Tools
This will be a continual work in progress. All links and tools mentioned are for the purpose of ethical hacking, legal penetration testing, and security research. Use at your own risk. As new tools are created every day and some listed below may not have a link, please feel free to Submit Content and it will be added.
Bluetooth Radio Analysis
BCCMD - utility for the CSR BCCMD interface
BSS - L2CAP layer fuzzer
BTAddr
BTAudit
BTPinCrack
Bluebugger - implementation of blue bug technique
BlueMaho
Blueprint
BlueScan
BlueSmash
BlueSnarfer
BlueSquirrel
Braces
Btscanner
CW-Tools
CarWhisperer
Frontline
Ghettotooth
GreenPlaque
HCIDump - reads raw HCI data
HID-Attack
Minicom
ObexFTP
ObexStress
Packet Replay
Redfang
TBSearch
TBear
Tanya
Ussp-Push - OBEX object pusher
Database Analysis
BlindSQL - contains SQLCheck and SQLData shell scripts
DBPwAudit - online password auditing for numerous db servers
MSSQLScan - scans for MSSQL servers
Metacoretex - database vulnerability scanner
Mysqlaudit - audits for common security misconfigurations in MySQL
Oracle Auditing Tools - OraclePWGuess, OracleQuery, OracleSamDump, OracleSysExec, and OracleTNSCtrl
OScanner - Oracle assessment framework
PBLind - exploits blind sql injection vulnerabilities
SA Exploiter - website seems down, but great MSSQL tool available with BackTrack
SQLiX - SQL injection scanner from OWASP
SQLMap - automated sql injection
SQLbrute - brute force data with blind SQL injection
SQL Ninja - SQL Server injection and takeover tool
Sqlsus - MySQL injection and takeover tool
THC-OracleCrackert - Oracle 11g password cracker
UDF
Digital Forensics
AIR Imager
Afcat
Afcompare
Afconvert
Affix
Afinfo
Afstats
Afxml
Aimage
Allin1
Autopsy
Chkrootkit
Clamscan
DCFLDD
DD_rescue
Fatback
Foremost
Galleta
Magicrescue
MBoxGrep
Memdump
PhotoRec
Scalpel
Scrub
TestDisk
TrID
Vinetto
Wipe
Information Gathering
0trace - runs traceroute with an established TCP connection, bypasses some packet filtering
DMitry - gathers information about a host
dnswalk - DNS debugger
DNSTracer - determines where a given DNS gets its information from
DNSenum - enumerates information on a given domain and discovers non-contiguous ip blocks
dnsmap - subdomain bruteforcer for stealth enumeration
Dnsrecon - target enumeration through DNS
Dradis - information sharing framework
Fierce Domain Scan - domain scanner capable of identifying targets inside and outside a corporate network
Goorecon - enumeration of hosts, subdomains, and emails from a given domain using Google
Gooscan
Itrace
Lanmap
Lbd
Maltego
Metagoofil
Netenum
Netmask
Protos
SEAT
TCPtraceroute
Tctrace
TheHarvester
Malware Analysis (Windows Tools)
AutoIT
bintext
CaptureBAT
Depends
Dud
DynamicAnalysis
File
Frhed
FSG
GUnPacker
Handle
InCtrl
Inetsim
md5sum
odbg
Openports -
pecheck - assists with pefile
pefile - python module to read and work with portable executables
PEID - detects common packers, crypters, and compilers, now discontinued
PEview - view structure and content of 32 bit portable executables
pmdump - dump memory contents of process to file without killing process
ProcessExplorer - advanced Windows process explorer
ProcessMonitor - advanced Windows process monitoring
ProtectionID - detect copy protections
RegShot - registry comparison utility
Sandnet - network operating system
Strings - strings for Windows by SysInternals
TCPView - SysInternals tool for displaying all TCP and UDP connections
TrID - file identifier
Truman - sandnet builder
upx - the ulitimate packer for executables
UserDB - installer/packer database
WinDump - Windows version of tcpdump
WinPcap - Windows packet capture library
Wireshark - network protocol analyzer
xvi - freeware hex editor
Network Mapping
0trace - hop enumeration tool
4nmp -
Amap - first application protocol detection scanner
Arping - ARP level ping utility
Autoscan - network scanner
DMitry - deep magic information gathering tool
Fping - ping hosts in parallel
Genlist - ping scanner
Hping2 - a spoofing network scanner
Hping3 - a spoofing network scanner
Httprint - webserver fingerprinting tool
Httsquash - HTTP server scanner
Ike-scan - IPSec VPN scanner
Lanmap - build 2d network diagram
Lanmap2 - network visualizer
LetDown - TCP flooder
Nbtscan - NetBIOS network name scanner
Netifera - GUI network mapping tool
Nmap - versatile network mapper
Nsat - robust scanner
Onesixtyone - SNMP scanner
OutputPBNJ - query a PBNJ database
p0f - passive OS fingerprinting tool
PSK-Crack - crack preshared keys collected with Ike-scan
Propecia - fast class C domain scanner
Protos - IP protocol scanner
ReverseRaider - domain scanner
SCTPscan - scan SCTP enabled machines
SSLscan - fast SSL scanner
ScanPBNJ - monitor changes to a network over time
TCPtraceroute - a traceroute implementation using tcp packets
Unicornscan - informationg gathering and correlation engine
XProbe2 - remote, active OS fingerprinting tool
Zenmap - cross platform Nmap GUI
Smb4k - The advanced network neighborhood browser for KDE
Password Attacks
Bkhive - recover Syskey bootkey from HIVE
BruteSSH - perform dictionary attacks against SSH servers
Chntpw - reset user passwords on Windows NT or 2000
CUPP - Common User Passwords Profiler
Crunch - word list generator
DNSBruteforce - make a brute force on name resolution
Hydra - fast and flexible network login hacker
John - fast password cracker
Lodowep - Lotus Domino webserver brute forcer
Medusa - massively parallel, modular, login brute forcer
Ophcrack - Windows password cracker based on rainbow tables
Pw-inspector - reports passwords matching requirements
Pyrit - WPA/WPA2-PSK brute forcer
RTDump - recalculate the chain
RTGen - generate rainbow tables
RTSort - sort rainbow tables
Rainbowcrack - crack hashes with rainbow tables
Rarcrack - RAR password brute forcer
RWW-Attack - Remote Web Workplace brute forcer
Saltymd5 - brute force salted MD5's
Samdump2 - Windows SAM auditing tool
SSHatter - SSH brute forcer
TFTP-bruteforcer - TFTP brute forcer
VNCrack - VNC brute forcer
Wyd - password profiling tool
XHydra - telnet brute forcer
Penetration
Fast Track - BackTrack front-end that automates a great deal of MetaSploit
Inguma - a free Vulnerability Research and Penetration Testing Toolkit
Metasploit Exploitation Framework - modular penetration testing framework
sapyto - SAP Penetration Testing Framework
Social Engineering Toolkit - self explanatory, amazing
Reverse Engineering
Evans Debugger - Linux equivalent of OllyDBG
GDB GNU Debugger - open source debugger
IDA Pro - Windows or Linux hosted multi-processor disassembler and debugger
Immunity Debugger - Windows debugger
OllyDBG - 32-bit assembler level analysing debugger for Windows
RFID Analysis
RFIDIOt - huge collection of tools and hardware recommendations
Session Hijacking
Hunt - tcp connection hijacking
IP Watcher - control unencrypted login sessions
Juggernaut - network sniffer with hijacking capabilities
TTY watcher - monitor and control users on a system
Sniffers
Arpalert - detects illegal sessions
DSniff - passive network monitoring
Driftnet - picks out images from a tcp stream its monitoring
EtherApe - graphical network monitor
Ettercap - man in the middle suite
Ferret - data seepage detection tool
Hamster - HTTP session hijacking with passive sniffing
Ntop - network top
SMBRelay3 - exploit weak NTLM challenges with replay attacks
SSLDump - SSLv3/TLS protocol analyzer
SSLStrip - workaround SSL hijacking
TcPick - tcp stream sniffer, tracker, and capturer
Wireshark - network protocol analyzer
Xspy - monitor keypresses on remote X server
Xwatchwin - watch a window on another X server
Spoofing
ADM-dns-tools - spoof DNS packets
EtherApe - graphical network monitor
Ettercap - man in the middle suite
ICMP Redirect - redirect ICMP at will
IRDP Responder - IRDP request sniffer
ISP
Igrp route injection
Middler - man in the middle tool
Nemesis - packet injection tool suite
Netsed - packet stream editor
Netenum - produce list of hosts for other programs
PackETH - ethernet packet generator
PACKIT - packet generation toolkit
SSLDump - SSLv3/TLS protocol analyzer
SSLStrip - workaround SSL hijacking
Scapy - interactive packet manipulation
SING - Send ICMP Nasty Garbage
TCPreplay - load balancing TCP forwarder
Tunneling
3proxy - tiny free proxy server
CryptCat - encrypted netcat
DNS2tcp - relay TCP through DNS
Miredo - Teredo IPv6 tunneling
Nstx - tunnel IP over DNS
ProxyTunnel - tunnel through HTTPS proxies
Proxychains - tunnel through HTTP and SOCKS
Proxyresolv - dns resolution through tunnel
Ptunnel - tunnel with ICMP echoes
Sbd - encrypted netcat clone
Socat - multipurpose replay
Stunnel4 - encrypt TCP packets in SSL
TinyProxy - light-weight HTTP proxy
UDPtunnel - tunnel UDP packets over TCP
VoIP Analysis
Ace - VoIP corporate directory enumeration
Add_registrations - bind another SIP address to target
EnumIAX - IAX2 login enumerator
Erase_registrations - DOS by SIP REGISTER
IWar - IAX2 wardialer
Iaxflood - create IAX packets
Inviteflood - SIP INVITE flood to phone or proxy
Ohrwurm - RTP fuzzer
PCAPsipdump - dump sip to tcpdump format
Protos-Sip - SIP fuzzer
RTP Flood - flood phone or proxy
RTP InsertSound - inserts audio file into active conversation
RTP MixSound - mixes audio file into active conversation
RTPInject - inject arbitrary audio into RTP connection
RTPbreak - analyze RTP sessions
RedirectPoison - redirect SIP INVITEs
SIPP - SIP traffic generator
SIPSak - SIP swiss army knife
SIPcrack - SIP login cracker
SIPdump - sniff SIP logins
SIPvicious - SIP tool suite
Sip-scan - fast SIP network scanner
Sip_rogue - SIP proxy
Smap - SIP stack fingerprinting scanner
Teardown - Tear down SIP connections
ucsniff - VoIP & IP Video Security Assessment tool
vnak - attack multiple VoIP protocols
VoIPER - VoIP Exploit Research toolkit
VoIP Hopper - VLAN Hop test tool
VoIPong - VoIP sniffer and call detector
vomit - voice over misconfigured internet telephones
Warvox - VoIP wardialer
Vulnerability Identification
Nessus - free for personal use, commercial scanner by Tenable
OPENVAS - fork of the Nessus project opting to remain open source
SAINT - commercial scanner
Web Application Analysis
Acunetix Web Vulnerability Scanner - commercial product
ASP-Audit - fingerprint ASP.NET servers
AppScan - IBM, formerly Rational commercial product
Burpsuite - web attacking platform
CeWL - Custom Word List generator
Core IMPACT Pro - commercial product
CSRFTester - CSRF testing script from OWASP
cURL - command line HTTP/HTTPS client
DFF Scanner - finds common files and folders on web server
DirBuster - directory and file brute forcer
Durzosploit - javascript exploit generation framework in Ruby
Exploit-Me - free Firefox addons from Security Compass (XSS-Me, SQL Inject-Me, Access-Me)
Fierce Domain Scanner - reconnaissance tool for quickly scanning domains by RSnake
fimap - find local and remote file inclusion bugs
Flare - Actionscript decompiler
Flasm - assembler/disassembler of Flash ActionScript bytecode
GPScan - Google profile scanner
Grabber - web application scanner in Python
Grendel-Scan - web application security testing tool
hcraft - HTTP vulnerability request crafter
httprint - web server fingerprinting tool
JBroFuzz - web application fuzzer
JMeter - Java based load and performance tester by Apache
lbd - load balancing detector
List-Urls - link extractor, comes with BackTrack, link is howto use it
Lynx - text web browser
Metasploit WMAP - web application scanning framework for Metasploit
Mini MySqlat0r - discover and exploit SQL injection exploits, written in Java
N-Stalker Web Application Security Scanner - commercial product
Nikto - web server scanner with a lot of CGI capabilities
openAcunetix - java-based web application scanner
Paros proxy - web scanning Java based proxy
Powerfuzzer - automated and customizable web fuzzer
ProxyStrike - active web application proxy
ratproxy - semi-automated, largely passive web application security audit tool
SWFIntruder - first Flash application runtime testing and analysis tool
soapUI - web service testing tool
w3af - web application attack and audit framework
WAFW00F - identify and fingerprint web application firewall products
Wapiti - web application vulnerability scanner / security auditor
WebInspect - HP's commercial product
WebScarab - web scanning framework in Java from OWASP
Webshag - web server audit tool with crawling, URL scanning, and fuzzing
Wfuzz - the web bruteforcer
Whisker - deprecated scanner, but home of libwhisker
WhiteHat Sentinel - commercial product
Wikto - similar to Nikto, built on .Net framework *shivers*
WMAT - web mail login tester
XSSS - brute force cross site scripting scanner
