Category:Enumeration
From SecurityForest
Major updates to this page are coming soon (and are welcome)
| Table of contents |
DNS
- dnszone.pl
- dnsenum
- dnsdigger
- ghba
SNMP
- snmputil
- snmpenum
- onesixtyone
: Fast SNMP scanner
- onesixtyone is an SNMP scanning tool that takes a more efficient approach to SNMP scanning. It takes advantage of the fact that SNMP uses connectionless UDP and sends requests as fast as it can, not waiting for a response to each individual request. onesixtyone scans for hosts responding to a user-provided list of community strings, requesting the system.sysDescr.0 MIB value from each target.
- http://www.phreedom.org/solar/onesixtyone/
- Download v0.3.2 (http://www.phreedom.org/solar/onesixtyone/onesixtyone-0.3.2.tar.gz)
- snscan
: Fast and adjustable mass SNMP scanner
- SNScan allows for the scanning of SNMP specific ports (e.g. UDP 161, 193, 391 and 1993) and the use of standard (i.e. "public") as well as user-defined SNMP community names. User-defined community names may be used to more effectively evaluate the presence of SNMP enabled devices in more complex networks.
- http://www.foundstone.com/index.htm?subnav=resources/navigation.htm&subcontent=/resources/proddesc/snscan.htm
- Download v1.5 (http://www.foundstone.com/resources/freetooldownload.htm?file=snscan.zip)
- braa : Quick and dirty mass SNMP scanner
- Braa is a mass snmp scanner. The intended usage of such a tool is of course making SNMP queries - but unlike snmpget or snmpwalk from net-snmp, it is able to query dozens or hundreds of hosts simultaneously, and in a single process. Thus, it consumes very few system resources and does the scanning VERY fast. There is no ASN.1 parser in braa - you HAVE to know the numerical values of OID's (for instance .1.3.6.1.2.1.1.5.0 instead of system.sysName.0).
- http://s-tech.elsat.net.pl/braa/
- Download v0.8 (http://s-tech.elsat.net.pl/braa/braa-0.8.tar.gz)
smb
- NBTScan : Gathers NetBIOS info from Windows networks
- NBTscan is a program for scanning IP networks for NetBIOS name information. It sends NetBIOS status query to each address in supplied range and lists received information in human readable form. For each responded host it lists IP address, NetBIOS computer name, logged-in user name and MAC address.
- http://www.inetcat.net/software/nbtscan.html
- NBTEnum : Enumerates NetBIOS information
- NetBIOS Enumeration Utility v3.0 is a utility for Windows which can be used to enumerate NetBIOS information from one host or a range of hosts. The information that is enumerated includes the account lockout threshold, local groups and users, global groups and users, shares, and more. This utility will also perform password checking with the use of a dictionary file. Runs on Windows NT 4.0/2000/XP.
- Download (http://www.securityforest.com/downloads/NBTEnum30.zip)
- Enum : NetBIOS enumeration tool
- enum is a console-based Win32 information enumeration utility. Using null sessions, enum can retrieve userlists, machine lists, sharelists, namelists, group and member lists, password and LSA policy information. enum is also capable of a rudimentary brute force dictionary attack on individual accounts.
- Download (http://www.securityforest.com/downloads/enum.zip)
- Enum(plus) : Enum+ add Bruce Force crack from enum
- Download (http://www.securityforest.com/downloads/Enum+.zip)
- DumpSec : Somarsoft DumpSec (formerly known as DumpAcl)
- Somarsoft DumpSec is a Windows NT program that will dump the permissions and audit settings for the file system, registry and printers in a consise, readable listbox format, so that "holes" in system security are readily apparent. Somarsoft DumpSec also dumps user/group info. Somarsoft DumpSec is a must-have product for Windows NT systems administrators.
- http://www.systemtools.com/somarsoft
- Download (http://www.securityforest.com/downloads/DUMPSEC.zip)
- nltest
- sid2user, user2sid
- browmon
- getmac
- epdump
IPSec
- ike-scan
: VPN server enumeration and security testing tool
- ike-scan is a tool designed to discover and identify IPSec VPN systems running IKE (Internet Key Exchange) protocol implementations. It employs the fingerprinting technique outlined in this (http://www.nta-monitor.com/ike-scan/whitepaper.pdf) whitepaper for host enumeration. A large fingerprint database is supplied with ike-scan that can identify many vendors VPN implementations. ike-scan also includes a fast pre-shared key cracker and can be used to test for many of the IKE VPN flaws documented in this (http://www.nta-monitor.com/news/vpn-flaws/VPN-Flaws-Whitepaper.pdf) whitepaper.
- http://www.nta-monitor.com/ike-scan/
- Download (http://www.nta-monitor.com/ike-scan/download.htm)
- IKECrack : IKE authentication checker
- IKECrack is an open source IKE/IPSec authentication crack tool. This tool is designed to bruteforce or dictionary attack the key/password used with Pre-Shared-Key IKE authentication. The open source version of this tool is to demonstrate proof-of-concept, and will work with RFC 2409 based aggressive mode PSK authentication.
- http://ikecrack.sourceforge.net/
ldap
- ldp.exe
- Ldapenum :ldapenum is a perl script designed to enumerate system and password information from domain controllers using the LDAP service when IPC$ is locked. The script has been tested on windows and linux.the script is capable of enumerating system and password information from domain controllers. It is also capable of launching clever password attacks that use the enumerated password information to prevent lockouts.
Oracle
- OScanner : Oracle Assessment Framework
- Oscanner is an Oracle assessment framework developed in Java. It has a plugin-based architecture and comes with a couple of plugins that currently do: Sid Enumeration, Passwords tests (common & dictionary), Enumerate Oracle version, Enumerate account roles, Enumerate account privileges, Enumerate account hashes, Enumerate audit information, Enumerate password policies, Enumerate database links. The results are given in a graphical Java tree.
- http://www.cqure.net/tools.jsp?id=20
- Metacortex : Database security scanner
- MetaCoretex is an entirely JAVA vulnerability scanning framework which puts special emphasis on databases. Probe objects are written in JAVA by means of an easy to extend AbstractProbe class. Additionally, probe generators make the process of writting simple probes almost automagic
- http://www.metacoretex.com/
Microsoft SQL
- SQLrecon : Database security finder&scanner
- SQLrecon performs both active and passive scans of your network in order to identify all of the SQL Server/MSDE installations in your enterprise. Due to the proliferation of personal firewalls, inconsistent network library configurations, and multiple-instance support, SQL Server installations are becoming increasingly difficult to discover, assess, and maintain.
- http://www.specialopssecurity.com/labs/sqlrecon/
Web
- httprint : Web server fingerprinting tool
- httprint is a web server fingerprinting tool. It relies on web server characteristics to accurately identify web servers, despite the fact that they may have been obfuscated by changing the server banner strings, or by plug-ins such as Apache's mod_security or servermask. httprint can also be used to detect web enabled devices which do not have a server banner string, such as wireless access points, routers, switches, cable modems, etc. httprint uses text signature strings and it is very easy to add signatures to the signature database.
- http://net-square.com/httprint/
- hmap : Web server fingerprinting tool
- hmap is a web server fingerprinting tool written in Python.
- http://ujeni.murkyroc.com/hmap/
SMTP
- smtpscan : SMTP server version detector
- smtpscan is a remote SMTP server version detector. It can be used to guess which mail software is used on a remote server, that may hide its SMTP banner.
- http://www.greyhats.org/outils/smtpscan/
