BEST IT Security and Auditing Software 2007

Since we have started IT security auditing and assessment, we have tested and used tons of tools, utilities and softwares. A lot of them were discontinuted, closed their code or just bought by vendors. But (hopefully), the best are still alive.

Now, by the end of the year 2007, i become slightly melancholic and decide to release a survey of the most efficient IT Security Softwares for auditors, security administrators and pentesters.

However, I deeply think that every little script or utility wrote by individual developer or hacker is a gem. Just take a look at sourceforge project repositories to be amazed. They will continue to serve us for years to come.

— Happy New Year.

 Penetration Tests

Open source and Free Softwares

Category Best Recommended/Excellent
Information GatheringMaltego GUI and Web basedex aequo : SEAT (Search Engine Assessment Tool)) & RevHosts
Protocol mappersNMapTHC-Amap
Vulnerability scannersTenable NessusSaint Scanner Basic release
Application scannersW3AF : Web Application Attack Audit Frameworkex aequo: Paros Proxy & Nikto
ExploitersMetasploit 3.xex aequo: Inguma & Milw0rm WebSite
Wireless hackingex aequo: AirCrack-NG & AirCrack PTWAiroScript
LiveCDsBackTrack 2.x and 3.xex aequo: NST (Network Security Toolkit) & OSWA (Organizational Systems Wireless Auditor)

Methodologies

Document Best Recommended/Excellent
Network and System testingOSSTMMNIST SP 800-115
Application testingOWASP GuidesWebAppSec papers
Testing FrameworkPTF Penetration tests FrameworkN/A
Testing FrameworkWTF Wireless Testing FrameworkN/A

Comments