Greetings, dear reader, and welcome to the best appendix you’ve ever read—or at least the most useful for your CEH exam anyway. This appendix is filled with tools and websites that will help you become a better ethical hacker. Keep in mind I’m not providing a recommendation for, approval of, or a security guarantee on any website or link you’ll find here. Neither I nor my beloved publisher can be held liable for anything listed here. For example, URLs change, pages become outdated with time, tools become obsolete when new versions are released, and so on. Not to mention, as I clearly pointed out in the text, you need to be careful with some of this stuff: your antivirus system will no doubt explode with activity simply by visiting some of these sites. I highly recommend you create a virtual machine or use a standby system to download to and test tools from.
These websites and tools are listed here because they will help you in your study efforts for the exam and further your professional development. I purposely did not provide these tools for you because it is important that you learn how to find and install what you’re looking for. You’re entering the big leagues now, so you simply need to know how it’s really done.
• National Vulnerability Database http://nvd.nist.gov
• CodeRed Center www.eccouncil.org
• MSVR http://technet.microsoft.com
• SecurityTracker www.securitytracker.com
• Help Net Security www.net-security.org
• SecuriTeam www.securiteam.com
• Secunia www.secunia.com
• HackerStorm www.hackerstrom.co.uk
• HackerJournals www.hackerjournels.org
• SecurityFocus www.securityfocus.com
• Security Magazine www.securitymagazine.com
• SC Magazine www.scmagazine.com
• Exploit Database www.exploit-db.com
• Intelius www.intelius.com
• Zaba Search www.zabasearch.com
• PeekYou www.peekyou.com
• ZoomInfo http://zoominfo.com
• AnyWho www.anywho.com
• 411 www.411.com
• People Search Now www.peoplesearchnow.com
• Veromi www.veromi.net
• MarketWatch www.marketwatch.com
• SEC Info www.secinfo.com
• Euromonitor www.euromonitor.com
• Wall Street Transcript www.twst.com
• Lipper www.lippermarketplace.com
• Experian www.experian.com
• The Search Monitor www.thesearchmonitor.com
• BrandsEye www.brandseye.com
• Alexa www.alexa.com
• Social Mention www.socialmention.com
• ReputationDefender www.reputation.com
• Rankur http://rankur.com
• Netcraft http://news.netcraft.com
• Webmaster http://webmaste-a.com/link-extractor-internal.php
• iWebTool www.iwebtool.com
• Archive www.archive.org
• InfoMinder www.infominder.com
• Websnitcher http://websnitcher.com
• Check4Change http://addons.mozilla.com
• ChangeDetection www.changedetection.com
• Nslookup
• Better Whois www.betterwhois.com
• ARIN www.whois.arin.net
• SmartWhois www.tamos.com/download/main/
• Domain Dossier http://centralops.net
• Active Whois www.johnru.com
• DomainTools www.domaintools.com
• Network Solutions www.networksolutions.com
• DNSstuff www.dnsstuff.com
• DNS-Digger http://dnsdigger.com
• SpyFu www.spyfu.com
• Mobile DNS Sniffer www.dnssniffer.com
• UltraTools Mobile www.ultratools.com
• WHOIS Lookup www.whois.com.au
• VisualRoute Trace www.visualware.com
• Visual IP Trace www.visualiptrace.com
• PingPlotter http://pingplotter.com
• Path Analyzer Pro www.pathanalyzer.com
• BlackWidow http://softbytelabs.com
• Reamweaver http://reamweaver.com
• HTTrack www.httrack.com
• NCollector Studio www.calluna-software.com
• Wget www.gnu.org
• Teleport Pro www.tenmax.com/teleport/pro/home.htm
• Hooeey Webprint www.hooeeywebprint.com
• eMailTrackerPro www.emailtrackerpro.com
• ContactMonkey https://contactmonkey.com
• PoliteMail www.politemail.com
• ReadNotify www.readnotify.com
• DidTheyReadIt www.didtheyreadit.com
• Zendio www.zendio.com
• GetNotify www.getnotify.com
• Google Hacking Database www.hackersforcharity.org/ghdb/
• Google Hacks http://code.google.com/p/googlehacks/
• Google Hacking Master List http://it.toolbox.com/blogs/managing-infosec/google-hacking-master-list-28302
• Metagoofil www.edge-security.com
• Google Hack Honeypot http://ghh.sourceforge.net
• Gooscan www.darknet.org.uk
• Angry IP Scanner www.angryip.org
• Colasoft Ping http://colasoft.com
• Ultra Ping Pro http://ultraping.webs.com
• Ping Scanner Pro www.digilextechnologies.com
• MegaPing www.magnetosoft.com
• Friendly Pinger www.kilievich.com
• SolarWinds www.solarwinds.com
• nmap http://nmap.org
• Pinkie www.ipuptime.net
• SuperScan www.mcafee.com/us/downloads/free-tools/superscan.aspx
• Nmap (ZenMap) http://nmap.org/
• NetScanTools Pro www.netscantools.com
• CurrPorts www.nirsoft.net
• Hping www.hping.org
• LAN Surveyor www.solarwinds.com
• MegaPing www.magnetosoft.com
• NScan www.nscan.hypermart.net
• Infiltrator www.infiltration-systems.com
• Netcat http://netcat.sourceforge.net
• IPEye http://ntsecurity.nu
• IP Tools www.ks-soft.net
• THC-Amap www.thc.org
• PRTG Net Monitor www.paessler.com
• Umit Network Scanner (mobile) www.umitproject.org
• Fing (mobile) www.overlooksoft.com
• IP Network Scanner (mobile) http://10base-t.com
• Network Discovery (mobile) http://rorist.github.io
• Pamn IP Scanner (mobile) http://pips.wjholden.com
• PortDroid (mobile) www.stealthcopter.com
• Telnet
• ID Serve www.grc.com
• Netcraft http://netcraft.com
• Xprobe http://sourceforge.net/apps/mediawiki/xprobe/index.php?title=Main_Page
• THC-Amap http://freeworld.thc.org
• Nessus www.tenable.com
• OpenVAS www.openvas.org
• SAINT http://saintcorporation.com
• GFI LanGuard www.gfi.com
• Qualys FreeScan www.qualys.com
• Retina http://eeye.com
• Core Impact www.coresecurity.com
• MBSA http://technet.microsoft.com
• Wikto www.sensepost.com
• Nikto http://cirt.net/nikto2
• WebInspect http://download.spidynamics.com/webinspect/default.htm
• Acunetix www.acunetix.com
• SecurityMetrics (mobile) www.securitymetrics.com
• Retina for Mobile www.beyondtrust.com
• NetMapper www.opnet.com
• Network Topology Mapper www.solarwinds.com
• LANState www.10-strike.com
• HP Network Node Manager www8.hp.com
• OpManager www.manageengine.com
• Network View www.networkview.com
• IPsonar www.lumeta.com
• Scany (mobile) http://happymagenta.com
• NetMaster (mobile) www.nutecapps.com
• Network SAK (mobile) http://foobang.weebly.com
• Tor https://www.torproject.org/
• Proxy Switcher www.proxyswitcher.com
• CyberGhost www.cyberghostvpn.com
• ProxyChains http://proxychains.sourceforge.net/
• SoftCab www.softcab.com/proxychain/index.php
• Proxifier www.proxifier.com
• HTTP Tunnel www.http-tunnel.com
• Anonymouse http://anonymouse.org/
• Anonymizer http://anonymizer.com
• Psiphon http://psiphon.ca
• Super Network Tunnel www.networktunnel.net
• Bitvise www.bitvise.com
• G-Zapper www.dummysoftware.com
• ProxyDroid (mobile) https://github.com
• NetShade (mobile) www.raynersw.com
• Proxy Browser for Android (mobile) https://play.google.com
• PSTools http://technet.microsoft.com
• P0f http://lcamtuf.coredump.cx/p0f.shtml
• Winfingerprint www.winfingerprint.com
• User2Sid/Sid2User www.svrops.com/svrops/dwnldutil.htm
• NSauditor www.nsauditor.com
• NetBIOS Enumerator http://nbtenum.sourceforge.net
• LDAP Admin www.ldapsoft.com
• LEX www.ldapexplorer.com
• Ldp.exe www.microsoft.com
• User2Sid/Sid2User http://windowsecurity.com
• IP Network Browser www.solarwinds.com
• Xprobe www.sys-security.com/index.php?page=xprobe
• Hyena www.systemtools.com
• SolarWinds www.solarwinds.com
• OpUtils www.manageengine.com
• SNMPUtil www.wtcs.org
• SNMP Scanner www.secure-bytes.com
• SNMP Informant www.snmp-informant.com
• Softerra www.ldapadministrator.com
• JXplorer www.jxplorer.org
• LDAP Search http://securityxploded.com
• LEX www.ldapexplorer.com
• Active Directory Explorer http://technet.microsoft.com
• NTP Time Server Monitor www.meinbergglobal.com
• NTP Server Scanner www.bytefusion.com
• Atom Sync www.atomsync.com
• LAN Time Analyzer www.bytefusion.com
• Power Tools www.macecraft.com
• RegScanner www.nirsoft.net
• Reg Organizer www.chemtable.com
• Active Registry Monitor www.devicelock.com
• Comodo Cloud Scanner www.comodo.com
• All-seeing-Eye www.fortego.com
• SrvMan http://tools.sysprogs.org
• SMART www.thewindowsclub.com
• Nagios www.nagios.com
• Process Hacker http://processhacker.sourceforge.net
• FastSum www.fastsum.com
• WinMD5 www.blisstonia.com
• ACSV www.irnis.net
• Verisys www.ionx.co.uk
• OSSEC www.ossec.net
• FileVerifier www.programmingunlimited.net
• w3dt.net
• cirt.net
• default-password.info
• Cain www.oxid.it
• John the Ripper www.openwall.com
• LCP www.lcpsoft.com
• THC-Hydra www.thc.org/thc-hydra/
• ElcomSoft www.elcomsoft.com/
• CloudCracker www.cloudcracker.com
• LastBit http://lastbit.com/
• Ophcrack http://ophcrack.sourceforge.net
• Aircrack www.aircrack-ng.org/
• Rainbow crack www.antsight.com/zsl/rainbowcrack/
• Brutus www.hoobie.net/brutus/
• Windows Password Recovery www.windowspasswordsrecovery.com
• KerbCrack http://ntsecurity.nu
• FlexiSpy (mobile) www.flexispy.com
• Dereil/HOIC http://sourceforge.net
• DoS HTTP http://socketsoft.net
• BanglaDos http://sourceforge.net
• Tor’s Hammer http://packetstormsecurity.com
• HULK www.sectorix.com
• LOIC http://sourceforge.net
• AnDOSid http://andosid.android.informer.com
• Wireshark www.wireshark.org/
• Ace www.effetech.com
• KerbSniff http://ntsecurity.nu
• Ettercap http://ettercap.sourceforge.com
• KeyProwler www.keyprowler.com
• Ultimate Keylogger www.ultimatekeylogger.com
• All In One Keylogger www.relytec.com
• Handy Keylogger www.handy-keylogger.com
• Actual Keylogger www.actualkeylogger.com
• Actual Spy www.actualspy.com
• Ghost www.keylogger.net
• Hidden Recorder www.oleansoft.com
• IcyScreen www.16software.com
• Desktop Spy www.spyarsenal.com
• USB Grabber http://digitaldream.persiangig.com
• Amac www.amackeylogger.com
• Password Recovery Boot Disk www.rixler.com
• Password Reset www.reset-windows-password.net
• Password Recovery www.windowspasswordrecovery.com
• System Recovery www.elcomsoft.com
• PDQ Deploy www.adminarsenal.com
• RemoteExec www.isdecisions.com
• Dameware www.dameware.com
• SpyTech www.spytech-web.com
• Remote Desktop Spy www.global-spy-software.com
• Activity Monitor www.softactivity.com
• OsMonitor www.os-monitor.com
• SSPro www.gpsoftdev.com
• LANVisor www.lanvisor.com
• eBlaster www.spectorsoft.com
• Power Spy www.ematrixsoft.com
• EmailObserver www.softsecurity.com
• Desktop Spy www.spyarsenal.com
• Kahlown Screen Spy www.lesoftrejion.com
• Spector Pro www.spectorsoft.com
• NetVisor www.netvizor.net
• USB spy www.everstrike.com
• Modem Spy www.modemspy.com
• Mobile Spy www.mobile-spy.com
• MobiStealth Cell Phone Spy www.mobistealth.com
• Spy Phone Gold https://spyera.com
• John the Ripper www.openwall.com
• Easy GPS www.easygps.com
• Trackstick www.trackstick.com
• mSpy www.mspy.com
• GPS TrackMaker Professional www.trackmaker.com
• ELSave www.ibt.ku.dk
• CCleaner www.piriform.com
• MRU-Blaster www.brightfort.com
• EraserPro www.acesoft.net
• WindowWasher www.webroot.com
• Auditpol www.microsoft.com
• WinZapper www.ntsecurity.nu
• Evidence Eliminator www.evidence-eliminator.com
• Komodia www.komodia.com
• Hping2 www.hping.org/
• PackEth http://sourceforge.net
• Packet generator http://sourceforge.net
• Netscan http://softperfect.com
• Scapy www.secdev.org/projects/scapy/
• Nemesis http://nemesis.sourceforge.net
• Paros Proxy www.parosproxy.org
• Burp Suite http://portswigger.net
• Firesheep http://codebutler.github.com/firesheep
• Hamster/Ferret http://erratasec.blogspot.com/2009/03/hamster-20-and-ferret-20.html
• Ettercap http://ettercap.sourceforge.net
• Hunt http://packetstormsecurity.com
• CCleaner www.piriform.org
• Wipe http://privacyroot.com
• BleachBit http://bleachbit.sourceforge.net
• Window Washer www.eusing.com
• MRU-Blaster www.brightfort.com
• VeraCrypt https://veracrypt.codeplex.com/
• BitLocker http://microsoft.com
• DriveCrypt www.securstar.com
• AxCrypt www.axantum.com/axcrypt/
• GNU Privacy Guard https://www.gnupg.org/
• MD5 Hash www.digitalvolcano.co.uk/content/md5-hash
• HashCalc http://nirsoft.net
• Quick Hash http://sourceforge.net/projects/quickhash/
• McAfee Hash Calculator www.mcafee.com/us/downloads/free-tools/hash-calculator.aspx
• ImageHide www.dancemammal.com
• Merge Streams www.ntkernel.com
• StegParty www.fasterlight.com
• gifShuffle www.darkside.com.au
• QuickStego www.quickcrypto.com
• Invisible Secrets www.invisiblesecrets.com
• EzStego www.stego.com
• OpenStego http://openstego.sourceforge.net/
• S Tools http://spychecker.com
• JPHIDE http://nixbit.com
• wbStego http://home.tele2.at/wbailer/wbstego/
• MP3Stegz http://sourceforge.net
• OurSecret www.securekit.net
• OmniHidePro http://omnihide.com
• AudioStega www.mathworks.com
• StegHide http://steghide.sourceforge.net
• XPTools www.xptools.net
• OfficeXML www.irongeek.com
• Masker www.softpuls.com
• DeepSound http://jpinsoft.net
• InvisibleSecrets www.invisiblesecrets.net
• SpamMimic www.spammimic.com
• Stegais (mobile) http://stegais.com
• Spy Pix (mobile) www.juicybitssoftware.com
• Stego Master (mobile) https://play.google.com
• Pocket Stego (mobile) www.tall=ixa.com
• Gargoyle Investigator (stego detection) www.wetstonetech.com
• StegDetect www.outguess.org
• StegAlyzerSS www.sarc-wv.com
• StegSpy www.spy-hunter.com
• Cryptanalysis http://cryptanalysisto.sourceforge.net
• Cryptobench http://addario.org
• EverCrack http://evercrack.sourceforge.net
• Wireshark http://wireshark.org
• CACE www.cacetech.com
• tcpdump http://tcpdump.org
• Capsa www.colasoft.com
• OmniPeek www.wildpackets.com
• NetWitness www.netwitness.com
• Windump www.winpcap.org
• dsniff http://monkey.org
• EtherApe http://etherape.sourceforge.net
• Kismet www.kismetwireless.net
• NetStumbler www.netstumbler.net
• Macof monkey.org
• SMAC www.klcconsulting.net
• Cain www.oxid.it
• UfaSoft http://ufasoft.com
• WinARP Attacker www.xfocus.net
• Kismet www.kismetwireless.net
• NetStumbler www.netstumbler.net
• inSSIDer www.metageek.net
• NetSurveyor www.performancewifi.net
• WirelessMon www.passmark.com
• WiFiFoFum www.dynamicallyloaded.com
• iStumbler www.istumbler.net
• Vistumbler www.vistumbler.net
• WiGLE http://wigle.net
• AirPcap www.cacetech.com
• MadWifi http://madwifi-project.org
• AirMagnet WiFi Analyzer http://airmagnet.com
• Airodump http://Wirelessdefence.org/Contents/Aircrack_airodump.htm
• Aircrack www.Aircrack-ng.org
• AirSnort http://airsnort.shmoo.com/
• Cascade Pilot www.riverbed.com
• Omnipeek www.wildpackets.com
• CommView www.tamos.com
• Capsa www.colasoft.com
• Aircrack www.aircrack-ng.org/
• KisMAC http://kismac-ng.org/
• Wireless Security Auditor www.elcomsoft.com
• WepAttack www.wepattack.sourceforge.net
• WepCrack www.wepcrack.sourceforge.net
• coWPAtty www.wirelessdefence.org
• BTBrowser http://wireless.klings.org
• BH Bluejack http://croozeus.com
• BTScanner www.pentest.co.uk
• CIHwBT http://sourceforge.net
• Bluesnarfer www.airdemon.net
• BT Audit http://trifinite.org
• Phonesnoop www.blackberryrc.com
• BlueScanner www.arubanetworks.com
• BT Browser www.BluejackingTools.com
• BlueScanner http://sourceforge.net
• Bluediving http://bluediving.sourceforge.net
• SuperBlueTooth Hack www.brothersoft.com
• WiHack https://wihack.com
• Backtrack Simulator https://play.google.com
• WiFiFoFum www.wififofum.net
• Net Signal Info www.kaibits-software.com
• OpenSignal Maps http://opensignal.com
• WiFi Manager http://kmansoft.com
• Where’s My Droid http://whersmydroid.com
• Find My Phone http://findmyphone.mangobird.com
• GadgetTrak www.gadgettrak.com
• iHound www.ihoundsoftware.com
• SuperOneClick http://superoneclick-download.soft112.com/
• One Click Root https://www.oneclickroot.com/
• Superboot (Multiple download sites)
• Kingo https://www.kingoapp.com/
• Cydia http://cydia.saurik.com
• Pangu http://en.pangu.io
• Redsn0w http://redsn0w.info
• Absinthe http://greenpois0n.com
• Evasi0n7 http://evasi0n.com
• Geeksn0w http://geeksn0w.it
• MaaS360 www.maas360.com
• XenMobile www.citrix.com
• MobiControl www.sati.net
• SAP Afaria www.sybase.com
• SUPERAntiSpyware www.superantispyware.com
• Ad-Aware www.lavasoft.com
• SpyHunter www.enigmasoftware.com
• Kapersky www.kapersky.com
• Symantec www.symantec.com
• McAfee www.mcafee.com
• MacScan http://macscan.securemac.com
• Spybot Search and Destroy www.safer-networking.org
• Malwarebytes www.malwarebytes.com
• AVG free.avg.com
• Avast www.avast.com
• Panda www.pandasecurity.com
• BitDefender www.bitdefender.com
• HackAlert www.armorize.com
• EliteWrap http://homepage.ntlworld.com/chawmp/elitewrap
• Crypter cypherx.org
• Crypter www.crypter.com
• Aegis www.aegiscrypter.com
• Hidden Sight Crypter http://securecybergroup.in
• AIO FUD (Multiple download sites)
• Galaxy Crypter (Multiple download sites)
• Heaven Crypter (Multiple download sites)
• Swayz Cryptor (Multiple download sites)
• HiJackThis http://free.antivirus.com
• What’s Running www.whatsrunning.net
• CurrPorts www.nirsoft.net
• SysAnalyzer http://labs.idefense.com/software/malcode.php
• Regshot http://sourceforge.net/projects/regshot
• Driver Detective www.driveshq.com
• SvrMan http://tools.sysprogs.org
• ProcessHacker http://processhacker.sourceforge.net
• Fport www.mcafee.com/us/downloads/free-tools/fport.aspx
• Netcat http://netcat.sourceforge.net
• Nemesis http://nemesis.sourceforge.net
• Metasploit www.metasploit.com
• Wfetch www.microsoft.com
• Httprecon www.computec.ch
• ID Serve www.grc.com
• WebSleuth http://sandsprite.com
• Black Widow http://softbytelabs.com
• cURL http://curl.haxx.se
• WebScarab http://owasp.org
• Nstalker http://nstalker.com
• NetBrute www.rawlogic.com
• WebInspect http://www8.hp.com/us/en/software-solutions/webinspect-dynamic-analysis-dast
• SoapUI www.soapui.org
• XMLSpy www.altova.com
• InstantSource www.blazingtools.com
• Netsparker www.mavitunasecurity.com
• WatcherWeb www.casaba.com
• BSQL Hacker http://labs.portcullis.co.uk
• Marathon http://marathontool.codeplex.com
• Havil http://itsecteam.com
• SQL Injection Brute http://code.google.com
• SQL Brute http://gdssecurity.com
• SQLNinja http://sqlninja.sourceforge.net
• SQLGET http://darknet.org.uk
• Core CloudInspect www.corecloudinspect.com
• CloudPassage Halo www.cloudpassge.com
• Trend Micro Instant-On www.trendmicro.com
• Symantec O3 www.symantec.com
• AlertLogic www.alertlogic.com
• Panda Cloud Office Protection www.cloudantivirus.com
• Snort www.snort.org
• ADMmutate www.ktwo.ca
• NIDSbench http://packetstormsecurity.org/UNIX/IDS/nidsbench/
• IDS Informer www.net-security.org
• Inundator http://inundator.sourceforge.net
• Tcp-over-dns http://analogbit.com/software/tcp-over-dns
• Core Impact www.coresecurity.com
• CANVAS http://immunitysec.com
• Metasploit www.metasploit.org
• Armitage www.fastandeasyhacking.com
• Codenomicon http://codenomicon.com
• Cobalt Strike http://www.cobaltstrike.com
• IKE-Scan www.nta-monitor.com/tools-resources/security-tools/ike-scan
• Social Engineer Toolkit www.trustedsec.com
• Sysinternals www.microsoft.com/technet/sysinternals/default.mspx
• Tripwire www.tripwire.com/
• Core Impact Demo https://coresecurity.webex.com/
• Distrowatch http://distrowatch.com
• BackTrack www.remote-exploit.org/index.php/BackTrack
All URLs listed in this appendix were current and live at the time of writing. McGraw-Hill Education makes no warranty as to the availability of these World Wide Web or Internet pages. McGraw-Hill Education has not reviewed or approved the accuracy of the contents of these pages and specifically disclaims any warranties of merchantability or fitness for a particular purpose.