Companies that give back with free tools
Wednesday, June 20, 2012 at 2:34PM Penetration Testing / Red Teaming requires the use of a lot of tools. I don't mind getting called a "script kiddie" because I can accomplish more and faster when I don't have to code every single task I need to do. This post is to point out companies that make this possible and give a small bit of thanks.
(If you've ever tried to convince a company to give something away for free, you can understand how big this really is) Some give a lot, some only one tool, but even one is more than some.
Of course the first is going to be Rapid7 and the Metasploit team:
https://github.com/rapid7/metasploit-framework
Other company's free tools sections:
Sunera: http://security.sunera.com/p/tools.html
Immunity Inc: http://immunityinc.com/resources-freesoftware.shtml
SecureState: http://www.securestate.com/Research%20and%20Innovation/Pages/Tools.aspx
Core Security: http://corelabs.coresecurity.com/index.php?module=Wiki&action=list&type=tool
Hex-Rays: http://www.hex-rays.com/products/ida/support/download_freeware.shtml
Spider Labs: https://www.trustwave.com/spiderLabs-tools.php and https://github.com/SpiderLabs
RandomStorm: http://www.randomstorm.com/free-security-tools.php
SensePost: http://www.sensepost.com/labs/tools/pentest
Mc^H^H Foundstone: http://www.mcafee.com/us/downloads/free-tools/index.aspx
Stach and Liu: http://www.stachliu.com/resources/tools/
Secure Ideas: http://www.secureideas.net/publications.php (Projects on the right)
Buguroo: http://blog.buguroo.com/?cat=6
IOActive: http://ioactive.com/ioactive_labs_tools.html
InGuardians: http://www.inguardians.com/tools/
Aspect Security: https://www.aspectsecurity.com/research/appsec_tools/
NirSoft: http://www.nirsoft.net/
Joeware: http://www.joeware.net/freetools/
and of course Micros^H^H^H^H^H^H Sys Internals:
http://technet.microsoft.com/en-us/sysinternals/bb842062.aspx
If you know of more, please leave a comment below and I'll add it to the list.
Reader Comments (10)
Netresec provide several free network security tools. The most well known one is the sniffer / network forensics tool NetworkMiner. A list of tools from netresec is available here:
http://www.netresec.com/?page=Products
Mandiant has a free tools section as well http://www.mandiant.com/resources/downloads/
There is also Offensive Security with BackTrack Linux. http://www.backtrack-linux.org/ and the metasploit class http://www.offensive-security.com/metasploit-unleashed/Main_Page and exploit DB http://www.exploit-db.com/
I can think of these companies as of now:
Syhunt: http://www.syhunt.com/?n=Sandcat.Sandcat
They give out Sandcat Mini & Sandcat Browser
NTObjectives: http://www.ntobjectives.com/research/free-application-security-tools/
Their NTO SQL Invader is free.
Mandiant: http://www.mandiant.com/resources/downloads/
Tools like Redline, ApateDNS
Imperva: http://www.imperva.com/products/dle_downloads-and-evaluations-overview.html
Tools like Scuba, the Database Vulnerability Scanner
There's a couple more that I've come across who have some good free tools for download that I've used.
http://labs.portcullis.co.uk/tag/tool/ - Portcullis labs, good variety of network and web tools
http://www.contextis.com/research/tools/ - Context IS - CAT and the new Canape tool
http://labs.mwrinfosecurity.com/tools/ - MWR Labs - SAP Metasploit modules and Mercury the Andoid testing tools
http://www.nta-monitor.com/tools-resources/security-tools/ike-scan - NTA Monitor (ike-scan)
Adobe has SWF Investigator to help SWF testing http://labs.adobe.com/downloads/swfinvestigator.html
PwnieExpress -- http://www.pwnieexpress.com/downloads.html
- Pwn Plug community edition
- Pwn Phone community edition
- Raspberry Pwn
nice list Rob! favorited.
http://labs.mwrinfosecurity.com/tools/
ECSC have recently released a GPL OSSEC GUI
https://github.com/ECSC/analogi/downloads
Foundstone/Mcafee for port scanner and other stuff