Top 15 Open Source. Free Security. Tools. 1. Nmap Nmap (“Network Mapper”) is a free and open source (license) utility for network discovery and security auditing. 2. Wireshark is a network protocol analyzer. 3. Metasploit Community Edition simplifies network discovery and vulnerability verification for specific exploits, increasing the effectiveness of vulnerability scanners. 4. Nikto is an Open Source (GPL) web server scanner which performs comprehensive tests against web servers for multiple items, including over 6400 potentially dangerous files/CGIs, checks for outdated versions of over 1200 servers, and version specific problems on over 270 servers. 5. John the Ripper is a fast password cracker, currently available for many flavors of Unix, Windows, DOS, BeOS, and OpenVMS. 6. ettercap Ettercap is a comprehensive suite for man in the middle attacks. 7. The Nexpose Community Edition is a free, single-user vulnerability management solution. 8. 9. 10. w3af w3af is a Web Application Attack and Audit Framework. 11. hping 13.
The Web's #1 Hacking Tools Directory - with tutorial videos! Hacking Tools Directory with Video Tutorials By Henry Dalziel | Information Security Blogger | Concise Courses We are big fans of blogging about Hacker Tools – for one major reason: if you are serious about working in cyber security you need to be able to use these tools like a boss. Hacking tools are what boxing gloves are to a boxer or what a spanner is to a plumber. A pentester (or ethical hacker) can be judged by their ability to use these tools, frameworks and programs, so get to know them! So! We have broken down our directory into the following hacking tools categories: (We feel that the below categories should encompass all the different fields within cyber security but as ever, if you feel that we have missed one out please let us know by dropping a comment below.) Let us know what you think about our Directory – we would love to hear your feedback. We’ve tried our best to suggest videos that don’t have background music and that are dictated by an ‘expert’ within that field.
Top Five Hacker Tools Every CISO Should Understand As the role of the CISO continues to evolve within organizations towards that of an executive level position, we see a growing emphasis on traditional business administration skills over the more technical skills that previously defined the top security leadership job. Nonetheless, CISOs need to keep abreast of the latest down-in-the-weeds tools and technologies that can benefit their organization’s security posture, as well as those tools that are widely available which could be misused by malicious actors to identify and exploit network security weaknesses. In light of that fact, we recently spoke to Nabil Ouchn (@toolswatch), the organizer of the Arsenal Tools exhibit and activities at the BlackHat Conferences in both the US and Europe since 2011, as well as being the founder of the portal ToolsWatch.org. (Part Two Here: Five More Hacker Tools Every CISO Should Understand) Armitage HashCat “There is constantly a battle between security folks and users when it comes to passwords. Wifite
Hardware-based security more effective against new threats With software security tools and network vulnerabilities constantly being targeted by hackers, securing hardware components will grow in importance given it is more secure and cybercriminals will find it difficult to alter the physical layer for their purposes. Patrick Moorhead, president and principal analyst of Moor Insight and Strategy, said hardware-based security is more secure than software tools such as antivirus since it cannot be altered. Hardware-based security refers to safeguarding the computer using components such as processors. An RSA spokesperson added the physical layer eliminates the possibility of malware, such as virtual rootkits, from infiltrating the operating system and penetrating the virtualization layer. In 2010, RSA, together with VMWare and Intel, introduced a proof-of-concept framework to integrate security into the entire hardware stack. One example is ARM's joint venture with Gemalto and Giesecke & Devrient to set up Trustonic in December 2012.
Tools CTF PhoneDog Smartsniff Password Sniffer Related Links Windows Password Recovery ToolsSmartSniff - Monitoring TCP/IP packets on your network adapter Mail PassView - Recover POP3/IMAP/SMTP email passwords. Dialupass - Recover VPN/RAS/Dialup passwords Search for other utilities in NirSoft Description SniffPass is small password monitoring software that listens to your network, capture the passwords that pass through your network adapter, and display them on the screen instantly. Versions History Version 1.13: Fixed bug: When opening the 'Capture Options' dialog-box after Network Monitor Driver 3.x was previously selected, SniffPass switched back to Raw Sockets mode. System Requirements SniffPass can capture passwords on any 32-bit Windows operating system (Windows 98/ME/NT/2000/XP/2003/Vista) as long as WinPcap capture driver is installed and works properly with your network adapter. On Windows XP/SP1 passwords cannot be captured at all - Thanks to Microsoft's bug that appeared in SP1 update... Using SniffPass Command-Line Options
Black Hat USA 2014 - Arsenal Returning bigger than ever for 2014, Black Hat is pleased to once again present Arsenal--a Tool/Demo area where independent researchers and the open source community will showcase some awesome weapons. See below for the full list and descriptions of each of these tools. Hours and Location: August 6, 2014 | 10:00 - 18:00 | Breakers JK August 7, 2014 | 10:00 - 18:00 | Breakers JK Android Device Testing Framework The Android Device Testing Framework ("dtf") is a data collection and analysis framework to help individuals answer the question: "Where are the vulnerabilities on this mobile device?" Dtf provides a modular approach and built-in APIs that allows testers to quickly create scripts to interact with their Android devices. Automated Memory Analysis Automated Memory Analysis is a set of new innovative Cuckoo Sandbox plugins that adds new dynamic and memory analysis abilities such as: Demonstrations will cover how the plugins can help security researchers analyze advanced malware. BeEF Dradis
Autopsy Forensic Easy to Use Autopsy was designed to be intuitive out of the box. Installation is easy and wizards guide you through every step. All results are found in a single tree. Extensible Autopsy was designed to be an end-to-end platform with modules that come with it out of the box and others that are available from third-parties. Timeline Analysis - Advanced graphical event viewing interface (video tutorial included). See the Features page for more details. There is currently a Autopsy Module Writing Contest going on right now before OSDFCon 2016. Fast Everyone wants results yesterday. Cost Effective Autopsy is free. 100+ Alternative Search Engines You Should Know If someone asks you, off the top of your head, what search engines you use or know off, chances are you’ll be naming the regulars: Google, Bing, Yahoo. The Internet however is a really big place and there are plenty more search engines out there that can cater to very specific requirements. General Search Engines We’re skipping the search engines that everyone know about so you won’t be seeing Google, Yahoo or Bing in this list. <img src=" width="800" height="400" alt="ecosia">Pin itMyWebSearch – MyWebSearch is search engine that shows results from Google. Regional Search Engines <img src=" width="800" height="400" alt="najdi">Pin itSearch Nigeria – Search Nigeria is a web based portal and search engine. Kid-Safe Search Engines Social Media Search Engines Image & Icon Search Engines Knowledge Search Engines
Mac Hacking [dot] net - Knowledge Base OWASP Testing Guide v4.0. Guia de seguridad en aplicaciones Web. La fundación Open Web Application Security Project lidera desde 2001 un proyecto libre sin ánimo de lucro orientado a promover la seguridad del software en general y de aplicaciones web en particular, manteniendo para ello varios proyectos e iniciativas. Bajo licencia Creative Commons, genera y distribuye libremente material de alta calidad desarrollado por decenas de profesionales relacionados con el desarrollo y seguridad del software, entre ellos guías, plataformas educativas y herramientas de auditoría, etc. Situadas entre las publicaciones más valoradas en relación al sector de auditorías de seguridad, las guías publicadas por la fundación OWASP se han convertido en un referente en el mundo de la seguridad del desarrollo y evaluación de aplicaciones. Guía de pruebas OWASP versión 4. En la guía se presenta una metodología que recorre de forma organizada y sistemática todas las posibles áreas que supongan vectores de ataque a una aplicación web. • Gestión de Identidades 1. 2. 3. 4.