Computer Security Software Products, Scripts, Tools & Programs
Anti-Virus & Host Based Protection and HIPS (Host Intrusion Prevention System)
McAfee ePo HBSS Protection – Free Trial http://www.mcafee.com/us/products/epolicy-orchestrator.aspx
McAfee ePolicy Orchestrator (McAfee ePO) is the most advanced, extensible, and scalable centralized security management software in the industry. Unifying security management through an open platform, McAfee ePO makes risk and compliance management simpler and more successful for organizations of all sizes. As the foundation of McAfee Security Management Platform, McAfee ePO enables customers to connect industry-leading security solutions to their enterprise infrastructure to increase visibility, gain efficiencies, and strengthen protection.
Yara – Free download https://github.com/plusvic/yara/releases/tag/v3.4.0
YARA is a tool aimed at (but not limited to) helping malware researchers to identify and classify malware samples. With YARA you can create descriptions of malware families (or whatever you want to describe) based on textual or binary patterns. Each description, a.k.a rule, consists of a set of strings and a boolean expression which determine its logic. Let’s see an example:
Reconnaissance & Banner Grabbing:
NMAP – FREE Download https://nmap.org/download.html
Nmap (“Network Mapper”) is a free and open source (license) utility for network discovery and security auditing. Many systems and network administrators also find it useful for tasks such as network inventory, managing service upgrade schedules, and monitoring host or service uptime. Nmap uses raw IP packets in novel ways to determine what hosts are available on the network, what services (application name and version) those hosts are offering, what operating systems (and OS versions) they are running, what type of packet filters/firewalls are in use, and dozens of other characteristics. It was designed to rapidly scan large networks, but works fine against single hosts. Nmap runs on all major computer operating systems, and official binary packages are available for Linux, Windows, and Mac OS X. In addition to the classic command-line Nmap executable, the Nmap suite includes an advanced GUI and results viewer (Zenmap), a flexible data transfer, redirection, and debugging tool (Ncat), a utility for comparing scan results (Ndiff), and a packet generation and response analysis tool (Nping).
Synscan – FREE Download at https://packetstormsecurity.com/files/download/62221/synscan-5.0.tar.gz
SynScan is a fast half-open port scanner. This tool will send TCP packets with the SYN flag to any block of destination addresses at very high speed. SynScan endeavors to send traffic as fast as the host network interface can support.
Website Application Testing & Hacking Recommended Tools to test YOUR or a site your AUTHORIZED to test:
Burp Suite: Free version available for download at portswigger.net
Burp Suite is an integrated platform for performing security testing of web applications. Its various tools work seamlessly together to support the entire testing process, from initial mapping and analysis of an application’s attack surface, through to finding and exploiting security vulnerabilities.
Burp gives you full control, letting you combine advanced manual techniques with state-of-the-art automation, to make your work faster, more effective, and more fun.
Burp Suite contains the following key components:
- An intercepting Proxy, which lets you inspect and modify traffic between your browser and the target application.
- An application-aware Spider, for crawling content and functionality.
- An advanced web application Scanner, for automating the detection of numerous types of vulnerability.
- An Intruder tool, for performing powerful customized attacks to find and exploit unusual vulnerabilities.
- A Repeater tool, for manipulating and resending individual requests.
- A Sequencer tool, for testing the randomness of session tokens.
- The ability to save your work and resume working later.
- Extensibility, allowing you to easily write your own plugins, to perform complex and highly customized tasks within Burp.
OWASP ZAP Proxy – FREE download https://github.com/zaproxy/zaproxy/wiki/Downloads?tm=2
The Zed Attack Proxy (ZAP) is an easy to use integrated penetration testing tool for finding vulnerabilities in web applications.
It is designed to be used by people with a wide range of security experience and as such is ideal for developers and functional testers who are new to penetration testing.
ZAP provides automated scanners as well as a set of tools that allow you to find security vulnerabilities manually.
Sqlmap – Free download at sqlmap.org
sqlmap is an open source penetration testing tool that automates the process of detecting and exploiting SQL injection flaws and taking over of database servers. It comes with a powerful detection engine, many niche features for the ultimate penetration tester and a broad range of switches lasting from database fingerprinting, over data fetching from the database, to accessing the underlying file system and executing commands on the operating system via out-of-band connections.
Havij – Free download at http://itsecteam.com/
Nikto – Free download at https://github.com/sullo/nikto
Nikto is an Open Source (GPL) web server scanner which performs comprehensive tests against web servers for multiple items, including over 6700 potentially dangerous files/programs, checks for outdated versions of over 1250 servers, and version specific problems on over 270 servers. It also checks for server configuration items such as the presence of multiple index files, HTTP server options, and will attempt to identify installed web servers and software. Scan items and plugins are frequently updated and can be automatically updated.
NetSparker – Demo available at netsparker.com
Netsparker Web Application Security Scanner can find and report web application vulnerabilities such as SQL Injection and Cross-site Scripting (XSS) and security issues on all web applications and websites regardless of the platform and the technology they are built on.
Netsparker is very easy to use and its unique detection and safe exploitation techniques allow it to be dead accurate in reporting hence it is the first and only False Positive Free web vulnerability scanner, therefore users can focus on remediating reported vulnerabilities and security issues without wasting time on learning how to use the web vulnerability scanner or verify its findings.
HP WebInspect – Demo available at http://www8.hp.com/us/en/software-solutions/webinspect-dynamic-analysis-dast/
An automated dynamic testing tool that mimics real-world hacking techniques and attacks, and provides comprehensive dynamic analysis of complex web applications and services.
DirBuster – Free download at https://www.owasp.org/index.php/Category:OWASP_DirBuster_Project
DirBuster is a multi threaded java application designed to brute force directories and files names on web/application servers. Often is the case now of what looks like a web server in a state of default installation is actually not, and has pages and applications hidden within. DirBuster attempts to find these.
However tools of this nature are often as only good as the directory and file list they come with. A different approach was taken to generating this. The list was generated from scratch, by crawling the Internet and collecting the directory and files that are actually used by developers! DirBuster comes a total of 9 different lists (Further information can be found below), this makes DirBuster extremely effective at finding those hidden files and directories. And if that was not enough DirBuster also has the option to perform a pure brute force, which leaves the hidden directories and files nowhere to hide! If you have the time 😉
Nessus – The Most Widely Deployed Vulnerability Assessment & Management Solution – Demo at http://www.tenable.com/products/nessus/select-your-operating-system
Nessus has been deployed by more than one million users across the globe because it:
- Runs in any environment: cloud, on-premises or hybrid
- Supports more technologies than any other vendor
- Scales from individual use to the world’s largest organizations
Retina Network Security Scanner is the security industry’s most respected and validated vulnerability assessment tool. It also serves as the scan engine for Retina CS Enterprise Vulnerability Management.
Find Vulnerabilities Across Network, Web, Virtual and Database Environments
With over 10,000 deployments since 1998, BeyondTrust Retina Network Security Scanner is the most sophisticated vulnerability assessment solution on the market. Available as a standalone application or as part of Retina CS Enterprise Vulnerability Management, Retina Security Scanner enables you to efficiently identify IT exposures and prioritize remediation enterprise-wide.
- Continually monitor and improve enterprise security posture
- Identify IT assets and sensitive data across disparate environments
- Find security exposures in network, web, database and virtual assets
- Prioritize remediation based on real risk to critical assets
- Easily deploy and scale from small to large environments
- Realize optimal performance via non-intrusive scanning
- Get fast, frequent updates from the BeyondTrust Research Team
The KeyGrabber Wi-Fi Premium is a wireless keylogger packed with state-of-the-art electronics: two powerful processors, a full TCP/IP stack, a WLAN transceiver, and 4 Gigabytes of memory. How does it work? Besides standard PS/2 and USB keylogger functionality, it features remote access over the Internet. This wireless keylogger will connect to a local Wi-Fi Access Point, and send E-mails containing recorded keystroke data. You can also connect to the keylogger at any time over TCP/IP and view the captured log. Contains a built-in time-stamping module and battery. All this in a device less than 2 inches (5 cm) long!
- Background connection to the Internet over a local Access Point
- Automatic E-mail reports with recorded keyboard data
- On-demand access at any time through TCP/IP
- Support for WEP, WPA, and WPA-2 encryption
- 4 Gigabytes of internal memory in all versions
- Flash drive mode available both in USB and PS/2 versions
- No software or drivers required, Windows, Linux, and Mac compatible
- Mac Compatibility Pack (MCP) option, enhancing performance on all Mac systems
- Ultra compact and discrete, less than 2 inches (5 cm) long
- Internal clock and battery with over 7 years lifetime guaranteed!
- Built-in time-stamping module, just like the KeyGrabber TimeKeeper
- Complete functionality of the KeyGrabber USB or KeyGrabber PS/2
- Available color options for USB version: Black, White
- Available color options for PS/2 version: Black, Gray, Purple
Metasploit – Free version http://www.rapid7.com/products/metasploit/
Choosing and configuring an exploit (code that enters a target system by taking advantage of one of its bugs; about 900 different exploits for Windows, Unix/Linux and Mac OS X systems are included);
Optionally checking whether the intended target system is susceptible to the chosen exploit;
Choosing and configuring a payload (code that will be executed on the target system upon successful entry; for instance, a remote shell or a VNC server);
Choosing the encoding technique so that the intrusion-prevention system (IPS) ignores the encoded payload;
Executing the exploit.
This modular approach – allowing the combination of any exploit with any payload – is the major advantage of the Framework. It facilitates the tasks of attackers, exploit writers and payload writers.
Metasploit runs on Unix (including Linux and Mac OS X) and on Windows. The Metasploit Framework can be extended to use add-ons in multiple languages.
To choose an exploit and payload, some information about the target system is needed, such as operating system version and installed network services. This information can be gleaned with port scanning and OS fingerprinting tools such as Nmap. Vulnerability scanners such as Nexpose or Nessus can detect target system vulnerabilities. Metasploit can import vulnerability scan data and compare the identified vulnerabilities to existing exploit modules for accurate exploitation.
BeEF – The Browser Exploitation Framework Project – Free version https://github.com/beefproject/beef
The Browser Exploitation Framework (BeEF) is an open-source penetration testing tool used to test and exploit web application and browser-based vulnerabilities. BeEF provides the penetration tester with practical client side attack vectors. It leverages web application and browser vulnerabilities to assess the security of a target and carry out further intrusions. This project is developed for lawful research and penetration testing. In practice, like many information security tools, Beef is used for both legitimate and unauthorized activities.
BeEF hooks one or more web browsers as beachheads for the launching of directed command modules. Each browser is likely to be within a different security context, and each context may provide a set of unique attack vectors.
BeEF can be extended both through the extension API, which allows changes to the way BeEF itself works, and through addition of modules, which add features with which to control “hooked” browsers.
Wireless Hacking/Cracking & Brute Forcing
Wireless Password Hacker v3
How to Hack WiFi Password (WEP/WPA/WPA2)
An internet connection has become a basic necessity in our modern lives. Wireless hot-spots (commonly known as Wi-Fi) can be found everywhere! If you have a PC with a wireless network card, then you must have seen many networks around you. Sadly most of these networks are secured with a network security key. Have you ever wanted to use one of these networks? You must have desperately wanted to check your mail when you shifted to your new house. The hardest time in your life is when your internet connection is down. Hacking those Wi-Fi passwords is your answer to temporary internet access.
Now to hack a Wifi Password you must first know what type of encryption it uses for its passwords there are many different types such as: WEP (easiest to crack/hack), WPA and WPA2.
Luckily for you we developed a program that automates all the hacking procces, and the only thing you need to do is click buttons & wait.
How it works?
To make you fully understand the method how this program performs you would most likely need near few months very first to understand the fundamentals of programming. Right after that you would again require few years probably (depends on how fast learner you are) to completely understand the approach how it functions. But in short, it scans for available wireless networks in your range, it contacts them, after the contact is established, it receives packets, after the packets are received, it decrypts the packets, meaning it gets the password with tool built within our application. Some wireless networks can be hacked in few moments, some can take few minutes, or hardly ever hours. This depends on how victim’s password is made. Many which are difficult to hack are created of letters (uppercase + lowercase), numbers and special characters. Naturally, many of them are made just of letters, and can be hacked extremely quick.
What Security Type’s / Encryptions does the software hack?
The software can hack the following encryptions / security type’s:
Available for download at http://www.wifi-hacker.org/download.php
AIRCRACK: Download at http://www.aircrack-ng.org/
Aircrack is one of the most popular wireless passwords cracking tools which you can use for 802.11a/b/g WEP and WPA cracking. Aircrack uses the best algorithms to recover wireless passwords by capturing packets. Once enough packets have been gathered, it tries to recover the password. To make the attack faster, it implements a standard FMS attack with some optimizations.
AirSnort is another popular tool for decrypting WEP encryption on a wi-fi 802.11b network. It is a free tool and comes with Linux and Windows platforms. This tool is no longer maintained, but it is still available to download from Sourceforge. AirSnort works by passively monitoring transmissions and computing encryption keys once it has enough packets received. This tool is simple to use. If you are interested, you can try this tool to crack WEP passwords.
Fuzzing with WebScarab: a framework for analysing applications that communicate using the HTTP and HTTPS protocols
JBroFuzz: a web application fuzzer
WSFuzzer: real-world manual SOAP pen testing tool
On Windows, try the CERT Failure Observation Engine (FOE). It is a fuzzing framework for Windows. It has the ability to do file-based fuzzing, to click on dialog boxes, and other stuff.
The SPIKE Fuzzer
SPIKE is actually a fuzzer creation kit, providing an API that allows a user to create their own fuzzers for network based protocols using the C programming language. SPIKE defines a number of primitives that it makes available to C coders, which allows it to construct fuzzed messages called “SPIKES” that can be sent to a network service to hopefully induce errors. SPIKE was specifically designed to focus on finding exploitable bugs, so it’s an excellent choice for our purposes.
CERT Basic Fuzzing Framework (BFF).
A generic file format fuzzer : Ilja van Sprundel’s mangle.c; “it’s usage is very simple, it takes a filename and headersize as input. it will then change approximatly between 0 and 10% of the header with random bytes.” (from the author)
Zzuf can act as a fuzzed file generator, http://sam.zoy.org/zzuf/
One may use tools like Hachoir as a generic parser for file format fuzzer development.
In Memory Fuzz PoC
Sulley Fuzzing Framework
(old) Presentation slides from release at BlackHat 2007
Other Fuzzing Software (alphabetical)
Written in Python, simple and limited fuzzing framework.
Can be perceived as a more powerful version of SPIKE. It’s main contribution is the introduction of a UNIX-based debugging agent capable of weighting the possibility of a crash on any given fuzz input.
A web-based ActiveX fuzzing engine written by HD Moore.
A Linux in-process fuzzer written by Michal Zalewski.
A Windows GUI fuzzer written by David Zimmer, designed to fuzz COM Object Interfaces.
Written in C, exposes a custom and easy to use scripting language for fuzzer deveopment.
Written by H D Moore and Aviv Raff, DOM-Hanoi is designed to identify common DHTML implementation flaws by adding/removing DOM elements
Evolutionary Fuzzing System (EFS)
A fuzzer which attempts to dynamically learn a protocol using code coverage and other feedback mechanisms.
A haskell-based file fuzzer that generates mutated files from a list of source files and feeds them to an external program in batches.
A python-based file fuzzer that generates mutated files from a list of source files and feeds them to an external program in batches.
A Perl based generic fuzzing framework.
General Purpose Fuzzer (GPF)
Written in C, GPF has a number of modes ranging from simple pure random fuzzing to more complex protocol tokenization.
Written by H D Moore and Aviv Raff, Hamachi will look for common DHTML implementation flaws by specifying common “bad” values for method arguments and property values.
A Python tool focused in discovering programming faults in network software.
An automated broken HTML generator and browser tester, originally used to find dozens of security and reliability problems in all major Web browsers.
Written in Python, an advanced and robust fuzzing framework which successfully separates and abstracts relevant concepts. Learning curve is a bit overwhelming.
Slides, whitepaper and code from the last publicly seen snapshot from Marshall Beddoe’s work.
Small fuzzer that uses libnetfilter_queue to take in packets from iptables. It’s fuzzing engine either randomly fuzzes binary or ASCII protocols or uses a basic fuzzing template to search and replace packet data.
XML driven generic file and protocol fuzzer.
Pure Python network protocol fuzzer from nd@felincemenace.
Written in C, exposes a custom API for fuzzer development. Probably the most widely used and popular framework.
TAOF (The Art of Fuzzing)
Written in Python, a cross-platform GUI driven network protocol fuzzing environment for both UNIX and Windows systems.
Intrusion Detection and Prevention Systems:
Snort – FREE DOWNLOAD https://www.snort.org/downloads
- Scalability: Snort can be successfully deployed on any network environment.
- Flexibility and Usability: Snort can run on various operating systems including Linux, Windows, and Mac OS X.
- Live and Real-Time: Snort can deliver real-time network traffic event information.
- Flexibility in Deployment: There are thousands of ways that Snort can be deployed and a myriad of databases, logging systems, and tools with which it can work.
- Speed in Detecting and Responding to Security Threats: Used in conjunction with a firewall and other layers of security infrastructure, Snort helps organizations detect and respond to system crackers, worms, network vulnerabilities, security threats, and policy abusers that aim to take down network and computer systems.
- Modular Detection Engine: Snort sensors are modular and can monitor multiple machines from one physical and logical location. Snort be placed in front of the firewall, behind the firewall, next to the firewall, and everywhere else to monitor an entire network. As a result, organizations use Snort as a security solution to find out if there are unauthorized attempts to hack in the network or if a hacker has gained unauthorized access into the network system.
SURICATA – Download at http://suricata-ids.org/download/
Suricata is a high performance Network IDS, IPS and Network Security Monitoring engine. Open Source and owned by a community run non-profit foundation, the Open Information Security Foundation (OISF). Suricata is developed by the OISF and its supporting vendors.
Bro IDS – Free download https://www.bro.org/download/index.html
Why Choose Bro? Bro is a powerful network analysis framework that is much different from the typical IDS you may know.
Bro’s domain-specific scripting language enables site-specific monitoring policies.
Bro targets high-performance networks and is used operationally at a variety of large sites.
Bro is not restricted to any particular detection approach and does not rely on traditional signatures.
Bro comprehensively logs what it sees and provides a high-level archive of a network’s activity.
Broala provides enterprise-level support by the creators of Bro. More …
Bro comes with analyzers for many protocols, enabling high-level semantic analysis at the application layer.
Bro keeps extensive application-layer state about the network it monitors.
Bro interfaces with other applications for real-time exchange of information.
Bro comes with a BSD license, allowing for free use with virtually no restrictions.
Metasploitable – Free download sourceforge.net/projects/metasploitable/
Metasploitable is an intentionally vulnerable Linux virtual machine. This VM can be used to conduct security training, test security tools, and practice common penetration testing techniques. The default login and password is msfadmin:msfadmin.
Honeyd – Free download at http://www.honeyd.org/
Honeyd is a small daemon that creates virtual hosts on a network. The hosts can be configured to run arbitrary services, and their personality can be adapted so that they appear to be running certain operating systems. Honeyd enables a single host to claim multiple addresses – I have tested up to 65536 – on a LAN for network simulation. Honeyd improves cyber security by providing mechanisms for threat detection and assessment. It also deters adversaries by hiding real systems in the middle of virtual systems
gdb – Free download at http://www.gnu.org/software/gdb/download/
GDB, the GNU Project debugger, allows you to see what is going on `inside’ another program while it executes — or what another program was doing at the moment it crashed.
GDB can do four main kinds of things (plus other things in support of these) to help you catch bugs in the act:
Start your program, specifying anything that might affect its behavior.
Make your program stop on specified conditions.
Examine what has happened, when your program has stopped.
Change things in your program, so you can experiment with correcting the effects of one bug and go on to learn about another.
The program being debugged can be written in Ada, C, C++, Objective-C, Pascal (and many other languages). Those programs might be executing on the same machine as GDB (native) or on another machine (remote). GDB can run on most popular UNIX and Microsoft Windows variants.
OllyDbg – Free download at http://www.ollydbg.de/
OllyDbg (named after its author, Oleh Yuschuk) is an x86 debugger that emphasizes binary code analysis, which is useful when source code is not available. It traces registers, recognizes procedures, API calls, switches, tables, constants and strings, as well as locates routines from object files and libraries. It has a friendly interface, and its functionality can be extended by third-party plugins. Version 1.10 is the final 1.x release. Version 2.0 was released in June 2010, and OllyDbg has been rewritten from the ground up in this release. The software is free of cost, but the shareware license requires users to register with the author. Also the current version of OllyDbg cannot disassemble binaries compiled for 64-bit processors, though a 64-bit version of the debugger has been promised