SecTools.Org: Top 125 Network Security Tools For more than a decade, the Nmap Project has been cataloguing the network security community's favorite tools. In 2011 this site became much more dynamic, offering ratings, reviews, searching, sorting, and a new tool suggestion form . This site allows open source and commercial tools on any platform, except those tools that we maintain (such as the Nmap Security Scanner , Ncat network connector , and Nping packet manipulator ). We're very impressed by the collective smarts of the security community and we highly recommend reading the whole list and investigating any tools you are unfamiliar with. Click any tool name for more details on that particular application, including the chance to read (and write) reviews. 12 tools Aircrack is a suite of tools for 802.11a/b/g WEP and WPA cracking. version 1.1 on April 24, 2010 (2 years, 5 months ago). crackers wireless version 4.9.43 on Dec. 3, 2011 (10 months ago). sniffers traffic-monitors fuzzers Categories
Airsnarf - A rogue AP setup utilitySearch Google anonymously while staying logged in to your account in FirefoxOne of the things that keeps some users from using Google Search is the certainty that everything that is done on the site is being logged and analyzed by Google. While it is possible to overcome this, for instance by launching searches only in the browser's private browsing mode, or using search engines such as Startpage that use Google search results but do not track you, you may prefer an automated solution that just works in the background without you doing anything. You could try and use Google while you are not signed in to your Google Account, but that too means some form of tracking as there are other means besides tracking a user by account. Plus, it means that you cannot use other Google Services such as Gmail properly without signing in first again. Another option would be to use two different web browsers, one for Google searches, the other for all other activities. The new Firefox add-on Searchonymous introduces a solution that resolves this issue.
Welcome! (VX heavens)Newest Social Net Scam: Stranded Friend - PCWorldThe FBI and its Internet Crime Complaint Center (IC3) says they are seeing an uptick in the complaints about online scammers trying to steal your money posing as a good friend left stranded somewhere in need of quick cash. FBI details most difficult Internet scams The IC3 said it is getting reports of individuals' e-mail or social networking accounts such as Facebook being compromised and used in a social engineering scam to swindle consumers out of thousands of dollars. . The notice claims the victim is in immediate need of money due to being robbed of their credit cards, passport, money, and cell phone; leaving them stranded in London or some other location. Simply one can verify the situation by calling the friend or confirming the situation before sending any money. Online scams like the "stranded" con plague the Internet and continue to make scammers money.
OpenSSHTop 15 Open Source/Free Security/Hacking Tools | Security & Hacking Blog1. Nmap Nmap (“Network Mapper”) is a free and open source (license) utility for network discovery and security auditing. Nmap uses raw IP packets in novel ways to determine what hosts are available on the network, what services (application name and version) those hosts are offering, what operating systems (and OS versions) they are running, what type of packet filters/firewalls are in use, and dozens of other characteristics. Nmap homepage. 2. Wireshark is a network protocol analyzer. 3. Metasploit Community Edition simplifies network discovery and vulnerability verification for specific exploits, increasing the effectiveness of vulnerability scanners. 4. Nikto is an Open Source (GPL) web server scanner which performs comprehensive tests against web servers for multiple items, including over 6400 potentially dangerous files/CGIs, checks for outdated versions of over 1200 servers, and version specific problems on over 270 servers. 5. 6. ettercap 7. 8. 9. 10. w3af 11. hping 12. burpsuite 13.
How to Install Aircrack on Mac in 3 Easy Steps Installing Aircrack-ng can be a little confusing if you don't understand the lingo. Let me guide you trough those steps and you'll have Aircrack running natively in no time and almost no effort. Why Use Aircrack? Aircrack-ng is about up to 5 to 10 times faster than KisMAC when it comes to cracking WPA or WEP password. KisMAC has an old Aircrack Engine and, honestly, it needs an update... Aircrack-ng 1.1 churns about 1500 "WPA" keys per Second, or about 360 Passphrase/second when KisMAC is left behind at 160/Sec on a dual core. Aircrack-ng can recover keys for WEP and WPA. Yes, it's 1,576,213 PMK/S. Back to Aircrack: On WEP, the difference is extremely noticeable, especially on low IV's captures. For Airport users, once decrypted, you have to enter the key without semicolons and space. If you are not familiar with the lingo, or wonder what does what, I would suggest reading the FAQ first. Installing Aircrack-ng on OS X You'll need: The Installation
Researchers: Password Crack Could Affect Millions - CIO.com - Business Technology LeadershipIDG News Service — A well-known cryptographic attack could be used by hackers to log into Web applications used by millions of users, according to two security experts who plan to discuss the issue at an upcoming security conference. Researchers Nate Lawson and Taylor Nelson say they've discovered a basic security flaw that affects dozens of open-source software libraries -- including those used by software that implements the OAuth and OpenID standards -- that are used to check passwords and user names when people log into websites. OAuth and OpenID authentication are accepted by popular Web sites such as Twitter and Digg. They found that some versions of these login systems are vulnerable to what's known as a timing attack. Cryptographers have known about timing attacks for 25 years, but they are generally thought to be very hard to pull off over a network. The researchers aim to show that's not the case. Continue Reading
Wireshark · Go deep.How Your Username May Betray YouBy creating a distinctive username—and reusing it on multiple websites—you may be giving online marketers and scammers a simple way to track you. Four researchers from the French National Institute of Computer Science (INRIA) studied over 10 million usernames—collected from public Google profiles, eBay accounts, and several other sources. They found that about half of the usernames used on one site could be linked to another online profile, potentially allowing marketers and scammers to build a more complex picture of the users. “These results show that some users can be profiled just from their usernames,” says Claude Castelluccia, research director of the security and privacy research group at INRIA, and one of the authors of a paper on the work. “More specifically, a profiler could use usernames to identify all the site [profiles] that belong to the same user, and then use all the information contained in these sites to profile the victim.”