From ITS Wiki - Information Technology Services - University of Rhode Island

Contents 1 Scanners 1.1 GFI LanGaurd Network Scanner 1.2 G-Lock Port Scanner Tools 1.3 THC Hydra 4.1 1.4 XScan 1.5 OpenVas 1.6 Nessus 1.7 Nmap 1.8 NetStumbler 2 Sysadmin 2.1 Nagios Monitoring 2.2 WinSCP 2.3 TightVNC 2.4 AutoRun 2.5 ElogDump 2.6 KILL 2.7 CMD Win Patch Check 2.8 DCOMbobulator 2.9 MSBA 2.0 2.10 Titan Network tools 3 Auditing 3.1 Wireshark 3.2 Snort 3.3 SysTest 3.4 FPort Vision 3.5 TCPView 3.6 Big Brother 3.7 Malware 3.8 Ad-Aware 3.9 CH Root Kit 3.10 Rootkit Revealer 4 Misc 4.1 FIRE Forensic Tool 4.2 Security Tools Distribution 4.3 Geektools.com 4.4 Netadmintools.com 4.5 Security Tools and Information 4.6 SecurityNews.cc 4.7 NW Tools 4.8 Trusted Source Spam Map 4.9 Else Not Exploits 4.10 Samspade Various Tools 4.11 Cryptcat 4.12 Wayback Machine 4.13 DNSstuff 4.14 File Extension Library 4.15 Active@ KillDisk 4.16 Berlarc 4.17 Dumpsec 4.18 TripWire

Scanners

GFI LanGaurd Network Scanner

http://www.gfi.com
GFI is a leading developer of network security, content security and messaging software. The GFI LANguard Network Security Scanner (N.S.S.) performs network security auditing and patch management (good for 30 days).

G-Lock Port Scanner Tools

http://www.glocksoft.com/trojan_port.htm
Using Port Scanner (Trojan port set) from AATools, you may scan the remote PC in a LAN or via Internet. The AATools Port Scanner will return which TCP or UDP ports are listening.

THC Hydra 4.1

http://www.thc.org/thc-hydra/hydra-4.1-win.zip
Hydra is a parallized login cracker which supports numerous protocols to attack.

XScan

http://www.xfocus.org/programs/
X-Scan is a general network vulnerabilities scanner for scanning network vulnerabilities for specific IP address scope or stand-alone computer by multi-threading method. Plug-ins are supportable and GUI or CUI programs are separately provided.

OpenVas

It's nessus... but not

Nessus

http://www.nessus.org/download/
Nessus - System Security Scanner for Unix and Windows.

Nmap

http://www.insecure.org/nmap/
Nmap ("Network Mapper") is an open source utility for network exploration or security auditing. It was designed to rapidly scan large networks, although it works fine against single hosts. Nmap uses raw IP packets in novel ways to determine what hosts are available on the network, what services (ports) they are offering, what operating system (and OS version) they are running, what type of packet filters/firewalls are in use, and dozens of other characteristics.

NetStumbler

http://www.netstumbler.com/downloads/
Wireless WiFi Scanner.

Sysadmin

Nagios Monitoring

http://www.nagios.org/
Nagios is a host and service monitor designed to inform you of network problems before your clients, end-users or managers do. It has been designed to run under the Linux operating system, but works fine under most *NIX variants as well.

WinSCP

http://www.uri.edu/security/app/winscp.exe
Freeware SFTP Client.

TightVNC

http://sourceforge.net/projects/vnc-tight/
Remote Desktop Utility Unix/Windows.

AutoRun

http://www.sysinternals.com/Utilities/Autoruns.html
Checks the registry/startup menu for startup programs.

ElogDump

http://www.uri.edu/security/app/elogdmp.exe
Microsoft Event Viewer file dump.

KILL

http://www.dynawell.com/support/ResKit/download/wntkill.asp
Kill a proccess ID from Windows Task Manager.

CMD Win Patch Check

http://hfnetchk.shavlik.com/default.asp
HFNetChk.exe is the multi-threaded command-line tool you can use to assess a computer or selected group of computers for the absence of security patches.

DCOMbobulator

http://www.grc.com/dcom/
Removes DCOM.

MSBA 2.0

http://www.microsoft.com/technet/security/tools/mbsahome.mspx
Microsoft Baseline Security Analyzer Version 2.0

Titan Network tools

[1] Whois, network mapper, mac vendor lookup, port scanner, and more.

Auditing

Wireshark

http://www.wireshark.org/download/
Wireshark is a free network protocol analyzer for Unix and Windows. It allows you to examine data from a live network or from a capture file on disk. You can interactively browse the capture data, viewing summary and detail information for each packet. Wireshark has several powerful features, including a rich display filter language and the ability to view the reconstructed stream of a TCP session.

Snort

• http://www.snort.org
• http://www.winsnort.com/modules.php?op=modload&name=Downloads&file=index

Snort is a lightweight network intrusion detection system, capable of performing real-time traffic analysis and packet logging on IP networks. This is the software package that is used to gather information form the network.

SysTest

http://www.uri.edu/security/app/systest.bat
URI Homemade self-help .bat system auditing file.

FPort Vision

http://www.foundstone.com/index.htm?subnav=resources/navigation.htm&subcontent=/resources/proddesc/fport.htm
FoundStone's FPort reports all open TCP/IP and UDP ports and maps them to the owning application. This is the same information you would see using the 'netstat -an' command, but it also maps those ports to running processes with the PID, process name and path. Fport can be used to quickly identify unknown open ports and their associated applications.

TCPView

http://www.sysinternals.com/Utilities/TcpView.html
See all open TCP and UDP endpoints. On Windows NT, 2000 and XP TCPView even displays the name of the process that owns each endpoint. Full source to the command-line version of this tool, netstatp, is included.

Big Brother

http://bb4.org/download.html
Big Brother monitors System and Network-delivered services for availability. Your current network status is displayed on a color-coded web page in near-real time. When problems are detected, you're immediately notified by e-mail, pager, or text messaging.

Malware

Ad-Aware

http://www.lavasoftusa.com/support/download/
Anti-Tracking Web Browsing / Anti-Spyware.

CH Root Kit

http://www.chkrootkit.org/download/
Determine if Root Kits are installed.

Rootkit Revealer

http://www.sysinternals.com/ntw2k/freeware/rootkitreveal.shtml
RootkitRevealer is an advanced rootkit detection utility. It runs on Windows NT 4 and higher and its output lists Registry and file system API discrepancies that may indicate the presence of a user-mode or kernel-mode rootkit.

Misc

FIRE Forensic Tool

http://fire.dmzs.com/
FIRE is a portable bootable cdrom based distribution with the goal of providing an immediate environment to perform forensic analysis, incident response, data recovery, virus scanning and vulnerability assessment.

Security Tools Distribution

http://s-t-d.org/
STD is a Linux-based Security Tool which comprises hundreds of open source security tools. It runs from a bootable CD in memory without changing the native operating system of the host computer. Its sole purpose is to put as many security tools at your disposal with as slick an interface as possible.

Geektools.com

http://www.geektools.com/
A simple site that keeps track of tools such as traceroute and whois. Also includes calculators, third-party software, and spam tools.

Netadmintools.com

http://www.netadmintools.com/
Net Admin Tools fixes systems for technical reasons, but also aims to create a safer world for information storage, manipulation, and transmission. Provides an RSS feed.

Security Tools and Information

http://www.ebcvg.com/
IT Observer is an independently owned information technology portal started in 2000 by IT and security experts in order to facilitate discussion on various network technology topics, promote network security awareness and provide comprehensive and helpful database of related information.

SecurityNews.cc

http://www.securitynews.cc/
Here you will find resources such as free antivirus software and network monitoring tools, free ip address, and other trojan port scanning and removal tools. SecurityNews also publishes security news daily, including information about spyware, firewall, antivirus and how to guard your privacy.

NW Tools

http://www.nwtools.com/
This site provides lookup tools, such as ping, trace, and whois. Users can also search vendors by keyword.

Trusted Source Spam Map

http://www.trustedsource.org/
The TrustedSource Portal data is powered by CipherTrust's TrustedSource global threat correlation engine. In addition to general ISP spam data, which is largely consumer centric, TrustedSource receives and analyzes billions of messages per month from CipherTrust's network of more than 4000 IronMail Gateway appliances deployed globally.

Else Not Exploits

http://elsenot.com/
The goal of elsenot is to find the public exploits for Microsoft Security Bulletins. The ElseNot Project is updated every patch Tuesdays... or whenever I have time.

Samspade Various Tools

http://samspade.org/
This site provides tools such as Address Digger, Whois, Reverse DNS, Traceroute, and more.

Cryptcat

http://farm9.org/Cryptcat/
Cryptcat is the standard netcat enhanced with twofish encryption with ports for WIndows NT, BSD and Linux. Twofish is courtesy of counterpane, and cryptix.

Wayback Machine

http://www.archive.org/
The Internet Archive is a 501(c)(3) non-profit that was founded to build an 'Internet library,' with the purpose of offering permanent access for researchers, historians, and scholars to historical collections that exist in digital format.

DNSstuff

http://www.dnsstuff.com/
This site has many DNS, networking, and domain registration tools for network administrators, domain owners, users of hosted DNS services, etc. There is no cost for using this site.

File Extension Library

http://filext.com/
FILExt is a database of file extensions and the various programs that use them. If you know the file extension you want to learn about, simply enter it into the search box. If it's in any of the FILExt databases, the data on that file extension will be shown on a results page.

Active@ KillDisk

http://www.killdisk.com/downloadfree.htm
This hard drive eraser is powerful and compact DOS software that allows you to destroy all data on hard and floppy drives completely, excluding any possibility of future recovery of deleted files and folders. It's a hard drive and partition eraser utility.

Berlarc

http://www.belarc.com/Programs/advisor.exe
The Belarc Advisor builds a detailed profile of your installed software and hardware, including Microsoft Hotfixes, and displays the results in your Web browser. All of your PC profile information is kept private on your PC and is not sent to any web server.

Dumpsec

http://www.somarsoft.com/
DumpSec is a security auditing program for Microsoft Windows NT/2000. It dumps the permissions (DACLs) and audit settings (SACLs) for the file system, registry, printers and shares.

TripWire

http://www.tripwire.com/resources/updates/index.cfm
Tripwire for Network Devices assures the integrity and Security of routers, switches and firewalls that run your business-critical networks, ensuring maximum system uptime and minimal business risk.