Tools

Tools not mentioned in other posts

InfoSec Associates Resource Site

Purdue University Center for Education and Research in Information Assurance And Security (CERIAS) Security Archive [ftp]

Church of the Swimming Elephant (cotse.com)

Lost or stolen laptops

• Adeona On hold. Free service to track stolen laptops.
• Computrace® Data Protection and LoJack for Laptops by Absolute® Software allows you to track stationary, remote, and mobile computer assets and remotely wipe sensitive data if they are lost, stolen, or nearing the end of lifecycle.
• Prey lets you keep track of your phone or laptop at all times, and will help you find it if it ever gets lost or stolen. It’s lightweight, open source software, and free for anyone to use. And it just works.
• zTrace (like LoJack for Laptops)
• Periodically send GPS coordinates to yourself. See TrackMe GPS/CellID Tracking tool for Google Earth & Google Maps
• Install more than one notification mechanism.
• cryptmount is a utility for creating and managing secure filing systems on GNU/Linux systems. After initial setup, it allows any user to mount or unmount filesystems on demand, solely by providing the decryption password. A wide variety of encryption schemes (provided by the kernel dm-crypt system and the libgcrypt library) can be used to protect both the filesystem and the access key. The protected filesystems can reside in either ordinary files or disk partitions. The package also supports encrypted swap partitions, and automatic configuration on system boot-up.

Configuration Management

• Tripwire. Open Source Tripwire® software is a security and data integrity tool useful for monitoring and alerting on specific file change(s) on a range of systems. The project is based on code originally contributed by Tripwire, Inc. in 2000.

SAN

• Brocade SAN Health Diagnostic This free utility generates diagnostic reports about your SAN environment.
• Aprigo NINJA search file systems across your network for file types, age.

Vulnerabilities

• The Open Source Vulnerability Database (OSVDB) has a subscription feature. Get notified when vulnerabilities are found with the software you use.

Exploits

• Immunity’s CANVAS makes available hundreds of exploits, an automated exploitation system, and a comprehensive, reliable exploit development framework to penetration testers and security professionals worldwide. To see CANVAS in action please see our movies. For users new to CANVAS or experienced users looking to get just a little more out of CANVAS we have PDF based tutorials available for download.

Malware

• Ur I.T. Mate Group various anti-malware approaches
• Gargoyle malware discovery across large file systems
• FortiClient Endpoint Security Suite Standard edition, free Firewall / VPN security, Antivirus and Malware protection, Web Filtering, Endpoint Control and WAN Optimization
• BotHunter IDS-ish botnet scanner from SRI International
• Avira Antivir Rescue System Rootkit hunter
• Gmer Rootkit hunter
• IceSword Detect keyloggers, rootkits
• Prevx Prevx Edge rootkit hunter
• Malwarebytes’ Anti-Malware Malware discovery
• Mandiant Red Curtain by Nick Harbour, search for suspicious files
• Stormshield SkyRecon’s lightweight endpoint protection (Encryption, IPS, Firewall, Policy, Audit, Virus, Spyware)

Remote Management Utilities

• Kaseya
• N-able N-central network and systems management software
• Puppet configuration management
• Cfengine configuration management
• Open Computer and Software Inventory Next Generation (ocsng) configuration management

Restore deleted files

Be careful to not cause file system changes. You may make the deleted files unrecoverable. An image of the file system is recommended.

• Recuva Portable can be run from a flash drive and save recovered files to alternate media, making minimal file system changes.

Extract, Transform, Load (ETL)

• Expressor Desktop Studio

Microsoft Exchange

• Exchange Management Console Tool used to run message traces and view the backend Exchange organization information.  Can be used to run powershell commands.
• Exchange Server Remote Connectivity Analyzer tool The tool performs 4 tests:
  • Active Sync Connectivity Test -
  • Outlook Provider Autodiscover -
  • Outlook Connectivity Tests – There are 2 of these.  1 for Outlook Anywhere and 1 for Outlook 2003.
  • Inbound SMTP Mail – This only requires an e-mail address and shows that mail is flowing to the account in question.
• MFCMAPI uses Microsoft’s published APIs to provide access to MAPI stores through a graphical user interface. Its purpose is to facilitate investigation of Exchange and Outlook issues and to provide developers with a canonical sample for MAPI development.

Active Directory

• AD Explorer Active Directory Explorer (AD Explorer) is an advanced Active Directory (AD) viewer and editor. You can use AD Explorer to easily navigate an AD database, define favorite locations, view object properties and attributes without having to open dialog boxes, edit permissions, view an object’s schema, and execute sophisticated searches that you can save and re-execute.
• Ldp.exe is a Support Tools utility you can use to perform Lightweight Directory Access Protocol (LDAP) searches against the Active Directory for specific information given search criteria.  Used to get user dumps of attributes.  You can specify what attributes you are looking for.
• Active Directory® Service Interfaces Editor (ADSI Edit) is a Lightweight Directory Access Protocol (LDAP) editor that you can use to manage objects and attributes in Active Directory. ADSI Edit (adsiedit.msc) provides a view of every object and attribute in an Active Directory forest. You can use ADSI Edit to query, view, and edit attributes that are not exposed through other Active Directory Microsoft Management Console (MMC) snap-ins: Active Directory Users and Computers, Active Directory Sites and Services, Active Directory Domains and Trusts, and Active Directory Schema.
• joeware.net offers many command line AD tools, such as ADfind the command line Active Directory and ADAM LDAP query tool to use instead of DSQuery.
• Manage Linux and Unix privileged access through Active Directory using Beyond Trust.

Shared keyboard and mouse

• Synergy is Free and Open Source Software that lets you easily share your mouse and keyboard between multiple computers, where each computer has it’s own display. No special hardware is required, all you need is a local area network. Synergy is supported on Windows, Mac OS X and Linux. Redirecting the mouse and keyboard is as simple as moving the mouse off the edge of your screen. Synergy is released under the GNU Public License (GPL).

Crypto

• Botan <alternate> aims to be a portable, easy to use, and efficient C++ crypto library. It currently supports the following algorithms:
  • Block Ciphers: Blowfish, CAST256, CAST5, CS-Cipher, DES/DESX/TripleDES, GOST, IDEA, Lion, Luby-Rackoff, MISTY1, RC2, RC5, RC6, Rijndael, SAFER-SK128, Serpent, SHARK, Skipjack, Square, TEA, Threeway, Twofish, XTEA
  • Block Cipher Modes: CBC, CTS, CFB, OFB, Counter
  • Stream Ciphers: ARC4, ISAAC, SEAL
  • Hash Functions: HAVAL, MD2, MD4, MD5, RIPE-MD128, RIPE-MD160, SHA-1, SHA2-256, SHA2-512, Tiger
  • Checksums: Adler32, CRC24, CRC32
  • MACs: EMAC, HMAC, MD5-MAC
  • RNGs: Randpool, X9.17 RNG
• Crypo: Free Online Encryption/Decryption. JavaScript / Encrypt or Decrypt source code, Hide URL Link and email address, Hash Generator, One’Pass Generator, Passphrase Generator, Mega-PassPhrase Generator, ASCII Encode/Decode, Encrypt online message, Decrypt online message, Encrypt or Decrypt message, Multibit Encryption
• fwknop-2.0 provides Single Packet Authorization to multiple open source firewalls, embedded systems, mobile devices, and more.

Firewall

• Dante (1.3.1) <alternate> is a circuit-level firewall/proxy that can be used to provide convenient and secure network connectivity to a wide range of hosts while requiring only the server Dante runs on to have external network connectivity.
  Once installed, Dante can in most cases be made transparent to the clients while offering detailed access control and logging facilities to the server administrator.

Stunnel (4.37) alternate> is a program that allows you to encrypt arbitrary TCP connections inside SSL (Secure Sockets Layer). Stunnel can allow you to secure non-SSL aware daemons and protocols (like POP, IMAP, LDAP, etc) by having Stunnel provide the encryption, requiring no changes to the daemon’s code.
The Stunnel source code is not a complete product – you still require a functioning SSL library such as OpenSSL or SSLeay in order to compile stunnel. This means that stunnel can support whatever (and only) that which your SSL library can, without making any changes in the Stunnel code.

Shorewall (4.4.20.3) alternate> is a high-level tool for configuring Netfilter. You describe your firewall/gateway requirements using entries in a set of configuration files. Shorewall reads those configuration files and with the help of the iptables utility, Shorewall configures Netfilter to match your requirements.
Shorewall can be used on a dedicated firewall system, a multi-function gateway/router/server or on a standalone GNU/Linux system. Shorewall does not use Netfilter’s ipchains compatibility mode and can thus take advantage of Netfilter’s connection state tracking capabilities.

Uncategorized

• Blat A Win32 Command Line SMTP Mailer
• DTSearch Text Retrieval and Full Text Search, instantly search terabytes of text
• PDFmyURL convert web site to PDF for offline viewing
• GNU Utilities for Win32 Including grep
• Powergrep for Windows
• RegexBuddy for a regex learning tool and checker
• smart.fm has a course in Regex
• agfind command line find utility using regular expressions (developed by Altair Technologies)
• loggedon Find who is logged on on a remote system (developed by Altair Technologies)
• procmod Command line utility to display various modules used by a given process (developed by Altair Technologies)
• sanitize log and configuration file sanitizer (developed by Altair Technologies)
• sid Resolve the user name for a specific SID (developed by Altair Technologies)
• iQ.Suite Email management, including encryption
• RT tracks bugs, creates help desk tickets, establishes workflow processes and change management, performs network operations, and so on.
• log2timeline Root cause analysis. Review many Mac OS X or Windows artifacts to construct a sequence of events.
• MindSniffer from Mandiant is a tool that will allow the user to translate snort signatures to either XML jobs or Python plug-ins that can be used to identify processes containing strings that match snort signatures.
• Nagios IT Infrastructure monitoring
• Nobix PageAlert [pdf] messaging and escalation management of IT resource alerts
• Security xploded Tools and articles; IE, Firefox and Chrome password decrypters, ProcNetMonitor
• Nessus Vulnerability Scanner from Tenable Network Security. See (and hear) also PaulDotCom episode 214 for information about integrating Hydra and Nikto into Nessus.  Scanning for default easily guessable credentials with Nessus.
• MagicTree is a penetration testing productivity tool. It is designed to allow easy and straightforward data consolidation, querying, external command execution and report generation.
• Mpctp is a tool for raw packets manipulation of the TCP/IP family that allows a large number of options. It is able to send certain types of packets to any specific target and manipulate various of its fields at runtime.
• OpenDNS Trustworthy DNS servers and optional content filtering
• PBX in a Flash the Lean, Mean Asterisk Machine
• pHash, the perceptual hash library
• Quintessential Network Tools Page, The mobrien.com DNS, Routing, Calculators, Performance, Security
• Robtex Internet toolkit
• Scuba by Imperva a free, lightweight Java utility that scans (Oracle, IBM DB2, Microsoft SQL Server, and Sybase) databases for known vulnerabilities and configuration flaws
• SQLCipher is a SQLite extension that provides transparent 256-bit AES encryption of database files. Pages are encrypted before being written to disk and are decrypted when read back. Due to the small footprint and great performance it’s ideal for protecting embedded application databases and is well suited for mobile development.
• Secunia PSI Inventories your system to determine if any software has security vulnerabilities with vendor patches.
• SecuriTeam Web application testing and forensics tools
• SlavaSoft FSUM (like Microsoft’s File Checksum Integrity Verifier) Hash (Message Digest) or Checksum calculator in a command line with wild cards and recursion (free)
  fsum -md5 -sha1 -r *.* >fsum.txt
fsum -jf -c fsum.txt
• SlavaSoft HashCalc Hash (Message Digest), CRC, and HMAC calculator in a GUI (free)
• FileVerifier++ is a Win32 application for verifying the integrity of files. FileVerifier supports various algorithms by means of dynamically loadable hash libraries. It is a pure Win32 C++ application and doesn’t have any dependencies other than what comes with Windows. Permanent installation is not required and may be burned to a CD or used from a flash drive.
• ProDiscover Hashkeeper to compare files against hash sets.
• Software Informer A niche social media, where participants report latest versions of software. Used to learn if there are more current versions of the software you have installed. No need to run at Windows StartUp.
• Tinc is a self-contained VPN solution
• Translator, binary Text, binary, hex, base64, Dec / Char, Message Digest / Check Sum. ASCIIHexDecode online.
• Daemon Tools for optical media emulation (mount ISO files as removable media)
• Ultimate Boot CD For Windows A bootable recovery CD that contains software used for repairing, restoring, or diagnosing computer problems.
• VideoJak is an IP Video security assessment tool that can simulate a proof of concept video interception or replay test against a targeted, user-selected video session.
• Praeda is an automated printer data harvesting tool.
• VMWare Virtual Appliance Marketplace Test drive operating systems and applications in virtual machines
• Oracle VM VirtualBox Test drive operating systems and applications in virtual machines
• Vormetric Database encryption, file encryption WITH key management
• EasyBCD is NeoSmart Technologies’ multiple award-winning answer to taking control of your bootloader. EasyBCD extends and revamps the Windows Vista/Windows 7 BCD bootloader, and with EasyBCD, almost anything is possible. Setting up and configuring a dual-boot between Windows 7, Windows Vista, older versions of Windows such as XP & 2003, Linux, Ubuntu, BSD, and Mac OS X is a breeze. You just point & click and EasyBCD does the rest.
• Sumatra open source PDF viewer
• Core FTP LE free Windows FTP utility
• FileZilla open source Windows FTP utility
• PasteHTML free, anonymous web hosting
• Google Sites is a free, web-based site-building tool and is a What You See Is What You Get (WYSIWYG) application available for creating and sharing web pages.
• co.cc register up to two *.co.cc domains for free. Domains will be blacklisted by many filters. Similarly, .cz.cc, .co.tv, and .cc.ms offer free domains, are often malicious or offer no useful information.
• AffirmTrust offers free SSL certificates and inexpensive EV SSL certificates.
• Comodo offers a free 90 day certificate.
• Comodo also offers SiteInspector, a free malware scanning and blacklist monitoring for websites. The free service allows website owners to set up recurring, daily checks on any 3 pages of a domain.
• Syringe utility provides ability to inject shellcode into processes

Network Tools

• See Network Tools
  

Collections of freeware utilities

• NirSoft
• NirSoft utilities (NirLauncher is a package of more than 100 portable freeware utilities for Windows, all of them developed for NirSoft Web site during the last few years.)
• KarenWare

Physical security

• DIFRwear RFID blocking wallets