PUBLIC MARKS with tag penetration-testing

Secrets of Network Cartography: A Comprehensive Guide to nmap

Malware Search Engine

Combining the best features from both distributions, and paying special attention to small details, this is probably the best version of either distributions to ever come out. Based on SLAX (Slackware), BackTrack provides user modularity. This means the distribution can be easily customised by the user to include personal scripts, additional tools, customised kernels, etc.

Basic Analysis and Security Engine (BASE) project

A Windows password cracker based on the faster time-memory trade-off using rainbow tables. This is an evolution of the original Ophcrack 1.0 developed at EPFL. Ophrack 2.2 comes with a GTK Graphical User Interface and runs on Windows as well as on Linux.

Aanval is the industries only correlation and analysis console designed specifically for Snort and Syslog data.

XNmap 3.0 XNmap is the most user friendly way to scan networks and perform security audits from a Mac. The current release updates XNmap to allow you to choose any copy of nmap you want, including the ability to use the version installed by Fink. The nmap binary that is included in the XNmap download (v. 4.01) is now installed in such a way to allow it to be run from the command line as well as from XNmap! XNmap is now a Universal Binary!

Scapy is a powerful interactive packet manipulation program. It is able to forge or decode packets of a wide number of protocols, send them on the wire, capture them, match requests and replies, and much more. It can easily handle most classical tasks like scanning, tracerouting, probing, unit tests, attacks or network discovery (it can replace hping, 85% of nmap, arpspoof, arp-sk, arping, tcpdump, tethereal, p0f, etc.). It also performs very well at a lot of other specific tasks that most other tools can't handle, like sending invalid frames, injecting your own 802.11 frames, combining technics (VLAN hopping+ARP cache poisoning, VOIP decoding on WEP encrypted channel, ...), etc.

Automated Assessment Tool

Ports List (Well Known Ports)

eVuln provides the folowing services: Web Application Source Code Analysis - Whitebox TestSecurity Implementation ConsultingWeb Application Remote Penetration Test - Blackbox TestIncident Response

Auditing Tools

Wiki based security portal

Home> Network and Communications Services> Products and services> Security - Computer & Network> Security utilities

The Prefix WhoIs Project provides a whois-compatible client and server framework for disclosing various up-to-date routing information. Instead of using registrar-originated information (which is often unspecific or inaccurate), Prefix WhoIs uses the Internet's global routing table as gleaned from a number of routing peers around the network.

ssldump is an SSLv3/TLS network protocol analyzer. It identifies TCP connections on the chosen network interface and attempts to interpret them as SSLv3/TLS traffic. When it identifies SSLv3/TLS traffic, it decodes the records and displays them in a textual form to stdout. If provided with the appropriate keying material, it will also decrypt the connections and display the application data traffic.

WepLab, analyzing WEP encryption security on wireless networks

Checklist: How to test SQL Server security

Here you will find FREE resource and people who are willing to share with their peers. We do not have huge ego but simply a willingness to help others and to give back to the community by contributing links, docs, tips, tricks, etc...

: Google Your Site For Security Vulnerabilities

Security, Penetration Testing and Hacking Tips for network Administrators

Informative information for the uninformed

This is the Metasploit Project. The goal is to provide useful information to people who perform penetration testing, IDS signature development, and exploit research. This site was created to fill the gaps in the information publicly available on various exploitation techniques and to create a useful resource for exploit developers. The tools and information on this site are provided for legal penetration testing and research purposes only.