Armory
Xprobe2
Written and maintained by Fyodor Yarochkin, Meder Kydyraliev and Ofir Arkin, Xprobe (I & II) is an active OS fingerprinting tools based on Ofir Arkins ICMP Usage In Scanning Research project.Xprobe is an alternative to some tools which are heavily dependent upon the usage of the TCP protocol for remote ...
lsof
lsof is a Unix-specific diagnostic tool. Its name stands for LiSt Open Files, and it does just that. It lists information about any files that are open by processes currently running on the system. It can also list communications open by each process.
RainbowCrack
RainbowCrack is a general propose implementation of Philippe Oechslin's faster time-memory trade-off technique. In short, the RainbowCrack tool is a hash cracker. A traditional brute force cracker try all possible plaintexts one by one in cracking time. It is time consuming to break complex password in this way. The idea ...
ike-scan
ike-scan is a command-line tool that uses the IKE protocol to discover, fingerprint and test IPsec VPN servers.
arpwatch
arpwatch is an open-source software that monitors a computer network for ARP-activity. It generates a log of IP address-MAC address pairings along with a timestamp when the pairing appeared on the network. The first and foremost reason to monitor ARP activity is to detect ARP spoofing. It is developed by ...
nemesis
Nemesis is a command-line network packet injection utility for UNIX-like and Windows systems. You might think of it as an EZ-bake packet oven or a manually controlled IP stack. With Nemesis, it is possible to generate and transmit packets from the command line or from within a shell script. Nemesis ...
Yersinia
Yersinia is a network tool designed to take advantage of some weakeness in different network protocols. It pretends to be a solid framework for analyzing and testing the deployed networks and systems. Currently, there are some network protocols implemented, but others are coming (tell us which one is your preferred). ...
fragroute
fragroute intercepts, modifies, and rewrites egress traffic destined for the specified host, implementing most of the attacks described in the Secure Networks "Insertion, Evasion, and Denial of Service: Eluding Network Intrusion Detection'' paper of January 1998. Unlike fragrouter(8), this program only affects packets originating from the local machine destined for ...
socat
socat is a relay for bidirectional data transfer between two independent data channels. Each of these data channels may be a file, pipe, device (serial line etc. or a pseudo terminal), a socket (UNIX, IP4, IP6 - raw, UDP, TCP), an SSL socket, proxy CONNECT connection, a file descriptor (stdin ...
chntpw
chntpw is an offline NT password and registry editor. It can be used to blank or reset passwords on Windows NT/2000/XP/2003 machines, as well as manipulate the registry. It is provided primarily as a boot CD image, but can also be installed on a permanent Linux system.
nipper
Nipper processes network device configuration files, performs a security audit and outputs a security report with recommendations and a configuration report. Nipper supports a variety of devices from Cisco, Juniper, CheckPoint, Nortel and SonicWALL. Reports can be generated in HTML, XML, LaTeX, or plain text. Check out the online version ...
EIGRP-tools
EIGRP-tools is a custom EIGRP packet generator and sniffer combined. It was developed to test the security and overall operation quality of the EIGRP routing protocol. Using this tool requires you to have the requisite background knowledge of EIGRP, packets structure/types, alongside a good working background of the Layer 3 ...
driftnet
Inspired by EtherPEG, Driftnet is a program which listens to network traffic and picks out images from TCP streams it observes. Fun to run on a host which sees lots of web traffic.
VoIP Hopper
VoIP Hopper is a GPLv3 licensed security tool, written in C, that rapidly runs a VLAN Hop into the Voice VLAN on specific Ethernet switches. VoIP Hopper does this by mimicking the behavior of an IP Phone, in both Cisco and Avaya IP Phone environments. VoIP Hopper is a VLAN ...
SING
SING stands for 'Send ICMP Nasty Garbage'. It is a tool that sends ICMP packets fully customized from command line. Its main purpose is to replace the ping command but adding certain enhancements (Fragmentation, spoofing,...)
ethtool
ethtool is used to query and modify low-level NIC settings, like speed, duplex, and autonegotiation.
Tcpreplay
Tcpreplay is a suite of BSD licensed tools written by Aaron Turner for UNIX (and Win32 under Cygwin) operating systems which gives you the ability to use previously captured traffic in libpcap format to test a variety of network devices. It allows you to classify traffic as client or server, ...
tcpflow
tcpflow is a program that captures data transmitted as part of TCP connections (flows), and stores the data in a way that is convenient for protocol analysis or debugging. A program like 'tcpdump' shows a summary of packets seen on the wire, but usually doesn't store the data that's actually ...
ipsumdump
The ipsumdump program summarizes TCP/IP dump files into a self-describing ASCII format easily readable by humans and programs. Ipsumdump can read packets from network interfaces, from tcpdump files, and from existing ipsumdump files. It will transparently uncompress tcpdump or ipsumdump files when necessary. It can randomly sample traffic, filter traffic ...
Netdude
The Network Dump data Displayer and Editor is a framework for inspection, analysis and manipulation of tcpdump trace files. It addresses the need for a toolset that allows easy inspection, modification, and creation of pcap/tcpdump trace files.
sipsak
sipsak is a small command line tool for developers and administrators of Session Initiation Protocol (SIP) applications. It can be used for some simple tests on SIP applications and devices.
mtr
mtr combines the functionality of the traceroute and ping programs in a single network diagnostic tool. As mtr starts, it investigates the network connection between the host mtr runs on and HOSTNAME by sending packets with purposefully low TTLs. It continues to send packets with low TTL, noting the response ...
lft
LFT, short for Layer Four Traceroute, is a sort of 'traceroute' that often works much faster (than the commonly-used Van Jacobson method) and goes through many configurations of packet-filters (firewalls). More importantly, LFT implements numerous other features including AS number lookups through several reliable sources, loose source routing, netblock name ...
whob
WhoB is a likable whois client designed to provide everything a network engineer needs to know about a routed IP address by typing one line and reading one line. But even so, it's worth typing a few more lines because WhoB can do lots of other cool things for you! ...
IPCop
IPCop Firewall is a Linux firewall distribution geared towards home and SOHO (Small Office/Home Office) users. The IPCop interface is very user-friendly and task-based. IPCop offers the critical functionality of an expensive network appliance using stock, or even obsolete, hardware and OpenSource Software. IPCop lets you take an old PC ...
Web Developer
Web Developer is a nifty Firefox extension which provides some very handy tools for web developers, including CSS manipulation, object highlighting, code validation, browser resizing, and lots more.
packETH
packETH is a Linux GUI packet generator tool for Ethernet. It allows you to create and send any possible packet or sequence of packets on the Ethernet.
Paros
Paros is an HTTP and HTTPS proxy application written in Java. It allows for easy interception and manipulation of web traffic to and from a client.
MRTG
The Multi Router Traffic Grapher (MRTG) is a tool to monitor the traffic load on network links. MRTG generates HTML pages containing PNG images which provide a LIVE visual representation of this traffic.