HOME ABOUT US NEWS TEAM PARTNERING TRAINING EVENTS MEDIA KIT CONTACT
  TEAM ACCESS
     Silver Access
     Gold Access
     Researcher Access
  ASSOCIATIONS 
     Affiliates
     Auditors
     Training Partners
  RESEARCH
     Business Integrity (BIT)
     Home Security (HSM)
     Networking Protocols (OPRP)
     Security Auditing (OSSTMM)
     Security Metrics (ravs)
     Child Security Awareness
     Teen Security Awareness
     Trusted Computing (AVIT)
     Security Models (SOMA)
     Code Analysis (SCARE)
     Security Tools
     Secure Programming
  CERTIFICATION 
     Security Analyst
     Security Expert
     Security Tester
     Wireless Security Expert
     Trust Analyst
     Security Awareness Instructor
     Certified People
     Companies & Products



TOOLS UNDER DEVELOPMENT FOR THE OSSTMM
 
PWDM Practical Wireless Deployment Methodology - The PWDM is a practical, vendor-independent, high-level framework/methodology which is intended to help people who are tasked with deploying, upgrading, maintaining & securing 802.11-based WLANs, irrespective of whether they are private (SOHO, enterprise, home) or public (hotspots) in nature.

The methodology comprises the following steps:
* Deployment Analysis
* Contractual Negotiation
* Deployment Tactical Planning
* Deployment Procedural Rollout
* Supporting Infrastructure Rollout
* AP Security Issues
* Layer 3 Mitigation Strategies
* Management Overlay
* Gateway Security
* UAT & Commissioning 		www.pwdm.net
UnicornScan A port and protocol scanner witht he speed and power to catch a Unicorn. Actually, a truthful scanner that scales to very large networks while remaining equally fast. The scanner is truthful as it tells the tester exactly what is being returned in a clear format with no tricks to try to outsmart the auditor's experience. Results may go to an SQL DB for results you can revisit and map. A must have in any toolkit! www.unicornscan.org
AFD Active Filter Detection is one step, according to the Open Source Security Testing Methodology Manual, that security auditors should perform to identify the presence of Intrusion Prevention Systems and other technologies that would directly impact the quality of a security assessment. www.purehacking.com/afd/
 
DNS Scan A PERL script which supplements the DNS connect scanning task under the Port Scanning Module. Uses DNS connections on a class C to find live hosts through a firewall.
MUTATEv2 an IDS evasion tool from Efrain Torres for assisting in system enumeration, port scanning, and vulnerability testing.
Assessment Scanner A JAVA tool which supplements the Document Grinding Module for electronic dumpster diving. Supports GET and POST requests.
NWRAP A tool developed by Simon Biles to add the Open Protocol Resource Database as an extended functionality to NMAP.  This will show all known protocols for discovered ports which greatly extends the nmap_services file of one service per port.  For this to work, NMAP must be installed and you should include the current version of the oprp.dump should be in the same directory.
Metis v. 2.1. This is a Java-based tool from Sacha Faust for finding the competitive intelligence weight of a web server and assists in satisfying the CI Scouting portion of the OSSTMM. Webpage: http://www.severus.org/sacha/metis/
WMAP v. 1.2. A less stupid web scanner from Efrain Torres. This brute-forces the known directories to uncover variations in structure for better vulnerability scanning. Also includes Spanish file and directory names in the search.
Firewall tester A tool developed in PERL by Andrea Barisani for testing ACLs on routers and firewalls. Special scripts allow for meeting OSSTMM testing requirements with or without having access to both sides of the firewall.
nmap 3.48 patch
 		 This patch is to provide a random payload size to NMAP for fooling Intrusion Detection Systems, by Daniel Fdez. Bleda.
Jack of All Trades
 		 Jack of All Trades

 

Join the ISECOM page on Facebook  Follow us on Twitter  

SUBSCRIBE TO ISECOM NEWS
 
VIEW ALL MAILING LISTS

Join the ISECOM PLATINUM, GOLD or SILVER TEAM


 

ISECOM is an open, collaborative, non-profit, scientific, security research organization registered in Catalunya, Spain.  All research here has been performed without commercial or partisan influence.  Contact us directly to be a security researcher on the ISECOM team.

Disclaimer:  While all documents on this site are available under Copyleft and the Open Methodology License, do check the licenses within each tool or document prior to copying, modifying, or distribution for any individually stated requirements.  Additionally, all research is provided here for information purposes only and ISECOM is not responsible for any misuse.


www.isecom.org - www.osstmm.org www.hackerhighschool.org - www.isestorm.org
www.opse.org - www.opst.org - www.opsa.org - www.owse.org
  If you have any comments, questions, or to note broken links on this website contact the Webmaster.