Armory
hping 
(1 rating)
hping is a command-line oriented TCP/IP packet assembler/analyzer. The interface is inspired to the ping(8) unix command, but hping isn't only able to send ICMP echo requests. It supports TCP, UDP, ICMP and RAW-IP protocols, has a traceroute mode, the ability to send files between a covered channel, and many ...
Kismet (1 rating)
Kismet is an 802.11 layer2 wireless network detector, sniffer, and intrusion detection system. Kismet will work with any wireless card which supports raw monitoring (rfmon) mode, and can sniff 802.11b, 802.11a, and 802.11g traffic. Kismet identifies networks by passively collecting packets and detecting standard named networks, detecting (and given time, ...
PsTools (1 rating)
A suite of CLI tools for remote and local administration of Windows machines. Includes: * PsExec - execute processes remotely * PsFile - shows files opened remotely * PsGetSid - display the SID of a computer or a user * PsInfo - list information about a system * PsKill - ...
ngrep (1 rating)
ngrep strives to provide most of GNU grep's common features, applying them to the network layer. ngrep is a pcap-aware tool that will allow you to specify extended regular or hexadecimal expressions to match against data payloads of packets. It currently recognizes TCP, UDP, ICMP, IGMP and Raw protocols across ...
Angry IP Scanner (1 rating)
Angry IP Scanner is an open-source and cross-platform network scanner designed to be fast and simple to use. It scans IP addresses and ports as well as has many other features. It is widely used by network administrators and just curious users around the world, including large and small enterprises, ...
Kiwi CatTools (2 ratings)
Kiwi CatTools automates configuration backups and management on routers, switches and firewalls. It provides e-mail notification and compare reports highlighting config changes. Supports Telnet, SSH, TFTP and SNMP.
dynamips 
(3 ratings)
Dynamips is able to emulate Cisco hardware by running an unmodified IOS image on commodity PC hardware. Cisco 2600, 3600, 3700, and 7200 series routers are supported, as well some generic virtual devices like frame relay and Ethernet switches. Dynamips is developed by Christophe Fillot. A front end like [Dynagen](/armory/dynagen/) ...
mturoute (1 rating)
mturoute.exe is a small command line application that uses ICMP pings of various sizes in order to determine the MTU values on the path between itself and the target system. It also includes a "traceroute" like mode where it will attempt to determine the lowest MTU between the local host ...
SolarWinds Real-time NetFlow Analyzer (1 rating)
Once you’ve turned on NetFlow, Real-time NetFlow Analyzer captures and analyzes this data in real time to show you exactly what types of traffic are on your network, where that traffic is coming from, and where it is going. Finally, you can take the guesswork out of diagnosing network traffic ...
Advanced IP Address Calculator (1 rating)
Advanced IP Address Calculator is an easy-to-use IP subnet calculator that lets you calculate every aspect of your subnet configuration in a few mouse clicks! The calculator generates a color-coded bit map, breaking down the network, subnet, and host portion. It shows you the subnet host address range, the subnet ...
Firewall Builder (2 ratings)
Firewall Builder is a GUI firewall configuration and management tool that supports iptables (netfilter), ipfilter, pf, ipfw, Cisco PIX (FWSM, ASA) and Cisco routers extended access lists. Firewall Builder uses object-oriented approach, it helps administrator maintain a database of network objects and allows policy editing using simple drag-and-drop operations.
NetStumbler (3 ratings)
NetStumbler is a tool for Windows that allows you to detect Wireless Local Area Networks (WLANs) using 802.11b, 802.11a and 802.11g. It can be used for locating access points, mapping wireless coverage, calibrating antennas, and much more. Its counterpart, MiniStumbler, is available for mobile platforms.
ettercap
Ettercap is a suite for man in the middle attacks on LAN. It features sniffing of live connections, content filtering on the fly and many other interesting tricks. It supports active and passive dissection of many protocols (even ciphered ones) and includes many feature for network and host analysis.
Nikto
Nikto is an Open Source (GPL) web server scanner which performs comprehensive tests against web servers for multiple items, including over 3500 potentially dangerous files/CGIs, versions on over 900 servers, and version specific problems on over 250 servers. Scan items and plugins are frequently updated and can be automatically updated ...
THC-Hydra
A very fast network logon cracker which support many different services. Currently this tool supports: TELNET, FTP, HTTP, HTTPS, HTTP-PROXY, SMB, SMBNT, MS-SQL, MYSQL, REXEC, RSH, RLOGIN, CVS, SNMP, SMTP-AUTH, SOCKS5, VNC, POP3, IMAP, NNTP, PCNFS, ICQ, SAP/R3, LDAP2, LDAP3, Postgres, Teamspeak, Cisco auth, Cisco enable, LDAP2, Cisco AAA (incorporated ...
dsniff
dsniff is a collection of tools for network auditing and penetration testing. dsniff, filesnarf, mailsnarf, msgsnarf, urlsnarf, and webspy passively monitor a network for interesting data (passwords, e-mail, files, etc.). arpspoof, dnsspoof, and macof facilitate the interception of network traffic normally unavailable to an attacker (e.g, due to layer-2 switching). ...
THC-Amap
Amap is a next-generation tool for assisting network penetration testing. It performs fast and reliable application protocol detection, independent on the TCP/UDP port they are being bound to.
GFI LANguard
GFI LANguard Network Security Scanner (N.S.S.) is an award-winning solution that allows you to scan, detect, assess and rectify any security vulnerabilities on your network. As an administrator, you often have to deal separately with problems related to vulnerability issues, patch management and network auditing, at times using multiple products. ...
Retina
Retina Network Security Scanner, identifies known and zero day vulnerabilities plus provides security risk assessment, enabling security best practices, policy enforcement, and regulatory audits.
Process Monitor
Process Monitor is an advanced monitoring tool for Windows that shows real-time file system, Registry and process/thread activity. It combines the features of two legacy Sysinternals utilities, Filemon and Regmon, and adds an extensive list of enhancements including rich and non-destructive filtering, comprehensive event properties such session IDs and user ...
ShareEnum
An aspect of Windows NT/2000/XP network security that's often overlooked is file shares. A common security flaw occurs when users define file shares with lax security, allowing unauthorized users to see sensitive files. There are no built-in tools to list shares viewable on a network and their security settings, but ...
Streams
The NTFS file system provides applications the ability to create alternate data streams of information. By default, all data is stored in a file's main unnamed data stream, but by using the syntax 'file:stream', you are able to read and write to alternates. Not all applications are written to access ...
Disk Usage
Du (disk usage) reports the disk space usage for the directory you specify. By default it recurses directories to show the total size of a directory and its subdirectories.
AD Explorer
Active Directory Explorer (AD Explorer) is an advanced Active Directory (AD) viewer and editor. You can use AD Explorer to easily navigate an AD database, define favorite locations, view object properties and attributes without having to open dialog boxes, edit permissions, view an object's schema, and execute sophisticated searches that ...
AutoRuns
This utility, which has the most comprehensive knowledge of auto-starting locations of any startup monitor, shows you what programs are configured to run during system bootup or login, and shows you the entries in the order Windows processes them. These programs include ones in your startup folder, Run, RunOnce, and ...
TCPView
TCPView is a Windows program that will show you detailed listings of all TCP and UDP endpoints on your system, including the local and remote addresses and state of TCP connections. On Windows Server 2008, Vista, NT, 2000 and XP TCPView also reports the name of the process that owns ...
LogonSessions
If you think that when you logon to a system there's only one active logon session, this utility will surprise you. It lists the currently active logon sessions and, if you specify the -p option, the processes running in each session. LogonSessions works on Windows 2000 and higher.
Ophcrack
Ophcrack is a Windows password cracker based on rainbow tables. It is a very efficient implementation of rainbow tables done by the inventors of the method. It comes with a GTK+ Graphical User Interface and runs on Windows, Mac OS X (Intel CPU) as well as on Linux. Cracks LM ...
SID&User
SID&User is a freeware tool for extracting SIDs and account names from Windows NT/2000/XP/2003.