SQLiX
SQLiX is a SQL Injection scanner, able to crawl, detect SQL injection vectors, identify the back-end database and even execute system commands for MS-SQL. The concepts in use are different than the one used in other SQL injection scanners. SQLiX is able to find normal and blind SQL injection vectors and doesn't need to reverse engineer the original SQL request (using only function calls). This tool is being developed as a part of the OWASP Web Security Project.
Read the Article
|
Packetfence
PacketFence is an open-source network access control (NAC) system. PacketFence is designed to operate in heterogeneous environments and uses vendor-agnostic isolation techniques including DHCP scope changes and ARP cache manipulation ("passive" mode). No Cisco? No problem!
Read the Article
|
SuperScan 4
SuperScan 4 is a completely-rewritten update of the highly popular Windows port scanning tool, SuperScan.
Read the Article
|
IPSecScan
IPSecScan is a tool that can scan either a single IP address or a range of IP addresses looking for systems that are IPSec enabled.
Read the Article
|
AccessEnum
While the flexible security model employed by Windows NT-based systems allows full control over security and file permissions, managing permissions so that users have appropriate access to files, directories and Registry keys can be difficult. There's no built-in way to quickly view user accesses to a tree of directories or keys. AccessEnum gives you a full view of your file system and Registry security settings in seconds, making it the ideal tool for helping you for security holes and lock down permissions where necessary.
Read the Article
|
Paros proxy
A Java based web proxy for assessing web application vulnerability. It supports editing/viewing HTTP/HTTPS messages on-the-fly to change items such as cookies and form fields. It includes a web traffic recorder, web spider, hash calculator, and a scanner for testing common web application attacks such as SQL injection and cross-site scripting.
Read the Article
|
Nikto
Nikto is an Open Source (GPL) web server scanner which performs comprehensive tests against web servers and web sites, including potentially dangerous files/CGIs, versions and web server vulnerabilities. Scan items and plugins are frequently updated and can be automatically updated (if desired). In combination with Nessus this is a powerful tool to complete a full scan of a web server.
Read the Article
|
Ettercap
Ettercap is a terminal-based network sniffer/interceptor/logger for ethernet LANs. It supports active and passive dissection of many protocols (even ciphered ones, like ssh and https). Data injection in an established connection and filtering on the fly is also possible, keeping the connection synchronized. Many sniffing modes were implemented to give you a powerful and complete sniffing suite. Plugins are supported. It has the ability to check whether you are in a switched LAN or not, and to use OS fingerprints (active or passive) to let you know the geometry of the LAN.
Read the Article
|
Hping
hping is a command-line oriented TCP/IP packet assembler/analyzer. The interface is inspired to the ping(8) unix command, but hping isn't only able to send ICMP echo requests. It supports TCP, UDP, ICMP and RAW-IP protocols, has a traceroute mode, the ability to send files between a covered channel, and many other features.
Read the Article
|
Xprobe
Xprobe2 is a remote active operating system fingerprinting tool which uses advanced techniques, some which where first to be introduced with Xprobe2, such as the usage of statistical analysis ('fuzzy logic') to match between probe response(s) to its signature database and others, in order to provide with accurate results regarding the underlying operating system of a probed element(s).
Read the Article
|
