All these tools are useful for administratively troubleshooting networks. But remember it is like a double edge sword, you can use them either way. People are currently serving jail terms simple because they try to break networks they weren’t authorized to. So if you plan to use these tools negatively, you better have a rethink. And as usual, your mile may vary: standard disclaimer.
The important part here is not to show how to attack something, but to show how attackers take advantage of your mistakes. This will enable you to protect your network by avoiding the pitfalls attackers use.
Before we start, however, let me make one thing absolutely clear: I neither condone nor will we ever aid or defend those who attack networks or systems they do not own or that they have not been asked to attack. One of the greatest challenges the security community faces is lack of information on the enemy. Questions like who is the threat, why do they attack, how do they attack, what are their tools, and possibly when will they attack? It is questions like these the security community often cannot answer. For centuries military organizations have focused on information gathering to understand and protect against an enemy. To defend against a threat, you have to first know about it. However, in the information security world we have little such information.
This is about securing networks, not distributing tools to break them. Certain information systems security professionals, namely those who are charged with pen testing, have a legitimate use for these tools. In addition, to stop a criminal hacker requires the ability to think like a criminal. After all, the objective is to demonstrate what an attacker would do. Most of us have been taught from a very early age to be good law-abiding people and are simply not good at thinking up very plausible and innovative criminal schemes.
check these tools out: you can google them if you like
Ettercap - I've been personally using Ettercap for over a year and one of the most useful features I have found is it's flooding technique. Using the required plugins, you are able to bring a P4 with 512MB ram Linux server to its knees in around 40 seconds! Amongst the 20 plugins it comes with, here are the most popular:
Lamia- This plug-in allows you to become the root in a switched network that uses the STP protocol to avoid loops.
Spectre: Floods the LAN with random MAC addresses
Banshee: Described as "They kill without discretion... "
Golem: A dangerous D.O.S plugin and lastly its useful Hxx_xxx series plugins
They allow you to steal passwords and data from HTTP, POP, SMTP and a number of other types of streams.
www.nwfusion.com/bg/firewalls/firewallsr..._tablename=firewalls
www.snort.org (IDS)
tripwire(IDS)
CERT (system scanner)
black ice (IDS)
www.gfi.com/mailsecurity/wpexploitengine.htm
eeye.com (network scanner)
retina
core impact ($$) network scanner
www.securityfocus.com/data/vulnerabilities/exploits/kaht2.zip (vul scanner) <a class="bbcode_url" href="http://www.astalavista.com/tools/auditing/network/multiscanner/RPC2.zip" target="_blank" rel="nofollow noopener noreferrer">www.astalavista.com/tools/auditing/netwo...ultiscanner/RPC2.zip</a> scanner
winsock API
www.stealthnet.com
www.insecure.org/nmap
tcpdump
iris
ethereal
Ettercap (
ettercap.sourceforge.net
nesus
john the ripper
l0phtcrack
nickto
cisco scanner
sophie script
sid2user
SEQ-scan
legion
pwdump2
netcat
hping2
superscan
butrus,hydra
www.samspade.org/ssw/
securitypronews.com/securitypronews-24-2...oofingandBeyond.html
ettercap.sourceforge.net
Email tracker pro
nmap,
hping,
nc,
sing,
icmpenum,
Languard Network Scanner (GFI),
Retina (eEye).
hping3
www.tomsnetworking.com/Reviews-150-ProdID-LBU-1.php
kismet
www.foundstone.com/index.htm?subnav=reso...ources/freetools.htm AntiSniff
www.l0pht.com/antisniff/
CPM (Check Promiscuous Mode)
ftp://coast.cs.purdue.edu/pub/tools/unix/cpm/
Neped
www.apostols.org/projectz/neped/
Sentinel
www.packetfactory.net/Projects/sentinel/
ifstatus
m0n0.ch/wall/
www.ipcop.org/
www.isaserver.org
www.safesquid.com/forum
Nessus.
www.insecure.org/tools.html
www.dnsstuff.com
www.e-messenger.net/
snort-inline.sourceforge.net/
freebsd.rogness.net/snort_inline/
(
www.safer-networking.org/en/download/index.html)
www.anonymizer.com
tor.eff.org
www.controlkids.com/
cybersitter
proxomitron
Wi-Fi Defense -
www.otosoftware.com/wireless.asp
sourceforge.net/projects/yahoopops/
www.jaybe.org/info.htm
CacheDump (http://http://www.cr0.net:8040/misc/cachedump.html).
www.cr0.net:8040/misc/cachedump.html
www.oxid.it/cain.html
www.openwall.com/john/
www.paessler.com
cybersitter
websnake
webwacker
Bugtraq
Wayback machine
Gigaweb
www.security-portal.com
www.cert.org -
www.securityfocus.com/archive/1 -
www.insecure.org
seclists.org
www.eeye.com.rm.
www.nessus.com
www.zonelabs.com -
www.secinf.net
www.searchsecurity.com
www.antioffline.com - A very good library section on buffer
www.packetstormsecurity.nl - The largest selection of tools and exploits possible.