BEST IT Security and Auditing Software 2007

Category	Best	Recommended/Excellent
Information Gathering	Maltego GUI and Web based	ex aequo : SEAT (Search Engine Assessment Tool)) & RevHosts
Protocol mappers	NMap	THC-Amap
Vulnerability scanners	Tenable Nessus	Saint Scanner Basic release
Application scanners	W3AF : Web Application Attack Audit Framework	ex aequo: Paros Proxy & Nikto
Exploiters	Metasploit 3.x	ex aequo: Inguma & Milw0rm WebSite
Wireless hacking	ex aequo: AirCrack-NG & AirCrack PTW	AiroScript
LiveCDs	BackTrack 2.x and 3.x	ex aequo: NST (Network Security Toolkit) & OSWA (Organizational Systems Wireless Auditor)

 

 

Methodologies

Document	Best	Recommended/Excellent
Network and System testing	OSSTMM	NIST SP 800-115
Application testing	OWASP Guides	WebAppSec papers
Testing Framework	PTF Penetration tests Framework	N/A
Testing Framework	WTF Wireless Testing Framework	N/A

 

Open source and Free Softwares

Category	Best	Recommended/Excellent
Windows auditing	OVAL Interpreter	ex aequo : Belarc Advisor & WinAudit & SysInternals
Unix auditing	ex aequo : CIS Scoring Tools & Tiger Security Tool	ex aequo : Babel Enterprise & OVAL Unix interpreters (Sussen, Debian, Fedora, OpenSuse)
Filtering devices	Nipper	NCat
Password Cracking	Cain and Abel	OphCrack Suite
Code auditing	FindBugs	Pixy
Wireless testing	OSWA	Russix
Database auditing	THC-Oracle	SQL Power Injector
Application auditing	OWASP LabRat	OWASP Cal9000
VoIP auditing	SiVus	Cain and Abel

 

Methodologies

Document	Best	Recommended/Excellent
Publications	NIST CSRC documents
Security Checklists	DISA STIGs	ex aequo: CIS Checklists & AuditNet Resources

 

 

Commercial Softwares - Best OFF

Category	Best	Recommended/Excellent
Penetration Tests	Core Impact	Saint Suite (Saint scanner and SaintExploit)
Application tests	Acunetix Web Vulnerability Scanner	WebInspect
Compliance Scanners	LAnGuard NSS	Tenable Security Center

 

Open source and free softwares

Maltego	http://www.paterva.com
SEAT	http://midnightresearch.com
RevHosts	http://www.revhosts.org
NMap	http://www.nmap.org
Nessus & Tenable products	http://www.tenablesecurity.com
Saint Scanner and SaintExploit	http://www.saintcorporation.com
W3AF	http://w3af.sourceforge.net
Nikto	http://www.cirt.net/code/nikto.shtml
Paros Proxy	http://www.parosproxy.org/index.shtml
Metasploit	http://www.metasploit.com
Inguma	http://inguma.sourceforge.net
Milw0rm Resources	http://www.milw0rm.com
AirCrack-NG	http://www.aircrack-ng.org
AirCrack-PTW	CDC informatik darmstadt
AiroScript	http://airoscript.aircrack-ng.org
BackTrack	http://www.remote-exploit.org
NST	http://networksecuritytoolkit.org
OSWA Assistant	http://securitystartshere.org
OVAL Interpreters	http://oval.mitre.org
Belarc Advisor	http://www.belarc.com
Sussen OVAL	http://dev.mmgsecurity.com/projects/sussen/
WinAudit	http://www.pxserver.com/WinAudit.htm
SysInternals	http://www.sysinternals.com
CIS Scoring Tools and Checklists	http://www.cisecurity.org
Tiger Security Suite	http://www.nongnu.org/tiger
Babel Enterprise	http://babel.sourceforge.net
Nipper Network Infrastructure Parser	http://sourceforge.net/projects/nipper
NCat	http://ncat.sourceforge.net
Cain And Abel	http://www.oxid.it
OphCrack	http://ophcrack.sourceforge.net
FindBugs	http://findbugs.sourceforge.net
Pixy	PixyBox WebSite
Russix	www.russix.com
THC Utilities	http://freeworld.thc.org
SQL Power Injector	http://www.sqlpowerinjector.com
SiVus	http://www.vopsecurity.org

 

Commercial softwares

Name	Link
Core Impact	http://www.coresecurity.com
LanGuard NSS	http://www.gfi.com
Acunetix WVS	www.acunetix.com
WebInspect	www.spidynamics.com

Methodologies and references

Name	Link
OSSTMM	http://www.isecom.org/
OWASP Software and Methodology	http://www.owasp.org
PTF Penetration tests Framework	http://www.vulnerabilityassessment.co.uk
WTF Wireless Testing Framework	http://www.wirelessdefence.org
WebAppSec documents	http://www.webappsec.org
NIST Releases	http://csrc.nist.gov/publications/
DISA STIGs	http://iase.disa.mil/stigs
AuditNet Resources	http://www.auditnet.org