Nesses , Metasploit and Nmap ( Powerful Tools )!

1. Nesses is a very power ful vulnerabily scanner and it scans very well.
2. Metasploit  is a very powerful framework. we use this for pentesting. it is also a vulnerbility  scanner.
3. Nmap is used to scan open and close ports and operating system detection and all other services.
4. combination of these tools makes target vulnerable
5. collect all the information about   target and atlast
6. Exploit !

Anonym.OS

Anonym.OS was a Live CD operating system based on OpenBSD 3.8 with strong encryption and anonymization tools. The goal of the project was to provide a secure anonymous web browsing access to everyday users. The operating system was OpenBSD 3.8, although many packages have been added to facilitate its goal. It used Fluxbox as its window manager.

Though the project is not updated anymore, successors are “FreeSBIE” and “Incognito” Live CDs.

Wardriving

Wardriving is the act of searching for Wi-Fi wireless networks by a person in a moving vehicle, using a portable computer or PDA.

Software for wardriving is freely available on the Internet, notably NetStumbler or inSSIDer for Windows; Kismet or SWScanner for Linux, FreeBSD, NetBSD, OpenBSD, DragonFly BSD, and Solaris; and KisMac for Macintosh. There are also homebrew wardriving applications for handheld game consoles that support Wi-fi, such as sniff_jazzbox/wardive for the Nintendo DS, Road Dog for the Sony PSP, WiFi-Where for the iPhone, and G-MoN and Wardrive for the Android operating system and WlanPollution for Symbian NokiaS60 devices. There also exists a mode within Metal Gear Solid: Portable Ops for the Sony PSP (wherein the player is able to find new comrades by searching for wireless access points) which can be used to wardrive. Treasure World for the DS is a commercial game in which gameplay wholly revolves around wardriving.

Aircrack-ng

Aircrack-ng is a network software suite consisting of a detector, packet sniffer, WEP and WPA/WPA2-PSK cracker and analysis tool for 802.11 wireless LANs. It works with any wireless network interface controller whose driver supports raw monitoring mode (for a list, visit the website of the project or  ) and can sniff 802.11a, 802.11b and 802.11g traffic. The program runs under Linux and Windows; the Linux version has been ported to the Zaurus and Maemo platforms, and a proof-of-concept port has been made to the iPhone.

In April 2007 a team at the Darmstadt University of Technology in Germany developed a new attack method based on a paper released on the RC4 cypher by Adi Shamir. This new attack, named ‘PTW’, decreases the number of initialization vectors or IVs needed to decrypt a WEP key and has been included in the aircrack-ng suite since the 0.9 release.

Aircrack-ng is a fork of the original Aircrack project.

MD5

In cryptography, MD5 (Message-Digest algorithm 5) is a widely used cryptographic hash function with a 128-bit (16-byte) hash value. Specified in RFC 1321, MD5 has been employed in a wide variety of security applications, and is also commonly used to check the integrity of files. However, it has been shown that MD5 is not collision resistant as such, MD5 is not suitable for applications like SSL certificates or digital signatures that rely on this property. An MD5 hash is typically expressed as a 32-digit hexadecimal number.

MD5 was designed by Ron Rivest in 1991 to replace an earlier hash function, MD4. In 1996, a flaw was found with the design of MD5. While it was not a clearly fatal weakness, cryptographers began recommending the use of other algorithms, such as SHA-1 (which has since been found also to be vulnerable). In 2004, more serious flaws were discovered, making further use of the algorithm for security purposes questionable; specifically, a group of researchers described how to create a pair of files that share the same MD5 checksum. Further advances were made in breaking MD5 in 2005, 2006, and 2007. In an attack on MD5 published in December 2008, a group of researchers used this technique to fake SSL certificate validity. US-CERT of the U. S. Department of Homeland Security said MD5 “should be considered cryptographically broken and unsuitable for further use,” and most U.S. government applications now require the SHA-2 family of hash functions.

John the Ripper

John the Ripper is a free password cracking software tool. Initially developed for the UNIX operating system, it currently runs on fifteen different platforms (11 architecture-specific flavors of Unix, DOS, Win32, BeOS, and OpenVMS). It is one of the most popular password testing/breaking programs as it combines a number of password crackers into one package, autodetects password hash types, and includes a customizable cracker. It can be run against various encrypted password formats including several crypt password hash types most commonly found on various Unix flavors (based on DES, MD5, or Blowfish), Kerberos AFS, and Windows NT/2000/XP/2003 LM hash. Additional modules have extended its ability to include MD4-based password hashes and passwords stored in LDAP, MySQL and others.

Metasploit Project

The Metasploit Project is an open-source computer security project which provides information about security vulnerabilities and aids in penetration testing and IDS signature development. Its most well-known sub-project is the Metasploit Framework, a tool for developing and executing exploit code against a remote target machine. Other important sub-projects include the Opcode Database, shellcode archive, and security research.

The Metasploit Project is also well-known for anti-forensic and evasion tools, some of which are built into the Metasploit Framework.

Metasploit was created by HD Moore in 2003 as a portable network tool using the Perl scripting language. Later, the Metasploit Framework was then completely rewritten in the Ruby programming language and has now become the world’s largest Ruby project, with over 700,000 lines of code. It is most notable for releasing some of the most technically sophisticated exploits to public security vulnerabilities. In addition, it is a powerful tool for third-party security researchers to investigate potential vulnerabilities. On October 21, 2009 the Metasploit Project announced that it had been acquired by Rapid7, a security company that provides unified vulnerability management solutions.

Like comparable commercial products such as Immunity’s Canvas or Core Security Technologies’ Core Impact, Metasploit can be used to test the vulnerability of computer systems to protect them, and it can be used to break into remote systems. Like many information security tools, Metasploit can be used for both legitimate and unauthorized activities. Since the acquisition of the Metasploit Framework, Rapid7 has added two open-core proprietary editions called Metasploit Express and Metasploit Pro.

Metasploit’s emerging position as the de facto vulnerability development framework has led in recent times to the release of software vulnerability advisories often accompanied by a third party Metasploit exploit module that highlights the exploitability, risk, and remediation of that particular bug. Metasploit 3.0 (Ruby language) is also beginning to include fuzzing tools, to discover software vulnerabilities in the first instance, rather than merely writing exploits for currently public bugs. This new avenue has been seen with the integration of the lorcon wireless (802.11) toolset into Metasploit 3.0 in November, 2006.

Nmap

Nmap (Network Mapper) is a security scanner originally written by Gordon Lyon (also known by his pseudonym Fyodor Vaskovich)  used to discover hosts and services on a computer network, thus creating a “map” of the network. To accomplish its goal, Nmap sends specially crafted packets to the target host and then analyzes the responses. Unlike many simple port scanners that just send packets at some predefined constant rate, nmap accounts for the network conditions (latency fluctuations, network congestion, the target interference with the scan) during the run. Also, owing to the large and active user community providing feedback on its features and contributing back, nmap has succeeded to extend its discovery capabilities beyond basic host being up/down or port being open/closed to being able to determine operating system of the target, names and versions of the listening services, estimate uptime, the type of device, presence of the firewall.

Nmap runs on Linux, Microsoft Windows, Solaris, HP-UX and BSD variants (including Mac OS X), and also on AmigaOS and SGI IRIX. Linux is the most popular nmap platform with Windows following it closely.

Sniffer ( Packet analyzer )

A packet analyzer (also known as a network analyzer, protocol analyzer or sniffer, or for particular types of networks, an Ethernet sniffer or wireless sniffer) is a computer program or a piece of computer hardware that can intercept and log traffic passing over a digital network or part of a network. As data streams flow across the network, the sniffer captures each packet and, if needed, decodes and analyzes its content according to the appropriate RFC or other specifications.