Pen-testing Security Tools

« The Diary of An American WitchdoctorThe Song from the Ask.com commercial »

Pen-testing Security Tools

While testing the exploitability of your target and mapping out vulnerabilities it is important to gain access inside the targets defenses so that you can establish an internal foothold like a owned box or switch. This is so you can use a tool to discover the packet-filtering being used, and literally map out the firewall/IDS rules. Needless to say that really provides you with a lot more complete vulnerability assessment to help discover more weak spots in the system.

• Socat
  

  Socat is a relay for bidirectional data transfer between two independent data channels. Each of these data channels may be a file, pipe, device (terminal or modem, etc.), socket (Unix, IP4, IP6 – raw, UDP, TCP), SSL, a client for SOCKS4, or proxy CONNECT. It supports broadcasts and multicasts, abstract Unix sockets, Linux tun/tap, GNU readline, and PTYs. It provides forking, logging, and dumping and different modes for interprocess communication. Many options are available for tuning socat and its channels. Socat can be used, for example, as a TCP relay (one-shot or daemon), as a daemon-based socksifier, as a shell interface to Unix sockets, as an IP6 relay, or for redirecting TCP-oriented programs to a serial line.

• Samplicator
  

  UDP Samplicator receives UDP datagrams on a given port and resends those datagrams to a specified set of receivers. In addition, a sampling divisor N may be specified individually for each receiver, which will then only receive one in N of the received packets.

ftester – for master pentesters only–get the lowdown on your packetfiltering
rwhois – really great addition to using whois. Get additional info not on whois, query rwhois servers.
lft – useful alternative method of tracerouteing. oppleman
packit – define (spoof) nearly all TCP, UDP, ICMP, IP, ARP, RARP, and Ethernet header options
etherape – really cool graphical program that displays connections and protocols similar to cheops.
amap – fingerprinting
xprobe2 – fingerprinting
p0f2 – really exceptional fingerprinting. can be passively run in the BG.
firewalk – good packetfiltering enumerator
BGPview – bgp anyone?
icmpenum – icmp fingerprinting
dnstracer – awesome and creative graphical output of dns
ssldump – not really that useful but impressive in a report
mtr – alternative traceroute
MRTG – favorite tool of ISPs, many uses here
host – don’t forget this one
ike-scan – scan for vpns
upnpscan – scan for upnp devices
ftp-spider – get info on ftp server
traceproto – very nice alternative to traceroute/firewalk

Also see: Vulnerability Scanner Review

• sing
• netleak
• dmitry
• isic
• dnsa
• nemesis
• sara
• zodiacdns
• fragroute
• sentry 2.0
• Caecus
• C-Parse
• pchar
• nmbscan
• nbtscan
• admsmb

« The Diary of An American Witchdoctor
The Song from the Ask.com commercial »