Security Admins toolkit? What's in yours? [closed]

Solution 1:

Web

  • curl - A library and utilities to make custom HTTP/FTP requests
  • wget - A utility to quickly download URLs
  • netcat - A simple yet powerful utility to open a connection to a remote server or listen on a local port
  • Python's urllib2 module - Great for scripting mass downloads, testing URLs, grabbing data quickly to parse, etc

Network

  • nmap - Port scanning, host detection, network mapping, and service detection
  • wireshark - Network protocol analyzer for Win/Linux
  • tcptraceroute - Traceroute utility using TCP packets instead of ICMP packets to bypass filtering or test firewalls
  • arping and arpwatch - ARP-based utilities to detect and observe ARP activity on the network
  • logcheck - Daemon that watches logs and alerts you when unusual events occur
  • fail2ban - Daemon that watches logs and takes action against hosts attempting to guess passwords or attack the network
  • iptables/netfilter - Linux 2.6 firewall software

WiFi

  • KisMac (Kismet on non-Mac) - WiFi scanner, prober, and cracker
  • iStumbler/Netstumbler - Simple WiFi/bluetooth/Bonjour scanner
  • 802.1x w/ RADIUS backend - Prevent unauthorized access to your WiFi/Ethernet network

SQL

  • MySQL documentation - Or whatever documentation for your RDBMS of choice

XSS

  • Firebug - Firefox extension to debug websites
  • Safari Web Inspector and Javascript Console - Built-in Safari functionality to debug websites

Everything

  • Google - Index of all mankind's knowledge
  • Python - Pseudocode interpreter

Hope some of this helps. This is just what's come to mind so far, but there's tons more out there. Where and when to use each is left as an exercise to the reader.

Solution 2:

Web

For pen testing web sites, try these Firefox extensions: (All are free.)

  • Firebug
  • LiveHTTPHeaders
  • Tamper Data

I've also heard good things about Fiddler (freeware, any browser, Windows only).

General Networking

  • Wireshark - protocol analysis; see what's on your network. Free, for any OS.
  • Netcat - generic low-level client and server; the "TCP/IP Swiss army knife." Free, for any OS.
  • nmap - scan for open ports and active hosts, and identify OSes and (sometimes) servers. Free, for any OS.
  • Nessus - scan for vulnerabilities on your network. Unix or Linux.

These are the tools I'm most familiar with, but for a much more complete list, see sectools.org.

Wireless

I don't have as much experience with these.

  • Kismet (free, for any OS)
  • NetStumbler (for Windows)
  • WiFi Pilot (commercial, for Windows, from the principal developers of Wireshark)

Solution 3:

Mine:

  • Perl - To script when I don't have the right tool.
  • NetStumbler - To detect wireless.
  • WireShark - To sniff traffic.
  • Cain & Abel - To crack passwords and exploit LSA Secrets.
  • NMap - Port Scanner
  • SysInternal PSTools Suite - Ton of useful tools
  • Fiddler - IE Proxy that allows you to see HTTP Request / Response even with SSL
  • Nessus - General vulnerability scanner
  • SQLPing 3 - SQL Server scanner
  • SQL Server Profiler - to monitor SQL Server commands going to a particular SQL Server
  • Command Line - a lot of tools here
  • Cygwin - Unix/Linux tools on Windows.

Solution 4:

Have you had a look at BackTrack Linux?

I've written a little framework around it so I can easily drop in my own scripts and packages, that way I just burn a disc each time I need to go remote.

Solution 5:

inSSIDer is a nice replacement for NetStumbler that works on x64 Windows. I also like Microsoft's Network Monitor packet analyzer.

Already mentioned was Fiddler which is a very nice http protocol analyzer and of course nmap.