Tools

Tools not mentioned in other posts InfoSec Associates Resource Site Purdue University Center for Education and Research in Information Assurance And Security (CERIAS) Security Archive [ftp] Church of the Swimming Elephant (cotse.com)

Lost or stolen laptops

• Adeona On hold. Free service to track stolen laptops.
• Computrace® Data Protection and LoJack for Laptops by Absolute® Software allows you to track stationary, remote, and mobile computer assets and remotely wipe sensitive data if they are lost, stolen, or nearing the end of lifecycle.
• Prey lets you keep track of your phone or laptop at all times, and will help you find it if it ever gets lost or stolen. It’s lightweight, open source software, and free for anyone to use. And it just works.
• zTrace (like LoJack for Laptops)
• Periodically send GPS coordinates to yourself. See TrackMe GPS/CellID Tracking tool for Google Earth & Google Maps
• Install more than one notification mechanism.
• cryptmount is a utility for creating and managing secure filing systems on GNU/Linux systems. After initial setup, it allows any user to mount or unmount filesystems on demand, solely by providing the decryption password. A wide variety of encryption schemes (provided by the kernel dm-crypt system and the libgcrypt library) can be used to protect both the filesystem and the access key. The protected filesystems can reside in either ordinary files or disk partitions. The package also supports encrypted swap partitions, and automatic configuration on system boot-up.

Configuration Management

• Tripwire. Open Source Tripwire® software is a security and data integrity tool useful for monitoring and alerting on specific file change(s) on a range of systems. The project is based on code originally contributed by Tripwire, Inc. in 2000.

Windows Configuration Review

• SecureCheq: A Free Configuration Evaluator from Tripwire

SAN

• Brocade SAN Health Diagnostic This free utility generates diagnostic reports about your SAN environment.
• Aprigo NINJA search file systems across your network for file types, age.

Vulnerabilities

• The Open Source Vulnerability Database (OSVDB) has a subscription feature. Get notified when vulnerabilities are found with the software you use.

Exploits

• Immunity’s CANVAS makes available hundreds of exploits, an automated exploitation system, and a comprehensive, reliable exploit development framework to penetration testers and security professionals worldwide. To see CANVAS in action please see our movies. For users new to CANVAS or experienced users looking to get just a little more out of CANVAS we have PDF based tutorials available for download.

Malware

What does this Windows program touch? Try Sysinternals Process Explorer or Moo0 File Monitor.

• Ur I.T. Mate Group various anti-malware approaches
• Gargoyle malware discovery across large file systems
• FortiClient Endpoint Security Suite Standard edition, free Firewall / VPN security, Antivirus and Malware protection, Web Filtering, Endpoint Control and WAN Optimization
• BotHunter IDS-ish botnet scanner from SRI International
• Avira Antivir Rescue System Rootkit hunter
• Gmer Rootkit hunter
• IceSword Detect keyloggers, rootkits
• Prevx Prevx Edge rootkit hunter
• Malwarebytes’ Anti-Malware Malware discovery
• Mandiant Red Curtain by Nick Harbour, search for suspicious files
• Stormshield SkyRecon’s lightweight endpoint protection (Encryption, IPS, Firewall, Policy, Audit, Virus, Spyware)
• Evader can test your organization’s network security devices against Advanced Evasion Techniques (AET).
• ComboFix looks for and removes many rootkits and Trojans. To use this tool, you must completely disable all antivirus solutions (and you should completely remove AVG). Caution: If ComboFix is not used properly, it can wreak havoc on the machine you’re trying to fix.
• ProduKey will help you get product keys from installed applications so that when you need to migrate to a new machine, you can continue using those costly licenses. ProduKey will recover keys from more than 1,000 software titles, including Microsoft Office, Adobe, and Symantec. When you use this tool, you will have both the product ID and the product key; the ID is important because it will tell you which version of the software is installed.
• Hiren’s BootCD is a one-stop-shop Linux boot disk that can help you pull off a number of small miracles. Its tools include Antivir, ClamWin, ComboFix, Clonedisk, Image for Windows, BIOS Cracker, 7-Zip, Bulk Rename, Mini Windows XP, CCleaner, and Notepad++, among others. This single bootable disk could easily be the only tool you need.
• Microsoft Security Essentials is one of the better free antivirus tools available. Microsoft Security Essentials can be used for free for up to 10 PCs. Beyond that, you can purchase the business version, System Center Endpoint Protection.
• WinDirStat reports what is taking up the space on a hard drive.
• CCleaner gets rid of temporary files and Windows Registry problems. CCleaner Business Edition comes with a few more features (including one-click cleaning) than the free version.
• Defraggler is faster, more reliable, and more flexible than the built-in Windows operating system tools. With Defraggler, you can defrag a single file or an entire drive. Defraggler supports NTFS and FAT32 systems.
• 7-Zip is a file archiver/compression tool
• SyncBack is a backup utility. SyncBack can synchronize data to the same drive, a different drive or medium (CDRW, CompactFlash, etc.), an FTP server, a network, or a zip archive.
• FileZilla is an FTP client and has an FTP server.

Remote Management Utilities

• Kaseya
• N-able N-central network and systems management software
• Puppet configuration management
• chef configuration management to consider for your cloud virtual machines
• Cfengine configuration management
• Open Computer and Software Inventory Next Generation (ocsng) configuration management
• RightScale configuration management (“Cloud Portfolio Management”)

Restore deleted files

Be careful to minimize file system changes. Do not install a file recovery software package, this reduces the likelihood that you can recover a deleted file. You may inadvertently make deleted files unrecoverable. Instead, use a “portable” version of the software. Recover the files to a different file system. Working from an image of the file system is recommended.

• Recuva Portable can be run from a flash drive and save recovered files to alternate media, making minimal file system changes.
• DataRecovery is also available as a portable version.
• SystemRescueCD
• TestDisk was primarily designed to help recover lost partitions and/or make non-booting disks bootable again when these symptoms are caused by faulty software, certain types of viruses or human error (such as accidentally deleting a partition table). Available as a portable version.
• PhotoRec is file data recovery software designed to recover lost files including video, documents and archives from hard disks, CD-ROMs, and lost pictures (thus the Photo Recovery name) from digital camera memory. PhotoRec ignores the file system and goes after the underlying data, so it will still work even if your media’s file system has been severely damaged or reformatted.
• Recuva recovers files deleted from your Windows computer, Recycle Bin, digital camera card, or MP3 player.
• Wise Data Recovery is a light, fast and free deleted file recovery tool – can easily recover lost data from hard disk and removable drive.
• Where are you sending the recovered files? Explorer++ Portable, FileZilla Portable and Portable Firefox give you some flexibility.

Extract, Transform, Load (ETL)

• Expressor Desktop Studio

Microsoft Exchange

• Exchange Management Console Tool used to run message traces and view the backend Exchange organization information.  Can be used to run powershell commands.
• Exchange Server Remote Connectivity Analyzer tool The tool performs 4 tests:
  • Active Sync Connectivity Test –
  • Outlook Provider Autodiscover –
  • Outlook Connectivity Tests – There are 2 of these.  1 for Outlook Anywhere and 1 for Outlook 2003.
  • Inbound SMTP Mail – This only requires an e-mail address and shows that mail is flowing to the account in question.
• MFCMAPI uses Microsoft’s published APIs to provide access to MAPI stores through a graphical user interface. Its purpose is to facilitate investigation of Exchange and Outlook issues and to provide developers with a canonical sample for MAPI development.

Active Directory

• AD Explorer Active Directory Explorer (AD Explorer) is an advanced Active Directory (AD) viewer and editor. You can use AD Explorer to easily navigate an AD database, define favorite locations, view object properties and attributes without having to open dialog boxes, edit permissions, view an object’s schema, and execute sophisticated searches that you can save and re-execute.
• Ldp.exe is a Support Tools utility you can use to perform Lightweight Directory Access Protocol (LDAP) searches against the Active Directory for specific information given search criteria.  Used to get user dumps of attributes.  You can specify what attributes you are looking for.
• Active Directory® Service Interfaces Editor (ADSI Edit) is a Lightweight Directory Access Protocol (LDAP) editor that you can use to manage objects and attributes in Active Directory. ADSI Edit (adsiedit.msc) provides a view of every object and attribute in an Active Directory forest. You can use ADSI Edit to query, view, and edit attributes that are not exposed through other Active Directory Microsoft Management Console (MMC) snap-ins: Active Directory Users and Computers, Active Directory Sites and Services, Active Directory Domains and Trusts, and Active Directory Schema.
• joeware.net offers many command line AD tools, such as ADfind the command line Active Directory and ADAM LDAP query tool to use instead of DSQuery.
• Manage Linux and Unix privileged access through Active Directory using Beyond Trust.
• NetWrix freeware products:
  • NetWrix Active Directory Change Reporter – Reports the changes made to Active Directory and delivers detailed information on a daily basis.
  • NetWrix Active Directory Object Restore Wizard – Restores deleted and modified objects in Windows 2003 or 2008 Active Directory without rebooting a domain controller.
  • NetWrix Bulk Password Reset – Simple tool that quickly changes multiple local account passwords in bulk and across multiple computers.
  • NetWrix Change Reporter for System Center Virtual Machine Manager – Reports on changes made to VMM configuration and delivers detailed information on a daily basis.
  • NetWrix Disk Space Monitor – Keeps track of server disk space on domain controllers, file servers, SharePoint servers, Exchange servers, database servers and others.
  • NetWrix Event Log Manager – Event log consolidation, archiving, reporting, and real-time alerting tool, that allows you to collect event logs from multiple computers across multiple networks. The tool sends customizable alerts of important events, and centrally stores them in a compressed format and SQL database that enables fast access to event log data.
  • NetWrix Exchange Change Reporter – Reports changes made to all Exchange Server configurations and permissions and generates daily reports with a full list of created, deleted, and modified objects.
  • NetWrix File Server Change Reporter – Sends daily reports about all changes to the file servers for your review, including changes made to files, folders, shares, and permissions with previous and new values of certain configuration values.
  • NetWrix Group Policy Change Reporter – Reports the changes made to Group Policy and delivers detailed information on a daily basis.
  • NetWrix Inactive Users Tracker – Automates the management of inactive user accounts.
  • NetWrix Logon Reporter – Reports about successful and failed logons.
  • NetWrix Network Infrastructure Change Reporter – Free tool for automated auditing of network devices, such as switches and routers, discovery and network asset management.
  • NetWrix Non-owner Mailbox Access Reporter for Exchange – Detects all situations when administrators and other users have gained access to another user’s mailbox.
  • NetWrix Password Expiration Notifier – Notifies users whose passwords will expire soon by sending customizable notification e-mails.
  • NetWrix Password Manager – Allows users to reset forgotten passwords, troubleshoot account lockouts and unlock their accounts in a self-service fashion without involvement of helpdesk personnel.
  • NetWrix Privileged Account Manager – Provides a secure web-based portal for accessing and automatic maintenance of administrative user accounts to enable centralized management and auditing of all privileged identities.
  • NetWrix Server Configuration Change Reporter – Automates auditing and reporting of all changes made to server configurations: hardware devices, drivers, software, services, networking settings, etc.
  • NetWrix Service Monitor – Monitors critical Windows services and optionally restarts them after failure.
  • NetWrix SharePoint Change Reporter – Automates auditing and reporting of all SharePoint administrative modifications, including those made to SharePoint farms, servers and sites as well as their settings and permissions.
  • NetWrix SQL Server Change Reporter – Auditing solution that reports changes made to your SQL Server’s configurations and databases.
  • NetWrix USB Blocker – Delivers USB device restriction enforcement that helps organizations to control the use of confidential information, secure their network and comply with regulatory requirements.
  • NetWrix User Activity Video Reporter – Video logging for critical IT systems
  • NetWrix VMware Change Reporter – Reports on changes made to VMware Infrastructure 3 inventory and delivers detailed information on a daily basis.
  • NetWrix VMware Reporter – Collects and reports information about your VMware environment.
  • NetWrix Web-based Password Change for Active Directory – Provides a simple web form to change domain passwords remotely for users who don’t have access to the normal logon or Ctrl-Alt-Del screen because they are not connected to the domain, use a Linux, Mac or PDA device.

Shared keyboard and mouse

• Synergy is Free and Open Source Software that lets you easily share your mouse and keyboard between multiple computers, where each computer has it’s own display. No special hardware is required, all you need is a local area network. Synergy is supported on Windows, Mac OS X and Linux. Redirecting the mouse and keyboard is as simple as moving the mouse off the edge of your screen. Synergy is released under the GNU Public License (GPL).

Crypto

• Botan <alternate> aims to be a portable, easy to use, and efficient C++ crypto library. It currently supports the following algorithms:
  • Block Ciphers: Blowfish, CAST256, CAST5, CS-Cipher, DES/DESX/TripleDES, GOST, IDEA, Lion, Luby-Rackoff, MISTY1, RC2, RC5, RC6, Rijndael, SAFER-SK128, Serpent, SHARK, Skipjack, Square, TEA, Threeway, Twofish, XTEA
  • Block Cipher Modes: CBC, CTS, CFB, OFB, Counter
  • Stream Ciphers: ARC4, ISAAC, SEAL
  • Hash Functions: HAVAL, MD2, MD4, MD5, RIPE-MD128, RIPE-MD160, SHA-1, SHA2-256, SHA2-512, Tiger
  • Checksums: Adler32, CRC24, CRC32
  • MACs: EMAC, HMAC, MD5-MAC
  • RNGs: Randpool, X9.17 RNG
• Crypo: Free Online Encryption/Decryption. JavaScript / Encrypt or Decrypt source code, Hide URL Link and email address, Hash Generator, One’Pass Generator, Passphrase Generator, Mega-PassPhrase Generator, ASCII Encode/Decode, Encrypt online message, Decrypt online message, Encrypt or Decrypt message, Multibit Encryption
• fwknop-2.0 provides Single Packet Authorization to multiple open source firewalls, embedded systems, mobile devices, and more.

Firewall

• Dante (1.3.1) <alternate> is a circuit-level firewall/proxy that can be used to provide convenient and secure network connectivity to a wide range of hosts while requiring only the server Dante runs on to have external network connectivity. Once installed, Dante can in most cases be made transparent to the clients while offering detailed access control and logging facilities to the server administrator.

Stunnel <alternate> is a program that allows you to encrypt arbitrary TCP connections inside SSL (Secure Sockets Layer). Stunnel can allow you to secure non-SSL aware daemons and protocols (like POP, IMAP, LDAP, etc) by having Stunnel provide the encryption, requiring no changes to the daemon’s code. The Stunnel source code is not a complete product – you still require a functioning SSL library such as OpenSSL or SSLeay in order to compile stunnel. This means that stunnel can support whatever (and only) that which your SSL library can, without making any changes in the Stunnel code. Shorewall is a high-level tool for configuring Netfilter. You describe your firewall/gateway requirements using entries in a set of configuration files. Shorewall reads those configuration files and with the help of the iptables utility, Shorewall configures Netfilter to match your requirements. Shorewall can be used on a dedicated firewall system, a multi-function gateway/router/server or on a standalone GNU/Linux system. Shorewall does not use Netfilter’s ipchains compatibility mode and can thus take advantage of Netfilter’s connection state tracking capabilities.

Ever wonder how those next generation firewalls decrypt then re-encrypt SSL traffic? Decrypt is easy; use the public key. Encrypt shouldn’t be possible; they don’t have the private key. The trick: use a “bogus” certificate authority, have everyone trust it, use your own private key and modify the certificate. Certificate Authority management …

Uncategorized

• Blat A Win32 Command Line SMTP Mailer
• DTSearch Text Retrieval and Full Text Search, instantly search terabytes of text
• PDFmyURL convert web site to PDF for offline viewing
• GNU Utilities for Win32 Including grep
• Powergrep for Windows
• RegexBuddy for a regex learning tool and checker
• smart.fm has a course in Regex
• agfind command line find utility using regular expressions (developed by Altair Technologies)
• loggedon Find who is logged on on a remote system (developed by Altair Technologies)
• procmod Command line utility to display various modules used by a given process (developed by Altair Technologies)
• sanitize log and configuration file sanitizer (developed by Altair Technologies)
• sid Resolve the user name for a specific SID (developed by Altair Technologies)
• iQ.Suite Email management, including encryption
• RT tracks bugs, creates help desk tickets, establishes workflow processes and change management, performs network operations, and so on.
• log2timeline Root cause analysis. Review many Mac OS X or Windows artifacts to construct a sequence of events.
• MindSniffer from Mandiant is a tool that will allow the user to translate snort signatures to either XML jobs or Python plug-ins that can be used to identify processes containing strings that match snort signatures.
• Nobix PageAlert [pdf] messaging and escalation management of IT resource alerts
• Security xploded Tools and articles; IE, Firefox and Chrome password decrypters, ProcNetMonitor
• Nessus Vulnerability Scanner from Tenable Network Security. See and hear PaulDotCom episode 214 for information about integrating Hydra and Nikto into Nessus.  Scanning for default easily guessable credentials with Nessus.
• Nikto is an open source web server scanner which performs comprehensive tests against web servers for multiple items, including over 6500 potentially dangerous files/CGIs, checks for outdated versions of over 1200 servers, and version specific problems on over 270 servers.
• MagicTree is a penetration testing productivity tool. It is designed to allow easy and straightforward data consolidation, querying, external command execution and report generation.
• Mpctp is a tool for raw packets manipulation of the TCP/IP family that allows a large number of options. It is able to send certain types of packets to any specific target and manipulate various of its fields at runtime.
• OpenDNS Trustworthy DNS servers and optional content filtering
• PBX in a Flash the Lean, Mean Asterisk Machine
• pHash, the perceptual hash library
• Quintessential Network Tools Page, The mobrien.com DNS, Routing, Calculators, Performance, Security
• Scuba by Imperva a free, lightweight Java utility that scans (Oracle, IBM DB2, Microsoft SQL Server, and Sybase) databases for known vulnerabilities and configuration flaws
• SQLCipher is a SQLite extension that provides transparent 256-bit AES encryption of database files. Pages are encrypted before being written to disk and are decrypted when read back. Due to the small footprint and great performance it’s ideal for protecting embedded application databases and is well suited for mobile development.
• Secunia PSI Inventories your system to determine if any software has security vulnerabilities with vendor patches.
• SecuriTeam Web application testing and forensics tools
• SlavaSoft FSUM (like Microsoft’s File Checksum Integrity Verifier) Hash (Message Digest) or Checksum calculator in a command line with wild cards and recursion (free) fsum -md5 -sha1 -r *.* >fsum.txt fsum -jf -c fsum.txt
• SlavaSoft HashCalc Hash (Message Digest), CRC, and HMAC calculator in a GUI (free)
• FileVerifier++ is a Win32 application for verifying the integrity of files. FileVerifier supports various algorithms by means of dynamically loadable hash libraries. It is a pure Win32 C++ application and doesn’t have any dependencies other than what comes with Windows. Permanent installation is not required and may be burned to a CD or used from a flash drive.
• ProDiscover Hashkeeper to compare files against hash sets.
• Software Informer A niche social media, where participants report latest versions of software. Used to learn if there are more current versions of the software you have installed. No need to run at Windows StartUp.
• Hardening Windows Processes – YouTube Didier Stevens talks about hardening Windows processes, discusses Microsoft’s Enhanced Mitigation Experience Toolkit (EMET), and introduces HeapLocker, his open source tool that mitigates heap spray attacks.
• Tinc is a self-contained VPN solution
• Translator, binary Text, binary, hex, base64, Dec / Char, Message Digest / Check Sum. ASCIIHexDecode online.
• Daemon Tools for optical media emulation (mount ISO files as removable media)
• Ultimate Boot CD For Windows A bootable recovery CD that contains software used for repairing, restoring, or diagnosing computer problems.
• VideoJak is an IP Video security assessment tool that can simulate a proof of concept video interception or replay test against a targeted, user-selected video session.
• Praeda is an automated printer data harvesting tool.
• VMWare Virtual Appliance Marketplace Test drive operating systems and applications in virtual machines. VMware Player is available as a free download for personal use. Download a virtual appliance from VMware Solution Exchange.
• Oracle VM VirtualBox Test drive operating systems and applications in virtual machines
• Whonix is an anonymous general purpose operating system based on Virtual Box, Debian GNU/Linux and Tor. By Whonix design, IP and DNS leaks are impossible. Not even malware with root rights can find out the user’s real IP/location.
• Vormetric Database encryption, file encryption WITH key management
• EasyBCD is NeoSmart Technologies’ multiple award-winning answer to taking control of your bootloader. EasyBCD extends and revamps the Windows Vista/Windows 7 BCD bootloader, and with EasyBCD, almost anything is possible. Setting up and configuring a dual-boot between Windows 7, Windows Vista, older versions of Windows such as XP & 2003, Linux, Ubuntu, BSD, and Mac OS X is a breeze. You just point & click and EasyBCD does the rest.
• Sumatra open source PDF viewer
• Core FTP LE free Windows FTP utility
• FileZilla open source Windows FTP utility
• PasteHTML free, anonymous web hosting
• Weebly free web hosting
• Webs free web hosting
• Google Sites is a free, web-based site-building tool and is a What You See Is What You Get (WYSIWYG) application available for creating and sharing web pages.
• co.cc register up to two *.co.cc domains for free. Domains will be blacklisted by many filters. Similarly, .cz.cc, .co.tv, and .cc.ms offer free domains, are often malicious or offer no useful information.
• AffirmTrust offers free SSL certificates and inexpensive EV SSL certificates.
• Comodo offers a free 90 day certificate.
• Comodo also offers SiteInspector, a free malware scanning and blacklist monitoring for websites. The free service allows website owners to set up recurring, daily checks on any 3 pages of a domain.
• Syringe utility provides ability to inject shellcode into processes

Network Tools

• See Network Tools

Collections of freeware utilities

• NirSoft
• NirSoft utilities (NirLauncher is a package of more than 100 portable freeware utilities for Windows, all of them developed for NirSoft Web site during the last few years.)
• KarenWare
• PenDriveApps is s source for many portable apps.

Physical security

• DIFRwear RFID blocking wallets