The Linux Port/Socket Pseudo ACLs project is a patch to the Linux kernel which allows the admin to delegate privileges for some protected network resources to non-root users. The ACLs are generally used to run untrusted or insecure applications as an unprivileged process, thereby lessening the impact of some undiscovered denial of service or root compromise. The ACLs can cover protected ports, raw sockets, and packet sockets.
950455aeab7a3af1e443d3eb59ad11313f0c8ea6f0e1697d331be54a85c40605
GuardDog is a firewall configuration utility for KDE on Linux. GuardDog is aimed at two groups of users - novice to intermediate users who are not experts in TCP/IP networking and security, and those users who don't want the hassle of dealing with cryptic shell scripts and ipchains parameters. Features an easy to use goal oriented GUI and the ability to generate ipchains scripts as output. Screenshot here.
50183338fa5d55aa72ca20845389acd85ea5d81eee3378606496ac571409b857
Netscript is a portable and lightweight tcp socket scripting tool. It is intended to allow anyone to script situations based on a word-to-word ruleset response system. Includes wildcard support, character replacement, random replacement, argument inclusion, server timeout, initial send, display altering, multiple character dump formats, telnet protocol support, logging, program to socket dumping, executable ruleset support and reverse binding among other things.
9ee1d9d4733ebd8d7e80e9b5346d734fbe146ee02359a04851d7cdb0bd040932
scanssh scans a list of addresses and networks for running SSH servers and their version numbers. scanssh supports random selection of IP addresses from large network ranges and is useful for gathering statistics on the deployment of SSH servers in a company or the Internet as whole.
d6e4ab95f68a59f3b30c935e81359f79a6e1519ba3da062fcf29185b1f824c7b
A disassembler written for disassembly of x86 ELF targets on Linux (other file formats/CPUs can be 'plugged in'). Written as a backend or engine -- the UI is a command line; support for controlling the disassembler via pipes or FIFOs is provided. Note that this disassembler does not rely on libopcodes to do its disassembly; rather, the 'libi386' plugin is a standard .so that can be reused by other projects.
ff3d0ecbcfd3aae1a05edbb12329d7b53e69f35f6276bbcb2fe8b968e739217d
Syscall Tracker is a powerful tool for Linux 2.2 and 2.4 which allows you to write rules to track system calls. Currently only logging the invocation is supported, but in the future, you will be able to fail the system call (i.e. force it to return some error code), or suspend the process executing it. Allows you find out info that is hard to find, for instance to determine which process touched a certain file.
8e56a3822ddfc6c312bd8cd985b08e7f0b607e9da7825b0d22a4705b46221b69
IP Sorcery is a TCPIP packet generator which allows you to send TCP, UDP, and ICMP packets with a GTK+ interface.
68fe5507f49dd0770bfb49b0cd013ea8f074ea97a53911e85cd38873f9cc987c
IP Accounter is an IP accounting package for Linux. It collects, summarizes, and nicely displays IP accounting data. Its output can be a simple ASCII table, or graph images. Ipchains and iptables are supported. Logs are stored in files, gdbm, or even a PostgreSQL database.
db11173255576525b85ee5ce00817724d2702399f9af5ccde8e326bdabf29cb4
Wu-Ftpd is a portable FTP server.
fc2f30149acca955da1785b2e0388e0c9fe47dded69520dec633273209c5040b
MIME Defanger is a flexible MIME e-mail scanner designed to protect Windows clients from viruses and other harmful executables. It works with Sendmail 8.11 / 8.12 and will alter or delete various parts of a MIME message according to a flexible configuration file.
28969b2c5e980f91a51d0d371e75b0a0b430147dbddcf9a30bab7dfecb6c7398
TrustWall HTTP Proxy v0.9-5 is a secure HTTP proxy which protects web servers (and web browser clients) by checking the HTTP protocol header data. The design has already put most modern web base attacks into consideration and hence can protect most web servers without very in-depth knowledge about the attacking techniques.
0d0cfbfa2eb3a8ca9314ff85bd2718830e92707e736d7baf0dcee783f8905127
Aldebaran is an advanced libpcap-based network TCP, UDP, ICMP, and ARP network sniffer which gives a user only a payload from captured data and basic info about addresses and ports (nothing about flags, etc.). This is useful for monitoring data sent by connections and sniffing passwords. It supports filtering packets with not only simple port/address libpcap rules but also payload contents and can send captured data to another host via UDP. It can also encrypt data written to a dump file, analyze interface traffic, and present statistics (packet count, sizes, average speed, etc.) in HTML or a plain text file.
5fd86446dc89c1595f573a6bcd7d765fa321e2a7ae51e8b3e6cbe76696b6a942
Ettercap v0.6.2 local root format string exploit. Works if the administrator made Ettercap SUID.
4f7b696cea2b1db223e600477d54422235560202856224be55543c7f58c4a210
FreeBSD Security Advisory FreeBSD-SA-01:64.wu-ftpd - Wu-ftpd v2.6.1 and below contains a remote root vulnerability which allows ftp users with anonymous accounts or user accounts to execute code. This may be accomplished by inserting invalid globbing parameters which are incorrectly parsed by the FTP server into command input.
bed19099b553f8ec342c3bbd33c003a2357327bf9a9abe5d374c316e9b571004
SSH-2.3.0 client patch to log outgoing usernames, passwords, and hostnames.
ac70dd5c43e7220631199e96f023cd06a6796d6689b45217f7c81ade8e2345b3
Openssh-2.9p2 patch which logs the username, remote host, and password when outbound connections are made.
54ff25e46677231b2fc92927a45b716aa7cffc530903b1efb79922544c1dcd02
OpenSSH v3.0.1p1 and below root exploit which only works of the administrator has turned on the UseLogin feature. Uses the libroot library. Requires an account on the remote machine.
b785235fe2fbf2c69f44d93ca622e244033585cf6ba64fbd80330fe466a5f2fc
The Kebi Webmail server allows remote users to have administrator access by going to http://site.com/a/.
5d2ff185f4844973c582f3bddcc8faef759c384b62fe1ca66d7e8a6cc8549176
Microsoft Security Advisory MS01-057 - Outlook Web Access (OWA), a service of Exchange 5.5 Server, has a flow which allows remote attackers to take any action against the user's Exchange mailbox that the user himself was capable of, including sending, moving, or deleting messages. If an HTML message that contains specially formatted script is opened in OWA, the script executes when the message is opened. Microsoft FAQ on this issue available here.
bc463ed36dace4a8c770b85f06fab109670e05d1e090147bcfabc694edab5205
FreeBSD Security Advisory FreeBSD-SA-01:63.openssh - OpenSSH prior to v3.0.2 has a remote root vulnerability, but only if the administrator set 'UseLogin yes' in the sshd_config file.
521f8bbae1b8707730186dbfe6ec79cfdbb5d86ffe92ddf46345ae69a14b59d4
LDAP_Brute.pl is an OpenLDAP brute force auditing application. Written under Slackware 8.0. Brute forces Manager password then Dumps entire Database of user and passwords in format for John the Ripper.
54133368e7dc6d683f31097c304ee7b10afc02a8fd2701c4afdada32653453ac
Analog is a program to measure the usage on your web server. It tells you which pages are most popular, which countries people are visiting from, which sites they tried to follow broken links from, and all sorts of other useful information. It is totally free.
8ac2b72bfcc5c6ed92791b6ad1a76136571e5b8eb9ca874fedc96146e9c5fe84
fwanalog is a shell script that parses and summarizes firewall logfiles. It currently (version 0.4.1) understands logs from ipf (tested with OpenBSD 2.8's and 2.9's ipf, also FreeBSD and NetBSD), Linux 2.2 ipchains and Linux 2.4 iptables. It has been tested on Debian GNU/Linux "sid" with bash and OpenBSD 2.8 and 2.9 with ksh as /bin/sh. It can be easily extended for other logfile formats, all it takes is editing two regular expressions. Sample report available here.
12920533fe25151e3ced38b92d32d1bea3aab768f99fef447b1eb297e3539a8d
Port Scan Attack Detector (psad) is a perl program that is designed to work with Linux firewalling code (iptables in the 2.4.x kernels, and ipchains in the 2.2.x kernels) to detect port scans. It features a set of highly configurable danger thresholds (with sensible defaults provided), verbose alert messages that include the source, destination, scanned port range, begin and end times, TCP flags and corresponding nmap options (Linux 2.4.x kernels only), email alerting, and automatic blocking of offending IP addresses via dynamic configuration of ipchains/iptables firewall rulesets. In addition, for the 2.4.x kernels psad incorporates many of the TCP signatures included in Snort to detect highly suspect scans for various backdoor programs (e.g. EvilFTP, GirlFriend, SubSeven), DDoS tools (mstream, shaft), and advanced port scans (syn, fin, Xmas) which are easily leveraged against a machine via nmap.
ad3a1269cc21c10c5746f35c3b548d06c68bc8a7d12baa2475cf864c19d14696
Dante is a circuit-level firewall/proxy that can be used to provide convenient and secure network connectivity to a wide range of hosts while requiring only the server Dante runs on to have external network connectivity. Once installed, Dante can in most cases be made transparent to the clients while offering detailed access control and logging facilities to the server administrator.
b6f0388e4ce5dee0b36dc0f2339bdecad72ef8dcc2b64c7cc0dd90621fa1043c