Mac OS

Apple Mac OS X

Kismet

Kismet is a pretty decent tool to have in your wireless arsenal.
It's mostly used for identifying wireless networks in the area and gaining as much information about them as possible even if the information is not supposed to be available.
This helps drastically when you start to actually attack the network/device with aircrack or something similar, you already have all the information you need.

Feature set:
802.11b, 802.11g, 802.11a, 802.11n sniffing
Standard PCAP file logging (Wireshark, Tcpdump, etc)
Client/Server modular architecture
Multi-card and channel hopping support
Runtime WEP decoding
Tun/Tap virtual network interface drivers for realtime export of packets
Hidden SSID decloaking
Distributed remote sniffing with Kismet drones
XML logging for integration with other tools
Linux, OSX, Windows, and BSD support (devices and drivers permitting)

Ettercap

I believe, ettercap was a tool used a lot more often before things like wireshark and cain and abel came out or at least "got big".
It has support for a lot of different platforms, but it's main job is sniffiing the network and manipulating where the traffic goes or how it gets there thus allowing you to perform MiTM attacks easily. It features filtering just like wireshark and is able to dissect protocols just as well.

Nessus

Nessus has been around for a little more than a little while now and has gone from free to almost free to it's gonna cost ya.
I'm not really sure regarding the newest updates as I haven't used it since it lost it's freedom, but I will say it has plugins for everything under the sun!
It is mainly used for network and server scanning and has the ability to test and create a client/server connection between yourself and the host you're testing with.

Sqlmap

Sqlmap is awesome, that's all you need to know.

It will basically check a website and try or allow you to inject sql query's into the sites backend database.
If successful you could use it to dump all information in said name database that you are looking at.
This can include but is not limited to: usernames, passwords, email addresses, customer information, etc.. etc...
Sqlmap is also able to be used or integrated with a variety of other applications and attacks such as using it in combination with metasploit and possibly even nikto or nmap would yield great results. =]

FYI... this really great when they happen to be running an ldap server and the usernames are not just for logging into a web application or the database to alter files but are actually for the system itself!

GHBA

GHBA or "Get Host By Address" is a reverse DNS lookup tool that can scan a class B or C network range and determine the correct hostname where a potentially fake/false record could normally be hiding the real name.

As you may have noticed I say this is compatible with all OS's because it's a c program and you should, given enough time, be able to compile it on anything even windows using cygwin!

CANVAS

Immunity's CANVAS makes available hundreds of exploits, an automated exploitation system, and a comprehensive, reliable exploit development framework to penetration testers and security professionals worldwide. To see CANVAS in action please see the movies at immunitysec.com

Supported Platforms and Installations
Windows (requires Python & PyGTK)
Linux
MacOSX (requires PyGTK)
All other Python environments such as mobile phones and commercial Unixes (command line version only supported, GUI may also be available)

Exploits
currently over 400 exploits, an average of 4 exploits added every monthly release
Immunity carefully selects vulnerabilities for inclusion as CANVAS exploits. Top priorities are high-value vulnerabilities such as remote, pre-authentication, and new vulnerabilities in mainstream software.
Exploits span all common platforms and applications

Payload Options
to provide maximum reliability, exploits always attempt to reuse socket
if socket reuse is not suitable, connect-back is used
subsequent MOSDEF session allows arbitrary code execution, and provides a listener shell for common actions (file management, screenshots, etc)
bouncing and split-bouncing automatically available via MOSDEF
adjustable covertness level

Ability to make Custom Exploits
unique MOSDEF development environment allows rapid exploit development

Development
CANVAS is a platform that is designed to allow easy development of other security products. Examples include Gleg, Ltd's VulnDisco and the Argeniss Ultimate 0day Exploits Pack.

Nikto

Nikto is an Open Source (GPL) web server scanner which performs comprehensive tests against web servers for multiple items, including over 3500 potentially dangerous files/CGIs, versions on over 900 servers, and version specific problems on over 250 servers. Scan items and plugins are frequently updated and can be automatically updated (if desired).

Nikto is not designed as an overly stealthy tool. It will test a web server in the shortest timespan possible, and it's fairly obvious in log files. However, there is support for LibWhisker's anti-IDS methods in case you want to give it a try (or test your IDS system).

Not every check is a security problem, though most are. There are some items that are "info only" type checks that look for items that may not have a security flaw, but the webmaster or security engineer may not know are present on the server. These items are usually marked appropriately in the information printed. There are also some checks for unknown items which have been seen scanned for in log files.

DBAN

Short for Darik's Boot and Nuke, is a good utility for securely erasing contents of hard disk.
It uses encryption and re-writing over drives multiple times for a fairly secure deletion which makes it very difficult if not impossible to recover using forensics.

UNetbootin

An application to install an operating system to a flash drive or to a hard disk by either using the pre-downloaded iso file or by downloading the operating system through the application.

AirCrack

Aircrack-ng is an 802.11 WEP and WPA-PSK keys cracking program that can recover keys once enough data packets have been captured. It implements the standard FMS attack along with some optimizations like KoreK attacks, as well as the all-new PTW attack, thus making the attack much faster compared to other WEP cracking tools. In fact, Aircrack-ng is a set of tools for auditing wireless networks.

My Personal Rating: 5/5 Yes there are better ones like AirMagnet But this one is easy to use and free combine it with commview and your well-away

Syndicate content