The Sleuth Kit
The Sleuth Kit (TSK) is a library and collection of command line file and volume system forensic analysis tools that allow you to investigate and analyze volume and file system data. Read more hot
ipdecap can decapsulate traffic encapsulated within GRE, IPIP, 6in4, ESP (ipsec) protocols, and can also remove IEEE 802.1Q (virtual lan) header. new
AirSAM is a desktop GUI that compliments the Web based Snort Alert Monitor. AirSAM gives up to date insight into who might be attacking your network. The ultimate goal is to give audio/visual cues right at the time of the attack.
alph implements and analyses historical and traditional c(ai)phers providing a pipe interface in order to encrypt and decrypt block text. The program can be conjuncted with pipes reulting in transparent en-decrypt: Atbash, Caesar, Vigenere, Playfair, and Vernam.
AntiExploit is a on-access exploit scanner to detect local intruders. It scans for over 3900 suspicious files, has daily database updates, and will act if a file is accessed. It uses the dazuko kernel module, which is also used by clamAV, Amavis, and other virus scanners.
Aps is a small tool for analyzing network traffic. It prints out a great deal of information about the relevant protocols including TCP, UDP, ARP, and ICMP. It allows you to filter IP addresses, hardware addresses, ports, and specific protocols. It comes with a little GTK-GUI displaying packet counters for each protocol.
ARPSpoofDetector performs active and passive detection of ARP spoofing and IP (IPv4) address collision. The program can send healing packets with regular ARP information.
attackwatch analyzes the firewall-output in near-realtime and will run scripts in response to incoming packets that got logged.
authforce is an HTTP authentication brute forcer. Using various methods, it attempts brute force username and password pairs for a site. It has the ability to try common username and passwords, username derivations, and common username/password pairs.
Automated Image and Restore
Automated Image and Restore (AIR) is a graphical user interface front-end to dd/dc3dd. This tool is designed to make the task of creating forensic images of digital media easier for investigators and incident response personnel. Read more
Bletchley is a real-world cryptanalysis framework. It was created to assist with the detection, analysis, and exploitation of cryptographic flaws and aims to help automate the tedious aspects of this analysis while leaving the security expert in control of the process.
Bluediving is a Bluetooth pentesting suite. It implements attacks like Bluebug, BlueSnarf, BlueSnarf++, BlueSmack, and features like Bluetooth address spoofing.
Bluefog is an experimental tool designed to create large numbers of phantom Bluetooth devices.
BlueProximity helps add a little more security to the desktop. It does so by detecting a certain Bluetooth device, most likely a mobile phone, and keeping track of its distance. If it is moved away from the computer and the distance is above a certain level (no measurement in meters is possible) for a given time, it automatically locks the desktop (or starts any other shell command wanted). Once away, the computer awaits its master's return: if the device is nearer than a given level for a set time, the computer unlocks without any interaction (or starts any other shell command wanted).
bpf is the Berkeley Packet Filter.
CaclMgr is a security package which enables UNIX users to have control over which user will get which UNIX command or SHELL script to be executed with my privilege.
CCSAT (Cisco Configuration Security Auditing Tool) is a tool for automated audit of configuration security of large numbers of Cisco routers and switches. The tool is based upon industry best practices, including Cisco, NSA, and SANS security guides and recommendations. It is flexible and can report details down to individual device interfaces, lines, ACLs, and ASs, etc. CCSAT has been tested, and used for real audits, on FreeBSD, Solaris 8 and Linux. It should also work on all other major UNIX platforms (POSIX.2).
cgichk is a web vulnerability tool that automatically searches for a series of interesting directories and files on a given site.
Cmb is a small utility that creates all the possible combinations from a user mask (that includes wildcards) and dumps them to stdout.
containers is a simple implementation of containers for Linux, making secure containers as easy to create and use as a traditional chroot.
Crank is short for "CRyptANalysis toolKit". Its overall purpose is to provide a powerful and extensible environment for solving classical (pen-and-paper) ciphers, providing as much automation as possible.
cryptmount is a utility which allows an ordinary user to mount an encrypted filing system on-demand, using the device-mapper infrastructure, but without requiring superuser priveleges. Filing systems can be hosted on either raw block devices or ordinary files, with loopback devices setup automatically.
CryptoHawk is a program about cryptography. It can calculate hashes (md2,md4,md5,sha-1,sha-256 and hmac). It can also perform cryptanalysis like frequency analysis for substutition cipher and exhaustive key search for rotation cipher, as well as searching internet databases for md5 hashes.
CrySyS Duqu Detector Toolkit
CrySyS Duqu Detector Toolkit is a detector toolkit that combines simple detection techniques to find Duqu infections on a computer or in a whole network. The toolkit contains signature and heuristics based methods and it is able to find traces of infections where components of the malware are already removed from the system.
cvechecker reports about possible vulnerabilities on your system by scanning the installed software and matching the results with the CVE database.
dcfldd is an enhanced version of dd with features useful for forensics and security. dd copies a file (from standard input to standard output, by default) converting and formatting according to the options supplied. Read more
DenyHosts is a Python program that automatically blocks ssh attacks by adding entries to /etc/hosts.deny. DenyHosts will also inform Linux administrators about offending hosts, attacked users and suspicious logins. Read more
DeTraS provides several tools to track development activities by registering applications that developers use on a X Window session. It also allows you to send collected data to a server and takes care about your privacy.
dradis is a tool for sharing information during security testing. While plenty of tools exist to help in the different stages of the test, not so many exist to share interesting information captured. When a team of testers is working on the same set of targets, having a common repository of information is esential to avoid duplication of efforts.
EsteidUtil is a wxWidgets GUI tool for managing the Estonian ID smartcard. It allows the user to see the data on th card, change PINs, and perform some basic diagnostics both on card and necessary opsys configuration. The code has useful low-dependency C++ classes for other kinds of smartcard handling.
FakeBO fakes trojan server responses (Back Orifice, NetBus, etc.) and logs every attempt to a logfile, stdout/stderr or syslog. It is able to send fake pings and replies back to the client which is trying to access your system.
FBAC-LSM is a security mechanism for Linux which retricts applications based on the features they provide, such as "Web Browser" or "Image Editor".
A multiplatform, SDL/OpenGL based 3D visualization tool for network (security) information, it currently supports insecure.org's nmap and [has very very limited support for] languard XML log files.
FileInfo is an GUI forensic tool for Ubuntu Linux written in Python, that helps you in identifying files with specific values for certain attributes in order to search and sort these files and present the results in an easily readable tabular fashion.
Firewall Builder for Cisco IOS ACL
Firewall Builder for Cisco IOS ACL completes a set of tools designed to manage a multi-tiered network security system. This module can generate access control list configuration for Cisco routers running IOS 12.x. The Firewall Builder GUI's built-in installer uses ssh to communicate with the router to install the generated ACL configuration. Several installation methods are provided to make sure the management workstation is not "cut off" from the router in the middle of ACL activation. Firewall Builder's built-in policy importer can be used to import existing router configurations.
Fortools_dd is a set of forensic apps, created with zenity, for terminal commandos and bash scripts in Linux.
Frankenwall is a bash shell script intended to create a highly secure IPTables based linux firewall/router with QOS/traffic shaping/bandwidth management.
GDecrypt was written for making the use of decrypted partitions under Linux more easy. It currently contains a GUI written in PyGTK for decrypting/mounting, unmounting and encryption partitions or container files and it supports partitions created with truecrypt and LUKS
glFlow is a robust, fast, portable, pcap-centric (D)DoS detection tool.
gnoMint is a tool for easily creating and managing certification authorities. It provides fancy visualization of all the pieces of information that pertain to a CA, such as x509 certificates, CSRs, and CRLs.
gpgutils is a set of utilities for GNUPG. It includes gpgedit, gpgsignfiles, and gpgverifyfiles. These allow encryption and code signing tasks to be simplified.
Graudit is a simple script and signature sets that allows you to find potential security flaws in source code using the GNU utility grep.
guymager is a forensic imaging tool based on Qt. Read more
Hamachi is a zero-configuration virtual networking system featuring an open security architecture, NAT-to-NAT traversal, and multi-platform client software.
Heimdal is an implementation of Kerberos 5 that aims to be protocol compatible with existing implementations and RFC 1510. It is also reasonably compatible with the M.I.T Kerberos V5 API, supports Kerberos V5 over GSS-API (RFC 1964), includes a number of important and useful applications (rsh, telnet, popper, etc.), and is backwards compatible with Kerberos V4.
Hogwash is an intrusion detection system(IDS)/packet scrubber. Hogwash can detect attacks on your network, and if you want, filter them out.
HoneyLattice is a simple honeypot system.
Honeytrap is a network security tool written Honeytrap is a network security tool written to observe attacks against TCP services. As a low-interactive honeypot, it collects information regarding known or unknown network-based attacks and thus can provide early-warning information.
HUNT is a tool for exploiting well known weaknesses in the TCP/IP protocol suite.
Hyenae is a highly flexible and platform independent network packet generator. It allows you to reproduce low level Ethernet attack scenarios (such as MITM, DoS, and DDoS) to reveal the potential security vulnerabilities of your network. Besides smart wildcard-based address randomization and a highly customizable packet generation control, Hyenae comes with a clusterable remote daemon for setting up distributed attack networks.