fwknop is a flexible port knocking implementation that is based around iptables. Both shared knock sequences and encrypted knock sequences are supported. In addition, fwknop makes use of passive OS fingerprinting signatures derived from p0f to ensure the OS that initiates a knock sequence conforms to a specific type. This makes it possible to allow, say, only Linux systems to connect to your SSH daemon. Both the knock sequences and OS fingerprinting are completely implemented around iptables log messages, and so a separate packet capture library is not required.
0e104718c305f413ce87cd7d283f8614932827f22ae91bff47223ca54cb47f56Ettercap NG is a network sniffer/interceptor/logger for switched LANs. It uses ARP poisoning and the man-in-the-middle technique to sniff all the connections between two hosts. Features character injection in an established connection - you can inject characters to server (emulating commands) or to client (emulating replies) while maintaining an established TCP connection! Integrated into a easy-to-use and powerful ncurses interface.
c74239052d62565c13a82f9bbf217a4fdcce4b34949e361b53bb3f28e3168543SnortSMS is a highly configurable sensor management system that provides the ability to remotely administer Snort [and Barnyard] based Intrusion Detection Systems (IDS), push configuration files, add/edit rules, and monitor system health and statistics, all from a simple and clean Web interface console. Whether you have one or multiple Snort sensors, it can help unify and synchronize all sensor configurations.
7b638837143a4cdb02e542f191dd034fc092bcf78529675774bc31eecfc0ca4cLogcheck parses system logs and generates email reports based on anomalies. Anomalies can be defined by users with 'violations' files. It differentiates between 'Active System Attacks', 'Security Violations', and 'Unusual Activity', and is smart enough to remember where in the log it stopped processing to improve efficiency. It can also warn when log files shrink, and does not report errors when they are rotated.
8ea069973658ec38364825e8c6aab694b935017b10a5c89e15c9b3f2ae2ec6ddPlacid is a Web-based frontend for Snort that uses MySQL. It supports searching, sorting, and graphing of events, and was designed for speed and to have little overhead.
e5ceeab43d57c3933e018ffdcd3aa52b32c97295fff53e909fb6c497535cfbb1SteGUI is a graphical front-end to Steghide that lets users view the images (in Bitmap and JPEG format) and play the sounds (in Wave and AU format) that Steghide allows as cover files. SteGUI also contains a simple text editor to manage text payload files (although any kind of file can be a payload to hide). The idea is to allow users to manage the supported file types and use Steghide from a single graphical tool.
550fb33f0d47dbb9e8d6baff881ddcfba6eee53015a6f6cd75c249719ca9ad8aYersinia implements several attacks for the following protocols: Spanning Tree (STP), Cisco Discovery (CDP), Dynamic Host Configuration (DHCP), Hot Standby Router (HSRP), Dynamic Trunking (DTP), 802.1q and VLAN Trunking (VTP), helping a pen-tester with different tasks.
5b149fd33367fda98c96fc54eff80e9fa2d4091d9485545f18f053af05674444Iron Bars SHell is a restricted Unix shell. The user can not step out of, nor access, files outside the home directory. Two ASCII configuration files are used for more control. The system administrator can define which commands may be executed by the user. No other executables are allowed. The admin also has the opportunity to define what kind of files the user may create. If a file has a certain extension (such as .mp3, .c, etc.), ibsh automatically erases it.
564f410fffd469de4d5689545f4a392e61e77ebeb6ac0fcbbbfa119f068ca836Plash (the Principle of Least Authority Shell) is a Unix shell that lets you run Unix programs with access only to the files and directories they need to run. In order to implement this, the filesystem is virtualized. Each process can have its own namespace, which can contain a subset of your files. Plash is implemented by modifying GNU libc and replacing the system calls that use filenames. For example, open() is changed so that it sends a message to a file server via a socket. If the request is successful, the server sends the client a file descriptor. Processes are run in a chroot jail under dynamically-allocated user IDs. No kernel modifications are required. Existing Linux binaries work unchanged.
a6e327e4641c47eb04a6aaa489e1b964c6a8e799591ad61959af067078152d21Vuurmuur is a middle-end and front-end for netfilter and iptables that is aimed at system administrators who need a decent firewall, but do not have netfilter specific knowledge. It converts human-readable rules into an iptables ruleset (or optional a bash script), makes netfilter logs readable, and includes an ncurses GUI.
a4ff68c34faac23779d07cc1f15092499e571e8ac10bf92cfd4fd8e16ece9987Os-sim attempts to unify network monitoring, security, correlation, and qualification in one single tool. It combines Snort, Acid, MRTG, NTOP, OpenNMS, nmap, nessus, and rrdtool to provide the user with full control over every aspect of networking or security. Supported platform is Linux.
eb7ca786fb4fccf96569e9723489e4256e2ce255109fffe448d7d074b99a5534Clam AntiVirus is an anti-virus toolkit for Unix. The main purpose of this software is the integration with mail servers (attachment scanning). The package provides a flexible and scalable multi-threaded daemon, a commandline scanner, and a tool for automatic updating via Internet. The programs are based on a shared library distributed with the Clam AntiVirus package, which you can use in your own software.
f5e58b23aed35ff75a9039ce1931565be84653fc6474d395ebbb9bc9927136aeSILC (Secure Internet Live Conferencing) is a protocol which provides secure conferencing services in the Internet. It can be used to send any kind of messages, in addition to normal text messages. This includes multimedia messages like images, video, and audio stream. All messages in the SILC network are encrypted and authenticated, and messages can also be digitally signed. SILC protocol supports AES, SHA-1, PKCS#1, PKCS#3, X.509, OpenPGP, and is being developed in the IETF. This tarball holds all developer related files.
ff86828e70d5547a9263ea45f4339805e9611ddf2b5fedcd3ae5de2fdb049f90VisualRoute is a traceroute tool which displays a map of the path to the destination server by looking up the geographical location of each traceroute hop. The network service provider is identified for each hop, and instant domain and network whois information enable quick problem or abuse reporting.
2e843d3352ba65a6785170a2978a23c0e1d08982e6e90e315c9ddbe7d9ee22caNuFW is a set of daemons that filters packets on a per-user basis. The gateway authorizes a packet depending on which remote user has sent it. On the client side, users have to run a client that sends authentication packets to the gateway. On the server side, the gateway associates user ids to packets, thus enabling the possibility to filter packets on a user basis. Furthermore, the server architecture is done to use external authentication source such as an LDAP server.
0a9e16857ce1eb0f7531760ab4a4619874e9a4f775a44064143a415cc1e38f89Hatchet is a log parsing and viewing utility for OpenBSD's PF firewall software. It presents HTML output of logged events and utilization graphs using pfstat.
ea00c1426aeeb79907e6d6ebd6546ee3bbc75d2fcf9080013e5d7d196df46388The Openwall Linux kernel patch is a collection of security hardening features for the Linux kernel which can stop most 'cookbook' buffer overflow exploits. The patch can also add more privacy to the system by restricting access to parts of /proc so that users may not see what others are doing. Also tightens down file descriptors 0, 1, and 2, implements process limits and shared memory destruction.
00633e5f2a6f35002c0690c4639fb5536f58638c9b1cc221c2a1bee7fa20b7c4The Metasploit Framework is an advanced open-source platform for developing, testing, and using exploit code. The Framework will run on any modern system that has a working Perl interpreter, the Windows installer includes a slimmed-down version of the Cygwin environment.
6ce8397bb13a7f963d1755f789c9607ecc3e44356ffc8a81d9f9b58dbec6e98dNmap Parser is a Perl module that simplifies the process of developing scripts and collecting information from the XML nmap scan data, which can be obtained by using nmap's -oX switch or from the file handle of a pipe to an nmap process. It uses the XML twig library for parsing, and supports filters.
71fc194baf3ceed9a2ff8f9c1b655891098f3ab906d35e9e3ec7c07f827e2defNetwork Security Policy Compiler (NetSPoC) is a tool for security management of large networks with different security domains. It generates configuration files for packet filters controlling the borders of security domains. It provides its own language for describing security policy and the topology of a network. The security policy is a set of rules that state which packets are allowed to pass the network and which are not. NetSPoC is topology aware - a rule for traffic from A to B is automatically applied to all managed packet filters on the path from A to B.
243418d60e57fa3bfa11190c0fb64b2485bddb5fd1ac19e2289b446db630a18aafick is another file integrity checker, designed to be fast and fully portable between Unix and Windows platforms. It works by first creating a database that represents a snapshot of the most essential parts of your computer system. Then a user can run the script to discover all modifications made since the snapshot was taken (i.e. files added, changed, or removed). The configuration syntax is very close to that of aide or tripwire, and a graphical interface is provided.
9f41debb19bde9b1d1da8fc9ca42d7f82c8cb9130a83962750212f8fa789c82cSamhain is a file system integrity checker that can be used as a client/server application for centralized monitoring of networked hosts. Databases and configuration files can be stored on the server. Databases, logs, and config files can be signed for tamper resistance. In addition to forwarding reports to the log server via authenticated TCP/IP connections, several other logging facilities (e-mail, console, and syslog) are available. Tested on Linux, AIX, HP-UX, Unixware, Sun and Solaris.
5fd1ea6804f7289d380a3ed5189d08a61e03bcff759648804d8ddcdf558e1d5aPound is a reverse HTTP proxy, load balancer, and SSL wrapper. It proxies client HTTPS requests to HTTP backend servers, distributes the requests among several servers while keeping sessions, supports HTTP/1.1 requests even if the backend server(s) are HTTP/1.0, and sanitizes requests.
335249d2bb84a4474e8bb3eb880097f1e0d95b442016a1ce90c66ea73ae2c076Ifchk is a network interface promiscuous mode detection tool that reports on the operational state of all configured interfaces present on the system. In addition, it will disable those interfaces found to be promiscuous if told to do so. Per-interface statistics can also be displayed, allowing administrators to perform traffic trend analysis, which could be an aid in the identification of possible inconsistencies or spikes in network traffic volume that may warrant further investigation.
53c9119449e8abd7a546074918d558c0dbee08c6851f5d742192f9d4a6c9f98dThe Umbrella security mechanism implements a combination of process-based Mandatory Access Control (MAC) and authentication of files through Digital Signed Binaries (DSB) for Linux based consumer electronics devices ranging from mobile phones to settop boxes. Umbrella is implemented on top of the Linux Security Modules (LSM) framework. The MAC scheme is enforced by a set of restrictions on each process. This policy is distributed with a binary in form of execute restrictions (in the file signature) and within the program, where the developer has the opportunity of making a restricted fork.
faeb10d56d1de90fdbbed7805e978845fdc3ef6a6b662e432333a84ad68f04aa
© 2022 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed