HOME - NEWS -  EVENTS - MAILING LISTS - OPST/OPSA TRAINING & EXAMS - ABOUT US - CORE TEAM - MEDIA KIT - CONTACT - OPEN LICENSES 

  PROJECTS & RESEARCH

  ACCREDITED TRAINING

  ASSOCIATIONS 

  SERVICES 

TOOLS AND TEMPLATES

The tools and resources are listed specifically to enhance performance of completing ISECOM projects.

ISECOM provides no warranty or guarantee on these tools and they are to use at your own risk. We take no responsibility for the misuse of these tools for illegal or unethical activities.

If you are interested in creating software and/or templatetools for ISECOM projects please contact us at tools<at>isecom.org.

TOOLS UNDER DEVELOPMENT FOR THE OSSTMM		Webpage
PWDM	Practical Wireless Deployment Methodology - The PWDM is a practical, vendor-independent, high-level framework/methodology which is intended to help people who are tasked with deploying, upgrading, maintaining & securing 802.11-based WLANs, irrespective of whether they are private (SOHO, enterprise, home) or public (hotspots) in nature. The methodology comprises the following steps: * Deployment Analysis * Contractual Negotiation * Deployment Tactical Planning * Deployment Procedural Rollout * Supporting Infrastructure Rollout * AP Security Issues * Layer 3 Mitigation Strategies * Management Overlay * Gateway Security * UAT & Commissioning	www.pwdm.net
UnicornScan	A port and protocol scanner witht he speed and power to catch a Unicorn. Actually, a truthful scanner that scales to very large networks while remaining equally fast. The scanner is truthful as it tells the tester exactly what is being returned in a clear format with no tricks to try to outsmart the auditor's experience. Results may go to an SQL DB for results you can revisit and map. A must have in any toolkit!	www.unicornscan.org
AFD	Active Filter Detection is one step, according to the Open Source Security Testing Methodology Manual, that security auditors should perform to identify the presence of Intrusion Prevention Systems and other technologies that would directly impact the quality of a security assessment.	www.purehacking.com/afd/
		Spain Mirror	USA Mirror
DNS Scan	A PERL script which supplements the DNS connect scanning task under the Port Scanning Module. Uses DNS connections on a class C to find live hosts through a firewall.
MUTATEv2	an IDS evasion tool from Efrain Torres for assisting in system enumeration, port scanning, and vulnerability testing.
Assessment Scanner	A JAVA tool which supplements the Document Grinding Module for electronic dumpster diving. Supports GET and POST requests.
NWRAP	A tool developed by Simon Biles to add the Open Protocol Resource Database as an extended functionality to NMAP.  This will show all known protocols for discovered ports which greatly extends the nmap_services file of one service per port.  For this to work, NMAP must be installed and you should include the current version of the oprp.dump should be in the same directory.
Metis v. 2.1.	This is a Java-based tool from Sacha Faust for finding the competitive intelligence weight of a web server and assists in satisfying the CI Scouting portion of the OSSTMM. Webpage: http://www.severus.org/sacha/metis/
WMAP v. 1.2.	A less stupid web scanner from Efrain Torres. This brute-forces the known directories to uncover variations in structure for better vulnerability scanning. Also includes Spanish file and directory names in the search.
Firewall tester	A tool developed in PERL by Andrea Barisani for testing ACLs on routers and firewalls. Special scripts allow for meeting OSSTMM testing requirements with or without having access to both sides of the firewall.
nmap 3.48 patch	This patch is to provide a random payload size to NMAP for fooling Intrusion Detection Systems, by Daniel Fdez. Bleda.