APPENDIX A
Tool, Sites, and References
Greetings, dear reader, and welcome to the best appendix you’ve ever read—or at least the most useful for your CEH exam anyway. This appendix is filled with tools and websites that will help you become a better ethical hacker. Keep in mind I’m not providing a recommendation for, an approval of, or a security guarantee on any website or link you’ll find here. Neither I nor my beloved publisher can be held liable for anything listed here. For example, URLs change, pages become outdated with time, tools become obsolete when new versions are released, and so on. Not to mention, as I clearly pointed out in the text, you need to be careful with some of this stuff: your antivirus system will no doubt explode with activity simply by visiting some of these sites. I highly recommend you create a virtual machine or use a standby system to download to and test tools from.
These websites and tools are listed here because they will help you in your study efforts for the exam and further your professional development. I purposely did not provide tools because it is important that you learn how to find and install what you’re looking for. You’re entering the big leagues now, so you simply need to know how it’s really done.
NOTE If you’re trying a link and it doesn’t seem to work, make sure you give both http://AND https:// a try. Also, don’t be bashful about giving your favorite search engine a go.
Vulnerability Research Sites
• CodeRed Center www.eccouncil.org
• Exploit Database www.exploit-db.com
• HackerStorm hackerstorm.co.uk
• Help Net Security www.net-security.org
• MSVR http://technet.microsoft.com
• National Vulnerability Database http://nvd.nist.gov
• SC Media www.scmagazine.com
• Secunia www.secunia.com
• SecuriTeam www.securiteam.com
• SecurityFocus www.securityfocus.com
• Security Magazine www.securitymagazine.com
• SecurityTracker www.securitytracker.com
Footprinting Tools
People Search Tools
• 411 www.411.com
• AnyWho www.anywho.com
• Intelius www.intelius.com
• PeekYou www.peekyou.com
• People Search Now www.peoplesearchnow.com
• Veromi www.veromi.net
• ZabaSearch www.zabasearch.com
• ZoomInfo http://zoominfo.com
Competitive Intelligence
• Euromonitor www.euromonitor.com
• Experian www.experian.com
• MarketWatch www.marketwatch.com
• The Search Monitor www.thesearchmonitor.com
• SEC Info www.secinfo.com
• Wall Street Transcript www.twst.com
Tracking Online Reputation
• Alexa www.alexa.com
• BrandsEye www.brandseye.com
• Rankur https://rankur.com
• ReputationDefender www.reputation.com
• Social Mention www.socialmention.com
Website Research/Web Updates Tools
• Archive www.archive.org
• ChangeDetection www.changedetection.com
• Check4Change http://addons.mozilla.com
• InfoMinder www.infominder.com
• iWebTool www.iwebtool.com
• Netcraft http://news.netcraft.com
• Websnitcher http://websnitcher.com
DNS and Whois Tools
• Active Whois www.johnru.com
• ARIN http://whois.arin.net/ui/
• Better Whois www.betterwhois.com
• DNS-Digger http://dnsdigger.com
• DNSstuff www.dnsstuff.com
• Domain Dossier http://centralops.net
• DomainTools www.domaintools.com
• Mobile DNS Sniffer www.dnssniffer.com
• Network Solutions www.networksolutions.com
• Nslookup
• SmartWhois www.tamos.com/download/main/
• SpyFu www.spyfu.com
• UltraTools Mobile www.ultratools.com
Geo-Location Tools
• Bing Maps bing.com/maps
• GeoIP2 www.maxmind.com
• GeoIP Lookup www.ultratools.com
• Google Maps maps.google.com
• IPLocation iplocation.net
• IP Location Finder tools.keycdn.com
• WikiMapia www.wikimapia.org
• Yahoo! Maps https://maps.yahoo.com/b/
Traceroute Tools and Links
• Path Analyzer Pro www.pathanalyzer.com
• PingPlotter https://www.pingplotter.com
• Visual IP Trace www.visualiptrace.com
• VisualRoute Trace www.visualware.com
Website Mirroring Tools and Sites
• BlackWidow http://softbytelabs.com
• Hooeey Webprint www.hooeeywebprint.com.s3-website-us-east-1.amazonaws.com/
• HTTrack www.httrack.com
• NCollector Studio www.calluna-software.com
• Reamweaver http://reamweaver.com
• Teleport Pro www.tenmax.com/teleport/pro/home.htm
• Wget www.gnu.org
Operating System Help
• Censys https://censys.io
• Netcraft http://netcraft.com
• Shodan www.shodan.io
Metadata Extraction
• Buzzstream tools.buzzstream.com
• ExifTool http://owl.phy.queensu.ca/~phil/exiftool/
• ExtractMeta www.extractmetadata.com
• FOCA www.elevenpaths.com
E-mail Tracking
• ContactMonkey https://contactmonkey.com
• DidTheyReadIt www.didtheyreadit.com
• eMailTrackerPro www.emailtrackerpro.com
• GetNotify www.getnotify.com
• PoliteMail www.politemail.com
• ReadNotify www.readnotify.com
• Zendio www.zendio.com
Google Hacking
• Google Hack Honeypot http://ghh.sourceforge.net
• Google Hacking Database www.hackersforcharity.org/ghdb/
• Google Hacking Master List http://it.toolbox.com/blogs/managing-infosec/google-hacking-master-list-28302
• Google Hacks http://code.google.com/p/googlehacks/
• Gooscan www.darknet.org.uk
• Metagoofil www.edge-security.com
Scanning and Enumeration Tools
Ping Sweep
• Angry IP Scanner www.angryip.org
• Colasoft Ping http://colasoft.com
• Friendly Pinger www.kilievich.com
• MegaPing www.magnetosoft.com
• Nmap http://nmap.org
• Ping Scanner Pro www.digilextechnologies.com
• Pinkie www.ipuptime.net
• SolarWinds www.solarwinds.com
• Ultra Ping Pro (Multiple download sites)
Scanning Tools
• CurrPorts www.nirsoft.net
• Fing (mobile) https://www.fing.io/
• Hping www.hping.org
• Infiltrator www.infiltration-systems.com
• IPEye http://ntsecurity.nu
• IP Network Scanner (mobile) http://10base-t.com
• IP Tools www.ks-soft.net
• LAN Surveyor www.solarwinds.com
• MegaPing www.magnetosoft.com
• Netcat http://netcat.sourceforge.net
• NetScanTools Pro www.netscantools.com
• Network Discovery (mobile) http://rorist.github.io
• Nmap (Zenmap) http://nmap.org/
• NScan http://nscan.hypermart.net/
• Pamn IP Scanner (mobile) http://pips.wjholden.com
• PortDroid (mobile) www.stealthcopter.com
• PRTG Net Monitor www.paessler.com
• SuperScan www.mcafee.com/us/downloads/free-tools/superscan.aspx
• THC-Amap www.thc.org
• Umit Network Scanner (mobile) www.umitproject.org
Banner Grabbing
• ID Serve www.grc.com
• Netcraft http://netcraft.com
• Telnet
• Xprobe https://sourceforge.net/projects/xprobe/
Vulnerability Scanning
• Acunetix www.acunetix.com
• Core Impact www.coresecurity.com
• GFI LanGuard www.gfi.com
• MBSA http://technet.microsoft.com
• Nessus www.tenable.com
• Nikto http://cirt.net/nikto2
• OpenVAS www.openvas.org
• Qualys FreeScan www.qualys.com
• Retina http://eeye.com
• Retina for Mobile www.beyondtrust.com
• SAINT http://saintcorporation.com
• SecurityMetrics (mobile) www.securitymetrics.com
• WebInspect https://software.microfocus.com/en-us/products/webinspect-dynamic-analysis-dast/overview
• Wikto www.sensepost.com
Network Mapping
• HP Network Node Manager www8.hp.com
• IPsonar www.lumeta.com
• LANState www.10-strike.com
• NetMapper www.opnet.com
• NetMaster (mobile) www.nutecapps.com
• Network SAK (mobile) http://foobang.weebly.com
• Network Topology Mapper www.solarwinds.com
• Network View www.networkview.com
• OpManager www.manageengine.com
• Scany (mobile) http://happymagenta.com
Proxy, Anonymizer, and Tunneling
• Anonymizer http://anonymizer.com
• Anonymouse http://anonymouse.org/
• Bitvise www.bitvise.com
• CyberGhost VPN www.cyberghostvpn.com
• G-Zapper www.dummysoftware.com
• HTTP Tunnel www.http-tunnel.com
• NetShade (mobile) www.raynersw.com
• Proxifier www.proxifier.com
• Proxy Browser for Android (mobile) https://play.google.com
• ProxyChains http://proxychains.sourceforge.net/
• ProxyDroid (mobile) https://github.com
• Proxy Switcher www.proxyswitcher.com
• Proxy Workbench proxyworkbench.com
• Psiphon http://psiphon.ca
• Super Network Tunnel www.networktunnel.net
• Tor https://www.torproject.org/
Enumeration
• Hyena www.systemtools.com
• IP Network Browser www.solarwinds.com
• LDAP Admin www.ldapsoft.com
• Ldp.exe www.microsoft.com
• LEX www.ldapexplorer.com
• NetBIOS Enumerator http://nbtenum.sourceforge.net
• Nsauditor www.nsauditor.com
• P0f http://lcamtuf.coredump.cx/p0f.shtml
• PSTools http://technet.microsoft.com
• User2Sid/Sid2User http://windowsecurity.com
• WinFingerprint www.winfingerprint.com
• Xprobe www.sys-security.com/index.php?page=xprobe
SNMP Enumeration
• OpUtils www.manageengine.com
• SNMP Informant www.snmp-informant.com
• SNMP Scanner www.secure-bytes.com
• SNMPUtil www.wtcs.org
• SolarWinds www.solarwinds.com
LDAP Enumeration
• Active Directory Explorer http://technet.microsoft.com
• JXplorer www.jxplorer.org
• LDAP Search http://securityxploded.com
• LEX www.ldapexplorer.com
• Softerra www.ldapadministrator.com
NTP Enumeration
• Atom Sync www.atomsync.com
• LAN Time Analyzer www.bytefusion.com
• NTP Server Scanner www.bytefusion.com
• NTP Time Server Monitor www.meinbergglobal.com
Registry Tools
• Active Registry Monitor www.devicelock.com
• All-seeing-Eye www.fortego.com
• Comodo Cloud Scanner www.comodo.com
• Power Tools www.macecraft.com
• Reg Organizer www.chemtable.com
• RegScanner www.nirsoft.net
Windows Service Monitoring Tools
• Nagios www.nagios.com
• Process Hacker http://processhacker.sourceforge.net
• SMART www.thewindowsclub.com
• SrvMan http://tools.sysprogs.org
File/Folder Integrity Checkers
• ACSV www.irnis.net
• FastSum www.fastsum.com
• FileVerifier www.programmingunlimited.net
• OSSEC https://ossec.github.io/
• Verisys www.ionx.co.uk
• WinMD5 www.blisstonia.com
System Hacking Tools
Default Password Search Links
• w3dt.net
• cirt.net
Password Hacking Tools
• Aircrack www.aircrack-ng.org/
• Brutus www.hoobie.net/brutus/
• Cain www.oxid.it
• CloudCracker www.cloudcracker.com
• ElcomSoft www.elcomsoft.com/
• FlexiSpy (mobile) www.flexispy.com
• John the Ripper www.openwall.com
• LastBit http://lastbit.com/
• LCP www.lcpsoft.com
• KerbCrack http://ntsecurity.nu
• Ophcrack http://ophcrack.sourceforge.net
• Rainbow crack www.antsight.com/zsl/rainbowcrack/
• THC-Hydra www.thc.org/thc-hydra/
• Windows Password Recovery www.windowspasswordsrecovery.com
DoS/DDos
• AnDOSid http://andosid.android.informer.com
• BanglaDos http://sourceforge.net
• Dereil/HOIC http://sourceforge.net
• DoS HTTP http://socketsoft.net
• HULK www.sectorix.com
• LOIC http://sourceforge.net
• Tor’s Hammer http://packetstormsecurity.com
Sniffing
• Ace www.effetech.com
• Ettercap www.ettercap-project.org/ettercap/#
• KerbSniff http://ntsecurity.nu
• Wireshark www.wireshark.org/
Keyloggers and Screen Capture
• Actual Keylogger www.actualkeylogger.com
• Actual Spy www.actualspy.com
• All In One Keylogger www.relytec.com
• Amac www.amackeylogger.com
• Desktop Spy www.spyarsenal.com
• Ghost www.keylogger.net
• Handy Keylogger www.handy-keylogger.com
• Hidden Recorder www.oleansoft.com
• IcyScreen www.16software.com
• KeyProwler www.keyprowler.com
• Ultimate Keylogger www.ultimatekeylogger.com
• USB Grabber http://digitaldream.persiangig.com
Privilege Escalation
• Password Recovery www.windowspasswordrecovery.com
• Password Recovery Boot Disk www.rixler.com
• Password Reset www.reset-windows-password.net
• System Recovery www.elcomsoft.com
Executing Applications
• Dameware www.dameware.com
• PDQ Deploy www.adminarsenal.com
• RemoteExec www.isdecisions.com
Spyware
• Activity Monitor www.softactivity.com
• Desktop Spy www.spyarsenal.com
• eBlaster www.spectorsoft.com
• EmailObserver www.softsecurity.com
• Kahlown Screen Spy www.lesoftrejion.com
• LANVisor www.lanvisor.com
• NetVisor www.netvizor.net
• OsMonitor www.os-monitor.com
• Power Spy www.ematrixsoft.com
• Remote Desktop Spy www.global-spy-software.com
• Spector Pro www.spectorsoft.com
• SpyTech www.spytech-web.com
• SSPro www.tucows.com/preview/403921
• USB spy www.everstrike.com
Mobile Spyware
• Easy GPS www.easygps.com
• GPS TrackMaker Professional www.trackmaker.com
• John the Ripper www.openwall.com
• Mobile Spy www.mobile-spy.com
• MobiStealth Cell Phone Spy www.mobistealth.com
• Modem Spy www.modemspy.com
• mSpy www.mspy.com
• Spy Phone Gold https://spyera.com
• Trackstick www.trackstick.com
Covering Tracks
• Auditpol www.microsoft.com
• CCleaner www.piriform.com
• ELSave www.ibt.ku.dk
• EraserPro www.acesoft.net
• Evidence Eliminator www.evidence-eliminator.com
• MRU-Blaster www.brightfort.com
• WindowWasher www.webroot.com
• WinZapper www.ntsecurity.nu
Packet Crafting/Spoofing
• Hping2 www.hping.org/
• Komodia www.komodia.com
• NetscanTools Pro www.netscantools.com
• Ostinato https//ostinato.org
• Packet generator http://sourceforge.net
• PackEth http://sourceforge.net
• WireEdit wireedit.com
Session Hijacking
• Burp Suite http://portswigger.net
• Ettercap http://ettercap.sourceforge.net
• Firesheep http://codebutler.github.com/firesheep
• Hamster/Ferret http://erratasec.blogspot.com/2009/03/hamster-20-and-ferret-20.html
• Hunt http://packetstormsecurity.com
• Paros Proxy www.parosproxy.org
Clearing Tracks
• BleachBit http://bleachbit.sourceforge.net
• CCleaner www.piriform.org
• MRU-Blaster www.brightfort.com
• Window Washer www.eusing.com
• Wipe http://privacyroot.com
Cryptography and Encryption
Encryption Tools
• AxCrypt www.axantum.com/axcrypt/
• BitLocker http://microsoft.com
• DriveCrypt www.securstar.com
• GNU Privacy Guard https://www.gnupg.org/
• VeraCrypt https://veracrypt.codeplex.com/
Hash Tools
• HashCalc http://nirsoft.net
• McAfee Hash Calculator www.mcafee.com/us/downloads/free-tools/hash-calculator.aspx
• MD5 Hash www.digitalvolcano.co.uk/content/md5-hash
• Quick Hash http://sourceforge.net/projects/quickhash/
Steganography
• AudioStega www.mathworks.com
• DeepSound http://jpinsoft.net
• EzStego www.stego.com
• gifShuffle www.darkside.com.au
• ImageHide www.dancemammal.com
• Invisible Secrets www.invisiblesecrets.com/
• JPHIDE http://nixbit.com
• Masker www.softpuls.com
• Merge Streams www.ntkernel.com
• MP3Stegz http://sourceforge.net
• OfficeXML www.irongeek.com
• OmniHidePro http://omnihide.com
• OpenStego http://openstego.sourceforge.net/
• OurSecret www.securekit.net
• QuickStego www.quickcrypto.com
• SpamMimic www.spammimic.com
• Spy Pix (mobile) www.juicybitssoftware.com
• Stegais (mobile) http://stegais.com
• StegHide http://steghide.sourceforge.net
• Stego Master (mobile) https://play.google.com
• StegParty www.fasterlight.com
• S Tools http://spychecker.com
• wbStego http://wbstego.wbailer.com/
• XPTools www.xptools.net
Stego Detection
• Gargoyle Investigator (stego detection) www.wetstonetech.com
• StegAlyzerSS www.sarc-wv.com
• StegDetect https://github.com/abeluck/stegdetect
• StegSpy www.spy-hunter.com
Cryptanalysis
• Cryptanalysis http://cryptanalysisto.sourceforge.net
• Cryptobench http://addario.org
• EverCrack http://evercrack.sourceforge.net
Sniffing
Packet Capture
• CACE www.cacetech.com
• Capsa www.colasoft.com
• dsniff http://monkey.org
• EtherApe http://etherape.sourceforge.net
• NetWitness www.netwitness.com
• OmniPeek www.wildpackets.com
• tcpdump http://tcpdump.org
• Windump www.winpcap.org
• Wireshark http://wireshark.org
Wireless
• Kismet www.kismetwireless.net
• NetStumbler www.netstumbler.com/downloads/
MAC Flooding/Spoofing
• Macof https://monkey.org
• SMAC www.klcconsulting.net
ARP Poisoning
• Cain www.oxid.it
• UfaSoft http://ufasoft.com
• WinARP Attacker www.xfocus.net
Wireless
Discovery
• inSSIDer www.metageek.net
• iStumbler www.istumbler.net
• Kismet www.kismetwireless.net
• NetStumbler www.netstumbler.com/downloads/
• NetSurveyor www.performancewifi.net
• Vistumbler www.vistumbler.net
• WirelessMon www.passmark.com
Attack and Analysis
• Aircrack www.Aircrack-ng.org
• AirMagnet WiFi Analyzer http://airmagnet.com
• Airodump http://Wirelessdefence.org/Contents/Aircrack_airodump.htm
• AirPcap www.cacetech.com
• AirSnort http://airsnort.shmoo.com/
• MadWifi http://madwifi-project.org
• WiGLE http://wigle.net
Packet Sniffing
• Capsa www.colasoft.com
• CommView www.tamos.com
• Cascade Pilot www.riverbed.com
• Omnipeek www.wildpackets.com
WEP/WPA Cracking
• Aircrack www.aircrack-ng.org/
• coWPAtty www.wirelessdefence.org
• KisMAC http://kismac-ng.org/
• WepAttack www.wepattack.sourceforge.net
• WepCrack www.wepcrack.sourceforge.net
• Wireless Security Auditor www.elcomsoft.com
Bluetooth
• BH Bluejack http://croozeus.com
• BlueScanner www.arubanetworks.com
• Bluesnarfer www.airdemon.net
• BT Audit http://trifinite.org
• BTBrowser http://wireless.klings.org
• BTScanner www.pentest.co.uk
• CIHwBT http://sourceforge.net
• Phonesnoop www.blackberryrc.com
Mobile and IoT
Mobile Attacks
• Backtrack Simulator https://play.google.com
• Bluediving http://bluediving.sourceforge.net
• BlueScanner http://sourceforge.net
• BT Browser www.bluejackingtools.com
• Super BlueTooth Hack www.brothersoft.com
• WiHack https://wihack.com
Mobile Application Testing
• BlueBorne Scanner www.armis.com
• Eternal Blue Scanner ebvscanner.firebaseapp.com
• Hackode www.ravikumarpubey.com
• Shellshock www.zimperium.com
• threatScan https://free.kaspersky.com
• X-Ray https://duo.com/labs
Mobile Scanning
• cSploit www.csploit.org
• FaceNiff www.effecthacking.com
• fing www.fing.io
• Hackode play.google.com
• IP Scanner 10base-t.com
Mobile Wireless Discovery
• Net Signal Info www.kaibits-software.com
• OpenSignal Maps http://opensignal.com
• WiFiFoFum www.wififofum.net
• WiFi Manager http://kmansoft.com
Mobile Device Tracking
• Find My Phone http://findmyphone.mangobird.com
• GadgetTrak www.gadgettrak.com
• iHound www.ihoundsoftware.com
• Where’s My Droid http://wheresmydroid.com
Mobile Device Proxy
• CyberGhost VPN https://www.cyberghostvpn.com
• NetShade www.raynersw.com
• Servers Ultimate www.icecoldapps.com
• Shadowsocks https://shadowsocks.org
Rooting/Jailbreaking
• Absinthe http://greenpois0n.com
• Cydia http://cydia.saurik.com
• Evasi0n7 http://evasi0n.com
• Geeksn0w http://geeksn0w.it
• Kingo https://www.kingoapp.com/
• One Click Root https://www.oneclickroot.com/
• Pangu http://en.pangu.io
• Redsn0w http://redsn0w.info
• Superboot (Multiple download sites)
• SuperOneClick http://superoneclick-download.soft112.com/
MDM
• MaaS360 www.maas360.com
• MobiControl www.sati.net
• SAP Afaria www.sybase.com
• XenMobile www.citrix.com
IoT Tools
• Attify Zigbee Framework www.attify.com
• AWS IoT Defender aws.amazon.com
• beSTORM Vulnerability Scanner www.beyondsecurity.com
• Censys (search engine) censys.io
• ChipWhisperer newae.com
• CloudShark www.cloudshark.org
• darktarce www.darktarce.com
• DigiCert IoT Security www.digicert.com
• Firmalyzer firmalyzer.com
• Foren6 (IoT Sniffing) cetic.github.io
• Google Cloud Iot cloud.google.com
• IoT Security Platform www.pwnieexpress.com
• IoTsploit iotsploit.com
• JTAGulator grandideastudio.com
• KillerBee github.com
• MultiPing (info gathering) www.pingman.com
• RIoT Vulnerability Scanner www.beyondtrust.com
• SeaCAT security www.tekalabs.com
• SecBee github.com
• Symantec IoT Security www.symantec.com
• Thingful (search engine) www.thingful.net
• Ubertooth github.com
• Z-Wave Sniffer www.suphammer.net
Trojans and Malware
Anti-Malware (Anti-Spyware and Antivirus)
• Ad-Aware www.lavasoft.com
• Avast www.avast.com
• AVG free.avg.com
• BitDefender www.bitdefender.com
• HackAlert www.armorize.com
• Kapersky www.kapersky.com
• MacScan http://macscan.securemac.com
• Malwarebytes www.malwarebytes.com
• McAfee www.mcafee.com
• Panda www.pandasecurity.com
• Spybot Search and Destroy www.safer-networking.org
• SpyHunter www.enigmasoftware.com
• SUPERAntiSpyware www.superantispyware.com
• Symantec www.symantec.com
Crypters and Packers
• EliteWrap https://packetstormsecurity.com/files/14593/elitewrap.zip.html
• Crypter www.crypter.com
• Aegis www.aegiscrypter.com
• AIO FUD (Multiple download sites)
• Galaxy Crypter (Multiple download sites)
• Heaven Crypter (Multiple download sites)
• Hidden Sight Crypter http://securecybergroup.in
• SwayzCryptor (Multiple download sites)
Monitoring Tools
• CurrPorts www.nirsoft.net
• Driver Detective www.driveshq.com
• Fport www.mcafee.com/us/downloads/free-tools/fport.aspx
• HiJackThis http://free.antivirus.com
• ProcessHacker http://processhacker.sourceforge.net
• Regshot http://sourceforge.net/projects/regshot
• SysAnalyzer http://labs.idefense.com/software/malcode.php
• SvrMan http://tools.sysprogs.org
• What’s Running www.whatsrunning.net
Attack Tools
• Nemesis http://nemesis.sourceforge.net
• Netcat http://netcat.sourceforge.net
Web Attacks
Attack Tools
• Black Widow http://softbytelabs.com
• cURL http://curl.haxx.se
• Httprecon www.computec.ch
• ID Serve www.grc.com
• InstantSource www.blazingtools.com
• Metasploit www.metasploit.com
• NetBrute www.rawlogic.com
• Netsparker www.mavitunasecurity.com
• Nstalker http://nstalker.com
• SoapUI www.soapui.org
• WatcherWeb www.casaba.com
• WebInspect www8.hp.com/us/en/software-solutions/webinspect-dynamic-analysis-dast
• WebScarab http://owasp.org
• WebSleuth http://sandsprite.com
• Wfetch www.microsoft.com
• XMLSpy www.altova.com
SQL Injection
• BSQL Hacker http://labs.portcullis.co.uk
• Marathon http://marathontool.codeplex.com
• SQL Brute http://gdssecurity.com
• SQLGET http://darknet.org.uk
• SQL Injection Brute http://code.google.com
• SQLNinja http://sqlninja.sourceforge.net
Miscellaneous
Cloud Security
• Alert Logic www.alertlogic.com
• CloudPassage Halo https://www.cloudpassage.com/
• Core CloudInspect http://coreinspection.com/
• Panda Cloud Office Protection www.cloudantivirus.com
• Symantec O3 www.symantec.com
• Trend Micro Instant-On www.trendmicro.com
Cloud Services Testing
• BlazeMeter blazemeter.com/
• LoadStorm loadstorm.com
• SOASTA www.soasta.com
• Zephyr www.getzephyr.com
IDS
• Snort www.snort.org
Evasion Tools
• ADMmutate www.ktwo.ca
• IDS Informer www.net-security.org
• Inundator http://inundator.sourceforge.net
• NIDSbench http://packetstormsecurity.org/UNIX/IDS/nidsbench/
• Tcp-over-dns http://analogbit.com/software/tcp-over-dns
Pen Test Suites
• Armitage www.fastandeasyhacking.com
• CANVAS http://immunitysec.com
• Cobalt Strike www.cobaltstrike.com
• Codenomicon https://www.synopsys.com
• Core Impact www.coresecurity.com
• Metasploit www.metasploit.org
VPN/FW Scanner
• IKE-Scan http://sectools.org/tool/ike-scan/
Social Engineering
• Social Engineer Toolkit www.trustedsec.com
Extras
• Core Impact Demo https://coresecurity.webex.com/
• Sysinternals https://docs.microsoft.com/en-us/sysinternals/
• Tripwire www.tripwire.com/
Linux Distributions
• BackTrack www.remote-exploit.org/index.php/BackTrack
• Distrowatch http://distrowatch.com
Tools, Sites, and References Disclaimer
All URLs listed in this appendix were current and live at the time of writing. McGraw-Hill Education makes no warranty as to the availability of these World Wide Web or Internet pages. McGraw-Hill Education has not reviewed or approved the accuracy of the contents of these pages and specifically disclaims any warranties of merchantability or fitness for a particular purpose.