

Certifications Certified Ethical Hacker
www.eccouncil.org/CEH.htm

Dictionary Files and Word Lists ftp://ftp.cerias.purdue.edu/pub/dictftp://ftp.ox.ac.uk/pub/wordlists

http://packetstormsecurity.nl/Crackers/wordlists

www.outpost9.com/files/WordLists.html

Default vendor passwords
www.cirt.net/cgi-bin/passwd.pl

Exploit Tools CORE IMPACT
www.coresecurity.com

Metasploit
www.metasploit.com/projects/Framework

General Research Tools AfriNIC
www.afrinic.net

APNIC
www.apnic.net

ARIN
www.arin.net/whois/index.html

CERT/CC Vulnerability Notes Database
www.kb.cert.org/vuls

ChoicePoint
www.choicepoint.com

Common Vulnerabilities and Exposures
http://cve.mitre.org/cve

DNSstuff.com
www.DNSstuff.com

Google
www.google.com

Government domains
www.dotgov.gov

Hoover's business information
www.hoovers.com

LACNIC
www.lacnic.net

Military domains
www.nic.mil/dodnic

NIST National Vulnerability Database
http://nvd.nist.gov

RIPE Network Coordination Centre
www.ripe.net/whois

Sam Spade
www.samspade.org

SecurityTracker
http://securitytracker.com

Switchboard.com
www.switchboard.com

U.S. Patent and Trademark Office
www.uspto.gov

U.S. Search.com
www.ussearch.com

U.S. Securities and Exchange Commission
www.sec.gov/edgar.shtml

Whois.org
www.whois.org

Yahoo! Finance site
http://finance.yahoo.com

Hacker Stuff 2600 @@md The Hacker Quarterly magazine
www.2600.com

Blacklisted 411
www.blacklisted411.net

Computer Underground Digest
www.soci.niu.edu/~cudigest

Hacker T-shirts, equipment, and other trinkets
www.thinkgeek.com

Honeypots: Tracking Hackers
www.tracking-hackers.com

The Online Hacker Jargon File
www.jargon.8hz.com

PHRACK
www.phrack.org

Linux Amap
http://packages.debian.org/unstable/net/amap

Bastille Linux Hardening Program
www.bastille-linux.org

BackTrack
www.remote-exploit.org/index.php/BackTrack

Comprehensive listing of live bootable Linux toolkits
www.frozentech.com/content/livecd.php

Debian Linux Security Alerts
www.debian.org/security

Linux Administrator's Security Guide
www.seifried.org/lasg

Linux Kernel Updates
www.linuxhq.com

Linux Security Auditing Tool (LSAT)
http://usat.sourceforge.net

Metasploit
www.metasploit.com

Network Security Toolkit
www.networksecuritytoolkit.org

Red Hat Linux Security Alerts
www.redhat.com/securityupdates

Security Tools Distribution
http://s-t-d.org

Slackware Linux Security Advisories
www.slackware.com/security

SUSE Linux Security Alerts
www.suse.com/us/business/security.html

Tiger
ftp://ftp.debian.org/debian/pool/main/t/tiger

VLAD the Scanner
www.bindview.com/Services/RAZOR/Utilities/Unix_Linux/vlad.cfm

Log Analysis ArcSight Enterprise Security Manager
www.arcsight.com/product.htm

GFI LANguard Security Event Log Monitor
www.gfi.com/lanselm

Internet Security Systems Managed Services
www.iss.net/products_services/managed_services

LogAnalysis.org system logging resources
www.loganalysis.org

Malware chkrootkit
www.chkrootkit.org

EICAR Anti-Virus test file
www.eicar.org/anti_virus_test_file.htm

The File Extension Source
http://filext.com

McAfee AVERT Stinger
http://vil.nai.com/vil/stinger

Rkdet
http://vancouver-webpages.com/rkdet

Wotsit's Format
www.wotsit.org

Messaging Abuse.net SMTP relay checker
www.abuse.net/relay.html

Brutus
http://securitylab.ru/_tools/brutus-aet2.zip

Cain and Abel
www.oxid.it/cain.html

DNSstuff.com relay checker
www.dnsstuff.com

GFI e-mail security test
www.gfi.com/emailsecuritytest

How to disable SMTP relay on various e-mail servers
www.mail-abuse.com/an_sec3rdparty.html

mailsnarf
www.monkey.org/~dugsong/dsniff or
www.datanerds.net/~mike/dsniff.html for the Windows version

Sam Spade for Windows
www.samspade.org/ssw

smtpscan
www.greyhats.org/?smtpscan

NetWare Adrem Freecon
www.adremsoft.com

Craig Johnson's BorderManager resources
http://nscsysop.hypermart.net

JRB Software
www.jrbsoftware.com

NCPQuery
www.bindview.com/resources/razor/files/ncpquery-1.2.tar.gz

NetServerMon
www.simonsware.com/Products.shtml

Novell Product Updates
http://support.novell.com/filefinder

Pandora
www.nmrc.org/project/pandora

Rcon program
http://packetstormsecurity.nl/Netware/penetration/rcon.zip

Remote
www.securityfocus.com/data/vulnerabilities/exploits/Remote.zip

UserDump
www.hammerofgod.com/download/userdump.zip

Networks Cain and Abel
www.oxid.it/cain.html

CommView
www.tamos.com/products/commview

dsniff
www.monkey.org/~dugsong/dsniff

Essential NetTools
www.tamos.com/products/nettools

Ethereal network analyzer
www.ethereal.com

EtherPeek
www.wildpackets.com/products/etherpeek/overview

ettercap
http://ettercap.sourceforge.net

Firewalk
www.packetfactory.net/firewalk

Getif
www.wtcs.org/snmp4tpc/getif.htm

GFI LANguard Network Scanner
www.gfi.com/lannetscan

GNU MAC Changer
www.alobbs.com/macchanger

IETF RFCs
www.rfc-editor.org/rfcxx00.html

LanHound
www.sunbelt-software.com/LanHound.cfm

MAC address vendor lookup
http://standards.ieee.org/regauth/oui/index.shtml

Nessus vulnerability scanner
www.nessus.org

Netcat
www.vulnwatch.org/netcat/nc111nt.zip

NetScanTools Pro all-in-one network testing tool
www.netscantools.com

Nmap port scanner
www.insecure.org/nmap

NMapWin
http://sourceforge.net/projects/nmapwin

Port number listing
www.iana.org/assignments/port-numbers

Port number lookup
www.cotse.com/cgi-bin/port.cgi

QualysGuard vulnerability assessment tool
www.qualys.com

SNMPUTIL
www.wtcs.org/snmp4tpc/FILES/Tools/SNMPUTIL/SNMPUTIL.zip

Sunbelt Network Security Inspector
www.sunbelt-software.com/SunbeltNetworkSecurityInspector.cfm

SuperScan port scanner
www.foundstone.com/resources/proddesc/superscan.htm

TrafficIQ Pro
www.karalon.com

WhatIsMyIP
www.whatismyip.com

Password Cracking BIOS passwords
http://labmice.techtarget.com/articles/BIOS_hack.htm

Brutus
http://securitylab.ru/_tools/brutus-aet2.zip

Cain and Abel
www.oxid.it/cain.html

Chknull
www.phreak.org/archives/exploits/novell/chknull.zip

Crack
ftp://coast.cs.purdue.edu/pub/tools/unix/pwdutils/crack

Elcomsoft Distributed Password Recovery
www.elcomsoft.com/edpr.html

John the Ripper
www.openwall.com/john

Ophcrack
www.objectif-securite.ch/ophcrack

Proactive Password Auditor
www.elcomsoft.com/ppa.html

Proactive System Password Recovery
www.elcomsoft.com/pspr.html

pwdump3
www.openwall.com/passwords/dl/pwdump/pwdump3v2.zip

NetBIOS Auditing Tool
www.securityfocus.com/tools/543

NTAccess
www.mirider.com/ntaccess.html

RainbowCrack
www.antsight.com/zsl/rainbowcrack

RainbowCrack-Online
www.rainbowcrack-online.com

Rainbow tables
http://rainbowtables.shmoo.com

TSGrinder
www.hammerofgod.com/download/tsgrinder-2.03.zip

WinHex
www.winhex.com

Patch Management BigFix Enterprise Suite Patch Management
www.bigfix.com/products/patch.html

Ecora Patch Manager
www.ecora.com/ecora/products/patchmanager.asp

GFI LANguard Network Security Scanner
www.gfi.com/lannetscan

HFNetChkPro from Shavlik Technologies
www.shavlik.com/product_cat_patch_mang.aspx

Patch Authority Plus
www.scriptlogic.com/products/patchauthorityplus

PatchLink
www.patchlink.com

SysUpdate
www.securityprofiling.com

UpdateEXPERT from St. Bernard Software
www.stbernard.com/products/updateexpert/products_updateexpert.asp

Windows Server Update Services from Microsoft
www.microsoft.com/windowsserversystem/updateservices/default.mspx

Source Code Analysis Compuware
www.compuware.com/products/devpartner/securitychecker.htm

Fortify Software
www.fortifysoftware.com

Klocwork
www.klocwork.com

Ounce Labs
www.ouncelabs.com

SPI Dynamics
www.spidynamics.com/products/devinspect/index.html

Security Standards Center for Internet Security's Benchmarks/Scoring Tools
www.cisecurity.org

NIST Special Publications
http://csrc.nist.gov/publications/nistpubs/index.html

Open Source Security Testing Methodology Manual
www.isecom.org/osstmm

SANS Step-by-Step Guides
http://store.sans.org

Security Education Kevin Beaver's Security on Wheels podcasts and information security training resources
www.securityonwheels.com

Privacy Rights Clearinghouse's Chronology of Data Breaches Reported Since the ChoicePoint Incident
www.privacyrights.org/ar/ChronDataBreaches.htm

Storage CHAP Password Tester
www.isecpartners.com/tools.html#CPT

CIFSShareBF
www.isecpartners.com/SecuringStorage/CIFShareBF.zip

GrabiQNs
www.isecpartners.com/SecuringStorage/GrabiQNs.zip

NASanon
www.isecpartners.com/SecuringStorage/NASanon.zip

StorScan
www.isecpartners.com/tools.html#StorScan

Risk Analysis and Threat Modeling SecureITree
www.amenaza.com

Software Engineering Institute's OCTAVE methodology
www.cert.org/octave

Voice over IP Cain and Abel
www.oxid.it/cain.html

NIST's SP800-58 document
http://csrc.nist.gov/publications/nistpubs/800-58/SP800-58-final.pdf

PROTOS
www.ee.oulu.fi/research/ouspg/protos

SearchVoIP.com
http://searchvoip.techtarget.com

SIP Forum Test Framework
www.sipfoundry.org/sftf/index.html

sipsak
http://sipsak.org

SiVuS
www.vopsecurity.org/html/tools.html

vomit
http://vomit.xtdnet.nl

War Dialing Sandstorm Enterprises PhoneSweep
www.sandstorm.net/products/phonesweep

Sandstorm Enterprises Sandtrap wardialing honepot
www.sandstorm.net/products/sandtrap

THC-Scan
http://packetstormsecurity.org/groups/thc/thc-ts201.zip

ToneLoc
www.securityfocus.com/data/tools/auditing/pstn/tl110.zip

Web Applications and Databases 2600's Hacked Pages
www.2600.com/hacked_pages

Acunetix Web Vulnerability Scanner
www.acunetix.com

AppDetective
www.appsecinc.com/products/appdetective

Brutus
http://securitylab.ru/_tools/brutus-aet2.zip

HTTrack Website Copier
www.httrack.com

Foundstone's Hacme Tools
http://www.foundstone.com/resources/s3i_tools.htm

Google Hacking Database
http://johnny.ihackstuff.com/index.php?module=prodreviews

Netcraft
www.netcraft.com

NGSSquirrel
www.ngssoftware.com/software.htm

N-Stealth Security Scanner
www.nstalker.com/eng/products/nstealth

Paros Proxy
www.parosproxy.org

Pete Finnigan's listing of Oracle scanning tools
www.petefinnigan.com/tools.htm

Port 80 Software's ServerMask
www.port80software.com/products/servermask

Port 80 Software's Custom Error
www.port80software.com/products/customerror

SiteDigger
www.foundstone.com/resources/proddesc/sitedigger.htm

SQLPing2 and SQLRecon
www.sqlsecurity.com/Tools/FreeTools/tabid/65/Default.aspx

WebInspect
www.spidynamics.com/products/webinspect/index.html

WebGoat
www.owasp.org/index.php/Category:OWASP_WebGoat_Project

Windows CORE IMPACT
www.coresecurity.com

DumpSec
www.somarsoft.com

Effective File Search
www.sowsoft.com/search.htm

FileLocator Pro
www.mythicsoft.com/filelocatorpro

Legion
http://packetstormsecurity.nl/groups/rhino9/legionv21.zip

Metasploit
www.metasploit.com

Microsoft Baseline Security Analyzer
www.microsoft.com/technet/security/tools/mbsahome.mspx

Microsoft TechNet Security Center
www.microsoft.com/technet/security/Default.asp

Network Users
www.optimumx.com/download/netusers.zip

Rpcdump
www.bindview.com/Services/RAZOR/Utilities/Windows/rpctools1.0-readme.cfm

SMAC MAC address changer
www.klcconsulting.net/smac

Vision
www.foundstone.com/knowledge/proddesc/vision.html

Walksam
www.bindview.com/Services/RAZOR/Utilities/Windows/rpctools1.0-readme.cfm

Winfo
www.ntsecurity.nu/toolbox/winfo

Wireless Networks Aircrack
http://freshmeat.net/projects/aircrack

AirMagnet Laptop Analyzer
www.airmagnet.com/products/laptop.htm

AiroPeek SE
www.wildpackets.com/products/airopeek/airopeek_se/overview

AirSnort
http://airsnort.shmoo.com

Cantenna war-driving kit
http://mywebpages.comcast.net/hughpep

CommView for Wi-Fi
www.tamos.com/products/commwifi

Digital Hotspotter
www.canarywireless.com

Homebrew WiFi antenna
www.turnpoint.net/wireless/has.html

KisMAC
http://kismac.binaervarianz.de

Kismet
www.kismetwireless.net

Lucent Orinoco Registry Encryption/Decryption program
www.cqure.net/tools.jsp?id=3

NetStumbler
www.netstumbler.com

OmniPeek
www.wildpackets.com/products/omni/overview/omnipeek_analyzers

RFprotect Mobile
www.networkchemistry.com/products/rfprotectmobile.php

SeattleWireless HardwareComparison page
www.seattlewireless.net/index.cgi/HardwareComparison

Security of the WEP Algorithm
www.isaac.cs.berkeley.edu/isaac/wep-faq.html

The Unofficial 802.11 Security Web Page
www.drizzle.com/~aboba/IEEE

Wellenreiter
www.wellenreiter.net

WiGLE database of wireless networks at
www.wigle.net
www.wifimaps.com
www.wifinder.com

WinAirsnort
http://winairsnort.free.fr/

Wireless Vulnerabilities and Exploits
www.wirelessve.org

WPA Cracker
www.tinypeap.com/html/wpa_cracker.html

0 coment-ar: