Need Help Hacking? Check this

A very good list, I think it should be a sticky.

What tools can I use? Per the CEH (Certified Ethical Hacker page) http://www.eccouncil.org/EC-Council%...se-outline.htm

Module 2: Footprinting
* Whois
* Nslookup
* ARIN
* Traceroute
* NeoTrace
* VisualRoute Trace
* SmartWhois
* Visual Lookout
* VisualRoute Mail Tracker
* eMailTrackerPro

Module 3: Scanning
* Nmap
* XMAS Scan
* Null Scan
* Windows Scan
* Idle Scan
* Nessus
* Retina
* Saint
* HPing2
* Firewalk
* NIKTO
* GFI Languard
* ISS Security Scanner
* Netcraft
* IPsec Scan
* NetScan Tools pro 2003
* THC Scan
* Friendly Pinger
* Cheops
* Security Administrator’s Tool for Analyzing Network (SATAN)
* SAFEsuite Internet Scanner
* IdentTCPScan
* PortScan Plus
* Strobe
* XPROBE2


Module 4: Enumeration
* DumpSec
* Winfo
* Solarwinds
* Enum
* SNScan
* User2sid and Sid2user
* UserInfo
* GetAcct
* DumpReg
* Trout
* Winfingerprint
* PsTools (PSFile,PSLoggedOn,PSGetSid,PSInfo,PSService,PSLis t,PSKill,
* PSSuspend, PSLogList, PSExec, PSShutdown)

Module 5: System Hacking
* NTInfoScan (CIS)
* LOphtcrack
* pwdump2 and pwdump3
* KerbCrack
* NBTdeputy
* NBName
* John the Ripper
* LAN Manager Hash
* SMBGrind
* SMBDie
* GetAdmin
* hk.exe
* IKS Software Keylogger
* Ghost Keylogger
* Hardware Key Logger
* Spyware Spector
* eBlaster
* DiSi-Steganograph
* EZStego
* Gif-It-Up v1.0
* Gifshuffle
* Hide and Seek
* JPEG-JSTEG
* MandelSteg and GIFExtract
* Mp3Stego
* Nicetext
* Pretty Good Envelope
* OutGuess
* SecurEngine
* Stealth
* Snow
* Steganography Tools 4
* Steganos
* Steghide
* Stegodos
* Stegonosaurus
* StegonoWav
* wbStego
* Image Hide
* MP3Stego
* StegonoWav
* Snow.exe
* Camera/Shy
* elsave.exe
* WinZapper
* Fu
* Vanquish
* Patchfinder 2.0

Module 6: Trojans and Backdoors
* Beast 2.06
* Phatbot
* Senna Spy
* CyberSpy
* Remote Encrypted Callback UNIX Backdoor (RECUB)
* Amitis
* QAZ
* Back Orifice
* Back Orifice 2000
* Tini
* NetBus
* SubSeven
* Netcat
* Subroot
* Let me Rule 2.0 Beta 9
* Donald Dick
* Graffiti.exe
* EliteWrap
* IconPlus
* Restorator
* Whack-a-mole
* Firekiller 2000
* BoSniffer
* Wrappers
* Packaging Tool : Wordpad
* Hard Disk Killer (HDKP 4.0)
* Loki Countermeasures
* fPort
* TCP View
* Tripwire
* Trojan horse Construction Kit
* Anti-Trojan
* Evading Anti-Trojan/Anti-Virus using Stealth Tools v 2.0

Module 7: Sniffers
* Ethereal
* Dsniff
* Sniffit
* Aldebaran
* Hunt
* NGSSniff
* Ntop
* pf
* IPTraf
* Etherape
* Netfilter
* Network Probe
* Maa Tec Network Analyzer
* Snort
* Macof, MailSnarf, URLSnarf, WebSpy
* Windump
* Etherpeek
* Ettercap
* SMAC
* Mac Changer
* Iris
*NetIntercept
* WinDNSSpoof
* NetIntercept
* TCPDump
* Gobbler
* ETHLOAD
* Esniff
* Sunsniff
* Linux_sniffer
* Sniffer Pro

Module 8: Denial of Service
* Smurf
* Teardrop
* Jolt2
* Bubonic.c
* Land and LaTierra
* Targa
* Trin00
* Tribe Flow Network (TFN)
* TFN2K
* Stacheldraht
* Shaft
* Trinity
*Knight
*Mstream
* Kaiten
* ipgrep
* tcpdstat
* findoffer
* DDoS Countermeasures
* Defensive Tool: Zombie Zapper
* Worms: Slammer and MyDoom.B

Agreed, this should be sticky. Heres my contribution

http://new.remote-exploit.org/index.php/Auditor_tools

Its a live CD with a lot of the tools hackajar mentioned on it, plus a lot more. Useful for those that dont have their own toolkit or need something on the fly. I just like it because its got just about every public tool thats worth a crap on it. So i can use that and keep my personal/private tools on another disc.

Also, it took some time for these guys to put this all together in order to save you time tracking these tools down from different sources, so make a donation if you like it (I'm not affiliated with this project, nor do I even know the people who are, I just am a firm believer in positive reinforcement)

better search

ran a search on the forum looking for inputs on zone alarm security Suite, didn't find much, guess no one here uses such animal.
Just flying the net keeping the mind a float, no old info please as in pre 05.

Out Of The Inner Circle
Hap

The only thing I got was that astcell hates it.

As far as "input", I assume you mean people's advice about it. Search for "Zone Alarm" and you will see many users, including moderators recommend using it in addition to other applications.

My meager contribution is a couple of steganography/steganalysis tools:

JPHide
JPSeek/JPFind
Camouflage

Also, I've found a pretty good ENIGMA simulator which might be of some use (coupled, for example, with a good steg tool) here: http://users.telenet.be/d.rijmenants/en/enigmasim.htm

I don't know if there are any ENIGMA simulators for other operating systems, but I believe that JPSeek, JPFind, and JPHide all have *NIX binaries.

Nice cd. I've always been partial to the Knoppix STD, but after reading this thread starting looking for other options. One I've always wanted was a similar security cd but one that fit on a credit card cd. It would be just one more tool used in analysis.

For instance, a site has extreme physical security measures and includes items like bag checking, policies concerning no USB keyfobs, no cds from home (recognizable by the bulky carrier), etc, etc. I haven't seen them open up a wallet and go through contents.

What about deep/cargo pockets on pants - would they search those, or would pants with that kind of pocket be banned from the site?

Just a thought - if pants with deep/cargo pockets aren't banned/searched, that might be another way to go (with the credit card CD as a backup).

If you are going to a site where they do a pat down in addition to a metal detector, you might also be subject to a hard object scan where any type of solid object will flag the scanner.

Of course, if you are going through that much security, it's not out of the question for them to just take your clothes and gear, and issue you clothes to wear while on site along with whatever approved equipment.

Makes sense that really high-security places would do that sort of thing (like the Wildfire complex in Michael Crichton's The Andromeda Strain - good book, that).

Myself, I used to work at a tax-processing centre (until they renegotiated the payroll contract, and agreed to the "new background checks through ChoicePoint" clause even though they knew about ChoicePoint's shitty data security - and I do mean shitty, they should have been running background checks on their customers, not just for their customers, which likely would have stopped about half the identity thieves who conned ChoicePoint into giving them the data they needed to commit more identity thefts), and the security . . .

Well, let's just say that I wasn't terribly impressed, yeah?

At this point in the post, I expected something relevant, something from experience entering hardened facilities with possible physical penetration testing, or even something relevant to Security tools used in auditing. Instead...
Is there anything from your 'work' at the a tax-processing center that would be relevant to the current topic? I truly am interested what kind of controls a financial center with critical data like that might have (considering of course that they are subjected already to the normal federal 'policies' and such).

These are really good lists of most penetration testers..Nice one

Nice tools im just wondering where can i get this tools. Some of the auditing tools and security tools are in the freebsd ports some are not so do you guys mind telling us where to get this tools

I know this is a no-brainer but this *is*a newbie type thread...
http://www.insecure.org/tools.html
A meager contribution.

Al