DNSdumpster.com is a FREE domain research tool that can discover hosts related to a domain. Finding visible hosts from the attackers perspective is an important part of the security assessment process.
========================================================
Très chouette présentation, complet.
D'autres outils DNS:
https://github.com/tomsteele/blacksheepwall
https://github.com/jhaddix/domain
https://code.google.com/p/gxfr/
http://trac.assembla.com/fierce
https://pentest-tools.com/information-gathering/find-subdomains-of-domain
https://code.google.com/p/dnsmap/
https://github.com/guelfoweb/knock
https://github.com/darkoperator/dnsrecon
A complete, modular, portable and easily extensible MITM framework with every kind of diagnostic and offensive feature you could need in order to perform a man in the middle attack.
These Nmap NSE Scripts are all included in standard installations of Nmap. Use them to gather additional information on the targets you are scanning. The information can both add context to the hosts you are scanning and widen the attack surface of the systems you are assessing.
Many of the network cartography tools and protocols we commonly use are defined through a set of standards called Request For Comments (RFCs). Surprisingly, not all of the tools we take for granted are covered by these. Take the humble traceroute for example. Do you actually know what really happens when Alice tries to trace the route to Bob? Read on to find out.
ICMP, UDP, TCP and IP. Oh my!
Traceroutes work by manipulating a field in an IP packet called Time-To-Live. Despite sounding a bit like a James Bond film title, the time to live field simply tells the device a packet is passing through how many more systems (or hops) a packet can pass through before being dropped. This is to ensure that packets don’t just simply run around the Internet forever clogging it up.
The Time-To-Live (also referred to as TTL) field is decremented as it passes through each network hop. When it reaches zero, a router will drop the packet being sent through it and send an ICMP Time-To-Live exceeded message back to the source.
We can (ab)use this in order to determine both the route to a particular host or network and the time it takes for a message to be sent and a response to be received by using a traceroute implementation. There are two main forms of traceroute, an ICMP traceroute used by Windows, and the UDP traceroute used pretty much everywhere else. If you were hoping for a nice clean set of standards, the water here is as clear as SNMP is simple (i.e. not very once you look under the hood).
DNSChef is a highly configurable DNS proxy for Penetration Testers and Malware Analysts. A DNS proxy (aka "Fake DNS") is a tool used for application network traffic analysis among other uses. For example, a DNS proxy can be used to fake requests for "badguy.com" to point to a local machine for termination or interception instead of a real host somewhere on the Internet.
Pentoo is a security-focused livecd based on Gentoo
It's basically a gentoo install with lots of customized tools, customized kernel, and much more.