Results 1 to 1 of 1

Thread: Several good free tools for security testing

  1. #1
    Moderator Lienia henna's Avatar
    Join Date
    Aug 2013
    Location
    Pak
    Posts
    118
    ΑΡ Credit
    1180

    Several good free tools for security testing

    Penetration Testing
    There are several good free tools for security testing.

    Nmap
    (Network Mapper nmap.org) is a commonly used penetration testing tool. There's a front-end GUI called Zen map, for both Windows and Linux. Basically, it runs a collection of scripts against a computer of your choice and gives you information on open ports and vulnerabilities.

    A good idea is to first run it from outside your network if you can, against your own external IP address. You may be surprised at what you find. When running it against a web server; it's important that there's as little in between as possible, because a company gateway firewall or proxy, for example, may give misleading results and may block some of the mapping methods.

    Wireshark
    (www.wireshark.org) is a network protocol capture and analysis tool, useful for diagnosing connectivity issues, and its filtering and search functions make a good non-invasive tool for beginners interested in TCP/IP. It's the successor to a well-respected tool called Ethereal and is available for Windows, Linux and Mac.
    As a diagnostic tool, Wireshark can be usefully paired with an Ethernet hub.
    Ethernet switches are ubiquitous these days, and they improve network speed and flexibility by sending packets only to ports with a relevant device attached. However, this can make eavesdropping on that transfer problematic.

    Unlike its modern replacement, an Ethernet hub is a simple repeater, which broadcasts all packets to all ports. As a consequence, network planning was a lot more complex. However, this also means that it can be used to 'sniff' packets exchanged between any devices connected to it. Interposing a hub between two devices and connecting a third running a packet tracer is a useful troubleshooting tool.

    Unfortunately, hubs are not generally sold, these days, although they can usually be found quite cheaply on eBay. They have a maximum speed of 100Mbps and can noticeably degrade network performance, so in most cases they should not be permanently connected.
    Click image for larger version. 

Name:	Metasploit certainly takes itself seriously.jpg 
Views:	145 
Size:	54.8 KB 
ID:	2058
    Metasploit
    (www.metasploit.com) is available for' Windows and Linux and can run many vulnerability tests against a chosen computer or network. It should be noted that some Metasploit probes can cause problems for the target PC, including crashes, so they should not be run against production servers.

    Kismet
    (www.kismetwireless.net) is an 802.11 layer2 wireless network detector, sniffer and intrusion detection system. There are many other tools, but not all are free. The most renowned is the Nessus toolkit, which carries quite a high price, starting at $1,500 for a year's subscription. There are also websites that can be used to run network scans against a chosen IP although it's important that you're sure they're genuine and not just phishing sites, as you may be leading them to your door!

    One well-respected site is Gibson Research Corp's Shields Up! Which can be found at www.grc.com. It's important to note that these tools can be used for malicious purposes, and running them against computers other than your own is likely to be interpreted as unacceptable behavior and could lead to repercussions.
    Last edited by Lienia henna; 07-02-2014 at 12:54 PM.

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •