We're very impressed by the collective smarts of the security community and we highly recommend reading the whole list and investigating any tools you are unfamiliar with. Click any tool name for more details on that particular application, including the chance to read (and write) reviews. Many site elements are explained by tool tips if you hover your mouse over them. Enjoy!
Sysinternals provides many small windows utilities that are quite useful for low-level windows hacking. Some are free of cost and/or include source code, while others are proprietary. Survey respondents were most enamored with:
ProcessExplorer for keeping an eye on the files and directories open by any process (like lsof on UNIX).
PsTools for managing (executing, suspending, killing, detailing) local and remote processes.
Autoruns for discovering what executables are set to run during system boot up or login.
RootkitRevealer for detecting registry and file system API discrepancies that may indicate the presence of a user-mode or kernel-mode rootkit.
TCPView, for viewing TCP and UDP traffic endpoints used by each process (like Netstat on UNIX).
Many of the Sysinternals tools originally came with source code and there were even Linux versions. Microsoft acquired Sysinternals in July 2006, promising that “Customers will be able to continue building on Sysinternals' advanced utilities, technical information and source code”. Less than four months later, Microsoft removed most of that source code.
Read 1 review.
Latest release: Feb. 4, 2011 (5 years, 10 months ago).
A file and directory integrity checker. Tripwire is a tool that aids system administrators and users in monitoring a designated set of files for any changes. Used with system files on a regular (e.g., daily) basis, Tripwire can notify system administrators of corrupted or tampered files, so damage control measures can be taken in a timely manner. Traditionally an open souce tool, Tripwire Corp is now focused on their commercial enterprise configuration control offerings. An open source Linux version can still be found at SourceForge. UNIX users may also want to consider AIDE, which has been designed to be a free Tripwire replacement. Or you may wish to investigate Radmind, rkhunter, or chkrootkit. Windows users may like RootkitRevealer from Sysinternals.
Review this tool.
DumpSec is a security auditing program for Microsoft Windows NT/XP/200x. It dumps the permissions (DACLs) and audit settings (SACLs) for the file system, registry, printers and shares in a concise, readable format, so that holes in system security are readily apparent. DumpSec also dumps user, group and replication information.
Read 2 reviews.
Latest release: version 2.8.6 on June 3, 2010 (6 years, 6 months ago).
HijackThis inspects a computer’s browser and operating system settings to generate a log file of its current state. It can selectively remove unwanted settings and files. Its main focus is on web browser hijacking. It is a freeware utility originally written by Merijn Bellekom but now distributed by Trend Micro.
Read 1 review.
Latest release: version 2.0.5 on May 18, 2013 (3 years, 6 months ago).
AIDE (Advanced Intrusion Detection Environment) is a rootkit detector, a free replacement for Tripwire. It makes cryptographic hashes of important system files and stores them in a database. It can then make reports about which files have changed.
Read 1 review.
Latest release: version 0.16a1 on Feb. 16, 2011 (5 years, 9 months ago).