BEST IT Security and Auditing Software 2007
Since we have started IT security auditing and assessment, we have tested and used tons of tools, utilities and softwares. A lot of them were discontinuted, closed their code or just bought by vendors. But (hopefully), the best are still alive.
Now, by the end of the year 2007, i become slightly melancholic and decide to release a survey of the most efficient IT Security Softwares for auditors, security administrators and pentesters.
However, I deeply think that every little script or utility wrote by individual developer or hacker is a gem. Just take a look at sourceforge project repositories to be amazed. They will continue to serve us for years to come.
— Happy New Year.
Open source and Free Softwares
|Information Gathering||Maltego GUI and Web based||ex aequo : SEAT (Search Engine Assessment Tool)) & RevHosts|
|Vulnerability scanners||Tenable Nessus||Saint Scanner Basic release|
|Application scanners||W3AF : Web Application Attack Audit Framework||ex aequo: Paros Proxy & Nikto|
|Exploiters||Metasploit 3.x||ex aequo: Inguma & Milw0rm WebSite|
|Wireless hacking||ex aequo: AirCrack-NG & AirCrack PTW||AiroScript|
|LiveCDs||BackTrack 2.x and 3.x||ex aequo: NST (Network Security Toolkit) & OSWA (Organizational Systems Wireless Auditor)|
|Network and System testing||OSSTMM||NIST SP 800-115|
|Application testing||OWASP Guides||WebAppSec papers|
|Testing Framework||PTF Penetration tests Framework||N/A|
|Testing Framework||WTF Wireless Testing Framework||N/A|