From: Fyodor [fyodor@insecure.org] Sent: Wednesday, June 07, 2000 3:18 AM To: nmap-hackers@insecure.org Subject: Nmap Users Favorite Tools! I have compiled a list of the favorite tools of nmap-hackers based on your responses to the recent survey. Commercial and open source tools were allowed on any platforms. I'm pleased to say that almost 2,000 tool entries were received (each respondant left 0-5). I took those entries and combined the counts where neccessary (eg ISS == Internet Security Scanner). I took out Nmap since the survey was from the nmap-hackers list. Then I grabbed the top 50 tools, and tracked down the appropriate URLs for each. I think you guys chose very well! These are all wonderful tools, and I think anyone in the security field would be well advisted to go over the list and investigate any tools they are unfamiliar with. I'm going to put this up on Insecure.Org and also point newbies to it whenever they write me saying "I don't know where to start". Maybe at some point we should do a survey for the most popular papers. You'll note that the list has a '--' at the end of each line. I was going to put a short description of each tool there. But I ran out of stamina after making the list and tracking down all the URLs. If anyone wants to take on the task of summarizing each tool, that would be greatly appreciated. Send your results to the list. I'll also use them when I put this up on the Web. Note that in many cases you can probably crib the summaries from freshmeat.net or near the top of the URLs indicated. Without further ado, here are your 50 favorite tools (starting with the most popular): Nessus -- http://www.nessus.org -- Netcat -- http://www.l0pht.com/~weld/netcat/ (unofficial site) -- Tcpdump -- http://www.tcpdump.org -- Snort -- http://www.snort.org -- SAINT -- http://www.wwdsi.com/saint/ -- Ethereal -- http://ethereal.zing.org/ -- Whisker -- http://www.wiretrip.net/rfp/p/doc.asp?id=21&iface=2 -- Internet Security Scanner -- www.iss.net (COMMERCIAL) -- Abacus Portsentry -- http://www.psionic.com/abacus/portsentry/ -- DSniff -- http://naughty.monkey.org/~dugsong//dsniff/ -- Tripwire -- http://www.tripwire.com/ (COMMERCIAL) -- Cybercop Scanner -- http://www.pgp.com/asp_set/products/tns/ccscanner_intro.asp (COMMERCIAL) -- Hping2 -- http://www.kyuzz.org/antirez/hping/ -- SARA -- http://www-arc.com/sara/ -- Sniffit -- http://reptile.rug.ac.be/~coder/sniffit/sniffit.html -- SATAN -- http://www.fish.com/satan/ -- IPFilter -- http://coombs.anu.edu.au/ipfilter/ -- ipfwadm/ipchains/netfilter/iptables -- http://netfilter.kernelnotes.org/ -- Firewalk -- http://www.packetfactory.net/Projects/Firewalk/ -- Strobe -- http://www.insecure.org/nmap/index.html#other (unofficial site) -- L0pht Crack -- http://www.l0pht.com/l0phtcrack/ (COMMERCIAL) -- John The Ripper -- http://www.openwall.com/john/ -- Hunt -- http://www.cri.cz/kra/index.html#HUNT -- OpenSSH -- http://www.openssh.com/ -- tcp wrappers -- ftp://ftp.porcupine.org/pub/security/index.html -- SSH -- http://www.ssh.com/commerce/index.html (some versions COMMERCIAL) -- Ntop -- http://www.ntop.org -- traceroute/ping/telnet/NAT -- http://www.linux.com (or most other UNIX) -- scanlogd -- http://www.openwall.com/scanlogd/ -- sam spade -- http://www.samspade.org/ -- NFR -- http://www.nfr.com (COMMERCIAL) -- logcheck -- http://www.psionic.com/abacus/logcheck/ -- Shadow -- ftp://piast.t19.ds.pwr.wroc.pl/pub/linux/shadow/shadow-current.tar.gz -- Perl -- http://www.perl.org -- Ngrep -- http://www.packetfactory.net/Projects/ngrep/ -- Cheops -- http://www.marko.net/cheops/ -- Vetescan -- http://www.self-evident.com/ -- Retina -- http://www.eeye.com/html/Products/Retina.html -- Libnet -- http://www.packetfactory.net/libnet/ -- crack -- http://www.users.dircon.co.uk/~crypto/ -- Cerberus Internet Scanner -- http://www.cerberus-infosec.co.uk/cis.shtml -- Swatch -- http://www.stanford.edu/~atkins/swatch/ -- OpenBSD -- http://www.openbsd.org -- Nemesis -- http://www.packetfactory.net/Projects/nemesis/ -- LSOF -- ftp://vic.cc.purdue.edu/pub/tools/unix/lsof/ -- Lids -- http://www.turbolinux.com.cn/lids/ -- IPTraf -- http://cebu.mozcom.com/riker/iptraf/ -- IPLog -- http://ojnk.sourceforge.net/ -- Fragrouter -- http://www.anzen.com/research/nidsbench/ -- Queso -- http://www.apostols.org/projectz/queso/ -- -------------------------------------------------- For help using this (nmap-hackers) mailing list, send a blank email to nmap-hackers-help@insecure.org . List run by ezmlm-idx (www.ezmlm.org).