1)
Cain & Abel
http://www.oxid.it/cain.html
Online Manual
http://www.oxid.it/ca_um/
CAIN FEATURES
(Features of Abel are listed below)
Protected Storage Password Manager
Reveals locally stored passwords of Outlook, Outlook Express, Outlook
Express Identities, Outlook 2002, Internet Explorer and MSN Explorer.
Credential Manager Password Decoder
Reveals passwords stored in Enterprise and Local Credential Sets on
Windows XP/2003.
LSA Secrets Dumper
Dumps the contents of the Local Security Authority Secrets.
Dialup Password Decoder
Reveals passwords stored by Windows "Dial-Up Networking" component.
APR (ARP Poison Routing)
Enables sniffing on switched networks and Man-in-the-Middle attacks.
Route Table Manager
Provides the same functionality of the Windows tool "route.exe" with a
GUI front-end.
SID Scanner
Extracts user names associated to Security Identifiers (SIDs) on a
remote system.
Network Enumerator
Retrieves, where possible, the user names, groups, shares, and services
running on a machine.
Service Manager
Allows you to stop, start, pause/continue or remove a service.
Sniffer
Captures passwords, hashes and authentication information while they
are transmitted on the network. Includes several filters for
application specific authentications and routing protocols. The VoIP
filter enables the capture of voice conversations transmitted with the
SIP/RTP protocol saved later as WAV files.
Routing Protocol Monitors
Monitors messages from various routing protocols (HSRP, VRRP, RIPv1,
RIPv2, EIGRP, OSPF) to capture authentications and shared route tables.
Full RDP sessions sniffer for APR (APR-RDP)
Allows you to capture all data sent in a Remote Desktop Protocol (RDP)
session on the network. Provides interception of keystrokes activity
client-side.
Full SSH-1 sessions sniffer for APR (APR-SSH-1)
Allows you to capture all data sent in a HTTPS session on the network.
Full HTTPS sessions sniffer for APR (APR-HTTPS)
Allows you to capture all data sent in a HTTPS session on the network.
Certificates Collector
Grab certificates from HTTPS web sites and prepares them to be used by
APR-HTTPS.
MAC Address Scanner with OUI fingerprint
Using OUI fingerprint, this makes an informed guess about what type of
device the MAC address from.
Promiscuous-mode Scanner based on ARP packets
Identifies sniffers and network Intrusion Detection systems present on
the LAN.
Wireless Scanner
Can scan for wireless networks signal within range, giving details on
its MAC address, when it was last seen, the guessed vendor, signal
strength, the name of the network (SSID), whether it has WEP or not
(note WPA encrypted networks will show up as WEPed), whether the
network is an Ad-Hoc network or Infrastructure, what channel the
network is operating at and at what speed the network is operating
(e.g. 11Mbps).
Access (9x/2000/XP) Database Passwords Decoder
Decodes the stored encrypted passwords for Microsoft Access Database
files.
Base64 Password Decoder
Decodes Base64 encoded strings.
Cisco Type-7 Password Decoder
Decodes Cisco Type-7 passwords used in router and switches
configuration files.
Cisco VPN Client Password Decoder
Decodes Cisco VPN Client passwords stored in connection profiles
(*.pcf).
VNC Password Decoder
Decodes encrypted VNC passwords from the registry.
Enterprise Manager Password Decoder
Decodes passwords used by Microsoft SQL Server Enterprise Manager (SQL
7.0 and 2000 supported).
Remote Desktop Password Decoder
Decodes passwords in Remote Desktop Profiles (.RPD files).
PWL Cached Password Decoder
Allows you to view all cached resources and relative passwords in clear
text either from locked or unlocked password list files.
Password Crackers
Enables the recovery of clear text passwords scrambled using several
hashing or encryption algorithms. All crackers support Dictionary and
Brute-Force attacks.
Cryptanalysis attacks
Enables password cracking using the ‘Faster Cryptanalytic time – memory
trade off’ method introduced by Philippe Oechslin. This cracking
technique uses a set of large tables of pre calculated encrypted
passwords, called Rainbow Tables, to improve the trade-off methods
known today and to speed up the recovery of clear text passwords.
NT Hash Dumper + Password History Hases (works with Syskey enabled)
Will retrieve the NT password hash from the SAM file regardless of
whether Syskey in enabled or not.
Syskey Decoder
Will retrieve the Boot Key used by the SYSKEY utility from the local
registry or "off-line" SYSTEM files.
MSCACHE Hashes Dumper
Will retrieve the MSCACHE password hashes stored into the local
registry.
Wireless Zero Configuration Password Dumper
Will retrieve the wireless keys stored by Windows Wireless
Configuration Service.
Microsoft SQL Server 2000 Password Extractor via ODBC
Connects to an SQL server via ODBC and extracts all users and passwords
from the master database.
Oracle Password Extractor via ODBC
Connects to an Oracle server via ODBC and extracts all users and
passwords from the database.
MySQL Password Extractor via ODBC
Connects to an MySQL server via ODBC and extracts all users and
passwords from the database.
Box Revealer
Shows passwords hidden behind asterisks in password dialog boxes.
RSA SecurID Token Calculator
Can calculate the RSA key given the tokens .ASC file.
Hash Calculator
Produces the hash values of a given text.
TCP/UDP Table Viewer
Shows the state of local ports (like netstat).
TCP/UDP/ICMP Traceroute with DNS resolver and WHOIS client
A improved traceroute that can use TCP, UDP and ICMP protocols and
provides whois client capabilities.
Cisco Config Downloader/Uploader (SNMP/TFTP)
Downloads or uploads the configuration file from/to a specified Cisco
device (IP or host name) given the SNMP read/write community string.
***********************************************
ABEL FEATURES
Remote Console
Provides a remote system shell on the remote machine.
Remote Route Table Manager
Enable to manage the route table of the remote system.
Remote TCP/UDP Table Viewer
Shows the state of local ports (like netstat) on the remote system.
Remote NT Hash Dumper + Password History Hases (works with Syskey
enabled)
Will retrieve the NT password hash from the SAM file regardless of
whether Syskey in enabled or not; works on the Abel-side.
Remote LSA Secrets Dumper
Dumps the contents of the Local Security Authority Secrets present on
the remote system.
=============================
=============================
2)
Sam Spade
http://www.samspade.org/
Features:
ping
ping a network host to see if it's alive, and to see how long it takes
packets to get there and back
nslookup
Find the IP address from a hostname, or vice-versa
whois
Ask a whois server who owns a domain name. Sam Spade will usually ask
the right whois server automatically, or you can query a particular
server. Whois queries for .com/.net/.org addresses are directed to the
correct registrar automatically.
IP block whois
Ask a whois server who owns a block of IP addresses
dig
A more advanced DNS query tool. Dig asks a DNS server for all the
information it has about a host
traceroute
Find the route packets take between you and a remote system. Both a
slow, step-by-step mode and a fast parallel query mode are available.
finger
Lookup user information on a remote unix system
SMTP verify
Ask a mail-server whether an email address is real and whether it's
being forwarded to other addresses. Also attempt partial delivery to a
range of addresses to discover whether a given address is valid or not.
web (code only) browser
Browse the web, viewing the raw HTTP traffic rather than the rendered
HTML. This lets you see the http headers and the raw HTML. Very handy
for debugging CGI scripts. It will not send any identifying information
to the webserver, and by not supporting file download, java,
javascript, cookies or anything else it has far fewer security holes
than real browsers. As it doesn't render the HTML it makes attempts to
hide information (such as hidden form fields, white-on-white text, meta
fields etc.) obvious. These make it a useful tool for investigating
malign websites
keep-alive
Sends http packets to your ISPs webserver every minute or so, to keep a
dialup link active
DNS zone transfer
This asks a DNS server for all the information it has about a domain.
It automatically finds the authoritative servers for a domain and will
query one or all of them.
SMTP relay check
This checks whether a mailserver is secure. It attempts to send email
back to yourself via somebody elses email server (one which you're not
supposed to have access to). Hopefully it'll fail, but if it doesn't
the mailserver is open to all sorts of abuse and the administrator
needs to secure it
Usenet cancel check
This asks your local news-server to look for cancelled messages in a
set of groups
website download
This will copy a website to disk.
website search
This searches a website for anything matching a list of patterns
email header analysis.
email header analysis
This will check the Received lines in an email header for consistency.
It can help in tracking down the true source of forged email
Email blacklist query
This will check the Realtime Blackhole List, Dialup User List and
Relayed Spam Source List to see if any of a hosts addresses are listed
abuse.
Abuse address query
This will identify the email address responsible for abuse issues at a
given domain using the database maintained by abuse.net
S-Lang scripting
Many features can be configured and scripted using the embedded S-Lang
scripting language.
Time
Query a remote host to see what time it thinks it is, via a range of
protocols including SNTP. Optionally set the local systems time via
SNTP at each application startup.
