Vic Bhatia | Network Security

NMAP	Uses raw IP packets in novel ways to determine what hosts are available on the network, what services (ports) they are offering, what operating system (and OS version) they are running, what type of packet filters/firewalls are in use, and dozens of other characteristics.
scanlogd	Monitors network packets and if a threshold is exceeded it logs the packets.
Nessus	Remote security scanner.
Ethereal	Network protocol analyzer.
Snort	IDS.
Netcat	Reads and writes data across network connections, using TCP or UDP.
TCPDump / WinDump	Sniffer.
hping2	Assembles and sends custom ICMP/UDP/TCP packets and displays any replies.
DSniff	Suite of network auditing and penetration-testing tools.
Ettercap	Terminal based network sniffer/interceptor/logger for ethernet LANs. It supports active and passive dissection of many protocols.
Whisker / Libwhisker	CGI vulnerability scanner.
John the Ripper	Password hash cracker.
Nikto	Web scanner.
Kismet / Netstumbler / Wellenreiter	Wireless Sniffer
SARA	Security Auditor's Research Assistant. Vulnerability assessment tool derived from SATAN.
AirSnort	802.11 WEP Encryption Cracking Tool
NBTScan	Gathers NetBIOS information from Windows networks.
NGrep	Packet matching and display.
THC-Amap	Application fingerprinting scanner which probes each port to identify applications and services rather than relying on static port mapping.
NTop	Network traffic usage monitor.
Nemesis	Command line-based, portable human IP stack. The suite is broken down by protocol, and allows scripting of injected packet streams from shell scripts.
LSOF	Lists information about any files that are open by processes currently running on the system. It can also list communications sockets open by each process.
Hunt	It can watch TCP connections, intrude into them, or reset them. It is meant to be used on Ethernet, and has active mechanisms to sniff switched connections. Advanced features include selective ARP relaying and connection synchronization after attacks.
Honeyd	Daemon that creates virtual hosts on a network.
Achilles	Windows web attack proxy.
Paketto Keiretsu	Collection of tools.
Fragroute	Tool for testing intrusion detection systems.
SPIKE Proxy	HTTP Proxy for finding security flaws in web sites.
THC - Hydra	Parallized network authentication cracker.
Firewalk	Firewalk is a program that uses a traceroute style of packets to scan a firewall and attempt to deduce the rules in place on that firewall. By sending out packets with various time to lives and seeing where they die or are refused a firewall can be tricked into revealing rules.
SPY	Multi-protocol sniffer.

RSBAC	Rule Set Based Access Control is a comprehensive set of patches and utilities to control various aspects of the system, from file system ACL's and up.
LOMAC	Low Water-Mark Mandatory Access Control for Linux is a set of kernel patches to enhance Linux security.
auditd	Allows use of kernel logging facilities. One can log mail messages, system events, and other normal events syslog would cover. In addition, once can cover events such as specific users opening files, program execution, setuid operations etc.
Fork Bomb Defuser	A loadable kernel module that allows one to control the maximum number of processes per user, and the maximum number of forks.
Netfilter	Packet filter implemented in the standard Linux kernel.
LIDS	This patch adds a number of interesting capabilities, primarily aimed at attack detection. One can "lock" file mounts, firewall rules, and a variety of other interesting options are available.

AIDE	Tripwire replacement.
ViperDB	ViperDB checks setuid/setgid programs and folders and can notify, via syslog, of any changes or reset their permissions and ownership to what they should be.
Pikt	Pikt is a scripting language aimed at system administration. It allows you to do things such as killing off idle user processes, enforcing mail quotas, monitor the system for suspicious usage patterns (off hours, etc), and much more.

Network Security Tools