Network auditing
AbuseHelper
AbuseHelper is toolkit for CERT and Abuse teams. It is a modular, (hopefully) scalable and robust framework to help you in your abuse handling. With Abuse Helper you can retrieve Internet Abuse Handling related information via several sources, you can then aggregate that information based on different keys, such as AS numbers or country codes and send out reports in different formats, via different transports and using different timings.
Assuria Auditor
Assuria Auditor provides deep configuration and vulnerability scanning, inventory reporting, compliance assessment and powerful change detection through an extensible and flexible architecture. It provides vital information assurance and protection for critical business servers and helps maintain systems in a secure ‘known state’. Assuria Auditor utlises a comprehensive built-in Knowledge Base of known security vulnerabilities, security control configurations, up to date patch checks and security best practice information to enable organisations to easily bring their IT infrastructures up to high standards of security, especially servers. Internal IT security knowledge or experience is not necessary, because the built-in Assuria Auditor knowledge base includes not only the thousands of individual checks for a wide range of operating platforms, but also explanations of the implications of each vulnerability and step by step instructions on remediation.
BGP Ranking
BGP ranking is a free software and free services to calculate the security ranking of Internet Service Provider (ASN).
Nessus
Nessus is a network scanner that can check for vulnerabilities by attempting to exploit them, rather than using port numbers or banner-grabbing to determine what software is running. This makes it more accurate, but also more heavy-handed, than other scanning tools that assume well-known port numbers. Tests are implemented as plug-ins, which are grouped into families, for example dealing with distributed denial of service tools. Individual plug-ins or families can be installed or not to give good control of what vulnerabilities are scanned for. Plug-ins are frequently updated to cover new vulnerabilities.
Netcat
Netcat is a program to create network connections, TCP or UDP, to or from any port number. It is most commonly used with other commands as part of a script. In the security field it can be used to capture or orginate flows of packets for network or traffic debugging. It can also be used for scanning networks for vulnerable servers, testing firewalls, building proxies, etc.
Nfsen / Nfdump
NfSen is a graphical web based front end for the nfdump netflow tools. NfSen allows you to: Display your netflow data: Flows, Packets and Bytes using RRD (Round Robin Database) Easily navigate through the netflow data Process the netflow data within the specified time span Create history as well as continuous profiles Set alerts, based on various conditions Write your own plugins to process netflow data on a regular interval
Nmap
Nmap is a free network scanner that will check which ports are listening on particular servers. It can perform scans using TCP, UDP or ICMP packets. It can also use fingerprinting techniques to determine which operating system, and often patch level, is running on the server.
SAINT (Security Administrator's Integrated Network Tool)
SAINT is a Vulnerability Assessment Tool, an updated and enhanced version of Wietse Venema's SATAN. SAINT gathers information about remote hosts and networks by examining such network services as finger, NFS, NIS, ftp and tftp, rexd, statd, and other services. It features a graphical user interface. Previously free software, now a commercial product.
SARA (Security Auditor's Research Assistant)
SARA is another derivative of the Security Administrator Tool for Analyzing Networks (SATAN). It remotely probes systems via the network and stores its findings in a database. The results can be viewed with any Level 2 HTML browser that supports the http protocol.
ScanSSH
The ScanSSH protocol scanner from Nils Provos scans a list of addresses and networks for running SSH protocol servers and their version numbers. scanssh protocol scanner supports random selection of IP addresses from large network ranges and is useful for gathering statistics on the deployment of SSH protocol servers in a company or the Internet as whole.
