HACK USING GOOGLE
by Mahendra Reddy
Google search engine can be used to hack into remote servers or gather confidential or sensitive information which are not visible through common searches.
Google is the world’s most popular and powerful search engine. It has the ability to accept pre-defined commands as inputs which then produces unbelievable results.
Google’s Advanced Search Query Syntax
Discussed below are various Google’s special commands and I shall be explaining each command in brief and will show how it can be used for getting confidential data.
[ intitle: ]
The “intitle:” syntax helps Google restrict the search results to pages containing that word in the title.
intitle: login password
will return links to those pages that has the word "login" in their title, and the word "password" anywhere in the page.
Similarly, if one has to query for more than one word in the page title then in that case “allintitle:” can be used instead of “intitle” to get the list of pages containing all those words in its title.
intitle: login intitle: password
is same as
allintitle: login password
[ inurl: ]
The “inurl:” syntax restricts the search results to those URLs containing the search keyword. For example: “inurl: passwd” (without quotes) will return only links to those pages that have "passwd" in the URL.
Similarly, if one has to query for more than one word in an URL then in that case “allinurl:” can be used instead of “inurl” to get the list of URLs containing all those search keywords in it.
allinurl: etc/passwd
will look for the URLs containing “etc” and “passwd”. The slash (“/”) between the words will be ignored by Google.
[ site: ]
The “site:” syntax restricts Google to query for certain keywords in a particular site or domain.
exploits site:hackingspirits.com
will look for the keyword “exploits” in those pages present in all the links of the domain “hackingspirits.com”. There should not be any space between “site:” and the “domain name”.
[ filetype: ]
This “filetype:” syntax restricts Google search for files on internet with particular extensions (i.e. doc, pdf or ppt etc).
filetype:doc site:gov confidential
will look for files with “.doc” extension in all government domains with “.gov” extension and containing the word “confidential” either in the pages or in the “.doc” file. i.e. the result will contain the links to all confidential word document files on the government sites.
[ link: ]
“link:” syntax will list down webpages that have links to the specified webpage.
link:www.expertsforge.com
will list webpages that have links pointing to the SecurityFocus homepage. Note there can be no space between the "link:" and the web page url.
[ related: ]
The “related:” will list web pages that are "similar" to a specified
web page.
related:www.expertsforge.com
will list web pages that are similar to the Securityfocus homepage. Note there can be no space between the "related:" and the web page url.
[ cache: ]
The query “cache:” will show the version of the web page that Google
has in its cache.
cache:www.hackingspirits.com
will show Google's cache of the Google homepage. Note there can be no space between the "cache:" and the web page url.
If you include other words in the query, Google will highlight those words within the cached document.
cache:www.hackingspirits.com guest
will show the cached content with the word "guest" highlighted.
[ intext: ]
The “intext:” syntax searches for words in a particular website. It ignores links or URLs and page titles.
intext:exploits
will return only links to those web pages that has the search keyword "exploits" in its webpage.
[ phonebook: ]
“phonebook” searches for U.S. street address and phone number information.
phonebook:Lisa+CA
will list down all names of person having “Lisa” in their names and located in “California (CA)”. This can be used as a great tool for hackers incase someone want to do dig personal information for social engineering.
Google Hacks
Well, the Google’s query syntaxes discussed above can really help people to precise their search and get what they are exactly looking for.
Now Google being so intelligent search engine, hackers don’t mind exploiting its ability to dig much confidential and secret information from the net which they are not supposed to know. Now I shall discuss those techniques in details how hackers dig information from the net using Google and how that information can be used to break into remote servers.
Index Of
Using “Index of ” syntax to find sites enabled with Index browsing
A webserver with Index browsing enabled means anyone can browse the webserver directories like ordinary local directories. The use of “index of” syntax to get a list links to webserver which has got directory browsing enabled will be discussd below. This becomes an easy source for information gathering for a hacker. Imagine if the get hold of password files or others sensitive files which are not normally visible to the internet. Below given are few examples using which one can get access to many sensitive information much easily.
Index of /admin
Index of /passwd
Index of /password
Index of /mail
"Index of /" +passwd
"Index of /" +password.txt
"Index of /" +.htaccess
"Index of /secret"
"Index of /confidential"
"Index of /root"
"Index of /cgi-bin"
"Index of /credit-card"
"Index of /logs"
"Index of /config"
Looking for vulnerable sites or servers using “inurl:” or “allinurl:”
a. Using “allinurl:winnt/system32/” (without quotes) will list down all the links to the server which gives access to restricted directories like “system32” through web. If you are lucky enough then you might get access to the cmd.exe in the “system32” directory. Once you have the access to “cmd.exe” and is able to execute it.
b. Using “allinurl:wwwboard/passwd.txt”(without quotes) in the Google search will list down all the links to the server which are vulnerable to “WWWBoard Password vulnerability”. To know more about this vulnerability you can have a look at the following link:
http://www.securiteam.com/exploits/2BUQ4S0SAW.html
c. Using “inurl:.bash_history” (without quotes) will list down all the links to the server which gives access to “.bash_history” file through web. This is a command history file. This file includes the list of command executed by the administrator, and sometimes includes sensitive information such as password typed in by the administrator. If this file is compromised and if contains the encrypted unix (or *nix) password then it can be easily cracked using “John The Ripper”.
d. Using “inurl:config.txt” (without quotes) will list down all the links to the servers which gives access to “config.txt” file through web. This file contains sensitive information, including the hash value of the administrative password and database authentication credentials.
For Example: Ingenium Learning Management System is a Web-based application for Windows based systems developed by Click2learn, Inc. Ingenium Learning Management System versions 5.1 and 6.1 stores sensitive information insecurely in the config.txt file. For more information refer the following
links: http://www.securiteam.com/securitynews/6M00H2K5PG.html
Other similar search using “inurl:” or “allinurl:” combined with other syntax
inurl:admin filetype:txt
inurl:admin filetype:db
inurl:admin filetype:cfg
inurl:mysql filetype:cfg
inurl:passwd filetype:txt
inurl:iisadmin
inurl:auth_user_file.txt
inurl:orders.txt
inurl:"wwwroot/*."
inurl:adpassword.txt
inurl:webeditor.php
inurl:file_upload.php
inurl:gov filetype:xls "restricted"
index of ftp +.mdb allinurl:/cgi-bin/ +mailto
Looking for vulnerable sites or servers using “intitle:” or “allintitle:”
a. Using [allintitle: "index of /root”] (without brackets) will list down the links to the web server which gives access to restricted directories like “root” through web. This directory sometimes contains sensitive information which can be easily retrieved through simple web requests.
b. Using [allintitle: "index of /admin”] (without brackets) will list down the links to the websites which has got index browsing enabled for restricted directories like “admin” through web. Most of the web application sometimes uses names like “admin” to store admin credentials in it. This directory sometimes contains sensitive information which can be easily retrieved through simple web requests.
Other similar search using “intitle:” or “allintitle:” combined with other syntax
intitle:"Index of" .sh_history
intitle:"Index of" .bash_history
intitle:"index of" passwd
intitle:"index of" people.lst
intitle:"index of" pwd.db
intitle:"index of" etc/shadow
intitle:"index of" spwd
intitle:"index of" master.passwd
intitle:"index of" htpasswd
intitle:"index of" members OR accounts
intitle:"index of" user_carts OR user_cart
allintitle: sensitive filetype:doc
allintitle: restricted filetype :mail
allintitle: restricted filetype:doc site:gov
Other interesting Search Queries
· To search for sites vulnerable to Cross-Sites Scripting (XSS) attacks:
allinurl:/scripts/cart32.exe
allinurl:/CuteNews/show_archives.php
allinurl:/phpinfo.php
To search for sites vulnerable to SQL Injection attacks:
allinurl:/privmsg.php
allinurl:/privmsg.php
info taken from sneaktech
Google is the world’s most popular and powerful search engine. It has the ability to accept pre-defined commands as inputs which then produces unbelievable results.
Google’s Advanced Search Query Syntax
Discussed below are various Google’s special commands and I shall be explaining each command in brief and will show how it can be used for getting confidential data.
[ intitle: ]
The “intitle:” syntax helps Google restrict the search results to pages containing that word in the title.
intitle: login password
will return links to those pages that has the word "login" in their title, and the word "password" anywhere in the page.
Similarly, if one has to query for more than one word in the page title then in that case “allintitle:” can be used instead of “intitle” to get the list of pages containing all those words in its title.
intitle: login intitle: password
is same as
allintitle: login password
[ inurl: ]
The “inurl:” syntax restricts the search results to those URLs containing the search keyword. For example: “inurl: passwd” (without quotes) will return only links to those pages that have "passwd" in the URL.
Similarly, if one has to query for more than one word in an URL then in that case “allinurl:” can be used instead of “inurl” to get the list of URLs containing all those search keywords in it.
allinurl: etc/passwd
will look for the URLs containing “etc” and “passwd”. The slash (“/”) between the words will be ignored by Google.
[ site: ]
The “site:” syntax restricts Google to query for certain keywords in a particular site or domain.
exploits site:hackingspirits.com
will look for the keyword “exploits” in those pages present in all the links of the domain “hackingspirits.com”. There should not be any space between “site:” and the “domain name”.
[ filetype: ]
This “filetype:” syntax restricts Google search for files on internet with particular extensions (i.e. doc, pdf or ppt etc).
filetype:doc site:gov confidential
will look for files with “.doc” extension in all government domains with “.gov” extension and containing the word “confidential” either in the pages or in the “.doc” file. i.e. the result will contain the links to all confidential word document files on the government sites.
[ link: ]
“link:” syntax will list down webpages that have links to the specified webpage.
link:www.expertsforge.com
will list webpages that have links pointing to the SecurityFocus homepage. Note there can be no space between the "link:" and the web page url.
[ related: ]
The “related:” will list web pages that are "similar" to a specified
web page.
related:www.expertsforge.com
will list web pages that are similar to the Securityfocus homepage. Note there can be no space between the "related:" and the web page url.
[ cache: ]
The query “cache:” will show the version of the web page that Google
has in its cache.
cache:www.hackingspirits.com
will show Google's cache of the Google homepage. Note there can be no space between the "cache:" and the web page url.
If you include other words in the query, Google will highlight those words within the cached document.
cache:www.hackingspirits.com guest
will show the cached content with the word "guest" highlighted.
[ intext: ]
The “intext:” syntax searches for words in a particular website. It ignores links or URLs and page titles.
intext:exploits
will return only links to those web pages that has the search keyword "exploits" in its webpage.
[ phonebook: ]
“phonebook” searches for U.S. street address and phone number information.
phonebook:Lisa+CA
will list down all names of person having “Lisa” in their names and located in “California (CA)”. This can be used as a great tool for hackers incase someone want to do dig personal information for social engineering.
Google Hacks
Well, the Google’s query syntaxes discussed above can really help people to precise their search and get what they are exactly looking for.
Now Google being so intelligent search engine, hackers don’t mind exploiting its ability to dig much confidential and secret information from the net which they are not supposed to know. Now I shall discuss those techniques in details how hackers dig information from the net using Google and how that information can be used to break into remote servers.
Index Of
Using “Index of ” syntax to find sites enabled with Index browsing
A webserver with Index browsing enabled means anyone can browse the webserver directories like ordinary local directories. The use of “index of” syntax to get a list links to webserver which has got directory browsing enabled will be discussd below. This becomes an easy source for information gathering for a hacker. Imagine if the get hold of password files or others sensitive files which are not normally visible to the internet. Below given are few examples using which one can get access to many sensitive information much easily.
Index of /admin
Index of /passwd
Index of /password
Index of /mail
"Index of /" +passwd
"Index of /" +password.txt
"Index of /" +.htaccess
"Index of /secret"
"Index of /confidential"
"Index of /root"
"Index of /cgi-bin"
"Index of /credit-card"
"Index of /logs"
"Index of /config"
Looking for vulnerable sites or servers using “inurl:” or “allinurl:”
a. Using “allinurl:winnt/system32/” (without quotes) will list down all the links to the server which gives access to restricted directories like “system32” through web. If you are lucky enough then you might get access to the cmd.exe in the “system32” directory. Once you have the access to “cmd.exe” and is able to execute it.
b. Using “allinurl:wwwboard/passwd.txt”(without quotes) in the Google search will list down all the links to the server which are vulnerable to “WWWBoard Password vulnerability”. To know more about this vulnerability you can have a look at the following link:
http://www.securiteam.com/exploits/2BUQ4S0SAW.html
c. Using “inurl:.bash_history” (without quotes) will list down all the links to the server which gives access to “.bash_history” file through web. This is a command history file. This file includes the list of command executed by the administrator, and sometimes includes sensitive information such as password typed in by the administrator. If this file is compromised and if contains the encrypted unix (or *nix) password then it can be easily cracked using “John The Ripper”.
d. Using “inurl:config.txt” (without quotes) will list down all the links to the servers which gives access to “config.txt” file through web. This file contains sensitive information, including the hash value of the administrative password and database authentication credentials.
For Example: Ingenium Learning Management System is a Web-based application for Windows based systems developed by Click2learn, Inc. Ingenium Learning Management System versions 5.1 and 6.1 stores sensitive information insecurely in the config.txt file. For more information refer the following
links: http://www.securiteam.com/securitynews/6M00H2K5PG.html
Other similar search using “inurl:” or “allinurl:” combined with other syntax
inurl:admin filetype:txt
inurl:admin filetype:db
inurl:admin filetype:cfg
inurl:mysql filetype:cfg
inurl:passwd filetype:txt
inurl:iisadmin
inurl:auth_user_file.txt
inurl:orders.txt
inurl:"wwwroot/*."
inurl:adpassword.txt
inurl:webeditor.php
inurl:file_upload.php
inurl:gov filetype:xls "restricted"
index of ftp +.mdb allinurl:/cgi-bin/ +mailto
Looking for vulnerable sites or servers using “intitle:” or “allintitle:”
a. Using [allintitle: "index of /root”] (without brackets) will list down the links to the web server which gives access to restricted directories like “root” through web. This directory sometimes contains sensitive information which can be easily retrieved through simple web requests.
b. Using [allintitle: "index of /admin”] (without brackets) will list down the links to the websites which has got index browsing enabled for restricted directories like “admin” through web. Most of the web application sometimes uses names like “admin” to store admin credentials in it. This directory sometimes contains sensitive information which can be easily retrieved through simple web requests.
Other similar search using “intitle:” or “allintitle:” combined with other syntax
intitle:"Index of" .sh_history
intitle:"Index of" .bash_history
intitle:"index of" passwd
intitle:"index of" people.lst
intitle:"index of" pwd.db
intitle:"index of" etc/shadow
intitle:"index of" spwd
intitle:"index of" master.passwd
intitle:"index of" htpasswd
intitle:"index of" members OR accounts
intitle:"index of" user_carts OR user_cart
allintitle: sensitive filetype:doc
allintitle: restricted filetype :mail
allintitle: restricted filetype:doc site:gov
Other interesting Search Queries
· To search for sites vulnerable to Cross-Sites Scripting (XSS) attacks:
allinurl:/scripts/cart32.exe
allinurl:/CuteNews/show_archives.php
allinurl:/phpinfo.php
To search for sites vulnerable to SQL Injection attacks:
allinurl:/privmsg.php
allinurl:/privmsg.php
info taken from sneaktech
How to hack locked scraps in ORKUT
by Mahendra Reddy
How To Use this Hack?
There are three ways to use this hack.You can choose the one that best suits you.
a> Login To Your Sandbox Profile and Directly View The Locked Scrapbook
b> Using this Javascript :
* Navigate to the profile which has disallowed non-friends to view his/her scrapbook
* Run this script in the address bar
* javascript:document.location=’http://scraphack.cspbrasil.com/ViewScraps.php?uid=’+encodeURIComponent(location.href);void(0)
* Wait for 4-5 seconds and you will get to see the scraps.
or
c> Userscript (Credits - D3 ) - The Recommended Method because you need not run any script again and again. Kindly follow the instructions stated below:
* Install Grease Monkey in case you don’t have it - Search for it on google (another way to resort to Firefox)
* Install View Locked Scrapbook Script
* In case you have any problems downloading or operating these scripts, you must read this tutorial.
this was taken from geek hack india
There are three ways to use this hack.You can choose the one that best suits you.
a> Login To Your Sandbox Profile and Directly View The Locked Scrapbook
b> Using this Javascript :
* Navigate to the profile which has disallowed non-friends to view his/her scrapbook
* Run this script in the address bar
* javascript:document.location=’http://scraphack.cspbrasil.com/ViewScraps.php?uid=’+encodeURIComponent(location.href);void(0)
* Wait for 4-5 seconds and you will get to see the scraps.
or
c> Userscript (Credits - D3 ) - The Recommended Method because you need not run any script again and again. Kindly follow the instructions stated below:
* Install Grease Monkey in case you don’t have it - Search for it on google (another way to resort to Firefox)
* Install View Locked Scrapbook Script
* In case you have any problems downloading or operating these scripts, you must read this tutorial.
this was taken from geek hack india
How to set Multiple homages
by Mahendra Reddy
Now i am going to give you the wonderful feature that provided by firefox and Internet Explorer.We generally set google as a home page due to its usage and also for its fast loading and if anybody want multiple pages, then how to do?
It is possible with PIPE symbol in keyboard for firefox
1) CLICK ON TOOLS-->OPTIONS-->GENERAL TAB
2)TYPE LIKE BELOW
http://www.google.com|http://www.yahoo.com
3) So if you open firefox, these two sites come into two tabs.
IN IE , we can add each site in a new line on the same path described above.
That's simple.
Get Serial No of any Software using google
by Mahendra Reddy
We can get the serial keys of many soft wares using google search engine, let make a try. This is just for a beginner.
So for beginners this is a simply way to find hack with less effort and it saves time to, But make sure you have anti virus activated before trying to get some Serials, Patches to avoid data loss
Just follow the steps as instructed below
1) Go to http://www.google.com
2) type this syntax in search bar " 94FBR "
3) Replace Product name with desired software and leave a space then type 94FBR
4) Press enter, thats it
Now you receive Many pages which contains Serial no, Crack, Patches....
Just make a try, this simple trick works for many people
So for beginners this is a simply way to find hack with less effort and it saves time to, But make sure you have anti virus activated before trying to get some Serials, Patches to avoid data loss
Just follow the steps as instructed below
1) Go to http://www.google.com
2) type this syntax in search bar " 94FBR "
3) Replace Product name with desired software and leave a space then type 94FBR
4) Press enter, thats it
Now you receive Many pages which contains Serial no, Crack, Patches....
Just make a try, this simple trick works for many people
How to Restart friends phone using sms
by Mahendra Reddy
Here is a new trick to restart ur friends mobile via sms with this trick only 1110,1110i,1112,1100,2100 can be restarted. just type ,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,, ,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,, or 79 inverted commas in text msg and send it to ur friend having cells mention above and see wat happens...
READ THE BELOW POST TO KNOW THE DIFFERENCE BETWEEN HTTP AND HTTPS
HTTP stands for HyperText Transport Protocol, which is just a fancy way of saying it’s a protocol (a language, in a manner of speaking) for information to be passed back and forth between web servers and clients.
The important thing is the letter S which makes the difference between HTTP and HTTPS.
If you visit a website or webpage, and look at the address in the web browser, it will likely begin with the following: http://.
This means that the website is talking to your browser using the regular ‘unsecure’ language. In other words, it is possible for someone to “eavesdrop” on your computer’s conversation with the website. If you fill out a form on the website, someone might see the information you send to that site.This is why you never ever enter your credit card number in an http website! But if the web address begins with https://, that basically means your computer is talking to the website in a secure code that no one can eavesdrop on. You understand why this is so important, right? If a website ever asks you to enter your credit card information, you should automatically look to see if the web address begins with https://. If it doesn’t, there’s no way you’re going to enter sensitive information like a credit card number!
How to Create nameless files and folders in windows
by Mahendra Reddy
This gives you the information about how to create folders with out names
Just follow the following steps:
1.Select any file or folder.
2.Right click on it, press rename or simply press F2.
3.Press and hold the alt key. While holding the Alt key, type numbers 0160 from the numpad.4.Press Enter and the nameless file or folder will be created.
But what if you want to create another nameless file or folder in the same directory ?
For this you will have to rename the file with 2 spaces. Just follow these steps below:
1.Select file, press F2.
2.Hold alt key and type 0160 from the numpad.
3.Release the alt key. Now without doing anything else, again hold alt key and press 0160.
4.Press enter and you will have second nameless file in the same directory.
5.Repeat step 3 to create as many nameless files or folders in the same directory.
1.Select any file or folder.
2.Right click on it, press rename or simply press F2.
3.Press and hold the alt key. While holding the Alt key, type numbers 0160 from the numpad.4.Press Enter and the nameless file or folder will be created.
But what if you want to create another nameless file or folder in the same directory ?
For this you will have to rename the file with 2 spaces. Just follow these steps below:
1.Select file, press F2.
2.Hold alt key and type 0160 from the numpad.
3.Release the alt key. Now without doing anything else, again hold alt key and press 0160.
4.Press enter and you will have second nameless file in the same directory.
5.Repeat step 3 to create as many nameless files or folders in the same directory.
How to change password of windows xp
by Mahendra Reddy
here is way to change the password of WINDOWS OS from command line by entering command line
follow the below steps to do this
1) Start > Run > “cmd” [Enter],
2) type -- "net user user name password" not quotes
(no need of old password)
3) or you can type -- net user username
it will ask for password
that's it
follow the below steps to do this
1) Start > Run > “cmd” [Enter],
2) type -- "net user user name password" not quotes
(no need of old password)
3) or you can type -- net user username
it will ask for password
that's it
How to disable error reporting in WINDOWS
by Mahendra Reddy
This article describes how to stop or disable error reporting in WINDOWS, this is really do annoying in some cases while operating. So this post will give you the disabling information.
This is the screen what generally u could get
. And of course some people may need this report, but maximum NO.So giving you the steps
1) Open Control Panel (Start > Control Panel)
2) Select "System" --> "Advanced" choose "Error reporting"
3} Then move to the option disable error reporting Radio button, by default it is enabled.
That' it
VISTA
1) Right click on my Computer(Desktop) and click properties
2) Click the Advanced Tab
3) You’ll see a “Error reporting” button at the bottom, click it
4) Select Disable Error Reporting.
Almost both are same.
This is the screen what generally u could get
1) Open Control Panel (Start > Control Panel)
2) Select "System" --> "Advanced" choose "Error reporting"
That' it
VISTA
1) Right click on my Computer(Desktop) and click properties
2) Click the Advanced Tab
3) You’ll see a “Error reporting” button at the bottom, click it
4) Select Disable Error Reporting.
Almost both are same.
TOP HACKING TOOLS
by Mahendra Reddy
These are Top Hacking Tools,
Nessus
The “Nessus” Project aims to provide to the internet community a free, powerful, up-to-date and easy to use remote security scanner for Linux, BSD, Solaris, and other flavors of Unix.
Ethereal
Ethereal is a free network protocol analyzer for Unix and Windows. Ethereal has several powerful features, including a rich display filter language and the ability to view the reconstructed stream of a TCP session.
Snort
Snort is an open source network intrusion detection system capable of performing real-time traffic analysis and packet logging on IP networks.
Netcat
Netcat has been dubbed the network swiss army knife. It is a simple Unix utility which reads and writes data across network connections, using TCP or UDP protocol
TCPdump
TCPdump is the most used network sniffer/analyzer for UNIX.TCPtrace analyzes the dump file format generated by TCPdump and other applications.
Hping
Hping is a command-line oriented TCP/IP packet assembler/analyzer, kind of like the “ping” program (but with a lot of extensions).
DNSiff
DNSiff is a collection of tools for network auditing and penetration testing. dsniff, filesnarf, mailsnarf, msgsnarf, urlsnarf, and webspy passively monitor a network for interesting data (passwords, e-mail, files, etc.).
GFI LANguard
GFI LANguard Network Security Scanner (N.S.S.) automatically scans your entire network, IP by IP, and plays the devil’s advocate alerting you to security vulnerabilities.
Ettercap
Ettercap is a multipurpose sniffer/interceptor/logger for switched LAN. It supports active and passive dissection of many protocols (even ciphered ones)and includes many feature for network and host analysis.
Nikto
Nikto is an Open Source (GPL) web server scanner which performs comprehensive tests against webservers for multiple items, including over 2500 potentially dangerous files/CGIs, versions on over 375 servers, and version specific problems on over 230 servers.
John the Ripper
John the Ripper is a fast password cracker, currently available for many flavors of Unix.
OpenSSH
OpenSSH is a FREE version of the SSH protocol suite of network connectivity tools, which encrypts all traffic (including passwords) to effectively eliminate eavesdropping, connection hijacking, and other network-level attacks.
TripWire
Tripwire is a tool that can be used for data and program integrity assurance.
Kismet
Kismet is an 802.11 wireless network sniffer – this is different from a normal network sniffer (such as Ethereal or tcpdump) because it separates and identifies different wireless networks in the area.
NetFilter
NetFilter and iptables are the framework inside the Linux 2.4.x kernel which enables packet filtering, network address translation (NAT) and other packetmangling.
IP Filter
pf
OpenBSD Packet Filter
fport
fport identifys all open TCP/IP and UDP ports and maps them to the owning application.
SAINT
SAINT network vulnerability assessment scanner detects vulnerabilities in your network’s security before they can be exploited.
OpenPGP
OpenPGP is a non-proprietary protocol for encrypting email using public key cryptography. It is based on PGP as originally developed by Phil Zimmermann.
-- This information taken from cracks and hacks blog.
Nessus
The “Nessus” Project aims to provide to the internet community a free, powerful, up-to-date and easy to use remote security scanner for Linux, BSD, Solaris, and other flavors of Unix.
Ethereal
Ethereal is a free network protocol analyzer for Unix and Windows. Ethereal has several powerful features, including a rich display filter language and the ability to view the reconstructed stream of a TCP session.
Snort
Snort is an open source network intrusion detection system capable of performing real-time traffic analysis and packet logging on IP networks.
Netcat
Netcat has been dubbed the network swiss army knife. It is a simple Unix utility which reads and writes data across network connections, using TCP or UDP protocol
TCPdump
TCPdump is the most used network sniffer/analyzer for UNIX.TCPtrace analyzes the dump file format generated by TCPdump and other applications.
Hping
Hping is a command-line oriented TCP/IP packet assembler/analyzer, kind of like the “ping” program (but with a lot of extensions).
DNSiff
DNSiff is a collection of tools for network auditing and penetration testing. dsniff, filesnarf, mailsnarf, msgsnarf, urlsnarf, and webspy passively monitor a network for interesting data (passwords, e-mail, files, etc.).
GFI LANguard
GFI LANguard Network Security Scanner (N.S.S.) automatically scans your entire network, IP by IP, and plays the devil’s advocate alerting you to security vulnerabilities.
Ettercap
Ettercap is a multipurpose sniffer/interceptor/logger for switched LAN. It supports active and passive dissection of many protocols (even ciphered ones)and includes many feature for network and host analysis.
Nikto
Nikto is an Open Source (GPL) web server scanner which performs comprehensive tests against webservers for multiple items, including over 2500 potentially dangerous files/CGIs, versions on over 375 servers, and version specific problems on over 230 servers.
John the Ripper
John the Ripper is a fast password cracker, currently available for many flavors of Unix.
OpenSSH
OpenSSH is a FREE version of the SSH protocol suite of network connectivity tools, which encrypts all traffic (including passwords) to effectively eliminate eavesdropping, connection hijacking, and other network-level attacks.
TripWire
Tripwire is a tool that can be used for data and program integrity assurance.
Kismet
Kismet is an 802.11 wireless network sniffer – this is different from a normal network sniffer (such as Ethereal or tcpdump) because it separates and identifies different wireless networks in the area.
NetFilter
NetFilter and iptables are the framework inside the Linux 2.4.x kernel which enables packet filtering, network address translation (NAT) and other packetmangling.
IP Filter
IP Filter is a software package that can be used to provide network address translation (NAT) or firewall service
OpenBSD Packet Filter
fport
fport identifys all open TCP/IP and UDP ports and maps them to the owning application.
SAINT
SAINT network vulnerability assessment scanner detects vulnerabilities in your network’s security before they can be exploited.
OpenPGP
OpenPGP is a non-proprietary protocol for encrypting email using public key cryptography. It is based on PGP as originally developed by Phil Zimmermann.
-- This information taken from cracks and hacks blog.
