Žilinská univerzita > Fakulta riadenia a informatiky > Katedra informačných sietí

Security tools - list

The page provides summarized view of security tools, which we used.





web: http://www.aircrack-ng.org/

Licence: free

Platform: *nux, win

Description: Aircrack-ng is an 802.11 WEP and WPA-PSK keys cracking program that can recover keys once enough data packets have been captured. It implements the standard FMS attack along with some optimizations like KoreK attacks, as well as the all-new PTW attack, thus making the attack much faster compared to other WEP cracking tools.

In fact, Aircrack-ng is a set of tools for auditing wireless networks.


Cain & Abel

web: http://www.oxid.it/cain.html


Platform: win

Description: Cain & Abel is a password recovery tool for Microsoft Operating Systems. It allows easy recovery of various kind of passwords by sniffing the network, cracking encrypted passwords using Dictionary, Brute-Force and Cryptanalysis attacks, recording VoIP conversations, decoding scrambled passwords, recovering wireless network keys, revealing password boxes, uncovering cached passwords and analyzing routing protocols.



web: http://www.colasoft.com/
Licence: There is a Capsa Free and also commercial versions (Capsa WiFi, Capsa Pro, Capsa Enterprise)

Platform: win

Description: Capsa Free Edition is a network traffic analyzer ( Packet Sniffer ) for Windows. 



web: openmaniak.com/cdp.php

Licence: free

Platform: Linux

Description: Tool, that enable CDP protocol on linux.


web: http://www.tamos.com/products/commview/

License: commercial
Platform: MS Win
Description: CommView is a powerful network monitor and analyzer designed for LAN administrators, security professionals, network programmers, home users…virtually anyone who wants a full picture of the traffic flowing through a PC or LAN segment. Loaded with many user-friendly features, CommView combines performance and flexibility with an ease of use unmatched in the industry.


CryptoTool - Educational Tool for Cryptography

web: http://www.cryptool.de

License: OpenSource
Platform: Any (Exist vesrions in C++ and Java)
Description: CrypTool is a free, open-source e-learning application, used worldwide in the implementation and analysis of cryptographic algorithms. It supports both contemporary teaching methods at schools and universities as well as awareness training for employees and civil servants.




web: http://monkey.org/~dugsong/dsniff/

Licence: Free

Platform: BSD, *nix

Description: dsniff is a collection of tools for network auditing and penetration testing. dsniff, filesnarf, mailsnarf, msgsnarf, urlsnarf, and webspy passively monitor a network for interesting data (passwords, e-mail, files, etc.). arpspoof, dnsspoof, and macof facilitate the interception of network traffic normally unavailable to an attacker (e.g, due to layer-2 switching). sshmitm and webmitm implement active monkey-in-the-middle attacks against redirected SSH and HTTPS sessions by exploiting weak bindings in ad-hoc PKI.



web: included inside of linux distros, http://etherape.sourceforge.net/

Licence: free

Platform: linux

Description: EtherApe is a graphical network monitor for Unix modeled after etherman. Featuring link layer, IP and TCP modes, it displays network activity graphically. Hosts and links change in size with traffic. Color coded protocols display.

It supports Ethernet, FDDI, Token Ring, ISDN, PPP and SLIP devices. It can filter traffic to be shown, and can read traffic from a file as well as live from the network.


www: http://ettercap.sourceforge.net/

Licence: OpenSource

Platform: BSD, *nix

Description: Ettercap is a suite for man in the middle attacks on LAN. It features sniffing of live connections, content filtering on the fly and many other interesting tricks.
It supports active and passive dissection of many protocols (even ciphered ones) and includes many feature for network and host analysis.

Running Ettercap: You need to select a user interface (no default) using -T for Text only, -C for the Ncurses based GUI, or -G for the nice GTK2 interface (thanks Daten...).





web: http://freeworld.thc.org/thc-hydra/

Licence: OpenSource

A very fast network logon cracker which support many different services




web: http://ipgrab.sourceforge.net/

Licence: Open

Platform: *nux

Description: IPgrab is a verbose packet sniffer for UNIX hosts.


web: included inside of linux distros

Licence: free

Platform: linux

Description: iptraf is an ncurses-based IP LAN monitor that generates various network statistics including TCP info, UDP counts, ICMP and OSPF information, Ethernet load info, node stats, IP checksum errors, and others.



web: http://www.phenoelit-us.org/irpas

Licence: free for non commercial

Platform: linux

Description: Set of tools which can be scripted for larger tests while using the protocolsas CDP, IRDP, IGRP, EIGRP (discovery), RIPv1 (discovery), RIPv2 (discovery), OSPF (discovery), HSRP, HCP DORA, ICMP redirects. IRPAS is not a collection of exploits. While several circumstances can lead to a denail of service attack, the tools try to implement routing protocol functionality as described by the papers, therefore enabling the user of these tools (probably you) to design it's own customized attack.
Another nice side effect is that people used to point-and-click attack tools should have some difficulties to use a raw IGRP sender tool.




Notes: Loki is a Python based framework implementing many packet generation and attack modules for Layer 3 protocols, including BGP, LDP, OSPF, VRRP and quite a few others.

Licence: Free

Platform: Linux

Web: https://www.c0decafe.de/loki.html






web: http://ngrep.sourceforge.net/

Licence: free
Platform: *nux, 
Description: Ngrep is a pcap-aware tool that will allow you to specify extended regular expressions to match against data part of packets on the network. Ngrep allow you to specify extended regular or hexadecimal expressions to match against data payloads of packets. It currently recognizes IPv4/6, TCP, UDP, ICMPv4/6, IGMP and Raw across Ethernet, PPP, SLIP, FDDI, Token Ring and null interfaces, and understands BPF filter logic in the same fashion as more common packet sniffing tools, such as tcpdump and snoop.


web: http://nmap.org/


Platform: multiplatform

Description: Nmap ("Network Mapper") is a free and open source utility for network exploration or security auditing.




web: http://oreka.sourceforge.net/



Description: The open source, cross-platform audio stream recording and retrieval system

Oreka is a modular and cross-platform system for recording and retrieval of audio streams.



web: http://www.gotomanage.com/

Licence: free

Platform: windows

Description: Packetyzer provides a Windows user interface for the Ethereal packet capture and dissection library. Ethereal is used by network professionals around the world for troubleshooting, analysis, software and protocol development, and education. Ethereal has all of the standard features expected in a protocol analyzer, and several features not otherwise available.


web: http://packetfactory.openwall.net/projects/packit/

Platform: linux/unix

Description: Packit (Packet toolkit) is a network auditing tool. Its value is derived from its ability to customize, inject, monitor, and manipulate IP traffic. By allowing you to define (spoof) nearly all TCP, UDP, ICMP, IP, ARP, RARP, and Ethernet header options, Packit can be useful in testing firewalls, intrusion detection/prevention systems, port scanning, simulating network traffic, and general TCP/IP auditing. Packit is also an excellent tool for learning TCP/IP.


web: http://code.google.com/p/pyrit/

Licence: free

Platform: multiplatform

Description: Pyrit takes a step ahead in attacking WPA-PSK and WPA2-PSK, the protocols that protect today's public WIFI-airspace. Pyrit's implementation allows to create massive databases, pre-computing part of the WPA/WPA2-PSK authentication phase in a space-time-tradeoff. The performance gain for real-world-attacks is in the range of three orders of magnitude which urges for re-consideration of the protocol's security. Exploiting the computational power of Many-Core- and other platforms through ATI-Stream, Nvidia CUDA, OpenCL and VIA Padlock, it is currently by far the most powerful attack against one of the world's most used security-protocols.



web: http://www.gotomanage.com/

Licence: openSource

Platform: win/linux

Description:RogueScanner is an open source tool focused on device classification and detection of rogue devices. RogueScanner collects information from devices on your network and sends this information securely to the server that uses this evidence to make classification decisions. The central server benefits from being able to look up the evidence that is gathered from devices against all of devices that have ever been identified.



web: http://www.secdev.org/projects/scapy/

Licence: free

Platform: multiplatform

Description: Scapy is a powerful interactive packet manipulation program. It is able to forge or decode packets of a wide number of protocols, send them on the wire, capture them, match requests and replies, and much more. It can easily handle most classical tasks like scanning, tracerouting, probing, unit tests, attacks or network discovery (it can replace hping, 85% of nmap, arpspoof, arp-sk, arping, tcpdump, tethereal, p0f, etc.). It also performs very well at a lot of other specific tasks that most other tools can't handle, like sending invalid frames, injecting your own 802.11 frames, combining technics (VLAN hopping+ARP cache poisoning, VOIP decoding on WEP encrypted channel, ...), 



web:  development cancelled
Licence: free
Description: SiVuS is the first publicly available vulnerability scanner for VoIP networks that use the SIP protocol. It provides powerful features to assess the security and robustness of VoIP implementations and it is used by VoIP product vendors, security consultants, network architects, researchers and students. We encourage our community to provide us with feedback so we can enhance the current implementation and support the efforts to strengthen the security of VoIP networks.




Licence: free



Licence: free
Description: Amap is a next-generation tool for assistingnetwork penetration testing. It performs fast and reliable application protocol detection, independant on the TCP/UDP port they are being bound to.



web: http://ucsniff.sourceforge.net/index.html

Licence: free

Platform: Lin/Win

Description: UCSniff is a VoIP/UC Sniffer / Assessment / Pentest tool with some useful new features, such as IP Video Sniffing. UCSniff is a Proof of Concept tool to demonstrate the risk of unauthorized recording of VoIP and Video - it can help you understand who can eavesdrop, and from what parts of your network.



web: http://ucsniff.sourceforge.net/videosnarf.html

Licence: free

Platform: Lin/Win

Description: VideoSnarf is a new security assessment tool that takes an offline pcap as input, and outputs any detected media streams (RTP sessions), including common audio codecs as well as H264 Video support.



web: http://www.winpcap.org/windump/

Licence: free

Platform: Win

Description: WinDump is the Windows version of tcpdump, the command line network analyzer for UNIX. WinDump is fully compatible with tcpdump and can be used to watch, diagnose and save to disk network traffic according to various complex rules. It can run under Windows 95, 98, ME, NT, 2000, XP, 2003 and Vista. WinDump captures using theWinPcap library and drivers, which are freely downloadable from the WinPcap.org website.


web: http://www.wireshark.org/

Licence: free

Platform: multiplatform

Description: Wireshark® is a network protocol analyzer. It lets you capture and interactively browse the traffic running on a computer network. It has a rich and powerful feature set and is world's most popular tool of its kind. It runs on most computing platforms including Windows, OS X, Linux, and UNIX. Network professionals, security experts, developers, and educators around the world use it regularly. It is freely available as open source, and is released under the GNU General Public License version 2.




web: http://www.yersinia.net/

Licence: free

Platform: BSD, *nix, Mac, Solaris

Description: Yersinia is a network tool designed to take advantage of some weakeness in different network protocols. It pretends to be a solid framework for analyzing and testing the deployed networks and systems