Information Assurance Resources

Federal Agencies

Military IA Sites

Commercial IA Websites

Dictionary Files and Word Lists

• ftp://ftp.cerias.purdue.edu/pub/dict
• ftp://ftp.ox.ac.uk/pub/wordlists
• http://packetstormsecurity.nl/Crackers/wordlists
• http://www.outpost9.com/files/WordLists.html

Default vendor passwords

• http://www.cirt.net/cgi-bin/passwd.pl

General Research Tools

• CERT/CC Vulnerability Notes Database
• ChoicePoint
• Common Vulnerabilities and Exposures
• Google
• Hoover’s business information
• NIST ICAT Metabase
• Sam Spade
• U.S. Securities and Exchange Commission
• Switchboard.com
• U.S. Patent and Trademark Office
• US Search.com
• Yahoo! Finance site

Hacker Resources

• 2600 — The Hacker Quarterly magazine
• Computer Underground Digest
• Hacker t-shirts, equipment, and other trinkets
• Honeypots: Tracking Hackers
• The Online Hacker Jargon File
• PHRACK

Linux

• Bastille Linux hardening utility
• Debian Linux Security Alerts
• Linux Administrator’s Security Guide
• Linux Kernel Updates
• Linux Security Auditing Tool (LSAT)
• Red Hat Linux Security Alerts
• Slackware Linux Security Advisories
• Suse Linux Security Alerts
• Tiger
• VLAD the Scanner

Log Analysis

• LogAnalysis.org system logging resources

Malware

• chkrootkit
• EICAR testing string
• McAfee AVERT Stinger
• Rkdet
• The File Extension Source
• Wotsit’s Format

Messaging

• GFI e-mail security test
• smtpscan
• mailsnarf - Linux version or the Windows version
• Rogue Aware by Akonix

NetWare

• chknull
• Craig Johnson’s BorderManager resources
• NCPQuery
• Novell Product Updates
• Remote
• Rcon program

Networks

• dsniff
• Ethereal network analyzer
• ettercap
• Firewalk
• Firewall Informer
• Foundstone FoundScan
• GFI LANguard Network Scanner
• MAC address vendor lookup
• Nessus vulnerability assessment tool
• Netcat
• NetScanTools Pro all-in-one network testing tool
• Nmap port scanner
• Qualys QualysGuard vulnerability assessment tool
• SuperScan port scanner
• WildPackets EtherPeek

Password Cracking

• John the Ripper
• pwdump2
• NetBIOS Auditing Tool
• Crack
• NTFSDOS Professional
• NTAccess
• TSGrinder

War Dialing

• PhoneSweep
• THC-Scan
• ToneLoc
• ToneLoc Utilities Phun-Pak

Web Applications

• 2600’s Hacked Pages
• BlackWidow
• Flawfinder
• ITS4
• Netcraft
• Nikto
• RATS
• Sanctum AppScan
• Shadow Database Scanner
• SPI Dynamics WebInspect

Windows

• Amap
• DumpSec
• Legion
• Microsoft Office Patches
• Microsoft Security Resources
• Network Users
• Rpcdump
• SMAC MAC address changer
• Vision
• Windows Update Utility for Patching
• Winfo

Wireless Networks

• AirJack
• AirMagnet
• AirSnort
• Cantenna war-driving kit
• Fluke WaveRunner
• Kismet
• Lucent Orinoco Registry Encryption/Decryption program
• Making a wireless antenna from a Pringles can
• NetStumbler
• Pong wireless firmware vulnerability testing program
• Security of the WEP Algorithm
• The Unofficial 802.11 Security Web Page
• Wellenreiter
• WiGLE database of wireless networks
• WildPackets AiroPeek