A bag of tools….
Yersinia – Framework to test Layer2 (STP, CDP, DTP, DHCP, HSRP, 802.1Q) attacks
Siege -Web Load Testing (HTTP;HTTPS;etc)
Named Pipe TCP Proxy Utility – Using named pipes on Windows
BackTrack (Retired) – Penetration Testing Distribution
Kali – Penetration Testing Distribution
Wireshark – is a network protocol analyzer
TCPDUMP – a powerful command-line packet analyzer
IPERF – iperf3: A TCP, UDP, and SCTP network bandwidth measurement tool
Multicast Hammer – Multicast/Unicast tester for Windows (Client &Server, Multiple Groups) developed by Nortel
Graylog – An Open-Source Syslog tool, multiple input/output streams, create alerts
HTTP Watch -integrates with Internet Explorer and Firefox browsers to show you exactly what HTTP traffic is triggered when you access a web page.
BGP Stream – BGP Stream is a free resource for receiving alerts about hijacks, leaks, and outages in the Border Gateway Protocol.
Commando VM -Threat Research (Windows Environment)
Software Defined Networks
Cacti – Cacti is an open-source, web-based network monitoring and graphing tool designed as a front-end application for the open-source, industry-standard data logging tool RRDtool
OBS Studio – Free and open source software for video recording and live streaming
Packet capture tools
- Cisco IOS Router and Cisco ASA (http://www.cisco.com/) can also both perform packets capture.
- Netsniff-ng (http://netsniff-ng.org/) is a free Linux networking toolkit that includes pcap capturing and replay.
- Sniffit (http://sniffit.sourceforge.net/) is a distributed sniffer system, which allows users to capture network traffic from a unique machine using a graphical client application. This feature is very useful in switched networks, where traditional sniffers only allow users to sniff their own network traffic.
- Tcpdump (http://www.tcpdump.org/) is a powerful network packet analyzer for Linux that can be used for network debugging and security monitoring. WinDump allows you to have the same functionality as tcpdump in a Windows environment. Tcpdump prints out a description of the contents of packets on a network interface that match the boolean expression. It can also be run with the -w flag, which causes it to save the packet data to a file for later analysis, and/or with the -r flag, which causes it to read from a saved packet file rather than to read packets from a network interface. In all cases, only packets that match expression will be processed by tcpdump.
- T-Shark (http://www.wireshark.org/docs/man-pages/tshark.html) is a network protocol analyzer. It lets you capture packet data from a live network, or read packets from a previously saved capture file, either printing a decoded form of those packets to the standard output or writing the packets to a file. T-Shark’s native capture file format is libpcap format, which is also the format that is used by tcpdump and various other tools.
- Wireshark (http://www.wireshark.org/) is a GUI network protocol analyzer that lets you interactively browse packet data from a live network or from a previously saved capture file.
- Microsoft Message Analyzer (https://www.microsoft.com/en-us/download/details.aspx?id=44226) is a new tool for capturing, displaying, and analyzing protocol messaging traffic, events, and other system or application messages in network troubleshooting and other diagnostic scenarios. Message Analyzer also enables you to load, aggregate, and analyze data from log and saved trace files.
- Nmap. (http://www.nmap.org/) is a free and open source (license) utility for network discovery and security auditing.
- OpenVAS (http://www.openvas.org/) is an open source vulnerability-scanning suite that grew from a fork of the Nessus engine when it went commercial.
Web testing tools
- Burp Suite (https://portswigger.net/burp/) is an integrated platform that can be used to perform security testing of web applications—free and paid versions are available.
- Nikto2 (https://cirt.net/Nikto2/) is an open source web server scanner that performs comprehensive tests against web servers for multiple items, including over 6400 potentially dangerous files and CGIs. Nikto checks for outdated versions of over 1200 servers, and version-specific problems on over 270 servers.
- OWASP Mutillidae II (https://www.owasp.org/index.php/OWASP_Mutillidae_2_Project) is a free, open source, deliberately vulnerable web-application providing a target for web-security enthusiast. Mutillidae can be installed on Linux and Windows. Mutillidae II is an easy-to-use web hacking environment that is designed for labs, security enthusiasts, classrooms, and vulnerability assessment tool targets.
- Cain and Abel (http://www.oxid.it/cain.html) is a Windows-based password recovery tool that can be used to capture and monitor network traffic for passwords, and crack encrypted passwords using various methods.
- John the Ripper (http://www.openwall.com/john/) is a fast password cracker, available for many flavors of Unix, Windows, DOS, and OpenVMS. These tools support several password hash types.
- L0phtCrack (http://www.l0phtcrack.com/) is a tool that is used to crack Windows passwords from hashes, which it can obtain (given proper access) from stand-alone Windows workstations, networked servers, primary domain controllers, or active directory. Sometimes, it can sniff the hashes off the wire. It also has numerous methods of generating password guesses (dictionary, brute force, and so on).
- Ophcrack (http://ophcrack.sourceforge.net/) is a free Windows password cracker that is based on rainbow tables. It is a very efficient implementation of rainbow tables that are done by the inventors of the method. Ophcrack comes with a GUI and runs on multiple platforms.
Penetration testing tools
- BackTrack (http://www.backtrack-linux.org/) is a free, bootable Linux distribution that contains many open source tools for network security and penetration testing. The tools are organized into different categories such as information gathering, vulnerability assessment, exploitation tools, and privilege escalation. Backtrack is no longer being maintained; it has been switched over to Kali Linux.
- Kali Linux (https://www.kali.org/) is a Linux distribution that aggregates thousands of free software packages. Kali Linux’s non-free section contains several tools which are not open source, but which have been made available for redistribution by Offensive Security through default or specific licensing agreements with the vendors of those tools.
- Metasploit Framework (https://www.metasploit.com/) is a comprehensive tool set that can test all aspects of security with an offensive focus.
- Bro (http://bro-ids.org/) is a network analysis framework that is different from the typical IDS.
- OSSEC is a host-based intrusion detection system that supports multiple platforms including Linux, Solaris, AIX, HP-UX, BSD, Windows, Mac, and VMware ESX. OSSEC is easy to set up and configure, and is fully open source and free.
- Snort (http://www.snort.org/) is an open source network intrusion prevention and detection system (IPS/IDS) developed by Sourcefire. Combining the benefits of signature, protocol, and anomaly-based inspection, Snort is the most widely deployed IDS/IPS technology worldwide. With millions of downloads and over 500,000 registered users, Snort has become the de facto standard for IPS.
- Suricata (http://www.openinfosecfoundation.org/index.php/download-suricata) is an Open Source Next Generation Intrusion Detection and Prevention Engine. Suricata is open source and owned by Open Information Security Foundation (OISF), a community-run non-profit foundation.
Network security monitoring tools
- Security Onion (https://securityonion.net/) is an open source network security monitoring distribution. Security Onion is easy to set up and configure. With minimal effort, you will start to detect security-related events on your network. Detect everything from brute force scanning kids to those nasty APTs. Security Onion contains tools like Snort, ELSA, Xplico, and NetworkMiner. The in-built setup wizard makes it easy to use.
- Sguil (http://sguil.sourceforge.net/) is an intuitive GUI that provides access to realtime events, session data, and raw packet captures. Sguil facilitates the practice of network security monitoring and event-driven analysis. The Sguil client is written in tcl/tk and can be run on any operating system that supports tcl/tk (including Linux, BSD, Solaris, MacOS, and Win32).
- ELSA (https://github.com/mcholste/elsa/) is a centralized syslog framework that is built on Syslog-NG, MySQL, and Sphinx full-text search that provides a fully asynchronous web-based query interface that normalizes logs and makes searching billions of them for arbitrary strings as easy as searching the web. It includes tools to assign permissions for viewing the logs, and email-based alerts, scheduled queries, and graphing.
- Splunk Enterprise (http://www.splunk.com/) is a platform for real-time operational intelligence. Splunk is the easy, fast, and secure way to search, analyze, and visualize the massive streams of log data that are generated by the IT systems and technology infrastructure: physical, virtual, and in the cloud. The free version license allows indexing of up to 500 megabytes of data per day.
Security intelligence tools
- The Talos Intelligence Group is made up of leading threat researchers that are supported by sophisticated systems to create threat intelligence for Cisco products that detects, analyzes, and protects against both known and emerging threats. The Talos Intelligence Group maintains the official rule sets of Snort.org, ClamAV, SenderBase.org, and SpamCop. (Reference: Talos Intelligence Group blog, http://www.talosintelligence.com, http://blogs.cisco.com/talos.)
- CVSS (https://www.first.org/cvss/) is a free and open industry standard for assessing the severity of computer system security vulnerabilities. The current version of CVSS (CVSSv3.0) was released in June 2015.
- OWASP (https://www.owasp.org/) is an open community that is dedicated to enabling organizations to conceive, develop, acquire, operate, and maintain applications that can be trusted. All the OWASP tools, documents, forums, and chapters are free and open to any one who is interested in improving application security. OWASP advocates are approaching application security as a people, process, and technology problem because the most effective approaches to application security include improvements in all these areas.
- VirusShare.com (https://virusshare.com/) is a repository of malware samples to provide security researchers, incident responders, forensic analysts, and the morbidly curious access to samples of malicious code.
- VirusTotal (https://www.virustotal.com/) is a subsidiary of Google. VirusTotal is a free online service that analyzes files and URLs enabling the identification of viruses, worms, Trojans, and other kinds of malicious content detected by antivirus engines and web site scanners.