Nmap Users Favorite Tools!

[Fyodor <fyodor () insecure org>]

I have compiled a list of the favorite tools of nmap-hackers based on your
responses to the recent survey.  Commercial and open source tools were
allowed on any platforms.  I'm pleased to say that almost 2,000 tool
entries were received (each respondant left 0-5).  I took those
entries and combined the counts where neccessary (eg ISS == Internet
Security Scanner).  I took out Nmap since the survey was from the
nmap-hackers list.  Then I grabbed the top 50 tools, and tracked down the
appropriate URLs for each.

I think you guys chose very well!  These are all wonderful tools, and I
think anyone in the security field would be well advisted to go over the
list and investigate any tools they are unfamiliar with.  I'm going to put
this up on Insecure.Org and also point newbies to it whenever they write
me saying "I don't know where to start".  Maybe at some point we should do
a survey for the most popular papers.

You'll note that the list has a '--' at the end of each line.  I was going
to put a short description of each tool there.  But I ran out of stamina
after making the list and tracking down all the URLs.  If anyone wants to
take on the task of summarizing each tool, that would be greatly
appreciated.  Send your results to the list.  I'll also use them when I
put this up on the Web.  Note that in many cases you can probably crib the
summaries from freshmeat.net or near the top of the URLs indicated.

Without further ado, here are your 50 favorite tools (starting with the
most popular):

Nessus -- http://www.nessus.org --
Netcat -- http://www.l0pht.com/~weld/netcat/ (unofficial site) --
Tcpdump -- http://www.tcpdump.org --
Snort -- http://www.snort.org --
SAINT -- http://www.wwdsi.com/saint/ --
Ethereal -- http://ethereal.zing.org/ --
Whisker -- http://www.wiretrip.net/rfp/p/doc.asp?id=21&iface=2 --
Internet Security Scanner -- www.iss.net (COMMERCIAL) --
Abacus Portsentry -- http://www.psionic.com/abacus/portsentry/ --
DSniff -- http://naughty.monkey.org/~dugsong//dsniff/ --
Tripwire -- http://www.tripwire.com/ (COMMERCIAL) --
Cybercop Scanner -- http://www.pgp.com/asp_set/products/tns/ccscanner_intro.asp (COMMERCIAL) --
Hping2 -- http://www.kyuzz.org/antirez/hping/ --
SARA -- http://www-arc.com/sara/ --
Sniffit -- http://reptile.rug.ac.be/~coder/sniffit/sniffit.html --
SATAN -- http://www.fish.com/satan/ --
IPFilter -- http://coombs.anu.edu.au/ipfilter/ --
ipfwadm/ipchains/netfilter/iptables -- http://netfilter.kernelnotes.org/ --
Firewalk -- http://www.packetfactory.net/Projects/Firewalk/  --
Strobe -- http://www.insecure.org/nmap/index.html#other (unofficial site) --
L0pht Crack -- http://www.l0pht.com/l0phtcrack/ (COMMERCIAL) --
John The Ripper -- http://www.openwall.com/john/ --
Hunt -- http://www.cri.cz/kra/index.html#HUNT --
OpenSSH -- http://www.openssh.com/ --
tcp wrappers -- ftp://ftp.porcupine.org/pub/security/index.html --
SSH -- http://www.ssh.com/commerce/index.html (some versions COMMERCIAL) --
Ntop -- http://www.ntop.org --
traceroute/ping/telnet/NAT -- http://www.linux.com (or most other UNIX) --
scanlogd -- http://www.openwall.com/scanlogd/ --
sam spade -- http://www.samspade.org/ --
NFR -- http://www.nfr.com (COMMERCIAL) --
logcheck -- http://www.psionic.com/abacus/logcheck/ --
Shadow -- ftp://piast.t19.ds.pwr.wroc.pl/pub/linux/shadow/shadow-current.tar.gz --
Perl -- http://www.perl.org --
Ngrep -- http://www.packetfactory.net/Projects/ngrep/ --
Cheops -- http://www.marko.net/cheops/ --
Vetescan -- http://www.self-evident.com/ --
Retina -- http://www.eeye.com/html/Products/Retina.html --
Libnet -- http://www.packetfactory.net/libnet/ --
crack -- http://www.users.dircon.co.uk/~crypto/ --
Cerberus Internet Scanner -- http://www.cerberus-infosec.co.uk/cis.shtml --
Swatch -- http://www.stanford.edu/~atkins/swatch/ --
OpenBSD -- http://www.openbsd.org --
Nemesis -- http://www.packetfactory.net/Projects/nemesis/  --
LSOF -- ftp://vic.cc.purdue.edu/pub/tools/unix/lsof/ --
Lids -- http://www.turbolinux.com.cn/lids/ --
IPTraf -- http://cebu.mozcom.com/riker/iptraf/ --
IPLog -- http://ojnk.sourceforge.net/ --
Fragrouter -- http://www.anzen.com/research/nidsbench/ --
Queso -- http://www.apostols.org/projectz/queso/ --