Penetration Testing Tools

Packet
Shaper:

• Nemesis:
  a command line packet shaper
• Packit:
  The Packet Toolkit – A network packet shaper.
• Hping
  by Antirez: a command line TCP/IP packet shaper
• Sing:
  stands for ‘Send ICMP Nasty Garbage’; sends fully customizeable ICMP
  packets
• Scapy:
  a new python-based packet generator

Password
Cracker/Login Hacker:

• John
  the Ripper: a well-known
  password cracker for Windows and *nix Systems
• Djohn:
  a distributed password cracker based on "John
  the Ripper"
• Cain
  & Abel: an advanced
  password recovery tool for windows systems. It sniffs the network
  packets an cracks authentication brute-force or with dictionary
  attacks.
• Project
  RainbowCrack: Advanced instant
  NT password cracker
• Rainbowtables: The
  shmoo group provides pre-generated rainbow tables for bittorrent
  download. The tables are generated with RainbowCrack (see above).
• Windows
  NT
  password recovery tool by Peter
  Nordahl
• THC-Dialup
  Login Hacker by THC. It tries to
  guess username and password against the modem carrier. As far as I know
  the only available dialup password guesser for *NIX.
• Hydra
  by THC: a multi-protocol login hacker. Hydra is also integrated with Nessus.
• Medusa: parallel network login auditor
• THC
  imap bruter: a very fast imap
  password brute forcer
• x25bru:
  a login/password bruteforcer for x25 pad
• Crowbar: a generic web brute force tool (Windows only; requires .NET Framework)
• MDCrack-NG: a very fast MD4/MD5/NTLMv1 hash cracker; works optionally with precomputed hash tables

Advanced
Sniffers:

• Wireshark (formerly known as Ethereal): an open source network protocol analyzer
• Dsniff
  by Dug Song: a combination of very useful sniffer and man-in-the-middle
  attack tools
• Ettercap:
  a multipurpose sniffer/interceptor/logger for switched LAN environments
• aimsniffer:
  monitors AOL instant messager communication on the network
• 4G8:
  a tool ,similar to ettercap, to capture network traffic in switched
  environments
• cdpsniffer:
  Cisco discovery protocol (CDP) decoding sniffer

Port
Scanner / Information Gathering:

• nmap:
  the currently most well-known port scanner. Since version 3.45 it
  supports version
  scans. Have a look at PBNJ for diffing different nmap scans.
• ISECOM
  released their nmap wrapper NWRAP,
  which shows all known protocols for the discovered ports form the Open
  Protocol Resource Database
• Nmap::Scanner:
  Perl output parser for nmap
• Amap
  by THC: An advanced portscanner which determines the application behind
  a network port by its application handshake. Thus it detects well-known
  applications on non-standard ports or unknown applications on
  well-known ports.
• vmap
  by THC: version mapper to determine the version (sic!) of scanned daemons
• Unicornscan:
  a information gathering and correlation engine
• DMitry (Deepmagic Information Gathering Tool): a host information gathering tool for *nix systems
• Athena:
  a search engine query tool for passive information gathering

Security
Scanner:

• Nessus
  - In version 2 an OpenSource network scanner. Version 3 is only available in binary form and under a proprietary license.
• OpenVAS: a fork of Nessus 2.2.5 (formerly known as GNessUs)

• Nessj: a java based nessus (and compatibles) client (formerly known as Reason)
• Paul
  Clip from @stake released AUSTIN,
  a security scanner for Palm OS 3.5+.

Webserver:

• Nikto:
  a web server scanner with anti IDS features. Based on Rain Forest
  Puppies libwhisker
  library.
• Wikto: a webserver assessment tool (Windows only; requires .NET framework)
• WSDigger:
  a black box web pen testing tool from Foundstone (Windows based)
• Metis:
  a java based information gathering tool for web sites

Fingerprinting:

• SinFP: a fingerprinting tool which requires only an open tcp port and sends maximum 3 packets
• Winfingerprint:
  much more than a simple fingerprinting tool.It scans for Windows
  shares, enumerates usernames, groups, sids and much more.
• p0f
  2: Michal Zalewski announced his
  new release of p0f 2, a passive OS fingerprinting tool. p0f 2 is a
  completely rewrite of the old p0f code.
• xprobe2:
  a remote active operating system fingerprinting tool from Ofir Arkin
  and the xprobe2 team
• Cron-OS:
  an active OS fingerprinting tool based on TCP timeout behavior. This
  project was formerly known as "RING" and is now published as a nmap
  addon.

Proxy
Server:

• Burp
  proxy: an interactive HTTP/S
  proxy server for attacking and debugging web-enabled applications
• Screen-scraper:
  a http/https-proxy server with a scripting engine for data manipulation
  and searching
• Paros:
  a man-in-the-middle proxy and application vulnerability scanner
• WebScarab: a framework for analyzing web applications. One of it’s basic functionality is the usage as intercepting proxy.

War Dialers:

• IWar: a classic war dialer. One of a few wardialers for *nix operation systems, and the only with VOIP functionality (to my knowledge)
• THC-Scan: a war dialer for DOS, Windows and DOS emulators

Malware / Exploit Collections:

• packetstormsecurity.org:
  Huge collections of tools and exploits
• ElseNot Project: The project tries to publish an exploit for each MS Security Bulltin. A script kiddie dream come true.
• Offensive Computing: Another malware collection site
• Securityforest: try the ExploitTree to get a collection of exploit code; have a look at the ToolTree for a huge list of pentest stuff

Databases / SQL:

• sqlninja: a tool to exploit sql injection vulnerabilities in web applications with MS SQL Servers (alpha stage)
• CIS
  Oracle Database Scoring Tool:
  scans Oracle 8i for compliance with the CIS Oracle Database
  Benchmark
• SQLRecon:
  an active and passive scanner for MSSQL server. Works on Windows 2000,
  XP and 2003.
• absinthe: a
  gui-based tool that automates the process of downloading the schema
  & contents of a database that is vulnerable to Blind SQL Injection
  (see here
  and here).
• SQL Power Injector: a GUI based SQL injector for web pages (Windows, .Net Framework 1.1 required, Internet Explorer 5.0+ required)

Voice over IP (VOIP):

• vomit (voice over misconfigured internet telephones): converts Cisco IP phone conversations into wave files
• SiVuS: a VOIP vulnerability scanner – SIP protocol (beta, Windows only)
• Cain & Abel: mostly a password cracker, can also record VOIP conversations (Windows only)
• sipsak (SIP swis army knife): a SIP packet generator
• SIPp: a SIP test tool and packet generator
• Nastysip: a SIP bogus message generator
• voipong: dumps G711 encoded VOIP communications to wave files. Supports: SIP, H323, Cisco Skinny Client Protocol, RTP and RTCP
• Perl based tools by Thomas Skora: sip-scan, sip-kill, sip-redirectrtp, rtpproxy and ipq_rules
• rtptools: a toolset for rtp recording and playing

Networkbased Tools:

• yersinia: a network tool
  designed to take advantage of some weakeness in different network
  protocols (STP, CDP, DTP, DHCP, HSRP, 802.1q, VTP)

• Netsed:
  alters content of network packets while
  forwarding the packets

• ip6sic:
  a IPv6 stack integrity tester

VPN:

• ike-scan:
  an IPSec enumeration and fingerprinting tool
• ikeprobe:
  ike scanning tool
• ipsectrace:
  a tool for profiling ipsec traffic in a dump file. Initial alpha release
• VPNMonitor:
  a Java application to observer network traffic. It graphically
  represents network connections and highlights all VPN connections. Nice
  for demonstrations, if somewhat of limited use in a real pen test.
• IKECrack:an IKE/IPSec cracker for pre-shared keys (in aggressive mode authentication [RFC2409])

DNSA:
DNS Auditing tool by Pierre Betouin

Hunt:
a session hijacking tool with curses GUI

SMAC:
a Windows MAC Address Modifying Utility. Supports Windows 2000 and XP.

The
WebGoat Project: a web
application written in Java with intentional vulnerabilities. Supports
an interactive learning environment with individual lessons.

TSCrack:
a Windows Terminal Server brute forcer

Ollie
Whitehouse from @stake released some new cellular phone based
pentesting tools for scanning
(NetScan,
MobilePenTester).
All tools
require a Sony Ericsson P800 mobile phone. Unfortunately, @stake seems
no longer to support much of their free
security tools. So, use instead the alternativ download links above.

THC-FuzzyFingerprint:
generates fuzzy fingerprints that look almost nearly equal to a given
fingerprint/hash-sum. Very useful for MITM attacks.

BeatLM,
a password finder for LM/NTLM hashes. Currently, there is no support
for NTLM2 hashes. In order to get the hashes from network traffic, try ScoopLM.

THC
vlogger: a linux kernel based
keylogger

The
Metasploit Framework: an
"advanced open-source platform for developing, testing, and using
exploit code".

ATK (Attack Tool Kit): a comination of security scanner and exploit framework (Windows only)

Pirana: an exploitation framework to test the security of email content filters. See also the whitepaper

PassLoc:
a tool which provides the means to locate keys within a buffer. Based
on the article "Playing
hide and seek with stored keys"
by Adi Shamir.

Dl-Hell:
identifies an executables dynamic link library (DLL) files

DHCPing:
a security tool for testing dhcp security

ldapenum:
a perl
script for enumeration against ldap servers.

Checkpwd: a dictionary based password checker for oracle databases

NirCmd from NirSoft: a windows command line tool to manipulate the registry, initiate a dialup connection and much more

Windows Permission Identifier: a tools for auditing user permissions on a windows system

MSNPawn: a toolset for footprinting, profiling and assesment via the MSN Search. Windows-only, .NET required

snmpcheck:a tool to gather information via snmp. Works on Linux, *BSD and Windows systems.

pwdump6: extract NTLM and LanMan hashes from Windows targets

• Must have Bluetooth hacking tools
• Great list of hacking tools
• splmap 0.6 released
• VoIP Hacking software
• Free SQL Injection Scanners

출처 : lonerunners.net
원문 : http://www.lonerunners.net/1188-penetration-testing-tools.html