Having the right tool can make the testing and analysis of infrastructure security much easier. Listed next are some sites that maintain various security tools:
DumpSec is a GUI Windows-based enumeration tool that can provide account information, RID information, open shares, and more. The link is shown as follows:
www.somarsoft.com
A nice list of bootable Linux CDs is available at the following address. Many of these have really good distributions of tools preconfigured and ready to go that will be of aid to those doing security work.
www.frozentech.com/content/livecd.php
Cain and Abel is a GUI Windows-based password cracking and enumeration tool that is free to download at
www.oxid.it
NetStumbler is the leading wireless scanning tool used to identify and enumerate 802.11 wireless networks. You can download it at
www.netstumbler.org
Nmap is an open source Windows and Linux scanning tool. To learn more about it or download the tool, visit the following link:
www.insecure.org
SuperScan is a Windows scanning tool for TCP and UDP. It's available for free from Foundstone at
www.foundstone.com/resources/freetools.htm
Scanrand is another useful security tool that is free to download from the following url:
www.lurhq.com/scanrand_dissected.pdf
TCH-Amap is a valuable scanning tool that is free to download at
http://thc.org/thc-amap/
John the Ripper is a Linux and Windows password-cracking tool that can be used to audit the strength of your passwords. It can be downloaded from
www.openwall.com/john
SNORT is a great open source IDS tool available for Windows and Linux. SNORT can be downloaded at the following site:
www.snort.org
Packetyzer is Ethereal with a new interface. It's free to download from:
www.networkchemistry.com/products/packetyzer
Rainbowcrack is a password-cracking tool that works off of the fast time-memory trade-off technique. You can download it at
www.antsight.com/zsl/rainbowcrack
Ophcrack is another password-cracking tool that uses the fast time-memory trade-off technique. You can download it from the following site:
http://lasecwww.epfl.ch/~oechslin/projects/ophcrack/
Nessus is one of the premiere open source scanning tools. You can download it from the following site:
www.nessus.org
Metasploit is an exploit and vulnerability assessment tool. You can download it at:
www.metasploit.com
Introduction to Assessing Network Vulnerabilities
Foundations and Principles of Security
Why Risk Assessment
Risk-Assessment Methodologies
Scoping the Project
Understanding the Attacker
Performing the Assessment
Tools Used for Assessments and Evaluations
Preparing the Final Report
Post-Assessment Activities
Appendix A. Security Assessment Resources
Appendix B. Security Assessment Forms
Appendix C. Security Assessment Sample Report
Appendix D. Dealing with Consultants and Outside Vendors
Appendix E. SIRT Team Report Format Template