Several other hash types are added
3 07 2009No other new tool even broke into the top of this list, yet Metasploit comes in at 5, ahead of many wellloved tools that have been developed for more than decade. Respondents were allowed to list open source or commercial tools onany platform. It is great for tracking down network problems or monitoring activity. It includes web traffic recorder, web spider, hash calculator, and scanner for testing common web application attacks such as SQL injection and crosssite scripting. One of the interesting is Socat, which extends Netcat to support many other socket types, SSL encryption, SOCKS proxies, and more.
One word of caution is that Ethereal has suffered from dozens of remotely exploitable security holes, so stay uptodate and be wary of running it on untrusted or hostile networks such as security conferences. This audience also biases the list slightlytoward attack hacking tools rather than defensive ones. It can sometimes even be hard to find nc110. tgz. It is designed to be reliable backend tool that can be used directly or easily driven by other programs and scripts.
arpspoof, dnsspoof, and macof facilitate the interception of network traffic normally unavailable to an attacker due to layer2 switching. See all packet sniffers 187 NetStumbler Free Windows SnifferNetstumbler is the best known Windows tool for finding open wireless access points wardriving.
See all rootkit detectors 255 Retina Commercial vulnerability assessment scanner by eEyeLike Nessus, Retinas function is to scan all the hosts on network and report on any vulnerabilities found. Each tool is described by one ore more attributesDid not appear on the listPopularity ranking rose fell the given number since the surveyGenerally costs money. Data injection in an established connection and filtering on the fly is also possible, keeping the connection synchronized. Many personal firewalls are available for Windows Tiny,Zone Alarm, Norton, Kerio, …, though none made this list.
PsTools for managing executing, suspending, killing, detailing local and remote processes. Anyone in the security fieldwould be well advised to go over the list and investigate tools theyare unfamiliar with. Wireshark has several powerful features, including rich display filter language and the ability to view the reconstructed stream of TCP session. One word of caution is that Ethereal has suffered from dozens of remotely exploitable security holes, so stay uptodate and be wary of running it on untrusted or hostile networks such as security conferences.
