Category
Best
Recommended/Excellent
Information Gathering
Maltego GUI and Web based
ex aequo : SEAT (Search Engine Assessment Tool)) & RevHosts
Protocol mappers
NMap
THC-Amap
Vulnerability scanners
Tenable Nessus
Saint Scanner Basic release
Application scanners
W3AF : Web Application Attack Audit Framework
ex aequo: Paros Proxy & Nikto
Exploiters
Metasploit 3.x
ex aequo: Inguma & Milw0rm WebSite
Wireless hacking
ex aequo: AirCrack-NG & AirCrack PTW
AiroScript
LiveCDs
BackTrack 2.x and 3.x
ex aequo: NST (Network Security Toolkit) & OSWA (Organizational Systems Wireless Auditor)
Methodologies
Document
Network and System testing
OSSTMM
NIST SP 800-115
Application testing
OWASP Guides
WebAppSec papers
Testing Framework
PTF Penetration tests Framework
N/A
WTF Wireless Testing Framework
Open source and Free Softwares
Windows auditing
OVAL Interpreter
ex aequo : Belarc Advisor & WinAudit & SysInternals
Unix auditing
ex aequo : CIS Scoring Tools & Tiger Security Tool
ex aequo : Babel Enterprise & OVAL Unix interpreters (Sussen, Debian, Fedora, OpenSuse)
Filtering devices
Nipper
NCat
Password Cracking
Cain and Abel
OphCrack Suite
Code auditing
FindBugs
Pixy
Wireless testing
OSWA
Russix
Database auditing
THC-Oracle
SQL Power Injector
Application auditing
OWASP LabRat
OWASP Cal9000
VoIP auditing
SiVus
Publications
NIST CSRC documents
Security Checklists
DISA STIGs
ex aequo: CIS Checklists & AuditNet Resources
Commercial Softwares - Best OFF
Penetration Tests
Core Impact
Saint Suite (Saint scanner and SaintExploit)
Application tests
Acunetix Web Vulnerability Scanner
WebInspect
Compliance Scanners
LAnGuard NSS
Tenable Security Center
Open source and free softwares
Maltego
<a href="http://www.paterva.com/">http://www.paterva.com</a>
SEAT
<a href="http://midnightresearch.com/">http://midnightresearch.com</a>
RevHosts
<a href="http://www.revhosts.org/">http://www.revhosts.org</a>
<a href="http://www.nmap.org/">http://www.nmap.org</a>
Nessus & Tenable products
<a href="http://www.tenablesecurity.com/">http://www.tenablesecurity.com</a>
Saint Scanner and SaintExploit
<a href="http://www.saintcorporation.com/">http://www.saintcorporation.com</a>
W3AF
<a href="http://w3af.sourceforge.net/">http://w3af.sourceforge.net</a>
Nikto
<a href="http://www.cirt.net/code/nikto.shtml">http://www.cirt.net/code/nikto.shtml</a>
Paros Proxy
<a href="http://www.parosproxy.org/index.shtml">http://www.parosproxy.org/index.shtml</a>
Metasploit
<a href="http://www.metasploit.com/">http://www.metasploit.com</a>
Inguma
<a href="http://inguma.sourceforge.net/">http://inguma.sourceforge.net</a>
Milw0rm Resources
<a href="http://www.milw0rm.com/">http://www.milw0rm.com</a>
AirCrack-NG
<a href="http://www.aircrack-ng.org/">http://www.aircrack-ng.org</a>
AirCrack-PTW
<a href="http://www.cdc.informatik.tu-darmstadt.de/aircrack-ptw/">CDC informatik darmstadt</a>
<a href="http://airoscript.aircrack-ng.org/">http://airoscript.aircrack-ng.org</a>
BackTrack
<a href="http://www.remote-exploit.org/">http://www.remote-exploit.org</a>
NST
<a href="http://networksecuritytoolkit.org/">http://networksecuritytoolkit.org</a>
OSWA Assistant
<a href="http://securitystartshere.org/">http://securitystartshere.org</a>
OVAL Interpreters
<a href="http://oval.mitre.org/">http://oval.mitre.org</a>
Belarc Advisor
<a href="http://www.belarc.com/">http://www.belarc.com</a>
Sussen OVAL
<a href="http://dev.mmgsecurity.com/projects/sussen/">http://dev.mmgsecurity.com/projects/sussen/</a>
WinAudit
<a href="http://www.pxserver.com/WinAudit.htm">http://www.pxserver.com/WinAudit.htm</a>
SysInternals
<a href="http://www.sysinternals.com/">http://www.sysinternals.com</a>
CIS Scoring Tools and Checklists
<a href="http://www.cisecurity.org/">http://www.cisecurity.org</a>
Tiger Security Suite
<a href="http://www.nongnu.org/tiger">http://www.nongnu.org/tiger</a>
Babel Enterprise
<a href="http://babel.sourceforge.net/">http://babel.sourceforge.net</a>
Nipper Network Infrastructure Parser
<a href="http://sourceforge.net/projects/nipper">http://sourceforge.net/projects/nipper</a>
<a href="http://ncat.sourceforge.net/">http://ncat.sourceforge.net</a>
Cain And Abel
<a href="http://www.oxid.it/">http://www.oxid.it</a>
OphCrack
<a href="http://ophcrack.sourceforge.net/">http://ophcrack.sourceforge.net</a>
<a href="http://findbugs.sourceforge.net/">http://findbugs.sourceforge.net</a>
<a href="http://pixybox.seclab.tuwien.ac.at/pixy/">PixyBox WebSite</a>
<a href="http://www.russix.com/">www.russix.com</a>
THC Utilities
<a href="http://freeworld.thc.org/">http://freeworld.thc.org</a>
<a href="http://www.sqlpowerinjector.com/">http://www.sqlpowerinjector.com</a>
<a href="http://www.vopsecurity.org">http://www.vopsecurity.org</a>
Commercial softwares
Name
Link
<a href="http://www.coresecurity.com/">http://www.coresecurity.com</a>
LanGuard NSS
<a href="http://www.gfi.com/">http://www.gfi.com</a>
Acunetix WVS
<a href="http://www.acunetix.com/">www.acunetix.com</a>
<a href="http://www.spidynamics.com/">www.spidynamics.com</a>
Methodologies and references
<a href="http://www.isecom.org/">http://www.isecom.org/</a>
OWASP Software and Methodology
<a href="http://www.owasp.org/">http://www.owasp.org</a>
<a href="http://www.vulnerabilityassessment.co.uk/">http://www.vulnerabilityassessment.co.uk</a>
<a href="http://www.wirelessdefence.org/">http://www.wirelessdefence.org</a>
WebAppSec documents
<a href="http://www.webappsec.org/">http://www.webappsec.org</a>
NIST Releases
<a href="http://csrc.nist.gov/publications/">http://csrc.nist.gov/publications/</a>
<a href="http://iase.disa.mil/stigs">http://iase.disa.mil/stigs</a>
AuditNet Resources
<a href="http://www.auditnet.org/">http://www.auditnet.org</a>
![在DOS下運作不了ipconfig指令[圖]](data:image/gif;base64,R0lGODlhAQABAIAAAP///wAAACwAAAAAAQABAAACAkQBADs=)