Hacking For Dummies, 2nd Edition
In order to stay up to date with the latest and greatest ethical hacking tools and resources, you have to know where to turn to. This Web page contains my favorite security sites, tools, resources, and more that you can also benefit from in your ongoing ethical hacking program.
In addition to the Web sites listed on this page, I also recommend the following books as great resources for ethical hacking:
* Managing an Information Security and Privacy Awareness and Training Program by Rebecca Herold (Auerbach)
* Hackers: Heroes of the Computer Revolution by Steven Levy (Penguin)
Awareness and Training
Awareity MOAT
www.awareity.comBirch Systems Privacy Posters
www.privacyposters.comGreenidea Visible Statement
www.greenidea.comInterpact, Inc. Awareness Resources
www.thesecurityawarenesscompany.comNIST resources
http://csrc.nist.gov/ATESANS Security Awareness Program
www.sans.org/awareness/awareness.phpSecurity Awareness, Inc. Awareness Resources
www.securityawareness.com
Bluetooth
BlueScanner
www.networkchemistry.com/products/bluescanner.phpBluesnarfer
www.alighieri.org/tools/bluesnarfer.tar.gzBlueSniper rifle
www.tomsnetworking.com/2005/03/08/how_to_bluesniper_ptBlooover
http://trifinite.org/trifinite_stuff_blooover.htmlBluejacking community site
www.bluejackq.comDetailed presentation on the various Bluetooth attacks
http://trifinite.org/Downloads/21c3_Bluetooth_Hacking.pdfNIST Special Publication 800-48
http://csrc.nist.gov/publications/nistpubs/800-48/NIST_SP_800-48.pdf
Certifications
Certified Ethical Hacker
www.eccouncil.org/CEH.htm
Dictionary Files and Word Lists
ftp://ftp.cerias.purdue.edu/pub/dict
ftp://ftp.ox.ac.uk/pub/wordlists
http://packetstormsecurity.nl/Crackers/wordlists
www.outpost9.com/files/WordLists.html
Default vendor passwords
www.cirt.net/cgi-bin/passwd.pl
Exploit Tools
CORE IMPACT
www.coresecurity.comMetasploit
www.metasploit.com/projects/Framework
General Research Tools
AfriNIC
www.afrinic.netAPNIC
www.apnic.netARIN
www.arin.net/whois/index.htmlCERT/CC Vulnerability Notes Database
www.kb.cert.org/vulsChoicePoint
www.choicepoint.comCommon Vulnerabilities and Exposures
http://cve.mitre.org/cveDNSstuff.com
www.DNSstuff.com
www.google.comGovernment domains
www.dotgov.govHoover's business information
www.hoovers.comLACNIC
www.lacnic.netMilitary domains
www.nic.mil/dodnicNIST National Vulnerability Database
http://nvd.nist.govRIPE Network Coordination Centre
www.ripe.net/whoisSam Spade
www.samspade.orgSecurityTracker
http://securitytracker.comSwitchboard.com
www.switchboard.comU.S. Patent and Trademark Office
www.uspto.govU.S. Search.com
www.ussearch.comU.S. Securities and Exchange Commission
www.sec.gov/edgar.shtmlWhois.org
www.whois.orgYahoo! Finance site
http://finance.yahoo.com
Hacker Stuff
2600 @@md The Hacker Quarterly magazine
www.2600.comBlacklisted 411
www.blacklisted411.netComputer Underground Digest
www.soci.niu.edu/~cudigestHacker T-shirts, equipment, and other trinkets
www.thinkgeek.comHoneypots: Tracking Hackers
www.tracking-hackers.comThe Online Hacker Jargon File
www.jargon.8hz.comPHRACK
www.phrack.org
Linux
Amap
http://packages.debian.org/unstable/net/amapBastille Linux Hardening Program
www.bastille-linux.orgBackTrack
www.remote-exploit.org/index.php/BackTrackComprehensive listing of live bootable Linux toolkits
www.frozentech.com/content/livecd.phpDebian Linux Security Alerts
www.debian.org/securityLinux Administrator's Security Guide
www.seifried.org/lasgLinux Kernel Updates
www.linuxhq.comLinux Security Auditing Tool (LSAT)
http://usat.sourceforge.netMetasploit
www.metasploit.comNetwork Security Toolkit
www.networksecuritytoolkit.orgRed Hat Linux Security Alerts
www.redhat.com/securityupdatesSecurity Tools Distribution
http://s-t-d.orgSlackware Linux Security Advisories
www.slackware.com/securitySUSE Linux Security Alerts
www.suse.com/us/business/security.htmlTiger
ftp://ftp.debian.org/debian/pool/main/t/tigerVLAD the Scanner
www.bindview.com/Services/RAZOR/Utilities/Unix_Linux/vlad.cfm
Log Analysis
ArcSight Enterprise Security Manager
www.arcsight.com/product.htmGFI LANguard Security Event Log Monitor
www.gfi.com/lanselmInternet Security Systems Managed Services
www.iss.net/products_services/managed_servicesLogAnalysis.org system logging resources
www.loganalysis.org
Malware
chkrootkit
www.chkrootkit.orgEICAR Anti-Virus test file
www.eicar.org/anti_virus_test_file.htmThe File Extension Source
http://filext.comMcAfee AVERT Stinger
http://vil.nai.com/vil/stingerRkdet
http://vancouver-webpages.com/rkdetWotsit's Format
www.wotsit.org
Messaging
Abuse.net SMTP relay checker
www.abuse.net/relay.htmlBrutus
http://securitylab.ru/_tools/brutus-aet2.zipCain and Abel
www.oxid.it/cain.htmlDNSstuff.com relay checker
www.dnsstuff.comGFI e-mail security test
www.gfi.com/emailsecuritytestHow to disable SMTP relay on various e-mail servers
www.mail-abuse.com/an_sec3rdparty.htmlmailsnarf
www.monkey.org/~dugsong/dsniff or
www.datanerds.net/~mike/dsniff.html for the Windows versionSam Spade for Windows
www.samspade.org/sswsmtpscan
www.greyhats.org/?smtpscan
NetWare
Adrem Freecon
www.adremsoft.comCraig Johnson's BorderManager resources
http://nscsysop.hypermart.netJRB Software
www.jrbsoftware.comNCPQuery
www.bindview.com/resources/razor/files/ncpquery-1.2.tar.gzNetServerMon
www.simonsware.com/Products.shtmlNovell Product Updates
http://support.novell.com/filefinderPandora
www.nmrc.org/project/pandoraRcon program
http://packetstormsecurity.nl/Netware/penetration/rcon.zipRemote
www.securityfocus.com/data/vulnerabilities/exploits/Remote.zip
Networks
Cain and Abel
www.oxid.it/cain.htmlCommView
www.tamos.com/products/commviewdsniff
www.monkey.org/~dugsong/dsniffEssential NetTools
www.tamos.com/products/nettoolsEthereal network analyzer
www.ethereal.comEtherPeek
www.wildpackets.com/products/etherpeek/overviewettercap
http://ettercap.sourceforge.netFirewalk
www.packetfactory.net/firewalkGetif
www.wtcs.org/snmp4tpc/getif.htmGFI LANguard Network Scanner
www.gfi.com/lannetscanGNU MAC Changer
www.alobbs.com/macchangerIETF RFCs
www.rfc-editor.org/rfcxx00.htmlLanHound
www.sunbelt-software.com/LanHound.cfmMAC address vendor lookup
http://standards.ieee.org/regauth/oui/index.shtmlNessus vulnerability scanner
www.nessus.orgNetcat
www.vulnwatch.org/netcat/nc111nt.zipNetScanTools Pro all-in-one network testing tool
www.netscantools.comNmap port scanner
www.insecure.org/nmapNMapWin
http://sourceforge.net/projects/nmapwinPort number listing
www.iana.org/assignments/port-numbersPort number lookup
www.cotse.com/cgi-bin/port.cgiQualysGuard vulnerability assessment tool
www.qualys.comSNMPUTIL
www.wtcs.org/snmp4tpc/FILES/Tools/SNMPUTIL/SNMPUTIL.zipSunbelt Network Security Inspector
www.sunbelt-software.com/SunbeltNetworkSecurityInspector.cfmSuperScan port scanner
www.foundstone.com/resources/proddesc/superscan.htmTrafficIQ Pro
www.karalon.comWhatIsMyIP
www.whatismyip.com
Password Cracking
BIOS passwords
http://labmice.techtarget.com/articles/BIOS_hack.htmBrutus
http://securitylab.ru/_tools/brutus-aet2.zipCain and Abel
www.oxid.it/cain.htmlChknull
www.phreak.org/archives/exploits/novell/chknull.zipCrack
ftp://coast.cs.purdue.edu/pub/tools/unix/pwdutils/crackElcomsoft Distributed Password Recovery
www.elcomsoft.com/edpr.htmlJohn the Ripper
www.openwall.com/johnOphcrack
www.objectif-securite.ch/ophcrackProactive Password Auditor
www.elcomsoft.com/ppa.htmlProactive System Password Recovery
www.elcomsoft.com/pspr.htmlpwdump3
www.openwall.com/passwords/dl/pwdump/pwdump3v2.zipNetBIOS Auditing Tool
www.securityfocus.com/tools/543NTAccess
www.mirider.com/ntaccess.htmlRainbowCrack
www.antsight.com/zsl/rainbowcrackRainbowCrack-Online
www.rainbowcrack-online.comRainbow tables
http://rainbowtables.shmoo.comTSGrinder
www.hammerofgod.com/download/tsgrinder-2.03.zipWinHex
www.winhex.com
Patch Management
BigFix Enterprise Suite Patch Management
www.bigfix.com/products/patch.htmlEcora Patch Manager
www.ecora.com/ecora/products/patchmanager.aspGFI LANguard Network Security Scanner
www.gfi.com/lannetscanHFNetChkPro from Shavlik Technologies
www.shavlik.com/product_cat_patch_mang.aspxPatch Authority Plus
www.scriptlogic.com/products/patchauthorityplusPatchLink
www.patchlink.comSysUpdate
www.securityprofiling.comUpdateEXPERT from St. Bernard Software
www.stbernard.com/products/updateexpert/products_updateexpert.aspWindows Server Update Services from Microsoft
www.microsoft.com/windowsserversystem/updateservices/default.mspx
Source Code Analysis
Compuware
www.compuware.com/products/devpartner/securitychecker.htmFortify Software
www.fortifysoftware.comKlocwork
www.klocwork.comOunce Labs
www.ouncelabs.comSPI Dynamics
www.spidynamics.com/products/devinspect/index.html
Security Standards
Center for Internet Security's Benchmarks/Scoring Tools
www.cisecurity.orgNIST Special Publications
http://csrc.nist.gov/publications/nistpubs/index.htmlOpen Source Security Testing Methodology Manual
www.isecom.org/osstmmSANS Step-by-Step Guides
http://store.sans.org
Security Education
Kevin Beaver's Security on Wheels podcasts and information security training resources
www.securityonwheels.comPrivacy Rights Clearinghouse's Chronology of Data Breaches Reported Since the ChoicePoint Incident
www.privacyrights.org/ar/ChronDataBreaches.htm
Storage
CHAP Password Tester
www.isecpartners.com/tools.html#CPTCIFSShareBF
www.isecpartners.com/SecuringStorage/CIFShareBF.zipGrabiQNs
www.isecpartners.com/SecuringStorage/GrabiQNs.zip
Risk Analysis and Threat Modeling
SecureITree
www.amenaza.comSoftware Engineering Institute's OCTAVE methodology
www.cert.org/octave
Voice over IP
Cain and Abel
www.oxid.it/cain.htmlNIST's SP800-58 document
http://csrc.nist.gov/publications/nistpubs/800-58/SP800-58-final.pdfPROTOS
www.ee.oulu.fi/research/ouspg/protosSearchVoIP.com
http://searchvoip.techtarget.comSIP Forum Test Framework
www.sipfoundry.org/sftf/index.htmlsipsak
http://sipsak.orgSiVuS
www.vopsecurity.org/html/tools.htmlvomit
http://vomit.xtdnet.nl
War Dialing
Sandstorm Enterprises PhoneSweep
www.sandstorm.net/products/phonesweepSandstorm Enterprises Sandtrap wardialing honepot
www.sandstorm.net/products/sandtrapTHC-Scan
http://packetstormsecurity.org/groups/thc/thc-ts201.zipToneLoc
www.securityfocus.com/data/tools/auditing/pstn/tl110.zip
Web Applications and Databases
2600's Hacked Pages
www.2600.com/hacked_pagesAcunetix Web Vulnerability Scanner
www.acunetix.comAppDetective
www.appsecinc.com/products/appdetectiveBrutus
http://securitylab.ru/_tools/brutus-aet2.zipHTTrack Website Copier
www.httrack.comFoundstone's Hacme Tools
http://www.foundstone.com/resources/s3i_tools.htmGoogle Hacking Database
http://johnny.ihackstuff.com/index.php?module=prodreviewsNetcraft
www.netcraft.comNGSSquirrel
www.ngssoftware.com/software.htmN-Stealth Security Scanner
www.nstalker.com/eng/products/nstealthParos Proxy
www.parosproxy.orgPete Finnigan's listing of Oracle scanning tools
www.petefinnigan.com/tools.htmPort 80 Software's ServerMask
www.port80software.com/products/servermaskPort 80 Software's Custom Error
www.port80software.com/products/customerrorSiteDigger
www.foundstone.com/resources/proddesc/sitedigger.htmSQLPing2 and SQLRecon
www.sqlsecurity.com/Tools/FreeTools/tabid/65/Default.aspxWebInspect
www.spidynamics.com/products/webinspect/index.htmlWebGoat
www.owasp.org/index.php/Category:OWASP_WebGoat_Project
Windows
CORE IMPACT
www.coresecurity.comDumpSec
www.somarsoft.comEffective File Search
www.sowsoft.com/search.htmFileLocator Pro
www.mythicsoft.com/filelocatorproLegion
http://packetstormsecurity.nl/groups/rhino9/legionv21.zipMetasploit
www.metasploit.comMicrosoft Baseline Security Analyzer
www.microsoft.com/technet/security/tools/mbsahome.mspxMicrosoft TechNet Security Center
www.microsoft.com/technet/security/Default.aspNetwork Users
www.optimumx.com/download/netusers.zipRpcdump
www.bindview.com/Services/RAZOR/Utilities/Windows/rpctools1.0-readme.cfmSMAC MAC address changer
www.klcconsulting.net/smacVision
www.foundstone.com/knowledge/proddesc/vision.htmlWalksam
www.bindview.com/Services/RAZOR/Utilities/Windows/rpctools1.0-readme.cfm
Wireless Networks
Aircrack
http://freshmeat.net/projects/aircrackAirMagnet Laptop Analyzer
www.airmagnet.com/products/laptop.htmAiroPeek SE
www.wildpackets.com/products/airopeek/airopeek_se/overviewAirSnort
http://airsnort.shmoo.comCantenna war-driving kit
http://mywebpages.comcast.net/hughpepCommView for Wi-Fi
www.tamos.com/products/commwifiDigital Hotspotter
www.canarywireless.comHomebrew WiFi antenna
www.turnpoint.net/wireless/has.htmlKisMAC
http://kismac.binaervarianz.deKismet
www.kismetwireless.netLucent Orinoco Registry Encryption/Decryption program
www.cqure.net/tools.jsp?id=3NetStumbler
www.netstumbler.comOmniPeek
www.wildpackets.com/products/omni/overview/omnipeek_analyzersRFprotect Mobile
www.networkchemistry.com/products/rfprotectmobile.phpSeattleWireless HardwareComparison page
www.seattlewireless.net/index.cgi/HardwareComparisonSecurity of the WEP Algorithm
www.isaac.cs.berkeley.edu/isaac/wep-faq.htmlThe Unofficial 802.11 Security Web Page
www.drizzle.com/~aboba/IEEEWellenreiter
www.wellenreiter.netWiGLE database of wireless networks at
www.wigle.net
www.wifimaps.com
www.wifinder.comWinAirsnort
http://winairsnort.free.fr/Wireless Vulnerabilities and Exploits
www.wirelessve.orgWPA Cracker
www.tinypeap.com/html/wpa_cracker.html
