POGDEN.CO.UK 
Disclaimer
I can not be held accountable
for the use of any of these tools, They are provided
as a means to learn about and test the security of your own network or systems.
Remember the difference between using these tools for good, and using them for
evil is PERMISSION!! If you don’t want to spend the next few years
sharing a cell as Bubba’s plaything then make sure you OWN or have PERMISSION
to use these tools against your target.
‘The Price of Greatness is
Responsibility’ Winston Churchill
‘Bring war material with you from home, but forage on the enemy...
use the conquered foe to augment one's own strength.’
-Sun Tzu, the Art of War
Not really a tool, but you can sign up for a free email account
with PGP Encryption. Very good for private communication.
You
can also look at SIMP LITE
Very easy to set up and lets you encrypt your MSN conversations
Needed
for most of these tools in Windows, Linux users need LibPcap (Usually included
in most distro’s if not easy to find with google
Excellent War-Dialler with Source Code.
Working under DOS, Win95/98/NT/2K/XP
and all DOS emulators (UNiX) on all 80x86 processors
NMAP
(Windows) NMAP (Redhat
RPM)
Port
Scanner, used extensively during pen-testing for reconnaissance, and
vulnerability assessment
Tool
for Layer 2 attacking, that gets its name from a particularly
nasty bacteria that causes plague.
But be warned!!! Some of the features can cause a Dos Attack and
wipe out your network.. as
always RTFM and understand before you play !!!
Vulnerability
Assessment Tool, Essential in tool for Pen-Testing Link Supplied Only, you need to agree to the terms of use. Only available
for UNiX, but you can get a nessus client on a windows
machine if you have access to a nessus server elsewhere. You also need to
provide an email address for the plugin feeds. They are free if you opt for the
delayed feed.
One
of my favourite tools, Think Switched environments are
safe??? Think again. Ettercap is a suite for MITM (Man in the middle) attacks
on a switched LAN. It features sniffing of live connections, content filtering
on the fly and includes features for network and host analysis. It can even
capture ciphered connections!! Almost all platforms are supported.
There
are other tools out there for password cracking, but this one works for me. Can be used against a wide range of architectures. As
powerful, if not better than l0phtCrack!!
I am also trying to obtain rainbow tables for faster password cracking.
I may make these available on DVD (If I get time) Otherwise you might want to
check out http://rainbowtables.shmoo.com
Nikto is an open source (GPL) web
server scanner which performs comprehensive tests against web servers. It
includes tests for over 3200 potentially dangerous files/CGIs
on over 625 servers and over 230 version specific problems. Only for Unix (Though you can run it in cygwin
if you have the required libraries)
What
can I say, Wireless detector, Sniffer, IDS. Passively
detects wireless access points and sniffs the traffic going to them.
Interesting when you find unsecured access points. Also streams can be saved as
a pcap file for later WEP cracking efforts. Windoze Users can also check out Netstumbler,
but this is only a war driving tool. It doesn’t have the ability to capture
packets.
Another
Wireless tool, This one can ‘recover’ lost WEP Keys. Appears to have been compiled for XP as well as all the Unixes.
Parallized login hacking tool. Can be used for Sabma, FTP, POP3, IMAP, Telnet,
HTTP Auth, LDAP, NNTP, MySQL, VNC, ICQ, Socks5,
PCNFS, Cisco etc etc etc….
Start
to finish Exploitation framework tool. Comes in all OS
Flavours, works with XP with a fully integrated Cygwin
package. Has updates for new exploit code and can be used through a web
interface… Remember to RTFM !! (Read the f* Manual)
Fun
with HP Printers, You can upload/hide files, use them as FTP Servers, issue
commands, change the LCD display and a whole host of other things. Works on
Windows or can be used in Linux with WINE.
217
Handy Network tools all in one easy to use Gui. NetWag is the GUI
front-end to NetWox. Includes a
myriad of things to play with. Can be dangerous in the wrong hands !! Remember to RTFM !!
Binaries included for Windows and UNiX
This
tool is great. It’s a proof of concept designed to run on your Bluetooth
enabled mobile (Supposed to run on all J2ME MIDP 2.0 VM equipped phones) to
sniff out Bluetooth connections and perform a variety of attacks against the
SMS, Phonebook and even dialling numbers through vulnerable bluetooth
devices.
There
are a whole host of other Bluetooth hacking tools available for Linux (Bluez, BlueSniffer, BlueSnarfer and Redfang) which
are also a lot of fun when you are on the train home and that annoying person
in the quiet coach a few seats down from you won’t stop talking on their phone
>) I just couldn’t be bothered to post them here. (Google any of the names
and you’ll find them)
VOMIT (Voice over MIs-configured
Telephones)
A new one on here, good for intercepting VoIP
Traffic and having some fun.
There is another tool out there called Tourettes
which injects swear words into VoIP Streams but I’m
having trouble finding it, Maybe soon J
That’s
about it for now. I do use many other tools but I’d be here all day posting
them. It’s a matter of personal preference. There are usually several
variations of tools available. Some do the same as others, Some
have a better plugin list, some work better on different OS’s.
Check out the links section as a starting point for finding tools and
information. And theres always Google
:D Happy Hunting !!!