Google’s Go: A New Programming Language: Python plus C++

Posted by Shashank Krishna Wednesday, November 11, 2009

Google on Tuesday said it was putting into the open source realm an experimental programming language called Go, which attempts to combine the development speed of a dynamic language like Python with the performance and safety of a compiled language like C or C++.

Here’s how Google describes Go in its blog post:
Go attempts to combine the development speed of working in a dynamic language like Python with the performance and safety of a compiled language like C or C++. In our experiments with Go to date, typical builds feel instantaneous; even large binaries compile in just a few seconds. And the compiled code runs close to the speed of C. Go is designed to let you move fast.
We’re hoping Go turns out to be a great language for systems programming with support for multi-processing and a fresh and lightweight take on object-oriented design, with some cool features like true closures and reflection.

Go is …

… simple

package main

import "fmt"

func main() {

… fast

Go compilers produce fast code fast. Typical builds take a fraction of a second yet the resulting programs run nearly as quickly as comparable C or C++ code.

… safe

Go is type safe and memory safe. Go has pointers but no pointer arithmetic. For random access, use slices, which know their limits.

… concurrent

Go promotes writing systems and servers as sets of lightweight communicating processes, called goroutines, with strong support from the language. Run thousands of goroutines if you want—and say good-bye to stack overflows.

… fun

Go has fast builds, clean syntax, garbage collection, methods for any type, and run-time reflection. It feels like a dynamic language but has the speed and safety of a static language. It's a joy to use.

… open source

Go for it.

Destroy twitter..a twitter app built on adobe air

Posted by Shashank Krishna Friday, October 23, 2009

IconDestroyTwitter is a compact though robust Twitter application built to run on Mac, Windows, and Linux using Adobe AIR. It consists of a series of canvases that constantly update to keep tweets up-to-date using notifications that appear when a new tweet arrives. DestroyTwitter uses a minimal amount of memory compared to its AIR-based alternatives without sacrificing functionality and performance. As a result, it can easily run in the background as an automated process.

DestroyTwitter also features complete direct messaging functionality. Messages and tweets can be replied to with the original visible for quick and easy reference. A search function is also available to track anything that’s being talked about although not as powerfull as Tweetdeck’s searching options

Destroy Twitter’s full Feature List
  • – Auto refresh
  • – Notifications
  • – Full tweet, reply, and direct message support
  • – User profiles
  • – Preferences
  • – Searching
  • – Account updating
  • – Scroll wheel support
  • – TinyURL integration
  • – Mac OS X hotkey support
  • – Tweet dialogue
  • – API limit status and notification
You can choose from three different “canvases” displayed in columns:
  • Home, Replies and (Direct) Messages
  • Search, Saved (Favorites), and Sent
  • Preferences, Account, People

Each pane is pretty much self explanatory for most Twitter users, even though they’ve given them slightly different names.. The account pane shows your profile information and the people pane shows user information when you click on an avatar, similarly to Tweetdeck. Unlike Tweetdeck you can’t create custom columns for groups, probably the most important feature in TweetDeck in my book.

The preferences pane is where the best features are. You can fine-tune your preferences to open the app at start-up, manage the size of the workspace and how many tweets you want to show at once, or make the font size larger (essential for me, the font when it first launches is unbelievably small). In these days of limkited API calls to Twitter, you can set how often you want DestroyTwitter to ping Twitter for new Tweets and you can set different rates for search and messages, so you can ration your 100 calls to the API per hour based on how you use Twitter. Like the new release of TweetDeck, you can also see how many calls to the API you’ve made, and if you’ve gone over limit, when you’ll be able to call again.

NS2 installation problems in ubuntu

Posted by Shashank Krishna Sunday, October 11, 2009

The ns2 version taken here is 2.31, if you downloaded any other version, please modify your version during installation

1)Uncompress the ns2

tar zxvf ns-allinone-2.31.tar.gz
gzip -d ns-allinone-2.31.tar.gz
tar xvf ns-allinone-2.31.tar

2) cd /opt/ns-allinone-2.31 (since /opt is the folder which is unused, so i have selected that folder to install, however you can install that in any folder)

3) ./install (execute the command)

4) If the installation fails in the middle, then try to install the linux packages that are

necessary to run NS2. (In any linux (ubuntu or fedora or redhat or suse), install the TCL/TK, Perl packages during the installation of linux...)

Common errors

While installing ns2, sometimes we get errors some of them are mentioned below (as keywords used to search). Apart from these errors there are many other types of errors also which occurs.

  • tcl8.4.18 make failed! exiting…
  • tk8.4.18 make failed!
  • make: *** [tk3d.o] error 1 tk8.4.18 make
  • tk8.4.18 make fail

Here are some steps and precautions to install ns2 in one shot.

  1. Always install your linux distro with full programming support, this will help you to install ns2 more easily, here programming support means support for perl, tcl, gcc etc.
  2. Also install this packages

    install autoconf

    install automake

    install gcc-c++

    install libX11-devel

    install xorg-x11-proto-devel

    install libXt-devel

    install libXmu-devel

Now try installing ns2, hope it should get install properly

5) Once the installation succeeded, then the path information will be provided by the NS2

6) Set the path in the /root/.bash_profile
(vi /root/.bash_profile)

If you are a user home//.bash_profile (for example, if your the username is tsp, then execute this command vi /home/tsp/.bash_profile)
7) set the PATH and the LD_LIBRARY_PATH according to the point number 11.

8) logout and login.

9) go to the terminal and try ns or nam

Track your information with Formfox

Do you know where your information is going once you send it across the internet? Well you may be surprised at what you find about some of the most trusted sites. That's when Formfox comes in. Formfox allows you to protect yourself by knowing where your information is being sent and who can see this information. The information of where your information is going shows up anywhere information can be entered at. I know I said information too much in one sentence lol, but its all good. So is your information if you use Formfox to keep your personal information safe from hackers and identity thieves.

Firefox features

Posted by Shashank Krishna


Firefox 3.5 uses the Gecko 1.9.1 engine, which adds features that were not included in the 3.0 release. These include support for the and elements defined in the HTML 5 draft specification, with a goal to offer video and audio playback without being encumbered by patent issues associated with most plugin and codec technologies.[27] Codecs for Theora video, Vorbis audio and the Ogg container are built in. As originally recommended by HTML 5 (see Ogg controversy), this codec combination for supporting the audio and video elements are also working in test versions of the Opera and Chrome browsers, see Theora#Playback. Cross-site XMLHttpRequests (XHR), which can allow for more powerful web applications and an easier way to implement mashups, are also implemented in 3.5.[28] A new global JSON object contains native functions to serialize and deserialize JSON objects, as specified by the ECMAScript 3.1 draft,[29] and CSS 3 selector support has been added. Multi-touch support was also added to the release, including gesture support like pinching for zooming and swiping for back and forward.[30] Firefox 3.5 also features an updated logo from the previous releases.[31]

A minor change for Version 3.5 is the default search engine in Russian language builds, which uses the search engine Yandex rather than Google, after a survey of Russian Firefox users indicated they preferred Yandex.[32]

The first update, 3.5.1, was released on July 16, 2009. It solved some vulnerabilities detected after the final release. Another update, 3.5.2, was released on August 3, 2009, followed by version 3.5.3 on September 9, 2009.

The results of the Acid3 test on Firefox 3.5

Starting July 14, 2009, the upgrade to 3.5 was offered to users of Firefox 3.0 through the automatic internal "push" update mechanism.

What is John the Ripper

Posted by Shashank Krishna Wednesday, September 30, 2009

John the ripper is a password cracking tool which decryptes the passwords using DES standards..

Password Files

Create a text document with the password that you want to crack in it with the format given below


Or you can just use the file in the format it is given, John the Ripper will work with either format, this is an example of what part of a password file looks like with all the information.

john:234abc56:9999:13:John Johnson:/home/dir/john:/bin/john

To open a text document in windows go to start/programs/accessories/word pad

Broken down, this is what the above password file states:

john:234abc56:9999:13:John Johnson:/home/dir/john:/bin/john

Username: john

Encrypted Password: 234abc56

User Number: 9999

Group Number: 13

Other Information: John Johnson

Home Directory: /home/dir/john

Shell: /bin/john

John the Ripper

Open a Dos window, then change to the directory in which the file is in (using the cd comand) then you must decide how you want to crack the file. I would recommend the following approach
single mode
wordlist mode
wordlist mode with rules

To open a dos window go to start/programs/dos prompt

Using the Single Crack Mode

Using the single crack mode is recommended as the first mode as it will break all the week passwords. Single crack mode runs through a set of simple rules with a basic word list, this mode is a good way to start as it is fast and will quickly break weak passwords.

john -single pass.txt

where pass.txt is your password file, information on configuring the single crack mode from the defaults is given in the documentation that comes with John the Ripper in the RULES document

Using the Wordlist Mode

To run John the Ripper with a wordlist using the rules option, type in the Dos window

john -w:word.dic -rules pass.txt

where word.dic is your wordlist and pass.txt is your password file, a word list of 2megs is recommended. This mode of cracking will use your specified wordlist with a set of rules and will break most passwords as most users will chose passwords which have meaning and are easy to remember.

Using the Incremental Mode

The incremental mode should be used after trying the single and wordlist modes.

john -i:all pass.txt goes through all characters

john -i:alpha pass.txt goes though all the letters

john -i:digits pass.txt goes through all numbers

john -i:lanman pass.txt goes through capital letters, lower case letters, numbers and a few special characters

The incremental does as the name suggests by incrementing though all possible permiutations of the character set. First it would try a then b then c through to zzzzzz if the minimum value was 1 and the maximum value was 6, and the character set was all lower case letters.

Using an external mode

john -external:MODE pass.txt

where pass.txt is the password file to be cracked and MODE is defined in the john.ini file in the [list.External:MODE] section.

Trading Hard-Drive Space for Speed

Trading hard-drive space for speed

if you use jtr and you use the incremental modes often you might want to try this.

john -stdout i:[whatever] > blah.txt

where whatever is your favorite mode for john. Then when you want to run that incremental you would type

john -w:blah.txt

this works much faster and comes in handy if you can trade hard drive space for preformance

Customizing Cracking Modes

Configuring Incremental Mode

Editing the john.ini file for the incremental mode can be done as shown below

1) scroll down to where it says #incremental

2) go to the


File = ~/alpha.chr

MinLen = 0

MaxLen = 8

CharCount = 26

Now you need to guess the minimum and maximum lengths so if you think that it is a 5 digit password you would change it to look like


File = ~/alpha.chr

MinLen = 5

MaxLen = 5

CharCount = 36


save your changes and then open your Dos windows and type

john -i:alpha pass.txt

Configuring the Wordlist Mode

Open the john.ini file and scroll down to the


add the rules in the order that u want them to run, for more information on how to create a rule set refer to the RULES document that comes with John the Ripper click here for some examples.

Making a Character Set

To generate a character set for use with the incremental mode.

This mode is usefull in using any characters you choose to use. Say for instance by some deceptive means that we know the password is only made up of capitol letters and numbers.
( but you can use any combination of upper case, lower case, a couple of special chars, any thing you want to add).

To generate the character set follow the following instructions.

1) Open up a text editor (click here if unsure how)

2) type the characters you want preceeded by a ":" you will type this


3) then goto save as " john.pot" make sure you DONT save it as a text file so select all file types, also make sure you save it in the same dir as your JTR program.

4) Then go to your dos prompt where you normally run JTR from and type

john -makechars:custom.chr

5) JTR will do a few calculations and it will tell you how many characters you have used - make a note of how many.

6) then either edit john.ini or open it with your text editor. Scroll down till you see the incremental section. Add the following lines.


File = ~/custom.chr

Minlen = 0

Maxlen = 8

CharCount = 36

7) You make the charcount what ever JTR calculated - obviuosly if you have the alphabet plus ten numbers that is going to add up to 36, then save the changes made to john.ini.
minlen and maxlen can be anything you want, for values of min length under 3 is almost instantanous so you may as well make it start at 0 just in case some sys admin was feeling easy that day. There is no sense in making the max lenghth larger than 8 unless you have way too much time on your hands, especially in word mode where the way JTR handles it - if it gets a match on the first 8 chars then that will be considered a correct guess.

9) In your dos prompt or wherever you normally run JTR from type

john -i:custom pass.txt

where pass.txt is the password file to break

Cracking specific accounts

a) ignoring a type of shell

b) choseing the shells u want to crack

c) cracking specific users in multiple accounts

d) excluding users from cracking attempt

e) loading specific users

If you notice that an account has a disabled shell you can make John ignore them. If the disabled shell was /etc/expired you would type

john -show -shells:-/etc/expired password.txt

where password.txt is the encrypted file. If there are multiple shells you wish to ignore you would type

john -show -shells:-expired,newuser password.txt

if the other shell was /etc/newuser

If you only want to crack accounts from shells;sh,csh,tcsh,bash you would type
john -w:dictonary.dic -rules -shells:sh,csh,tcsh,bash

you might choose this option if the other user accounts have very limited priviledges

To crack a specific user in multiple password files password1.txt password2.txt and password3.txt you would type

john -w:dictonary.dic -rules -users:0 password*

that will attempt to crack root in all three files.

To exclude users from the cracking attempt, for example say that you know the root password consists on 9 characters, since you wont want to waste your time trying to crack root you would type

john -w:dictonary.dic -rules -users:-root password.txt

Loading specific users type
john -users:[-]LOGIN|UID[,..] pass.txt for specific users
john -groups:[-]GID[,..] pass.txt for specific groups
john -shells:[-]SHELL[,..] pass.txt for specific shells

with the shell option you can omit the path before a shell name, so '-shells:csh' will match both '/bin/csh' and '/usr/bin/csh', while '-shells:/bin/csh' will only match '/bin/csh'.

Simultaneous Cracking

If you have several password files you can crack them all at the same time, if your password files are password1.txt, password2.txt and password3.txt you would type

john -single password1.txt password2.txt password3.txt
john -single password*

Defining Custom Rules

There isn't really any way that I can make all this up from scratch, so I am going to refer heavily to the JTR documentation in this section, though I will add examples of how you could use each option. I am unfortunately going to tell you that you must read the example rules in the original john.ini file as these are well annotated and explain what happens to each word. I am not going to explain the rules too simply so click here for a breakdown of what each command does.

I am going to assume you leave the -single option alone, but want to apply rules to your own wordfile. The command to run is then :

john password.txt -w:wordfile.dic -rules

Load up the original john.ini and find this about half way down :

  1. Wordlist mode rules


This is where you will type your rules, and where the example set are. Note that any line starting with "#" is an annotation and ignored by JTR, and I ( and I suggest you ) comment out lines that could be run by adding a semi-colon in front of it so that JTR skips it this time.

I suggest you delete everything that is there already - remember you can click the above link to get them back again. Remember that in what follows, only the yellow lines would run - so comment the others out ( best not delete them so you can refer back to them later )


only check words that are 5 or 6 characters long


only check words that are 6 long, and then lowercase and make first letter a capital


lowercase, and swap 'e' for '3'. Reject if no 'e' or longer than 8


lowercase, and swap 'i' for '1'. Reject if no 'i' or length not equal to 3


lowercase, swap 'i' for '1' and prepend 0-9 in turn. Reject if no 'i' or starting word length is 8+


Truncate at 6 long, swap 'i' for '1' and 'e' for '3' and append one digit. Reject if no 'i' or 'e'

Word = 4 long, prepend 2 digits ( i.e. birthyear ) and swap case of second letter ( position 1 )


Truncate at 7 chars, swap case of first letter, then append either a vowel or a number


Using insertion, make first char be 'X' and third 'Y' - i.e. word -> XwYord


Overwrite fifth character to be 1,2 or 3 - i.e. password -> pass1ord, pass2ord, pass3ord


Reject the word unless it has a number. Swap '5' for 'Y', if it has one


Reject the word unless it has a digit as the first character. Then append a '6'


Delete all spaces from the word ( well, phrase here


Reject the word unless 'x' appears at least twice

Those are the main types of rule, and by mixing and matching then you can probably crack any password that is based on a word. Instant respect to those that crack 2hqBaxh/iGPzU. I have a 91kb word.ini, which about covers everything - but with substantial cutting, pasting, searching and replacing

The only other thing to mention is that in some circumstance ( such as if you applying very complicated rules, or only doing a few simple one ) you can output what the rules are doing to the words by typing :

john -w:wordfile.dic -rules -stdout > output.file

Note that no cracking is actually occuring so no password file is specified. The most useful advantage of the above is that it enables you to check that the rules are doing what you wanted them to do, and that you haven't gone wrong in writing john.ini. Bear in mind that JTR generates words very quickly - mine creates a MB in just over 30 seconds. If you apply very complicated rules to a large wordfile, you can fill up your HD so press 'space' to check on your progress. I wouldn't go running it for more than an hour without some simple maths to check you have the space

Saving and Viewing Cracked Passwords

Saving and restoring multiple or single sessions

saving your cracking attack, push Ctrl C and john will save where it is up to, to resume type

john -restore

This will only allow you to save one file, to save more than one file you must define the session before starting by typing

john -session:name pass.txt

where name is the name you want to give to the session and pass.txt is the password file you want to crack. To restore the session type

john -restore:name

To view how far through a saved session you are type

john -status:name

View your cracked passwords


john -show pass.txt

where pass.txt is the password file to break

Viewing the Status of a Saved or Interrupted file

If your session has been interupted (computer reset, power failure, etc) you can see how far through the process you where by typing

john -status

this will give an output like this

guesses: 3 time: 0:00:00:50

If you have been running multiple session and have them saved using different names you can view each one seperatly by typing

john -status:name1

john -status:name2

where name1 and name2 are two session you where running previously. Click here for information on how to save multiple sessions.

Viewing specific cracked accounts

To check if any root accounts got cracked type

john -show -users:0 password.txt

To check multiple files, password1.txt and password2.txt type

john -show -users:0 password*

To check for privileged accounts type

john -show -groups:0,1 password.txt

Piping the output

What is pipeing? Pipeing is where you can redirect the output of a dos program from the screen into a file. This makes it possible to view all the output, where some of the output wont fit on the screen. Another way to view all the output is using the scroll lock key, however pipeing allows you to reference the output later.
When you crack a large file all the cracked accounts will not fit on to the screen, so to make for easy viewing you can pipe the results into a text file, for example if you had cracked a file called pass.txt to pipe the cracked accounts into a text file you could type

john -show pass.txt > output.txt

where output.txt is the file you wish to pipe the cracked accounts into.

Specifying the Type of Encryption to crack

To change the type of cipher text to crack type

john -format:NAME

where name is one of the following: DES, BSDI, MD5, BF, AFS, LM

Using Salts

The salts are used to make the encryption harder to break, to example sections of password files are given below, try using John the Ripper with both of them and look at the different in the c/s


Notice that the first two letters of each encrypted password are the same.















Notice that when you run the second password file you will get values of around 7000 c/s where as with the first lots of passwords you will get values around 2500000 c/s. When there are no different salts brute forcing a - zzzzzz becomes a very feasible option.


the modes for using the salts are



an example command would be


john password.txt -salt:1000 -i:custom


The 'salt' option tells it only to crack accounts if there are at least 1000 accounts with the same salt.

Common Problems

Zero Passwords loaded

click here first, if you have done this step correctly try typing

john -show pass.txt

as the password may already be cracked and stored in john.pot

John opens then immediately closes

John gives you an incorrect password

If you run John and it displays a password that doesnt work or looks like

guesses: 0 time 00.00.01:13 c/s 6100 trying trypah - tuahj

This is NOT a cracked password this is a common mistake people make a cracked

password looks like this

guesses: 0 time 00.00.01:13 c/s 6100 trying trypah - tuahj

blah (blah)

Fatal Errors or Access Denied

Simply delete your copy of John the Ripper and go to the homepage and download it again

Windows XP file association fixes...also adding items in right click

Posted by Shashank Krishna Monday, September 7, 2009

Recently i stubled upon this amazing collection which has a registry fix for almost every possoble file association in XP.
My regareds to dougnox for this collection
Here are the fixes

The files listed here are all ZIP files, which contain a REG (Registry) file. Download the ZIP and open it. Extract the REG file to your hard disk and double click it. Answer yes to the import prompt. REG files can be viewed in Notepad. Each of the REG files contains the default settings for the file extension indicated. For the ZIP file fix, the download is a REG file, since ZIP's aren't working anyway!

NOTE: If your EXE file associations are corrupted, it can be difficult to open REGEDIT, or to even import REG files. To work around this, press CTRL-ALT-DEL and open Task Manager. Once there, click File, then hold down the CTRL key and click New Task (Run). This will open a Command Prompt window. Enter REGEDIT.EXE and press Enter.

Batch File Association Fix (Restore the default associations for BAT files)
CAB File Association Fix (Restore the default associations for CAB files)

CHM File Association Fix (Restore the default associations for CHM files)
COM File Association Fix (Restore the default associations for COM files) - Thanks to John Hanney
CPL File Association Fix (Restore the default associations for CPL files)
Directory Extension Fix (Restores defaults to HKCR\Directory)
Drive Association Fix (Restores default settings for hard drives)
EML File Association Fix (Restores defaults for EML files)
EXE File Association Fix (Restore default association for EXE files)
Folder Association Fix (Restore default associations for File Folders)
GIF File Association Fix (Restore default associations for GIF Files)
HLP File Association Fix (Restore default associations for HLP files)

HTA File Association Fix (Restore default associations for HTA Files
HTM/HTML Associations (Restore the default associations for htm/html files)
ICO File Association Fix (Restore the default association for ico files)
INF File Association Fix (Restore the default assocation for INF files)
Internet Explorer Desktop Icon Fix (Restore the default behavior for the Desktop IE icon)

JPE/JPG/JPEG Association Fix (Restore the default associations for jpe/jpg/jpeg files)
LNK (Shortcut) File Association Fix (Restores Default Shortcut Behavior)
MPG/MPEG File Association Fix (Restores default associations for MPG/MPEG files)
MSC File Association Fix (Restore default associations for MSC files)
MSI File Association Fix (Restore default associations for MSI files)
MSP File Association Fix (Restore default associations for MSP files)
REG File Association Fix (Restore default associations for REG files)
SCF File Association Fix (Restore default associations for SCF files)
SCR File Association Fix (Restore default associations for SCR files)
TXT File Association Fix (Restore default associations for TXT files)
TIF/TIFF File Association Fix (Restores default associations for TIF/TIFF files)
URL File Association Fix (Restores default associations for URL - Internet shortcuts)
VBS File Association Fix (Restores default associations for VBS files)
ZIP Folder Association Fix (Restores default associations for ZIP Folders - REG File)

This page last updated 04/21/2007 16:43
All material © Doug Knox

Top 100 Network Security Tools (by

Posted by Shashank Krishna Saturday, August 22, 2009

Top 100 Network Security Tools

After the tremendously successful 2000 and 2003 security tools surveys, Insecure.Org is delighted to release this 2006 survey. I (Fyodor) asked users from the nmap-hackers mailing list to share their favorite tools, and 3,243 people responded. This allowed me to expand the list to 100 tools, and even subdivide them into categories. Anyone in the security field would be well advised to go over the list and investigate tools they are unfamiliar with. I discovered several powerful new tools this way. I also point newbies to this site whenever they write me saying “I don't know where to start”.

Respondents were allowed to list open source or commercial tools on any platform. Commercial tools are noted as such in the list below. No votes for the Nmap Security Scanner were counted because the survey was taken on a Nmap mailing list. This audience also biases the list slightly toward “attack” hacking tools rather than defensive ones.

Each tool is described by one ore more attributes:

newDid not appear on the 2003 list
/Popularity ranking rose / fell the given number since the 2003 survey
  TITLE=Generally costs money. A free limited/demo/trial version may be available.
LinuxWorks natively on Linux
*BSDWorks natively on OpenBSD, FreeBSD, Solaris, and/or other UNIX variants
OS XWorks natively on Apple Mac OS X
WindowsWorks natively on Microsoft Windows
Command-line interfaceFeatures a command-line interface
GUI InterfaceOffers a GUI (point and click) interface
Source codeSource code available for inspection.

Please send updates and suggestions (or better tool logos) to Fyodor. If your tool is featured or you think your site visitors might enjoy this list, you are welcome to use our link banners. Here is the list, starting with the most popular:

GUI Interface
Nessus : Premier UNIX vulnerability assessment tool
Nessus was a popular free and open source vulnerability scanner until they closed the source code in 2005 and removed the free "registered feed" version in 2008. A limited “Home Feed” is still available, though it is only licensed for home network use. Some people avoid paying by violating the “Home Feed” license, or by avoiding feeds entirely and using just the plugins included with each release. But for most users, the cost has increased from free to $1200/year. Despite this, Nessus is still the best UNIX vulnerability scanner available and among the best to run on Windows. Nessus is constantly updated, with more than 20,000 plugins. Key features include remote and local (authenticated) security checks, a client/server architecture with a GTK graphical interface, and an embedded scripting language for writing your own plugins or understanding the existing ones.

See all vulnerability scanners

Command-line interface
GUI Interface
Source code
Wireshark : Sniffing the glue that holds the Internet together
Wireshark (known as Ethereal until a trademark dispute in Summer 2006) is a fantastic open source network protocol analyzer for Unix and Windows. It allows you to examine data from a live network or from a capture file on disk. You can interactively browse the capture data, delving down into just the level of packet detail you need. Wireshark has several powerful features, including a rich display filter language and the ability to view the reconstructed stream of a TCP session. It also supports hundreds of protocols and media types. A tcpdump-like console version named tethereal is included. One word of caution is that Ethereal has suffered from dozens of remotely exploitable security holes, so stay up-to-date and be wary of running it on untrusted or hostile networks (such as security conferences).

See all packet sniffers

Command-line interface
Source code
Snort : Everyone's favorite open source IDS
This lightweight network intrusion detection and prevention system excels at traffic analysis and packet logging on IP networks. Through protocol analysis, content searching, and various pre-processors, Snort detects thousands of worms, vulnerability exploit attempts, port scans, and other suspicious behavior. Snort uses a flexible rule-based language to describe traffic that it should collect or pass, and a modular detection engine. Also check out the free Basic Analysis and Security Engine (BASE), a web interface for analyzing Snort alerts.

Open source Snort works fine for many individuals, small businesses, and departments. Parent company SourceFire offers a complimentary product line with more enterprise-level features and real-time rule updates. They offer a free (with registration) 5-day-delayed rules feed, and you can also find many great free rules at Bleeding Edge Snort.

See all intrusion detection systems

Command-line interface
Source code
Netcat : The network Swiss army knife
This simple utility reads and writes data across TCP or UDP network connections. It is designed to be a reliable back-end tool that can be used directly or easily driven by other programs and scripts. At the same time, it is a feature-rich network debugging and exploration tool, since it can create almost any kind of connection you would need, including port binding to accept incoming connections. The original Netcat was released by Hobbit in 1995, but it hasn't been maintained despite its immense popularity. It can sometimes even be hard to find nc110.tgz. The flexibility and usefulness of this tool have prompted people to write numerous other Netcat implementations - often with modern features not found in the original. One of the most interesting is Socat, which extends Netcat to support many other socket types, SSL encryption, SOCKS proxies, and more. It even made this list on its own merits. There is also Chris Gibson's Ncat, which offers even more features while remaining portable and compact. Other takes on Netcat include OpenBSD's nc, Cryptcat, Netcat6, PNetcat, SBD, and so-called GNU Netcat.

See all Netcats

Command-line interface
Source code
Metasploit Framework : Hack the Planet
Metasploit took the security world by storm when it was released in 2004. No other new tool even broke into the top 15 of this list, yet Metasploit comes in at #5, ahead of many well-loved tools that have been developed for more than a decade. It is an advanced open-source platform for developing, testing, and using exploit code. The extensible model through which payloads, encoders, no-op generators, and exploits can be integrated has made it possible to use the Metasploit Framework as an outlet for cutting-edge exploitation research. It ships with hundreds of exploits, as you can see in their online exploit building demo. This makes writing your own exploits easier, and it certainly beats scouring the darkest corners of the Internet for illicit shellcode of dubious quality. Similar professional exploitation tools, such as Core Impact and Canvas already existed for wealthy users on all sides of the ethical spectrum. Metasploit simply brought this capability to the masses.

See all vulnerability exploitation tools

Command-line interface
Source code
Hping2 : A network probing utility like ping on steroids
This handy little utility assembles and sends custom ICMP, UDP, or TCP packets and then displays any replies. It was inspired by the ping command, but offers far more control over the probes sent. It also has a handy traceroute mode and supports IP fragmentation. This tool is particularly useful when trying to traceroute/ping/probe hosts behind a firewall that blocks attempts using the standard utilities. This often allows you to map out firewall rulesets. It is also great for learning more about TCP/IP and experimenting with IP protocols.

See all packet crafting tools

Command-line interface
Source code
Kismet : A powerful wireless sniffer
Kismet is an console (ncurses) based 802.11 layer2 wireless network detector, sniffer, and intrusion detection system. It identifies networks by passively sniffing (as opposed to more active tools such as NetStumbler), and can even decloak hidden (non-beaconing) networks if they are in use. It can automatically detect network IP blocks by sniffing TCP, UDP, ARP, and DHCP packets, log traffic in Wireshark/TCPDump compatible format, and even plot detected networks and estimated ranges on downloaded maps. As you might expect, this tool is commonly used for wardriving. Oh, and also warwalking, warflying, and warskating, ...

See all wireless tools, and packet sniffers

Command-line interface
Source code
Tcpdump : The classic sniffer for network monitoring and data acquisition
Tcpdump is the IP sniffer we all used before Ethereal (Wireshark) came on the scene, and many of us continue to use it frequently. It may not have the bells and whistles (such as a pretty GUI or parsing logic for hundreds of application protocols) that Wireshark has, but it does the job well and with fewer security holes. It also requires fewer system resources. While it doesn't receive new features often, it is actively maintained to fix bugs and portability problems. It is great for tracking down network problems or monitoring activity. There is a separate Windows port named WinDump. TCPDump is the source of the Libpcap/WinPcap packet capture library, which is used by Nmap among many other tools.

See all packet sniffers

GUI Interface
Cain and Abel : The top password recovery tool for Windows
UNIX users often smugly assert that the best free security tools support their platform first, and Windows ports are often an afterthought. They are usually right, but Cain & Abel is a glaring exception. This Windows-only password recovery tool handles an enormous variety of tasks. It can recover passwords by sniffing the network, cracking encrypted passwords using Dictionary, Brute-Force and Cryptanalysis attacks, recording VoIP conversations, decoding scrambled passwords, revealing password boxes, uncovering cached passwords and analyzing routing protocols. It is also well documented.

See all password crackers, and packet sniffers

Command-line interface
Source code
John the Ripper : A powerful, flexible, and fast multi-platform password hash cracker
John the Ripper is a fast password cracker, currently available for many flavors of Unix (11 are officially supported, not counting different architectures), DOS, Win32, BeOS, and OpenVMS. Its primary purpose is to detect weak Unix passwords. It supports several crypt(3) password hash types which are most commonly found on various Unix flavors, as well as Kerberos AFS and Windows NT/2000/XP LM hashes. Several other hash types are added with contributed patches. You will want to start with some wordlists, which you can find here, here, or here.

See all password crackers

Command-line interface
GUI Interface
Source code
Ettercap : In case you still thought switched LANs provide much extra security
Ettercap is a terminal-based network sniffer/interceptor/logger for ethernet LANs. It supports active and passive dissection of many protocols (even ciphered ones, like ssh and https). Data injection in an established connection and filtering on the fly is also possible, keeping the connection synchronized. Many sniffing modes were implemented to give you a powerful and complete sniffing suite. Plugins are supported. It has the ability to check whether you are in a switched LAN or not, and to use OS fingerprints (active or passive) to let you know the geometry of the LAN.

See all packet sniffers

Command-line interface
Source code
Nikto : A more comprehensive web scanner
Nikto is an open source (GPL) web server scanner which performs comprehensive tests against web servers for multiple items, including over 3200 potentially dangerous files/CGIs, versions on over 625 servers, and version specific problems on over 230 servers. Scan items and plugins are frequently updated and can be automatically updated (if desired). It uses Whisker/libwhisker for much of its underlying functionality. It is a great tool, but the value is limited by its infrequent updates. The newest and most critical vulnerabilities are often not detected.

See all web vulnerability scanners

Command-line interface
Source code
Ping/telnet/dig/traceroute/whois/netstat : The basics
While there are many whiz-bang high-tech tools out there to assist in security auditing, don't forget about the basics! Everyone should be very familiar with these tools as they come with most operating systems (except that Windows omits whois and uses the name tracert). They can be very handy in a pinch, although for more advanced usage you may be better off with Hping2 and Netcat.

Command-line interface
Source code
OpenSSH / PuTTY / SSH : A secure way to access remote computers
SSH (Secure Shell) is the now ubiquitous program for logging into or executing commands on a remote machine. It provides secure encrypted communications between two untrusted hosts over an insecure network, replacing the hideously insecure telnet/rlogin/rsh alternatives. Most UNIX users run the open source OpenSSH server and client. Windows users often prefer the free PuTTY client, which is also available for many mobile devices. Other Windows users prefer the nice terminal-based port of OpenSSH that comes with Cygwin. Dozens of other free and proprietary clients exist. You can explore them here or here.

Command-line interface
GUI Interface
Source code
THC Hydra : A Fast network authentication cracker which supports many different services
When you need to brute force crack a remote authentication service, Hydra is often the tool of choice. It can perform rapid dictionary attacks against more then 30 protocols, including telnet, ftp, http, https, smb, several databases, and much more. Like THC Amap this release is from the fine folks at THC.

See all password crackers

Command-line interface
GUI Interface
Source code
Paros proxy : A web application vulnerability assessment proxy
A Java based web proxy for assessing web application vulnerability. It supports editing/viewing HTTP/HTTPS messages on-the-fly to change items such as cookies and form fields. It includes a web traffic recorder, web spider, hash calculator, and a scanner for testing common web application attacks such as SQL injection and cross-site scripting.

See all web vulnerability scanners

Command-line interface
Source code
Dsniff : A suite of powerful network auditing and penetration-testing tools
This popular and well-engineered suite by Dug Song includes many tools. dsniff, filesnarf, mailsnarf, msgsnarf, urlsnarf, and webspy passively monitor a network for interesting data (passwords, e-mail, files, etc.). arpspoof, dnsspoof, and macof facilitate the interception of network traffic normally unavailable to an attacker (e.g, due to layer-2 switching). sshmitm and webmitm implement active monkey-in-the-middle attacks against redirected ssh and https sessions by exploiting weak bindings in ad-hoc PKI. A separately maintained partial Windows port is available here. Overall, this is a great toolset. It handles pretty much all of your password sniffing needs.

See all packet sniffers

GUI Interface
NetStumbler : Free Windows 802.11 Sniffer
Netstumbler is the best known Windows tool for finding open wireless access points ("wardriving"). They also distribute a WinCE version for PDAs and such named Ministumbler. The tool is currently free but Windows-only and no source code is provided. It uses a more active approach to finding WAPs than passive sniffers such as Kismet or KisMAC.

See all wireless tools, and packet sniffers

Command-line interface
Source code
THC Amap : An application fingerprinting scanner
Amap is a great tool for determining what application is listening on a given port. Their database isn't as large as what Nmap uses for its version detection feature, but it is definitely worth trying for a 2nd opinion or if Nmap fails to detect a service. Amap even knows how to parse Nmap output files. This is yet another valuable tool from the great guys at THC.

See all application-specific scanners

GUI Interface
GFI LANguard : A commercial network security scanner for Windows
GFI LANguard scans IP networks to detect what machines are running. Then it tries to discern the host OS and what applications are running. I also tries to collect Windows machine's service pack level, missing security patches, wireless access points, USB devices, open shares, open ports, services/applications active on the computer, key registry entries, weak passwords, users and groups, and more. Scan results are saved to an HTML report, which can be customized/queried. It also includes a patch manager which detects and installs missing patches. A free trial version is available, though it only works for up to 30 days.

See all vulnerability scanners

Command-line interface
Source code
Aircrack : The fastest available WEP/WPA cracking tool
Aircrack is a suite of tools for 802.11a/b/g WEP and WPA cracking. It can recover a 40 through 512-bit WEP key once enough encrypted packets have been gathered. It can also attack WPA 1 or 2 networks using advanced cryptographic methods or by brute force. The suite includes airodump (an 802.11 packet capture program), aireplay (an 802.11 packet injection program), aircrack (static WEP and WPA-PSK cracking), and airdecap (decrypts WEP/WPA capture files).

See all wireless tools, and password crackers

GUI Interface
Superscan : A Windows-only port scanner, pinger, and resolver
SuperScan is a free Windows-only closed-source TCP/UDP port scanner by Foundstone. It includes a variety of additional networking tools such as ping, traceroute, http head, and whois.

See all port scanners

Command-line interface
Source code
Netfilter : The current Linux kernel packet filter/firewall
Netfilter is a powerful packet filter implemented in the standard Linux kernel. The userspace iptables tool is used for configuration. It now supports packet filtering (stateless or stateful), all kinds of network address and port translation (NAT/NAPT), and multiple API layers for 3rd party extensions. It includes many different modules for handling unruly protocols such as FTP. For other UNIX platforms, see Openbsd PF (OpenBSD specific), or IP Filter. Many personal firewalls are available for Windows (Tiny,Zone Alarm, Norton, Kerio, ...), though none made this list. Microsoft included a very basic firewall in Windows XP SP2, and will nag you incessantly until you install it.

See all firewalls

Command-line interface
GUI Interface
Sysinternals : An extensive collection of powerful windows utilities
Sysinternals provides many small windows utilities that are quite useful for low-level windows hacking. Some are free of cost and/or include source code, while others are proprietary. Survey respondents were most enamored with:
  • ProcessExplorer for keeping an eye on the files and directories open by any process (like LSoF on UNIX).
  • PsTools for managing (executing, suspending, killing, detailing) local and remote processes.
  • Autoruns for discovering what executables are set to run during system boot up or login.
  • RootkitRevealer for detecting registry and file system API discrepancies that may indicate the presence of a user-mode or kernel-mode rootkit.
  • TCPView, for viewing TCP and UDP traffic endpoints used by each process (like Netstat on UNIX).
Update: Microsoft acquired Sysinternals in July 2006, promising that “Customers will be able to continue building on Sysinternals' advanced utilities, technical information and source code”. Less than four months later, Microsoft removed most of that source code. Future product direction is uncertain.

See all rootkit detectors

GUI Interface
Retina : Commercial vulnerability assessment scanner by eEye
Like Nessus, Retina's function is to scan all the hosts on a network and report on any vulnerabilities found. It was written by eEye, who are well known for their security research.

See all vulnerability scanners

Are You Planning on Quitting Facebook? Why?


About Me

My Photo
Shashank Krishna
Bangalore, up, India
nothin much to say.........doin in IIIT allahabad loves bloggingn hacking.... :) and loooves blogging
View my complete profile