Penetration Testing / Red Teaming requires the use of a lot of tools. I don’t mind getting called a “script kiddie” because I can accomplish more and faster when I don’t have to code every single task I need to do. This post is to point out companies that make this possible and give a small bit of thanks.
(If you’ve ever tried to convince a company to give something away for free, you can understand how big this really is) Some give a lot, some only one tool, but even one is more than some.
Of course the first is going to be Rapid7 and the Metasploit team:
Other company’s free tools sections:
- Sunera: http://security.sunera.com/p/tools.html
- Immunity Inc: http://immunityinc.com/resources-freesoftware.shtml
- SecureState: http://www.securestate.com/Research%20and%20Innovation/Pages/Tools.aspx
- Core Security: http://corelabs.coresecurity.com/index.php?module=Wiki&action=list&type=tool
- Hex-Rays: http://www.hex-rays.com/products/ida/support/download_freeware.shtml
- Spider Labs: https://www.trustwave.com/spiderLabs-tools.php and https://github.com/SpiderLabs
- RandomStorm: http://www.randomstorm.com/free-security-tools.php
- SensePost: http://www.sensepost.com/labs/tools/pentest
- Mc^H^H Foundstone: http://www.mcafee.com/us/downloads/free-tools/index.aspx
- Stach and Liu: http://www.stachliu.com/resources/tools/
- Secure Ideas: http://www.secureideas.net/publications.php (Projects on the right)
- Buguroo: http://blog.buguroo.com/?cat=6
- IOActive: http://ioactive.com/ioactive_labs_tools.html
- InGuardians: http://www.inguardians.com/tools/
- Aspect Security: https://www.aspectsecurity.com/research/appsec_tools/
- HP: http://bit.ly/SWFScan_New
- NirSoft: http://www.nirsoft.net/
- Joeware: http://www.joeware.net/freetools/
and of course Micros^H^H^H^H^H^H Sys Internals:
If you know of more, please leave a comment below and I’ll add it to the list.