Dummies.com
  • Print
  • Share
Hacking For Dummies, 2nd Edition (047005235X) cover image

Hacking For Dummies, 2nd Edition

ISBN: 978-0-470-05235-8
Paperback
408 pages
October 2006
This title is out-of-print and not currently available for purchase from this site.
View Previous Edition of This Title
Other Available Formats: E-book
Tools and Resources

In order to stay up to date with the latest and greatest ethical hacking tools and resources, you have to know where to turn to. This Web page contains my favorite security sites, tools, resources, and more that you can also benefit from in your ongoing ethical hacking program.

In addition to the Web sites listed on this page, I also recommend the following books as great resources for ethical hacking:

* Managing an Information Security and Privacy Awareness and Training Program by Rebecca Herold (Auerbach)
* Hackers: Heroes of the Computer Revolution by Steven Levy (Penguin)

Awareness and Training

Awareity MOAT
www.awareity.com

Birch Systems Privacy Posters
www.privacyposters.com

Greenidea Visible Statement
www.greenidea.com

Interpact, Inc. Awareness Resources
www.thesecurityawarenesscompany.com

NIST resources
http://csrc.nist.gov/ATE

SANS Security Awareness Program
www.sans.org/awareness/awareness.php

Security Awareness, Inc. Awareness Resources
www.securityawareness.com

Bluetooth

BlueScanner
www.networkchemistry.com/products/bluescanner.php

Bluesnarfer
www.alighieri.org/tools/bluesnarfer.tar.gz

BlueSniper rifle
www.tomsnetworking.com/2005/03/08/how_to_bluesniper_pt

Blooover
http://trifinite.org/trifinite_stuff_blooover.html

Bluejacking community site
www.bluejackq.com

Detailed presentation on the various Bluetooth attacks
http://trifinite.org/Downloads/21c3_Bluetooth_Hacking.pdf

NIST Special Publication 800-48
http://csrc.nist.gov/publications/nistpubs/800-48/NIST_SP_800-48.pdf

Certifications

Certified Ethical Hacker
www.eccouncil.org/CEH.htm

Dictionary Files and Word Lists

ftp://ftp.cerias.purdue.edu/pub/dict

ftp://ftp.ox.ac.uk/pub/wordlists

http://packetstormsecurity.nl/Crackers/wordlists

www.outpost9.com/files/WordLists.html

Default vendor passwords
www.cirt.net/cgi-bin/passwd.pl

Exploit Tools

CORE IMPACT
www.coresecurity.com

Metasploit
www.metasploit.com/projects/Framework

General Research Tools

AfriNIC
www.afrinic.net

APNIC
www.apnic.net

ARIN
www.arin.net/whois/index.html

CERT/CC Vulnerability Notes Database
www.kb.cert.org/vuls

ChoicePoint
www.choicepoint.com

Common Vulnerabilities and Exposures
http://cve.mitre.org/cve

DNSstuff.com
www.DNSstuff.com

Google
www.google.com

Government domains
www.dotgov.gov

Hoover's business information
www.hoovers.com

LACNIC
www.lacnic.net

Military domains
www.nic.mil/dodnic

NIST National Vulnerability Database
http://nvd.nist.gov

RIPE Network Coordination Centre
www.ripe.net/whois

Sam Spade
www.samspade.org

SecurityTracker
http://securitytracker.com

Switchboard.com
www.switchboard.com

U.S. Patent and Trademark Office
www.uspto.gov

U.S. Search.com
www.ussearch.com

U.S. Securities and Exchange Commission
www.sec.gov/edgar.shtml

Whois.org
www.whois.org

Yahoo! Finance site
http://finance.yahoo.com

Hacker Stuff

2600 @@md The Hacker Quarterly magazine
www.2600.com

Blacklisted 411
www.blacklisted411.net

Computer Underground Digest
www.soci.niu.edu/~cudigest

Hacker T-shirts, equipment, and other trinkets
www.thinkgeek.com

Honeypots: Tracking Hackers
www.tracking-hackers.com

The Online Hacker Jargon File
www.jargon.8hz.com

PHRACK
www.phrack.org

Linux

Amap
http://packages.debian.org/unstable/net/amap

Bastille Linux Hardening Program
www.bastille-linux.org

BackTrack
www.remote-exploit.org/index.php/BackTrack

Comprehensive listing of live bootable Linux toolkits
www.frozentech.com/content/livecd.php

Debian Linux Security Alerts
www.debian.org/security

Linux Administrator's Security Guide
www.seifried.org/lasg

Linux Kernel Updates
www.linuxhq.com

Linux Security Auditing Tool (LSAT)
http://usat.sourceforge.net

Metasploit
www.metasploit.com

Network Security Toolkit
www.networksecuritytoolkit.org

Red Hat Linux Security Alerts
www.redhat.com/securityupdates

Security Tools Distribution
http://s-t-d.org

Slackware Linux Security Advisories
www.slackware.com/security

SUSE Linux Security Alerts
www.suse.com/us/business/security.html

Tiger
ftp://ftp.debian.org/debian/pool/main/t/tiger

VLAD the Scanner
www.bindview.com/Services/RAZOR/Utilities/Unix_Linux/vlad.cfm

Log Analysis

ArcSight Enterprise Security Manager
www.arcsight.com/product.htm

GFI LANguard Security Event Log Monitor
www.gfi.com/lanselm

Internet Security Systems Managed Services
www.iss.net/products_services/managed_services

LogAnalysis.org system logging resources
www.loganalysis.org

Malware

chkrootkit
www.chkrootkit.org

EICAR Anti-Virus test file
www.eicar.org/anti_virus_test_file.htm

The File Extension Source
http://filext.com

McAfee AVERT Stinger
http://vil.nai.com/vil/stinger

Rkdet
http://vancouver-webpages.com/rkdet

Wotsit's Format
www.wotsit.org

Messaging

Abuse.net SMTP relay checker
www.abuse.net/relay.html

Brutus
http://securitylab.ru/_tools/brutus-aet2.zip

Cain and Abel
www.oxid.it/cain.html

DNSstuff.com relay checker
www.dnsstuff.com

GFI e-mail security test
www.gfi.com/emailsecuritytest

How to disable SMTP relay on various e-mail servers
www.mail-abuse.com/an_sec3rdparty.html

mailsnarf
www.monkey.org/~dugsong/dsniff or
www.datanerds.net/~mike/dsniff.html for the Windows version

Sam Spade for Windows
www.samspade.org/ssw

smtpscan
www.greyhats.org/?smtpscan

NetWare

Adrem Freecon
www.adremsoft.com

Craig Johnson's BorderManager resources
http://nscsysop.hypermart.net

JRB Software
www.jrbsoftware.com

NCPQuery
www.bindview.com/resources/razor/files/ncpquery-1.2.tar.gz

NetServerMon
www.simonsware.com/Products.shtml

Novell Product Updates
http://support.novell.com/filefinder

Pandora
www.nmrc.org/project/pandora

Rcon program
http://packetstormsecurity.nl/Netware/penetration/rcon.zip

Remote
www.securityfocus.com/data/vulnerabilities/exploits/Remote.zip

UserDump
www.hammerofgod.com/download/userdump.zip

Networks

Cain and Abel
www.oxid.it/cain.html

CommView
www.tamos.com/products/commview

dsniff
www.monkey.org/~dugsong/dsniff

Essential NetTools
www.tamos.com/products/nettools

Ethereal network analyzer
www.ethereal.com

EtherPeek
www.wildpackets.com/products/etherpeek/overview

ettercap
http://ettercap.sourceforge.net

Firewalk
www.packetfactory.net/firewalk

Getif
www.wtcs.org/snmp4tpc/getif.htm

GFI LANguard Network Scanner
www.gfi.com/lannetscan

GNU MAC Changer
www.alobbs.com/macchanger

IETF RFCs
www.rfc-editor.org/rfcxx00.html

LanHound
www.sunbelt-software.com/LanHound.cfm

MAC address vendor lookup
http://standards.ieee.org/regauth/oui/index.shtml

Nessus vulnerability scanner
www.nessus.org

Netcat
www.vulnwatch.org/netcat/nc111nt.zip

NetScanTools Pro all-in-one network testing tool
www.netscantools.com

Nmap port scanner
www.insecure.org/nmap

NMapWin
http://sourceforge.net/projects/nmapwin

Port number listing
www.iana.org/assignments/port-numbers

Port number lookup
www.cotse.com/cgi-bin/port.cgi

QualysGuard vulnerability assessment tool
www.qualys.com

SNMPUTIL
www.wtcs.org/snmp4tpc/FILES/Tools/SNMPUTIL/SNMPUTIL.zip

Sunbelt Network Security Inspector
www.sunbelt-software.com/SunbeltNetworkSecurityInspector.cfm

SuperScan port scanner
www.foundstone.com/resources/proddesc/superscan.htm

TrafficIQ Pro
www.karalon.com

WhatIsMyIP
www.whatismyip.com

Password Cracking

BIOS passwords
http://labmice.techtarget.com/articles/BIOS_hack.htm

Brutus
http://securitylab.ru/_tools/brutus-aet2.zip

Cain and Abel
www.oxid.it/cain.html

Chknull
www.phreak.org/archives/exploits/novell/chknull.zip

Crack
ftp://coast.cs.purdue.edu/pub/tools/unix/pwdutils/crack

Elcomsoft Distributed Password Recovery
www.elcomsoft.com/edpr.html

John the Ripper
www.openwall.com/john

Ophcrack
www.objectif-securite.ch/ophcrack

Proactive Password Auditor
www.elcomsoft.com/ppa.html

Proactive System Password Recovery
www.elcomsoft.com/pspr.html

pwdump3
www.openwall.com/passwords/dl/pwdump/pwdump3v2.zip

NetBIOS Auditing Tool
www.securityfocus.com/tools/543

NTAccess
www.mirider.com/ntaccess.html

RainbowCrack
www.antsight.com/zsl/rainbowcrack

RainbowCrack-Online
www.rainbowcrack-online.com

Rainbow tables
http://rainbowtables.shmoo.com

TSGrinder
www.hammerofgod.com/download/tsgrinder-2.03.zip

WinHex
www.winhex.com

Patch Management

BigFix Enterprise Suite Patch Management
www.bigfix.com/products/patch.html

Ecora Patch Manager
www.ecora.com/ecora/products/patchmanager.asp

GFI LANguard Network Security Scanner
www.gfi.com/lannetscan

HFNetChkPro from Shavlik Technologies
www.shavlik.com/product_cat_patch_mang.aspx

Patch Authority Plus
www.scriptlogic.com/products/patchauthorityplus

PatchLink
www.patchlink.com

SysUpdate
www.securityprofiling.com

UpdateEXPERT from St. Bernard Software
www.stbernard.com/products/updateexpert/products_updateexpert.asp

Windows Server Update Services from Microsoft
www.microsoft.com/windowsserversystem/updateservices/default.mspx

Source Code Analysis

Compuware
www.compuware.com/products/devpartner/securitychecker.htm

Fortify Software
www.fortifysoftware.com

Klocwork
www.klocwork.com

Ounce Labs
www.ouncelabs.com

SPI Dynamics
www.spidynamics.com/products/devinspect/index.html

Security Standards

Center for Internet Security's Benchmarks/Scoring Tools
www.cisecurity.org

NIST Special Publications
http://csrc.nist.gov/publications/nistpubs/index.html

Open Source Security Testing Methodology Manual
www.isecom.org/osstmm

SANS Step-by-Step Guides
http://store.sans.org

Security Education

Kevin Beaver's Security on Wheels podcasts and information security training resources
www.securityonwheels.com

Privacy Rights Clearinghouse's Chronology of Data Breaches Reported Since the ChoicePoint Incident
www.privacyrights.org/ar/ChronDataBreaches.htm

Storage

CHAP Password Tester
www.isecpartners.com/tools.html#CPT

CIFSShareBF
www.isecpartners.com/SecuringStorage/CIFShareBF.zip

GrabiQNs
www.isecpartners.com/SecuringStorage/GrabiQNs.zip

NASanon
www.isecpartners.com/SecuringStorage/NASanon.zip

StorScan
www.isecpartners.com/tools.html#StorScan

Risk Analysis and Threat Modeling

SecureITree
www.amenaza.com

Software Engineering Institute's OCTAVE methodology
www.cert.org/octave

Voice over IP

Cain and Abel
www.oxid.it/cain.html

NIST's SP800-58 document
http://csrc.nist.gov/publications/nistpubs/800-58/SP800-58-final.pdf

PROTOS
www.ee.oulu.fi/research/ouspg/protos

SearchVoIP.com
http://searchvoip.techtarget.com

SIP Forum Test Framework
www.sipfoundry.org/sftf/index.html

sipsak
http://sipsak.org

SiVuS
www.vopsecurity.org/html/tools.html

vomit
http://vomit.xtdnet.nl

War Dialing

Sandstorm Enterprises PhoneSweep
www.sandstorm.net/products/phonesweep

Sandstorm Enterprises Sandtrap wardialing honepot
www.sandstorm.net/products/sandtrap

THC-Scan
http://packetstormsecurity.org/groups/thc/thc-ts201.zip

ToneLoc
www.securityfocus.com/data/tools/auditing/pstn/tl110.zip

Web Applications and Databases

2600's Hacked Pages
www.2600.com/hacked_pages

Acunetix Web Vulnerability Scanner
www.acunetix.com

AppDetective
www.appsecinc.com/products/appdetective

Brutus
http://securitylab.ru/_tools/brutus-aet2.zip

HTTrack Website Copier
www.httrack.com

Foundstone's Hacme Tools
http://www.foundstone.com/resources/s3i_tools.htm

Google Hacking Database
http://johnny.ihackstuff.com/index.php?module=prodreviews

Netcraft
www.netcraft.com

NGSSquirrel
www.ngssoftware.com/software.htm

N-Stealth Security Scanner
www.nstalker.com/eng/products/nstealth

Paros Proxy
www.parosproxy.org

Pete Finnigan's listing of Oracle scanning tools
www.petefinnigan.com/tools.htm

Port 80 Software's ServerMask
www.port80software.com/products/servermask

Port 80 Software's Custom Error
www.port80software.com/products/customerror

SiteDigger
www.foundstone.com/resources/proddesc/sitedigger.htm

SQLPing2 and SQLRecon
www.sqlsecurity.com/Tools/FreeTools/tabid/65/Default.aspx

WebInspect
www.spidynamics.com/products/webinspect/index.html

WebGoat
www.owasp.org/index.php/Category:OWASP_WebGoat_Project

Windows

CORE IMPACT
www.coresecurity.com

DumpSec
www.somarsoft.com

Effective File Search
www.sowsoft.com/search.htm

FileLocator Pro
www.mythicsoft.com/filelocatorpro

Legion
http://packetstormsecurity.nl/groups/rhino9/legionv21.zip

Metasploit
www.metasploit.com

Microsoft Baseline Security Analyzer
www.microsoft.com/technet/security/tools/mbsahome.mspx

Microsoft TechNet Security Center
www.microsoft.com/technet/security/Default.asp

Network Users
www.optimumx.com/download/netusers.zip

Rpcdump
www.bindview.com/Services/RAZOR/Utilities/Windows/rpctools1.0-readme.cfm

SMAC MAC address changer
www.klcconsulting.net/smac

Vision
www.foundstone.com/knowledge/proddesc/vision.html

Walksam
www.bindview.com/Services/RAZOR/Utilities/Windows/rpctools1.0-readme.cfm

Winfo
www.ntsecurity.nu/toolbox/winfo

Wireless Networks

Aircrack
http://freshmeat.net/projects/aircrack

AirMagnet Laptop Analyzer
www.airmagnet.com/products/laptop.htm

AiroPeek SE
www.wildpackets.com/products/airopeek/airopeek_se/overview

AirSnort
http://airsnort.shmoo.com

Cantenna war-driving kit
http://mywebpages.comcast.net/hughpep

CommView for Wi-Fi
www.tamos.com/products/commwifi

Digital Hotspotter
www.canarywireless.com

Homebrew WiFi antenna
www.turnpoint.net/wireless/has.html

KisMAC
http://kismac.binaervarianz.de

Kismet
www.kismetwireless.net

Lucent Orinoco Registry Encryption/Decryption program
www.cqure.net/tools.jsp?id=3

NetStumbler
www.netstumbler.com

OmniPeek
www.wildpackets.com/products/omni/overview/omnipeek_analyzers

RFprotect Mobile
www.networkchemistry.com/products/rfprotectmobile.php

SeattleWireless HardwareComparison page
www.seattlewireless.net/index.cgi/HardwareComparison

Security of the WEP Algorithm
www.isaac.cs.berkeley.edu/isaac/wep-faq.html

The Unofficial 802.11 Security Web Page
www.drizzle.com/~aboba/IEEE

Wellenreiter
www.wellenreiter.net

WiGLE database of wireless networks at
www.wigle.net
www.wifimaps.com
www.wifinder.com

WinAirsnort
http://winairsnort.free.fr/

Wireless Vulnerabilities and Exploits
www.wirelessve.org

WPA Cracker
www.tinypeap.com/html/wpa_cracker.html

  • Print
  • Share