This is the Collection of Best Windows Hacking Tools:
1. Cain & Abel – Cain & Abel is a password recovery tool for the Microsoft Windows Operating System. It allows easy recovery of various kind of passwords by sniffing the network, cracking encrypted passwords using Dictionary, Brute-Force and Cryptanalysis attacks, recording VoIP conversations, decoding scrambled passwords, revealing password boxes, uncovering cached passwords and analyzing routing protocols.
2. SuperScan – SuperScan is a powerful TCP port scanner, pinger, resolver. SuperScan 4 (Current Version) is a completely-rewritten update of the highly popular Windows port scanning tool, SuperScan.
http://www.foundstone.com/index.htm?sub ··· scan.htm
3. GFI LANguard Network Security Scanner – GFI LANguard N.S.S. is a network vulnerability management solution that scans your network and performs over 15,000 vulnerability assessments. It identifies all possible security threats and provides you with tools to patch and secure your network. GFI LANguard N.S.S. was voted Favorite Commercial Security Tool by NMAP users for 2 years running and has been sold over 200,000 times!
4. Retina – Retina Network Security Scanner, recognised as the industry standard for vulnerability assessment, identifies known security vulnerabilities and assists in prioritising threats for remediation. Featuring fast, accurate, and non-intrusive scanning, users are able to secure their networks against even the most recent of discovered vulnerabilities.
5. SamSpade – SamSpade provides a consistent GUI and implementation for many handy network query tasks. It was designed with tracking down spammers in mind, but can be useful for many other network exploration, administration, and security tasks. It includes tools such as ping, nslookup, whois, dig, traceroute, finger, raw HTTP web browser, DNS zone transfer, SMTP relay check, website search, and more.
6. N-Stealth – N-Stealth is a commercial web server security scanner. It is generally updated more frequently than free web scanners such as whisker and nikto, but you have to pay for the privilege.
7. Solarwinds – Solarwinds contains many network monitoring, discovery and attack tools. The advanced security tools not only test internet security with the SNMP Brute Force Attack and Dictionary Attack utilities but also validate the security on Cisco Routers with the Router Security Check. The Remote TCP Reset remotely display all active sessions on a device and the Password Decryption can decrypt Type 7 Cisco Passwords. The Port Scanner allows testing for open TCP ports across IP Address and port ranges or selection of specific machines and ports.
8. Achilles – The first publicly released general-purpose web application security assessment tool. Achilles acts as a HTTP/HTTPS proxy that allows a user to intercept, log, and modify web traffic on the fly. Due to a cyber squatter, Achilles is no longer online at its original home of www.Digizen-Security.com…OOPS!
9. CookieDigger - CookieDigger helps identify weak cookie generation and insecure implementations of session management by web applications. The tool works by collecting and analyzing cookies issued by a web application for multiple users. The tool reports on the predictability and entropy of the cookie and whether critical information, such as user name and password, are included in the cookie values.
http://foundstone.com/resources/proddes ··· gger.htm
10. Netcat (The Network SwissArmy Knife) – Netcat was originally a Unix utility which reads and writes data across network connections, using TCP or UDP protocol. It is designed to be a reliable “back-end” tool that can be used directly or easily driven by other programs and scripts. At the same time, it is a feature-rich network debugging and exploration tool, since it can create almost any kind of connection you would need and has several interesting built-in capabilities.
http://www.atstake.com/research/tools/n ··· ities/
- nikto(perl)기반 *.nix 계열에서 사용
- n_stealth (http://nstalker.com/) 22,000개의 웹 취약점 db 이용하여 웹스캔
2. 2세대 스캐너(상용)-sql_injection
- Absinthe(http://www.0x90.org) -*.nix계열 sql_injection가능
- Data thief(http://www.appsecine.com
- wposion(http://sourceforge.net/project/wposion) - unix기반
;open source group에서 만든 툴 sql injection 가능....
3. 2.5세대 스캐너(상용) web application 모든보안테스트 가능
; 개발단계에서부터 검사할 수 있는 툴
- Acunetix(http://www.acunetix.com) 가장최근에나옴,asp전용
※ 2.5세대 돌리면 거의 모든 취약점이 나옴.