CrytoGraph is a free Java based graphical tool for the analysis of arbitrary files. The tool stems from experiments that were conducted for profiling arbitrary network streams in an effort to identify different types of data passing over a network. That idea applies equally well to the analysis of files. While this tool will not explicitly tell you what kind of data it is analyzing, the graphical nature allows the operator to develop profiles for what different types of data "look like." Identifying encrypted data is the easiest since it will have a very flat graphical profile across the keyspace used for the resulting data.
This extremely simple Perl script allows you to take the output from a Wireless auditing tool like Kismet or from a packet sniffer like TCPDump and extract/decode NetBIOS names broadcast in the data capture. This is extremely useful, especially in wireless audits, for identifying precisely which systems are broadcasting over the wireless network and to which domains they belong.
This is a set of comprehensive tools for the analysis and scoring of environments that must be compliant with the PCI/DSS. These tools include the ability to perform self-assessments of firewall rules and configurations, SSL certificate settings on SSL enabled services, and automated running/analysis of Nessus scans for PCI/DSS compliance. The analysis process produces an easy to read and interpret HTML result that can be viewed in any web browser. The Audit 507 class covers use of the Firewall analysis tool in depth and the Audit 521 course covers in depth usage of the entire tool suite.
This checklist is a starting point for doing a comprehensive audit of the security features and deployment settings of any web application. This checklist is covered in great detail throughout the Web Application Auditing day of Audit 507.
This set of simple yet powerful scripts allow an administrator to automatically generate a baseline of useful settings, configuration options and physical characteristics for every computer in a domain automatically. Additionally, the script allows an administrator to monitor all of the computers for unauthorized changes over time. These scripts will work on all versions of Windows an any Active Directory. The scripts require the DSQuery tool which is installed on all Active Directory servers or can be installed with the Windows 2003 AdminPack (a free download from Microsoft).
Reverse Mapper is a Ruby script and supporting class that allows you to easily determine all of the DNS names that are associated with a range of IP addresses. This allows you to audit a DNS server's PTR records to ensure that private information is not being published inadvertently.
DNS_Block can be used in many ways. One is for appropriate use enforcement. Another great use is for user Internet usage habit profiling via DNS query logs. Finally, it's a great DNS Sinkhole for APT and other fast flux malware infections without the huge learning curve and maintenance effort required for something like BIND.