Network Security

METASPLOIT FRAMEWORK :-

2009-10-24T09:53:00.003+05:30

Hack the Planet

Metasploit took the security world by storm when it was released in 2004. No other new tool even broke into the top 15 of this list, yet Metasploit comes in at #5, ahead of many well-loved tools that have been developed for more than a decade. It is an advanced open-source platform for developing, testing, and using exploit code. The extensible model through which payloads, encoders, no-op generators, and exploits can be integrated has made it possible to use the Metasploit Framework as an outlet for cutting-edge exploitation research. It ships with hundreds of exploits, as you can see in their online exploit building demo. This makes writing your own exploits easier, and it certainly beats scouring the darkest corners of the Internet for illicit shellcode of dubious quality. Similar professional exploitation tools, such as Core Impact and Canvas already existed for wealthy users on all sides of the ethical spectrum. Metasploit simply brought this capability to the masses.

DOWNLOAD

CLICK Here:-METASPLOIT FRAMEWORK

RUSSIA BLAMED WITH CYBERATTACK ON POLAND

2009-10-24T09:38:00.004+05:30

Leaked details by the Polish newspaper Rzeczpospolita indicate a large but unsuccessful attack on Polish Government systems which originated in Russia last month.The details indicate that the attack coincided with the 70th anniversary of the outbreak of World War Two and was coordinated at the same time when Russian President Vladimir Putin visited Poland.
The attack might have been referenced to the anniversary of infamous invasion of Poland by Nazi Germany and the Soviet Union on September 1939 under the secret terms of the Molotov–Ribbentrop non-aggression pact,however its still unclear as actual reason have not surfaced..yet.
Russia has been in news as the disputes between Russia and its neighbors have made their way over the Internet in recent years. and For example, Russian Hackers have been quite nefarious over cyberattacks at Georgia last year and security researchers subsequently blamed the attacks on civilians and Russian cyber-crime gangs.
The Internet infrastructure of Estonia was ripped apart in April 2007, following a dispute over the relocation of Soviet-era war memorials and graves.

SECURITY TOOL

2009-06-09T11:50:00.005+05:30

RPCScan v2.03

RPCScan v2.03 is a Windows based detection and analysis utility that can quickly and accurately identify Microsoft operating systems that are vulnerable to the multiple buffer overflow vulnerabilities released in the MS03-026 and MS03-039 bulletins.
RPCScan v2.03 is intended for use by enterprise system and network administrators as a fast and reliable utility for identifying at risk Microsoft systems in a passive manner. This tool is non-abrasive in nature and may be run in production environments during production hours.

DIRE v1.0

The ability to register applications that can then be automatically initiated by Windows is a powerful feature today that enhances the end user’s experience and furthermore enables system administrators to exert complete control over the machines in their environment. However, attackers can target these same systems by exploiting ‘insecurely registered applications’ on target systems. Foundstone has released a free tool called Foundstone DIRE, which allows users/system administrators to identify “insecurely registered applications” on their systems.

CIScan v1.0

CIScan is intended for use by system and network administrators as a fast and reliable utility for identifying potentially at risk Cisco devices in a passive manner. This tool may be run in production environments during production hours.

SECURITY LINUX

2009-06-09T00:22:00.004+05:30

Lynis 1.2.6

Lynis is an auditing tool for Unix (specialists). It scans the system and available software, to detect security issues. Beside security related information it will also scan for general system information, installed packages and configuration mistakes.
This software aims in assisting automated auditing, software patch management, vulnerability and malware scanning of Unix based systems. It can [...]

BackTrack

The Remote Exploit Development Team is happy to announce the release of BackTrack 4 Beta. In this latest version of BackTrack 4 there have been some conceptual changed and some new and exciting features. The most significant of these changes is the expansion from the realm of a Pentesting LiveCD towards a full blown “Distribution”.Now [...]

Lynis - Security

Lynis is an auditing tool for Unix (specialists). It scans the system and available software, to detect security issues. Beside security related information it will also scan for general system information, installed packages and configuration mistakes.
This is a tool that might be useful for both penetration testers performing white box tests and system admins trying to secure their own systems.

SECURITY FORENSICS

2009-06-08T23:49:00.004+05:30

ScreenStamp

ScreenStamp! is basically a screen grabbing application for pen-testing and people working in forensics. The app will ask you for a location to save your screen shots to, along with a name that the program will number, allowing the user to concentrate on the job at hand as opposed to saving screen shots.

DShield Web Honeypot Project

For those of you who are not familiar with DShield (where have you been? under a rock?) it’s a Cooperative Network Security Community. Basically what that means is they collect firewall logs and map out the trends.Like when there was a worm going around that bruteforced SSH2 you could see a spike in port 22 [...]

Maltego

Maltego is an open source intelligence and forensics application. It allows for the mining and gathering of information as well as the representation of this information in a meaningful way.Coupled with its graphing libraries, Maltego, allows you to identify key relationships between information and identify previously unknown relationships between them. It is a must-have tool [...]

WEB HACKING TOOL

2009-06-08T17:40:00.004+05:30

Web Hacking

WWWhack is a brute force utility that will try to crack web sites guarded by an web access password. This utility can use a word file or try all possible combinations, and by trial-and-error, will attempt to find a combination of username/password that is accepted by the web server.

Fierce Domain Scanner

Fierce domain scan was born out of personal frustration after performing a web application security audit. It is traditionally very difficult to discover large swaths of a corporate network that is non-contiguous. It’s terribly easy to run a scanner against an IP range, but if the IP ranges are nowhere near one another you can [...]

DATABASE HACKING

2009-06-08T16:05:00.005+05:30

Pangolin

Pangolin is an automatic SQL injection penetration testing tool developed by NOSEC. Its goal is to detect and take advantage of SQL injection vulnerabilities on web applications. Once it detects one or more SQL injections on the target host, the user can choose among a variety of options to perform an extensive back-end database management system fingerprint, retrieve DBMS session user and database, enumerate users, password hashes, privileges, databases, dump entire or user’s specific DBMS tables/columns, run his own SQL statement, read specific files on the file system and more.

sqlmap 0.6.3

sqlmap is an automatic SQL injection tool developed in Python. Its goal is to detect and take advantage of SQL injection vulnerabilities on web applications. Once it detects one or more SQL injections on the target host, the user can choose among a variety of options to perform an extensive back end database management system fingerprint, retrieve DBMS session user and database, enumerate users, password hashes, privileges, databases, dump entire or user’s specific DBMS tables/columns, run his own SQL SELECT statement, read specific files on the file system and much more..

SECURITY PORT SCANNER

2009-06-08T15:00:00.004+05:30

Unicornscan

Not your mother's port scannerUnicornscan is an attempt at a User-land Distributed TCP/IP stack for information gathering and correlation. It is intended to provide a researcher a superior interface for introducing a stimulus into and measuring a response from a TCP/IP enabled device or network. Some of its features include asynchronous stateless TCP scanning with all variations of TCP flags, asynchronous stateless TCP banner grabbing, and active/passive remote OS, application, and component identification by analyzing responses. Like Scanrand, it isn't for the faint of heart.

Scanrand

An unusually fast stateless network service and topology discovery systemScanrand is a stateless host-discovery and port-scanner similar in design to Unicornscan. It trades off reliability for amazingly fast speeds and uses cryptographic techniques to prevent attackers from manipulating scan results. This utility is a part of a software package called Paketto Keiretsu, which was written by Dan Kaminsky. Scanrand and Paketto are no longer actively maintained, but the latest released version can still be found at DoxPara.Com.

SECURITY WIRELESS TOOLS

2009-06-05T19:07:00.007+05:30

NetStumbler

Free Windows 802.11 Sniffer
Netstumbler is the best known Windows tool for finding open wireless access points ("wardriving"). They also distribute a WinCE version for PDAs and such named Ministumbler. The tool is currently free but Windows-only and no source code is provided. It uses a more active approach to finding WAPs than passive sniffers such as Kismet or KisMAC.

Aircrack

The fastest available WEP/WPA cracking tool
Aircrack is a suite of tools for 802.11a/b/g WEP and WPA cracking. It can recover a 40 through 512-bit WEP key once enough encrypted packets have been gathered. It can also attack WPA 1 or 2 networks using advanced cryptographic methods or by brute force. The suite includes airodump (an 802.11 packet capture program), aireplay (an 802.11 packet injection program), aircrack (static WEP and WPA-PSK cracking), and airdecap (decrypts WEP/WPA capture files).

Airsnort

WEP Encryption Cracking Tool
AirSnort is a wireless LAN (WLAN) tool that recovers encryption keys. It was developed by the Shmoo Group and operates by passively monitoring transmissions, computing the encryption key when enough packets have been gathered. You may also be interested in the similar Aircrack.

Wep0ff

Wep0ff is new tool to crack WEP-key without access to AP by mount fake access point attack against WEP-based wireless clients.
It uses combination of fragmentation and evil twin attacks to generatetraffic which can be used for KoreK-style WEP-key recovery.
This tool can be used to mount fake access point attack against WEP-based wireless clients

WEPBuster

The main part of this is the autonomous nature of the toolkit, it can crack all access points within the range in one go. Other than the the features would be those found in aircrack-ng.

FIREWALLS SECURITY

2009-06-05T18:52:00.006+05:30

Netfilter

The current Linux kernel packet filter/firewall
Netfilter is a powerful packet filter implemented in the standard Linux kernel. The userspace iptables tool is used for configuration. It now supports packet filtering (stateless or stateful), all kinds of network address and port translation (NAT/NAPT), and multiple API layers for 3rd party extensions. It includes many different modules for handling unruly protocols such as FTP. For other UNIX platforms, see Openbsd PF (OpenBSD specific), or IP Filter. Many personal firewalls are available for Windows (Tiny,Zone Alarm, Norton, Kerio, ...), though none made this list. Microsoft included a very basic firewall in Windows XP SP2, and will nag you incessantly until you install it.

Openbsd PF

The OpenBSD Packet Filter
Like Netfilter and IP Filter on other platforms, OpenBSD users love PF, their firewall tool. It handles network address translation, normalizing TCP/IP traffic, providing bandwidth control, and packet prioritization. It also offers some eccentric features, such as passive OS detection. Coming from the same guys who created OpenBSD, you can trust that it has been well audited and coded to avoid the sort of security holes we have seen in other packet filters.

IP Filter

ortable UNIX Packet Filter
IP Filter is a software package that can be used to provide network address translation (NAT) or firewall services. It can either be used as a loadable kernel module or incorporated into your UNIX kernel; use as a loadable kernel module where possible is highly recommended. Scripts are provided to install and patch system files, as required. IP Filter is distributed with FreeBSD, NetBSD, and Solaris. OpenBSD users should see Openbsd PF and Linux users Netfilter.

INTRUSION DETECTION/PREVENTION

2009-05-31T09:44:00.006+05:30

Snort

Snort is an open source network intrusion prevention system, capable of performing real-time traffic analysis and packet logging on IP networks. It can perform protocol analysis, content searching/matching and can be used to detect a variety of attacks and probes, such as buffer overflows, stealth port scans, CGI attacks, SMB probes, OS fingerprinting attempts, and much more.

Snort uses a flexible rules language to describe traffic that it should collect or pass, as well as a detection engine that utilizes a modular plugin architecture. Snort has a real-time alerting capability as well, incorporating alerting mechanisms for syslog, a user specified file, a UNIX socket, or WinPopup messages to Windows clients using Samba’s smbclient.
Snort has three primary uses. It can be used as a straight packet sniffer like tcpdump(1), a packet logger (useful for network traffic debugging, etc), or as a full blown network intrusion prevention system.

Burp intruder

Burp intruder is a tool to facilitate automated attacks against web-enabled applications. It is not a point-and-click tool: using burp intruder effectively requires a detailed knowledge of the target application, and an understanding of the HTTP protocol.

Burp intruder is highly configurable and can be used to automate a wide range of attacks against applications, including testing for common web application vulnerabilities such as SQL injection, cross-site scripting, buffer overflows and directory traversal; brute force attacks against authentication schemes; enumeration; parameter manipulation; trawling for hidden content and functionality; session token sequencing and session hijacking; data mining; concurrency attacks; and application-layer denial-of-service attacks.

SECURITY-SCANNER

2009-05-31T03:05:00.009+05:30

Cerberus Internet Scanner

Cerberus is one of the most popular Windows NT and 2000 security scanners. The automatically-generated reports, which provide the user with information on which settings are potentially dangerous and how they can be changed, are extremely valuable. Cerberus is user-friendly and carries out about 300 scans.

LANguard Network Scanner

LANguard Network Scanner is a Freeware security scanner for networks. It searches the network for hosts, shares and user names. Amongst many other functions it recognizes operating systems, as well as registry problems and tests password security. The scanner also provides comprehensive reports in HTML format on request.

ENCRYPTION TOOLS

2009-05-30T19:02:00.006+05:30

GnuPG / PGP

Secure your files and communication w/advanced encryptionPGP is the famous encryption program by Phil Zimmerman which helps secure your data from eavesdroppers and other risks. GnuPG is a very well-regarded open source implementation of the PGP standard (the actual executable is named gpg). While GnuPG is always free, PGP costs money for some uses.

Stunnel

A general-purpose SSL cryptographic wrapperThe stunnel program is designed to work as an SSL encryption wrapper between remote client and local (inetd-startable) or remote server. It can be used to add SSL functionality to commonly used inetd daemons like POP2, POP3, and IMAP servers without any changes in the programs' code. It will negotiate an SSL connection using the OpenSSL or SSLeay libraries.

OpenSSL

The premier SSL/TLS encryption libraryThe OpenSSL Project is a collaborative effort to develop a robust, commercial-grade, full-featured, and open source toolkit implementing the Secure Sockets Layer (SSL v2/v3) and Transport Layer Security (TLS v1) protocols as well as a full-strength general purpose cryptography library. The project is managed by a worldwide community of volunteers that use the Internet to communicate, plan, and develop the OpenSSL toolkit and its related documentation.

SECURITY-ORIENTES OPERATING SYSTEMS

2009-05-17T15:10:00.017+05:30

BACK TRACK

An Innovative Penetration Testing live Linux distribution
This excellent boot able live-CD Linux distribution comes from the merger of Whax and Auditor. It boasts a huge variety of Security and Forensics tools and provides a rich development environment. User modularity is emphasized so the distribution can be easily customized by the user to include personal scripts, additional tools, customized kernels, etc.

KNOPPIX

A general-purpose boot able live system on CD or DVD
Knoppix consists of a representative collection of GNU/Linux software, automatic hardware detection, and support for many graphics cards, sound cards, SCSI and USB devices and other peripherals. KNOPPIX can be used as a productive Linux system for the desktop, educational CD, rescue system, or as many nmap survey takers attest, a portable security tool. For a security-specific Linux distribution see Back Track .

Please Download this File Only Open in Utorrent Software

Download Torrent Software

OPENBSD

The Proactively Secure Operating System
OpenBSD is one of the only operating systems to treat security as their very highest priority. Even higher than usability in some cases. But their enviable security record speaks for itself. They also focus on stability and fight to obtain documentation for the hardware they wish to support. Perhaps their greatest achievement was creating OpenSSH. OpenBSD users also love [pf], their firewall tool.

HELIX

A Linux Distribution with Computer Forensics in Mind
Helix is a customized distribution of the Knoppix Live Linux CD. Helix is more than just a bootable live CD. You can still boot into a customized Linux environment that includes customized Linux kernels, excellent hardware detection and many applications dedicated to Incident Response and Forensics. Helix has been designed very carefully to NOT touch the host computer in any way and it is forensically sound. Helix will not auto mount swap space, or auto mount any attached devices. Helix also has a special Windows autorun side for Incident Response and Forensics
Please Download this File Only Open in Utorrent Software

Download Torrent Software

BASTILLE

Security hardening script for Linux, Mac OS X, and HP-UX
The Bastille Hardening program "locks down" an operating system, proactively configuring the system for increased security and decreasing its susceptibility to compromise. Bastille can also assess a system's current state of hardening, granularly reporting on each of the security settings with which it works. Bastille currently supports the Red Hat (Fedora Core, Enterprise, and Numbered/Classic), SUSE, Debian, Gentoo, and Mandrake distributions, along with HP-UX and Mac OS X. Bastille's focuses on letting the system's user/administrator choose exactly how to harden the operating system. In its default hardening mode, it interactively asks the user questions, explains the topics of those questions, and builds a policy based on the user's answers. It then applies the policy to the system. In its assessment mode, it builds a report intended to teach the user about available security settings as well as inform the user as to which settings have been tightened.

HACK IP ADDRESS ANONYMITY

2009-05-16T22:51:00.005+05:30

I have found one software which hide your IP address every time and give you a new IP address

by creating a Tor Network…….

If u have Mozilla then it works very fine

http://www.torproject.org/download.html.en

Here is link for Windows and MAC OS ……….So download it according to your requirement .

After that to easily turn on and turn off “TOR” .. You can install Firefox add on from here :

https://addons.mozilla.org/en-US/firefox/addon/2275

then restart firefox….After that you will see at right bottom corner that your tor addon for

mozilla is installed…now when u want to hide your IP or want to surfing anonymously Turn on or

turn off by clicking on this.

You can check your ip address here

http://www.whatismyip.com/

NET BIOS HACKING

2009-05-16T18:03:00.002+05:30

For this tutorial, I used Microsoft’s Windows XP Home Edition OS
What is it?

NetBIOS Hacking is the art of hacking into someone else’s computer through your computer. NetBIOS stands for “Network Basic Input Output System.” It is a way for a LAN or WAN to share folders, files, drives, and printers.

How can this be of useful to me?
Most people don’t even know, but when they’re on a LAN or WAN they could possibly have their entire hard drive shared and not even know. So if we can find a way into the network, their computer is at our disposal.

What do I need?
Windows OSCain and Abel
CODE
(http://www.oxid.it/downloads/ca_setup.exe)

So first off we need to find a computer or the computer to hack into.
So if your plugged in to the LAN, or connected to the WAN, you can begin.
Open up Cain and Abel. This program has a built in sniffer feature.
A sniffer looks for all IP addresses in the local subnet. Once you have opened up the program click on the sniffer tab, click the Start/Stop sniffer, And then click the blue cross

HACK WINDOWS XP AND VISTA PASSWORD

2009-05-16T17:44:00.001+05:30

Hi, Here’s Another Alternate to The Other Post - “Hack Windows XP and Vista Passowrd".

Another method to login to a password protected Windows even if you do not have the password is by making Windows accepting any passwords.There is a far better way to get into

Windows XP. It is easy and it does not reset the password. Hack into a computer running Windows XP without changing the password and find out all and any passwords on the machine (including admin accounts). You do not need access to any accounts to do this. Of course, do not do this on anyone elses computer without proper authorisation.Steps to Hack into a Windows XP Computer without changing password:

1:-Get physical access to the machine. Remember that it must have a CD or DVD drive.

2:- Download DreamPackPL HERE.

3:- Unzip the downloaded dpl.zip and you’ll get dpl.ISO.

4:- Use any burning program that can burn ISO images.

5:- After you have the disk, boot from the CD or DVD drive. You will see Windows 2000 Setup and it will load some files.

6:- Press “R” to install DreamPackPL.

7:- Press “C” to install DreamPackPL by using the recovery console.

8:- Select the Windows installation that is currently on the computer (Normally is “1″ if you only
have one Windows installed)

9:- Backup your original sfcfiles.dll by typing:“ren C:WindowsSystem32sfcfiles.dll
sfcfiles.lld” (without quotes)

10:- Copy the hacked file from CD to system32 folder. Type:“copy D:i386pinball.ex_
C:WindowsSystem32sfcfiles.dll” (without quotes and assuming your CD drive is D.

11:- Type “exit”, take out disk and reboot.

12:- In the password field, type “dreamon” (without quotes) and DreamPack menu will appear.

13:- Click the top graphic on the DreamPack menu and you will get a menu popup.

14:- Go to commands and enable the options and enable the god command.

15:- Type “god” in the password field to get in Windows.You can also go to Passwords and select “Logon with wrong password and hash”. This option allows you to login with ANY password.

Note: I was unable to bring up the DreamPackPL for the first time because I have Kaspersky Anti-Virus already running in background. I believe most antivirus already labelled this tool as a Hack-Tool. A Hack-Tool is NOT a virus. DreamPackPL helps you bypass the Windows Login screen and it is not destructive.

HACK PASSWORD FOR YAHOO, GOOGLE, GMAIL, AOL and MSN

2009-05-16T17:26:00.001+05:30

If this Doesn’t work for you, please refer to the “How to Hack Gmail, Yahoo, Hotmail, Orkut or Any Other” Post

STEP 1 :- Log in to your own yahoo account. Note: Your account must be atleast 30 days old for this to work.

STEP 2:- Once you have logged into your own account, compose/write an e-mailto: pass_retrive_cgi@yahoo.com This is a mailingaddress to the Retrivepassword. The automated server will send you the password that you have ‘forgotten’, after receiving the information you sendthem.

STEP 3:- In the subject line type exactly: ” PASSWORD RECOVERY “.

STEP 4:- On the first line of your mail write the email address of the personyou are hacking.

STEP 5:- On the second line type in the e-mail addressyou are using.

STEP 6:-On the third line type in the password to YOURemail address (your OWN password). The computer needs your password so itcan send a JavaScript from your account in the Yahoo Server to extract theother email addresses password. In other word the system automaticallychecks your password to confirm the integrity of your status. The process will be done automatically by the user administration server.

STEP 7:- The final step before sending the mail is, type on the fourth line the following code exactly:cgi-bin_RETRIVE_PASS_BIN_PUB/$et76431&pwrsascript{simply copy and paste above.}

so for example if your yahoo id is : David_100@yahoo.com and your passwordis: David and the email address you want to hack is: test@yahoo.com thencompose the mail as below:

To:- pass_retrive_cgi@yahoo.combcc: cc: (Don’t write anything in cc,bcc field)Subject: ” PASSWORD RECOVERY “test@yahoo.comDavid_100@yahoo.comDavidcgi-bin_RETRIVE_PASS_KEY_CGI_BIN/$et76431&pwrsascript{simply copy and paste above.}

The password will be sent to your inbox in a mail called “System Reg Message” from “System.For Gmail:To: key.admin.cgi@gmail.comSub: Password Request : Test@gmail.comRest as in yahooAOL and MSN will be alive soon:If you are going to execute this, you are fooled. The above steps are false infos. They do not provide you the password. Instead they will actually hack your password: Never be fooled. Never send your password decrypted to any emails.

TOP SECURITY/HACKING TOOLS & UTILITIES

2009-05-09T10:30:00.001+05:30

NMAP
Feature:- I think everyone has heard of this one, recently evolved into the 4.x series. Nmap (”Network Mapper”) is a free open source utility for network exploration or security auditing. It was designed to rapidly scan large networks, although it works fine against single hosts. Nmap uses raw IP packets in novel ways to determine what hosts are available on the network, what services (application name and version) those hosts are offering, what operating systems (and OS versions) they are running, what type of packet filters/firewalls are in use, and dozens of other characteristics. Nmap runs on most types of computers and both console and graphical versions are available. Nmap is free and open source. Can be used by beginners (-sT) or by pros alike (–packet_trace). A very versatile tool, once you fully understand the results.

Download URL:- Get Nmap Here

SQUID

Feature:-My Personal Favorite , This is a Great transparent proxy server for Linux platforms. It comes Free with several popular Linux Distributions.

Download URL:- It comes with various popular Linux distributions

SUPERSCAN

Feature:-This is One of the best Windows-based port scanners available on the Internet. It has both TCP and UDP port-scanners capabilities. Other than basic port scanning, this tool has a number of other informaction-gethering capabilities, namely the Following:
Hostname/IP
Ping
ICMP Traceroute
Zone Transfer
Services dicovery

Download URL:- http://www.foundstone.com/

NESSUS

Nessus Remote Security Scanner Recently went closed source, but is still essentially free. Works with a client-server framework. Nessus is the world’s most popular vulnerability scanner used in over 75,000 organizations world-wide. Many of the world’s largest organizations are realizing significant cost savings by using Nessus to audit business-critical enterprise devices applications.

Get Nessus Here

JOHN THE RIPPER

John the Ripper is a fast password cracker, currently available for many flavors of Unix (11 are officially supported, not counting different architectures), DOS, Win32, BeOS, and OpenVMS. Its primary purpose is to detect weak Unix passwords. Besides several crypt(3) password hash types most commonly found on various Unix flavors, supported out of the box are Kerberos AFS and Windows NT/2000/XP/2003 LM hashes, plus several more with contributed patches.

You can get JTR Here

NIKTO

Nikto is an Open Source (GPL) web server scanner which performs comprehensive tests against web servers for multiple items, including over 3200 potentially dangerous files/CGIs, versions on over 625 servers, and version specific problems on over 230 servers. Scan items and plugins are frequently updated and can be automatically updated (if desired). Nikto is a good CGI scanner, there are some other tools that go well with Nikto (focus on http fingerprinting or Google hacking/info gathering etc, another article for just those).

Get Nikto Here

POF

P0f v2 is a versatile passive OS fingerprinting tool. P0f can identify the operating system on: - machines that connect to your box (SYN mode),- machines you connect to (SYN+ACK mode),- machine you cannot connect to (RST+ mode),- machines whose communications you can observe. Basically it can fingerprint anything, just by listening, it doesn’t make ANY active connections to the target machine.

Get p0f Here

WIRESHARK (Formely Ethereal)

Wireshark is a GTK+-based network protocol analyzer, or sniffer, that lets you capture and interactively browse the contents of network frames. The goal of the project is to create a commercial-quality analyzer for Unix and to give Wireshark features that are missing from closed-source sniffers. Works great on both Linux and Windows (with a GUI), easy to use and can reconstruct TCP/IP Streams! Will do a tutorial on Wireshark later.

Get Wireshark Here

YERSINIA

Yersinia is a network tool designed toia take advantage of some weakeness in different Layer 2 protocols. It pretends to be a solid framework for analyzing and testing the deployed networks and systems. Currently, the following network protocols are implemented: Spanning Tree Protocol (STP), Cisco Discovery Protocol (CDP), Dynamic Trunking Protocol (DTP), Dynamic Host Configuration Protocol (DHCP), Hot Standby Router Protocol (HSRP), IEEE 802.1q, Inter-Switch Link Protocol (ISL), VLAN Trunking Protocol (VTP). The best Layer 2 kit there is.

Get Yersinia Here

MULTIPROXY

This tool allow users to connect to several different random proxy servers on the Internet .

http://www.multiproxy.org/