Links:
dradis dradis is a tool for sharing information during security testing. While plenty of tools exist to help in the different stages of the test, not so many exist to share interesting information captured. When a team of testers is working on the same set of targets, having a common repository of information is esential to avoid duplication of efforts. new alph alph implements and analyses historical and traditional c(ai)phers providing a pipe interface in order to encrypt and decrypt block text. The program can be conjuncted with pipes reulting in transparent en-decrypt: Atbash, Caesar, Vigenere, Playfair, and Vernam. AntiExploit AntiExploit is a on-access exploit scanner to detect local intruders. It scans for over 3900 suspicious files, has daily database updates, and will act if a file is accessed. It uses the dazuko kernel module, which is also used by clamAV, Amavis, and other virus scanners. APS Aps is a small tool for analyzing network traffic. It prints out a great deal of information about the relevant protocols including TCP, UDP, ARP, and ICMP. It allows you to filter IP addresses, hardware addresses, ports, and specific protocols. It comes with a little GTK-GUI displaying packet counters for each protocol. ARPSpoofDetector ARPSpoofDetector performs active and passive detection of ARP spoofing and IP (IPv4) address collision. The program can send healing packets with regular ARP information. attackwatch attackwatch analyzes the firewall-output in near-realtime and will run scripts in response to incoming packets that got logged. authforce authforce is an HTTP authentication brute forcer. Using various methods, it attempts brute force username and password pairs for a site. It has the ability to try common username and passwords, username derivations, and common username/password pairs. Bluediving Bluediving is a Bluetooth pentesting suite. It implements attacks like Bluebug, BlueSnarf, BlueSnarf++, BlueSmack, and features like Bluetooth address spoofing. BlueProximity BlueProximity helps add a little more security to the desktop. It does so by detecting a certain Bluetooth device, most likely a mobile phone, and keeping track of its distance. If it is moved away from the computer and the distance is above a certain level (no measurement in meters is possible) for a given time, it automatically locks the desktop (or starts any other shell command wanted). Once away, the computer awaits its master's return: if the device is nearer than a given level for a set time, the computer unlocks without any interaction (or starts any other shell command wanted). bogtk bogtk is a back orifice client with a graphical user interface. It uses the Gtk toolkit. bpf bpf is the Berkeley Packet Filter. CaclMgr CaclMgr is a security package which enables UNIX users to have control over which user will get which UNIX command or SHELL script to be executed with my privilege. CCSAT CCSAT (Cisco Configuration Security Auditing Tool) is a tool for automated audit of configuration security of large numbers of Cisco routers and switches. The tool is based upon industry best practices, including Cisco, NSA, and SANS security guides and recommendations. It is flexible and can report details down to individual device interfaces, lines, ACLs, and ASs, etc. CCSAT has been tested, and used for real audits, on FreeBSD, Solaris 8 and Linux. It should also work on all other major UNIX platforms (POSIX.2). cgichk cgichk is a web vulnerability tool that automatically searches for a series of interesting directories and files on a given site. Cisco Hammer chammer is a tool built on top of the Net::IPBlocker library, designed to beat Cisco routers, switches, and firewalls into submission and compliance. Primary focus is to automate password changes, deploy configuration templates, fetch configs, and just about any other function a network engineer would peform via Telnet or SSH to a Cisco box. Cmb Cmb is a small utility that creates all the possible combinations from a user mask (that includes wildcards) and dumps them to stdout. CORE FORCE (commercial) CORE FORCE is a comprehensive, seamlessly- integrated centralized security solution. CORE FORCE enables the enforcement of the corporation's global security policies for networks, servers and workstations. Crank Crank is short for "CRyptANalysis toolKit". Its overall purpose is to provide a powerful and extensible environment for solving classical (pen-and-paper) ciphers, providing as much automation as possible. cryptmount cryptmount is a utility which allows an ordinary user to mount an encrypted filing system on-demand, using the device-mapper infrastructure, but without requiring superuser priveleges. Filing systems can be hosted on either raw block devices or ordinary files, with loopback devices setup automatically. CryptoHawk CryptoHawk is a program about cryptography. It can calculate hashes (md2,md4,md5,sha-1,sha-256 and hmac). It can also perform cryptanalysis like frequency analysis for substutition cipher and exhaustive key search for rotation cipher, as well as searching internet databases for md5 hashes. DenyHosts DenyHosts is a Python program that automatically blocks ssh attacks by adding entries to /etc/hosts.deny. DenyHosts will also inform Linux administrators about offending hosts, attacked users and suspicious logins. Read more EsteidUtil EsteidUtil is a wxWidgets GUI tool for managing the Estonian ID smartcard. It allows the user to see the data on th card, change PINs, and perform some basic diagnostics both on card and necessary opsys configuration. The code has useful low-dependency C++ classes for other kinds of smartcard handling. FakeBO FakeBO fakes trojan server responses (Back Orifice, NetBus, etc.) and logs every attempt to a logfile, stdout/stderr or syslog. It is able to send fake pings and replies back to the client which is trying to access your system. fe3d A multiplatform, SDL/OpenGL based 3D visualization tool for network (security) information, it currently supports insecure.org's nmap and [has very very limited support for] languard XML log files. firesoft firesoft is a collection of perl scripts that include a log analyzer, packet analyzer, crontab script, and a bar chart creator for ipchains log. Firewall Builder for Cisco IOS ACL Firewall Builder for Cisco IOS ACL completes a set of tools designed to manage a multi-tiered network security system. This module can generate access control list configuration for Cisco routers running IOS 12.x. The Firewall Builder GUI's built-in installer uses ssh to communicate with the router to install the generated ACL configuration. Several installation methods are provided to make sure the management workstation is not "cut off" from the router in the middle of ACL activation. Firewall Builder's built-in policy importer can be used to import existing router configurations. Frankenwall Frankenwall is a bash shell script intended to create a highly secure IPTables based linux firewall/router with QOS/traffic shaping/bandwidth management. GDecrypt GDecrypt was written for making the use of decrypted partitions under Linux more easy. It currently contains a GUI written in PyGTK for decrypting/mounting, unmounting and encryption partitions or container files and it supports partitions created with truecrypt and LUKS glFlow glFlow is a robust, fast, portable, pcap-centric (D)DoS detection tool. gnoMint gnoMint is a tool for easily creating and managing certification authorities. It provides fancy visualization of all the pieces of information that pertain to a CA, such as x509 certificates, CSRs, and CRLs. gpgutils gpgutils is a set of utilities for GNUPG. It includes gpgedit, gpgsignfiles, and gpgverifyfiles. These allow encryption and code signing tasks to be simplified. Hamachi Hamachi is a zero-configuration virtual networking system featuring an open security architecture, NAT-to-NAT traversal, and multi-platform client software. Heimdal Heimdal is an implementation of Kerberos 5 that aims to be protocol compatible with existing implementations and RFC 1510. It is also reasonably compatible with the M.I.T Kerberos V5 API, supports Kerberos V5 over GSS-API (RFC 1964), includes a number of important and useful applications (rsh, telnet, popper, etc.), and is backwards compatible with Kerberos V4. Hogwash Hogwash is an intrusion detection system(IDS)/packet scrubber. Hogwash can detect attacks on your network, and if you want, filter them out. HoneyLattice HoneyLattice is a simple honeypot system. honeytrap Honeytrap is a network security tool written Honeytrap is a network security tool written to observe attacks against TCP services. As a low-interactive honeypot, it collects information regarding known or unknown network-based attacks and thus can provide early-warning information. HUNT HUNT is a tool for exploiting well known weaknesses in the TCP/IP protocol suite. Injection Framework Injection Framework is a security tool designed to detect and research SQL injections. ip-masq-log ip-masq-log is a patch that can be used on a masquerading firewall (NAT) to keep a log of all the outgoing masqueraded TCP connections. ISIC IP Stack Integrity Checker tests the stability of an IP Stack and its component stacks (TCP, UDP, ICMP et. al.) It does this by generating random packets of the desired protocol. ITS4 ITS4 is a command-line tool for statically scanning C and C++ source code for security vulnerabilities. John the Ripper John the Ripper is a password cracker, currently available for UNIX, DOS, WinNT/Win95. Its primary purpose is to detect weak UNIX passwords. k5expire K5expire is a tool to complement a Kerberos/LDAP server combination. It checks all kerberos principals per user in LDAP for password and/or account expiration and sends email to the owners if they will expire in a preconfigured amount of time. KIside KIside is a message digest computing and displaying tool. It computes and shows the hash code of any file as a string of hexadecimal numbers. KIside implements standard algorithms such as MD4, MD5, SHA1, SHA256, SHA384, SHA512, TIGER, RIPEMD160. lightbar lightbar is a login enhancement for FreeBSD and Linux. It adds features from BSD4.4 SunOS(solaris) and HP-UX into a Linux, FreeBSD portable and simple login program. Mobius Forensic Toolkit Mobius Forensic Toolkit is a set of forensic tools written in Python/GTK. It is application-centered instead of being file-centered, which means it gathers information throughout evidence disks and directories and shows it in an integrated way. Nstreams Nstreams analyzes the streams that occur on a network. It displays which streams are generated by the users between several networks, and between the networks and the outside. It can optionally generate the ipchains or ipfw rules that will match these streams, thus only allowing what is required for the users, and nothing more. NuFW NuFW lays on Netfilter, the state of the art IP filtering layer from the Linux kernel. It fully integrates with Netfilter and Iptables and adds authentication capabilities. Open Computer Forensics Architecture The Open Computer Forensics Architecture (OCFA) is a modular computer forensics framework to automate the digital forensic process, to speed up the investigation and give tactical investigators direct access to the seized data through an easy to use search and browse interface. The architecture forms an environment where existing forensic tools and libraries can be easily plugged into the architecture and can thus be made part of the recursive extraction of data and metadata from digital evidence. It aims to be highly modular, robust, fault tolerant, recursive, and scalable in order to be usable in large investigations that spawn numerous terabytes of evidence data and cover hundreds of evidence items. OpenSSH-2.3.0p1 SecurID patch OpenSSH-2.3.0p1 SecurID patch is an integrated SecurID authentication support for OpenSSH . OpenSSL-based signcode utility OpenSSL-based signcode utility is used for Authenticode signing of EXE/CAB files. It also supports timestamping. OS-SIM Ossim stands for Open Source Security Information Management. Its goal is to provide a comprehensive compilation of tools which, when working together, grant a network/security administrator with detailed view over each and every aspect of his networks/hosts/physical access devices/server/etc. P-Synch (commercial) P-Synch is a password management software toolkit that can: synchronize user passwords across all systems and platforms; enforce enterprise-wide password strength policies; allow help desk staff to reset passwords on every system, with no special administrative rights; allow authenticated users to reset their own forgotten passwords. PAIP PAIP is a universal filter application. It uses plugins to transmit and convert data. They can be nested, so the inner structures can become quite complex. pam_ccreds The pam_ccreds module provides the means for Linux workstations to locally authenticate using an enterprise identity when the network is unavailable. Used in conjunction with the nss_updatedb utility, it provides a mechanism for disconnected use of network directories. Panoptis Panoptis plans to create a network security tool (N-IDS) to detect and block DoS and DDoS attacks. Parano Parano is a GNOME program to create, edit and verify hashfiles. For now MD5 and SFV formats are supported. PGSSAPI PGSSAPI lets you selectively plug external GSSAPI security libraries into applications without having to recompile the application each time. pppit pppit allows one to tunnel through a firewall which only allows proxy telnet, such as SWAN. It is a modified, special-purpose ppp daemon. privbind Privbind is a small tool that allows unprivileged programs to be run securely, while still allowing them to bind to privileged ports. ProShield ProShield is a security program for Debian Linux. It helps insure your system is secure and up-to-date by checking many different aspects of your system. ptSCP ptSCP seeks to create an easy front-end to secure file transfers using scp and ssh. It remotely resembles a popular Windows FTP client. pyCA pyCA tries to make it easier for people to set up and run a organizational certificate authority which fulfills the need for a fairly secure certification processing. raddump raddump interprets captured RADIUS packets to print a timestamp, packet length, RADIUS packet type, source and destination hosts and ports, and included attribute names and values for each packet. rsbac-init The rsbac-init tool is part of the Adamantix RSBAC support tools, which make RSBAC easier to administrate. It is automatically started at system bootup and sets RSBAC kernel options through the RSBAC /proc interface. RSBAC is a Linux kernel patch providing advanced security functionality. RWSecure rwsecure parses the /var/log/secure file for invalid usernames or failed passwords to help protect against brute force and similar attacks. If there are more than three invalid or failed attempts by one IP, it will add that IP to your /etc/hosts.deny file. SafeRelay SafeRelay is a certificate authority center, based on OpenSSL, for network administrators who want to deploy certificates on a LAN (local area network). SafeRelay is written in CURSEL. SAStk Slackware Administrators Security tool kit is a set of tools and utilities to install and maintain a reasonable level of security for the Slackware Linux distribution. Secure Network Forwarding Tunnel SNFT is a small program that creates a double encrypted (tunnel in a tunnel, using 2 different SSH supported encryption algorithms) SSH tunnel, as well as automatically forwarding commonly used ports to your local computer through the second tunnel. SEFlow SEFlow uses the SELinux technology to provide security centered on individual data objects in a running system instead of focusing on static system facilities. Thus it is suitable to prevent accidental linking of code under open source licenses with proprietary code, making a tainting mechanism similar to the one used in the Linux kernel possible in userspace. Shishi Shishi is a free implementation of the Kerberos 5 network security system. Goals are full standards compliance, thread safe library and internationalization. sigs sigs provides secure digital signatures with verification at secret-key speeds. 2048-bit verification on a Pentium-100 takes under 150 microseconds. single-honeypot single-honeypot simulates many services like SMTP, HTTP, POP-3, shell, and FTP. SMTarPit SMTarPit is a combined SMTP honeypot and tarpit released under the GPL. It is written in Perl so it should work on virtually any platform that supports Perl (except Windows). It uses xinetd which looks at port 25 and when someone calls it, smtarpit is launched and then it chroots itself. Solsoft NP-Lite (commercial) Solsoft NP-Lite allows users to define, implement and maintain granular policies on their servers, DMZs and access to the Internet. sonar sonar aims to provide automatic tools which network administrators may use to help check and test the security of their network. Sportal Sportal monitors files that you select, for "hot words" that you also select, through a graphical interface. squidefender squidefender is a Perl script which parses a squid log file in native format for attacks. If it finds an attack is sends a complaint email to the ISP of the attacker. squidwall Squidwall is a fast, small, and secure squid redirector. It is written with security in mind. It enables the administrator to build an easy to use Web interface for controlling user-, host-, or IP-based access to squid. It also does pass-through antivirus scanning with clamav. SSHatter SSHatter uses a brute force technique to determine the how to log into an SSH server. It simply tries each combination in a list of usernames and passwords to determine which ones successfully log in. sshdfilter sshdfilter blocks the frequent brute force attacks on ssh daemons, it does this by directly reading the sshd logging output and generating iptables rules, the process can be quick enough to block an attack before they get a chance to enter any password at all. sshguard sshguard protects hosts from the plague of brute force attacks against ssh. Unlike many similar tools written in interpreted languages, it's independent, fast, and lightweight because it's completely written in C. Among the rest, it supports IPv6 and flexible whitelisting. sslexpire sslexpire provides remote check for ssl certificate expiration date. It connects to hosts:port, retrieves the expiration date and show you if it's going to expire. It can retrieve multiple host:ports from a config file to do mass daily checks. ssss ssss is an implementation of Shamir's secret sharing scheme for UNIX systems. System for Internet-Level Knowledge SiLK (System for Internet-Level Knowledge) is a collection of traffic analysis tools developed by the CERT Network Situational Awareness Team (CERT NetSA) to facilitate security analysis of large networks. The SiLK tool suite supports the efficient collection, storage and analysis of network flow data, enabling network security analysts to rapidly query large historical traffic data sets. SiLK is ideally suited for analyzing traffic on the backbone or border of a large, distributed enterprise or mid-sized ISP. Systrace Systrace enforces system call policies for applications by constraining the application's access to the system. The policy is generated interactively. Operations not covered by the policy raise an alarm, allowing the user to refine the currently configured policy. After a policy has been sufficiently constructed, further alarms often indicate security problems. Policies can also be generated automatically for sandboxing purposes. TACACS+ plugin for pppd This "plugin" add to pppd authentication, authorization and accounting. TFTPgrab TFTPgrab is a TFTP (Trivial File Transfer Protocol) stream extractor that reads from tcpdump/libpcap capture files. It attempts to reconstruct data that has been transferred via TFTP, and may be useful in some network forensics situations. ThePacketMaster Linux Security Server ThePacketMaster Linux Security Server is a CD- based security auditing tool that boots and runs penetration testing and forensic analysis tools. Tor Tor is a toolset for a wide range of organizations and people that want to improve their safety and security on the Internet. Using Tor can help you anonymize web browsing and publishing, instant messaging, IRC, SSH, and more. Tor also provides a platform on which software developers can build new applications with built-in anonymity, safety, and privacy features. trapdoor2 trapdoor2 allows remote users to execute local commands by sending 'magic cookies'. this can e.g. be used to alter local firewalling rules so people can connect to local services after sending the magick cookie. triggers triggers is a lightweight, asynchronous notification mechanism to set off events in and across systems. TripleSec Triplesec is a strong authentication server based on the Apache Directory Project. Strong authentication servers enable authentication using One Time Passwords (OTP) usually generated from a hardware device called a token. Triplesec is used with the Hauskeys mobile application for generating HOTP values. Your cell phone becomes the only device you need with strong authentication using OTPs. userv userv is a Unix system facility to allow one program to invoke another when only limited trust exists between them. uuturn uuturn allows you to detect someone remotely logging in to one of your boxen and then going on to another, without even logging into the box, by only analyzing the packets on the network. webNIS webNIS is a simple authentication mechanism. It provides a server, or inetd service which simply takes in a login and a password, and responds with the user's real name (as listed in the gecos records) or nothing in case of failure. Wellenreiter Wellenreiter is a GTK/Perl program that makes the discovery, penetration and auditing of 802.11b wireless networks as easy as possible. All three major wireless cards (Prism2, Lucent, and Cisco) are supported. Usability is one of the main goals. Weplab Weplab is a tool to review the security of WEP encryption in wireless networks from an educational point of view. Several attacks are available so it can be measured the effectiveness and minimum requirements of each one. WiKID Strong Authentication System The WiKID Strong Authentication System is a highly scalable, secure two-factor authentication system consisting of a server, a token client, and network clients that connect a service such as a VPN or Web page to the WiKID server to validate one-time passcodes. The user enters their PIN into the token client, where it is encrypted and sent to the server. If the PIN is correct, the encryption valid, and account active, the one-time passcode is generated, encrypted, and returned to the user. It is simple to implement and maintain, allows users to be validated automatically, requires no hardware tokens, has a simple API for application support via a COM object and Java component, supports multiple domains, and supports replication for fault tolerance and scalability. Worm Warner WormWarner is a tool designed to warn hosts that are probably infected by worms. his is done by scanning the Apache log files and sending email to the host or the ISP when an worm or attack is detected. Wormwarner has a simple pattern database which makes it easy to add new worm patterns as they appear. Yersinia Yersinia is a network tool designed to take advantage of some weakness in different network protocols. It pretends to be a solid framework for analyzing and testing the deployed networks and systems. Read more Zodiac Zodiac is a DNS protocol analyzation and exploitation program. It is a robust tool to explore the DNS protocol.
