Category | Best | Recommended/Excellent |
---|---|---|
Information Gathering | Maltego GUI and Web based | ex aequo : SEAT (Search Engine Assessment Tool)) & RevHosts |
Protocol mappers | NMap | THC-Amap |
Vulnerability scanners | Tenable Nessus | Saint Scanner Basic release |
Application scanners | W3AF : Web Application Attack Audit Framework | ex aequo: Paros Proxy & Nikto |
Exploiters | Metasploit 3.x | ex aequo: Inguma & Milw0rm WebSite |
Wireless hacking | ex aequo: AirCrack-NG & AirCrack PTW | AiroScript |
LiveCDs | BackTrack 2.x and 3.x | ex aequo: NST (Network Security Toolkit) & OSWA (Organizational Systems Wireless Auditor) |
Methodologies
Document | Best | Recommended/Excellent |
---|---|---|
Network and System testing | OSSTMM | NIST SP 800-115 |
Application testing | OWASP Guides | WebAppSec papers |
Testing Framework | PTF Penetration tests Framework | N/A |
Testing Framework | WTF Wireless Testing Framework | N/A |
Open source and Free Softwares
Category | Best | Recommended/Excellent |
---|---|---|
Windows auditing | OVAL Interpreter | ex aequo : Belarc Advisor & WinAudit & SysInternals |
Unix auditing | ex aequo : CIS Scoring Tools & Tiger Security Tool | ex aequo : Babel Enterprise & OVAL Unix interpreters (Sussen, Debian, Fedora, OpenSuse) |
Filtering devices | Nipper | NCat |
Password Cracking | Cain and Abel | OphCrack Suite |
Code auditing | FindBugs | Pixy |
Wireless testing | OSWA | Russix |
Database auditing | THC-Oracle | SQL Power Injector |
Application auditing | OWASP LabRat | OWASP Cal9000 |
VoIP auditing | SiVus | Cain and Abel |
Methodologies
Document | Best | Recommended/Excellent |
---|---|---|
Publications | NIST CSRC documents | |
Security Checklists | DISA STIGs | ex aequo: CIS Checklists & AuditNet Resources |
Commercial Softwares - Best OFF
Category | Best | Recommended/Excellent |
---|---|---|
Penetration Tests | Core Impact | Saint Suite (Saint scanner and SaintExploit) |
Application tests | Acunetix Web Vulnerability Scanner | WebInspect |
Compliance Scanners | LAnGuard NSS | Tenable Security Center |
Open source and free softwares
Commercial softwares
Name | Link |
---|---|
Core Impact | http://www.coresecurity.com |
LanGuard NSS | http://www.gfi.com |
Acunetix WVS | www.acunetix.com |
WebInspect | www.spidynamics.com |
Methodologies and references
Name | Link |
---|---|
OSSTMM | http://www.isecom.org/ |
OWASP Software and Methodology | http://www.owasp.org |
PTF Penetration tests Framework | http://www.vulnerabilityassessment.co.uk |
WTF Wireless Testing Framework | http://www.wirelessdefence.org |
WebAppSec documents | http://www.webappsec.org |
NIST Releases | http://csrc.nist.gov/publications/ |
DISA STIGs | http://iase.disa.mil/stigs |
AuditNet Resources | http://www.auditnet.org |