Tools

Tools not mentioned in other posts InfoSec Associates Resource Site Purdue University Center for Education and Research in Information Assurance And Security (CERIAS) Security Archive [ftp] Church of the Swimming Elephant (cotse.com)

Lost or stolen laptops

  • Adeona On hold. Free service to track stolen laptops.
  • Computrace® Data Protection and LoJack for Laptops by Absolute® Software allows you to track stationary, remote, and mobile computer assets and remotely wipe sensitive data if they are lost, stolen, or nearing the end of lifecycle.
  • Prey lets you keep track of your phone or laptop at all times, and will help you find it if it ever gets lost or stolen. It’s lightweight, open source software, and free for anyone to use. And it just works.
  • zTrace (like LoJack for Laptops)
  • Periodically send GPS coordinates to yourself. See TrackMe GPS/CellID Tracking tool for Google Earth & Google Maps
  • Install more than one notification mechanism.
  • cryptmount is a utility for creating and managing secure filing systems on GNU/Linux systems. After initial setup, it allows any user to mount or unmount filesystems on demand, solely by providing the decryption password. A wide variety of encryption schemes (provided by the kernel dm-crypt system and the libgcrypt library) can be used to protect both the filesystem and the access key. The protected filesystems can reside in either ordinary files or disk partitions. The package also supports encrypted swap partitions, and automatic configuration on system boot-up.

Configuration Management

  • Tripwire. Open Source Tripwire® software is a security and data integrity tool useful for monitoring and alerting on specific file change(s) on a range of systems. The project is based on code originally contributed by Tripwire, Inc. in 2000.

Windows Configuration Review

  • SecureCheq: A Free Configuration Evaluator from Tripwire

SAN

Vulnerabilities

Exploits

  • Immunity’s CANVAS makes available hundreds of exploits, an automated exploitation system, and a comprehensive, reliable exploit development framework to penetration testers and security professionals worldwide. To see CANVAS in action please see our movies. For users new to CANVAS or experienced users looking to get just a little more out of CANVAS we have PDF based tutorials available for download.

Malware

  • Ur I.T. Mate Group various anti-malware approaches
  • Gargoyle malware discovery across large file systems
  • FortiClient Endpoint Security Suite Standard edition, free Firewall / VPN security, Antivirus and Malware protection, Web Filtering, Endpoint Control and WAN Optimization
  • BotHunter IDS-ish botnet scanner from SRI International
  • Avira Antivir Rescue System Rootkit hunter
  • Gmer Rootkit hunter
  • IceSword Detect keyloggers, rootkits
  • Prevx Prevx Edge rootkit hunter
  • Malwarebytes’ Anti-Malware Malware discovery
  • Mandiant Red Curtain by Nick Harbour, search for suspicious files
  • Stormshield SkyRecon’s lightweight endpoint protection (Encryption, IPS, Firewall, Policy, Audit, Virus, Spyware)
  • Evader can test your organization’s network security devices against Advanced Evasion Techniques (AET).
  • ComboFix looks for and removes many rootkits and Trojans. To use this tool, you must completely disable all antivirus solutions (and you should completely remove AVG). Caution: If ComboFix is not used properly, it can wreak havoc on the machine you’re trying to fix.
  • ProduKey will help you get product keys from installed applications so that when you need to migrate to a new machine, you can continue using those costly licenses. ProduKey will recover keys from more than 1,000 software titles, including Microsoft Office, Adobe, and Symantec. When you use this tool, you will have both the product ID and the product key; the ID is important because it will tell you which version of the software is installed.
  • Hiren’s BootCD is a one-stop-shop Linux boot disk that can help you pull off a number of small miracles. Its tools include Antivir, ClamWin, ComboFix, Clonedisk, Image for Windows, BIOS Cracker, 7-Zip, Bulk Rename, Mini Windows XP, CCleaner, and Notepad++, among others. This single bootable disk could easily be the only tool you need.
  • Microsoft Security Essentials is one of the better free antivirus tools available. Microsoft Security Essentials can be used for free for up to 10 PCs. Beyond that, you can purchase the business version, System Center Endpoint Protection.
  • WinDirStat reports what is taking up the space on a hard drive.
  • CCleaner gets rid of temporary files and Windows Registry problems. CCleaner Business Edition comes with a few more features (including one-click cleaning) than the free version.
  • Defraggler is faster, more reliable, and more flexible than the built-in Windows operating system tools. With Defraggler, you can defrag a single file or an entire drive. Defraggler supports NTFS and FAT32 systems.
  • 7-Zip is a file archiver/compression tool
  • SyncBack is a backup utility. SyncBack can synchronize data to the same drive, a different drive or medium (CDRW, CompactFlash, etc.), an FTP server, a network, or a zip archive.
  • FileZilla is an FTP client and has an FTP server.

Remote Management Utilities

Restore deleted files

Be careful to minimize file system changes. Do not install a file recovery software package, this reduces the likelihood that you can recover a deleted file. You may inadvertently make deleted files unrecoverable. Instead, use a “portable” version of the software. Recover the files to a different file system. Working from an image of the file system is recommended.

  • Recuva Portable can be run from a flash drive and save recovered files to alternate media, making minimal file system changes.
  • DataRecovery is also available as a portable version.
  • SystemRescueCD
  • TestDisk was primarily designed to help recover lost partitions and/or make non-booting disks bootable again when these symptoms are caused by faulty software, certain types of viruses or human error (such as accidentally deleting a partition table). Available as a portable version.
  • PhotoRec is file data recovery software designed to recover lost files including video, documents and archives from hard disks, CD-ROMs, and lost pictures (thus the Photo Recovery name) from digital camera memory. PhotoRec ignores the file system and goes after the underlying data, so it will still work even if your media’s file system has been severely damaged or reformatted.
  • Recuva recovers files deleted from your Windows computer, Recycle Bin, digital camera card, or MP3 player.
  • Wise Data Recovery is a light, fast and free deleted file recovery tool – can easily recover lost data from hard disk and removable drive.
  • Where are you sending the recovered files? Explorer++ Portable, FileZilla Portable and Portable Firefox give you some flexibility.

Extract, Transform, Load (ETL)

Microsoft Exchange

  • Exchange Management Console Tool used to run message traces and view the backend Exchange organization information.  Can be used to run powershell commands.
  • Exchange Server Remote Connectivity Analyzer tool The tool performs 4 tests:
    • Active Sync Connectivity Test –
    • Outlook Provider Autodiscover –
    • Outlook Connectivity Tests – There are 2 of these.  1 for Outlook Anywhere and 1 for Outlook 2003.
    • Inbound SMTP Mail – This only requires an e-mail address and shows that mail is flowing to the account in question.
  • MFCMAPI uses Microsoft’s published APIs to provide access to MAPI stores through a graphical user interface. Its purpose is to facilitate investigation of Exchange and Outlook issues and to provide developers with a canonical sample for MAPI development.

Active Directory

  • AD Explorer Active Directory Explorer (AD Explorer) is an advanced Active Directory (AD) viewer and editor. You can use AD Explorer to easily navigate an AD database, define favorite locations, view object properties and attributes without having to open dialog boxes, edit permissions, view an object’s schema, and execute sophisticated searches that you can save and re-execute.
  • Ldp.exe is a Support Tools utility you can use to perform Lightweight Directory Access Protocol (LDAP) searches against the Active Directory for specific information given search criteria.  Used to get user dumps of attributes.  You can specify what attributes you are looking for.
  • Active Directory® Service Interfaces Editor (ADSI Edit) is a Lightweight Directory Access Protocol (LDAP) editor that you can use to manage objects and attributes in Active Directory. ADSI Edit (adsiedit.msc) provides a view of every object and attribute in an Active Directory forest. You can use ADSI Edit to query, view, and edit attributes that are not exposed through other Active Directory Microsoft Management Console (MMC) snap-ins: Active Directory Users and Computers, Active Directory Sites and Services, Active Directory Domains and Trusts, and Active Directory Schema.
  • joeware.net offers many command line AD tools, such as ADfind the command line Active Directory and ADAM LDAP query tool to use instead of DSQuery.
  • Manage Linux and Unix privileged access through Active Directory using Beyond Trust.
  • NetWrix freeware products:

Shared keyboard and mouse

  • Synergy is Free and Open Source Software that lets you easily share your mouse and keyboard between multiple computers, where each computer has it’s own display. No special hardware is required, all you need is a local area network. Synergy is supported on Windows, Mac OS X and Linux. Redirecting the mouse and keyboard is as simple as moving the mouse off the edge of your screen. Synergy is released under the GNU Public License (GPL).

Crypto

  • Botan <alternate> aims to be a portable, easy to use, and efficient C++ crypto library. It currently supports the following algorithms:
    • Block Ciphers: Blowfish, CAST256, CAST5, CS-Cipher, DES/DESX/TripleDES, GOST, IDEA, Lion, Luby-Rackoff, MISTY1, RC2, RC5, RC6, Rijndael, SAFER-SK128, Serpent, SHARK, Skipjack, Square, TEA, Threeway, Twofish, XTEA
    • Block Cipher Modes: CBC, CTS, CFB, OFB, Counter
    • Stream Ciphers: ARC4, ISAAC, SEAL
    • Hash Functions: HAVAL, MD2, MD4, MD5, RIPE-MD128, RIPE-MD160, SHA-1, SHA2-256, SHA2-512, Tiger
    • Checksums: Adler32, CRC24, CRC32
    • MACs: EMAC, HMAC, MD5-MAC
    • RNGs: Randpool, X9.17 RNG
  • Crypo: Free Online Encryption/Decryption. JavaScript / Encrypt or Decrypt source code, Hide URL Link and email address, Hash Generator, One’Pass Generator, Passphrase Generator, Mega-PassPhrase Generator, ASCII Encode/Decode, Encrypt online message, Decrypt online message, Encrypt or Decrypt message, Multibit Encryption
  • fwknop-2.0 provides Single Packet Authorization to multiple open source firewalls, embedded systems, mobile devices, and more.

Firewall

  • Dante (1.3.1) <alternate> is a circuit-level firewall/proxy that can be used to provide convenient and secure network connectivity to a wide range of hosts while requiring only the server Dante runs on to have external network connectivity. Once installed, Dante can in most cases be made transparent to the clients while offering detailed access control and logging facilities to the server administrator.

Stunnel <alternate> is a program that allows you to encrypt arbitrary TCP connections inside SSL (Secure Sockets Layer). Stunnel can allow you to secure non-SSL aware daemons and protocols (like POP, IMAP, LDAP, etc) by having Stunnel provide the encryption, requiring no changes to the daemon’s code. The Stunnel source code is not a complete product – you still require a functioning SSL library such as OpenSSL or SSLeay in order to compile stunnel. This means that stunnel can support whatever (and only) that which your SSL library can, without making any changes in the Stunnel code. Shorewall is a high-level tool for configuring Netfilter. You describe your firewall/gateway requirements using entries in a set of configuration files. Shorewall reads those configuration files and with the help of the iptables utility, Shorewall configures Netfilter to match your requirements. Shorewall can be used on a dedicated firewall system, a multi-function gateway/router/server or on a standalone GNU/Linux system. Shorewall does not use Netfilter’s ipchains compatibility mode and can thus take advantage of Netfilter’s connection state tracking capabilities.

Ever wonder how those next generation firewalls decrypt then re-encrypt SSL traffic? Decrypt is easy; use the public key. Encrypt shouldn’t be possible; they don’t have the private key. The trick: use a “bogus” certificate authority, have everyone trust it, use your own private key and modify the certificate. Certificate Authority management …

Uncategorized

  • Blat A Win32 Command Line SMTP Mailer
  • DTSearch Text Retrieval and Full Text Search, instantly search terabytes of text
  • PDFmyURL convert web site to PDF for offline viewing
  • GNU Utilities for Win32 Including grep
  • Powergrep for Windows
  • RegexBuddy for a regex learning tool and checker
  • smart.fm has a course in Regex
  • agfind command line find utility using regular expressions (developed by Altair Technologies)
  • loggedon Find who is logged on on a remote system (developed by Altair Technologies)
  • procmod Command line utility to display various modules used by a given process (developed by Altair Technologies)
  • sanitize log and configuration file sanitizer (developed by Altair Technologies)
  • sid Resolve the user name for a specific SID (developed by Altair Technologies)
  • iQ.Suite Email management, including encryption
  • RT tracks bugs, creates help desk tickets, establishes workflow processes and change management, performs network operations, and so on.
  • log2timeline Root cause analysis. Review many Mac OS X or Windows artifacts to construct a sequence of events.
  • MindSniffer from Mandiant is a tool that will allow the user to translate snort signatures to either XML jobs or Python plug-ins that can be used to identify processes containing strings that match snort signatures.
  • Nobix PageAlert [pdf] messaging and escalation management of IT resource alerts
  • Security xploded Tools and articles; IE, Firefox and Chrome password decrypters, ProcNetMonitor
  • Nessus Vulnerability Scanner from Tenable Network Security. See and hear PaulDotCom episode 214 for information about integrating Hydra and Nikto into Nessus.  Scanning for default easily guessable credentials with Nessus.
  • Nikto is an open source web server scanner which performs comprehensive tests against web servers for multiple items, including over 6500 potentially dangerous files/CGIs, checks for outdated versions of over 1200 servers, and version specific problems on over 270 servers.
  • MagicTree is a penetration testing productivity tool. It is designed to allow easy and straightforward data consolidation, querying, external command execution and report generation.
  • Mpctp is a tool for raw packets manipulation of the TCP/IP family that allows a large number of options. It is able to send certain types of packets to any specific target and manipulate various of its fields at runtime.
  • OpenDNS Trustworthy DNS servers and optional content filtering
  • PBX in a Flash the Lean, Mean Asterisk Machine
  • pHash, the perceptual hash library
  • Quintessential Network Tools Page, The mobrien.com DNS, Routing, Calculators, Performance, Security
  • Scuba by Imperva a free, lightweight Java utility that scans (Oracle, IBM DB2, Microsoft SQL Server, and Sybase) databases for known vulnerabilities and configuration flaws
  • SQLCipher is a SQLite extension that provides transparent 256-bit AES encryption of database files. Pages are encrypted before being written to disk and are decrypted when read back. Due to the small footprint and great performance it’s ideal for protecting embedded application databases and is well suited for mobile development.
  • Secunia PSI Inventories your system to determine if any software has security vulnerabilities with vendor patches.
  • SecuriTeam Web application testing and forensics tools
  • SlavaSoft FSUM (like Microsoft’s File Checksum Integrity Verifier) Hash (Message Digest) or Checksum calculator in a command line with wild cards and recursion (free) fsum -md5 -sha1 -r *.* >fsum.txt fsum -jf -c fsum.txt
  • SlavaSoft HashCalc Hash (Message Digest), CRC, and HMAC calculator in a GUI (free)
  • FileVerifier++ is a Win32 application for verifying the integrity of files. FileVerifier supports various algorithms by means of dynamically loadable hash libraries. It is a pure Win32 C++ application and doesn’t have any dependencies other than what comes with Windows. Permanent installation is not required and may be burned to a CD or used from a flash drive.
  • ProDiscover Hashkeeper to compare files against hash sets.
  • Software Informer A niche social media, where participants report latest versions of software. Used to learn if there are more current versions of the software you have installed. No need to run at Windows StartUp.
  • Hardening Windows Processes – YouTube Didier Stevens talks about hardening Windows processes, discusses Microsoft’s Enhanced Mitigation Experience Toolkit (EMET), and introduces HeapLocker, his open source tool that mitigates heap spray attacks.
  • Tinc is a self-contained VPN solution
  • Translator, binary Text, binary, hex, base64, Dec / Char, Message Digest / Check Sum. ASCIIHexDecode online.
  • Daemon Tools for optical media emulation (mount ISO files as removable media)
  • Ultimate Boot CD For Windows A bootable recovery CD that contains software used for repairing, restoring, or diagnosing computer problems.
  • VideoJak is an IP Video security assessment tool that can simulate a proof of concept video interception or replay test against a targeted, user-selected video session.
  • Praeda is an automated printer data harvesting tool.
  • VMWare Virtual Appliance Marketplace Test drive operating systems and applications in virtual machines. VMware Player is available as a free download for personal use. Download a virtual appliance from VMware Solution Exchange.
  • Oracle VM VirtualBox Test drive operating systems and applications in virtual machines
  • Whonix is an anonymous general purpose operating system based on Virtual Box, Debian GNU/Linux and Tor. By Whonix design, IP and DNS leaks are impossible. Not even malware with root rights can find out the user’s real IP/location.
  • Vormetric Database encryption, file encryption WITH key management
  • EasyBCD is NeoSmart Technologies’ multiple award-winning answer to taking control of your bootloader. EasyBCD extends and revamps the Windows Vista/Windows 7 BCD bootloader, and with EasyBCD, almost anything is possible. Setting up and configuring a dual-boot between Windows 7, Windows Vista, older versions of Windows such as XP & 2003, Linux, Ubuntu, BSD, and Mac OS X is a breeze. You just point & click and EasyBCD does the rest.
  • Sumatra open source PDF viewer
  • Core FTP LE free Windows FTP utility
  • FileZilla open source Windows FTP utility
  • PasteHTML free, anonymous web hosting
  • Weebly free web hosting
  • Webs free web hosting
  • Google Sites is a free, web-based site-building tool and is a What You See Is What You Get (WYSIWYG) application available for creating and sharing web pages.
  • co.cc register up to two *.co.cc domains for free. Domains will be blacklisted by many filters. Similarly, .cz.cc, .co.tv, and .cc.ms offer free domains, are often malicious or offer no useful information.
  • AffirmTrust offers free SSL certificates and inexpensive EV SSL certificates.
  • Comodo offers a free 90 day certificate.
  • Comodo also offers SiteInspector, a free malware scanning and blacklist monitoring for websites. The free service allows website owners to set up recurring, daily checks on any 3 pages of a domain.
  • Syringe utility provides ability to inject shellcode into processes

Network Tools

Collections of freeware utilities

  • NirSoft
  • NirSoft utilities (NirLauncher is a package of more than 100 portable freeware utilities for Windows, all of them developed for NirSoft Web site during the last few years.)
  • KarenWare
  • PenDriveApps is s source for many portable apps.

Physical security

Advertisements

Comments are closed.