Information Gathering is the first process when you try to hack(ethically or unethically) your target network or server and it includes port scanning. One of the best port scanning tools everyone recommends is NMAP. This is an awesome tool and I personally use this tool. It was developed by Fyodor and it's a free tool. You can download it from insecure.org.
If you want to learn and master this tool, insecure.org is the only place I suggest. All details like reference guide, installation guide, books and documents for NMAP are available here. That's why I recommend this site. This tool is available in command line as well as in Graphical. Always go for command line tool because you cannot completely utilize the features if you use graphical tool.
There are only few sites which maintains the database of hacking tools, Insecure is one among them. Here you can find Top 100 network security tools(2006 survey). Fyodor asked users from the nmap-hackers mailing list to share their favorite tools, and 3,243 people responded. The tools mentioned here are mostly attacking tools rather than defensive ones.
Security mailing list is available here and it covers more topics. The below given are the mailing list details:
Nmap Hackers -- Moderated list for announcements, patches, and light discussion regarding the Nmap Security Scanner and related projects.
Nmap Development -- Unmoderated technical development forum for debating ideas, patches, and suggestions regarding proposed changes to Nmap and related projects.
Bugtraq -- The premier general security mailing list. Vulnerabilities are often announced here first, so check frequently!
Full Disclosure -- An unmoderated high-traffic forum for disclosure of security information. Fresh vulnerabilities sometimes hit this list many hours before they pass through the Bugtraq moderation queue. The relaxed atmosphere of this quirky listprovides some comic relief and certain industry gossip. Unfortunately 80% of the posts are worthless drivel, so finding the gems takes patience.
Security Basics -- A high-volume list which permits people to ask "stupid questions" without being derided as "n00bs". I recommend this list to network security newbies, but be sure to read Bugtraq and other lists as well.
Penetration Testing -- While this list is intended for "professionals", participants frequenly disclose techniques and strategies that would be useful to anyone with a practical interest in security and network auditing.
Info Security News -- Carries news items (generally from mainstream sources) that relate to security.
Firewall Wizards -- Tips and tricks for firewall administrators
Incidents -- Lightly moderated list for discussing actual security incidents (unexplained probes, breakins, etc). Topics include information about new rootkits, backdoors, trojans, virus and worms.
Vulnerability Development -- A moderated list for discussing possible security issues and devising exploits for them.
IDS Focus -- Technical discussion about Intrusion Detection Systems. You can also read the archives of a previous IDS list
Web App Security -- Provides insights on the unique challenges which make web applications notoriously hard to secure.
Daily Dave -- This technical discussion list covers vulnerability research, exploit development, and security events/gossip. It was started by ImmunitySec founder Dave Aitel and many security luminaries particpate. Many posts simply advertise Immunity products, but you can't really fault Dave for being self-promotional on a list named DailyDave.
Honeypots -- Discussions about tracking attackers by setting up decoy honeypots or entire honeynet networks.
MS Sec Notification -- Beware that MS often uses these security bulletins as marketing propaganda to downplay serious vulnerabilities in their products -- note how most have a prominent and often-misleading "mitigating factors" section.
Politech -- Journalist Declan McCullagh's list of news updates relating to politics and technology
The RISKS Forum -- Peter G. Neumann moderates this regular digest of current events which demonstrate risks to the public in computers and related systems. Security risks are often discussed.
Another important section here is http://insecure.org/fyodor/ . It's all about Fyodor. We need to thank this guy for giving this great tool free of cost. The reason why i mentioned this as important is the books authored and co-authored by Fyodor. Have a look and purchase these books. There is a book called "NMAP Network Scanning", official guide to NMAP written byFyodor. It is simply great and very informative.
If you want to learn and master this tool, insecure.org is the only place I suggest. All details like reference guide, installation guide, books and documents for NMAP are available here. That's why I recommend this site. This tool is available in command line as well as in Graphical. Always go for command line tool because you cannot completely utilize the features if you use graphical tool.
There are only few sites which maintains the database of hacking tools, Insecure is one among them. Here you can find Top 100 network security tools(2006 survey). Fyodor asked users from the nmap-hackers mailing list to share their favorite tools, and 3,243 people responded. The tools mentioned here are mostly attacking tools rather than defensive ones.
Security mailing list is available here and it covers more topics. The below given are the mailing list details:
Nmap Hackers -- Moderated list for announcements, patches, and light discussion regarding the Nmap Security Scanner and related projects.
Nmap Development -- Unmoderated technical development forum for debating ideas, patches, and suggestions regarding proposed changes to Nmap and related projects.
Bugtraq -- The premier general security mailing list. Vulnerabilities are often announced here first, so check frequently!
Full Disclosure -- An unmoderated high-traffic forum for disclosure of security information. Fresh vulnerabilities sometimes hit this list many hours before they pass through the Bugtraq moderation queue. The relaxed atmosphere of this quirky listprovides some comic relief and certain industry gossip. Unfortunately 80% of the posts are worthless drivel, so finding the gems takes patience.
Security Basics -- A high-volume list which permits people to ask "stupid questions" without being derided as "n00bs". I recommend this list to network security newbies, but be sure to read Bugtraq and other lists as well.
Penetration Testing -- While this list is intended for "professionals", participants frequenly disclose techniques and strategies that would be useful to anyone with a practical interest in security and network auditing.
Info Security News -- Carries news items (generally from mainstream sources) that relate to security.
Firewall Wizards -- Tips and tricks for firewall administrators
Incidents -- Lightly moderated list for discussing actual security incidents (unexplained probes, breakins, etc). Topics include information about new rootkits, backdoors, trojans, virus and worms.
Vulnerability Development -- A moderated list for discussing possible security issues and devising exploits for them.
IDS Focus -- Technical discussion about Intrusion Detection Systems. You can also read the archives of a previous IDS list
Web App Security -- Provides insights on the unique challenges which make web applications notoriously hard to secure.
Daily Dave -- This technical discussion list covers vulnerability research, exploit development, and security events/gossip. It was started by ImmunitySec founder Dave Aitel and many security luminaries particpate. Many posts simply advertise Immunity products, but you can't really fault Dave for being self-promotional on a list named DailyDave.
Honeypots -- Discussions about tracking attackers by setting up decoy honeypots or entire honeynet networks.
MS Sec Notification -- Beware that MS often uses these security bulletins as marketing propaganda to downplay serious vulnerabilities in their products -- note how most have a prominent and often-misleading "mitigating factors" section.
Politech -- Journalist Declan McCullagh's list of news updates relating to politics and technology
The RISKS Forum -- Peter G. Neumann moderates this regular digest of current events which demonstrate risks to the public in computers and related systems. Security risks are often discussed.
Another important section here is http://insecure.org/fyodor/ . It's all about Fyodor. We need to thank this guy for giving this great tool free of cost. The reason why i mentioned this as important is the books authored and co-authored by Fyodor. Have a look and purchase these books. There is a book called "NMAP Network Scanning", official guide to NMAP written byFyodor. It is simply great and very informative.
0 comments:
Post a Comment