+ Reply to Thread
Results 1 to 20 of 20
  1. Senior Member 636-555-3226's Avatar
    Join Date
    Jul 2015
    Posts
    863

    Certifications
    Lots of security certifications, yet the more I learn, the further I have to go...
    #1

    Default Free security tools to help you learn

    Lots of people trying to make headway in the infosec world. Many go after certs but lack real-world experience. I decided to make a post listing out free infosec tools that inexperienced people may want to start learning to help them land a job that actually requires them to know something. Most (if not all) of these tools have website or youtube walk-throughs and are all free in some fashion. They’re roughly listed out by topical areas. I also did this off the top of my head from memory, so I’m sure I missed good ones – please leave comments with any additional thoughts and I’ll edit my post to include any other tools you suggest in the below. I’ve put asterisks in front of the ones that are “big” and will take awhile to learn


    ***Windows + Linux command-line experience (I recommend Linux Mint for beginners, but plenty of good choices exist)

    PowerShell basics (lots of tools written in PS now, so it’s good to know the basics, plus MS is phasing out cmd.exe in favor of PS)

    Python basics (some people would also say Ruby – many tools also written in Python, so it’s good to know the basics in case you need to fix something)

    putty

    Wireshark

    tcpdump

    nmap

    netcat

    opendns (helps learn the why & how of web gateways, sort of)

    ***splunk (will take a lot of time to learn, but very popular, lots of high paying splunk jobs. At least learn the basics)

    Nessus vulnerability scanner

    Nipper (aka nessus for network devices)

    Nikto (aka nessus for websites)

    ***Snort or Bro (or both, they’re similar so it’s easy to pick one up after the other – also a very big project to learn, but at least learn the basics)

    Recon-ng (or Maltego, but free version is limited)

    meterpreter

    Veil-Framework

    Mimikatz

    Spiderlabs responder

    Powersploit

    BloodHoundAD’s Bloodhound

    EmpireProject’s Empire

    Dafthack’s mailsniper

    ***Metasploit (includes many of the above tools, many of which are duplicative of each other)

    Some people say to use Kali Linux, but it’s basically just a weak Linux distro with tools (including some of the above) built in. I’d steer you towards a real, maintained Linux distro which you can then use trustedsec’s PenTesters Framework (PTF) to load all your tools on.

    Dafthack’s domainpasswordspray (very easy and lots of fun if you've got AD at work – time to start doing password audits…..)

    John the Ripper or Hashcat (password cracking – fun to do with your Windows/Active Directory passwords)

    clr2of8’s Domain Password Audit Tool (DPAT) – tool to report out the stats of various cracked password dumps (cracked via the tools above - good support for implementing that 20+ character passphrase policy you didn't know you needed until you ran the last three tools)

    THC Hydra (brute force guessing of password login pages/consoles/etc)

    Ettercap or bettercap – network attacks

    Yersinia – network attacks

    ***OWASP ZAP or Burp Suite – web attacks

    BeEF – web attacks

    Sqlmap – web attacks

    Google Santa (not the holiday version) – whitelisting for OSX (if you have a Mac – I’d steer you towards a dedicated [free] Linux distro instead of using a Mac)

    Thinkst’s opencanary (lots of various honeypots/canaries out there, this is one to play with)

    Keepass – most people in IT don’t securely store their passwords – don’t be that guy (very useful once you're rocking your new & unique 20+ character passphrases for 50 different systems)

    Also strongly recommend you find the developers of the above tools and follow them on Twitter. I hate Twitter but have to admit that in terms of keeping up-to-date with new types of tools, Twitter's the best way to follow that kind of stuff.

    What’d I miss?
    Reply With Quote Quote  

  2. SS -->
  3. Member
    Join Date
    Nov 2016
    Location
    Iowa
    Posts
    62

    Certifications
    OSCP, CISSP, Sec+
    #2
    I would definitely not steer someone clear from Kali Linux. It has a huge list of free tools to use in a controlled system. Is that a substitute for maintaining a full linux box? No, but it's a great place to learn and even use regularly.
    -------------------------------------------------------
    Security Engineer/Analyst/Geek, Pen Testing
    Reply With Quote Quote  

  4. Senior Member Moldygr33nb3an's Avatar
    Join Date
    Jul 2016
    Posts
    193

    Certifications
    A+, Network+, Security+, Project+, CSA+, CASP, CEHv9, CCNET, CCNA R&S
    #3
    Great info!
    Working on: CCNA - Security

    All your certifications are belong to us.
    Reply With Quote Quote  

  5. They are watching you NetworkNewb's Avatar
    Join Date
    Feb 2015
    Location
    Off the grid
    Posts
    2,565

    Certifications
    A+/Net+/Sec+, CCENT, CCNA:Sec, CCSK, GCIH
    #4
    Yea, I'm personally gonna stick with just Kali for testing/playing around. That PTF looks like it could be nice for someone who actually does Pentesting though.

    Good list. I'm starting using to a home lab more and will definitely look at this list for ideas. Thank you
    Reply With Quote Quote  

  6. Senior Member
    Join Date
    Dec 2015
    Location
    USA
    Posts
    535

    Certifications
    CISSP, B.S.-IT, A.A.S.-Computer Forensics & Security, CSA+, A+, Network+, Security+, Six-Sigma, Solarwinds SCP
    #5
    Awesome. Thanks. I have used many of those in the past but when I try to lab it seems I see a shiny thing and get distracted...lol. I need a structured guidance to follow through to learn. If I set my own path I tend to stray too much.
    Reply With Quote Quote  

  7. Senior Member chrisone's Avatar
    Join Date
    Nov 2009
    Location
    Los Angeles
    Posts
    1,569

    Certifications
    SilentBreakSecurity - DarkSideOps, CISSP, CCDP, CCNP R/S, CCNP Security (Secure, FW) , C|EH , PA ACE
    #6
    Good list, interesting ideas you have though. I am not trying to be a negative nancy here but.....

    Dafthack’s domainpasswordspray (very easy and lots of fun if you've got AD at work – time to start doing password audits…..) Ugh do NOT do this on your work environment! You will lock out accounts. Plus...YOU DO NOT TEST or F' WITH PRODUCTION ENVIRONMENT.
    Github: DomainPasswordSpray is a tool written in PowerShell to perform a password spray attack against users of a domain. By default it will automatically generate the userlist from the domain. BE VERY CAREFUL NOT TO LOCKOUT ACCOUNTS!

    John the Ripper or Hashcat (password cracking – fun to do with your Windows/Active Directory passwords) Highly Illegal in the USA if you plan on doing this at work with users passwords. Quick way for you to get fired or sued.

    Please don't take this the hard way or as any criticism. With great power comes great responsibility
    Last edited by chrisone; 03-09-2017 at 05:37 PM.
    2017 Goals: Dark Side OPS: Custom Pentesting (complete), eCPPT (in progress), LFCS (in progress), OSCP
    Reply With Quote Quote  

  8. Senior Member 636-555-3226's Avatar
    Join Date
    Jul 2015
    Posts
    863

    Certifications
    Lots of security certifications, yet the more I learn, the further I have to go...
    #7
    The password spray automatically queries AD to determine the lockout threshold then it attempts to stay under that threshold. My red team's been using it since it was released and it stays under the threshold with no issue. The text there is the standard disclaimer of all security tools - buyer bewar, this could break stuff. Always possible there's a problem, but my experience has been 100% positive. Try using it before you knock it.

    jtr & hashcat aren't illegal. Everybody's work environment is different, but most mid/large companies (and many small) have disclaimers plastered somewhere that say you don't have any expectation of privacy on anything you do at work & everything you do/use belongs to your employer. This typically means that your work password belongs to your work, not you.

    Keep in mind everybody - these are tools meant to help newbies learn how infosec works. this isn't a "tools to start using at your work to defend it and find its weaknesses" post. as with any new person learning the ropes - you should be running these things in a demo/test environment, not on your work computer tied into your work infrastructure. if i caught someone in my company running nmap scans and they weren't on my team, well, let's just stay we'd have a joint meeting with that person & our HR director to talk about acceptable use of work assets!
    Reply With Quote Quote  

  9. Senior Member chrisone's Avatar
    Join Date
    Nov 2009
    Location
    Los Angeles
    Posts
    1,569

    Certifications
    SilentBreakSecurity - DarkSideOps, CISSP, CCDP, CCNP R/S, CCNP Security (Secure, FW) , C|EH , PA ACE
    #8
    That's a fair response. I agree AD passwords are part of the company's intellectual property. It is a very thin line of ethics, cracking users password though. As for the password spay, no I have not used it on a production environment. I will take your word for it. Id rather just check the AD settings for lockout threshold But that's depending on your job role/engagement etc.

    Once again, great job on the list though.
    Last edited by chrisone; 03-09-2017 at 08:07 PM.
    2017 Goals: Dark Side OPS: Custom Pentesting (complete), eCPPT (in progress), LFCS (in progress), OSCP
    Reply With Quote Quote  

  10. Member
    Join Date
    Jun 2015
    Location
    UK
    Posts
    62

    Certifications
    MCSA:Cloud, O365, W7, ITIL-F, CCENT, VCP5-DCV, A+, N+, Stor+
    #9
    Thanks for the list, something to get into
    Reply With Quote Quote  

  11. Junior Member
    Join Date
    Sep 2016
    Posts
    15

    Certifications
    Security+, Associate of ISC2
    #10
    I've actually been looking for a list like this. Thank you
    Reply With Quote Quote  

  12. Junior Member Registered Member
    Join Date
    Sep 2010
    Posts
    1
    #11
    Thanks for the list. I've been a sysadmin for years and just started looking at infosec. While I've used a bunch of these tools, there are lots more that I haven't even heard of.
    Reply With Quote Quote  

  13. Senior Member
    Join Date
    Dec 2015
    Location
    Quebec, Canada
    Posts
    231

    Certifications
    A+, Network+, Linux+, HP APS, VCP 3-4-5-6, VSP,VTSP, SSCP, Veeam VMCE
    #12
    Thank you for the list!
    Reply With Quote Quote  

  14. Senior Member BuzzSaw's Avatar
    Join Date
    Jul 2016
    Posts
    193

    Certifications
    CEH | SSCP | VCP6 | VCP-NV | VCP-Cloud | VCP6-NV | VCP5-DCV | VCP4 | MCTS | MCP
    #13
    Quote Originally Posted by 636-555-3226 View Post
    The password spray automatically queries AD to determine the lockout threshold then it attempts to stay under that threshold. My red team's been using it since it was released and it stays under the threshold with no issue. The text there is the standard disclaimer of all security tools - buyer bewar, this could break stuff. Always possible there's a problem, but my experience has been 100% positive. Try using it before you knock it.

    jtr & hashcat aren't illegal. Everybody's work environment is different, but most mid/large companies (and many small) have disclaimers plastered somewhere that say you don't have any expectation of privacy on anything you do at work & everything you do/use belongs to your employer. This typically means that your work password belongs to your work, not you.

    Keep in mind everybody - these are tools meant to help newbies learn how infosec works. this isn't a "tools to start using at your work to defend it and find its weaknesses" post. as with any new person learning the ropes - you should be running these things in a demo/test environment, not on your work computer tied into your work infrastructure. if i caught someone in my company running nmap scans and they weren't on my team, well, let's just stay we'd have a joint meeting with that person & our HR director to talk about acceptable use of work assets!

    TOTALLY agree.

    I have literally seen someone take down a production network after watching a quick youtube video on ARPSPOOFING ..... they had little idea on what was actually going on.

    At any rate, you are spot on. Corporate level password audits have proven to be legal for years now. It's sort of a gray area in terms of ethics, but from a legal standpoint, it is what it is.
    Reply With Quote Quote  

  15. Senior Member xxxkaliboyxxx's Avatar
    Join Date
    Dec 2013
    Location
    Austin, Texas
    Posts
    410

    Certifications
    GCIH, C|EH, Sec+, eJPT, SCCC
    #14
    SecTools.Org Top Network Security Tools

    Good resource for tools by rank and mailing lists.
    Studying: LFCS
    Reading
    : Python Crash Course
    Upcoming Exam: GWAPT

    https://realworlditsecurity.wordpress.com
    Reply With Quote Quote  

  16. Senior Member
    Join Date
    Nov 2006
    Location
    Silicon Hills, Texas
    Posts
    109

    Certifications
    CISSP, ITIL, Masters of Science in Information Assurance
    #15
    Bro, Burp - add those to your list...unless they are there...I may have missed them!
    Reply With Quote Quote  

  17. Member
    Join Date
    Jan 2017
    Posts
    96
    #16
    Quote Originally Posted by BuzzSaw View Post
    TOTALLY agree.

    I have literally seen someone take down a production network after watching a quick youtube video on ARPSPOOFING ..... they had little idea on what was actually going on.

    At any rate, you are spot on. Corporate level password audits have proven to be legal for years now. It's sort of a gray area in terms of ethics, but from a legal standpoint, it is what it is.

    LOL...i couldn't help but laugh!
    Reply With Quote Quote  

  18. Member
    Join Date
    Sep 2013
    Posts
    98
    #17

    Default Fantastic

    Android gem of a contribution. Thanks a lot for detailed post. I was looking for this info and it took me over 2 weeks of painful dissection and search.
    Only an idiot will try to run such tools in office without getting permission first.
    Reply With Quote Quote  

  19. Junior Member Registered Member
    Join Date
    Jun 2017
    Location
    Tunisia
    Posts
    3

    Certifications
    CCNA,ISO 27001 Lead Auditor
    #18
    Excellent
    Reply With Quote Quote  

  20. Senior Member
    Join Date
    Jul 2015
    Posts
    435
    #19
    Webgoat. Not exactly a tool (depending on your definition of tool), but it's very useful for getting practice with the above list of tools.
    Reply With Quote Quote  

  21. Senior Member
    Join Date
    Jul 2012
    Location
    Internet
    Posts
    160

    Certifications
    ITIL V3, Prince2, COBIT, CISA, CISSP
    #20
    YARA? Is that considered analysis tool or can be used for training.
    Reply With Quote Quote  

+ Reply to Thread

Social Networking & Bookmarks