Yersinia

"Yersinia is a network tool designed to take advantage of some weakeness in different network protocols, It is useful for penetration testing. It pretends to be a solid framework for analyzing and testing the deployed networks and systems....

Read More

LaBrea: "Sticky" Honeypot and IDS

"LaBrea takes over unused IP addresses, and creates virtual servers that are attractive to worms, hackers, and other denizens of the Internet. The program answers connection attempts in such a way that the machine at the other end gets "stuck",...

Read More

The Metasploit Framework

"The Metasploit Framework is a development platform for creating security tools and exploits. The framework is used by network security professionals to perform penetration tests, system administrators to verify patch installations, product...

Read More

Kismet: Wireless Packet Analyzer

"Kismet is an 802.11 layer2 wireless network detector, sniffer, and intrusion detection system. Kismet will work with any wireless card which supports raw monitoring (rfmon) mode, and can sniff 802.11b, 802.11a, and 802.11g traffic. Kismet...

Read More

Tor: anonymity online

"Tor is a software project that helps you defend against traffic analysis, a form of network surveillance that threatens personal freedom and privacy, confidential business activities and relationships, and state security. Tor protects you...

Read More

Privoxy

"Privoxy is a non-caching web proxy with advanced filtering capabilities for enhancing privacy, modifying web page data, managing HTTP cookies, controlling access, and removing ads, banners, pop-ups and other obnoxious Internet junk. Privoxy...

Read More

Winpooch

"Winpooch is a Windows watchdog, free and open source. Anti spyware and anti trojan, it gives a full protection against local or external attacks by scanning the activity of programs in real time. Associated with ClamWin antivirus, Winpooch...

Read More

SpamAssassin: An Open Source E-mail Filter

"No list of open-source security tools would be complete without SpamAssassin. A two-time Datamation Product of the Year winner, this anti-spam tool is the "secret sauce" behind a number of commercial products, as well as being put to good...

Read More

PKIF: The PKI Framework

"PKIF is a full-featured, standards compliant PKI enablement library. Its goal is to make it easy for your applications to take advantage of your PKI. PKIF runs on Windows and UNIX systems and is written in C++ with bindings for C# (and COM/.Net)...

Read More

OTPW: A One-time Password Login Package

"The OTPW package consists of the one-time-password generator otpw-gen plus two verification routines otpw_prepare() and otpw_verify() that can easily be added to programs such as login or ftpd on POSIX systems. For platforms that support the...

Read More

The ASN.1 Compiler

"The asn1c is a free, open source compiler of ASN.1 specifications into C source code. It supports a range of ASN.1 syntaxes, including ISO/IEC/ITU ASN.1 1988, '94, '97, 2002 and later amendments. The supported sets of encoding rules are a)...

Read More

FxCop: A Free Static Code Analysis Tool that Checks .NET managed code

"FxCop is an application that analyzes managed code assemblies (code that targets the .NET Framework common language runtime) and reports information about the assemblies, such as possible design, localization, performance, and security improvements....

Read More

OSSEC: An Open Source Host-based Intrusion Detection System

"OSSEC is a scalable, multi-platform, open source Host-based Intrusion Detection System (HIDS). It has a powerful correlation and analysis engine, integrating log analysis, file integrity checking, Windows registry monitoring, centralized...

Read More

httprecon: An Advanced Web Server Fingerprinting Tool

"The httprecon project is doing some research in the field of web server fingerprinting, also known as http fingerprinting. The goal is the highly accurate identification of given httpd implementations. This is very important within professional...

Read More

ATK: An Open-Source Exploiting Framework

"This tool checks for leaks and vulnerabilities on any system with an easy interface ... and nice documentation - worth checking for sure!" - Prof. Dr. Urs E. Gattiker, Author of the books "Virus Revealed", "The Information Security Dictionary"...

Read More

Burp Suite: An Integrated Platform for Penetration Test of Web Applications

"Burp Suite is an integrated platform for attacking web applications. It contains all of the Burp tools with numerous interfaces between them designed to facilitate and speed up the process of attacking an application. All tools...

Read More

SysAnalyzer: An Automated Malcode Analyzer

"SysAnalyzer is an automated malcode run time analysis application that monitors various aspects of system and process states. SysAnalyzer was designed to enable analysts to quickly build a comprehensive report as to the actions a binary...

Read More

Honeywall CDROM

"The Honeywall CDROM is a bootable CD that copies all the functionality of a Honeywall onto a hard drive. It comes with all the tools and functionality for you to implement data capture, data control, and data analysis. It creates an architecture...

Read More

BackTrack: Penetration Testing Live CD

"BackTrack is the most Top rated Linux live distribution focused on penetration testing. With no installation whatsoever, the analysis platform is started directly from the CD-Rom and is fully accessible within minutes. It’s evolved from...

Read More

NST: Network Security Toolkit

"NST is a bootable ISO live CD is based on Fedora. The toolkit was designed to provide easy access to best-of-breed Open Source Network Security Applications and should run on most x86 platforms. The main intent of developing this toolkit was...

Read More

STD: Security Tools Distribution

"STD is a Linux-based Security Tool. Actually, it is a collection of hundreds if not thousands of open source security tools. It's a Live Linux Distro, which means it runs from a bootable CD in memory without changing the native operating...

Read More

Ratproxy: A Web Application Security Audit Tool

"A semi-automated, largely passive web application security audit tool, optimized for an accurate and sensitive detection, and automatic annotation, of potential problems and security-relevant design patterns based on the observation of existing,...

Read More

msramdmp: McGrew Security RAM Dumper

"Creating bootable USB drives for capturing the contents of memory: A short while back, a paper was published by researchers at Princeton University, in which they talk about the process of recovering encryption keys out of memory after a cold...

Read More

Hping: TCP/IP Packet Assembler/Analyzer

"Hping is a command-line oriented TCP/IP packet assembler/analyzer. The interface is inspired to the ping(8) unix command, but hping isn't only able to send ICMP echo requests. It supports TCP, UDP, ICMP and RAW-IP protocols, has a traceroute...

Read More

Nmap - Free Security Scanner

"Nmap is a free and open source utility for network exploration or security auditing. Many systems and network administrators also find it useful for tasks such as network inventory, managing service upgrade schedules, and monitoring host...

Read More

Scapy: A Powerful Packet Manipulation Tool

" Scapy is a powerful interactive packet manipulation program. It is able to forge or decode packets of a wide number of protocols, send them on the wire, capture them, match requests and replies, and much more. It can easily handle most classical...

Read More

SSL Man in the Middle Proxy

"mitm-proxy is an Java-based SSL proxy that acts as a "man in the middle". In other words, proxied HTTPS requests are terminated by the proxy and resent to the remote webserver. The server certificates presented to the client (i.e. a web...

Read More

PacketStormSecurity.org

"Packet Storm offers an abundant resource of up-to-date and historical security tools, exploits, and advisories. We are a non-profit organization comprised of security professionals that are dedicated to providing the information necessary...

Read More

Crypto++ Library

Crypto++ Library is a free C++ class library of cryptographic schemes. This library supports following algorithms: Panama, Salsa20, Sosemanuk,ES (Rijndael), RC6, MARS, Twofish, Serpent, CAST-256, IDEA, Triple-DES (DES-EDE2 and DES-EDE3), Camellia,...

Read More

Honeyd - Network Rhapsody for You

"Honeyd is a small daemon that creates virtual hosts on a network. The hosts can be configured to run arbitrary services, and their personality can be adapted so that they appear to be running certain operating systems. Honeyd enables a single...

Read More

Helix - Incident Response & Computer Forensics Live CD

"Helix is a customized distribution of the Knoppix Live Linux CD. Helix is more than just a bootable live CD. You can still boot into a customized Linux environment that includes customized linux kernels, excellent hardware detection and many...

Read More

Clam AntiVirus

"Clam AntiVirus is an open source (GPL) anti-virus toolkit for UNIX, designed especially for e-mail scanning on mail gateways. It provides a number of utilities including a flexible and scalable multi-threaded daemon, a command line scanner...

Read More

Nikto: A Web Server Scanner

"Nikto is an Open Source (GPL) web server scanner which performs comprehensive tests against web servers for multiple items, including over 3500 potentially dangerous files/CGIs, versions on over 900 servers, and version specific problems on...

Read More

WinPcap: The Windows Packet Capture Library

"WinPcap is the industry-standard tool for link-layer network access in Windows environments: it allows applications to capture and transmit network packets bypassing the protocol stack, and has additional useful features,...

Read More

Open Reverse Code Engineering Community

"OpenRCE.org founded in June of 2005 as the brainchild of Pedram Amini, the Open Reverse Code Engineering community was created to foster a shared learning environment among researchers interested in the field of reverse engineering....

Read More

Portable Executable File Viewer/Disassembler

"PEBrowse Professional is a static-analysis tool and disassembler for Win32/Win64 executables and Microsoft .NET assemblies produced according to the Portable Executable specifications published by Microsoft. For Microsoft Windows Vista, Windows...

Read More

OpenSSL: The Open Source toolkit for SSL/TLS

" The OpenSSL Project is a collaborative effort to develop a robust, commercial grade, full featured, and Open Source toolkit implementing the Secure Sockets Layer (SSL) and Transport Layer Security (TLSv1) protocols as well as a full-strength...

Read More

Snort - An Intrusion Detection/Prevention System

"SNORT® is an open source network intrusion prevention and detection system utilizing a rule-driven language, which combines the benefits of signature, protocol and anomaly based inspection methods. With millions of downloads to date, Snort...

Read More

Sysinternals utilities

"One of my favorite set of free developer utilities on Windows is the sysinternals.com collection. Whether it's filemon to see what's writing to a file, regmon for the registry or process explorer to see what DLLs are in action (and much more),...

Read More

Wireshark - A Network Protocol Analyzer

"Wireshark is the world's foremost network protocol analyzer, and is the de facto (and often de jure) standard across many industries and educational institutions. Wireshark development thrives thanks to the contributions of networking experts...

Read More

OllyDbg - A Powerful Debugger

"OllyDbg is a 32-bit assembler level analyzing debugger for Microsoft Windows. Emphasis on binary code analysis makes it particularly useful in cases where source is unavailable. It predicts contents of registers, recognizes procedures, API...

Read More