BEST IT Security and Auditing Software 2007
Since we have started IT security auditing and assessment, we have tested and used tons of tools, utilities and softwares. A lot of them were discontinuted, closed their code or just bought by vendors. But (hopefully), the best are still alive.
Now, by the end of the year 2007, i become slightly melancholic and decide to release a survey of the most efficient IT Security Softwares for auditors, security administrators and pentesters.
However, I deeply think that every little script or utility wrote by individual developer or hacker is a gem. Just take a look at sourceforge project repositories to be amazed. They will continue to serve us for years to come.
— Happy New Year.
Table of contents
Penetration Tests
Open source and Free Softwares
| Category | Best | Recommended/Excellent |
|---|---|---|
| Information Gathering | Maltego GUI and Web based | ex aequo : SEAT (Search Engine Assessment Tool)) & RevHosts |
| Protocol mappers | NMap | THC-Amap |
| Vulnerability scanners | Tenable Nessus | Saint Scanner Basic release |
| Application scanners | W3AF : Web Application Attack Audit Framework | ex aequo: Paros Proxy & Nikto |
| Exploiters | Metasploit 3.x | ex aequo: Inguma & Milw0rm WebSite |
| Wireless hacking | ex aequo: AirCrack-NG & AirCrack PTW | AiroScript |
| LiveCDs | BackTrack 2.x and 3.x | ex aequo: NST (Network Security Toolkit) & OSWA (Organizational Systems Wireless Auditor) |
Methodologies
| Document | Best | Recommended/Excellent |
|---|---|---|
| Network and System testing | OSSTMM | NIST SP 800-115 |
| Application testing | OWASP Guides | WebAppSec papers |
| Testing Framework | PTF Penetration tests Framework | N/A |
| Testing Framework | WTF Wireless Testing Framework | N/A |
