IT Security Assessment Tools

During the course of our assessments, we use many different tools for data collection, analysis, and reporting. Often times, if a tool does not exist, we will write it ourselves. Hopefully if it solved a problem for us, it will do so for you too. We appreciate any feedback.
NMap XML2SQL
Assessment Type: Enumeration and Analysis
Platform: Cross-platform
Download Type: Download NMap XML2SQL

SQL support has been a much requested feature of NMAP in the Redspin office. While a number of tools exist to support NMAP SQL output, their database format has left much to be desired. Using SQLite, Perl's DB and the NMAP Parser module, our tool extracts all supported fields in an NMAP XML file and creates a user-friendly database format. The resulting database can then be queried directly using SQLite in order to extract relevant information.

learn more about NMap XML2SQL on our blog
fTrace
Assessment Type: Secure Program
Platform: Linux
Download: Download fTrace

fTrace is a security assessment tool to trace local function calls and identify security vulnerabilities in Linux binaries. It dynamically traces a non-stripped binary until it exits and prints to stderr all the local function calls which the program calls and reports possible arguments and return values of each function. It was programmed with intentional compatibility with such tools as strace(1) and ltrace(1) but is oriented toward secure program development.

learn more about fTrace at defcon.org
Crackulator
Assessment Type: Password Auditing
Platform: Web-based

The Crackulator is a password policy auditor. It computes the amount of time it would take to crack a password given its complexity requirements and compares it to the password age policy. Use this security assessment tool to verify that your password policy is strict enough for a given purpose. If it is possible to crack a password before the password is required to be changed, then this tool will indicate that the password policy should be revised.

learn more about strong password policies on our blog

Use The Crackulator

Enter your password criteria below and click on the "Crack" button to test your password security.

Characters Required:
A-Z        0-9        Special       Length = Characters
Users:
Number of Users:
Lockout Policy:
Lockout Enforced?: Yes    No
Number of Tries Before Lockout:
Duration of Lockout:
Password Cracking Speed: