List of Security Tools Available in Ubuntu

Sponsored Link
The Ubuntu repositories contain several useful tools for maintaining a secure network and network administration.This security tools include network scanning,attack detection,Virus Detection etc.

1) Wireshark -- network traffic analyzer

Wireshark is a network traffic analyzer, or "sniffer", for Unix and Unix-like operating systems. A sniffer is a tool used to capture packets off the wire. Wireshark decodes numerous protocols (too many to list).This package provides wireshark (the GTK+ version)

Install Wireshark in Ubuntu

sudo aptitude install wireshark

2) Nessus -- Remote network security auditor

The Nessus® vulnerability scanner, is the world-leader in active scanners, featuring high speed discovery, configuration auditing, asset profiling, sensitive data discovery and vulnerability analysis of your security posture. Nessus scanners can be distributed throughout an entire enterprise, inside DMZs, and across physically separate networks.

Install nessus in ubuntu

sudo aptitude install nessus

3) Nmap -- The Network Mapper

Nmap ("Network Mapper") is a free and open source (license) utility for network exploration or security auditing. Many systems and network administrators also find it useful for tasks such as network inventory, managing service upgrade schedules, and monitoring host or service uptime. Nmap uses raw IP packets in novel ways to determine what hosts are available on the network, what services (application name and version) those hosts are offering, what operating systems (and OS versions) they are running, what type of packet filters/firewalls are in use, and dozens of other characteristics. It was designed to rapidly scan large networks, but works fine against single hosts. Nmap runs on all major computer operating systems, and both console and graphical versions are available.

Install nmap ubuntu

sudo aptitude install nmap

If you want nmap frontend install the following package

sudo aptitude install zenmap

4) Etherape -- graphical network monitor modeled after etherman

EtherApe is a graphical network monitor for Unix modeled after etherman. Featuring link layer, ip and TCP modes, it displays network activity graphically. Hosts and links change in size with traffic. Color coded protocols display.It supports Ethernet, FDDI, Token Ring, ISDN, PPP and SLIP devices. It can filter traffic to be shown, and can read traffic from a file as well as live from the network.

Install Etherape in ubuntu

sudo aptitude install etherape

5) Kismet -- Wireless 802.11b monitoring tool

Kismet is an 802.11 layer2 wireless network detector, sniffer, and intrusion detection system. Kismet will work with any wireless card which supports raw monitoring (rfmon) mode, and can sniff 802.11b, 802.11a, and 802.11g traffic.

Kismet identifies networks by passively collecting packets and detecting standard named networks, detecting (and given time, decloaking) hidden networks, and infering the presence of nonbeaconing networks via data traffic.

Install Kismet in ubuntu

sudo aptitude install kismet

6) Chkrootkit -- Checks for signs of rootkits on the local system

chkrootkit identifies whether the target computer is infected with a rootkit. Some of the rootkits that chkrootkit identifies are:

1. lrk3, lrk4, lrk5, lrk6 (and some variants);
2. Solaris rootkit;
3. FreeBSD rootkit;
4. t0rn (including latest variant);
5. Ambient's Rootkit for Linux (ARK);
6. Ramen Worm;
7. rh[67]-shaper;
8. RSHA;
9. Romanian rootkit;
10. RK17;
11. Lion Worm;
12. Adore Worm.

Please note that this is not a definitive test, it does not ensure that the target has not been cracked. In addition to running chkrootkit, one should perform more specific tests.

Install chkrootkit in ubuntu

sudo aptitude install chkrootkit

7) Rkhunter -- rootkit, backdoor, sniffer and exploit scanner

Rootkit Hunter scans systems for known and unknown rootkits, backdoors, sniffers and exploits.

It checks for:

-- MD5 hash changes;
-- files commonly created by rootkits;
-- executables with anomalous file permissions;
-- suspicious strings in kernel modules;
-- hidden files in system directories;

and can optionally scan within files. Using rkhunter alone does not guarantee that a system is not compromised. Running additional tests, such as chkrootkit, is recommended.

Install rkhunter in ubuntu

sudo aptitude install rkhunter

8) tiger -- Report system security vulnerabilities

TIGER, or the ‘tiger' scripts, is a set of Bourne shell scripts, C programs and data files which are used to perform a security audit of UNIX systems. TIGER has one primary goal: report ways ‘root' can be compromised.Debian's TIGER incorporates new checks primarily oriented towards Debian distribution including: md5sums checks of installed files, location of files not belonging to packages, check of security advisories and analysis of local listening processes.

Install tiger in ubuntu

sudo aptitude install tiger

9) GnuPG -- GNU privacy guard

GnuPG is GNU's tool for secure communication and data storage. It can be used to encrypt data and to create digital signatures. It includes an advanced key management facility and is compliant with the proposed OpenPGP Internet standard as described in RFC2440.GnuPG does not use any patented algorithms so it cannot be compatible with PGP2 because it uses IDEA (which is patented worldwide).

Install gnupg in Ubuntu

sudo aptitude install gnupg

If you want gnupg GUI tool use this

Seahorse -- A Gnome front end for GnuPG

Seahorse is a GNOME application for managing encryption keys. It also integrates with nautilus, gedit and other places for encryption operations.

Install seahorse in ubuntu

sudo aptitude install seahorse

10) Nemesis -- TCP/IP Packet Injection Suite

Nemesis is a command-line network packet crafting and injection utility for UNIX-like and Windows systems. Nemesis, is well suited for testing Network Intrusion Detection Systems, firewalls, IP stacks and a variety of other tasks. As a command-line driven utility, Nemesis is perfect for automation and scripting.

Nemesis can natively craft and inject ARP, DNS, ETHERNET, ICMP, IGMP, IP, OSPF, RIP, TCP and UDP packets. Using the IP and the Ethernet injection modes, almost any custom packet can be crafted and injected.

Install nemesis in ubuntu

sudo aptitude install nemesis

11) Tcpdump -- A powerful tool for network monitoring and data acquisition

This program allows you to dump the traffic on a network. tcpdump is able to examine IPv4, ICMPv4, IPv6, ICMPv6, UDP, TCP, SNMP, AFS BGP, RIP, PIM, DVMRP, IGMP, SMB, OSPF, NFS and many other packet types.
It can be used to print out the headers of packets on a network interface, filter packets that match a certain expression. You can use this tool to track down network problems, to detect "ping attacks" or to monitor network activities.

Install tcpdump in ubuntu

sudo aptitude install tcpdump

12) OpenSSH -- secure shell server

This is the portable version of OpenSSH, a free implementation of the Secure Shell protocol as specified by the IETF secsh working group.Ssh (Secure Shell) is a program for logging into a remote machine and for executing commands on a remote machine. It provides secure encrypted communications between two untrusted hosts over an insecure network. X11 connections and arbitrary TCP/IP ports can also be forwarded over the secure channel. It is intended as a replacement for rlogin, rsh and rcp, and can be used to provide applications with a secure communication channel.This package provides the sshd server.
In some countries it may be illegal to use any encryption at all without a special permit.

Install Openssh server in ubuntu

sudo aptitude install openssh-server

13) Denyhosts -- an utility to help sys admins thwart ssh hackers

DenyHosts is a program that automatically blocks ssh brute-force attacks by adding entries to /etc/hosts.deny. It will also inform Linux administrators about offending hosts, attacked users and suspicious logins.Syncronization with a central server is possible too.
Differently from other software that do same work, denyhosts doesn't need support for packet filtering or any other kind of firewall in your kernel

Install Denyhosts server in ubuntu

sudo aptitude install denyhosts

14) Snort -- Flexible Network Intrusion Detection System

Snort is a libpcap-based packet sniffer/logger which can be used as a lightweight network intrusion detection system. It features rules based logging and can perform content searching/matching in addition to being used to detect a variety of other attacks and probes, such as buffer overflows, stealth port scans, CGI attacks, SMB probes, and much more. Snort has a real-time alerting capability, with alerts being sent to syslog, a separate "alert" file, or even to a Windows computer via Samba.
This package provides the plain-vanilla snort distribution and does not provide database (available in snort-pgsql and snort-mysql) support.

Install snort in ubuntu

sudo aptitude install snort

15) Firestarter -- gtk program for managing and observing your firewall

Firestarter is a complete firewall tool for Linux machines. It features an easy to use firewall wizard to quickly create a firewall. Using the program you can then open and close ports with a few clicks, or stealth your machine giving access only to a select few. The real-time hit monitor shows attackers probing your machine.

Install firestarter in ubuntu

sudo aptitude install firestarter

16) clamav -- anti-virus utility for Unix -- command-line interface

Clam AntiVirus is an anti-virus toolkit for Unix. The main purpose of this software is the integration with mail servers (attachment scanning). The package provides a flexible and scalable multi-threaded daemon in the clamav-daemon package, a command-line scanner in the clamav package, and a tool for automatic updating via the Internet in the clamav-freshclam package. The programs are based on libclamav3, which can be used by other software.

This package contains the command line interface. Features:

-- built-in support for various archive formats, including Zip, RAR, Tar,
Gzip, Bzip2, OLE2, Cabinet, CHM, BinHex, SIS and others;
-- built-in support for almost all mail file formats;
-- built-in support for ELF executables and Portable Executable files
compressed with UPX, FSG, Petite, NsPack, wwpack32, MEW, Upack and
obfuscated with SUE, Y0da Cryptor and others;
-- built-in support for popular document formats including Microsoft
Office and Mac Office files, HTML, RTF and PDF.

For scanning to work, a virus database is needed. There are two options for getting it:

-- clamav-freshclam: updates the database from Internet. This is
recommended with Internet access.
-- clamav-data: for users without Internet access. The package is
not updated once installed. The clamav-getfiles package allows
creating custom packages from an Internet-connected computer.

Install Clamav in ubuntu

sudo aptitude install clamav

17) Ettercap -- Multipurpose sniffer/interceptor/logger for switched LAN

Ettercap supports active and passive dissection of many protocols (even ciphered ones) and includes many feature for network and host analysis.Data injection in an established connection and filtering (substitute or drop a packet) on the fly is also possible, keeping the connection synchronized.

Many sniffing modes were implemented to give you a powerful and complete sniffing suite. It's possible to sniff in four modes: IP Based, MAC Based, ARP Based (full-duplex) and PublicARP Based (half-duplex).
It has the ability to check whether you are in a switched LAN or not, and to use OS fingerprints (active or passive) to let you know the geometry of the LAN.

Install ettercap in ubuntu

sudo aptitude install ettercap

If you want to install ettercap GUI install following package

sudo aptitude install ettercap-gtk

18) Netcat -- TCP/IP swiss army knife

A simple Unix utility which reads and writes data across network connections using TCP or UDP protocol. It is designed to be a reliable "back-end" tool that can be used directly or easily driven by other programs and scripts. At the same time it is a feature-rich network debugging and exploration tool, since it can create almost any kind of connection you would need and has several interesting built-in capabilities.

Install netcat in ubuntu

sudo aptitude install netcat

19) MTR -- mtr combines the functionality of the ‘traceroute' and ‘ping' programs in a single network diagnostic tool.

As mtr starts, it investigates the network connection between the host mtr runs on and a user-specified destination host. After it determines the address of each network hop between the machines, it sends a sequence ICMP ECHO requests to each one to determine the quality of the link to each machine. As it does this, it prints running statistics about each machine.

Install mtr in ubuntu

Download .deb package from here

dpkg -i mtr_0.39-1.deb

20) Hping3 -- Active Network Smashing Tool

hping3 is a network tool able to send custom ICMP/UDP/TCP packets and to display target replies like ping does with ICMP replies. It handles fragmentation and arbitrary packet body and size, and can be used to transfer files under supported protocols. Using hping3, you can test firewall rules, perform (spoofed) port scanning, test network performance using different protocols, do path MTU discovery, perform traceroute-like actions under different protocols, fingerprint remote operating systems, audit TCP/IP stacks, etc. hping3 is scriptable using the TCL language.

Install hping3 in ubuntu

sudo aptitude install hping3

21) ngrep -- grep for network traffic

ngrep strives to provide most of GNU grep's common features, applying them to the network layer. ngrep is a pcap-aware tool that will allow you to specify extended regular expressions to match against data payloads of packets. It currently recognizes TCP, UDP and ICMP across Ethernet, PPP, SLIP and null interfaces, and understands bpf filter logic in the same fashion as more common packet sniffing tools, such as tcpdump and snoop.

Install ngrep in ubuntu

sudo aptitude install ngrep

22) john -- active password cracking tool

john, mostly known as John the Ripper, is a tool designed to help systems administrators to find weak (easy to guess or crack through brute force) passwords, and even automatically mail users warning them about it, if it is desired.
It can also be used with different cyphertext formats, including Unix's DES and MD5, Kerberos AFS passwords, Windows' LM hashes, BSDI's extended DES, and OpenBSD's Blowfish.

Install john in ubuntu

sudo aptitude install john

23) tcptrace -- Tool for analyzing tcpdump output

Tcptrace is a tool for analyzing and reporting on tcpdump (or other libpcap) dump files. It can summarize the data or generate graph data for use with the gnuplot tool from the gnuplot package. Graph data can be created for throughput, RTT, time sequences, segment size, and cwin.

Install tcptrace in ubuntu

sudo aptitude install tcptrace

24) netdude -- NETwork DUmp data Displayer and Editor for tcpdump trace files

It is a GUI-based tool that allows you to make detailed changes to packets in tcpdump trace files, in particular, it can currently do the following:

* Set the value of any field in IP, TCP and UDP packet headers.
* Copy, move and delete packets in the trace file.
* Fragment and reassemble IP packets.
* Netdude constantly communicates with a tcpdump process to update
the familiar tcpdump output that corresponds to the trace. This
also means that any changes made to your local version of tcpdump
are reflected in Netdude.
* Plugin architecture: people can easily add plugins for specific
tasks. The code comes with a plugin for checksum correction in IP,
TCP and UDP, and a dummy plugin.
* Through the plugin mechanism, Netdude provides a good facility for
writing tcpdump trace file filters.

Install netdude in ubuntu

sudo aptitude install netdude

25) tcpreplay -- Tool to replay saved tcpdump files at arbitrary speeds

Tcpreplay is aimed at testing the performance of a NIDS by replaying real background network traffic in which to hide attacks. Tcpreplay allows you to control the speed at which the traffic is replayed, and can replay arbitrary tcpdump traces. Unlike programmatically-generated artificial traffic which doesn't exercise the application/protocol inspection that a NIDS performs, and doesn't reproduce the real-world anomalies that appear on production networks (asymmetric routes, traffic bursts/lulls, fragmentation, retransmissions, etc.), tcpreplay allows for exact replication of real traffic seen on real networks.

Install tcpreplay in ubuntu

sudo aptitude install tcpreplay

26) Dsniff -- Various tools to sniff network traffic for cleartext insecurities

This package contains several tools to listen to and create network traffic:

* arpspoof -- Send out unrequested (and possibly forged) arp replies.
* dnsspoof -- forge replies to arbitrary DNS address / pointer queries
on the Local Area Network.
* dsniff -- password sniffer for several protocols.
* filesnarf -- saves selected files sniffed from NFS traffic.
* macof -- flood the local network with random MAC addresses.
* mailsnarf -- sniffs mail on the LAN and stores it in mbox format.
* msgsnarf -- record selected messages from different Instant Messengers.
* sshmitm -- SSH monkey-in-the-middle. proxies and sniffs SSH traffic.
* sshow -- SSH traffic analyser.
* tcpkill -- kills specified in-progress TCP connections.
* tcpnice -- slow down specified TCP connections via "active"
traffic shaping.
* urlsnarf -- output selected URLs sniffed from HTTP traffic in CLF.
* webmitm -- HTTP / HTTPS monkey-in-the-middle. transparently proxies.
* webspy -- sends URLs sniffed from a client to your local browser
(requires libx11-6 installed).

Install dsniff ubuntu

sudo aptitude install dsniff

27) scapy -- Packet generator/sniffer and network scanner/discovery

Scapy is a powerful interactive packet manipulation tool, packet generator, network scanner, network discovery, packet sniffer, etc. It can for the moment replace hping, 85% of nmap, arpspoof, arp-sk, arping, tcpdump, tethereal, p0f, ....
In scapy you define a set of packets, then it sends them, receives answers, matches requests with answers and returns a list of packet couples (request, answer) and a list of unmatched packets. This has the big advantage over tools like nmap or hping that an answer is not reduced to (open/closed/filtered), but is the whole packet.

Install scapy in ubuntu

sudo aptitude install scapy

28) Ntop -- display network usage in top-like format

ntop is a Network Top program. It displays a summary of network usage by machines on your network in a format reminiscent of the unix top utility.It can also be run in web mode, which allows the display to be browsed with a web browser.

Install ntop in ubuntu

sudo aptitude install ntop

29) NBTscan -- A program for scanning networks for NetBIOS name information

NBTscan is a program for scanning IP networks for NetBIOS name information. It sends NetBIOS status query to each address in supplied range and lists received information in human readable form. For each responded host it lists IP address, NetBIOS computer name, logged-in user name and MAC address (such as Ethernet).

Install nbtscan in ubuntu

sudo aptitude install nbtscan

30) tripwire -- file and directory integrity checker

Tripwire is a tool that aids system administrators and users in monitoring a designated set of files for any changes. Used with system files on a regular (e.g., daily) basis, Tripwire can notify system administrators of corrupted or tampered files, so damage control measures can be taken in a timely manner.

Install tripwire ubuntu

sudo aptitude install tripwire

Sponsored Link

You may also like...

25 Responses

  1. kh says:

    Great article! – very complete list of tools

  2. John says:

    I think it’s also worth mentioning “arp-scan”, a really efficient program that uses the ARP protocol for scanning an entire LAN for hosts that are up. I’ve found from experience that it’s important to use ARP rather than a simple ICMP ping scan or similar for host discovery because so many computers have firewalls that block simple ping requests.

    One of the features I like about arp-scan is that you can send out multiple requests to all hosts, because again I’ve learned from experience that some computers (running Windows notably) don’t always reliably reply to a single ARP request. So even though Nmap and some of the other programs you mention can send ARP requests, I don’t think they are as easy to configure for sending multiple ARP requests AND also being able to control the time interval at which it happens.

    Thanks for the fantastic list!

  3. BeyondRandom says:

    Great list of tools! Thanks alot

  4. JTB says:

    Real good articel.
    The security list on this page/in this article are the most complete i have ever seen on any pages.

    Great job “admin”.

  5. headlice says:

    This is awesome. Now the bigger task…..learning how to use all of this stuff….

  6. jayson rulo says:

    how do you get john and chkrootkit to run?

  7. kecsi says:

    you can add “fail2ban” – useful daemon against brute force attack

  8. abhijeet says:

    thanks man. quite a lot of information. keep up adding other security tools to u r list….

  9. DDRFreak says:

    You might want to consider adding “apt:” links. I’m a big fan of apt-install so that you can click a link to get the install prompt.

  10. Praveen says:

    Thanks!! It was a very useful post.

  11. 45MAC10 says:

    great list, but missing quite a lot of *very* useful tools, aircrack-ng suite for one. just the airmon-ng utility and the airodump-ng tool are invaluable if pentesting. I would also highly recommend the following:
    * 1.1.1 0trace 0.01
    * 1.1.2 Ass
    * 1.1.3 dig
    * 1.1.4 DMitry
    * 1.1.5 DNS-Ptr
    * 1.1.6 dnstracer 1.5
    * 1.1.7 dnswalk
    * 1.1.8 dns-bruteforce
    * 1.1.9 dnsenum
    * 1.1.10 dnsmap
    * 1.1.11 DNSPredict
    * 1.1.12 Finger Google
    * 1.1.13 Firewalk
    * 1.1.14 Fport 2.0 (Windows Executable)
    * 1.1.15 Goog Mail Enum
    * 1.1.16 Google-search
    * 1.1.17 Googrape
    * 1.1.18 Gooscan
    * 1.1.19 Host
    * 1.1.20 InTrace 1.3
    * 1.1.21 Itrace
    * 1.1.22 Maltego 2.0
    * 1.1.23 Metagoofil 1.4
    * 1.1.24 Mbenum 1.5.0 (Windows Executable)
    * 1.1.25 Netenum
    * 1.1.26 Netmask
    * 1.1.27 Nmbscan 1.2.4
    * 1.1.28 Protos
    * 1.1.29 PsTools (Windows Executables)
    o PsInfo
    o PsFile
    o PsList
    o PsGetSID
    o PsLoggedOn
    o PsLogList
    * 1.1.30 PStoreView 1.0 (Windows Binary)
    * 1.1.31 QGoogle
    * 1.1.32 Relay Scanner
    * 1.1.33 SMTP-Vrfy
    * 1.1.34 Subdomainer 1.3
    * 1.1.35 TCPtraceroute 1.5beta7
    * 1.1.36 TCtrace
    * 1.1.37 Whoami (Windows Executable)

    # 1.2 Network Mapping

    * 1.2.1 Amap 5.2
    * 1.2.2 Angry IP Scanner (ipscan) 3.0-beta3
    * 1.2.3 Autoscan 0.99_R1
    * 1.2.4 Fierce 0.9.9 beta 03/24/07
    * 1.2.5 Fping
    * 1.2.6 Genlist
    * 1.2.7 Hping
    * 1.2.8 Hping2 2.0.0-rc3
    * 1.2.9 Hping3 3.0.0-alpha-1
    * 1.2.10 IKE-Scan
    * 1.2.11 IKEProbe
    * 1.2.12 Netcat 0.7.1
    * 1.2.13 Netdiscover
    * 1.2.14 Nmap
    * 1.2.15 NmapFE
    * 1.2.16 P0f
    * 1.2.17 PSK-Crack
    * 1.2.18 Ping
    * 1.2.19 Protos
    * 1.2.20 ScanLine 1.01 (Windows Executable)
    * 1.2.21 Scanrand
    * 1.2.22 SinFP
    * 1.2.23 Umit
    * 1.2.24 UnicornScan
    * 1.2.25 UnicornScan pgsql 0.4.6e module version 1.03
    * 1.2.26 XProbe2
    * 1.2.27 PBNJ 2.04
    o OutputPBNJ
    o ScanPBNJ
    * 1.2.28 Zenmap 4.60

    # 1.3 Vulnerability Identification

    * 1.3.1 Absinthe
    * 1.3.2 Bed
    * 1.3.3 CIRT Fuzzer
    * 1.3.4 Checkpwd
    * 1.3.5 Cisco Auditing Tool
    * 1.3.6 Cisco Enable Bruteforcer
    * 1.3.7 Cisco Global Exploiter
    * 1.3.8 Cisco OCS Mass Scanner
    * 1.3.9 Cisco Scanner
    * 1.3.10 Cisco Torch
    * 1.3.11 Curl
    * 1.3.12 Fuzzer 1.2
    * 1.3.13 GFI LanGuard 2.0
    * 1.3.14 GetSids
    * 1.3.15 HTTP PUT
    * 1.3.16 Halberd
    * 1.3.17 Httprint
    * 1.3.18 Httprint GUI
    * 1.3.19 ISR-Form
    * 1.3.20 Jbrofuzz
    * 1.3.21 List-Urls
    * 1.3.22 Lynx
    * 1.3.23 Merge Router Config
    * 1.3.24 Metacoretex
    * 1.3.25 Metoscan
    * 1.3.26 Mezcal HTTP/S
    * 1.3.27 Mibble MIB Browser
    * 1.3.28 Mistress
    * 1.3.29 Nikto
    * 1.3.30 OAT
    * 1.3.31 Onesixtyone
    * 1.3.32 OpenSSL-Scanner
    * 1.3.33 Paros Proxy
    * 1.3.34 Peach
    * 1.3.35 RPCDump
    * 1.3.36 RevHosts
    * 1.3.37 SMB Bruteforcer
    * 1.3.38 SMB Client
    * 1.3.39 SMB Serverscan
    * 1.3.40 SMB-NAT
    * 1.3.41 SMBdumpusers
    * 1.3.42 SMBgetserverinfo
    * 1.3.43 SNMP Scanner
    * 1.3.44 SNMP Walk
    * 1.3.45 SQL Inject
    * 1.3.46 SQL Scanner
    * 1.3.47 SQLLibf
    * 1.3.48 SQLbrute
    * 1.3.49 Sidguess
    * 1.3.50 Smb4K
    * 1.3.51 Snmpcheck
    * 1.3.52 Snmp Enum
    * 1.3.53 Spike
    * 1.3.54 Stompy
    * 1.3.55 SuperScan
    * 1.3.56 TNScmd
    * 1.3.57 Taof
    * 1.3.58 VNC_bypauth
    * 1.3.59 Wapiti
    * 1.3.60 Yersinia
    * 1.3.61 sqlanlz
    * 1.3.62 sqldict
    * 1.3.63 sqldumplogins
    * 1.3.64 sqlquery
    * 1.3.65 sqlupload

    # 1.4 Penetration

    * 1.4.1 Framework3-MsfC
    * 1.4.2 Framework3-MsfUpdate
    * 1.4.3 Framework3-Msfcli
    * 1.4.4 Framework3-Msfweb
    * 1.4.5 Init Pgsql (autopwn)
    * 1.4.6 Milw0rm Archive
    * 1.4.7 MsfCli
    * 1.4.8 MsfConsole
    * 1.4.9 MsfUpdate
    * 1.4.10 OpenSSL-To-Open
    * 1.4.11 Pirana
    * 1.4.12 Update Milw0rm

    # 1.5 Privilege Escalation

    * 1.5.1 Ascend attacker
    * 1.5.2 CDP Spoofer
    * 1.5.3 Cisco Enable Bruteforcer
    * 1.5.4 Crunch Dictgen
    * 1.5.5 DHCPX Flooder
    * 1.5.6 DNSspoof
    * 1.5.7 Driftnet
    * 1.5.8 Dsniff
    * 1.5.9 Etherape
    * 1.5.10 EtterCap
    * 1.5.11 File2Cable
    * 1.5.12 HSRP Spoofer
    * 1.5.13 Hash Collision
    * 1.5.14 Httpcapture
    * 1.5.15 Hydra
    * 1.5.16 Hydra GTK
    * 1.5.17 ICMP Redirect
    * 1.5.18 ICMPush
    * 1.5.19 IGRP Spoofer
    * 1.5.20 IRDP Responder
    * 1.5.21 IRDP Spoofer
    * 1.5.22 John
    * 1.5.23 Lodowep
    * 1.5.24 Mailsnarf
    * 1.5.25 Medusa
    * 1.5.26 Msgsnarf
    * 1.5.27 Nemesis Spoofer
    * 1.5.28 NetSed
    * 1.5.29 Netenum
    * 1.5.30 Netmask
    * 1.5.31 Ntop
    * 1.5.32 PHoss
    * 1.5.33 PackETH
    * 1.5.34 Rcrack
    * 1.5.35 SIPdump
    * 1.5.36 SMB Sniffer
    * 1.5.37 Sing
    * 1.5.38 TFTP-Brute
    * 1.5.39 THC PPTP
    * 1.5.40 TcPick
    * 1.5.41 URLsnarf
    * 1.5.42 VNCrack
    * 1.5.43 WebCrack
    * 1.5.44 Wireshark
    * 1.5.45 Wireshark Wifi
    * 1.5.46 WyD
    * 1.5.47 XSpy
    * 1.5.48 chntpw

    # 1.6 Maintaining Access

    * 1.6.1 3proxy
    * 1.6.2 Backdoors
    * 1.6.3 Matahari
    * 1.6.4 CryptCat
    * 1.6.5 HttpTunnel Client
    * 1.6.6 HttpTunnel Server
    * 1.6.7 ICMPTX
    * 1.6.8 Iodine
    * 1.6.9 NSTX
    * 1.6.10 Privoxy
    * 1.6.11 ProxyTunnel
    * 1.6.12 Rinetd
    * 1.6.13 TinyProxy
    * 1.6.14 sbd
    * 1.6.15 socat

    # 1.7 Covering Tracks

    * 1.7.1 Housekeeping

    # 1.8 Radio Network Analysis

    * 1.8.1 802.11 WIFI
    o AFrag
    o ASLeap
    o Air Crack
    o Air Decap
    o Air Replay
    o Airmon Script
    o Airpwn
    o AirSnarf
    o Airbase
    o Airodump
    o Airoscript
    o Airsnort
    o CowPatty
    o FakeAP
    o Hotspotter
    o Karma
    o Kismet
    o MDK3
    o MacChanger
    o WifiTap
    o Wicrawl
    o WifiZoo
    o Wlassistant
    o SpoonDRV
    o SpoonWEP
    * 1.8.2 Bluetooth
    o BTcrack
    o Bluebugger
    o Blueprint
    o Bluesmash
    o Bluesnarfer
    o Btscanner
    o Carwhisperer
    o Frontline
    o Minicom
    o ObexFTP
    o HCIDump
    o Redfang
    o Ussp-Push
    o atshell
    o attest
    o bdaddr
    o bss
    o btftp
    o hcidump-crash
    o hidattack
    o hstest
    o rfcomm

    # 1.9 VOIP & Telephony Analysis

    * 1.9.1 PcapSipDump
    * 1.9.2 PcapToSip_RTP
    * 1.9.3 SIPSak
    * 1.9.4 SIPcrack
    * 1.9.5 SIPdump
    * 1.9.6 SIPp
    * 1.9.7 Smap

    # 1.10 Digital Forensics

    * 1.10.1 Allin1
    * 1.10.2 Autopsy
    * 1.10.3 DCFLDD
    * 1.10.4 DD_Rescue
    * 1.10.5 Foremost
    * 1.10.6 Magicrescue
    * 1.10.7 Mboxgrep
    * 1.10.8 Memfetch
    * 1.10.9 Memfetch Find
    * 1.10.10 Pasco
    * 1.10.11 Rootkithunter
    * 1.10.12 Sleuthkit
    * 1.10.13 Vinetto

    # 1.11 Reverse Engineering

    * 1.11.1 GDB GNU Debugger
    * 1.11.2 GDB Console GUI
    * 1.11.3 GDB Server
    * 1.11.4 GNU DDD
    * 1.11.5 Hexdump
    * 1.11.6 Hexedit
    * 1.11.7 OllyDBG

    # 1.12 Services

    * 1.12.1 SNORT

    If you would like these, google them or just download the Backtrack3 cd image.

  12. zapf brannigan says:

    @ 45MAC10:

    Way to go! You could also install the effing backtrack distro, even though this was a post about Ubuntu.

    Have a cigar.

  13. amyn says:

    Thanks, it works well. Contribution of exact code will prevent waste of our time.

  14. Richie says:

    1. Which anti-virus is better,Avast or Clamav?
    2. What do I have to do to start the application automatically when I turn on my PC? Many thanks

  15. Joe says:

    I’m a little new to network seucurity, and this is a little overwhelming. I’m just trying to figure out the difference between some of these tools, especially the first few. Any help would be great.

  16. kemardens says:

    Awesome!!! That is all that need to be said.

  17. blu says:

    While I think this is a great posting with good information, I agree with Joe. Being new to security, some additional detail about how to use the application and analyze the results would be appreciated.

  18. 2pac says:

    somebody share a link for nessus usage and plugins please ? or any youtube links also appreciated..

  19. Junaid says:

    Great work .. Apreciate it from deep of my heart

    Thumbs up to you !

  20. tcpdump says:


    excellent work, many thanks for this 😉

    One little thing to mention:
    2) nessus
    As nessus is now commercial software you might want to install openvas here.

    but again a 1000 thanks for this awesome work.

    Regards tcpdump

  21. naf says:

    Thanks a lot!!

  22. Wafeeq says:

    instead of dsniff i use justniffer

  23. lostinscope says:

    great list!
    Thank You

  24. thiyagi says:

    Very helpful post and the comments helped too..backing up everything ..;)

  25. Jean Ls C says:

    Looking for advices and tutoring!
    I am over 80, using Windows since DOS 3,
    Then I had no problems!
    Followed by Win 7, still not to BAD
    BUT with W10 I am STOOLED, Regardless what I want to do, the STOOPs is blocking me and modified all of what, I rebuild to what I know to my knowledge: SKYPE, I have 3 computers 2 Towers and 1Portable, 3 ident, or Name: One for each System with LEGAL Windows, and they screw me up its impossible to do WORTS WHO are these BA….
    MY QUESTION: is = is there an Operating SYSTEM, that (witch ) would similar or close enought for me to operated (must be simple?) My pleasure is to scoop arond (Like STUMBLE UPON) and the finding I transfer them to my SON, that teaches PHYSICS, SCIENCE and MATH.
    They do not help no one. Only causing trouble and further more stealing SPACE ON OUR COMPUTER. we ARE old, BUT NOT WEARING DIAPERS (yet)

Leave a Reply

Your email address will not be published.