Home » Security » Pen-testing Security Tools

by 1 comment

While testing the exploitability of your target and mapping out vulnerabilities it is important to gain access inside the targets defenses so that you can establish an internal foothold like a owned box or switch. This is so you can use a tool to discover the packet-filtering being used, and literally map out the firewall/IDS rules. Needless to say that really provides you with a lot more complete vulnerability assessment to help discover more weak spots in the system.

  • Socat
    Socat is a relay for bidirectional data transfer between two independent data channels. Each of these data channels may be a file, pipe, device (terminal or modem, etc.), socket (Unix, IP4, IP6 - raw, UDP, TCP), SSL, a client for SOCKS4, or proxy CONNECT. It supports broadcasts and multicasts, abstract Unix sockets, Linux tun/tap, GNU readline, and PTYs. It provides forking, logging, and dumping and different modes for interprocess communication. Many options are available for tuning socat and its channels. Socat can be used, for example, as a TCP relay (one-shot or daemon), as a daemon-based socksifier, as a shell interface to Unix sockets, as an IP6 relay, or for redirecting TCP-oriented programs to a serial line.
  • Samplicator
    UDP Samplicator receives UDP datagrams on a given port and resends those datagrams to a specified set of receivers. In addition, a sampling divisor N may be specified individually for each receiver, which will then only receive one in N of the received packets.
ftester - for master pentesters only--get the lowdown on your packetfiltering rwhois - really great addition to using whois. Get additional info not on whois, query rwhois servers. lft - useful alternative method of tracerouteing. oppleman packit - define (spoof) nearly all TCP, UDP, ICMP, IP, ARP, RARP, and Ethernet header options etherape - really cool graphical program that displays connections and protocols similar to cheops. amap - fingerprinting xprobe2 - fingerprinting p0f2 - really exceptional fingerprinting. can be passively run in the BG. firewalk - good packetfiltering enumerator BGPview - bgp anyone? icmpenum - icmp fingerprinting dnstracer - awesome and creative graphical output of dns ssldump - not really that useful but impressive in a report mtr - alternative traceroute MRTG - favorite tool of ISPs, many uses here host - don't forget this one ike-scan - scan for vpns upnpscan - scan for upnp devices ftp-spider - get info on ftp server traceproto - very nice alternative to traceroute/firewalk

Also see: Vulnerability Scanner Review

  • sing
  • netleak
  • dmitry
  • isic
  • dnsa
  • nemesis
  • sara
  • zodiacdns
  • fragroute
  • sentry 2.0
  • Caecus
  • C-Parse
  • pchar
  • nmbscan
  • nbtscan
  • admsmb


Comments Welcome

AskApache is an FSF Contributing Member (with ThankGNU)

Information is freedom. Freedom is non-negotiable. So please feel free to modify, copy, republish, sell, or use anything on this site in any way at any time ;)

My Online Tools
Popular Articles

Hacking and Hackers

The use of "hacker" to mean "security breaker" is a confusion on the part of the mass media. We hackers refuse to recognize that meaning, and continue using the word to mean someone who loves to program, someone who enjoys playful cleverness, or the combination of the two.
-- Richard M. Stallman


It's very simple - you read the protocol and write the code. -Bill Joy

Except where otherwise noted, content on this site is licensed under a Creative Commons Attribution 3.0 License, just credit with a link.
This site is not supported or endorsed by The Apache Software Foundation (ASF). All software and documentation produced by The ASF is licensed. "Apache" is a trademark of The ASF. NCSA HTTPd.
UNIX ® is a registered Trademark of The Open Group. POSIX ® is a registered Trademark of The IEEE.

+Askapache | |

Site Map | Contact Webmaster | License and Disclaimer | Terms of Service | @Htaccess

↑ TOPMain