Assessments: Difference between revisions
Jump to navigation
Jump to search
No edit summary |
|||
(54 intermediate revisions by 6 users not shown) | |||
Line 1: | Line 1: | ||
=='''Authentication'''== | |||
* freeradius 0.9.3 : GPL RADIUS server | |||
=='''Encryption'''== | |||
* 2c2 : multiple plaintext -> one ciphertext | |||
* 4c : as with 2c2 (think plausible deniability) | |||
* acfe : traditional cryptanalysis (like Vigenere) | |||
* cryptcat : netcat encryption | |||
* gifshuffle : stego tool for gif images | |||
* gpg 1.2.3 : GNU Privacy Guard | |||
* ike-scan : VPN fingerprinting | |||
* mp3stego : stego tool for mp3 | |||
* openssl 0.9.7c | |||
* outguess : stego tool | |||
* stegbreak : brute-force stego'ed JPG | |||
* stegdetect : discover stego'ed JPG | |||
* sslwrap : SSL wrapper | |||
* stunnel : SSL wrapper | |||
* super-freeSWAN 1.99.8 : kernel IPSEC support | |||
* texto : make gpg ascii-armour look like weird English | |||
* xor-analyze : another "intro to crytanalysis" tool | |||
=='''Forensics'''== | |||
* [[Forensic_Education_Resources:|Forensic Education and Resources]]<br> | |||
<br> | |||
* sleuthkit 1.66 : extensions to The Coroner's Toolkit forensic toolbox. | |||
* autopsy 1.75 : Web front-end to TASK. Evidence Locker defaults to /mnt/evidence | |||
* biew : binary viewer | |||
* bsed : binary stream editor | |||
* consh : logged shell (from F.I.R.E.) | |||
* coreography : analyze core files | |||
* dcfldd : US DoD Computer Forensics Lab version of dd | |||
* fenris : code debugging, tracing, decompiling, reverse engineering tool | |||
* fatback : Undelete FAT files | |||
* foremost : recover specific file types from disk images (like all JPG files) | |||
* ftimes : system baseline tool (be proactive) | |||
* galleta : recover Internet Explorer cookies | |||
* hashdig : dig through hash databases | |||
* hdb : java decompiler | |||
* mac-robber : TCT's graverobber written in C | |||
* md5deep : run md5 against multiple files/directories | |||
* memfetch : force a memory dump | |||
* pasco : browse IE index.dat | |||
* photorec : grab files from digital cameras | |||
* readdbx : convert Outlook Express .dbx files to mbox format | |||
* readoe : convert entire Outlook Express .directory to mbox format | |||
* rifiuti : browse Windows Recycle Bin INFO2 files | |||
* secure_delete : securely delete files, swap, memory.... | |||
* testdisk : test and recover lost partitions | |||
* wipe : wipe a partition securely. good for prep'ing a partition for dd | |||
* and other typical system tools used for forensics (dd, lsof, strings, grep, etc.) | |||
=='''Firewall'''== | |||
* blockall : script to block all inbound TCP (excepting localhost) | |||
* flushall : flush all firewall rules | |||
* firestarter : quick way to a firewall | |||
* firewalk : map a firewall's rulebase | |||
* floppyfw : turn a floppy into a firewall | |||
* fwlogwatch : monitor firewall logs | |||
* iptables 1.2.8 | |||
* gtk-iptables : GUI front-end | |||
* shorewall 1.4.8-RC1 : iptables based package | |||
* nipper 0.12.0 : quickly document network device configuration (including cisco, juniper, checkpoint, sonicwall and more) | |||
=='''Honeypots'''== | |||
* honeyd 0.7 | |||
* labrea : tarpit (slow to a crawl) worms and port scanners | |||
* thp : tiny honeypot | |||
=='''IDS | IPS'''== | |||
* [http://safetynet-info.com SafetyNET] Security Appliance and suite of products. | |||
* snort 2.1.0: network IDS | |||
* ACID : snort web frontend | |||
* barnyard : fast snort log processor | |||
* oinkmaster : keep your snort rules up to date | |||
* hogwash : access control based on snort sigs | |||
* bro : network IDS | |||
* prelude : network and host IDS | |||
* WIDZ : wireless IDS, ap and probe monitor | |||
* aide : host baseline tool, tripwire-esque | |||
* logsnorter : log monitor | |||
* swatch : monitor any file, oh like say syslog | |||
* sha1sum | |||
* md5sum | |||
* syslogd | |||
=='''Network Utilities'''== | |||
* LinNeighboorhood : browse SMB networks like windows network neighborhood | |||
* argus : network auditor | |||
* arpwatch : keep track of the MACs on your wire | |||
* cdpr : cisco discovery protocol reporter | |||
* cheops : snmp, network discovery and monitor tool | |||
* etherape : network monitor and visualization tool | |||
* iperf : measure IP performance | |||
* ipsc : IP subnet calculator | |||
* iptraf : network monitor | |||
* mrtg : multi router traffic grapher | |||
* mtr : traceroute tool | |||
* ntop 2.1.0 : network top, protocol analyzer | |||
* rrdtool : round robin database | |||
* samba : opensource SMB support | |||
* tcptrack : track existing connections | |||
=='''Password Tools'''== | |||
* john 1.6.34 : John the Ripper password cracker | |||
* allwords2 : CERIAS's 27MB English dictionary | |||
* chntpw : reset passwords on a Windows box (including Administrator) | |||
* cisilia : distributed password cracker | |||
* cmospwd : find local CMOS password | |||
* djohn : distributed John the Ripper | |||
* pwl9x : crack Win9x password files | |||
* rcrack : rainbow crack | |||
=='''Packet Sniffers'''== | |||
* aimSniff : sniff AIM traffic | |||
* driftnet : sniffs for images | |||
* dsniff : sniffs for cleartext passwords (thanks Dug) | |||
* ethereal 0.10.0 : the standard. includes tethereal | |||
* ettercap 0.6.b : sniff on a switched network and more. | |||
* filesnarf : grab files out of NFS traffic | |||
* mailsnarf : sniff smtp/pop traffic | |||
* msgsnarf : sniff aol-im, msn, yahoo-im, irc, icq traffic | |||
* ngrep : network grep, a sniffer with grep filter capabilities | |||
* tcpdump : the core of it all | |||
* urlsnarf : log all urls visited on the wire | |||
* webspy : mirror all urls visited by a host in your local browser | |||
* Wireshark 1.0.3 : replaces ethereal, the standard. | |||
=='''[[Searching_and_Seizing_Computers_and_Obtaining_Electronic_Evidence_Manual | Searching and Seizing Computers and Obtaining Electronic Evidence Manual]]'''== | |||
=='''TCP Tools'''== | |||
* arpfetch : fetch MAC | |||
* arping : ping by MAC | |||
* arpspoof : spoof arp | |||
* arpwatch : montior MAC addresses on the wire | |||
* despoof : detect spoofed packets via TTL measurement | |||
* excalibur : packet generator | |||
* file2cable : replay a packet capture | |||
* fragroute : packet fragmentation tool (thanks again Dug) | |||
* gspoof : packet generator | |||
* hopfake : spoof hopcount replies | |||
* hunt : tcp hijacker | |||
* ipmagic : packet generator | |||
* lcrzoex : suite of tcp tools | |||
* macof : flood a switch with MACs | |||
* packetto : Dan Kaminsky's suite of tools (includes 1.10 and 2.0pre3) | |||
* netsed : insert and replace strings in live traffic | |||
* packETH : packet generator | |||
* tcpkill : die tcp, die! | |||
* tcpreplay : replay packet captures | |||
=='''Tunnels'''== | |||
* cryptcat : encrypted netcat | |||
* httptunnel : tunnel data over http | |||
* icmpshell : tunnel data over icmp | |||
* netcat : the incomparable tcp swiss army knife | |||
* shadyshell : tunnel data over udp | |||
* stegtunnel : hide data in TCP/IP headers | |||
* tcpstatflow : detect data tunnels | |||
* tiny shell : small encrypted shell | |||
=='''Vulnerability Assessment'''== | |||
* ADM tools : like ADM-smb and ADMkillDNS | |||
* amap 4.5 : maps applications running on remote hosts | |||
* IRPAS : Internet Routing Protocol Attack Suite | |||
* chkrootkit 0.43 : look for rootkits | |||
* clamAV : virus scanner. update your signatures live with freshclam | |||
* curl : commandline utility for transferring anything with a URL | |||
* exodus : web application auditor | |||
* ffp : fuzzy fingerprinter for encrypted connections | |||
* firewalk : map a firewall rulebase | |||
* hydra : brute force tool | |||
* nbtscan : scan SMB networks | |||
* ncpquery : scan NetWare servers | |||
* nessus 2.0.9 : vulnerability scanner. update your plugins live with nessus-update-plugins | |||
* nikto : CGI scanner | |||
* nmap 3.48 : the standard in host/port enumeration | |||
* p0f : passive OS fingerprinter | |||
* proxychains: chain together multiple proxy servers | |||
* rpcinfo : hmmmm.... info from RPC? | |||
* screamingCobra : CGI scanner | |||
* siege : http testing and benchmarking utility | |||
* sil : tiny banner grabber | |||
* snot : replay snort rules back onto the wire. test your ids/incidence response/etc. | |||
* syslog_deluxe : spoof syslog messages | |||
* thcrut : THC's "r you there?" network mapper | |||
* vmap : maps application versions | |||
* warscan : exploit automation tool | |||
* xprobe2 : uses ICMP for fingerprinting | |||
* yaph : yet another proxy hunter | |||
* zz : zombie zapper kills DDoS zombies | |||
=='''Wireless Tools'''== | |||
* airsnarf : rogue AP setup utility | |||
* airsnort : sniff, find, crack 802.11b | |||
* airtraf : 802.11b network performance analyzer | |||
* gpsdrive : use GPS and maps | |||
* kismet 3.0.1 : for 802.11 what else do you need? | |||
* kismet-log-viewer : manage your kismet logs | |||
* macchanger : change your MAC address | |||
* wellenreiter : 802.11b discovery and auditing | |||
* patched orinoco drivers : automatic (no scripts necessary) | |||
=='''Internet Information Resources'''== | |||
'''US-CERT Current Activity'''<br> | '''US-CERT Current Activity'''<br> | ||
The US-CERT Current Activity web page is a regularly updated summary of the most frequent, high-impact types of security incidents currently being reported to the US-CERT.<br> | The US-CERT Current Activity web page is a regularly updated summary of the most frequent, high-impact types of security incidents currently being reported to the US-CERT.<br> | ||
Line 4: | Line 222: | ||
[http://www.us-cert.gov/current/ US-CERT Current Activity]<br> | [http://www.us-cert.gov/current/ US-CERT Current Activity]<br> | ||
<br> | <br> | ||
Latest revision as of 12:30, 5 August 2011
Authentication
- freeradius 0.9.3 : GPL RADIUS server
Encryption
- 2c2 : multiple plaintext -> one ciphertext
- 4c : as with 2c2 (think plausible deniability)
- acfe : traditional cryptanalysis (like Vigenere)
- cryptcat : netcat encryption
- gifshuffle : stego tool for gif images
- gpg 1.2.3 : GNU Privacy Guard
- ike-scan : VPN fingerprinting
- mp3stego : stego tool for mp3
- openssl 0.9.7c
- outguess : stego tool
- stegbreak : brute-force stego'ed JPG
- stegdetect : discover stego'ed JPG
- sslwrap : SSL wrapper
- stunnel : SSL wrapper
- super-freeSWAN 1.99.8 : kernel IPSEC support
- texto : make gpg ascii-armour look like weird English
- xor-analyze : another "intro to crytanalysis" tool
Forensics
- sleuthkit 1.66 : extensions to The Coroner's Toolkit forensic toolbox.
- autopsy 1.75 : Web front-end to TASK. Evidence Locker defaults to /mnt/evidence
- biew : binary viewer
- bsed : binary stream editor
- consh : logged shell (from F.I.R.E.)
- coreography : analyze core files
- dcfldd : US DoD Computer Forensics Lab version of dd
- fenris : code debugging, tracing, decompiling, reverse engineering tool
- fatback : Undelete FAT files
- foremost : recover specific file types from disk images (like all JPG files)
- ftimes : system baseline tool (be proactive)
- galleta : recover Internet Explorer cookies
- hashdig : dig through hash databases
- hdb : java decompiler
- mac-robber : TCT's graverobber written in C
- md5deep : run md5 against multiple files/directories
- memfetch : force a memory dump
- pasco : browse IE index.dat
- photorec : grab files from digital cameras
- readdbx : convert Outlook Express .dbx files to mbox format
- readoe : convert entire Outlook Express .directory to mbox format
- rifiuti : browse Windows Recycle Bin INFO2 files
- secure_delete : securely delete files, swap, memory....
- testdisk : test and recover lost partitions
- wipe : wipe a partition securely. good for prep'ing a partition for dd
- and other typical system tools used for forensics (dd, lsof, strings, grep, etc.)
Firewall
- blockall : script to block all inbound TCP (excepting localhost)
- flushall : flush all firewall rules
- firestarter : quick way to a firewall
- firewalk : map a firewall's rulebase
- floppyfw : turn a floppy into a firewall
- fwlogwatch : monitor firewall logs
- iptables 1.2.8
- gtk-iptables : GUI front-end
- shorewall 1.4.8-RC1 : iptables based package
- nipper 0.12.0 : quickly document network device configuration (including cisco, juniper, checkpoint, sonicwall and more)
Honeypots
- honeyd 0.7
- labrea : tarpit (slow to a crawl) worms and port scanners
- thp : tiny honeypot
IDS | IPS
- SafetyNET Security Appliance and suite of products.
- snort 2.1.0: network IDS
- ACID : snort web frontend
- barnyard : fast snort log processor
- oinkmaster : keep your snort rules up to date
- hogwash : access control based on snort sigs
- bro : network IDS
- prelude : network and host IDS
- WIDZ : wireless IDS, ap and probe monitor
- aide : host baseline tool, tripwire-esque
- logsnorter : log monitor
- swatch : monitor any file, oh like say syslog
- sha1sum
- md5sum
- syslogd
Network Utilities
- LinNeighboorhood : browse SMB networks like windows network neighborhood
- argus : network auditor
- arpwatch : keep track of the MACs on your wire
- cdpr : cisco discovery protocol reporter
- cheops : snmp, network discovery and monitor tool
- etherape : network monitor and visualization tool
- iperf : measure IP performance
- ipsc : IP subnet calculator
- iptraf : network monitor
- mrtg : multi router traffic grapher
- mtr : traceroute tool
- ntop 2.1.0 : network top, protocol analyzer
- rrdtool : round robin database
- samba : opensource SMB support
- tcptrack : track existing connections
Password Tools
- john 1.6.34 : John the Ripper password cracker
- allwords2 : CERIAS's 27MB English dictionary
- chntpw : reset passwords on a Windows box (including Administrator)
- cisilia : distributed password cracker
- cmospwd : find local CMOS password
- djohn : distributed John the Ripper
- pwl9x : crack Win9x password files
- rcrack : rainbow crack
Packet Sniffers
- aimSniff : sniff AIM traffic
- driftnet : sniffs for images
- dsniff : sniffs for cleartext passwords (thanks Dug)
- ethereal 0.10.0 : the standard. includes tethereal
- ettercap 0.6.b : sniff on a switched network and more.
- filesnarf : grab files out of NFS traffic
- mailsnarf : sniff smtp/pop traffic
- msgsnarf : sniff aol-im, msn, yahoo-im, irc, icq traffic
- ngrep : network grep, a sniffer with grep filter capabilities
- tcpdump : the core of it all
- urlsnarf : log all urls visited on the wire
- webspy : mirror all urls visited by a host in your local browser
- Wireshark 1.0.3 : replaces ethereal, the standard.
Searching and Seizing Computers and Obtaining Electronic Evidence Manual
TCP Tools
- arpfetch : fetch MAC
- arping : ping by MAC
- arpspoof : spoof arp
- arpwatch : montior MAC addresses on the wire
- despoof : detect spoofed packets via TTL measurement
- excalibur : packet generator
- file2cable : replay a packet capture
- fragroute : packet fragmentation tool (thanks again Dug)
- gspoof : packet generator
- hopfake : spoof hopcount replies
- hunt : tcp hijacker
- ipmagic : packet generator
- lcrzoex : suite of tcp tools
- macof : flood a switch with MACs
- packetto : Dan Kaminsky's suite of tools (includes 1.10 and 2.0pre3)
- netsed : insert and replace strings in live traffic
- packETH : packet generator
- tcpkill : die tcp, die!
- tcpreplay : replay packet captures
Tunnels
- cryptcat : encrypted netcat
- httptunnel : tunnel data over http
- icmpshell : tunnel data over icmp
- netcat : the incomparable tcp swiss army knife
- shadyshell : tunnel data over udp
- stegtunnel : hide data in TCP/IP headers
- tcpstatflow : detect data tunnels
- tiny shell : small encrypted shell
Vulnerability Assessment
- ADM tools : like ADM-smb and ADMkillDNS
- amap 4.5 : maps applications running on remote hosts
- IRPAS : Internet Routing Protocol Attack Suite
- chkrootkit 0.43 : look for rootkits
- clamAV : virus scanner. update your signatures live with freshclam
- curl : commandline utility for transferring anything with a URL
- exodus : web application auditor
- ffp : fuzzy fingerprinter for encrypted connections
- firewalk : map a firewall rulebase
- hydra : brute force tool
- nbtscan : scan SMB networks
- ncpquery : scan NetWare servers
- nessus 2.0.9 : vulnerability scanner. update your plugins live with nessus-update-plugins
- nikto : CGI scanner
- nmap 3.48 : the standard in host/port enumeration
- p0f : passive OS fingerprinter
- proxychains: chain together multiple proxy servers
- rpcinfo : hmmmm.... info from RPC?
- screamingCobra : CGI scanner
- siege : http testing and benchmarking utility
- sil : tiny banner grabber
- snot : replay snort rules back onto the wire. test your ids/incidence response/etc.
- syslog_deluxe : spoof syslog messages
- thcrut : THC's "r you there?" network mapper
- vmap : maps application versions
- warscan : exploit automation tool
- xprobe2 : uses ICMP for fingerprinting
- yaph : yet another proxy hunter
- zz : zombie zapper kills DDoS zombies
Wireless Tools
- airsnarf : rogue AP setup utility
- airsnort : sniff, find, crack 802.11b
- airtraf : 802.11b network performance analyzer
- gpsdrive : use GPS and maps
- kismet 3.0.1 : for 802.11 what else do you need?
- kismet-log-viewer : manage your kismet logs
- macchanger : change your MAC address
- wellenreiter : 802.11b discovery and auditing
- patched orinoco drivers : automatic (no scripts necessary)
Internet Information Resources
US-CERT Current Activity
The US-CERT Current Activity web page is a regularly updated summary of the most frequent, high-impact types of security incidents currently being reported to the US-CERT.
US-CERT Current Activity