Community: Downloads


Please login to download files on this page. Login / New user?


While a version of NDiff has been incorporated into the newest versions of NMap, some prefer the older version. This version allows you to process the differences in a set of NMap results files into an HTML page that's very easy to interpret.


CrytoGraph is a free Java based graphical tool for the analysis of arbitrary files. The tool stems from experiments that were conducted for profiling arbitrary network streams in an effort to identify different types of data passing over a network. That idea applies equally well to the analysis of files. While this tool will not explicitly tell you what kind of data it is analyzing, the graphical nature allows the operator to develop profiles for what different types of data "look like." Identifying encrypted data is the easiest since it will have a very flat graphical profile across the keyspace used for the resulting data.

This extremely simple Perl script allows you to take the output from a Wireless auditing tool like Kismet or from a packet sniffer like TCPDump and extract/decode NetBIOS names broadcast in the data capture. This is extremely useful, especially in wireless audits, for identifying precisely which systems are broadcasting over the wireless network and to which domains they belong.

PCI Tools

This is a set of comprehensive tools for the analysis and scoring of environments that must be compliant with the PCI/DSS. These tools include the ability to perform self-assessments of firewall rules and configurations, SSL certificate settings on SSL enabled services, and automated running/analysis of Nessus scans for PCI/DSS compliance. The analysis process produces an easy to read and interpret HTML result that can be viewed in any web browser. The Audit 507 class covers use of the Firewall analysis tool in depth and the Audit 521 course covers in depth usage of the entire tool suite.

Web Applications Audit Checklist

This checklist is a starting point for doing a comprehensive audit of the security features and deployment settings of any web application. This checklist is covered in great detail throughout the Web Application Auditing day of Audit 507.

WebScarab Demonstration

This 20 minute video is a quick overview of some of the features of WebScarab. The video covers everything from initial configuration through session ID analysis using the graphical analysis feature of WebScarab.

Windows Baselines

This set of simple yet powerful scripts allow an administrator to automatically generate a baseline of useful settings, configuration options and physical characteristics for every computer in a domain automatically. Additionally, the script allows an administrator to monitor all of the computers for unauthorized changes over time. These scripts will work on all versions of Windows an any Active Directory. The scripts require the DSQuery tool which is installed on all Active Directory servers or can be installed with the Windows 2003 AdminPack (a free download from Microsoft).

Reverse Mapper

Reverse Mapper is a Ruby script and supporting class that allows you to easily determine all of the DNS names that are associated with a range of IP addresses. This allows you to audit a DNS server's PTR records to ensure that private information is not being published inadvertently.


DNS_Block can be used in many ways. One is for appropriate use enforcement. Another great use is for user Internet usage habit profiling via DNS query logs. Finally, it's a great DNS Sinkhole for APT and other fast flux malware infections without the huge learning curve and maintenance effort required for something like BIND.