Archive for April 2013

Our 2013 recommended penetration testing tools

Here is our recommended list of pentesting tools used by ethical hackers and penetration testers – or anyone with an interest in information security. Our list is a mix of open source and paid or licenced solutions.

We scoured the web for similar posts and made quite a long list, so what we did was we filtered the most common and popular security tools and summarized it into our top-ten.

We have to mention that since 2002, Nmap have been curating an excellent security tools list. The site they manage lists the most commonly used hacking tools and rates them. Our list is less detailed but we’d like think it is still nonetheless concise, just like our name!

OK moving on, generally speaking security tools fall into one or more of the following categories:

Radio-frequency identification (RFID) tools
Information gathering
Vulnerability assessment
Exploitation tools
Reporting tools
Maintaining access
Reverse engineering
Stress testing
Forensics
Privilege escalation

We are constantly amazed by the quantity, quality and communities that surround these information security tools. We’d appreciate it if you can let us know in the comments below if we have missed out a tool or service that really ought to be in this list. Enjoy!

(In alphabetical order):

1. Acunetix has a free and paid version. This hacking tool has many uses but in essence it tests and reports on SQL injection and Cross Site scripting testing. It has a state of the art crawler technology which includes a client script analyzer engine. This security tool generates detailed reports that identify security issues and vulnerabilities. The latest version, Acunetix WVS version 8, includes several security features such as a new module that tests slow HTTP Denial of Service. This latest version also ships with a compliance report template for ISO 27001. This is useful for penetration testers and developers since it allows organizations to validate that their web applications are ISO 27001 compliant.

2. Aircrack-ng is a comprehensive set of network security tools that includes, aircrack-ng (which can cracks WEP and WPA Dictionary attacks), airdecap-ng (which can decrypts WEP or WPA encrypted capture files), airmon-ng (which places network cards into monitor mode, for example when using the Alfa Security Scanner with rtl8187), aireplay-ng (which is a packet injector), airodump-ng (which is a packet sniffer), airtun-ng (which allows for virtual tunnel interfaces), airolib-ng (which stores and manages ESSID and password lists), packetforge-ng (which can create encrypted packets for injection), airbase-ng (which incorporates techniques for attacking clients) and airdecloak-ng (which removes WEP cloaking). Other tools include airdriver-ng (to manage wireless drivers), airolib-ng (to store and manages ESSID and password lists and compute Pairwise Master Keys), airserv-ng (which allows the penetration tester to access the wireless card from other computers). Airolib-ng is similiar to easside-ng which allows the user to run tools on a remote computer, easside-ng (permits a means to communicate to an access point, without the WEP key), tkiptun-ng (for WPA/TKIP attacks) and wesside-ng (which an an automatic tool for recovering wep keys).

Like most of the security tools in our list, Aircrack also has a GUI interface – called Gerix Wifi Cracker. Gerix is a freely licensed security tool under the GNU General Public License and is bundled within penetration testing Linux distributions such as BackTrack and Backbox. The Gerix GUI has several penetration testing tools that allow for network analysis, wireless packet capturing, and SQL packet injection.

3. Cain & Abel, or just Cain for short, has a reputation of being a bit of a script-kiddie tool, but it is still awesome nonetheless. Cain & Abel is defined as being a password recovery tool. This tool allows a penetration tester to recover various types of passwords by sniffing the network, and cracking encrypted passwords using either a dictionary or brute-force attacks. The tool can also record VoIP conversations and has the ability to decode scrambled passwords, discover wifi network keys and cached passwords. With the correct usage and expertise, a penetration tester can also analyze routing protocols. The security tool does not inherently exploit any software vulnerabilities or holes, rather it identifies security weaknesses in protocol’s standards.

Students studying for IT information security certificates will use the tool to learn about APR (Arp Poison Routing) which enables sniffing on switched LANs and Man-in-the-Middle attacks (often abbreviated to MITM). The sniffer features in the latest version of Cain allow for the analysis of encrypted protocols such as SSH-1 and HTTPS. The new version also contains routing protocols authentication monitors, dictionary and brute-force crackers for all popular hashing algorithms, password calculators, cryptanalysis attacks and password cracking decoders.

4. Ettercap often accompanies Cain (third in our list). Ettercap is a free and open source network security tool for man-in-the-middle attacks (MITM) on LAN. The security tool can be used to analyze computer network protocols within a security auditing context. Ettercap has four methods of functionality:

Security scanning by filtering IP-based packets, MAC-based: whereby packets are filtered based on MAC address, (this is useful for sniffing connections through a gateway). ARP-based scanning by using ARP poisoning to sniff on a switched LAN between two hosts (known as full-duplex). PublicARP-based functionality: Ettercap uses ARP poisoning to sniff on a switched LAN from a victim host to all other hosts (known as half-duplex).

5. John The Ripper has the coolest name on our Concise Courses 2013 Security Pentesting Tools list! John the Ripper was written by Black Hat Pwnie Winner Alexander Peslyak. This very popular security tool, often abbreviated just to “John” is a free password cracking software tool. Originally created for the UNIX operating system, it currently works on every major operating system. By far, this tool is one of the most popular password testing and breaking programs used by information security professionals. The pentesting tool combines various password crackers into one concise package which is then able to identify password hash types through its own customizable cracker algorithm.

6. Metasploit is huge. Developed by Rapid7 and used by every pentester and ethical hacker in the world. Period. The Metasploit Project is a security project which delivers information about security vulnerabilities and helps penetration testing and Intrusion detection. The open source project – known as the Metasploit Framework, is used by security professionals to execute exploit code against a remote target machine – for penetration testing of course!

Another cool project is Metasploitable which is an intentionally vulnerable version of Ubuntu Linux built on purpose for testing security tools, like all of ones listed here, and demonstrating common vulnerabilities.

7. Nessus is another giant – a security tool that focuses on vulnerability scanning. There is a free and paid version – free for personal use. Started in 1998 by Renaud Deraison is has evolved into one of the world’s most popular security tools – particularly as a vulnerability scanner. The organization behind Nessus, Tenable Security, estimates that it is used by over 75,000 organizations worldwide.

Essentially Nessus scans for various types of vulnerabilities: ones that check for holes that hackers could exploit to gain control or access a computer system or network. Furthermore, Nessus scans for possible misconfigurations (e.g. open mail relay, missing security patches, etc.). The tools also scans for default passwords and common passwords which is can use execute through Hydra (an external tool) to launch a dictionary attack. Other vulnerability scans include denials of service against the TCP/IP stack.

8. Nmap is another massive giant of a security tool which has been around for forever and is probably the best known. Nmap has featured on many movies including the Matrix – just Google it and you’ll see what we mean. Written in C, C++, Python, Lua by Gordon Lyon (Fyodor) starting from 1997, Nmap (Network Mapper) is the defacto security scanner which is used to discover hosts and services on a computer network. To discover hosts on a network Nmap sends specially built packets to the target host and then analyzes the responses. The program is really sophisticated because unlike other port scanners out there, Nmap sends packets based upon network conditions by taking into account fluctuations, congestion and more.

9. Kismet is a wireless network detector, sniffer, and intrusion detection security pentesting tool. Kismet can monitor and sniff 802.11b, 802.11a, 802.11g, and 802.11n traffic. There are many sniffing tools out there but what makes Kismet different and very popular is the fact that it works passively – meaning that the program does not send any loggable packets whilst being able to monitor wireless access points and wireless clients. It is open source and widely used.

. Wireshark has been around for ages and is extremely popular. Wireshark allows the pentester to put a network interface into a promiscuous mode and therefore see all traffic. This tool has many features such as being able to capture data from live network connection or read from a file that saved already-captured packets. Wireshark is able to read data from a wide variety of networks, from Ethernet, IEEE 802.11, PPP, and even loopback. Like most tools in our 2013 Concise Courses Security List the captured network data can be monitored and managed via a GUI – which also allows for plug-ins to be inserted and used. Wireshark can also capture VoIP packets (like Cain & Able – see tool 3) and raw USB traffic can also be captured.

Summary

If you are a keen hobbyist or a professional penetration tester then you must understand how to use these tools effectively. These security tools are awesome and fun to learn and use – the folks that make them are simply brilliant programers and make the penetration testing job a lot easier to manage. What do you think? What tools do you use the most and why – have we missed any out? Let us know in the comments below!

Monday, April 29, 2013

0 Comments

List of Top 20 Network Penetration Testing tools

►

1. Nessus
2. Zenmap
3. Angry IP Scanner
4. IP Scanner
5. GFI lanGuard
6. SoftPerfect Network Scanner
7. SolarWinds Network Tool
8. Global Network Inventory Scanner
9. Superscan
10. Advanced IP Scanner
11. Retina
12. Advanced LAN Scanner
13. Emco Remote Installer SE
14. Ghost Port Scan
15. Lizard System Network Scanner
16. Yaps
17. MiTec Network Scanner
18. LanSpy
19. Knocker
20. Local Scan

0 Comments

Beautiful Css3 Social Widget with Hover Effect

►

Tag line start: Css3 Social Widget .Blogger widget,latest blogger widget, Css3 fb like box for blogger gadgets for blogger ,latest blogger widgets,latest widgets for blogger,blog widgets,widgets for blog,social sharing button for blogger , Google plus widget for blogger, Facebook button for blogger,cool widget for blogger,Spiceupyourblog: Tagline End! Add a social subscription widget is very effective to attract the attention of your visitor including new towards the blog or websites. It also helps to get more traffic effectively

Live Demo Here

Beautiful Social Widget for Blogger

Goto on blogger dashboard
Click on Layout tab
Click on Add a Gadget
Copy below code on HTML/JAVASCRIPT editor

Customization

Replace the text highlighted in Red with links to their social networks.

Friday, April 5, 2013

0 Comments

Tag : Website

How To Add Floating Social Bookmark with Easing Effect

►

Social bookmarking is admittedly helpful for those those who have web site or journal. Due to minimize the use of javascript, I deliberately made it plain widget without the use of a certain effect with the consequences of using images to create widgets that more and more. Well, now i'll provides a tutorial or a way to produce a floating social bookmarking appliance with extra easing result jquery library and after all with the employment of a smaller image.

With the addition of jquery, if you set the indicator on one in every of the social bookmarker icon, it'll pop out slowly, Solo softer sort of a blue blood taking off of the palace, it had been thanks to the result of easing the present on jquery-ui.min . additionally to easing the results that I add the appliance, also because the sort of social media that I place lots a lot of.

Add Floating Social Bookmark with Easing Effect To Blogger/Blog

Log in to Blogger
Go to Template >> Edit HTML (tick expand widget templates )
Put the following CSS code above ]]></b:skin>

.social-buttons {
position: fixed;
top: 130px;
width: 45px;
z-index: 9999;
}
.button-left {
left: 0;
}
.button-right {
right: 0;
}
.social-buttons #twitter-btn .social-icon,
.social-buttons #facebook-btn .social-icon,
.social-buttons #google-btn .social-icon,
.social-buttons #rss-btn .social-icon,
.social-buttons #pinterest-btn .social-icon,
.social-buttons #youtube-btn .social-icon {
background-color: #33353B;
background-image: url(http://1.bp.blogspot.com/-KOzIiYFlBAk/UUmLwwZSs-I/AAAAAAAAAnA/h6G772N3cpI/s1600/mas-icons.png);
}
.button-left #facebook-btn span {
background-position: right 10px;
}
.button-left #twitter-btn span {
background-position: right -35px;
}
.button-left #google-btn span {
background-position: right -127px;
}
.button-left #rss-btn span {
background-position: right -80px;
}
.button-left #pinterest-btn span {
background-position: 11px -177px;
}
.button-left #youtube-btn span {
background-position: 11px -223px;
}
.button-right #facebook-btn span {
background-position: 12px 10px;
}
.button-right #twitter-btn span {
background-position: 11px -35px;
}
.button-right #google-btn span {
background-position: 10px -127px;
}
.button-right #rss-btn span {
background-position: 11px -80px;
}
.button-right #pinterest-btn span {
background-position: 11px -177px;
}
.button-right #youtube-btn span {
background-position: 11px -223px;
}
.social-buttons #facebook-btn:hover .social-icon {
background-color: #3B5998;
}
.social-buttons #twitter-btn:hover .social-icon {
background-color: #62BDB2;
}
.social-buttons #google-btn:hover .social-icon {
background-color: #DB4A39;
}
.social-buttons #rss-btn:hover .social-icon {
background-color: #FF8B0F;
}
.social-buttons #pinterest-btn:hover .social-icon {
background-color: #D43638;
}
.social-buttons #youtube-btn:hover .social-icon {
background-color: #C4302B;
}
.social-buttons a:hover .social-text {
display: block;
}
.button-left .social-icon {
-moz-transition: background-color 0.4s ease-in 0s;
-webkit-transition: background-color 0.4s ease-in 0s;
background-repeat: no-repeat;
display: block;
float: left;
height: 43px;
margin-bottom: 2px;
width: 43px;
}
.button-left .social-text {
display: none;
float: right;
font-size: 1em;
font-weight: bold;
margin: 11px 40px 11px 0px;
white-space: nowrap;
}
.button-right .social-icon {
-moz-transition: background-color 0.4s ease-in 0s;
-webkit-transition: background-color 0.4s ease-in 0s;
background-repeat: no-repeat;
display: block;
float: right;
height: 43px;
margin-bottom: 2px;
width: 43px;
}
.button-right .social-text {
display: none;
float: left;
font-size: 80%;
font-weight: bold;
margin: 11px 0 11px 40px;
white-space: nowrap;
}
.social-buttons .social-text {
color: #FFFFFF;
}

Next adding jquery and javascript, still in Edit HTML put the following code before the </head> :

<script src='http://ajax.googleapis.com/ajax/libs/jquery/1.8.3/jquery.min.js' type='text/javascript'/>
<script src='http://ajax.googleapis.com/ajax/libs/jqueryui/1.9.2/jquery-ui.min.js' type='text/javascript'/>
<script>
$(window).load(function(){
$('.social-buttons .social-icon').mouseenter(function(){
$(this).stop();
$(this).animate({width:'160'}, 500, 'easeOutBounce',function(){});
});
$('.social-buttons .social-icon').mouseleave(function(){
$(this).stop();
$(this).animate({width:'43'}, 500, 'easeOutBounce',function(){});
});
});
</script>

For jquery library blue above, if the template you are using is installed, only abandoned.

Further calling widget, place the HTML code below before </ body> :

<div class='social-buttons button-right hidden-phone hidden-tablet'>
<a class='itemsocial' href='https://www.facebook.com/YOUR FB' id='facebook-btn' target='_blank'><span class='social-icon'><span class='social-text'>Follow via Facebook</span></span></a>
<a class='itemsocial' href='https://twitter.com/YOUR TWITTER' id='twitter-btn' target='_blank'><span class='social-icon'><span class='social-text'>Follow via Twitter</span></span></a>
<a class='itemsocial' href='https://plus.google.com/YOUR G+' id='google-btn' target='_blank'><span class='social-icon'><span class='social-text'>Follow via Google</span></span></a>
<a class='itemsocial' href='http://pinterest.com/YOUR ID' id='pinterest-btn' target='_blank'><span class='social-icon'>
<span class='social-text'>Follow via Pinterest</span></span></a>
<a class='itemsocial' href='https://www.youtube.com/user/YOUR ID' id='youtube-btn' target='_blank'><span class='social-icon'><span class='social-text'>Follow via Youtube</span></span></a>
<a class='itemsocial' href='http://feeds.feedburner.com/YOUR feed' id='rss-btn' target='_blank'><span class='social-icon'><span class='social-text'>Follow via RSS</span></span></a>
</div>

Change the color blue above, with each ID should not be confused with the neighbor ID.

Finally, Save Templates and your done!

If you have any doubts don't hesitate to ask.Please Comment.
Now If You Enjoy This Post! Please Take 5 Seconds To Share It.

Thursday, April 4, 2013

0 Comments

Tag : Website

Five Best VPN Tools

►

VPN software lets you join private networks as though you're sitting at a local computer on that network, giving you access to shared folders and tons more handy stuff. Here's a look at five of the most popular VPN tools.

VPN software brings the security of a private network to an insecure network, and allows you to access private local networks from anywhere. As we've explained in the past, you can do things between computers on your local network you can't from out on the internet: like listen to a shared iTunes library or access files in shared folders. Virtual private network applications give you access to your computer from anywhere on the internet as if you were home on your local network. Earlier this week we asked you to share your favorite software for establishing and maintaining virtual private networks. We rounded up the votes, and now we're back with the five most popular VPN applications.

If you're new to the idea of virtual private networks, you can read up on the technical nitty-gritty at the Wikipedia entry for VPNs. Note: This Hive Five contains both VPN server applications (the apps that create virtual private networks on your local network so it's accessible from the outside world) and VPN client applications (the apps that connect to virtual private networks from the outside world). In many instances companies produce VPN servers, VPN clients, VPN servers with accompanying clients, or VPN clients that are designed to work with a variety of servers.

OpenVPN (Windows/Mac/Linux, Free)

OpenVPN is an open source VPN server that's easy to set up for use with open source VPN clients. You can easily export configuration files from OpenVPN to import into a variety of open source and commercial clients. OpenVPN is also integrated into several router firmware packages including popular DD-WRT, OpenWRT, and Tomato. The OpenVPN system isn't compatible with popular commercial VPN providers, but it provides an open source and free alternative for setting up VPNs to expensive and closed commercial models.

Cisco VPN (Windows/Mac/Linux, Variable Cost)

Cisco has a high market saturation in corporate and educational environments, and for many of you, any experience you've had with virtual private networks is through such exposure. The price to run a Cisco VPN is highly variable—and you can't even get a concrete number without a quote from the company—but you can, as an end user, download the free Cisco VPN client for Windows and Mac—though many readers complained about the lack of 64-bit support in the free Cisco client.

LogMeIn Hamachi (Windows/Mac/Linux, Free)

Hamachi's strongest attribute is its ease of use. If you've read some of the other entries in the Hive Five and realized that you don't want a contract for a corporate VPN or the hassle of configuring a bunch of routers with open-source firmware packages, and you just want to set up a simple virtual network between you and your friend, your phone, or your office, Hamachi offers nearly instant deployment. Install the Hamachi client on all the machines and devices you want to connect into your network and add them to your Hamachi VPN and you're done. It's dead simple. The downside, if you're concerned about it, is that your VPN isn't locally managed—it's centrally managed by Hamachi through their servers.

Shrew Soft (Windows/Linux, Free)

Shrew Soft offers a VPN that, while popular in its own right, received quite a boost when people started adopting Windows 7 64-bit in droves and found that Cisco wasn't in any hurry to release a 64-bit client to accommodate them. Shrew Soft works with a variety of VPN server protocols including IPsec, OpenSWAN, freeSWAN, and strongSWAN.

Windows Built-In VPN (Windows, Free)

Windows has a built-in VPN client. Surprised? Many people are. It's not a heavily advertised feature, but it covers many people's needs. Before exploring other client solutions, it's worth pulling up the quick launch box in the Windows start menu and typing "VPN" to start the configuration process. In Windows versions prior to Windows Vista, the built-in VPN client received a fair amount of criticism for lacking features and supported protocols. Since Vista and especially in the Windows 7 implementation, it's grown significantly and unless you need a feature or standard that isn't implemented you may not need to install anything at all.

Wednesday, April 3, 2013

1 Comment

Tag : Networking

Selva Sharing

Archive for April 2013

Our 2013 recommended penetration testing tools

List of Top 20 Network Penetration Testing tools

Beautiful Css3 Social Widget with Hover Effect

Beautiful Social Widget for Blogger

How To Add Floating Social Bookmark with Easing Effect

Add Floating Social Bookmark with Easing Effect To Blogger/Blog

Five Best VPN Tools

OpenVPN (Windows/Mac/Linux, Free)

Cisco VPN (Windows/Mac/Linux, Variable Cost)

LogMeIn Hamachi (Windows/Mac/Linux, Free)

Shrew Soft (Windows/Linux, Free)

Windows Built-In VPN (Windows, Free)

Pageviews

Followers

Blog Archive

Labels :

Translate Google