Академический Документы
Профессиональный Документы
Культура Документы
http://www.security-database.com/toolswatch/IT-Security-and-
Auditing-Softwares.html?artpage=1-6
Since we have started IT security auditing and assessment, we have tested and used tons of tools,
utilities and softwares. A lot of them were discontinuted, closed their code or just bought by vendors.
But (hopefully), the best are still alive.
Now, by the end of the year 2007, i become slightly melancholic and decide to release a survey of the
most efficient IT Security Softwares for auditors, security administrators and pentesters.
However, I deeply think that every little script or utility wrote by individual developer or hacker is a
gem. Just take a look at sourceforge project repositories to be amazed. They will continue to serve us
for years to come.
Scoring criteria
This survey was based upon specific criteria, so the classification reflects only our opinion at the
moment of writing this article.
Criteria Comment
Updates and maintenance Frequency of updates (database, signature, plugins and addons).
Maintenance ( bug fixes, bug reporters, support...). Future
releases and roadmap.
Use of standards and metrics Use of security metrics and standards (CVE, CVSS, XCCDF, OVAL,
CPE, SANS TOP20, OWASP..)
Security-Database Track Popularity Average of visits and downloads. Based on our internal stats
during the year 2007.
Penetration Tests
Recommended/Excelle
Category Best
nt
Information Gathering Maltego GUI and Web based ex aequo : SEAT (Search
Engine Assessment
Tool)) & RevHosts
Application scanners W3AF : Web Application Attack Audit ex aequo: Paros Proxy &
Framework Nikto
Methodologies
Recommended/Excelle
Document Best
nt
Recommended/Excelle
Category Best
nt
Unix auditing ex aequo : CIS Scoring Tools & Tiger ex aequo : Babel
Security Tool Enterprise & OVAL Unix
interpreters (Sussen,
Debian, Fedora,
OpenSuse)
Methodologies
Recommended/Excelle
Document Best
nt
Recommended/Excelle
Category Best
nt
Name Link
Maltego http://www.paterva.com
SEAT http://midnightresearch.com
RevHosts http://www.revhosts.org
NMap http://www.nmap.org
W3AF http://w3af.sourceforge.net
Nikto http://www.cirt.net/code/nikto.shtml
Metasploit http://www.metasploit.com
Inguma http://inguma.sourceforge.net
AirCrack-NG http://www.aircrack-ng.org
AiroScript http://airoscript.aircrack-ng.org
BackTrack http://www.remote-exploit.org
NST http://networksecuritytoolkit.org
WinAudit http://www.pxserver.com/WinAudit.htm
SysInternals http://www.sysinternals.com
NCat http://ncat.sourceforge.net
OphCrack http://ophcrack.sourceforge.net
FindBugs http://findbugs.sourceforge.net
Russix www.russix.com
SiVus http://www.vopsecurity.org
Commercial softwares
Name Link
WebInspect www.spidynamics.com
Name Link
OSSTMM http://www.isecom.org/