I am a networker by studies and I've been looking around for some nifty tools to use for network testing, hacking my teachers PC (I have permission and we are actually learning to hack) and generally messing about with my own network.
So I'll post a few of my favourites (everyone should know a few of them) but the one I just found that has really impressed me is SPIKE Proxy.
Able to
o SQL Injection
o Directory scanning
o File Scanning
o Crawling
o Overflows and format strings
Now this runs in windows for easier use by noobs.
It's really easy to use and really effective.
here's a link to the website
I'll just post an easy guide here
-Extract to C:\SPIKEProxy ( this is just easier then having to change the dir)
-Internet explorer>tools->Internet Options->Connections->LAN Settings change to proxy of 127.0.0.1 (your loopback IP)
-Run the runme.bat file in the spike dir (keep open)
-Then in IE run http://spike/
-select the test you want and watch as the programme test your website/machine/etc in the command screen.
Now this is useful for website admin who want to do some stress testing on their web machines.
Other useful tools include
Cain and Able
Oxid.it forums[/urlThe top password recovery tool for Windows
UNIX users often smugly assert that the best free security tools support their platform first, and Windows ports are often an afterthought. They are usually right, but Cain & Abel is a glaring exception. This Windows-only password recovery tool handles an enormous variety of tasks. It can recover passwords by sniffing the network, cracking encrypted passwords using Dictionary, Brute-Force and Cryptanalysis attacks, recording VoIP conversations, decoding scrambled passwords, revealing password boxes, uncovering cached passwords and analyzing routing protocols.
[url=http://nmap.org/download.html]Nmap
Nmap is a great app that all networkers should learn to use.
Brutus AET 2-Password cracker
useful but some apps (like Brutus) will get a virus warning as they have been listed on Antivirus security risk list.HTTP (Basic Authentication)
HTTP (HTML Form/CGI)
POP3
FTP
SMB
Telnet
Other types such as IMAP, NNTP, NetBus
Basically they don't want you to have the power of them.
I've also found some great tools that will try to inject malicious codes into a system, analyse the results and give you an report with the issue, it's meaning and how to fix it.
I'm sure you guys know Nessus (register for the free edition)
X-Scan
Xscan is very user friendly and a personal fav.
Both of these are really simple to use and incredibly powerful.
For hidden passwords get Asterisk Key
Cain and able, Xscan, EtherChange, AirSnare, AirCrack-NG video guides here
Have fun and don't do anything stupid!
If you want to add any, please do. I'm looking for a powerful SMTP app.
If I can find anything more, I'll edit the main body of the thread.
regards
Frozen
(if any of my links are not working properly then please excuse this and copy and paste into your web browser.