Main source site: Nir Sofer Utilities Web Site
a- CurrPorts
Presentation of a useful Freeware site
This article won't be technical, it will only describe some of the most usefull tools maintained by Nir Sofer on his Nirsoft website. If you know and appreciate the Sysinternals tools now part of Microsoft products, you will love the one from NirSoft.
I- Tools selection
Some tools are even more convenient for certain tasks. Here is a list of some of these applications with their description extracted from the original site. For more details follow the links:
a- CurrPorts
CurrPorts displays the list of all currently opened TCP/IP and UDP ports on your local computer. For each port in the list, information about the process that opened the port is also displayed, including the process name, full path of the process, version information of the process (product name, file description, and so on), the time that the process was created, and the user that created it. In addition, CurrPorts allows you to close unwanted TCP connections, kill the process that opened the ports, and save the TCP/UDP ports information to HTML file , XML file, or to tab-delimited text file. CurrPorts also automatically mark with pink color suspicious TCP/UDP ports owned by unidentified applications (Applications without version information and icons)
CurrProcess utility displays the list of all processes currently running on your system. For each process, you can view the list of all modules (DLL files) that the process loads into memory. for all processes and modules, additional useful information is also displayed: product name, version, company name, description of the file, the size of the file, and more. In addition, CurrProcess allows you to do the following actions: Kill a process, Dump memory of process into a text file, Create HTML report containing information about a process with the list of all modules that it loads into memory, Save the list of all running processes into text or HTML file, and more.
d- NetworkPassword Sniffer
IE PassView is a small utility that reveals the passwords stored by Internet Explorer browser. It supports the new Internet Explorer 7.0/8.0, as well as older versions of Internet explorer, v4.0 - v6.0
PstPassword is a small utility that recover lost password of Outlook .PST (Personal Folders) file.
g- LSASecretsDump
http://www.nirsoft.net/utils/lsa_secrets_dump.html
LSASecretsDump is a small console application that extract the LSA secrets from the Registry, decrypt them, and dump them into the console window. The LSA secrets key is located under HKEY_LOCAL_MACHINE\Security\Policy\Secrets and may contain your RAS/VPN passwords, Autologon password, and other system passwords/keys. This utility is the console version of LSASecretsView.
LSASecretsDump is a small console application that extract the LSA secrets from the Registry, decrypt them, and dump them into the console window. The LSA secrets key is located under HKEY_LOCAL_MACHINE\Security\Policy\Secrets and may contain your RAS/VPN passwords, Autologon password, and other system passwords/keys. This utility is the console version of LSASecretsView.
II- Conclusion
It's only an abstract of the tools available on this site, just go there and check what is available. There's for example a cmd tool, an "at" command rewrite and all sort of tools to dump memory, analyze caches, processes, calls, dlls, passwords ...etc.
Enjoy explore this site. Cheers.
No comments:
Post a Comment