Sectools.org Top 100: Tools 31 - 40

Chris Clymer

ChrisClymer.com/articles/sectools_31-40

Legend

• - Generally costs money. Free limited/demo/trail versions may be available
• - Works natively in Linux
• - Works natively on BSD variants. OpenBSD, FreeBSD, Solaris, other UNIX variants.
• - Works natively on Mac OS X
• - Works natively on Microsoft Windows
• - Features a command-line interface
• - Offers a GUI interface
• - Source code available for inspection

#31 - Airsnort

• "802.11 WEP Encryption Cracking Tool
• Developed by the Shmoo Group
• Passively monitors network transmissions
• Computes encryption key once enough packets are gathered

#32 - BackTrack

• "An Innovative Penetration Testing Live Linux Distribution"
• Slax-based Linux Live CD
• Loaded full of tools from this top 100 list
• The focus of this month's in-depth

#33 - P0f

• "A Versatile Passive OS Fingerprinting Tool"
• Unlike Nmap, P0f does passive, not active scanning
• Passive means that is does not generate any additional network traffic
• Supported by PF and Netfilter

#34 - Google

• "Everyone's Favorite Search Engine"
• Yes, Google is a security tool
• Invaluable for information gathering
• Sensitive information often mistakenly indexed by Google
• Makes finding vulnerable servers easy!

#35 - WebScarab

• "A Framework for analyzing Applications that Communicate using the HTTP and HTTPS Protocols"
• HTTP(S) debugger
• Allows user to see the inner workings of HTTP apps

#36 - Ntop

• "A Network Traffic Usage Monitor"
• Excellent for graphically representing network usage
• Web-based interface works in virtually any browser

#37 - Tripwire

• "The Grandaddy of File Integrity Checkers"
• Used to monitor the status of designated files
• Hashes the file, notifies user of any file change, not simply changed content
• Able to send regular reports as PDF, HTML, or XML

#38 - Ngrep

• "Convenient Packet Matching and Display"
• Offers Grep's functionality on the network layer
• Speaks TCP, UDP, ICMP, PPP, SLIP, FDDI, Token Ring, and more
• Can parse PCAP data

#39 - Nbtscan

• "Gathers NetBIOS Info from Windows Networks"
• Queries IP networks for NetBios hosts
• Builds a human-readable report from data

#40 - WebInspect

• "A Powerful Web Application Scanner"
• Used to identify known and unknown web vulnerabilities
• Focused on the application layer
• Checks proper configuration, injection, cross-site scripting, directory traversal, and more

In Depth: BackTrack

• A Little History
• Included Tools
• Neat BackTrack Tricks
• Demonstration

BackTrack History

• Backtrack is the result of the merger of Whax and Auditor
• Whax is based on Slax, which is itself a Live CD based on Slackware Linux
• Whax began life as Whoppix, at which point it was based off of Knoppix
• The switch to the Slax base was because of the much greater ease in making a Slax distribution
• Auditor was a Knoppix-based security toolkit
• When Auditor and Whax merged, they decided to use Slax as the base
• Recently BackTrack2 was released

Let me draw you a picture...

Included Tools

* Ass * DMitry * DNS-Ptr * dnswalk * dns-bruteforce * dnsenum * dnsmap * DNSPredict * Finger Google * Firewalk * Goog Mail Enum * Google-search * Googrape * Gooscan * Host * Itrace * Netenum * Netmask * Pirana * Protos * QGoogle * Relay Scanner * SMTP-Vrfy * TCtrace * Amap 5.2 * Autoscan 0.99_R1 * Fping * Hping * IKE-Scan * IKEProbe * Netdiscover * Nmap * NmapFE * P0f * PSK-Crack * Ping * Protos * Scanrand * SinFP * Umit * UnicornScan * UnicornScan pgsql 0.4.6e module version 1.03 * XProbe2 * PBNJ 2.04 * OutputPBNJ * ScanPBNJ * Genlist * Absinthe * Bed * CIRT Fuzzer * Checkpwd * Cisco Auditing Tool * Cisco Enable Bruteforcer * Cisco Global Exploiter * Cisco Scanner * Cisco Torch * Curl * Fuzzer 1.2 * GFI LanGuard 2.0 * GetSids * HTTP PUT * Halberd * Httprint * Httprint GUI * ISR-Form * Jbrofuzz * List-Urls * Lynx * MS03-026 * MS03-059 * Merge Router Config * Metacoretex * Metoscan * Mezcal HTTP/S * Mibble MIB Browser * Mistress * Nikto * OAT * Onesixtyone * OpenSSL-Scanner * Paros Proxy * Peach * RPCDump * RevHosts * SMB Bruteforcer * SMB Client * SMB Serverscan * SMB-NAT * SMBdumpusers * SMBgetserverinfo * SNMP Scanner * SNMP Walk * SQL Inject * SQL Scanner * SQLLibf * SQLbrute * Sidguess * Smb4K * Snmp Check * Snmp Enum * Spike * Stompy * SuperScan * TNScmd * Taof * VNC Auth Scanner * Wapiti * Yersinia * sqlanlz * sqldict * sqldumplogins * sqlquery * sqlupload * Framework3-MsfC * Framework3-MsfUpdate * Framework3-Msfcli * Framework3-Msfweb * Init Pgsql (autopwn) * Milw0rm Archive * MsfCli * MsfConsole * MsfUpdate * OpenSSL-To-Open * Update Milw0rm * Ascend attacker * CDP Spoofer * Cisco Enable Bruteforcer * Crunch Dictgen * DHCPX Flooder * DNSspoof * Driftnet * Dsniff * Etherape * EtterCap * File2Cable * HSRP Spoofer * Hash Collision * Httpcapture * Hydra * Hydra GTK * ICMP Redirect * ICMPush * IGRP Spoofer * IRDP Responder * IRDP Spoofer * John * Lodowep * Mailsnarf * Medusa * Msgsnarf * Nemesis Spoofer * NetSed * Netenum * Netmask * Ntop * PHoss * PackETH * Rcrack * SIPdump * SMB Sniffer * Sing * TFTP-Brute * THC PPTP * TcPick * URLsnarf * VNCrack * WebCrack * Wireshark * Wireshark Wifi * WyD * XSpy * chntpw * 3proxy * Backdoors * CryptCat * HttpTunnel Client * HttpTunnel Server * ICMPTX * Iodine * NSTX * Privoxy * ProxyTunnel * Rinetd * TinyProxy * sbd * socat * Housekeeping * AFrag * ASLeap * Air Decap * Air Replay * Airmon Script * Airpwn * AirSnarf * Airbase * Airodump * Airoscript * Airsnort * CowPatty * FakeAP * GenKeys * Genpmk * Hotspotter * Karma * Kismet * Load IPW3945 * Load acx100 * MDK2 * MDK2 for Broadcom * MacChanger * Unload Drivers * Wep_crack * Wep_decrypt * WifiTap * Wicrawl * Wlassistant * Bluebugger * Blueprint * Bluesnarfer * Btscanner * Carwhisperer * CuteCom * Ghettotooth * HCIDump * Ussp-Push * PcapSipDump * SIPSak * SIPcrack * SIPdump * SIPp * Smap * Allin1 * Autopsy * DCFLDD * DD_Rescue * Foremost * Magicrescue * Mboxgrep * Memfetch * Memfetch Find * Pasco * Rootkithunter * Sleuthkit * Vinetto * GDB Console GUI * GDB GNU Debugger * GDB Server * GNU DDD * Hexdump * Hexedit * OllyDBG * SNORT

Neat BackTrack Tricks

• Run it from a USB thumb drive
• Build a password-cracking cluster
• Roll your own custom security toolkit

Customizing BackTrack

Because BackTrack is Slax-based, customizing is easy:
• Download BackTrack ISO from http://remote-exploit.org
• Download a module, or build your own. Modules can trivially be created from sourcecode. Tools also exist to trivially turn Slackware packages into Slax modules.
• Mount the ISO image, and copy the contents to your hard drive
• Copy your module to the modules directory, BT/modules
• Re-master the ISO using any ISO-creating software
• Boot your new image and enjoy!

Demonstration