One of the things that I really liked about the podcast was that the guys spent some time on how it could be better.  The requests I heard were the following:

• Configure what format it generates the user names into.  Perhaps you already know the format a client uses and need just want a dictionary.  Why have a bunch of user names that you know are bad.
• Add some kind of GUI or website.  Good point.  Particularly for the Yahoo version of the script.  That API key is insanely long to put in as a command line argument.
• Instead of spewing to STDOUT, save it to a file.  Larry has already provided the code for this and implemented it into both scripts.

I’ve been kicking around a couple other ideas, but will need to get some time to implement them.  I’ve also got another script in mind that may or may not help deduce what the user name format for a company might be.  Depends on how the target has their email server configured.  No hacking, just taking note of what the email server tells me.

You can check out the episode at pauldotcom.com.  Thanks guys!

Technorati Tags: pauldotcom episode 170, reconnoiter project, security tools, social media, username generation

Here are the apps I cover and where you can got to get more information on them.  I’ve also got some community resources to go check out.

Network Security and Monitoring
Nmap – http://nmap.org/
OpenVAS – http://openvas.org/
Snort  – http://www.snort.org/
Emerging Threats – Snort rules – http://www.emergingthreats.net/
BASE – http://base.secureideas.net/
Sguil – http://sguil.sourceforge.net/
OSSEC – http://www.ossec.net/
Kismet – http://www.kismetwireless.net/

Web Security
Nikto – http://www.cirt.net/nikto2
Log Analysis – http://www.loganalysis.org
PHPIDS – http://php-ids.org/
ModSecurity – http://www.modsecurity.org/

Penetration Testing
WebGoat – http://www.owasp.org/index.php/Category:OWASP_WebGoat_Project
Mutillidae – http://www.irongeek.com/i.php?page=security/mutillidae-deliberately-vulnerable-php-owasp-top-10
Hacme Bank, Books, etc – http://www.foundstone.com/us/resources-free-tools.asp
Paros – http://www.parosproxy.org/
WebScarab – http://www.owasp.org/index.php/Category:OWASP_WebScarab_Project
Burp Suite – http://portswigger.net/suite/
Privoxy – http://www.privoxy.org/
Tor – http://www.torproject.org/
w3af – http://w3af.sourceforge.net/
Beef – http://www.bindshell.net/tools/beef/
Metasploit – http://metasploit.com/
Backtrack - http://www.remote-exploit.org/backtrack.html
SamuraiWTF- http://samurai.inguardians.com/

Forensics
Caine – http://www.caine-live.net/
Deft Linux – http://www.deftlinux.net/
Helix – http://www.e-fense.com/

Etc…
Top 100 Security Tools - http://sectools.org/

Podcasts
Pauldotcom – http://pauldotcom.com/
Exotic Liability – http://exoticliability.com/
Securabit – http://www.securabit.com/
CyberSpeak (forensics) – http://cyberspeak.libsyn.com/

Community Groups
ISSA – http://www.issa-utah.org/
OWASP – http://owasp.org/
Hack SLC hacker space – http://www.hackslc.com/forum/latestnews.php
Defcon – http://defcon.org/

Technorati Tags: open source, security tools, utos 2009, utos presentation