Lists of tools for VMWare box
One of the questions that I always have during my classes is: “Can you give me a list of tools that are installed on the VWMare that we use”. So here is it (everything apart from the Microsoft OS is free, evaluation versins or Open Source)
1) Microsoft Develoment Environment:
* IIS with ASP.NET
* Windows 2003 Web edition with SP1
* .Net Framework 1.1
* .Net Framework 2.0
* .Net Framework SDK 2.0
* Visual Studio C# Express
* Visual Studio C++ Express
* Visual Studio Web Developer Express
* MSSQL Server 2005 Express
* MSDN Express Library
2) other non-security windows tools
* Winzip (evaluation)
* FireFox
* Adobe Acrobat Reader
* Java Runtime
* VMWare Tools
* SnagIt (evaluation)
* TrueCrypt
* Eclipse
* Regulator - RegEx builder tool
3) OWASP Tools
* OWASP WebScarab
* OWASP WebGoat
* OSG - OWASP Site Generator
* ORG - OWASP Report Generator
* OWASP Tiger
* CAL 9000
* Sprajax
* offline copy of the
- OWASP Top 10
- OWASP Testing Guide (new one)
- OWASP Guide
4) Network / Infrastructure tools:
* WinPCap & WireShark
* Cain & Able
* Echo Mirage - C++ Tcp Trafic hooking tool
* IIS 6.0 Resource kit (mainly for the IIS Metabase tools: MetaAcl.exe and MtaEdt22.exe)
* MSBA (Microsoft Baseline Security Analyzer)
* Microsoft Threat Modeling tool (both versions)
* Metasploit 2.6 & 3.0
* Nessus
* SysInternals tools:
- Process Explorer
- FileMon
- RegMon
- TCPView
- TDIMon
- DbgView
- TokenMon
- AccessChk
- Autoruns
- Handle
- RootkitRevealer
- WinObj
4) Debuggers
* Microsoft Debugging tools for Windows
* OllyDbg
* PEBrowse Pro
* PEBrowse Debugger
5) Web attack tools
* SQL Power Injector
* GnuCitizen AttackAPI - XSS attack toolkit
* WinHTTrack
* Brutus
* Nikto
6) .Net tools
* Reflector
* Fiddler - Web Proxy
* CLRProfiler 2.0
* FxCop
* Managed SPY - .Net manipulation Tool (for local .Net processes)
* NProf - .Net Profiler
* WoanWare tools (from www.woany.co.uk):
- Requester
- HttpCodeGen
- Encoder
- HttpLibrary
* Enterprise Library
* WSE 3.0
7) Browser extensions
* Sleuth (Evaluation) - Has a great IE browser plug-in that allows the direct editing of Web pages
* for IE
- IE Dev Toolbar
- Tamper IE
- WoanWare Quick’n'Dirty
* for Firefox
- Tamper Data
- Add N Edit Cookies
- WebDeveloper
- Switch Proxy
- Header Monitor
- LiveHttp Headers
- JavaScript Debugger
- View Source Chart
- IE View
8 ) Foundstone tools
* Hacme Bank
* Validator .Net
* Code Scout
* CookieDiger
* dotNetMon - tool trace .Net methods in real time
* SiteDigger
* WSDigger
9) Web Applications
* Community Server
* DNN
* ASPNuke
10) Additional material (I usually put this on a separate folder called ‘Additional .Net tools’
[.] [GotDotNet Win32Security]
[..] [LogParser]
[2.0 Membership Provider] [MS Solution for Windows-based Hosting version 3.0]
Absinthe-1.4.1-Source.tar.gz [NET Profiling API material]
Absinthe-1.4.1-Windows.zip [Nunit]
[ASP.NET user authentication] [Partially Trusted Material]
[ASPNET WatchDog] [Strong Naming]
[ASPNET windows authentication] [Using PersonalizationStarter (2.0)]
[CLR SPY] [SharpDevelop]
[DotNet Hook Library 2.1] [Snippet Compiler (C# Development Environment)]
[Encryption and Key Management] [_XSD Object Generator]
[GotDotNet RoleBasedSecurityExample]