Showing posts with label best tools. Show all posts
Showing posts with label best tools. Show all posts

Tuesday, August 20, 2019

Malicious Software Removal Tool / Safety Scanner - Microsoft


Malicious Software Removal Tool (MSRT) :

                                                                 helps keep Windows computers free from prevalent malware. MSRT finds and removes threats and reverses the changes made by these threats. MSRT is generally released monthly as part of Windows Update or as a standalone tool available here for download.



Use this tool:
  • If you have automatic updates for Windows turned off. Windows Update automatically downloads and runs MSRT in the background.
  • If you suspect an infection from prevalent malware families
  • To complement your antimalware product.

MSRT targets prevalent malware families only.

Download Link :

https://www.microsoft.com/en-us/download/details.aspx?id=16

Microsoft Safety Scanner:


is a scan tool designed to find and remove malware from Windows computers. Simply download it and run a scan to find malware and try to reverse changes made by identified threats.


Safety Scanner only scans when manually triggered and is available for use 10 days after being downloaded. We recommend that you always download the latest version of this tool before each scan.

Download 

Wednesday, July 24, 2019

Free / Open-Source tools for Kubernetes Security Audit

kube-hunter:

                   is an open-source tool that hunts for security issues in your Kubernetes clusters. It’s designed to increase awareness and visibility of the security controls in Kubernetes environments.



kube-hunter is available as a container (aquasec/kube-hunter), and we also offer a web site at kube-hunter.aquasec.com where you can register online to receive a token allowing you see and share the results online. You can also run the Python code yourself as described below.

Contribute: We welcome contributions, especially new hunter modules that perform additional tests. If you would like to develop your own modules please read Guidelines For Developing Your First kube-hunter Module.





Ref link : https://kube-hunter.aquasec.com/

kube-bench:

                  is a Go application that checks whether Kubernetes is deployed securely by running the checks documented in the CIS Kubernetes Benchmark.

"An objective, consensus-driven security guideline for the Kubernetes Server Software."


Note that it is impossible to inspect the master nodes of managed clusters, e.g. GKE, EKS and AKS, using kube-bench as one does not have access to such nodes, although it is still possible to use kube-bench to check worker node configuration in these environments.

Tests are configured with YAML files, making this tool easy to update as test specifications evolve.


Sample Output:
 





CIS Kubernetes Benchmark support

kube-bench supports the tests for Kubernetes as defined in the CIS Benchmarks 1.0.0 to 1.4.0 respectively.

CIS Kubernetes Benchmark kube-bench config Kubernetes versions
1.0.0 1.6 1.6
1.1.0 1.7 1.7
1.2.0 1.8 1.8-1.10
1.3.0 1.11 1.11-1.12
1.4.0 1.13 1.13-

By default kube-bench will determine the test set to run based on the Kubernetes version running on the machine.

 Ref Link :

https://github.com/aquasecurity/kube-bench
https://www.cisecurity.org/benchmark/kubernetes/




Monday, September 5, 2011

Best Open Source Information Security Tools

Open Source Security Assessment Tools


Best - Open Source Security Assessment , Vulnerability Auditing, & Penetration Testing Tools:

1
Stockade Virtual Appliance with Snort, BASE, Inprotect, CACTI, NTOP & Others
2

Nessus

Open source vulnerability assessment tool
3
Snort Intrusion Detection (IDS) tool
4
Wireshark TCP/IP Sniffer- AKA Ethereal
5

WebScarab

Analyze applications that communicate using the HTTP and HTTPS protocols
6
Wikto Web server assessment tool
7
BackTrack Penetration Testing live Linux distribution
8
Netcat The network Swiss army knife
9
Metasploit Framework Comprehensive hacking framework
10
Sysinternals Collection of windows utilities
11
Paros proxy Web application proxy
12
Enum Enumerate Windows information
13
P0F v2 Passive OS identification tool
14
IPPersonality Masquerade IP Stack
15
SLAN Freeware VPN utility
16
IKE Crack IKE/IPSEC cracking utility
17
ASLEAP LEAP cracking tool
18
Karma Wireless client assessment tool- dangerous
19
WEPCrack WEP cracking tool
20
Wellenreiter Wireless scanning application
21

SiteDigger

Great Google hacking tool
22
Several DDOS Tools Distributed Denial of Service(DDOS) tools
23
Achilles Web Proxy Tool
24
Firefox Web Developer Tool Manual web assessment
25
Scoopy Virtual Machine Identification tool
26
WebGoat Learning tool for web application pentests
27
FlawFinder Source code security analyzer
28
ITS4 Source code security analyzer
29
Slint

Source code security analyzer

30
PwDump3 Dumps Windows 2000 & NT passwords
31
Loki ICMP covert channel tool
32
Zodiac DNS testing tool
33
Hunt TCP hijacking tool
34
SniffIT Curses-Based sniffing tool
35
CactiEZ Network traffic analysis ISO
36
Inprotect Web-based Nessus administration tool
37
OSSIM Security Information Management (SIM)
38
Nemesis Command-Line network packet manipulation tool
39
NetDude TCPDump manipulation tool
40
TTY Watcher Terminal session hijacking
41
Stegdetect Detects stego-hidden data
42
Hydan Embeds data within x86 applications
43
S-Tools Embeds data within a BMP, GIF, & WAV Files
44
Nushu Passive covert channel tool
45
Ptunnel Transmit data across ICMP
46
Covert_TCP Transmit data over IP Header fields
47
THC-PBX Hacker PBX Hacking/Auditing Utility
48
THC-Scan Wardialer
49
Syslog-NG MySQL Syslog Service
50

WinZapper

Edit WinNT 4 & Win2000 log files
51
Rootkit Detective Rootkit identification tool
52
Rootkit Releaver Rootkit identification tool
53
RootKit Hunter Rootkit identification tool
54

Chkrootkit

Rootkit identification tool
55
LKM Linux Kernal Rootkit
56
TCPView Network traffic monitoring tool
57
NMAP Network mapping tool
58
Ollydbg Windows unpacker
59
UPX Windows packing application
60
Burneye Linux ELF encryption tool
61

SilkRpoe 2000

GUI-Based packer/wrapper
62
EliteWrap Backdoor wrapper tool
63
SubSeven

Remote-Control backdoor tool

64
MegaSecurity Site stores thousands of trojan horse backdoors
65
Netbus

Backdoor for Windows

66
Back Orfice 2000 Windows network administration tool
67
Tini Backdoor listener similar to Netcat
68

MBSA

Microsoft Baseline Security Analyzer
69
OpenVPN SSL VPN solution
70
Sguil An Analyst Console for network security/log Monitoring
71
Honeyd Create your own honeypot
72
Brutus Brute-force authentication cracker
73
cheops / cheops-ng Maps local or remote networks and identifies OS of machines
74
ClamAV A GPL anti-virus toolkit for UNIX
75
Fragroute/Fragrouter Intrusion detection evasion toolkit
76
Arpwatch Monitor ethernet/IP address pairings and can detect ARP Spoofing
77
Angry IP Scanner Windows port scanner
78
Firewalk Advanced traceroute
79
RainbowCrack Password Hash Cracker
80
EtherApe EtherApe is a graphical network monitor for Unix
81
WebInspect Web application scanner
82
Tripwire File integrity checker
83
Ntop Network traffic usage monitor
84
Sam Spade Windows network query tool
85
Scapy Interactive packet manipulation tool
86
Superscan A Windows-only port scanner
87
Airsnort 802.11 WEP Encryption Cracking Tool
88
Aircrack WEP/WPA cracking tool
89
NetStumbler Windows 802.11 Sniffer
90
Dsniff A suite of powerful network auditing and penetration-testing tools
91
John the Ripper Multi-platform password hash cracker
92
BASE The Basic Analysis and Security Engine- used to manage IDS data
93
Kismet Wireless sniffing tool
94

THC Hydra

Network authentication cracker
95
Nikto Web scanner
96
Tcpdump TCP/IP analysis tool
97

L0phtcrack

Windows password auditing and recovery application
98

Reverse WWW Shell

Shell access across port 80
99
THC-SecureDelete Ensure deleted files are unrecoverable
100
THC-AMAP Application mapping tool