Here is a list of some cool free tools, developed by McAfee to help better your security.
McAfee GetSusp is intended for users who suspect undetected malware on their computer. GetSusp eliminates the need for deep technical knowledge of computer systems to isolate undetected malware. It does this by using a combination of heuristics and querying the McAfee Global Threat Intelligence (GTI) file reputation database to gather suspicious files.
GetSusp is recommended as a first tool of choice when analyzing a suspect computer. However, one must follow the existing McAfee support process for escalating suspicious files it finds.
What makes GetSusp Special?
If you are infected with an undetected piece of malware, you often do not have the technical skills to troubleshoot your infected computer. There are many free diagnostic tools available, but you must analyze their output, isolate a suspect sample, and work out how to submit the files to the anti-virus vendor. GetSusp eliminates the need for advanced technical knowledge to isolate undetected malware.
2). Mac Stinger:
Mac Stinger is a standalone utility used to detect and remove specific viruses on Mac OS X. Currently Mac Stinger can detect and remove OSX/Flashfake variants. McAfee Labs plans to add coverage for more Mac OS X families in future versions of the tool.
Mac Stinger is not a substitute for full anti-virus protection on Mac OS X, but rather a tool to assist administrators and end users when dealing with an infected system.
McAfee Stinger detects and removes prevalent Fake Alert malware and threats identified in the “List Viruses” section of the Stinger application. While not a replacement for full fledged antivirus software, Stinger is updated multiple times a week to include detection for newer Fake Alert variants and prevalent viruses.
Details on new or enhanced signatures added with each Stinger build are listed in the Readme details.
4). FSCrack v1.0.1 (GUI For John The Ripper):
FSCrack is a front end for John the Ripper (JtR) that provides a graphical user interface (GUI) for access to most of JtR’s functions.
JtR is described as follows (from http://www.openwall.com/john/): “John the Ripper is a fast password cracker, currently available for many flavors of Unix (11 are officially supported, not counting different architectures), DOS, Win32, BeOS, and OpenVMS. Its primary purpose is to detect weak Unix passwords. Besides several crypt (3) password hash types most commonly found on various Unix flavors, supported out of the box are Kerberos AFS and Windows NT/2000/XP/2003 LM hashes, plus several more with contributed patches.”
5). .NET Security Toolkit v1.0:
The McAfee Foundstone SASS (Software Application Security Services) .NET Security Toolkit is designed to help application developers and architects to build secure and reliable .NET software applications. The new toolkit is comprised of the Validator.NET, .NETMon and SecureUML template tools which help developers validate, debug and analyze vulnerabilities during the design and development of .NET applications.
6). HackPack v1.0:
McAfee Foundstone HackPack™ is a tool designed to aid security professionals in keeping up with changes and updates to security software. The tool offers a simple interface to a large variety of security tools. Much like an RSS reader for web page updates, HackPack shows a user a list of all the tools they want to track, along with current versions and links to download locations. This allows users to stay on top of which tools are being updated as well as monitor any current news and information on the tools the user is interested in. Keeping users up to date on new releases means new features can be tested and put to use more quickly allowing for users of HackPack to stay on top of security tools landscape.
7). Hacme Bank – Android v1.0:
Hacme Bank™ Android is designed to teach mobile application developers, programmers, architects and security professionals how to create secure software and evaluate their own software to identify vulnerabilities. Hacme Bank simulates a “real-world” web services-enabled mobile banking application, which was built with a number of known and common vulnerabilities. This allows users to attempt real exploits against a web application and thus learn the specifics of the issue and how best to fix it.
Java JDK 1.6 or Newer
8). Hacme Shipping v1.0:
McAfee Foundstone Hacme Shipping™ is a web-based shipping application developed by McAfee Foundstone to demonstrate common web application hacking techniques such as SQL Injection, Cross Site Scripting and Escalation of Privileges as well as Authentication and Authorization flaws and how they are manifested in the code. Written in ColdFusion MX 7 using the Model-Glue framework and a MySQL database, the application emulates the on-line services provided by major shipping companies.
Adobe ColdFusion MX Server 7.0 for Windows
MySQL (4.x or 5.x with strict mode disabled)
9). SiteDigger v3.0:
SiteDigger 3.0 searches Google’s cache to look for vulnerabilities, errors, configuration issues, proprietary information, and interesting security nuggets on web sites.
What’s New in SiteDigger 3.0
- Improved user interface, signature update and results page.
- No longer requires Google API License Key.
- Support for Proxy and TOR.
- Provides results in real time.
- Configurable result set.
- Updated signatures.
- Ability to save signature selection and result set.
Microsoft .NET Framework v3.5
SSLSmart is a highly flexible and interactive tool aimed at improving efficiency and reducing false positives during SSL testing. A number of tools allow users to test for supported SSL ciphers suites, but most only provide testers with a fixed set of cipher suites. Further testing is performed by initiating an SSL socket connection with one cipher suite at a time, an inefficient approach that leads to false positives and often does not provide a clear picture of the true vulnerability of the server. SSLSmart is designed to combat these shortcomings.
11). Attacker v3.0 (TCP/UDP port Listener):
Attacker -A TCP/UDP port listener. You provide a list of ports to listen on and the program will notify you when a connection or data arrives at the port(s). Can minimize to the system tray and play an audible alert. This program is intended to act as a guard dog to notify you of attempted probes to your computer via the Internet.
Attacker is not intended to protect your computer from hackers in any way other than notifying you of what was always happening to your computer before you knew about it! Running this program may in fact attract more attention to your computer from people remotely scanning for vulnerabilities due to it appearing as a collection of open ports. However, it will definitely not lessen the security of your computer. It is strongly recommended you have a good anti-virus program installed and that you do NOT have File & Printer Sharing enabled for use over the Internet.
12). DDosPing v2.0:
A network admin utility for remotely detecting the most common DDoS programs.
DDoS Ping is a remote scanner for the most common Distributed Denial of Service programs (often called Zombies by the press). These were the programs responsible for the recent rash of attacks on high profile web sites.
This tool will detect Trinoo, Stacheldraht and Tribe Flood Network programs running with their default settings, although setup of each program type is possible from the configuration screen. Scanning is performed by sending the appropriate UDP and ICMP messages at a controlable rate to a user defined range of addresses.
13). Conficker Detection Tool 1.0.8:
W32/Conficker.worm exploits the MS08-067 vulnerability in Microsoft Windows Server Service. If the vulnerability is successfully exploited, it could allow remote code execution when file sharing is enabled. Machines should be patched and rebooted to clean the system, then rebooted again to prevent reinfection.
McAfee has developed a utility that will assess for the presence of the Conficker worm and identify which systems are already infected. We recommend that you download the McAfee Conficker Detection Tool now.
14). MessengerScan v1.05:
Microsoft MessengerScan Vulnerability Detection Utility with Advanced Immediate Protection Capability!
MessengerScan v1.05 is a Windows based detection and analysis utility that can quickly and accurately identify Microsoft operating systems that are vulnerable to the messenger service buffer overflow released in the MS03-043 bulletin.
MessengerScan v1.05 is intended for use by enterprise system and network administrators as a fast and reliable utility for identifying at risk Microsoft systems in a passive manner. The vulnerability detection part of the tool is non-abrasive in nature and may be run in production environments during production hours. In addition to identifying vulnerable systems, MessengerScan provides administrators the ability to shutdown AND disable the messenger service running on the vulnerable system.
15). DIRE v1.0
DIRE (Detecting Insecurely Registered Executables)
The ability to register applications that can then be automatically initiated by Windows is a powerful feature today that enhances the end user’s experience and furthermore enables system administrators to exert complete control over the machines in their environment. However, attackers can target these same systems by exploiting ‘insecurely registered applications’ on target systems. Foundstone has released a free tool called Foundstone DIRE, which allows users/system administrators to identify “insecurely registered applications” on their systems.
- McAfee Foundstone DIRE requires the use of the Microsoft .NET framework version 2.0. These prerequisites may be obtained using Windows update or by visiting the websitehttp://msdn.microsoft.com/en-us/netframework/aa731542
- McAfee Foundstone DIRE has been tested on Windows XP, Windows 2000 workstations and Windows 2003 server running .NET v2.0. While it has not been tested on other versions of Windows, it should execute successfully on all Windows operating systems that can support the .NET framework v2.0
16). SuperScan v3.0
SuperScan is a powerful connect-based TCP port scanner, pinger and hostname resolver. Multithreaded and asynchronous techniques make this program extremely fast and versatile.
- Perform ping scans and port scans using any IP range.
- Use a text file to extract addresses from.
- Scan any port range from a built-in list or any given range.
- View responses from connected hosts.
- Modify the port list and port descriptions using the built in editor.
- Merge port lists to build new ones.
- Connect to any discovered open port using user-specified “helper” applications.
- Assign a custom helper application to any port.
- Save the scan list to a text file.
- Transmission speed control.
- User friendly interface.
- Comprehensive help file.
This is first and foremost a tool for network administrators. Do not attempt to use this program against computers on the Internet that you have no right to scan since you are highly likely to be tracked down and attract the attention of your ISP, possibly resulting in your account being terminated.
17). SuperScan v4.0
Powerful TCP port scanner, pinger, resolver.
SuperScan 4 is an update of the highly popular Windows port scanning tool, SuperScan.
Windows XP Service Pack 2 has removed raw sockets support which now limits SuperScan and many other network scanning tools. Some functionality can be restored by running the following at the Windows command prompt before starting SuperScan:
net stop SharedAccess
Here are some of the new features in this version.
- Superior scanning speed
- Support for unlimited IP ranges
- Improved host detection using multiple ICMP methods
- TCP SYN scanning
- UDP scanning (two methods)
- IP address import supporting ranges and CIDR formats
- Simple HTML report generation
- Source port scanning
- Fast hostname resolving
- Extensive banner grabbing
- Massive built-in port list description database
- IP and port scan order randomization
- A selection of useful tools (ping, traceroute, Whois etc)
Extensive Windows host enumeration capability
Note that SuperScan 4 is intended for Windows 2000 and XP only. Administrator privileges are required to run the program. It will not run on Windows 95/98/ME. You may need to try SuperScan v3 if this will not work with your system.
18). SNScan v1.05
SNMP Detection Utility
SNScan is a Windows based SNMP detection utility that can quickly and accurately identify SNMP enabled devices on a network. This utility can effectively indicate devices that are potentially vulnerable to SNMP related security threats, such as those released on February 12, 2002 and the Cisco IPv4 Remote Denial of Service vulnerability from July 17, 2003.
SNScan allows for the scanning of SNMP specific ports (e.g. UDP 161, 193, 391 and 1993) and the use of standard (i.e. “public”) as well as user-defined SNMP community names. User-defined community names may be used to more effectively evaluate the presence of SNMP enabled devices in more complex networks.
SNScan is intended for use by system and network administrators as a fast and reliable utility for information gathering. While not indicating whether SNMP enabled devices are vulnerable to specific threats, SNScan can quickly and accurately identify potential areas of exposure to SNMP related vulnerabilities.
19). Trout v2.0:
Traceroute and Whois program.
A visual (i.e. GUI as opposed to command-line) traceroute and Whois program. Pinging can be set at a controllable rate as can the frequency of repeatedly scanning the selected host. The built-in simple Whois lookup can be used to identify hosts discovered along the route to the destination computer. Parallel pinging and hostname lookup techniques make this traceroute program perhaps the fastest currently available.
20). McAfee Customer Submission Tool 2.3:
This tool integrates into Microsoft Outlook. It allows users to quickly and easily submit missed spam samples and samples that were wrongly categorized as spam to McAfee Labs. McAfee Customer Submission Tool version 2.3 can also be used with McAfee Quarantine Manager to black or white list email addresses when submitting the samples. The tool comes with installers that supports automated script-based installations. Supported Platforms: Microsoft Windows XP or later, with Microsoft Outlook XP or later. We also offer a 64-bit version that supports the Microsoft Outlook 2010 64-bit environment.
This utility should be used as recommended by your McAfee representative.
Source: Hacker5 Magazine June Issue
Author: Naveen Thakur