Tools for Performing Host Reconnaissance
17.09.2007
| Tool | URL | Description |
|---|---|---|
| 7thportscan | http://www.zone-h.com/en/download/category=71/ | A small port scanner. |
| AcePing | http://www.zone-h.com/en/download/category=28/ | A tool that checks the network statistics and the state of remote computers. |
| Advanced Net Tool (ANT) | http://www.zone-h.com/en/download/category=71/ | A tool that includes the following utilities: portscan, traceroute, dns, sharescan, ping, whois, and others. |
| Advanced Port Scanner | http://www.pcflank.com | A TCP Connect() and TCP SYN Port scanner. |
| Altavista | http://www.altalavista.com | A good tool for searching newsgroups. |
| Amap | http://www.thc.org | A next-generation scanning tool that identifies applications and services even if they are not listening on the default port by creating a bogus communication and analyzing the responses. |
| Angry IP Scanner | http://www.snapfiles.com/Freeware/network/fwscanner.html | A fast and small IP scanner. It pings each IP address to check whether it is alive. Then, optionally, it resolves host names and tries to connect as specified in the Options dialog box TCP port. |
| Animal Port Scanner | http://www.zone-h.com/en/download/category=71/ | A simple port scanner. |
| APNIC | http://www.apnic.net | Asia Pacific Internet Registrar. |
| Archaeoptery x | http://www.zone-h.com/en/download/category=28/ | A passive mode OS identification tool. |
| Archive.org | http://www.archive.org | An archive of the web. Allows you to view old websites. |
| ARIN | http://www.arin.net | American Registry for Internet Numbers. |
| ARPing | http://www.habets.pp.se/synscan/programs.php?prog=arping | Broadcasts a who-has ARP packet on the network and prints answers. |
| AW Security Port Scanner | http://www.atelierweb.com | A high-speed TCP Connect scanning engine. |
| Central Ops Network Utilities | http://www.centralops.net | A tool that provides online Internet utilities including traceroute, NSLookup, ping, and others. |
| Cheops | http://www.marko.net/cheops/ | An open source tool to locate, access, and diagnose network resources. |
| ClearSight Analyzer | http://www.spirentcom.com | A network and application analyzer with visual tools to detect problems. |
| DNS Stuff | http://www.dnsstuff.com | A tool that provides numerous Internet DNS tools including Whois, NSLookup, ping, tracert, and others. |
| Dsniff | http://naughty.monkey.org/~dugsong/dsniff/ | A collection of tools for network auditing and penetration testing. |
| Email Tracker Pro | http://www.emailtrackerpro.com/index.html | A tool that analyzes e-mail to identify the e-mail address and location of the sender. |
| Fast Port Scanner | http://www.zone-h.com/en/download/category=71/ | FPS stands for Fast Port Scanner. |
| FlameThrower | http://www.antara.net | Web and firewall stress-test tool. |
| FriendlyPinger | http://www.kilievich.com/ | A powerful and user-friendly application for network administration, monitoring, and inventory. |
| FS32 Scanner | http://www.zone-h.com/en/download/category=71/ | A tool that scans a range of IP addresses for FTP access. After you are logged in, FS32 proceeds to extract the following information: resume capability, FXP (PASV), and directory create/delete permissions. |
| GFI LANguard | http://www.gfi.com/lannetscan/ | GFI LANguard Network Security Scanner (N.S.S.) checks your network for all potential methods that a hacker might use to attack it. By analyzing the operating system and the applications running on your network, GFI LANguard N.S.S. identifies possible security holes. |
| Gobbler | http://www.networkpenetration.com/downloads.html | A remote OS detection tool that spoofs your source address. |
| Googledorks | http://Johnny.ihackstuff.com | A great website to search Googled-for error messages on websites that reveal way too much information. |
| HPING2 | http://www.hping.org/ | A TCP/IP packet assembler/dissassembler. |
| ICMPID | http://www.nmrc.org/project/index.html | A utility that does remote OS identification using five ICMP packets only. Offers many extra features, including IP spoofing support. |
| IP Blocks | http://www.nologin.org/main.pl?action=codeList& | An IP subnetting and enumeration tool. |
| IP Tools | http://www.zone-h.com/en/download/category=71/ | A tool that scans your network for servers and open ports. |
| IP Tracer 1.3 | http://www.soft32.com | An IP tracer that discovers the country and city for a specific IP. |
| Java Port Scanner | http://www.zone-h.com/en/download/category=71/ | A port scanner written in Java. |
| LACNIC | http://www.lacnic.net | Latin American Internet registrar. |
| LanDiscovery | http://www.snapfiles.com/Freeware/network/fwscanner.html | A small utility that enables you to browse the local network. It quickly enumerates all available network machines and lists them with their shares. |
| LanSpy | http://www.snapfiles.com/Freeware/network/fwscanner.html | A network security scanner that allows you to gather information about machines on the network. This includes domain and NetBIOS names, MAC address, server information, domain and domain controller information, remote control, time, discs, transports, users, global and local users groups, policy settings, shared resources, sessions, open files, services, registry and event log information. |
| Libvsk | http://www.s0ftpj.org/en/site.html | A set of libraries for network traffic manipulation from the user level, with some functions of filtering and sniffing. |
| Local Port Scanner | http://www.zone-h.com/en/download/category=71/ | Another small port scanner. |
| Mercury LoadRunner | http://www.mercury.com | A load-testing product for predicting system behavior and performance. Using limited hardware resources, LoadRunner emulates hundreds or thousands of concurrent users to put the application through the rigors of real-life user loads. |
| MooreR Port Scanner | http://www.snapfiles.com/Freeware/network/fwscanner.html | A basic, standalone network scanner that includes more than 3000 predefined ports to allow you to see what services are running on the machine. |
| NBTscan | http://www.inetcat.org/software/nbtscan.html | A program for scanning IP networks for NetBIOS name information. It sends a NetBIOS status query to each address in a supplied range and lists received information in human-readable form. For each responded host, it lists IP address, NetBIOS computer name, logged-in username, and MAC address. |
| Nessus | http://www.nessus.org/ | An open-source vulnerability scanner. |
| NetScanTools Pro | http://www.netscantools.com/ | A set of information-gathering utilities for Windows 2003/XP/2000. |
| NetView Scanner | http://www.snapfiles.com/Freeware/network/fwscanner.html | NetView Scanner is
three security applications in one:
NetView scans IP addresses for available Windows file and print sharing resources. PortScan scans IP addresses for listening TCP ports. WebBrute tests user password strength on HTTP Basic Authenticated websites. |
| NEWT | http://www.snapfiles.com/Freeware/network/fwscanner.html | A network scanner for administrators that scans machines on a network and attempts to retrieve as much detailed information as possible without the need to run a client on the remote computer. |
| Nikto | http://www.cirt.net/code/nikto.shtml | An open-source (GPL) web server scanner that performs comprehensive tests against web servers for multiple items, including more than 3100 potentially dangerous files/CGIs, versions on more than 625 servers, and version-specific problems on more than 230 servers. |
| Nmap | http://www.insecure.org/nmap/ | A popular port scanner with many options for various port-scanning methods. |
| Nscan | http://www.zone-h.com/en/download/category=71/ | A fast port scanner for Windows (up to 200 ports per second) for both hosts and large networks with numerous features. |
| NSLookup | Included with most operating systems (On Linux, compare with the Dig utility) | A tool for discovering IP information on DNS names. |
| OneSixtyOne | http://www.phreedom.org/solar/onesixtyone/index.html | An SNMP scanner. |
| Packit (Packet toolkit) | http://packetfactory.net/projects/packit/ | A network auditing tool that has the capability to customize, inject, monitor, and manipulate IP traffic. |
| P0f | http://lcamtuf.coredump.cx/p0f.shtml | A passive OS fingerprinting tool. |
| PORTENT Supreme | http://www.loadtesting.com | An HTTP load tester. |
| PromiScan | http://www.shareup.com | Network sniffing detection software. |
| Proport | http://www.zone-h.com/en/download/category=71/ | A rapid port scanner. |
| Retina | http://www.eeye.com/html/Research/Tools/RPCDCOM.html | A vulnerability scanner. |
| Ripe | http://www.ripe.net | The European Internet registry. |
| Root Access Port Scanner | http://www.zone-h.com/en/download/category=71/ | A Windows-based port scanner. |
| SamSpade | http://www.samspade.org/ | A free network query tool with a variety of features, including the capability to scan for e-mail relays, perform DNS zone transfers, and crawl websites. |
| Scapy | http://www.secdev.org/projects/scapy | An interactive packet manipulation tool, packet generator, network scanner, network discovery, and packet sniffer. |
| SendIP | http://www.earth.li/projectpurple/progs/sendip.html | A command-line tool to allow sending of arbitrary IP packets. |
| Sentinel | http://www.packetfactory.net/projects/sentinel/ | An implementation project of effective remote promiscuous detection techniques. |
| ServersCheck | http://www.snapfiles.com/Freeware/network/fwscanner.html | A tool for monitoring, reporting, and alerting on network and system availability. |
| Smart Whois | http://www.tamos.com/products/smartwhois/ | A useful network information utility that allows you to look up all the available information about an IP address, host name or domain, including country, state or province, city, name of the network provider, administrator, and technical support contact information. |
| Sniff-em | http://www.sniff-em.com | A program that captures, monitors, and analyzes network traffic, detecting bottlenecks and other network-related problems. |
| SNScan | http://www.snapfiles.com/Freeware/network/fwscanner.html | An SNMP detection utility that can quickly and accurately identify SNMP-enabled devices on a network. |
| SoftPerfect Network Scanner | http://www.snapfiles.com/Freeware/network/fwscanner.html | A multithreaded IP, SNMP, and NetBIOS scanner. |
| SuperScan | http://www.foundstone.com | Another simple port scanner. |
| Teleport Pro | http://www.tenmax.com/teleport/pro/home.htm | A tool to copy websites to your hard drive. |
| THC-RUT | http://www.thc.org/thc-rut | THC-RUT (pronounced root) is a wide range of network discovery utilities such as ARP lookup on an IP range, spoofed DHCP request, RARP, BOOTP, ICMP-ping, ICMP address mask request, OS fingerprinting, and high-speed host discovery. |
| THC-Scan | http://www.thc.org/ | A war dialer/scanner for DOS and Windows. |
| TFP | http://xenion.antifork.org | An OS detection tool. |
| TIFNY | http://www.tucows.com/preview/195236.html | A utility that opens up to six simultaneous sessions to read and download binaries from newsgroups. |
| TraceProto | http://traceproto.sourceforge.net/index.php | A traceroute replacement that lets you specify the protocol and port to trace to. |
| Tracert (Windows)/Traceroute | Included with UNIX/Linux/Cisco operating systems | A utility to trace a packet through a network. |
| Trellian Trace Route | http://www.tucows.com | A site spidering tool. |
| Trout | http://www.zone-h.com/en/download/category=71/ | A visual traceroute and Whois program. |
| Visual Lookout | http://www.visuallookout.com | A tool to automatically monitor and log IP connection activity on your host. |
| Visual Route Trace | http://www.visualware.com | A tool that has integrated traceroute, ping, reverse DNS, and Whois tools and will also show the connection route on a world map. |
| Webspy | http://www.snapfiles.com/Freeware/network/fwscanner.html | A small tool that lets you find web servers and automatically resolve their domain name (if any). |
| Whois | Built in to most operating systems | A tool that allows you to look up registration data for domains. |
| WotWeb | http://www.snapfiles.com/Freeware/network/fwscanner.html | A cut-down port scanner specifically made to scan for and display active web servers and show the server software running on them. |
| Xprobe | http://www.sys-security.com/index.php?page=xprobe | An active OS fingerprinting tool. |
| YAPS (Yet Another Port Scanner) | http://www.snapfiles.com/Freeware/network/fwscanner.html | YAPS is short for "Yet Another Port Scanner." and this is exactly what it is. In fact, YAPS is a basic but small and fast TCP/IP port scanner with little configuration options and a fairly plain interface. |
| Zodiac | http://www.packetfactory.net/projects/zodiac/ | A DNS protocol analyzation and exploitation program. |
T
Related information
