Tools & Utilities
Auditing - Debugging - Reversing :
Code browsers :
CScope (Unix, Windows) : Command line C/C++ code browser, who helps to browse using references, declarations and functions (functions called by another function, or functions calling the current function). Can be integrated with Emacs and VI.
Hypersrc (Unix) : C/C++ code brower, through a nice GUI interface.
Source Navigator (Unix, Windows) : Powerfull tool supporting a lot of languages, who permits to browse symbols, hierarchies, classes, cross-references, includes, to realizate grep, ... It also supports different version control systems, debugging and compiling shortcuts, and contains a SDK.
Understand for C++ (Unix, Windows) [Closed source, Non-free]: Powerfull tool to browse, document, and develop C/C++ source code, through a nice GUI.
Code scanners :
FlawFinder (Unix) : Analyze C++ code to find vulnerabilities.
LCLint (Unix) : C code static analyzer/debugger, who helps to detect wrong programmation mechanisms and vulnerabilities. The user can help the analysis by providing comments in the source code.
RATS (Unix) : Analyze C/C++ code to find dangerous function calls.
Splint (Unix, Windows) : Tool to statically test and detect vulnerabilities in C programs. The user can help the analysis by commenting program sources, to give informations to the analyser.
Debugging :
Data Display Debugger (Unix) : Graphical front-end who can be associated to lots of debuggers (gdb, dbx, jdb, Perl & Python debuggers, ...) and who permits to print data structures as graphs, or to easily follow variables evolution.
IceDump (Windows) : Plugin who extends SoftIce with new commands and features: memory dumping, memory loading, process dumping, process killing, thread suspension, thread resume, clipboard manipulations, automatic tracing, ...
Insight (Linux) : Nice graphical front-end to GDB, who permits lots of interesting manipulations.
Private Ice (Linux) : Powerfull system/kernel debugger, like SoftIce, but for Linux.
SoftIce (Windows) [Closed source, Non-free]: Famous system/kernel debugger for Windows, who permits to debug and to realize device drivers.
W32DASM (Windows) [Closed source, Non-free]: Windows Debugger/desassembler, easy to use.
Hijacking :
Detours (Windows) : Tool who permits to statically or dynamically hijack functions calls, or to add data in an executable.
Logging :
CyberSensor (Windows) [Closed source]: Tool who permits to spy Win32 APIs calls, eventually remotely. Also permit to develop your own plugins.
Fenris (Linux) : Debugging tool who permits to log all system calls realized by a process, to print parameters for those calls, and the evolution of data.
STrace (Linux, Windows NT - 2000) : Debugging tool who permits to log all system calls realized by a process.
System Call Tracker (Linux) : Debugging tool who permits to log specific system calls on all the system.
Memory :
LordPE (Windows) [Closed source]: Tool to edit/view parts of PE files, dump them from memory, optimize them, ...
MemSpy (Windows) [Closed source]: Dump, search and watch a process's memory, using an explorer like interface.
Allocation :
Debauch (Linux) : Help to dynamically detect memory allocation/deallocation problems, by hooking originals function calls to the C standard library.
Dmalloc (Unix) : Library who permits to debug and analyze memory allocations and deallocations on the heap.
MemWatch (Unix) : Tool who permits to detect memory problems: free(), overflows, segmentation faults, ...
Decompilers - Desassemblers :
BIEW (Windows, DOS, Linux, FreeBSD) : Text/hexadecimal editor + desassembler, who supports lots of executable formats.
W32DASM (Windows) [Closed source, Non-free]: Windows Debugger/desassembler, easy to use.
WingDis (Java) [Closed source, Non-free]: Really powerfull Java decompiler.
IDA Pro :
2pelf (Windows) : Plugin who permits to create FLIRT signatures for i386 ELF objects.
Desquirr (Windows) : Plugin who permits to decompile x86 code and to generate C code. ? ?
IDA Pro (Windows) [Closed source, Non-free]: Famous interactive desassembler, supporting lots of file formats and processors.
OBJRec (Windows) : Plugin which helps in the reconstruction of unknown structures and classes in x86 binaries.
x86grph (Windows) : Utility that generates flowgraphs from x86 code. It is capable of graphing non-contiguous functions.
Executables editors :
BIEW (Windows, DOS, Linux, FreeBSD) : Text/hexadecimal editor + desassembler, who supports lots of executable formats.
ELF :
ELFkickers (Linux) : Set of tools to create and manipulate non conventional ELF executables.
ELFsh (Unix) : Interactive shell who permits to manipulate ELF executables.
PE :
Detours (Windows) : Tool who permits to statically or dynamically hijack functions calls, or to add data in an executable.
LordPE (Windows) [Closed source]: Tool to edit/view parts of PE files, dump them from memory, optimize them, ...
PEexplorer (Windows) [Closed source, Non-free]: Explorer/editor who permits to analyze and modify informations contained in PE executables, for example by allowing to comment functions calls in the code, or by allowing to modify resources.
Resources :
ExeScope (Windows) [Closed source, Non-free]: Utility to analyze, display and rewrite resources of executables files (EXE, DLL, OCX, ...).
Resource Hacker (Windows) [Closed source]: Resource editor directly in Windows executables.
Scanners :
Language 2000 (Windows) [Closed source]: Utility to detect compilers and compressors.
Coding :
Assemblers :
GASP (Unix) : Utility who "compiles" a tool to easily manipulate different records of a data structure.
Intel2GAS (Unix) : Utility who convert MASM, TASM, and NASM assembler sources to GNU Assembler (GAS) sources.
NASM (Unix, Windows, DOS) : Freeware portable assembler for Intel processors. NASM supports lots of executable formats on different plateforms,and respect the classical Intel syntax. It's firstly an assembler near your processor, and independant of the plateform. It can also be used as a backend for the LCC compiler.
Assertions :
Nana (Unix) : Tool who permits to realize C/C++ assertion tests, using GCC compiler.
Comparisons :
Delta (Linux, Windows, DOS) [Closed source]: Powerfull files and directories comparison tool, in a nice text interface.
Merging :
Araxis Merge (Windows) [Closed source, Non-free]: Powerfull files/directories comparison and merging tool (2 or 3 files), with a nice interface, command line possibilities, and an API.
Compilers :
C++ Builder Compiler (Windows) [Closed source]: Borland's famous C ANSI compiler, in a really interesting free version.
LCC (Unix, Windows) : Retargetable C compiler, who generate ASM code for Alpha, Sparc, MIPS and x86.
Documentation :
DOC++ (Unix, Windows) : Automated documentation system for C, C++, IDL and Java langages, based on an analysis of commentaries available in the source code. C/C++ IDE for Gtk/Gnome.
IDE :
Anjuta (Linux) : C/C++ IDE for Gtk/Gnome.
Open Perl IDE (Windows) : Perl IDE for Windows.
Source Navigator (Unix, Windows) : Powerfull tool supporting a lot of languages, who permits to browse symbols, hierarchies, classes, cross-references, includes, to realizate grep, ... It also supports different version control systems, debugging and compiling shortcuts, and contains a SDK.
Understand for C++ (Unix, Windows) [Closed source, Non-free]: Powerfull tool to browse, document, and develop C/C++ source code, through a nice GUI.
Emulation :
IA-64 Linux Developer's Kit (Unix) : Emulator, environment, Linux kernel and developer's kit to manipulate IA64 architecture.
Plex86 (Unix) : PC emulator based on virtualization, who permits to install differents OS.
Simics (Unix) [Closed source, Non-free]: Powerfull simulator for PC (x86 and x86-64), SPARC V9, PowerPC, and Alpha architectures. Also permits to emulate multiprocessor systems, as well as clusters and networks of systems.
VMWare (Unix, Windows) [Closed source, Non-free]: Powerfull PC emulator based on virtualization, who permits to install lots of OS, virtual networking, and options for hardware virtualization. For example, you can choose to commit ou cancel modifications to hard disks.
Libraries :
a386 (Unix) : C programming library providing a virtual machine who is an abstraction of an Intel 386 running in protected mode.
Linux :
Linux a386 (Unix) : Port of Linux to the a386 architecture. It permits to run Linux kernel as a normal Unix process.
Encryption :
GNUPG (Unix) : PGP encryption.
MCrypt (Unix) : Encryption library to replace crypt, and who supports lots of powerfull modern algorithms.
Executables :
BurnEye (Linux, Windows) [Closed source]: Utility to encrypt ELF executable files.
SecurePE (Windows) [Closed source]: Utility to encrypt PE executable files.
Steganography :
Invisible Secrets (Windows) [Closed source, Non-free]: Windows Debugger/desassembler, relatively powerfull and easy to use. Powerfull tool, who permits to insert data into JPG, PNG, BMP, HTML and WAV files.
MP3stego (Unix) : Steganography at encoding time, using MP3 files.
OutGuess (Unix) : Steganography using PNM and JPG files.
Snow (Unix) : Steganography using ASCII files.
StegFS (Linux) : Steganographic file system.
StegHide (Unix, Windows) : Steganography using JPEG, BMP, WAV and AU files.
Host security :
Trinux (Linux) : Linux distribution on some disquettes, who offer lots of hacking/forensic/ security tools.
Wipe (Unix) : Delete files in a nonreversible way.
Files integrity :
AIDE (Unix) : Files and directories integrity analyzer, based on Tripwire.
CryptoMark (Linux) : Analyze files integrity by verifying signatures at run time.
Samhain (Unix) : File integrity and host-based intrusion detection system, with kernel modules detection, and centralized monitoring to databases.
Tripwire (Unix, Windows NT - 2000) [Closed source, Non-free]: Files and directories integrity analyzer.
Tripwire Open Source (Linux) : Files and directories integrity analyzer.
Logging :
BackLog (Windows NT - 2000) [Closed source]: Utility who permits to store Windows events logs to a distant syslog Unix demon.
LogCheck (Unix) : Famous logs analyzer.
HIDS :
CyberSensor (Windows) [Closed source]: Tool who permits to spy Win32 APIs calls, eventually remotely. Also permit to develop your own plugins.
Samhain (Unix) : File integrity and host-based intrusion detection system, with kernel modules detection, and centralized monitoring to databases.
Resources :
FPort (Windows NT - 2000 - XP) [Closed source]: Utility who reports all open TCP and UDP ports and maps them to the owning application.
Vision (Windows NT - 2000 - XP) [Closed source]: Utility to view resources attached to a process. For example, it can detect which process owns a particular port.
Passwords :
ASMcrack (Windows) : Unix passwords cracker under Windows, really fast.
Crack (Unix) : Famous Unix passwords cracker.
John The Ripper (Unix, Windows, DOS) : Famous Unix passwords cracker.
L0pht Crack (Windows) [Closed source, Non-free]: Famous Windows passwords cracker. It also permits to get sources from different technics: sniffing, registry, files, ...
Opie (Unix) : One-Time passwords system.
Patchs - protections :
GRSecurity (Linux) : Set of patchs who inserts protections at lofs of level, to enforce the security of a Linux system.
IMsafe (Linux) : HIDS based on some artificial intelligence mechanisms, to determine system calls realized by a process who are differents from its normal behavior.
Ksec (BSD) : Tool who permits to react against host oriented attacks, by analyzing the inconsistencies in the kernel's structure (modules, syscalls, interfaces,...).
Kstat (Linux) : Tool who permits to react against host oriented attacks, by analyzing the inconsistencies in the kernel's structure (modules, syscalls, interfaces,...).
LIDS (Linux) : Kernel patch for Linux, who permits to enforce a system's security and to limit root's possibilities.
SubDomain (Linux) : Kernel patch for Linux who limits gains of privileges.
Buffer overflows - Format strings :
BOwall (Windows NT) : Protection tool against buffer overflows under Windows, who patch critical DLLs.
FormatGuard (Linux) : Add protections into GCC against some format strings attacks.
LibSafe (Linux) : Library intercepting functions calls to some library functions known as vulnerables.
OpenWall (Linux) : Kernel patch for Linux who gives better security for the system: non executable stack, modified libc's base address, FIFOs and hard links protection, restricted access to /proc, handlers protections, limitations of the number of processes, shared memory segments destruction, IP aliases protections, ...
PaX (Linux) : Kernel patch who permits to parametrize memory pages as non executables.
RSX (Linux) : Patch who permits to remap ELF files, and avoid to run executable code in data segments.
StackGuard (Linux) : Add protections to GCC against some stack smashing attacks, by using non modifiable values.
StackShield (Linux) : Add protections to GCC against some stack smashing attacks, by saving the return address.
Rootkits :
Adore (Linux) : Famous rootkit offering lots of hiding possibilities.
ChkRootkit (Unix) : Tool to detect lofs of famous rootkits.
Scanners :
TARA (Unix) : Analyze the security of a Unix system. Based on Tiger.
Tiger (Unix) : Analyze the security of a Unix system, by observing the architecture, access rights, ...
Network security :
Backdoors :
Cd00r (Unix) : Permit to start listening on a port after receiving a specific sequence of IP paquets on a specified interface.
iCmd (Windows NT - 2000) [Closed source]: Multiconnections telnet server, extremely tiny.
OpenSSH-Reverse (Unix) : Patched version of OpenSSH where the server connects to the client.
Cracking :
Brutus (Windows) [Closed source]: One of the best tools for remote password cracking, who permits to crack passwords for HTTP, POP3, FTP, NetBios, Telnet protocols, and who support SOCKS proxies.
ObiWaN (Unix, Windows) : HTTP servers brute forcing, with intermediate proxies support, ...
Encryption :
FreeSWAN (Linux) : IPSec implementation.
STunnel (Unix, Windows) : Permits to encapsulate arbitrary TCP connections in a SSL tunnel.
VTun (Unix) : Permits to create virtual tunnels by using lots of protocols, like Ethernet, PPP, SLIP, IP, TCP, UDP, and Unix pipes.
Yavipin (Linux) : Permits to create secure virtual tunnels.
SSH :
OpenSSH (Unix) : Famous secure protocol.
OpenSSH-Reverse (Unix) : Patched version of OpenSSH where the server connects to the client.
PuTTY (Windows) : Freeware Telnet, SSH and SCP client.
WinSCP (Windows) : Graphical SCP client, who offers two different interfaces, really friendly.
Filtering :
GFCC (Linux) : Graphical interface who permits to create and control rules from the Linux packets filter.
IPChains (Linux) : Paquets filter for 2.2 kernels.
IPfilter (FreeBSD) : Paquets filter.
IPTables (Linux) : Paquets filter for 2.4 kernels. Permit stateless/statefull packet filtering, NAT and packet mangling (user mode packets manipulations).
Packet2SQL (Linux) : Utility who permits to convert IPChains logs to SQL insertions in a database, to realize analysis and correlations.
PKTfilter (Windows 2000 - XP) : Configuration tool for Windows 2000 filtering, with a syntax similar to IPfilter.
Sinus Firewall (Linux) : Linux packets filter with dynamic filtering.
Honeypots :
Deception Toolkit (Unix) : Tool who permits to simulate vulnerable services, and to observe the manipulations that hackers realize.
LaBrea (Unix, Windows NT) : Tool who permits to simulate hosts by using non used IP adresses on a network, to generate decoys to scanners.
Libraries :
LibCurl (Unix, Windows) : Library who permits to easily download and upload files by using different protocols: FTP, HTTP, HTTPS, Telnet, LDAP, ... Also supports proxies, cookies, authentification, resumes, and lots of languages: C, C++, Perl, ...
C :
Hijacking Suite (Unix) : Library and tools who permits to easily create hijacking attacks, for example against IRC and HTTP protocols.
LibNet (Unix, Windows NT - 2000 - XP) : Functions library who permits to send arbitrary packets at different levels: Link Layer, ARP, RARP, IP, TCP, UDP, ... This library is used by lots of tools available on this page.
LibNIDS (Unix, Windows) : Emulate Linux 2.0.x TCP/IP stack, to give an environment to analyze TCP/IP packets.
LibPCap (Unix, Windows 9X - NT - 2000) : Functions library who permits to capture paquets, by supporting Berkeley Packet filter. This library is used by lots of tools available on this page.
LibRNet (Unix) : Library who permits to build and send arbitrary packets, alternative to LibNet.
State Threads (Unix) : Offers a threading API for structuring an Internet application as a state machine.
TCP/IP Library (Windows 2000 - XP) : Library who permits to generate arbitrary TCP/IP packets.
Perl :
NetPacket (Unix) : Perl library who offerts an interface to capture common TCP/IP protocols.
NetPCap (Unix) : Perl library who permits to capture packets through LibPCap.
NetPCapUtil (Unix) : Perl library who offerts a really simple interface to LibPCap.
NetRawIP (Unix) : Perl library who permits to send and receive arbitrary packets.
NIDS :
Despoof (Unix) : Command line utility who permits to detect spoofing, by analyzing packets TTL.
IDSWakeUp (Unix) : Scripts who permits to generate lots of attacks against NIDS.
IPlog (Unix) : TCP/IP traffic logger who detects lots of scans and attacks.
ISIC (Unix) : Random traffic generator, by specifying percentage of particularities (fragmentation, options, ...). Usefull to realize tests against firewalls, NIDS, fingerprinting, ...
LibNIDS (Unix, Windows) : Emulate Linux 2.0.x TCP/IP stack, to give an environment to analyze TCP/IP packets.
Network Flight Recorder (Unix) [Closed source, Non-free]: Famous NIDS, using filters descriptions in a proprietary langage.
Prelude (Unix) : NIDS easily parametrizable to run on different hosts, by hosting NIDS sensors or a server generating reports.
Shadow (Unix) : NIDS with Perl modules, who uses a Web interface.
Snort (Unix, Windows) : Famous NIDS, fully personnalisable, and who runs using rules. Different plugins, scripts and tools permits to add more and more functionalities.
Promiscuous detection :
Anti Anti Sniffer (Linux) : Kernel patch to avoid detection of a sniffer by classical tools.
AntiSniff (Unix, Windows NT - 2000 - XP) [Closed source, Non-free]: Utility who permits to detect network card in promiscuous mode on an Ethernet, by differents technics.
Neped (Unix) : Utility who permits to detect network card in promiscuous mode on an Ethernet.
Sentinel (Unix) : Utility who permits to detect network card in promiscuous mode on an Ethernet, by 3 different technics.
Scan detectors :
PortSentry (Unix) : Scan detector.
Protocols :
LibNet (Unix, Windows NT - 2000 - XP) : Functions library who permits to send arbitrary packets at different levels: Link Layer, ARP, RARP, IP, TCP, UDP, ... This library is used by lots of tools available on this page.
LibRNet (Unix) : Library who permits to build and send arbitrary packets, alternative to LibNet.
NetRawIP (Unix) : Perl library who permits to send and receive arbitrary packets.
Bouncing - Redirectors :
Bouncer (Unix, Windows) : Tunnel connections through an SSL proxy, with a lot of filtering possibilities, and SOCKS server simulation.
FPipe (Windows) [Closed source]: TCP/UDP redirector, who permits to specify the source port to use.
GMAclick (Unix, Windows) : Permits to download specified files from the web by using Wingates.
ProxyHunter (Windows) [Closed source]: HTTP and SOCKS proxies scanner. Permit to test them, and to be used itself as a proxy server who use a different proxy for each request.
Pudding (Unix) : HTTP proxy who modifies HTTP requests to use anti-IDS technics.
RInetD (Unix, Windows) : Permits to create TCP redirections by using precise rules.
SocksChain (Windows) [Closed source, Non-free]: Utility who permits to easily chain a set of SOCKS or HTTP proxies.
SocksHTTP (Java) [Closed source]: Converts classical SOCKS client requests to a request to an HTTP proxy.
HTTP :
Corkscrew (Unix, Windows) : Tunnel SSH connections through an HTTP proxy.
Curl (Unix, Windows) : Utility who permits to easily download and upload files by using different protocols: FTP, HTTP, HTTPS, Telnet, LDAP, ... Also supports proxies, cookies, authentification, resumes, ...
DesProxy (Unix, Windows) : Tunnel TCP connections through an HTTP proxy, eventually by converting SOCKS requests.
FizzBounce (Unix) : TCP redirector through HTTP proxies.
HTTPort (Windows) [Closed source]: Tunnel TCP connections through the HTTP protocol, by simulating a SOCKS server, and by eventually using an intermediate server.
HTTPTunnel (Unix, Windows) : Bidirectionnal tunnel through HTTP requests, eventually through an HTTP proxy.
LibCurl (Unix, Windows) : Library who permits to easily download and upload files by using different protocols: FTP, HTTP, HTTPS, Telnet, LDAP, ... Also supports proxies, cookies, authentification, resumes, and lots of languages: C, C++, Perl, ...
MultiProxy (Windows) [Closed source]: HTTP proxies tester. MultiProxy can be used as a proxy server who use a different proxy for each request.
Numby (Unix) : Scanner for HTTP vulnerables proxies.
Proxomitron (Windows) [Closed source]: Scanner and redirector through HTTP proxies, who can also delete or modify informations contained in HTML transferred pages. For example, this permits to easily filter automatic popups, DHTML or JavaScript.
ProxyTools (Unix, Windows) : Set of Perl utilities, who permits to use, sort, test and search for HTTP proxies.
TransConnect (Unix) : Transparently tunnel TCP connections through an HTTP proxy.
Zylyx (Unix) : permits to access to files through HTTP proxy caches.
IRC :
BNC (Unix) : Simple IRC redirector.
EZBounce (Unix) : IRC redirector with powerfull administration, DCC proxying, connections detaching, VHosts support, logging, ...
Muh (Unix) : IRC redirector with connections detaching, ...
PsyBNC (Unix) : IRC redirector with powerfull administration, DCC proxying, connections detaching, VHosts support, proxys support, logging, party line, scripting, ...
TIAtunnel (Linux) : IRC tunnel who permits to connect from an IPv4 to an IPv4, IPv6, or IPv4 with SSL support server.
Ethernet :
ARP0c (Linux, Windows) : TCP hijacking using ARP spoofing and bridging.
ARPing (Unix) : Tool who permits to realize pings using ARP requests.
ARPtool (Unix) : Arbitrary ARP paquets creation.
Fake (Linux) : Tool who permits to realize IP take-over by using an interface and ARP spoofing.
Ghost Port Scan (Linux, BSD) : Scanner who permits distribution and spoofing by using ARP poisoning.
GrabItAll (Windows 2000 - XP) : Performs traffic redirection by sending spoofed ARP replies.
Hunt (Unix) : Tool who permits to realize lots of operations on an Ethernet: sniffing, hijacking, desynchronisations, ARP relaying, ... Hunt can also work despite eventual switchs.
Smit (Unix) : ARP hijacking tool, who gives some technichs to sniff despite of eventual switchs.
Hijacking :
ARP0c (Linux, Windows) : TCP hijacking using ARP spoofing and bridging.
ButtSniff (Windows) [Closed source]: Little sniffer, who runs on a Telnet compatible interface, and who permits to reset connections and to hijack.
DSniff (Unix, Windows) : Set of tools who permits to sniff lots of protocols, like files and mail sending, SSH and HTTPS protocols in special conditions. DSniff also offer technics to capture network traffic if switchs are used.
Ettercap (Unix) : Console sniffer, whith a really nice interface based on NCurses, who permits to write pluggins, and offer technics against switch, to realize passive fingerprinting, and some hijacking possibilities.
Fake (Linux) : Tool who permits to realize IP take-over by using an interface and ARP spoofing.
GrabItAll (Windows 2000 - XP) : Performs traffic redirection by sending spoofed ARP replies.
Hijacking Suite (Unix) : Library and tools who permits to easily create hijacking attacks, for example against IRC and HTTP protocols.
Hunt (Unix) : Tool who permits to realize lots of operations on an Ethernet: sniffing, hijacking, desynchronisations, ARP relaying, ... Hunt can also work despite eventual switchs.
IRChijack (Unix, Windows) : IRC session hijacker.
NetSed (Unix) : Tool who permits to intercept and modify packets.
Smit (Unix) : ARP hijacking tool, who gives some technichs to sniff despite of eventual switchs.
HTTP :
Achilles (Windows) [Closed source]: Permit to capture and modify HTTP and SSL requests, by installing it as a proxy between the client and the server.
Proxomitron (Windows) [Closed source]: Scanner and redirector through HTTP proxies, who can also delete or modify informations contained in HTML transferred pages. For example, this permits to easily filter automatic popups, DHTML or JavaScript.
Pudding (Unix) : HTTP proxy who modifies HTTP requests to use anti-IDS technics.
TCP-IP :
APsend (Unix) : TCP/IP arbitrary packets generator, who contains lofs of ready attacks.
FragRoute (Unix) : Tool to use like a router, but who permits to fragment packets with different technics.
HPing (Unix) : Command line utility who permits to generate arbitrary packets, to scan, fragment, fingerprint, ... Also permit to realize IP ID scan.
IDSWakeUp (Unix) : Scripts who permits to generate lots of attacks against NIDS.
IPlayer (Unix) : Permits to capture and regenerate packets captured using TCPDump's format, through NASL script or through SendIP.
Iris (Windows) [Closed source, Non-free]: Probably one of the best existing sniffers, who permits to fully rebuild sessions (HTTP, telnet, POP3, ...) and to print them in different formats, to rebuild packets, ...
ISIC (Unix) : Random traffic generator, by specifying percentage of particularities (fragmentation, options, ...). Usefull to realize tests against firewalls, NIDS, fingerprinting, ...
MPac (Unix) : Utility who permits to generate TCP/IP arbitrary packets by using configuration files.
Nemesis (Unix) : Utility who permits to generate TCP/IP arbitrary packets by using scripts.
NetDude (Unix) : Graphical interface who permits to interprete and modify TCPDump logs, and to powerfully filter.
NetSed (Unix) : Tool who permits to intercept and modify packets.
PSH (Solaris) : Shell who permits to generate arbitrary TCP/IP packets by using Tcl/Tk.
Rain (Unix) : Permits to easily generate TCP, UDP, ICMP and IGMP packets on the command line, and to simulate well-known attacks.
SendIP (Unix) : Command line utility who permits to generate arbitrary TCP/IP packets with payload.
TCP/IP Library (Windows 2000 - XP) : Library who permits to generate arbitrary TCP/IP packets.
TCPreplay (Unix) : Tool who permits to regenerate network traffic artificially, by using logs generated by TCPDump.
WInject (Windows 9X - 2000) : Tool who permits to generate TCP/IP arbitrary packets, by using a graphical interface.
DNS :
Snoof (Unix) : DNS spoofer.
Zodiac (Unix) : Full GNU tool who permits to manipulate DNS: sniffing, decoding, flooding, spoofing, ...
FTP :
Curl (Unix, Windows) : Utility who permits to easily download and upload files by using different protocols: FTP, HTTP, HTTPS, Telnet, LDAP, ... Also supports proxies, cookies, authentification, resumes, ...
FTPbounceCommander (Unix) : Utility who permits to send files by using the FTP BOUNCE vulnerability. attacks, CGI scanning, ...
LibCurl (Unix, Windows) : Library who permits to easily download and upload files by using different protocols: FTP, HTTP, HTTPS, Telnet, LDAP, ... Also supports proxies, cookies, authentification, resumes, and lots of languages: C, C++, Perl, ...
HTTP :
BabelWeb (Unix) : Scanner who permits to obtain lots of informations about a Web server: allowed pages, available CGIs, existing files types, ...
Curl (Unix, Windows) : Utility who permits to easily download and upload files by using different protocols: FTP, HTTP, HTTPS, Telnet, LDAP, ... Also supports proxies, cookies, authentification, resumes, ...
ELZA (Unix, Windows) : Scripting langage who permits to realize lots of manipulationes related to websites, as: simulating browsers, automatic answer to Forms, dictionary attacks, CGI scanning, ...
GMAclick (Unix, Windows) : Permits to download specified files from the web by using Wingates.
HTTPush (Unix) : Tool who permits to easily generate HTTP requests.
LibCurl (Unix, Windows) : Library who permits to easily download and upload files by using different protocols: FTP, HTTP, HTTPS, Telnet, LDAP, ... Also supports proxies, cookies, authentification, resumes, and lots of languages: C, C++, Perl, ...
Pudding (Unix) : HTTP proxy who modifies HTTP requests to use anti-IDS technics.
Zylyx (Unix) : permits to access to files through HTTP proxy caches.
ICMP :
AICMPsend (Unix) : ICMP arbitrary packets generator, who contains lots of ready attacks.
ICMPEnum (Unix) : Utility who permits to use DDoS technics to generate and receive packets (sending and receiving on different hosts).
ICMPush (Unix) : Utility who permits to generate ICMP arbitrary packets, and to analyze received answers, to realize ICMP fingerprinting.
Sing (Unix) : Command line utility who permits to generate arbitrary ICMP packets.
Mail :
Anubis (Unix) : Tool who permits to send anonymous mails, with support for anonymous remailers, SOCKS, Wingates, ...
SNMP :
NetSNMP (Unix) : Powerfull toolset, who permits to manipulate SNMP protocol.
Sockets :
NetCat (Unix, Windows) : Famous tool who permits to manipulate TCP and UDP to realizate lots of operations: server, client, scanning, scripting, ...
Socket Workbench (Windows) [Closed source, Non-free]: Nice GUI tool to manipulate TCP sockets.
TCP :
Phoenix (Linux) : TCP connections reseting by IP and MAC spoofing.
Reverb (Unix) : Permits to adapt TCP connections, to allow 2 "client" connections or 2 "server" connections to communicate.
Tunnelling :
Bouncer (Unix, Windows) : Tunnel connections through an SSL proxy, with a lot of filtering possibilities, and SOCKS server simulation.
Corkscrew (Unix, Windows) : Tunnel SSH connections through an HTTP proxy.
CovertTCP (Unix) : Utility who permits to encapsulate data by using directly TCP/IP headers.
HTTPort (Windows) [Closed source]: Tunnel TCP connections through the HTTP protocol, by simulating a SOCKS server, and by eventually using an intermediate server.
HTTPTunnel (Unix, Windows) : Bidirectionnal tunnel through HTTP requests, eventually through an HTTP proxy.
ICMPTunnel (Unix) : Utility who permits to encapsulate IP traffic in a ICMP tunnel by choosing the ICMP type.
ICMPXFer (Unix) : Utility who permits to send files through ICMP.
ITunnel (Unix) : ICMP tunnelling.
MailTunnel (Unix) : Tunnel who permits to work by exchanging mails. Really slow, this system is a powerfull solution for users behind a heavy restrictive firewall.
STunnel (Unix, Windows) : Permits to encapsulate arbitrary TCP connections in a SSL tunnel.
VPN :
FreeSWAN (Linux) : IPSec implementation.
VTun (Unix) : Permits to create virtual tunnels by using lots of protocols, like Ethernet, PPP, SLIP, IP, TCP, UDP, and Unix pipes.
Yavipin (Linux) : Permits to create secure virtual tunnels.
Scanning :
NDif (Unix) : Filtering tool for NMap logs, who permits principally to observe differences between 2 scans, and generate an HTML report.
RNMap (Unix) : Python scripts who permits to realize distributed scans from hosts using NMap.
Fingerprinting :
FTPmap (Unix) : FTP servers fingerprinting, by analyzing commands from the server.
LDistFP (Unix) : Fingerprinting based on Ident requests, specific for each system.
MingSweeper (Windows 2000 - XP) : Wonderfull scanner with a nice GUI interface, who offerts lots of possibilities: scanning, fingerprinting, banners grabbing, ...
NMap (Unix, Windows NT - 2000 - XP) : Famous scanner who offerts lots of technics and options: domains, ports, fingerprinting, ...
Queso (Unix) : Famous OS fingerprinting tool, fully parametrizable.
Retina (Windows NT - 2000 - XP) [Closed source, Non-free]: Powerfull vulnerability scanner, who permits fingerprinting, adding modules, ...
TelnetFP (Unix) : Fingerprinting based on Telnet negociations, specific for each system.
WinFingerprint (Windows) : Windows hosts scanning and fingerprinting, based on SMB requests.
XProbe (Unix) : Utility implementing a full fingerprinting logic, based on ICMP, really usefull to differenciate Windows systems.
Passive :
Archaeopteryx (Windows NT - 2000 - XP) [Closed source]: Passive OS fingerprinting tool, based on Siphon. Has a great GUI.
P0F (Unix) : Passive OS fingerprinting.
PSting (Unix) : Passive OS fingerprinting, by analyzing ICMP Echo.
Syphon (Unix, Windows) : Famous tool for passive OS fingerprinting.
Patchs :
Fingerprint Fucker (Linux) : Kernel patch against NMap fingerprintings.
IPpersonality (Linux) : Kernel patch for Linux 2.4, who permits to modify some TCP/IP stack parameters, to avoid fingerprinting technics.
Stealth (Linux) : Kernel patch for Linux who permits to fake informations returned by the TCP/IP stack during OS fingerprintings.
Mapping :
Cheops (Linux) : Graphical networking analysis tool, who permits to map networks, or to realize fingerprinting or scanning.
Ghost Port Scan (Linux, BSD) : Scanner who permits distribution and spoofing by using ARP poisoning.
MingSweeper (Windows 2000 - XP) : Wonderfull scanner with a nice GUI interface, who offerts lots of possibilities: scanning, fingerprinting, banners grabbing, ...
NMap (Unix, Windows NT - 2000 - XP) : Famous scanner who offerts lots of technics and options: domains, ports, fingerprinting, ...
Nomad (Unix) : SNMP scanner, who permits to map a local network.
ACL :
FilterRules (Unix) : Server and client exchanging IP packets through a firewall, to detect the actual filtering rules.
Firewalk (Unix) : Tool using Traceroute like technics, to detect ACL to access networks and map those networks.
FTester (Unix) : Perl scripts (client and server) exchanging personalized packets through a firewall, to detect the actual filtering rules.
Ports :
LameScan (Unix) : Multi-thread scanner who permits SYN scans, FIN scans, XMAS scans, ... and fragmentation.
MingSweeper (Windows 2000 - XP) : Wonderfull scanner with a nice GUI interface, who offerts lots of possibilities: scanning, fingerprinting, banners grabbing, ...
NMap (Unix, Windows NT - 2000 - XP) : Famous scanner who offerts lots of technics and options: domains, ports, fingerprinting, ...
WinFingerprint (Windows) : Windows hosts scanning and fingerprinting, based on SMB requests.
Sockets :
SuperScan (Windows) [Closed source]: Powerfull domains scanner, multi-threads, and with a nice interface.
Banners :
ExScan (Unix) : Domain scanner who permits to get banners.
FScan (Windows) [Closed source]: Command line TCP-UDP domain scanner, who permits to get banners.
Grabbb (Unix) : Banners scanner.
MingSweeper (Windows 2000 - XP) : Wonderfull scanner with a nice GUI interface, who offerts lots of possibilities: scanning, fingerprinting, banners grabbing, ...
Protocols :
Nat (Unix) : Powerfull NetBios scanner, who permits to realizate brute forcing.
Nomad (Unix) : SNMP scanner, who permits to map a local network.
RelayTest (Unix) : Scanner who permits to detect if a SNMP server is an open relay.
ScanSSH (Unix) : Permits to scan addresses lists, to find SSH servers, and known their version.
FTP :
Grim's Ping (Windows) : Scanner who permits to find public FTP servers.
Proxies :
CUM Proxy Toolkit (Unix) : Set of tools to check HTTP vulnerables proxies.
MultiProxy (Windows) [Closed source]: HTTP proxies tester. MultiProxy can be used as a proxy server who use a different proxy for each request.
Numby (Unix) : Scanner for HTTP vulnerables proxies.
Proxomitron (Windows) [Closed source]: Scanner and redirector through HTTP proxies, who can also delete or modify informations contained in HTML transferred pages. For example, this permits to easily filter automatic popups, DHTML or JavaScript.
ProxyHunter (Windows) [Closed source]: HTTP and SOCKS proxies scanner. Permit to test them, and to be used itself as a proxy server who use a different proxy for each request.
ProxyTools (Unix, Windows) : Set of Perl utilities, who permits to use, sort, test and search for HTTP proxies.
SocksChain (Windows) [Closed source, Non-free]: Utility who permits to easily chain a set of SOCKS or HTTP proxies.
Vulnerabilities :
Cerberus Internet Scanner (Windows NT - 2000) [Closed source]: Vulnerability scanner.
Messala (Unix) : Little vulnerability scanner.
MNS (Unix) : Domain scanner searching for vulnerabilities, like NMap and SScan.
MScan (Unix) : Domain scanner searching for vulnerabilities.
Nessus (Unix, Windows) : Famous vulnerability scanner, who offerts a server and different clients (GTK, Win32, Java, ...).
Retina (Windows NT - 2000 - XP) [Closed source, Non-free]: Powerfull vulnerability scanner, who permits fingerprinting, adding modules, ...
Saint (Unix) : Vulnerability scanner based on Satan.
Sara (Unix) : Vulnerability scanner based on Satan, but who can use others tools, like NMap.
Satan (Unix) : Famous vulnerability scanner, but a little old.
Shadow Security Scanner (Windows) [Closed source, Non-free]: Very good vulnerability scanner.
SScan (Unix) : Domain scanner who searchs for vulnerabilities, based on MScan. It supports worm integration, and a scripting langage.
SScan2K (Unix) : Domain scanner searching for vulnerabilities, based on SScan, and who can use NMap and Wingates proxies.
HTTP :
BabelWeb (Unix) : Scanner who permits to obtain lots of informations about a Web server: allowed pages, available CGIs, existing files types, ...
Stealth (Windows) : Famous Web vulnerability scanner.
Whisker (Unix) : Famous CGI vulnerability scanner who contains lots of technics against NIDS.
Sniffing :
Anti Anti Sniffer (Linux) : Kernel patch to avoid detection of a sniffer by classical tools.
ButtSniff (Windows) [Closed source]: Little sniffer, who runs on a Telnet compatible interface, and who permits to reset connections and to hijack.
Ethereal (Unix, Windows) : Graphical sniffer who knows a lot of protocols, and gives detailed informations on the different records of the headers. It also permits to rebuild TCP sessions. A text version is also furnished, who permits to filter using a incredible set of protocols records.
Hunt (Unix) : Tool who permits to realize lots of operations on an Ethernet: sniffing, hijacking, desynchronisations, ARP relaying, ... Hunt can also work despite eventual switchs.
IPgrab (Unix) : Sniffer who prints detailed informations about each used header.
Iris (Windows) [Closed source, Non-free]: Probably one of the best existing sniffers, who permits to fully rebuild sessions (HTTP, telnet, POP3, ...) and to print them in different formats, to rebuild packets, ...
LibPCap (Unix, Windows 9X - NT - 2000) : Functions library who permits to capture paquets, by supporting Berkeley Packet filter. This library is used by lots of tools available on this page.
NetPacket (Unix) : Perl library who offerts an interface to capture common TCP/IP protocols.
NetPCap (Unix) : Perl library who permits to capture packets through LibPCap.
NetPCapUtil (Unix) : Perl library who offerts a really simple interface to LibPCap.
NetRawIP (Unix) : Perl library who permits to send and receive arbitrary packets.
NGrep (Unix, Windows) : Packets analyzer, who uses regular expressions as the grep Unix tool.
Smit (Unix) : ARP hijacking tool, who gives some technichs to sniff despite of eventual switchs.
SniffIt (Unix, Windows NT - 2000) : Sniffer who permits to obtain detailed informations in lots of formats. Know ICMP, TCP and UDP protocols.
TCPdump (Unix, Windows) : The most famous sniffer.
TCPflow (Unix) : Permits to record TCP session with traffic recomposition.
TCPreplay (Unix) : Tool who permits to regenerate network traffic artificially, by using logs generated by TCPDump.
TheWESP (Unix) : Sniffer who captures packets directly by using a filter in a MySQL database.
Analyzers :
IPlayer (Unix) : Permits to capture and regenerate packets captured using TCPDump's format, through NASL script or through SendIP.
NetDude (Unix) : Graphical interface who permits to interprete and modify TCPDump logs, and to powerfully filter.
NStreams (Unix) : Analyze TCP streams on a network, and determine if they are part of well-known protocols and ports.
Protocols :
DSniff (Unix, Windows) : Set of tools who permits to sniff lots of protocols, like files and mail sending, SSH and HTTPS protocols in special conditions. DSniff also offer technics to capture network traffic if switchs are used.
Ettercap (Unix) : Console sniffer, whith a really nice interface based on NCurses, who permits to write pluggins, and offer technics against switch, to realize passive fingerprinting, and some hijacking possibilities.
Phoss (Unix) : Sniffer who permits to automatically capture passwords for those protocols: HTTP, FTP, LDAP, Telnet, IMAP4 and POP3.
SNMPsniff (Unix) : Tool who permits to sniff SNMP packets.
SSLdump (Unix, Windows) : Permits to observe SSL/TLS traffic. If keys are given, a full decryption is possible.
Files :
FTPXerox (Windows NT - 2000 - XP) [Closed source]: This tool permits to capture files from FTP transfers.
Owns (Linux, Windows) : Sniffer who permits to capture files exchanged by HTTP, POP3 and NNTP protocols.
SMBsniff (Unix) : Sniffer who permits to capture files exchanged using NetBios protocol.
Wireless :
AirSnort (Linux) : Tool to sniff and break 802.11 WEP secret keys when enough packets have been captured.
WEPCrack (Unix) : Tool to break 802.11 WEP secret keys.
Sockets :
Proxy Workbench (Windows) [Closed source, Non-free]: Debugging sockets tool, who works like a proxy.
TracePlus Winsock (Windows) [Closed source, Non-free]: Debugging sockets tool, who permits to observe all calls to Winsock APIs, and exchanged data.