Archive for November 2013

¿Cuánto y como cobrar nuestro código o programa?

Buenas, desde el blog std-io.com, les traigo una publicación sobre algo que le preocupa a muchos, generalmente me pregunta ¿Cuánto tengo que cobrar por  hacer X cosa? ¿Cómo les cobro? generalmente son nuevos en esto de la venta de código y software y suelen hacer este tipo de preguntas, así que basándome en una publicación bastante vieja que leí muy interesante por cierto de Leandor A. (una lástima que programe en vb).

Elegí esta foto por un motivo en específico, en esta entrada entre otras tantas cosas voy a hacer alusión a como crear un árbol que de dinero, esta foto es conocida pero mi intención es darle otro punto de vista al lector…
Para comenzar voy a comentarles como se cobra soft, hacer soft es algo complejo, lleva tiempo, y uno no puede ponerle un precio a una entidad de soft si no puede estipular el tiempo que llevó hacerla, en otras palabras, para poder vivir de esto, el factor tiempo es algo sumamente importante, a la hora de hacer un presupuesto uno tiene dos alternativas, o le dice al cliente cuanto es el honorario por hora de trabajo, o cuanto es el precio final que estimamos para un producto completo.
Por supuesto al cliente generalmente le agrada más la idea del costo del producto final, no obstante es más complejo sacar ese presupuesto, yo ayer estuve sacando un presupuesto de unos 1900 dolares aproximadamente, que ya lo entregué, era algo muy sencillo que no tenía complejidad así que fue bastante simple para mi conseguir un precio justo para el cliente y vendedor.
Si recién empiezas sacar un precio para un producto es complejo, y probablemente no te sirva porque vas a sacar un precio muy elevado o muy barato con respecto al trabajo que conlleva x tarea, por lo que muy probablemente luego te arrepientas o no te acepten el trabajo.
Debes ponerle un precio a tu hora de trabajo, y en base a eso calcular cuanto te tomará hacer x producto y multiplicarlo por el precio de tu hora de trabajo.
Pero en esta modalidad hay varios inconvenientes, empezando porque estimar cuantas horas nos llevará hacer x cosa, es bastante complejo, hasta para mi que llevo haciéndolo bastante tiempo.
Lo mejor al principio es decir, mi hora de trabajo cuesta x, y para desarrollar esto, yo creo que mas o menos tardaré x, y luego le comentas que no tienes una clara idea pero que irás cobrando a medida que avances, de modo que si a tu cliente no le convence la velocidad frenan todo y no es una metida de pata astronómica.
¿Cómo calcular la hora de trabajo?
Inicialmente puedes poner por ejemplo 5 dolares, por decir algo, a medida de que tomes experiencia y empiezas a tener en cuenta otros factores pues simplemente vas subiendo el costo, además si haces uso de los criterios de calidad y otras cosas, tu ganancia será cada vez mayor por más que no subas el costo horario.
Por motivos tales como que para hacer x cosa ya tenes la mitad armada pero igual la cobras (gracias a reusabilidad).-
Cuando tomas experiencia de las cosas que no hay que hacer y las que si, cuando aprendes como poner una seguridad razonable a tus códigos, cuando los clientes ya te conocen y saben que sos responsable y cumplidor, podes ir elevando tu precio por hora, hasta que llegues a lo que consideres suficiente como para manejarte.
Es como un árbol, debes regarlo, al principio no tendrá frutos, porque es chiquito, no tendrás tanta ganancia ni se si tendrás para vivir, pero cuando el árbol crezca por los distintos factores como la experiencia y de maces verás los frutos del árbol.
Tienes que saber que no eres el único programador, y tus clientes podrían cambiar de programador, pero a la larga te tendrán confianza y cambiar de programador les significará que se arriesguen a que no sepa, o que les cause problemas, si contigo están bien, le puedes subir un poco el precio que aún así no les convendrá trabajar con otro programador. Cuando adquieres experiencia es lo mismo, te pueden pagar a ti x o menos a un programador poco experimentado que seguro que meterá la pata hasta el fondo en algún momento y dejará mal parado al cliente, y en caso de que cambien de programador, a la larga volverá por este tipo de errores que se evitaba con vos.
En fin, ponerle un precio al soft, que sea razonable tanto para el programador como para el cliente, no es para nada una tarea fácil.
Saludos!

Leer artículo original: ¿Cuánto y como cobrar nuestro código o programa?

Credenciales de Routers Mikrotik al desnudo..

Como todos los días, ya se me hizo costumbre al levantarme ver mis feeds e ingresar a Underc0de y revisar lo ultimo que se mueve en la red para que no andar obsoleto, como tambien a medio  que ya se volvió un habito diario hoy ingresando a Underc0de leí un interesante post de kn0w  el cual lo traigo al blog.


Así quedó mi cara después de meter mis narices en esta cuestión…


Ante todo, “hola” (que caballero soy..) 

Todo comenzó un día cuando estaba certificando MTCNA de mikrotik, y el certificador al final de una de las clases dijo lo siguiente: 


“No pierdan sus archivos de backups, porque sino será imposible recuperar las claves de admin”…..




Lo primero que pensé es..  esto será cierto?

Comenzó como una inquietud y decidí accionar al respecto:   (uhh que tipo accionador que soy..) 


Primero: Necesitaba un archivo de backup, pero como siempre me ha gustado usar las cosas ajenas de la gente y no las mias (shhh, no lo repartan), decidi buscar alguno en don googlepero.. existirá alguien tan estupido como para  subir un archivo de backup de su router Mikrotik a internet?

La respuesta es un : SI, SEÑOR!! (asi como en la milicia..)






Usando un par de google dorks… aparecíó lo siguiente:


Una vez obtenido el archivo de backup, decidi echarle un vistazo como un hexeditor y encontré lo siguiente:



Yes!!! usuario y clave de changeip…. y bueno, veamos que hay dentro!! 


Ahá! efectivamente es un Mikrotik, y está activo  (ping)

 MMm.. con toda esta info ya me dan ganas de entrar a este misterioso equipo, pero no tengo las claves? como hago?

 Claro!!!  pero tengo el archivo de BACKUP!

A crackear amigos!  —> buscando por ahi me encuentro con ésta web, “Mikrotikpasswordrecovery“, la cual nos da las credenciales haciendo un upload desde un archivo de backup!!


OHHHH my god!! (grito asi estilo pelicula xxx..) …     ya tengo las credenciales.. : Admin ven a mi!!… solo me queda probar si esto funciona… en 3,2,1.. kboom!!



me encanta cuando sale: logged in!!!   

Yes! Estoy dentro, y miren que cosas tan interesantes mas hay… passwords de tuneles (backdoor? ha!) , maquinas para pivotear… además de que el admin usó las mismas claves para unas 10 maquinas mas enlazadas desde ese router via wireless y vpn con mikrotik…



Espero lo hayan disfrutado, y ahora repitan tras de mi el siguiente juramento: 

                      “NO SUBIRÉ A INTERNET MIS ARCHIVOS DE BACKUP DE MI ROUTER MIKROTIK…”    amén!

Kn0w13dg3 

Post Original: Underc0de 
Autor: kn0w

Regards,
Snifer

Leer artículo original: Credenciales de Routers Mikrotik al desnudo..

Introducción a Calidad de Software

Hola! esta es mi primera entrada, espero que les guste.
En una entrada en mi blog yo estube hablando un poco sobre la industria del soft, y sobre los componentes, hoy en día, pensar una industria que no trabaje basando su desarrollo en componentes, por las evidentes razones que mensioné en la entrada anterior.

En casos conocidos, podemos apreciar como windows a partir de 98 tiene su modelo de componentes bien formado, y empieza a basar todo su sistema en componentes, empaquetados en archivos conocidos como dlls.

Podemos apreciar sus ventajas con las actualizaciones automáticas, donde gracias a estas dlls es posible implementar extensibilidad en su correcta expresión, de modo que modificar una dll para que haga una tarea bastante diferente y reemplazar una vieja sin tener que modificar el programa es muy simple.

Antes de ayer asistí a una charla en un Instituto de Formación Técnica Superior, que daba Gabriel Pimentel, donde demostró la simplicidad y utilidad de las dlls, creó un programa que utilizaba una dll que también creó para fines demostrativos (todo ésto en c++) cargó la dll y la utilizó en su programa original, compiló el programa, y luego cambió completamente la dll para que hasta cambie de ser modo consola a modo visual creando una ventanita, reemplazó la dll anterior por la nueva, y el programa original la utilizó sin inconvenientes utilizando las nuevas funciones de dicha dll.

Lo interesante de la cuestión es como separó de una forma muy impresionante la dll que emulaba un sensor y el programa que usaba dicho sensor, creó un pequeño modelo de componentes para demostrar la funcionalidad de ésto, luego simplemente cambió el código de la dll, lo compiló, y reemplazó la anterior, y como por “arte de magia” todo su modelo de componentes “comprendió” que estaba ante una nueva versión que incluía una ventana entre otras cosas, para notificar que había llegado al máximo el sensor.
Sin tirar ningún error utilizó dicha dll con la nueva funcionalidad.
Notarán en éste ejemplo algo muy interesante, nos permite pensar a los componentes y a los que usan componentes como lineas separadas de producción, como en una cadena de fabricación de autos, hay una linea de creación de puertas, una linea que fabrica carrosería, y luego se pueden comprar las ruedas a otra empresa, todo esto pasa por una linea de ensamblaje y llega al producto final.
Es muy parecido a lo que es una industria cualquiera, se puede crear un componente y evolucionar por forma propia independientemente de cómo y para qué lo use quien lo use, y si el que usa dicho componente cambia, no va a haber problemas. porque todo se ensambla, además se puede comprar nuevos componentes a otros fabricantes y aquí empieza la industria del software.
Y aquí aparece calidad, uno no puede desarrollar un componente que no cumpla con los criterios de calidad, porque solo generaría un monton de inconvenientes, lo mismo pasa en general, si programas aunque no estés basado en componentes, sin calidad, tu código te dará muchos problemas a la hora de evolucionar, ampliarse o cambiar de contexto.
Programar sin calidad, es como hacer malabares con granadas sin tener el seguro puesto, y es una fábrica de monsters (puede ver la referencia aquí para saber de que hablo cuando comento esto).
Hay dos tipos de criterios de calidad, los criterios externos e internos, es una mera forma de clasificarlos para que se den una idea, los externos son aquellos criterios que el usuario del sistema ve, tales como si tiene una interfaz buena y simple que no vuelva loco al usuario, si responde a las necesidades del usuario, etc. Pero estos criterios en realidad no son los que definimos, ya que no tienen mucho sentido.
Los importantes son los criterios de calidad que nosotros vemos, si nosotros armamos un código sin calidad o con calidad, los únicos que apreciaremos esto somos nosotros.
Hay muchos modelos de criterios de calidad, pero en resumen y juntando todo lo más importante podemos definir los siguientes 7:


Corrección

Robustez
Extensibilidad
Reusabilidad
Compatibilidad
Eficiencia
Otros factores.
Cada uno de ellos serán explicados en futuras publicaciones.
Saludos y espero que haya sido de agrado la introducción al tema.

Leer artículo original: Introducción a Calidad de Software

VB6 aprender a programar en el o no? El Gran Dilema

Ante la pregunta del post! yo aprendi a programar en VB6.0 incluso a un tengo algunos programas que hice en el, para poder aprender a desarrollar en el vale la pena pero hasta cierto punto por ello ando 50% a favor del analisis que veremos a continuacion y el otro 50%, pero porque no ustedes sacan sus conclusiones..

Aquí el análisis de mi amigo numeritos (79137913) lies recomiendo que le den una leida asi que vamonos.

VB6 el gran Dilema.

Muchas veces me plantean si conviene o no aprender o utilizar VB6 en estas épocas, y realmente nunca hay una respuesta concisa, empiezan Flames y otras cosas que levan al hilo a un trolling total, en este posteo voy a dar mi visión sobre el tema desde el punto mas imparcial que pueda, considerándome sin hacer alarde un usuario avanzado de VB6.

Aspectos a analizar:

Trayectoria e Historia: VB6 fue lanzado en 1998 y si saben hacer cuentas ya tiene 15 años, casi 16, para un lenguaje que se vio remodelado (VB.Net) es mucho tiempo para que la gente lo siga usando, pero ¿Por qué VB6 sigue vivo?, yo creo que por la gran comunidad de programadores que se sienten cómodos con este lenguaje y ellos son los responsables de que siga funcionando, ya que, buscan maneras de instalar el ide en los nuevos sistemas, trucos con Apis para que se puedan utilizar opciones de los nuevos SOs, Código VBs para utilización de los frameworks y por ultimo ASM inline (Insertar código Maquina dentro de las aplicaciones para realizar acciones específicas). Con todo esto solo me queda decir que la trayectoria y el arrastre de VB6 han sido y son muy grandes, aunque, todo llega a un final, y eso está cerca.

Compatibilidad: Por ahora los ejecutables realizados en VB6 siguen siendo compatibles con los últimos sistemas operativos pero siendo programas en 32 bits y con el standard actual de 64 bits podemos predecir que como paso con los ejecutables de 16 bits al cabo de unos años ya no podrán correr en las nuevas máquinas, Windows está intentando quitar las dependencias básicas de sus nuevos SOs por lo cual cada vez nuestras aplicaciones deberán llevar más Dlls y Ocx con ellas.

{Dato Extra: En VStudio 2010 ya no esta la herramienta para migrar proyectos de VB6 a VB.Net}.
Apariencia: Como todos dirán, los programas hechos en VB6 tienen formas muy cuadradas y grises pero… hay skins que le dan una apariencia renovada aunque no actual (con un skin obtendríamos una interfaz muy 2004-2009) pero, hay otras alternativas, la gran comunidad de desarrolladores de VB6 ha creado una serie de Controles de Usuario y OCX que quedan a la par o a veces mejoran los modelos más actuales.

Compilación: Este es uno de los aspectos que hace que VB6 siga siendo bueno, cada vez más lenguajes optan por no compilar a código máquina, por que utilizan Frameworks o simplemente se ejecutan en una máquina virtual, ustedes dirán, ¿qué problema hay con ello?, el problema es que las aplicaciones se vuelven más lentas por el doble procesamiento de la información Maquina->Framework-> programa o Máquina->Máquina Virtual->Programa… a todo esto también estarán pensando en los famosos comentarios de hace años que dicen que VB6 es lento, pero esto lo analizaremos en el siguiente ítem.

Velocidad: La velocidad es relativa al algoritmo que cree el programador y como utilice los recursos del lenguaje para optimizar al máximo su rendimiento, introduzco con esa frase para que comprendan, he visto programas hechos con C++ que funcionan mas lento que programas hechos en VB6, pero ¿Por qué? Porque el programador de C++ hizo mal o implemento de manera ineficiente su algoritmo, yo diría que no, lo que sucede en estos casos es que la mayoría de las veces los programadores de VB6 se pasan en optimización de código porque quieren exprimir el lenguaje al máximo ya sea utilizando análisis byte a byte, operaciones binarias en cambio de sumas y restas, sumas en vez de multiplicaciones o multiplicaciones en vez de potencias, ASM inline o utilización de Apis… haciendo todo esto es posible que aunque VB6 es considerado un lenguaje RAD (Rapid Aplication Development) no sea tan rápido como Arrastrar controles y escribir 3 líneas, serán muchas líneas de código y muchos controles que habrá que buscar hasta encontrar los indicados.

Concluyendo, podría explayarme más pero creo que ya deben haber comprendido mi punto, VB6 actualmente puede hacer lo que hace cualquier lenguaje actual aunque dentro de pocos años no podrá, me han preguntado si deberían aprender VB6, mi recomendación es que no, porque lamentablemente es tan amigable intuitivo y bueno que no hay ningún lenguaje que lo equipare en esas cosas a mi parecer y luego te hará complicado aprender otros lenguajes porque te resultaran tediosos y molestos, aparte, no podrás utilizarlo por mucho tiempo más… “Pero quiero aprenderlo”, si querés aprenderlo está bien, te va a gustar y te vas a sorprender con lo que vas a llegar a desarrollar, pero será todo una fantasía que se desvanecerá cuando veas hacia dónde va el mundo… “Pero lo voy a utilizar en mis computadoras viejas con Windows XP y coneccion de red por IPV4 para siempre” Si lo que quieres hacer es eso, está bien, aprende que te va a servir y mucho… “¿Y yo que ya he aprendido VB6 antes de leer esto que hago?” Y, deberías aprovecharlo mientras puedas y buscar otro lenguaje de tu preferencia para cuando no lo puedas utilizar mas.

Sinceramente no quiero concluir esta texto porque se que hay miles de cosas que no dije y demás, pero prefiero despedirme asi de un lenguaje tan bueno como VB6.-

¿Conviene utilizar VB6 para mis proyectos?

Si, pero sabe que tendras un momento en el que vas a migrar todo el sistema o moriras usando Windows XP y sin conocer IPV6.

¿Conviene aprender VB6?

No, para nada, no te recomiendo que aprendas VB6 aunque me parezca una experiencia hermosa.

¿Te sentís viejo hablando de esto? 

Si, totalmente, “en mis tiempos” nos reíamos de lenguajes como Fortran o Cobol diciendo que eran anticuados y no sabíamos por que la gente los seguía usando, hoy me pongo en sus zapatos y puedo entenderlos.

Aprendan los lenguajes de su época, no quieran revivir a los muertos.-

Momento! objeciones! y demas.. podemos ver de Alex Harkonnen autor del blog blog.std-io  la contraparte y un excelente debate del tema en Underc0de

Tu que opinas es recomendable aprender VB6 o no???

Leer artículo original: VB6 aprender a programar en el o no? El Gran Dilema

[7ma Vez] Página de la JUNJI con links de Porno

De la SAGA: Hey Junji !
Presentamos por 7ta vez : Junji tienes links de Pornografía!

7ta vez que informo de presencia de links de pornografia en el sitio de la JUNJI CHILE, es procupante que esto se este repitiendo una y otra vez debido a que las soluciones que se están ejecutando son solo temporales borrando los links y no corrigiendo el origen del problema.

Robo de información? Robo de clicks?

Timeline:

Primera denuncia:(octubre-2012) http://blog.xshinee.cl/2012/10/sitio-web-de-la-junji-con-enlaces-porno.html
Segunda denuncia:(diciembre 2012)  http://blog.secureless.org/noticias/chile-sitio-web-de-la-junji-elnazando-a-sitio-web-xxx/
Tercera denuncia: ( Enero-2013) http://blog.xshinee.cl/2013/01/nuevamente-links-de-pornografia-en.html
Cuarta denuncia: (abril-2013):  http://blog.xshinee.cl/2013/04/4ta-vez-pagina-de-la-junji-con-links.html 
Quinta denuncia (junio-2013): http://blog.xshinee.cl/2013/06/5ta-vez-pagina-de-la-junji-con-links-de.html 
Sexta Denuncia (Agosto-2013): http://blog.xshinee.cl/2013/08/6ta-vez-pagina-de-la-junji-con-links-de.html

Links Actuales :

Leer artículo original: [7ma Vez] Página de la JUNJI con links de Porno

Herramientas de Seguridad (scanners, sniffers, spoofers, IDS, web hacking, auditoría, exploitation y más!)

Cuantos meses sin publicar nada! pero, aunque no lo crean, el blog sigue vivo!
Para compensar la prolongada ausencia y conmemorar que llegamos a los 200 posts, decidí postear algo groso, algo que venía prometiendo hace rato y que por fiaca de ponerme a editar, no publiqué antes: el listado de aplicaciones de seguridad.
Este listado es el resultado de 4 años de recopilación, trabajando en seguridad, y a ojo contiene más de 150 herramientas! Ahora que dejé la seguridad un poco de lado para concentrarme más en redes y comunicaciones, creo que es un buen momento para publicarlo.
Todas las herramientas están con sus respectivos links oficiales y una breve descripción.

Antes de pasar al listado, les dejo algunas aclaraciones:
– Hay muchas herramientas que nunca utilicé. Armé el listado a partir de leer muchos artículos y descripciones de programas, e incluí todos los que me parecían útiles para distintas tareas.
– Emiliano (quien publicó varios artículos en este blog) colaboró en su momento con varias entradas de la lista. Ahora Emi administra su propio blog denominado linuxito.com.ar
– Agrupé las herramientas en base a distintos criterios. Varias encajan en más de un criterio, pero obviamente no iba a repetirlas en cada uno, así que están en el que me parece las describe mejor.
– El orden en que se encuentran las herramientas no tienen ningún significado, se fueron agregando aleatoriamente. Si bien traté de dejar las más importantes en los primeros lugares, pueden aparecer en cualquier posición.
– Como el listado se empezó a armar hace 4 años, puede que algunos links estén rotos, o que la herramienta no tenga más soporte.
– Hay varias herramientas que no se vinculan directamente a seguridad, pero sirven para realizar tests de seguridad.
– La gran mayoría de las aplicaciones listadas son libres y para GNU/Linux, pero hay algunas que son cerradas y pagas, y algunas que funcionan sólo en Windows.
– El listado no es completo y existen muchas y muy importantes herramientas que no se encuentran en él.

Live-CDs/DVDs

BackTrack Linux – Linux-based penetration testing arsenal that aids security professionals in the ability to perform assessments in a purely native environment dedicated to hacking

Wifislax – distribución GNU/Linux (LiveCD) diseñada para la auditoría de seguridad del estándar 802.11. (WiFi, BlueTooth y RFID).

DEFT – includes an excellent hardware detection and the best free and open source applications dedicated to Incident Response, Cyber Intelligence and Computer Forensics.

Pentoo – un Live CD/USB desarrollado para llevar a cabo procesos de Test de Penetración y/o Ethical Hacking. Esta distribución está basada en Gentoo Linux (kernel 2.6.31.6), gestor de ventanas Enlightenment e incluye una amplia colección de herramientas debidamente organizadas por categorías.

Security Onion – Security Onion is a Linux distro for IDS, NSM, and log management.

VAST – a VIPER Lab live distribution that contains VIPER developed tools such as UCsniff, videojak, videosnarf and more. Along with VIPER tools and other essential VoIP security tools, it also contains tools penetration testers utilize such as Metasploit, Nmap, and Hydra.

Network Security Toolkit – The main intent of developing this toolkit was to provide the network security administrator with a comprehensive set of Open Source Network Security Tools.

Katana – includes distributions which focus on Penetration Testing, Auditing, Password Cracking, Forensics and Honey Pots. Katana comes with over 100 portable Windows applications such as Wireshark, HiJackThis, Unstoppable Copier, and OllyDBG.

Matriux – fully featured security distribution consisting of a bunch of powerful, open source and free tools that can be used for various purposes including, but not limited to, penetration testing, ethical hacking, system and network administration, cyber forensics investigations, security testing, vulnerability analysis, and much more.

Samurai – The Samurai Web Testing Framework is a live linux environment that has been pre-configured to function as a web pen-testing environment. The CD contains the best of the open source and free tools that focus on testing and attacking websites.

REMnux – lightweight Linux distribution for assisting malware analysts in reverse-engineering malicious software.

PlainSight – versatile computer forensics environment that allows inexperienced forensic practitioners perform common tasks using powerful open source tools.

WeakNet Linux – designed primarily for penetration testing, forensic analysis and other security tasks.
The tools selected are those that the developer feels are used most often in pen-tests. A sample of those included are: BRuWRT-FORSSE v2.0, Easy-SSHd, Web-Hacking-Portal v2.0, Perlwd, Netgh0st v3.0, YouTube-Thief!, Netgh0st v2.2, DomainScan, ADtrace, Admin-Tool, Tartarus v0.1.

Puck – GNU/Linux distribution distributed as a Live CD based on TinyCoreLinux. It contains top penetration testing tools.

Metasploitable – an Ubuntu server install on a VMWare image. A number of vulnerable packages are included, including an install of tomcat 5.5 (with weak credentials), distcc, tikiwiki, twiki, and an older mysql.

Scanners

Nmap – free and open source utility for network discovery and security auditing. Many systems and network administrators also find it useful for tasks such as network inventory, managing service upgrade schedules, and monitoring host or service uptime.

Netcat – networking utility which reads and writes data across network connections, using the TCP/IP protocol.

hping – command-line oriented TCP/IP packet assembler/analyzer. The interface is inspired to the ping(8) unix command, but hping isn’t only able to send ICMP echo requests. It supports TCP, UDP, ICMP and RAW-IP protocols, has a traceroute mode, the ability to send files between a covered channel, and many other features.

haraldscan – Bluetooth discovery scanner.

Natprobe – This little, but very usefull program, try to sends ICMP packet out the LAN, and detect all the host that allow it. Whit this you can find bugs in your (company?) network (or others), for example hosts that allow p2p connections.

MSSQLScan – A small multi-threaded tool that scans for Microsoft SQL Servers. The tool does it’s discovery by using UDP and returns a list of all detected instances with there respective protocols and ports.

hostmap – enumerate all hostnames and configured virtual hosts on an IP address.

FindDomains – multithreaded search engine discovery tool that will be very useful for penetration testers dealing with discovering domain names/web sites/virtual hosts which are located on too many IP addresses.

keimpx – It can be used to quickly check for the usefulness of credentials across a network over SMB. Credentials can be: Combination of user / plain-text password, Combination of user / NTLM hash, Combination of user / NTLM logon session token.

StreamArmor – sophisticated tool for discovering hidden alternate data streams (ADS) as well as clean them completely from the system.

Halberd – a tool aimed at discovering real servers behind virtual IPs.

NSDECODER – automated website malware detection tools. It can be used to decode and analyze weather the URL exist malware. Also, NSDECODER will analyze which vulnerability been exploit and the original source address of malware.

sslyze – Cross-platform tool to analyze the configuration of SSL servers.

Sniffers

wireshark – world’s foremost network protocol analyzer. It lets you see what’s happening on your network at a microscopic level. It is the de facto (and often de jure) standard across many industries and educational institutions.

tcpdump – prints out a description of the contents of packets on a network interface that match the boolean expression.

arpwatch – thernet monitor program; for keeping track of ethernet/ip address pairings.

ucsniff – VoIP & IP Video Security Assessment tool that integrates existing open source software into several useful features, allowing VoIP and IP Video owners and security professionals to rapidly test for the threat of unauthorized VoIP and Video Eavesdropping.

webmitm – transparently proxies and sniffs HTTP / HTTPS traffic redirected by dnsspoof, capturing most “secure” SSL-encrypted webmail logins and form submissions.

dsniff – collection of tools for network auditing and penetration testing. dsniff, filesnarf, mailsnarf, msgsnarf, urlsnarf, and webspy passively monitor a network for interesting data (passwords, e-mail, files, etc.). arpspoof, dnsspoof, and macof facilitate the interception of network traffic normally unavailable to an attacker (e.g, due to layer-2 switching). sshmitm and webmitm implement active monkey-in-the-middle attacks against redirected SSH and HTTPS sessions by exploiting weak bindings in ad-hoc PKI.

RawCap – RawCap is a free command line network sniffer for Windows that uses raw sockets.

Yamas – a tool that aims at facilitating mitm attacks by automating the whole process from setting up ip forwarding and modifying iptables, to the ARP cache poisoning

Spoofing

arpspoof – may allow an attacker to sniff data frames on a local area network (LAN), modify the traffic, or stop the traffic altogether.

dnsspoof – forges replies to arbitrary DNS address / pointer queries on the internal LAN. This is useful in bypassing host name based access controls, or in implementing a variety of efficient network controls.

IDS

snort – open source network intrusion prevention and detection system (IDS/IPS).

OSSEC – scalable, multi-platform, open source Host-based Intrusion Detection System (HIDS). It has a powerful correlation and analysis engine, integrating log analysis, file integrity checking, Windows registry monitoring, centralized policy enforcement, rootkit detection, real-time alerting and active response.

Samhain – open source host-based intrusion detection system (HIDS) provides file integrity checking and logfile monitoring/analysis, as well as rootkit detection, port monitoring, detection of rogue SUID executables, and hidden processes.

Nebula – network intrusion signature generator. It can help securing a network by automatically deriving and installing filter rules from attack traces. In a common setup, nebula runs as a daemon and receives attacks from honeypots. Signatures are currently published in Snort format.

suricata – The Suricata Engine is an Open Source Next Generation Intrusion Detection and Prevention Engine. This engine is not intended to just replace or emulate the existing tools in the industry, but will bring new ideas and technologies to the field.

Osiris – Host Integrity Monitoring System that periodically monitors one or more hosts for change. Osiris keeps an administrator apprised of possible attacks and/or nasty little trojans. The purpose here is to isolate changes that indicate a break-in or a compromised system.

Sagan – multi-threaded, real time system and event log monitoring system, but with a twist. Sagan uses a “Snort” like rule set for detecting bad things happening on your network and/or computer systems. If Sagan detects a “bad thing” happening, that event can be stored to a Snort database (MySQL/PostgreSQL) and Sagan will attempt to correlate the event with your Snort Intrusion Detection/Intrusion Prevention (IDS/IPS) system.

Snorby – new and modern Snort IDS front-end. The basic fundamental concepts behind snorby are simplicity and power.

Smooth-sec – ready to-go  IDS/IPS (Intrusion Detection/Prevention System) linux distribution based on the multi threaded Suricata IDS/IPS engine and Snorby, the top notch web application for network security monitoring.

ArpON – portable handler daemon that make ARP secure in order to avoid the Man In The Middle (MITM) through ARP Spoofing/Poisoning attacks. It detects and blocks also derived attacks by it for more complex attacks, as: DHCP Spoofing, DNS Spoofing, WEB Spoofing, Session Hijacking and SSL/TLS Hijacking & co attacks.

Firewalls

iQfire-wall – framework that implements a network firewall. It can be used in desktop systems and in simple network configurations, providing a friendly graphical interface and a simple installation procedure. Also unprivileged users can personalize.

Firestarter – Open Source visual firewall program. The software aims to combine ease of use with powerful features, therefore serving both Linux desktop users and system administrators.

IPCop – Linux firewall distribution.

Firewall Builder – Firewall Builder is a GUI firewall configuration and management tool that supports iptables (netfilter), ipfilter, pf, ipfw, Cisco PIX (FWSM, ASA) and Cisco routers extended access lists.

GreenSQL – Open Source database firewall used to protect databases from SQL injection attacks. GreenSQL works as a proxy and has built in support for MySQL. The logic is based on evaluation of SQL commands using a risk scoring matrix as well as blocking known db administrative commands (DROP, CREATE, etc). GreenSQL provides MySQL database security solution.

Flint – examines firewalls, quickly computes the effect of all the configuration rules, and then spots problems so you can: CLEAN UP RUSTY CONFIGURATIONS that are crudded up with rules that can’t match traffic; ERADICATE LATENT SECURITY PROBLEMS lurking in overly-permissive rules; SANITY CHECK CHANGES to see if new rules create problems.

Honeypots

HoneyDrive – virtual hard disk drive (VMDK format) with Ubuntu Server. It contains various honeypot systems such as Kippo SSH honeypot, Dionaea malware honeypot and Honeyd. Additionally it includes useful scripts and utilities to analyze and visualize the data it captures. Lastly, other helpful tools like tshark (command-line Wireshark), pdftools, etc. are also present.

Auditory

Nessus – vulnerability scanner. Provides patch, configuration, and compliance auditing; mobile, malware, and botnet discovery; sensitive data identification; and many other features.

OpenVAS – Open Vulnerability Assessment System and is a network security scanner with associated tools like a graphical user front-end. The core component is a server with a set of network vulnerability tests (NVTs) to detect security problems in remote systems and applications.

SAINT – Vulnerability Scanning, Penetration Testing, Social Engineering, Configuration Assessments, Reporting.

PenTBox – Security Suite with programs like Password Crackers, Denial of Service testing tools (DoS and DDoS), Secure Password Generators, Honeypots and much more.

Seccubus – runs Nessus scans at regular intervals and compares the findings of the last scan with the findings of the previous scan. The delta of this scan is presented in a web GUI when findingscan be easily marked as either real findings or non-issues. Non issues get ignored untill they change. This causes a dramaticreduction a analysis time.

GrokEVT – collection of scripts built for reading Windows® NT/2K/XP/2K3 event log files. GrokEVT is released under the GNU GPL, and is implemented in Python.

Flawfinder – program that examines source code and reports possible security weaknesses (“flaws”) sorted by risk level. It’s very useful for quickly finding and removing at least some potential security problems before a program is widely released to the public.

KrbGuess – small and simple tool which can be used during security testing to guess valid usernames against a Kerberos environment.

Webfwlog – flexible web-based firewall log analyzer and reporting tool. It supports standard system logs for linux, FreeBSD, OpenBSD, NetBSD, Solaris, Irix, OS X, etc. as well as Windows XP. Supported log file formats are netfilter, ipfilter, ipfw, ipchains and Windows XP. Webfwlog also supports logs saved in a database using the ULOGD target of the linux netfilter project.

YASAT – (Yet Another Stupid Audit Tool) is a simple stupid audit tool. It do many tests for checking security configuration issue or others good practice.

FireCAT (Firefox Catalog of Auditing exTension) – mindmap collection of the most efficient and useful firefox extensions oriented application security auditing and assessment.

keimpx – keimpx is an open source tool, released under a modified version of Apache License 1.1. It can be used to quickly check for the usefulness of credentials across a network over SMB.

Buck Security – collection of security checks for Linux. It was designed for Debian and Ubuntu servers, but can be useful for any Linux system.

DllHijackAuditor – smart tool to Audit against the Dll Hijacking Vulnerability in any Windows application.

Mantra – a collection of free and open source tools integrated into a web browser, which can become handy for students, penetration testers, web application developers, security professionals etc.

MysqlPasswordAuditor – FREE Mysql password recovery and auditing software. Mysql is one of the popular and powerful database software used by most of the web based and server side applications.

PDFs

origami – Ruby framework designed to parse, analyze, and forge PDF documents. This is NOT a PDF rendering library. It aims at providing a scripting tool to generate and analyze malicious PDF files. As well, it can be used to create on-the-fly customized PDFs, or to inject (evil) code into already existing documents.

pdfinjector – Script to inject javascript code into existing pdf files.

PDFResurrect – tool aimed at analyzing PDF documents. The PDF format allows for previous document changes to be retained in a more recent version of the document, thereby creating a running history of changes for the document.

File vulnerabilities checkers

OfficeCat) – command line utility that can be used to process Microsoft Office Documents for the presence of potential exploit conditions in the file.

Exploitation

Metasploit – penetration testing software. Helps verify vulnerabilities and manage security assessments.

Weevely – stealth PHP web shell that provides a telnet-like console. It is an essential tool for web application post exploitation, and can be used as stealth backdoor or as a web shell to manage legit web accounts, even free hosted ones.

XLSInjector – Injects meterpreter shell to excel xls files (Port 4444).

Armitage – graphical cyber attack management tool for Metasploit that visualizes your targets, recommends exploits, and exposes the advanced capabilities of the framework.

Canvas – Immunity’s CANVAS makes available hundreds of exploits, an automated exploitation system, and a comprehensive, reliable exploit development framework to penetration testers and security professionals worldwide.

Core Impact – the most comprehensive software solution for assessing the real-world security of: web applications, network systems, endpoint systems and email users, wireless networks, network devices.

Wireless

inSSIDer – award-winning free Wi-Fi network scanner for Windows Vista and Windows XP.

Kismet – an 802.11 layer2 wireless network detector, sniffer, and intrusion detection system. Kismet will work with any wireless card which supports raw monitoring (rfmon) mode, and (with appropriate hardware) can sniff 802.11b, 802.11a, 802.11g, and 802.11n traffic.

wifite – attack multiple WEP and WPA encrypted networks at the same time. this tool is customizable to be automated with only a few arguments. can be trusted to run without supervision.

Networking

Yersinia – network tool designed to take advantage of some weakeness in different network protocols. It pretends to be a solid framework for analyzing and testing the deployed networks and systems.

macof – flood a switched LAN with random MAC addresses

PacketFence – a fully supported, trusted, Free and Open Source network access control (NAC) system.

Eigrp-tools – custom EIGRP packet generator and sniffer combined. It was developed to test the security and overall operation quality of the EIGRP routing protocol.

GNS3 – graphical network simulator that allows simulation of complex networks.

Vulnerabilidades Web

Nikto – Open Source (GPL) web server scanner which performs comprehensive tests against web servers for multiple items, including over 6500 potentially dangerous files/CGIs, checks for outdated versions of over 1250 servers, and version specific problems on over 270 servers.

Wapiti – It performs “black-box” scans, i.e. it does not study the source code of the application but will scans the webpages of the deployed webapp, looking for scripts and forms where it can inject data.

Tamperdata – Firefox add-on to view and modify HTTP/HTTPS headers and post parameters.

Wfuzz – is a tool designed for bruteforcing Web Applications, it can be used for finding resources not linked (directories, servlets, scripts, etc), bruteforce GET and POST parameters for checking different kind of injections (SQL, XSS, LDAP,etc), bruteforce Forms parameters (User/Password), Fuzzing, etc.

WebSlayer – tool designed for bruteforcing Web Applications, it can be used for finding not linked resources (directories, servlets, scripts, etc), bruteforce GET and POST parameters, bruteforce Forms parameters (User/Password), Fuzzing, etc. The tools has a payload generator and a easy and powerful results analyzer.

Watir – drives browsers the same way people do. It clicks links, fills in forms, presses buttons. Watir also checks results, such as whether expected text appears on the page.

Grendel-Scan – open-source web application security testing tool. It has automated testing module for detecting common web application vulnerabilities, and features geared at aiding manual penetration tests.

uwss – web security scanner and used for testing security holes in web applications. It can act as a fuzzer whose objective is to probe the application with various crafted attack strings. uwss is built upon a modular concept.

Doit – scripting tool and language for testing web applications that use forms. Doit can generate random or sequenced form fill-in information, report results (into a database, file, or stdout), filter HTML results, and compare results to previous results.

BeEF – browser exploitation framework. A professional tool to demonstrate the real-time impact of browser vulnerabilities.

httprint – Web server fingerprinting tool.

Netcraft – Escanea servidores web, se utiliza para determinar qué sitios web aloja un servidor.

curl – curl is a command line tool for transferring files with URL syntax, supporting FTP, FTPS, HTTP, HTTPS, SCP, SFTP, TFTP, TELNET, DICT, LDAP, LDAPS and FILE. curl supports SSL certificates, HTTP POST, HTTP PUT, FTP uploading, HTTP form based upload, proxies, cookies, user+password authentication (Basic, Digest, NTLM, Negotiate, kerberos…), file transfer resume, proxy tunneling and a busload of other useful tricks.

Burp Intruder – Burp Intruder is a tool for automating customised attacks against web applications. You can use Burp Intruder to perform many kinds of tasks, including enumerating identifiers, harvesting useful data, and fuzzing for vulnerabilities. It can be used to test for flaws such as SQL injection, cross-site scripting, buffer overflows and path traversal; perform brute force attacks against authentication schemes; manipulate request parameters; trawl for hidden content and functionality; exploit session token predictability; mine for interesting data; and perform concurrency attacks and application-layer denial-of-service attacks.

Add N Edit Cookies – Firefox extension to edit cookies.

CookieDigger – CookieDigger helps identify weak cookie generation and insecure implementations of session management by web applications.

XSS-Proxy – XSS-Proxy is an advanced Cross-Site-Scripting (XSS) attack tool.

ratproxy – Passive web application security audit tool.

Hackvertor – Herramienta Web para convertir strings de texto a diferentes codificaciones, útil para inyectar código en las URLs.

Backframe – Backframe is a full-featured attack console for exploiting WEB browsers, WEB users and WEB applications.

WebSecurity Websecurify is a web and web2.0 security initiative specializing in researching security issues and building the next generation of tools to defeat and protect web technologies (viene para Win/Linux/Mac!).

XSS Tunnelling – the tunnelling of HTTP traffic through an XSS Channel to use virtually any application that supports HTTP proxies.

CeWL – ruby app which spiders a given url to a specified depth, optionally following external links, and returns a list of words which can then be used for password crackers such as John the Ripper.

fimap – little python tool which can find, prepare, audit, exploit and even google automatically for local and remote file inclusion bugs in webapps.

w3af – Web Application Attack and Audit Framework. The project’s goal is to create a framework to find and exploit web application vulnerabilities that is easy to use and extend.

WAFP – WAFP fetches the files given by the Finger Prints from a webserver and checks if the checksums of those files are matching to the given checksums from the Finger Prints. This way it is able to detect the detailed version and even the build number of a Web Application.

Sahi – automation and testing tool for web applications, with the facility to record and playback scripts. Sahi runs on any modern browser which supports javascript.

skipfish – A fully automated, active web application security reconnaissance tool.

DAVTest – tests WebDAV enabled servers by uploading test executable files, and then (optionally) uploading files which allow for command execution or other actions directly on the target.

iScanner – free open source tool lets you detect and remove malicious codes and web pages viruses from your Linux/Unix server easily and automatically.

COMRaider – a tool designed to fuzz COM Object Interfaces (ActiveX).

Arachni – feature-full and modular Ruby framework that allows penetration testers and administrators to evaluate the security of web applications. Arachni is smart, it trains itself with every HTTP response it receives during the audit process.

sessionthief – performs HTTP session cloning by cookie stealing. It integrates automatically with Firefox, dynamically creating a temporary profile for each attack performed. The program will start a new instance of firefox for each session hacked, and let you control the login of all of them at once.

XSSer – automatic tool for pentesting XSS attacks against different applications.

sqlinject-finder – Simple python script that parses through a pcap and looks at the GET and POST request data for suspicious and possible SQL injects.

DOMinator – Firefox based software for analysis and identification of DOM Based Cross Site Scripting issues (DOM XSS).

Fingerprinting and Web Frameworks Scanners

Joomscan – Yet Another Joomla Vulnerability Scanner that can detects file inclusion, sql injection, command execution vulnerabilities of a target Joomla! web site.

WPScan – black box WordPress Security Scanner written in Ruby which attempts to find known security weaknesses within WordPress installations.

BlindElephant – The BlindElephant Web Application Fingerprinter attempts to discover the version of a (known) web application by comparing static files at known locations against precomputed hashes for versions of those files in all all available releases. The technique is fast, low-bandwidth, non-invasive, generic, and highly automatable.

WPAF – Web Application Finger Printer written in ruby using a SQLite3 DB.

Web Shells

JBoss Autopwn – This JBoss script deploys a JSP shell on the target JBoss AS server.

Proxies

WebScarab – WebScarab is a framework for analysing applications that communicate using the HTTP and HTTPS protocols. It is written in Java, and is thus portable to many platforms. WebScarab has several modes of operation, implemented by a number of plugins. In its most common usage, WebScarab operates as an intercepting proxy, allowing the operator to review and modify requests created by the browser before they are sent to the server, and to review and modify responses returned from the server before they are received by the browser. WebScarab is able to intercept both HTTP and HTTPS communication. The operator can also review the conversations (requests and responses) that have passed through WebScarab.

Burp proxy – Burp Proxy is an interactive HTTP/S proxy server for attacking and testing web applications. It operates as a man-in-the-middle between the end browser and the target web server, and allows the user to intercept, inspect and modify the raw traffic passing in both directions. Burp Proxy allows you to find and exploit application vulnerabilities by monitoring and manipulating critical parameters and other data transmitted by the application. By modifying browser requests in various malicious ways, Burp Proxy can be used to perform attacks such as SQL injection, cookie subversion, privilege escalation, session hijacking, directory traversal and buffer overflows.

Paros Proxy – Through Paros’s proxy nature, all HTTP and HTTPS data between server and client, including cookies and form fields, can be intercepted and modified.

Odysseus – proxy server, which acts as a man-in-the-middle during an HTTP session. A typical HTTP proxy will relay packets to and from a client browser and a web server. Odysseus will intercept an HTTP session’s data in either direction and give the user the ability to alter the data before transmission.

SPIKE Proxy – professional-grade tool for looking for application-level vulnerabilities in web applications. SPIKE Proxy covers the basics, such as SQL Injection and cross-site-scripting, but it’s completely open Python infrastructure allows advanced users to customize it for web applications that other tools fall apart on.

CAT (Context App Tool) – an application to facilitate manual web application penetration testing. CAT provides a richer feature set and greater performance, combined with a more intuitive user interface to aid a professional manual penetration tester.

WATOBO – intended to enable security professionals to perform highly efficient (semi-automated ) web application security audits. WATOBO works like a local proxy, similar to Webscarab, Paros or BurpSuite.

Mallory – transparent TCP and UDP proxy. It can be used to get at those hard to intercept network streams, assess those tricky mobile web applications, or maybe just pull a prank on your friend.

ProxyStrike – an active Web Application Proxy, is a tool designed to find vulnerabilities while browsing an application.

Zed Attack Proxy (ZAP) – an easy to use integrated penetration testing tool for finding vulnerabilities in web applications. It is designed to be used by people with a wide range of security experience and as such is ideal for developers and functional testers who are new to penetration testing. ZAP provides automated scanners as well as a set of tools that allow you to find security vulnerabilities manually.

Vega – open source platform to test the security of web applications. Vega can help you find and validate SQL Injections, Cross-Site Scripting (XSS), inadvertently disclosed sensitive information, and other vulnerabilities.

Pentesting

MagicTree – MagicTree is a penetration tester productivity tool, it allows easy and straightforward data consolidation, querying, external command execution, and report generation.

dradis – open source framework to enable effective information sharing.

Inguma – penetration testing toolkit entirely written in python. The framework includes modules to discover hosts, gather information about, fuzz targets, brute force user names and passwords and, of course, exploits.

Flash

SWFIntruder – SWFIntruder (pronounced Swiff Intruder) is the first tool specifically developed for analyzing and testing security of Flash applications at runtime.

Flare – Flare is a free ActionScript decompiler. It decompiles SWFs produced by Macromedia Flash, including Flash MX 2004 and Flash 8.

MTASC – MTASC is the first ActionScript 2 Open Source free compiler.

Flasm – Flasm is a free command line assembler/disassembler of Flash ActionScript bytecode. It lets you make changes to any SWF. Flasm fully supports SWFs produced by Macromedia Flash 8 and earlier Flash versions.

swfmill – swfmill is an xml2swf and swf2xml processor with import functionalities.

swftools – Collection of utilities for SWF file manipulation/creation.

SwfScan – HP SWFScan, a free tool developed by HP Web Security Research Group, will automatically find security vulnerabilities in applications built on the Flash platform.

Tracers

Traceroute – computer network diagnostic tool for displaying the route (path) and measuring transit delays of packets across an Internet Protocol (IP) network.

MTR – combines the functionality of the traceroute and ping programs in a single network diagnostic tool.

Cryptography

KGpg – simple interface for GnuPG, a powerful encryption utility..

FireGPG – Firefox extension under MPL that provides an integrated interface to apply GnuPG operations to the text of any web page, including encryption, decryption, signing, and signature verification..

SSLDigger – SSLDigger v1.02 is a tool to assess the strength of SSL servers by testing the ciphers supported. Some of these ciphers are known to be insecure.

THCSSLCheck – Windows tool that checks the remote ssl stack for supported ciphers and version.

sslscan – queries SSL services, such as HTTPS, in order to determine the ciphers that are supported.

SSLStrip – This tool provides a demonstration of the HTTPS stripping attacks that I presented at Black Hat DC 2009.

TLSSLed – Linux shell script whose purpose is to evaluate the security of a target SSL/TLS (HTTPS) web server implementation.

Crackers

John the Ripper – fast password cracker, currently available for many flavors of Unix, Windows, DOS, BeOS, and OpenVMS. Its primary purpose is to detect weak Unix passwords.

Ophcrack – Windows password cracker based on rainbow tables.

Hydra – very fast network logon cracker which support many different services.

patator – multi-purpose brute-forcer, with a modular design and a flexible usage.

Aircrack-ng – an 802.11 WEP and WPA-PSK keys cracking program that can recover keys once enough data packets have been captured.

IKECrack – open source IKE/IPSec authentication crack tool. This tool is designed to bruteforce or dictionary attack the key/password used with Pre-Shared-Key [PSK] IKE authentication.

Wophcrack – PHP based web frontend for Ophcrack

Bruter – parallel network login brute-forcer on Win32. This tool is intended to demonstrate the importance of choosing strong passwords. The goal of Bruter is to support a variety of services that allow remote authentication.

IGHASHGPU – Program to recover/crack SHA1, MD5 & MD4 hashes.

Medusa – intended to be a speedy, massively parallel, modular, login brute-forcer. The goal is to support as many services which allow remote authentication as possible.

Ncrack – high-speed network authentication cracking tool. It was built to help companies secure their networks by proactively testing all their hosts and networking devices for poor passwords.

authforce – Authforce is an HTTP authentication brute forcer. Using various methods, it attempts brute force username and password pairs for a site.

RSMangler – take a wordlist and perform various manipulations on it similar to those done by John the Ripper with a few extras.

CmosPwd – decrypts password stored in cmos used to access BIOS SETUP.

Phishing

Imposter – flexible framework to perform Browser Phishing attacks. Once the system running Imposter is configured as the DNS server to the victims, the internal DNS server of Imposter resolves all DNS queries to itself. When the victim tries to access any website the domain resolves to the system running Imposter and Imposter’s internal web server serves content to the victim.

Social-Engineering Toolkit (SET) – python-driven suite of custom tools which solely focuses on attacking the human element of pentesting. It’s main purpose is to augment and simulate social-engineering attacks and allow the tester to effectively test how a targeted attack may succeed.

Security Defense

AppArmor – effective and easy-to-use Linux application security system. AppArmor proactively protects the operating system and applications from external or internal threats, even zero-day attacks, by enforcing good behavior and preventing even unknown application flaws from being exploited.

Untangle Gateway – Debian-based network gateway with pluggable modules for network applications like spam blocking, web filtering, anti-virus, anti-spyware, intrusion prevention, VPN, SSL VPN, firewall, and more.

Network Administration

Nagios – monitors your entire IT infrastructure to ensure systems, applications, services, and business processes are functioning properly. In the event of a failure, Nagios can alert technical staff of the problem, allowing them to begin remediation processes before outages affect business processes, end-users, or customers.

ntop – network traffic probe that shows the network usage, similar to what the popular top Unix command does.

nmblookup – NetBIOS over TCP/IP client used to lookup NetBIOS names.

findsmb – list info about machines that respond to SMB name queries on a subnet.

Corkscrew – tool for tunneling SSH through HTTP proxies

snmpcheck – free open source utility to get information via SNMP protocols.

snmpwalk – retrieve a subtree of management values using SNMP GETNEXT requests.

IPTraf – console-based network statistics utility for Linux. It gathers a variety of figures such as TCP connection packet and byte counts, interface statistics and activity indicators, TCP/UDP traffic breakdowns, and LAN station packet and byte counts.

Databases

Safe3 SQL Injector – one of the most powerful penetration testing tool that automates the process of detecting and exploiting SQL injection flaws and taking over of back-end database servers.

sqlcmd – herramienta para conexión a bases de datos Oracle, SQL Server, MySQL y Postgress

sqlmap – open source penetration testing tool that automates the process of detecting and exploiting SQL injection flaws and taking over of back-end database servers.

SQLiX – SQL Injection scanner, able to crawl, detect SQL injection vectors, identify the back-end database and grab function call/UDF results (even execute system commands for MS-SQL).

sqlninja – tool targeted to exploit SQL Injection vulnerabilities on a web application that uses Microsoft SQL Server as its back-end.

MySqloit – SQL Injection takeover tool focused on LAMP (Linux, Apache,MySql,PHP) and WAMP (Windows, Apache,MySql,PHP) platforms. It has the ability to upload and execute metasploit shellcodes through the MySql SQL Injection vulnerabilities.

TNS Listener tool – tnscmd can be used to speak, on a very simple level, with Oracle’s TNS listener.

SQLInjector – SQLInjector uses inference techniques to extract data and determine the backend database server.

GreenSQL – designed to protect databases (PostgreSQL/MySQL) against SQL injection attacks and other unauthorised changes, in a similar fashion to a firewall protecting a network against TCP/IP outside attacks. The new version also provides a graphical user interface for monitoring the database firewall.

FreeTDS – Microsoft SQL Server client.

MSSQLScan – A small multi-threaded tool that scans for Microsoft SQL Servers.

AppSentry Listener Security Check – Check the security configuration of the Oracle Database Listener and listeners for Oracle Applications 11i.

Code analyzers

MS MiniFuzz – very simple fuzzer designed to ease adoption of fuzz testing by non-security people who are unfamiliar with file fuzzing tools or have never used them in their current software development processes.

MS BinScope – Microsoft verification tool that analyzes binaries on a project-wide level to ensure that they have been built in compliance with Microsoft’s Security Development Lifecycle (SDL) requirements and recommendations.

MS FxCop – code analysis tool that checks .NET managed code assemblies for conformance to the Microsoft .NET Framework Design Guidelines.

RATS – tool for scanning C, C++, Perl, PHP and Python source code and flagging common security related programming errors such as buffer overflows and TOCTOU (Time Of Check, Time Of Use) race conditions.

Graudit – simple script and signature sets that allows you to find potential security flaws in source code using the GNU utility grep. Graudit supports scanning code written in several languages; asp, jsp, perl, php and python.

DNS

dnsmap – Subdomain bruteforce.

Forensics Analysis

Digital Forensics Analysis – a simple but powerful open source tool with a flexible module system which will help you in your digital forensics works, including files recovery due to error or crash, evidence research and analysis, etc.

EnCase Forensic Tool – From the simplest requirements to the most complex, EnCase Forensic is the premier computer forensic application on the market.

Bypass

Pass-The-Hash – The Pass-The-Hash Toolkit contains utilities to manipulate the Windows Logon Sessions mantained by the LSA (Local Security Authority) component. These tools allow you to list the current logon sessions with its corresponding NTLM credentials (e.g.: users remotely logged in thru Remote Desktop/Terminal Services), and also change in runtime the current username, domain name, and NTLM hashes

Documentation

Agnitio – A tool to help developers and security professionals conduct manual security code reviews in a consistent and repeatable way. Agnitio aims to replace the adhoc nature of manual security code review documentation, create an audit trail and reporting.

Educational

Damn Vulnerable Web App (DVWA) – PHP/MySQL web application that is damn vulnerable. Its main goals are to be an aid for security professionals to test their skills and tools in a legal environment, help web developers better understand the processes of securing web applications and aid teachers/students to teach/learn web application security in a class room environment.

Mutillidae – Deliberately Vulnerable Set Of PHP Scripts That Implement The OWASP Top 10

WebGoat – deliberately insecure J2EE web application maintained by OWASP designed to teach web application security lessons.

moth – VMware image with a set of vulnerable Web Applications and scripts, that you may use for Testing Web Application Security Scanners, Testing Static Code Analysis tools (SCA) and Giving an introductory course to Web Application Security.

Web Security Dojo – A free open-source self-contained training environment for Web Application Security penetration testing. Tools + Targets = Dojo

Programming

JODE is a java package containing a decompiler and an optimizer for java

File Managers

cadaver – is a command-line WebDAV client for Unix. It supports file upload, download, on-screen display, namespace operations (move/copy), collection creation and deletion, and locking operations.

NAT

pwnat – pronounced “poe-nat”, is a tool that allows any number of clients behind NATs to communicate with a server behind a separate NAT with *no* port forwarding and *no* DMZ setup on any routers in order to directly communicate with each other.

Leer artículo original: Herramientas de Seguridad (scanners, sniffers, spoofers, IDS, web hacking, auditoría, exploitation y más!)