An Introduction To Security

Here are some links to posts on this websites with lists of programs and DOS commands for networking that goes back aways.

www.firewall.cx/modules.php?name=Forums&...1&highlight=#811

www.firewall.cx/modules.php?name=Forums&...7&highlight=#807

www.firewall.cx/modules.php?name=Forums&...3&highlight=#803

www.firewall.cx/modules.php?name=Forums&...9&highlight=#749

www.firewall.cx/modules.php?name=Forums&...5&highlight=#955

www.firewall.cx/modules.php?name=Forums&...8&highlight=#938

www.firewall.cx/modules.php?name=Forums&...0&highlight=#930

Hope that was what you were looking for. I know they are hard to find when they are scattered throughout the Posts.

thanx Thomas ... those pointers are quite a help

Anytime.

The nice thing is that there is a wealth of information out there as well as some cool tools, many of which are free.

Wow, Tom did some real digging there didn't he !
I haven't looked at any of the links he's provided, but I did do a post on windows command line tools in the 'Windows and DOS forum'. Its entitled 'The Power Of Command Line Tools' or something similarly grand sounding.

Since you specifically asked about port scanners, I would make my personal favourite recommendation -- Nmap.
www.insecure.org/nmap
There is a windows version available with a GUI and all, and yes it works perfectly. You just have to install the winpcap library that comes bundled if you download the GUI version. I don't use the latest winpcap, I'm using err.. 2.3 or something similar. Anyway this will give you a variety of different scanning techniques -- stealth SYN scanning, ACK / FIN / XMAS scans, selectable source port, etc etc which should make your life lots of fun, and will walk around most firewalls. It'll also identify what O/S is running on the target as well as tell you what service is running on a port (eg, it will tell you which version of Apache the webserver is etc etc).


If you want something just a little more straightforward, get 7th Sphere Portscanner.. Its pretty fast, and will return the banner of the remote host.

If you want more scanning tools, then I recommend you download the windows port of perl from www.activestate.com , once you have that you can run any perl program that works under linux / unix. Then you could download nikto (just do a search at google) and get that, it will do webserver vulnerability scanning.

Lastly, you could visit the top 75 tools. www.insecure.org/tools.html

Just pick out all the tools that are for windows (it says what platform they run on). They're all best of the breed.

Hmm sorry I haven't provided too many direct links, I've got some work to do, let me know if you need more info.


Cheers,

Actually, I have nmapwin version 1.3.1, but when it comes up in a couple of places it says nmap 3.0, even though the window says 1.3.1.

The newest version on their website is 3.48.

Yep Tom, thats correct, what its telling you is that the GUI (nmapwin) is version 1.3.1 and the actual nmap that it calls is version 3.0. The GUI is just a frontend for the command line tool. Frankly I prefer the command line version under windows, even though it takes a little more time to type in the parameters for the scan I don't trust the windows GUI, its still quite buggy in places.