Capture the Flag: Security Tools and Sites

• Firewall
  • iptables firewall for Linux
• Hacking Game Sites
  • HackThisSite
  • Hacker's Lab
  • Hacker Games
  • Damn Vulnerable Linux
• Intrusion Detection
  • p0f passive OS fingerprinter
  • Snort intrusion detection
• Offensive Tools
  • dsniff
  • ettercap
  • Hijacking Tools
• Scanners
  • nmap scanner
  • Nessus vulnerability scanner
  • Metasploit

• Network Security Tools
  • Netcat 1.1 (see also GNU netcat and socat)
  • PacketFactory Projects (libnet and Nemesis)
  • Wireshark network sniffer
• Software Security
  • Flawfinder static source code analyzer
  • Paros proxy for testing web applications
  • SPIKE fuzz tester
• Web Security
  • OWASP (see Web Goat, Web Scarab, etc.)
  • SQL Injection Attacks by Example
  • Cross-site scripting (read sample chapter)
  • WebGoat (training app)
  • Web Maven (Buggy Bank) (training app)
  • Bad Store (training app)

For more security tools, check the Top 75 Network Security Tools list, the Hacking Exposed tool list, or Packet Storm.

© James Walden, Ph.D.