Assessments: Difference between revisions

From HORSE - Holistic Operational Readiness Security Evaluation.
Jump to navigation Jump to search
(fJMfwUXLpzarHx)
 
(10 intermediate revisions by 2 users not shown)
Line 1: Line 1:
http://vida3517.sitebooth.com/ maple story item
=='''Authentication'''==
http://nagg2145.freehostguy.com/ mountain lodge park city
 
http://alik1147.101freehost.com/ persona 3 walkthrough
* freeradius 0.9.3 : GPL RADIUS server
http://alik1144.007gb.com/ watch desperate housewives season 2
 
http://dela9507.900megs.com/ apple pie recipe paula
=='''Encryption'''==
http://pola9127.phreesite.com/ baby boy names
 
http://podo9525.gofreeserve.com/ healthy kids recipes
* 2c2 : multiple plaintext -> one ciphertext
http://vida3517.sitebooth.com/maple-story-pet.html maple story cleric guide
* 4c : as with 2c2 (think plausible deniability)
http://nagg2145.freehostguy.com/park-city-ut-mountain.html mountain city prison
* acfe : traditional cryptanalysis (like Vigenere)
http://alik1147.101freehost.com/clock-tower-3-walkthrough.html virtual villager 3 walkthrough
* cryptcat : netcat  encryption
http://alik1144.007gb.com/watch-supernatural-season-3.html watch scrubs season 2
* gifshuffle : stego tool for gif images
http://dela9507.900megs.com/caramel-apple-pie-recipes.html apple pie recipe no
* gpg 1.2.3 : GNU Privacy Guard
http://pola9127.phreesite.com/black-ghetto-baby-names.html male baby names
* ike-scan : VPN fingerprinting
http://podo9525.gofreeserve.com/healthy-muffin-recipes.html healthy cake recipes
* mp3stego : stego tool for mp3
http://vida3517.sitebooth.com/maple-story-mage-guide.html maple story fly
* openssl 0.9.7c
http://nagg2145.freehostguy.com/mountain-property-management-park-city.html park city mountain resort lodging
* outguess : stego tool
http://alik1147.101freehost.com/amped-3-walkthrough.html command and conquer 3 walkthrough xbox 360
* stegbreak : brute-force stego'ed JPG
http://alik1144.007gb.com/watch-veronica-mars-season-3.html watch lost season four
* stegdetect : discover stego'ed JPG
http://dela9507.900megs.com/fresh-apple-pie-recipe.html mile high apple pie recipe
* sslwrap : SSL wrapper
http://pola9127.phreesite.com/trendy-baby-names.html ethnic baby names
* stunnel : SSL wrapper
http://podo9525.gofreeserve.com/healthy-italian-recipes.html healthy french recipes
* super-freeSWAN 1.99.8 : kernel IPSEC support
http://vida3517.sitebooth.com/maple-story-level-hacks.html maple story rpg
* texto : make gpg ascii-armour look like weird English
http://nagg2145.freehostguy.com/city-in-a-mountain.html the mountain center park city
* xor-analyze : another "intro to crytanalysis" tool
http://alik1147.101freehost.com/thing-thing-arena-3-walkthrough.html walkthrough for persona 3
 
http://alik1144.007gb.com/watch-bones-season-1.html watch the l word season 2  
=='''Forensics'''==
http://dela9507.900megs.com/green-apple-pie-recipe.html gourmet apple pie recipe
 
http://pola9127.phreesite.com/great-baby-names.html name my baby
* [[Forensic_Education_Resources:|Forensic Education and Resources]]<br>
http://podo9525.gofreeserve.com/thanksgiving-healthy-recipes.html easy healthy dinner recipes
<br>
http://vida3517.sitebooth.com/maple-story-free-hacks.html maple story hacks bypass
* sleuthkit 1.66 : extensions to The Coroner's Toolkit forensic toolbox.
http://nagg2145.freehostguy.com/dakota-mountain-lodge-park-city.html park city mountain resport
* autopsy 1.75 : Web front-end to TASK. Evidence Locker defaults to /mnt/evidence
http://alik1147.101freehost.com/granny-3-walkthrough.html amateur surgeon 3 walkthrough
* biew : binary viewer
http://alik1144.007gb.com/watch-the-office-season-two.html watch monk season 6
* bsed : binary stream editor
http://pola9127.phreesite.com/american-baby-name.html baby name suggestions
* consh : logged shell (from F.I.R.E.)
http://podo9525.gofreeserve.com/easy-healthy-kids-recipes.html easy healthy low fat recipes
* coreography : analyze core files
* dcfldd : US DoD Computer Forensics Lab version of dd
* fenris : code debugging, tracing, decompiling, reverse engineering tool
* fatback : Undelete FAT files
* foremost : recover specific file types from disk images (like all JPG files)
* ftimes : system baseline tool (be proactive)
* galleta : recover Internet Explorer cookies
* hashdig : dig through hash databases
* hdb : java decompiler
* mac-robber : TCT's graverobber written in C
* md5deep : run md5 against multiple files/directories
* memfetch : force a memory dump
* pasco : browse IE index.dat
* photorec : grab files from digital cameras
* readdbx : convert Outlook Express .dbx files to mbox format
* readoe : convert entire Outlook Express .directory to mbox format
* rifiuti : browse Windows Recycle Bin INFO2 files
* secure_delete : securely delete files, swap, memory....
* testdisk : test and recover lost partitions
* wipe : wipe a partition securely. good for prep'ing a partition for dd
* and other typical system tools used for forensics (dd, lsof, strings, grep, etc.)
 
=='''Firewall'''==
 
* blockall : script to block all inbound TCP (excepting localhost)
* flushall : flush all firewall rules
* firestarter : quick way to a firewall
* firewalk : map a firewall's rulebase
* floppyfw : turn a floppy into a firewall
* fwlogwatch : monitor firewall logs
* iptables 1.2.8
* gtk-iptables : GUI front-end
* shorewall 1.4.8-RC1 : iptables based package
* nipper 0.12.0 : quickly document network device configuration (including cisco, juniper, checkpoint, sonicwall and more)
 
=='''Honeypots'''==
 
* honeyd 0.7
* labrea : tarpit (slow to a crawl) worms and port scanners
* thp : tiny honeypot
 
=='''IDS | IPS'''==
 
* [http://safetynet-info.com SafetyNET] Security Appliance and suite of products.  
* snort 2.1.0: network IDS
* ACID : snort web frontend
* barnyard : fast snort log processor
* oinkmaster : keep your snort rules up to date
* hogwash : access control based on snort sigs
* bro : network IDS
* prelude : network and host IDS
* WIDZ : wireless IDS, ap and probe monitor
* aide : host baseline tool, tripwire-esque
* logsnorter : log monitor
* swatch : monitor any file, oh like say syslog
* sha1sum
* md5sum
* syslogd
 
=='''Network Utilities'''==
 
* LinNeighboorhood : browse SMB networks like windows network neighborhood
* argus : network auditor
* arpwatch : keep track of the MACs on your wire
* cdpr : cisco discovery protocol reporter
* cheops : snmp, network discovery and monitor tool
* etherape : network monitor and visualization tool
* iperf : measure IP performance
* ipsc : IP subnet calculator
* iptraf : network monitor
* mrtg : multi router traffic grapher
* mtr : traceroute tool
* ntop 2.1.0 : network top, protocol analyzer
* rrdtool : round robin database
* samba : opensource SMB support
* tcptrack : track existing connections
 
=='''Password Tools'''==
 
* john 1.6.34 : John the Ripper password cracker
* allwords2 : CERIAS's 27MB English dictionary
* chntpw : reset passwords on a Windows box (including Administrator)
* cisilia : distributed password cracker
* cmospwd : find local CMOS password
* djohn : distributed John the Ripper
* pwl9x : crack Win9x password files
* rcrack : rainbow crack
 
=='''Packet Sniffers'''==
 
* aimSniff : sniff AIM traffic
* driftnet : sniffs for images
* dsniff : sniffs for cleartext passwords (thanks Dug)
* ethereal 0.10.0 : the standard. includes tethereal
* ettercap 0.6.b : sniff on a switched network and more.
* filesnarf : grab files out of NFS traffic
* mailsnarf : sniff smtp/pop traffic
* msgsnarf : sniff aol-im, msn, yahoo-im, irc, icq traffic
* ngrep : network grep, a sniffer with grep filter capabilities
* tcpdump : the core of it all
* urlsnarf : log all urls visited on the wire
* webspy : mirror all urls visited by a host in your local browser
* Wireshark 1.0.3 : replaces ethereal, the standard.
 
=='''[[Searching_and_Seizing_Computers_and_Obtaining_Electronic_Evidence_Manual | Searching and Seizing Computers and Obtaining Electronic Evidence Manual]]'''==
 
=='''TCP Tools'''==
 
* arpfetch : fetch MAC
* arping : ping by MAC
* arpspoof : spoof arp
* arpwatch : montior MAC addresses on the wire
* despoof : detect spoofed packets via TTL measurement
* excalibur : packet generator
* file2cable : replay a packet capture
* fragroute : packet fragmentation tool (thanks again Dug)
* gspoof : packet generator
* hopfake : spoof hopcount replies
* hunt : tcp hijacker
* ipmagic : packet generator
* lcrzoex : suite of tcp tools
* macof : flood a switch with MACs
* packetto : Dan Kaminsky's suite of tools (includes 1.10 and 2.0pre3)
* netsed : insert and replace strings in live traffic
* packETH : packet generator
* tcpkill : die tcp, die!
* tcpreplay : replay packet captures
 
=='''Tunnels'''==
 
* cryptcat : encrypted netcat
* httptunnel : tunnel data over http
* icmpshell : tunnel data over icmp
* netcat : the incomparable tcp swiss army knife
* shadyshell : tunnel data over udp
* stegtunnel : hide data in TCP/IP headers
* tcpstatflow : detect data tunnels
* tiny shell : small encrypted shell
 
=='''Vulnerability Assessment'''==
 
* ADM tools : like ADM-smb and ADMkillDNS
* amap 4.5 : maps applications running on remote hosts
* IRPAS : Internet Routing Protocol Attack Suite
* chkrootkit 0.43 : look for rootkits
* clamAV : virus scanner. update your signatures live with freshclam
* curl : commandline utility for transferring anything with a URL
* exodus : web application auditor
* ffp : fuzzy fingerprinter for encrypted connections
* firewalk : map a firewall rulebase
* hydra : brute force tool
* nbtscan : scan SMB networks
* ncpquery : scan NetWare servers
* nessus 2.0.9 : vulnerability scanner. update your plugins live with nessus-update-plugins
* nikto : CGI scanner
* nmap 3.48 : the standard in host/port enumeration
* p0f : passive OS fingerprinter
* proxychains: chain together multiple proxy servers
* rpcinfo : hmmmm.... info from RPC?
* screamingCobra : CGI scanner
* siege : http testing and benchmarking utility
* sil : tiny banner grabber
* snot : replay snort rules back onto the wire. test your ids/incidence response/etc.
* syslog_deluxe : spoof syslog messages
* thcrut : THC's "r you there?" network mapper
* vmap : maps application versions
* warscan : exploit automation tool
* xprobe2 : uses ICMP for fingerprinting
* yaph : yet another proxy hunter
* zz : zombie zapper kills DDoS zombies
 
=='''Wireless Tools'''==
 
* airsnarf : rogue AP setup utility
* airsnort : sniff, find, crack 802.11b
* airtraf : 802.11b network performance analyzer
* gpsdrive : use GPS and maps
* kismet 3.0.1 : for 802.11 what else do you need?
* kismet-log-viewer : manage your kismet logs
* macchanger : change your MAC address
* wellenreiter : 802.11b discovery and auditing
* patched orinoco drivers : automatic (no scripts necessary)
 
=='''Internet Information Resources'''==
'''US-CERT Current Activity'''<br>
The US-CERT Current Activity web page is a regularly updated summary of the most frequent, high-impact types of security incidents currently being reported to the US-CERT.<br>
<br>
[http://www.us-cert.gov/current/ US-CERT Current Activity]<br>
<br>

Latest revision as of 12:30, 5 August 2011

Authentication

  • freeradius 0.9.3 : GPL RADIUS server

Encryption

  • 2c2 : multiple plaintext -> one ciphertext
  • 4c : as with 2c2 (think plausible deniability)
  • acfe : traditional cryptanalysis (like Vigenere)
  • cryptcat : netcat encryption
  • gifshuffle : stego tool for gif images
  • gpg 1.2.3 : GNU Privacy Guard
  • ike-scan : VPN fingerprinting
  • mp3stego : stego tool for mp3
  • openssl 0.9.7c
  • outguess : stego tool
  • stegbreak : brute-force stego'ed JPG
  • stegdetect : discover stego'ed JPG
  • sslwrap : SSL wrapper
  • stunnel : SSL wrapper
  • super-freeSWAN 1.99.8 : kernel IPSEC support
  • texto : make gpg ascii-armour look like weird English
  • xor-analyze : another "intro to crytanalysis" tool

Forensics


  • sleuthkit 1.66 : extensions to The Coroner's Toolkit forensic toolbox.
  • autopsy 1.75 : Web front-end to TASK. Evidence Locker defaults to /mnt/evidence
  • biew : binary viewer
  • bsed : binary stream editor
  • consh : logged shell (from F.I.R.E.)
  • coreography : analyze core files
  • dcfldd : US DoD Computer Forensics Lab version of dd
  • fenris : code debugging, tracing, decompiling, reverse engineering tool
  • fatback : Undelete FAT files
  • foremost : recover specific file types from disk images (like all JPG files)
  • ftimes : system baseline tool (be proactive)
  • galleta : recover Internet Explorer cookies
  • hashdig : dig through hash databases
  • hdb : java decompiler
  • mac-robber : TCT's graverobber written in C
  • md5deep : run md5 against multiple files/directories
  • memfetch : force a memory dump
  • pasco : browse IE index.dat
  • photorec : grab files from digital cameras
  • readdbx : convert Outlook Express .dbx files to mbox format
  • readoe : convert entire Outlook Express .directory to mbox format
  • rifiuti : browse Windows Recycle Bin INFO2 files
  • secure_delete : securely delete files, swap, memory....
  • testdisk : test and recover lost partitions
  • wipe : wipe a partition securely. good for prep'ing a partition for dd
  • and other typical system tools used for forensics (dd, lsof, strings, grep, etc.)

Firewall

  • blockall : script to block all inbound TCP (excepting localhost)
  • flushall : flush all firewall rules
  • firestarter : quick way to a firewall
  • firewalk : map a firewall's rulebase
  • floppyfw : turn a floppy into a firewall
  • fwlogwatch : monitor firewall logs
  • iptables 1.2.8
  • gtk-iptables : GUI front-end
  • shorewall 1.4.8-RC1 : iptables based package
  • nipper 0.12.0 : quickly document network device configuration (including cisco, juniper, checkpoint, sonicwall and more)

Honeypots

  • honeyd 0.7
  • labrea : tarpit (slow to a crawl) worms and port scanners
  • thp : tiny honeypot

IDS | IPS

  • SafetyNET Security Appliance and suite of products.
  • snort 2.1.0: network IDS
  • ACID : snort web frontend
  • barnyard : fast snort log processor
  • oinkmaster : keep your snort rules up to date
  • hogwash : access control based on snort sigs
  • bro : network IDS
  • prelude : network and host IDS
  • WIDZ : wireless IDS, ap and probe monitor
  • aide : host baseline tool, tripwire-esque
  • logsnorter : log monitor
  • swatch : monitor any file, oh like say syslog
  • sha1sum
  • md5sum
  • syslogd

Network Utilities

  • LinNeighboorhood : browse SMB networks like windows network neighborhood
  • argus : network auditor
  • arpwatch : keep track of the MACs on your wire
  • cdpr : cisco discovery protocol reporter
  • cheops : snmp, network discovery and monitor tool
  • etherape : network monitor and visualization tool
  • iperf : measure IP performance
  • ipsc : IP subnet calculator
  • iptraf : network monitor
  • mrtg : multi router traffic grapher
  • mtr : traceroute tool
  • ntop 2.1.0 : network top, protocol analyzer
  • rrdtool : round robin database
  • samba : opensource SMB support
  • tcptrack : track existing connections

Password Tools

  • john 1.6.34 : John the Ripper password cracker
  • allwords2 : CERIAS's 27MB English dictionary
  • chntpw : reset passwords on a Windows box (including Administrator)
  • cisilia : distributed password cracker
  • cmospwd : find local CMOS password
  • djohn : distributed John the Ripper
  • pwl9x : crack Win9x password files
  • rcrack : rainbow crack

Packet Sniffers

  • aimSniff : sniff AIM traffic
  • driftnet : sniffs for images
  • dsniff : sniffs for cleartext passwords (thanks Dug)
  • ethereal 0.10.0 : the standard. includes tethereal
  • ettercap 0.6.b : sniff on a switched network and more.
  • filesnarf : grab files out of NFS traffic
  • mailsnarf : sniff smtp/pop traffic
  • msgsnarf : sniff aol-im, msn, yahoo-im, irc, icq traffic
  • ngrep : network grep, a sniffer with grep filter capabilities
  • tcpdump : the core of it all
  • urlsnarf : log all urls visited on the wire
  • webspy : mirror all urls visited by a host in your local browser
  • Wireshark 1.0.3 : replaces ethereal, the standard.

Searching and Seizing Computers and Obtaining Electronic Evidence Manual

TCP Tools

  • arpfetch : fetch MAC
  • arping : ping by MAC
  • arpspoof : spoof arp
  • arpwatch : montior MAC addresses on the wire
  • despoof : detect spoofed packets via TTL measurement
  • excalibur : packet generator
  • file2cable : replay a packet capture
  • fragroute : packet fragmentation tool (thanks again Dug)
  • gspoof : packet generator
  • hopfake : spoof hopcount replies
  • hunt : tcp hijacker
  • ipmagic : packet generator
  • lcrzoex : suite of tcp tools
  • macof : flood a switch with MACs
  • packetto : Dan Kaminsky's suite of tools (includes 1.10 and 2.0pre3)
  • netsed : insert and replace strings in live traffic
  • packETH : packet generator
  • tcpkill : die tcp, die!
  • tcpreplay : replay packet captures

Tunnels

  • cryptcat : encrypted netcat
  • httptunnel : tunnel data over http
  • icmpshell : tunnel data over icmp
  • netcat : the incomparable tcp swiss army knife
  • shadyshell : tunnel data over udp
  • stegtunnel : hide data in TCP/IP headers
  • tcpstatflow : detect data tunnels
  • tiny shell : small encrypted shell

Vulnerability Assessment

  • ADM tools : like ADM-smb and ADMkillDNS
  • amap 4.5 : maps applications running on remote hosts
  • IRPAS : Internet Routing Protocol Attack Suite
  • chkrootkit 0.43 : look for rootkits
  • clamAV : virus scanner. update your signatures live with freshclam
  • curl : commandline utility for transferring anything with a URL
  • exodus : web application auditor
  • ffp : fuzzy fingerprinter for encrypted connections
  • firewalk : map a firewall rulebase
  • hydra : brute force tool
  • nbtscan : scan SMB networks
  • ncpquery : scan NetWare servers
  • nessus 2.0.9 : vulnerability scanner. update your plugins live with nessus-update-plugins
  • nikto : CGI scanner
  • nmap 3.48 : the standard in host/port enumeration
  • p0f : passive OS fingerprinter
  • proxychains: chain together multiple proxy servers
  • rpcinfo : hmmmm.... info from RPC?
  • screamingCobra : CGI scanner
  • siege : http testing and benchmarking utility
  • sil : tiny banner grabber
  • snot : replay snort rules back onto the wire. test your ids/incidence response/etc.
  • syslog_deluxe : spoof syslog messages
  • thcrut : THC's "r you there?" network mapper
  • vmap : maps application versions
  • warscan : exploit automation tool
  • xprobe2 : uses ICMP for fingerprinting
  • yaph : yet another proxy hunter
  • zz : zombie zapper kills DDoS zombies

Wireless Tools

  • airsnarf : rogue AP setup utility
  • airsnort : sniff, find, crack 802.11b
  • airtraf : 802.11b network performance analyzer
  • gpsdrive : use GPS and maps
  • kismet 3.0.1 : for 802.11 what else do you need?
  • kismet-log-viewer : manage your kismet logs
  • macchanger : change your MAC address
  • wellenreiter : 802.11b discovery and auditing
  • patched orinoco drivers : automatic (no scripts necessary)

Internet Information Resources

US-CERT Current Activity
The US-CERT Current Activity web page is a regularly updated summary of the most frequent, high-impact types of security incidents currently being reported to the US-CERT.

US-CERT Current Activity