What is Digg?57 Comments
- IsraelTorres, on 10/12/2007, -0/+23Nothing beats Fyodor's list:
Top 75 Security Tools
http://www.insecure.org/tools.html
Israel Torres - t3hX, on 10/12/2007, -2/+11Hehe... watch all the script kiddies mod that joke down...
- takeda, on 10/12/2007, -0/+8another script kiddie :)
(no, I'm definitively not a Mac fanboy)
nights0223: some people think that there are only two operating systems: Windows and MacOS - nights0223, on 10/12/2007, -2/+10He didn't say anything about mac, and I doubt he was referring to it
- inactive, on 10/12/2007, -0/+8It should be noted that the author of nmap, who goes by the online name of Fyodor, has a malicious side. He once hacked the computer of a user on slashdot (who happened to be a teenager at the time) who tricked him into thinking he was a booth babe at a linux convention (an innocent prank/troll), then posted screen shots of his computer desktop on his own personal website (which as since been taken down, probably to avoid legal trouble). Personally, I think it would be wise to boycott the products of a black-hat type hacker.
some links of interest:
An account of what happened: http://slashdot.org/~sllort/journal/33255
Fyodor denying the entire matter.. http://interviews.slashdot.org/comments.pl?sid=65960&cid=6080152
Sorry for the slashdot links, but this is the kind of nonesense that goes on there - takeda, on 10/12/2007, -0/+5Oh, please...
If they want to learn they should start looking for a books, not downloading a hacking tools. How can they use nmap for securing computers if they have no idea how computers communicate?
How they'll use nessus if they don't know how to patch the holes?
Why they even need John the Ripper?
Why they need pof?
I wish them good luck using Ethereal without any knowledge about networking. - xswag, on 10/12/2007, -1/+6Tutorials for some of the tools and others not listed.
http://www.remote-exploit.org/index.php/Tutorials - windhawk, on 10/12/2007, -2/+6I put together a slightly different list for an article I wrote about the best free tools:
Clam AV (Anti-Virus)
MIMEDefang (Secure Email Attachments)
GnuPG (Secure Email)
CyberShredder (Secure Erase)
Cloudmark Anti-Fraud Toolbar (or Google Anti-Fraud toolbar - BETA)
Squid Proxy Server (Proxy Server)
Lock It Easy (USB Encryption)
Darik's Boot and Nuke (Data deletion)
NoScript (Browser protection)
FreeRADIUS (Authentication)
Cain & Abel (Passwords checking)
KeePass Password Safe (Passwords management)
John the Ripper (Passwords checking)
LogWatch (Security information management)
AIDE (Intrusion detection)
ACID (Intrusion detection)
Snort (Intrusion detection)
AirSnort (Wireless sniffer)
Kismet (Wireless sniffer)
NetStumbler (Wireless sniffer)
ZoneAlarm Free (Personal firewall)
Astaro Security Linux (Firewall / VPN)
IPCop Firewall (Firewall)
Npasswd (Passwords)
You can find them with your favorite search engine or find links at www.searchsecurity.com > downloads - inactive, on 10/12/2007, -0/+4Why is using windows to hack a bad thing. I do this for a living and I personally run windows on the machine I work from. I often default to a linux vm depending on the situation, but considering 95% of the environments you see in large corporations are almost completely comprised of windows boxes it would be silly to try to do everything from linux. This reminds me actually, the tool that comes in useful most often for me is definately vmware. maybe not directly security related but try doing sec auditing without it :-/
- inactive, on 10/12/2007, -2/+6I guess I'll put together a list for people who care
1. bash
2. gcc
3. your brain - ShaolinTiger, on 10/12/2007, -1/+4Fyodors list is great as a reference if you already know what you want and know, at least generally, what the tools do, but if you aren't familiar with the tools and what they do, there are too many and too many options.
This list is a lot simpler with the most common so people starting out can get a good idea of what to experiment with.
Plus quite a few are commercial tools with hefty licencing fees! - sorpigal, on 10/12/2007, -0/+3So the hell what? Someone pissed Fyodor off, he retaliated. Hazard of trolling, no? So he can retaliate better than most (not just calling names). Good for him.
- dthmnky05, on 10/12/2007, -5/+8Script Kiddies Unite!
- inactive, on 10/12/2007, -1/+4Can I use these to hack gibsons?
- xerox, on 10/12/2007, -1/+4some people are genuinely interested in security and not just being a script kiddie, and everyone needs some place to start?
- wolever, on 10/12/2007, -1/+4@Agret: Actually, no. Every distro (should) have a sudo package available, but at least Debian and Gentoo don't have sudo by default.
And, yes, it is a security tool. It seems very insecure to give a user full root access if all they need to do is reboot the machine. Sudo is a nice fix for that.
Alternately, the list is also wrong because Eraser wouldn't be a security/hacking tool.
Sorry, dude, if you're going to flame try and make a good argument. - t3hX, on 10/12/2007, -1/+4Actually, more likely, someone who knows what they are doing, and runs on linux. Windows simply can't be used for any kind of serious hacking.
- xerox, on 10/12/2007, -1/+4hes talking about *nix in general, whether it be BSD, linux, or osx.
- t3hX, on 10/12/2007, -1/+3LMAO. Or not.
- debian_, on 10/12/2007, -0/+2Hope you got some mad cookie monster viruses.
- boazg, on 10/12/2007, -1/+3but it's missing THE ONE KILLER: metasploit. other than that, all one needs is hping2, ethereal, and pcap/libnet bindings to your favorite scripting language.
- ShaolinTiger, on 10/12/2007, -1/+3Same, I do it for a living too and I run on Windows with a Debian Vmware image for the Nessus server..
Windows has ISS Scanner, Retina Languard and is much better in general for auditing Windows workstation based networks (which are the predominant type).
Yes Linux is better for Linux, but how many Linux machines do I have to audit...not many.
Yah it would be more 3l33t to setup Samba on Linux to do all the NetBIOS stuff, but why bother when I can do it natively through an API in Windows? - aura, on 10/12/2007, -0/+2Please, script kiddies know how to use google too you know.
If they have to resort to something like this on digg then I bet thay don't know how to compile from source or what a binary is. - inactive, on 10/12/2007, -1/+3Here is an account of the user who was hacked by Fyodor.
http://interviews.slashdot.org/comments.pl?sid=63874&cid=5940627 - inactive, on 10/12/2007, -1/+3Fyodor is a malicious hacker..
Read this.. http://slashdot.org/~sllort/journal/33255
What he calls security tips, I call black-hat hacking - inactive, on 10/12/2007, -1/+3I dont think we're up to the script kiddie level on digg. lol
- inactive, on 10/12/2007, -2/+3sudo is an oldie but goodie - highly recommended for admins, especially in larger organizations:
http://www.sudo.ws/ - chaosbuddha, on 10/12/2007, -1/+2Most of you that bash these kids for being script kiddies probably dont even know how to use half of the utilities listed on the site. Sure they may be script kiddies today but most of them have a genuine intrest in computers and these tools are a way for them to learn how networks operate so dont insult them because in a few years they'll be competing for your jobs.
And I was dissapointed to not see SATAN listed. - chaosbuddha, on 10/12/2007, -0/+1SATAN is still useful, and it is still gets updates. Besides some of the tools on that site are almost as old.
- inactive, on 10/12/2007, -0/+1Well vigilante justice is not the way to deal with such matters. It would be akin to breaking into the house of someone who insulted you, placing a camara in their house, and then broadcasting their private momments on the internet, and then boasting about it. It is illegal and immoral, and it shows the true nature of some of these "white hat" hackers.
- takeda, on 10/12/2007, -0/+1Seriously? Which tools? :)
If one of them is John the Ripper, then I can also say that I studied security when I was about 13yrs old (other tools listed didn't exist at that time, or I didn't know about them :) - mtgarden, on 10/12/2007, -1/+2Actually, I have just started studying the security field. This is a great resource for me.
- Legion303, on 10/12/2007, -3/+4Out of curiosity, how many times are you planning to post about this here?
- fekimoki, on 10/12/2007, -0/+1as others said, digg is a news site, not tutorial site.
all the ajax tutorial, css tutorial, 750 wordpress themes, tools for w/e, etc. should belong to del.icio.us
sorry bad english - bsoric, on 10/12/2007, -0/+1Brute Force it. I'm sure Amazon won't mind...
- bytefoo, on 10/12/2007, -1/+2How does this crappy skiddie blog keep getting on here.
- guttertrash, on 10/12/2007, -3/+3i hate how people keep digging stuff like this, this is exactly how script kiddies find out about these tools. its funny because the people who have valid reasons to use tools like this already have the knowledge to find them. so one must ask, what is the purpose of compiling all of them in a convenient list like this?
- bytefoo, on 10/12/2007, -2/+2Probably because SATAN is eons old; but you knew that already didn't you since you have a genuine interest in computers.
- ShaolinTiger, on 10/12/2007, -1/+1Yah I would agree, but those are much harder to use than anything listed here, these are all pretty straight forwards apart from perhaps yersinia and hping.
I agree on TCPdump tho and I do like ettercap rather than dsniff, but both are good, dsniff especially so for MITM.
TCPdump is good for learning the raw output, but its a pain to reassable TCP streams and so on (using tcpflow etc), much easier in Ethereal.
I'll do something more focused on packet level utilities later. - SgnDave, on 10/12/2007, -4/+4That's a good list, all in one place. Now I have to sit down with my nUbuntu CD and check them all out ... ;)
- tnvwboy, on 10/12/2007, -0/+0As a network admin these tools can come in handy. Especially for password auditing. Sure I could use them for malicious reasons, but I have better things to do with my time.
...Like read various Digg articles. heh - skylined, on 10/10/2007, -0/+0so we should have some freedom of info... but keep the good stuff hidden?... free is free... lets share.
- yaekle, on 10/12/2007, -1/+0Works great! Thanks!
- wolever, on 10/12/2007, -2/+1Yup, I'd agree... This is a much better list. Maybe its just me, but I think the dsniff tools, tcpdump and netcat are all must-haves for any sort of network security stuff (although, they can all be quite cryptic unless some serious time is devoted to figuring out what each one does)
- bioskope, on 10/12/2007, -1/+0*dreams of finding "username:password@server13453452352341268. amazon.com/blah/blah/blah/ebooks/
- ShaolinTiger, on 10/12/2007, -3/+1Oops...reply ended up the wrong place.
- almighty, on 10/12/2007, -2/+0I agree with those who said that anyone who needs to use these tools should already have them and or know where to find them without looking for a pre-compiled list. I dont agree with those who think all of these tools are hacker tools. Last I checked the vast majority of that software are legitimate means of auditiing networks. I do feel that some of them are questionable also.
Honestly if a script kiddie wanted "hacking toolz" we all know where he would go to first... Meta... No brains involved with using that thing, - sillihkram, on 10/12/2007, -3/+1no mention of Brutus, or airsnort = /
-article dugg - Agret, on 10/12/2007, -5/+2Umm great work, that's not a security or hacking tool/utility. You've not only posted this in the wrong story but every distro comes with sudo anyway.
- mayurpatil, on 10/12/2007, -5/+0NICE WORK
-
Show 51 - 57 of 57 discussions
© Digg Inc. 2009
— Content created and posted by Digg users is