|
Software for Audit and Security Professionals |
|
AAFIDDescriptionAAFID (Autonomous Agents for Intrusion Detection) is a distributed monitoring and intrusion detection system that employs small stand-alone programs (Agents) to perform monitoring functions in the hosts of a network Availabilityftp://coast.cs.purdue.edu/pub/COAST/tools/AAFID/ ArgusDescriptionArgus is a powerful tool for monitoring IP networks. It provides tools for sophisticated analysis of network activity that can be used to verify the enforcement of network security policies, network performance analysis and more. AvailabilityArpwatchDescriptionAn ethernet monitor program that keeps tracks of ethernet/IP address pairings. AvailabilityAdvanced Security audit trail Analysis on uniX (ASAX)DescriptionSystem that helps system administrators process and analyze data maintained in log files. There are two versions: a single host audit trail analysis version and a distributed audit trail analysis version. Availabilityftp://ftp.auscert.org.au/pub/coast/tools/unix/ BastilleDescriptionSoftware that helps new sysadmins harden Red Hat Linux. AvailabilityCHKACCTDescriptionChecks the settings and security of the current user's account and prints explanatory messages to the user about how to fix the problems. Availabilityftp://coast.cs.purdue.edu/pub/tools/unix CHKLASTLOGDescriptionAnalyzes the lastlog file to ensure that no entries have been deleted. AvailabilityCHKWTMPDescriptionAnalyzes the WTMP file to ensure that no entries have been deleted. AvailabilityComputer Oracle and Password System (COPS)DescriptionChecks UNIX systems for common security problems. Availabilityftp://coast.cs.purdue.edu/pub/tools/unix CourtneyDescriptionA program that tries to identify the use of SATAN on a subnet. The program tcpdump also is needed to run Courtney. Availabilityftp://ciac.llnl.gov/pub/ciac/sectools/unix CPMDescriptionCPM is a Check for network interfaces in Promiscuous Mode, of those workstations that might run a sniffer. Availabilityftp://ciac.llnl.gov/pub/ciac/sectools/unix CrackDescriptionCrack is a password cracker. Availabilityftp://sable.ox.ac.uk/pub/comp/security/COAST/tools/unix CracklibDescriptionChecks plaintext words against those generated by Crack. Availabilityftp://sable.ox.ac.uk/pub/comp/security/COAST/tools/unix DesloginDescriptionProvides a more secure method for remote login than telnet or rlogin in untrusted networks. Deslogin encrypts the connection using DES. Availabilityftp://ftp.uu.net/pub/security/des/ Domain Internet Groper (DIG)DescriptionDig is a network utility that queries Domain Name Servers. It is similar to nslookup, but more flexible. AvailabilityDrawbridgeDescriptionPowerful bridging filter package. Availabilityftp://ftp.cert.dfn.de/pub/tools/net/drawbridge/ Domain Obscenity Control (DOC)DescriptionDiagnoses misbehaving domains by sending queries off to the appropriate nameservers and performing simple anlaysis of the responses. Availabilityftp://coast.cs.purdue.edu/pub/tools/unix FpingDescriptionAn efficient way to test whether a large number of hosts are up. Availabilityftp://ftp.cdrom.com/.25/FreeBSD/distfiles/fping/ FremontDescriptionFremont is a network topology discovery program. Availabilityftp://ftp.cs.colorado.edu/pub/cs/distribs/fremont GabrielDescriptionGives the system administrator an early warning of a possible network intrusion by detecting and identifying unauthorized network probing. AvailabilityGhostScriptDescriptionA PostScript interpreter. Availabilityhttp://www.cs.wisc.edu/~ghost/ GNU Privacy Guard (GPG)DescriptionA free relpacement for PGP that uses no patented algorithms and supports OpenPGP. AvailabilityHobgoblinDescriptionChecks file system consistency against a description for conformity between the described and actual file properties. Availabilityftp://coast.cs.purdue.edu//pub/tools/unix Ident-ScanDescriptionA TCP scanner that among other functions retrieves the username owning the daemon running on the specified port, by sending out an ident request to identd. Useful for determining who is running daemons on high ports or searching for misconfigurations such as httpd running as root, other daemons running under the wrong uids. AvailabilityIFSTATUSDescriptionChecks the network interfaces for any in debug or promiscuous mode. Availabilityftp://coast.cs.purdue.edu/pub/tools/unix Internet Security Scanner (ISS)DescriptionChecks hosts within a specified range of IP address for various security vulnerabilities in sendmail, anonymous FTP setup, NFS and many more. AvailabilityIPACLDescriptionFilters incoming and outgoing TCP and UDP in a SVR4/386 kernel. Availabilityftp://ftp.win.tue.nl /pub/security IPchainsDescriptionLinux firewall implementation. Availabilityhttp://www.rustcorp.com/linux/ipchains IPmasqueradeDescriptionLinux network address translation (NAT) implementation. AvailabilityKlaxonDescriptionDetects portscanner attacks such as ISS and SATAN. Availabilityftp://coast.cs.purdue.edu//pub/tools/unix Latrodectus CyberneticusDescriptionDesigned to probe sites looking for PERL executables in cgi-bin. AvailabilityLinux FreeS/WANDescriptionIPSec/IKE implementation for building secure channels and VPNs. Availabilityhttp://www.xs4all.nl/~freeswan LogcheckDescriptionChecks logs and sends e-mail alerts. Availabilityhttp://www.psionic.com/abacus/logcheck LogdaemonDescriptionReplacement for system ftp, rlogin, rexec, rsh daemons and the login program that has added security features such as login in failures and S/Key one-time password support. Availabilityftp://ftp.win.tue.nl /pub/security LSOFDescriptionLists all open files being used by running processes, to help determine whether a process is benign or malicious software. Availabilityftp://ftp.digex.net/.10/FreeBSD/FreeBSD-current/ports/sysutils/lsof/ NessusDescriptionSecurity scanner intended to update and extend SATAN. AvailabilityNetcatDescriptionNetcat aids with bug testing, port scanning, address spoofing, buffer overflowing, and any other server testing or simulation you want. Availabilityftp://avian.org:/src/hacks/nc100.tgz NetlogDescriptionNetwork logging and monitoring for all TCP and UDP connections on a subnet. Netlog also includes tools for analyzing the output. TCPLOGGER: Logs all TCP connections on a subnet UDPLOGGER: Logs all UDP connections on a subnet EXTRACT: Processes the logs generated by tcplogger and udplogger Availabilityftp://ftp.auscert.org.au/pub/coast/tools/unix/ New COPS Analysis and Report Program (NCARP)DescriptionData analysis tool for viewing and analyzing multiple COPS result files. Availabilityftp://coast.cs.purdue.edu/pub/tools/unix NFSWatchDescriptionNFSWatch monitors NFS requests and measures response time for each RPC. It also logs reply traffic. Availabilityftp://coast.cs.purdue.edu/pub/tools/unix NpasswdDescriptionA replacement for the system passwd command that does not accept poor passwords. Availabilityftp://ftp.cc.utexas.edu/people/clyde/npasswd/ OpenBSDDescriptionSecure and free multi-platform OS that includes strong encryption. AvailabilityOpenSSHDescriptionSecure shell for terminal emulation and file transfer; replace Telnet. AvailabilityOshDescriptionOsh is a restricted C shell that allows the administrator to control access to files and directories and to provide logging. Availabilityftp://ftp.auscert.org.au/pub/coast/tools/unix/ Passwd+DescriptionPasswd+ is a proactive password checker that replaces the system passwd command. It enforces the selection of good passwords. Availabilityftp://ftp.dartmouth.edu/pub/security PGPDescriptionPretty Good Privacy (PGP) protects documents such as e-mail from unauthorized reading using public key encryption. (Some versions are export restricted.) Availabilityftp://ftp.eff.org/pub/Net_info/Tools/Crypto/PGP/ PortmapperDescriptionIt is a modified version of portmapper that reduces the vulnerabilities and disallows proxy access. Availabilityftp://ftp.win.tue.nl /pub/security RAUDITDescriptionPERL script that audits each user's .rhosts file and reports on total number of rhosts entries, total number of non-operations entries, total number of remote entries and illegal entries. Availabilityftp://coast.cs.purdue.edu/pub/tools/unix RIACS Auditing PackageDescriptionFile scanning system for auditing a file system for possible security or accounting problems. Availabilityftp://coast.cs.purdue.edu/pub/tools/unix RIPEMDescriptionRiordan's Internet Privacy Enhanced Mail (RIPEM) improves the security of e-mail by verifying the authenticity of the message sender among other things. (Export restricted.) Availabilityftp://ftp.uwo.ca/pub/unix/network/WWW/SSLeay-0.9.0b/crypto/ripemd/ RpcbindDescriptionA modified version of rpcbind (System V.4 portmapper) that prevents intruders from bypassing NFS export restrictions. Availabilityftp://ftp.win.tue.nl /pub/security RsuckerDescriptionActs as a fake r* daemon and logs attempts in syslog. Availabilityftp://coast.cs.purdue.edu/pub/tools/unix SAINTDescriptionSecurity scanner. Availabilityhttp://wwdsilx.wwdsi.com/saint SATANDescriptionSATAN is a program that gathers network information such as the type of machines and services available on the machines as well as potential security flaws. Availabilityftp://ftp.win.tue.nl /pub/security Scan-DetectorDescriptionScan-detector determines when an automated scan of UDP/TCP ports is being done on a host running this program. Logs to either syslog or strerr. Availabilityftp://coast.cs.purdue.edu/pub/tools/unix ScreendDescriptionScreend lets you add packet filtering to the kernel of BSD-based UNIX systems. AvailabilitySecurity Profile Inspector (SPI)DescriptionSPI performs functions similar to COPS and Tripwire, and tracks important security patches on a per-platform basis. Limited government distribution. Availabilityftp://cert.unisa.it/pub/Tools/Admin/SPI/ SecurscanDescriptionSecurscan checks SGIs for many security vulnerabilities. Availabilityftp://ftp.vis.colostate.edu/securescan/securscan/ SendmailDescriptionA replacement for the system sendmail. This version includes all of the latest patches. Availabilityftp://ftp.cs.berkeley.edu/pub/sendmail Sendmail wrapperDescriptionThe sendmail wrapper provides limited protection against local sendmail attacks. Availabilityftp://ftp.auscert.org.au/security/tools ShadowDescriptionThis package includes everything that is necessary to use a shadow password file. Availabilityftp://ftp.cc.utexas.edu/source/development/languages/perl-stuff/UT/Solaris2/Shadow/ SHADOWDescriptionIntrusion detection system based on TCPdump. Availabilityhttp://www.nswc.navy.mil/ISSEC/CID SmrshDescriptionSmrsh is a restricted shell for sendmail to limit the number of programs that can be executed by sendmail. AvailabilitySNMP ProbesDescriptionGains detailed information about a network and its hosts. Availabilityftp://lancaster.andrew.cmu.edu/pub/snmp-dist SquidDescriptionFull-feature Web proxy caching software that supports Internet Caching Protocol (ICP) and Secure Socket Layer (SSL). AvailabilitySSHDescriptionSSH (Secure Shell) is an enhanced version of rlogin, rsh and rcp that provides RSA authentication and communication encryption as well as many other security improvements. (Export restrictions apply.) AvailabilityStrobeDescriptionStrobe displays all active listening TCP ports on remote hosts. It uses an algorithm that efficiently uses network bandwidth. Availabilityftp://ftp.auscert.org.au/pub/coast/tools/unix/ SudoDescriptionSudo allows a system administrator to give limited root privileges to users and log their activities. This version of Sudo also is known as CU-sudo. Availabilityftp://ftp.cs.colorado.edu/pub/sudo SWATCHDescriptionSWATCH or Simple Watcher monitors log files created by syslog, and allows the system administrator to take specific actions (e.g. e-mail or page the administrator) when logged events or patterns of events occur. Availabilityftp://coast.cs.purdue.edu/pub/tools/unix ftp://ftp.stanford.edu/general/security-tools/swatch TCP WrapperDescriptionControls access to various network services through the use of an access control list. It also provides logging information of wrapped network services that may be used to prevent or monitor of network attacks. Availabilityftp://ftp.win.tue.nl /pub/security TcpdumpDescriptionIt captures and dumps protocol packets to monitor or debug a network. AvailabilityTigerDescriptionTiger is a set of scripts to scan a UNIX system looking for security problems, a la COPS. Availabilityftp://ftp.auscert.org.au/pub/coast/tools/unix/TAMU ftp://coast.cs.purdue.edu/pub/tools/unix/tiger/TAMU TkloggerDescriptionTklogger monitors log files in realtime (almost) on a user-defined polling interval. You can split messages into low or high priority. It watches log files generated by syslog. Availabilityftp://ftp.eng.auburn.edu/pub/doug/tklogger TracerouteDescriptionTraceroute traces the route IP packets take from the current system to a destination system. Availabilityftp://ftp.psc.edu/pub/net_tools TrimlogDescriptionTrimlog helps you manage log files by reading a configuration file to determine what files to trim, how to trim them, and how much they should be trimmed. Availabilityftp://coast.cs.purdue.edu/pub/tools/unix TripwireDescriptionTripwire measures all changes to a UNIX file system. It compares stored values set in the configuration file to calculated values when the program runs. Availabilityftp://coast.cs.purdue.edu/pub/tools/unix http://www.tripwiresecurity.com TTY-WatcherDescriptionTTY-Watcher monitors, logs and interacts with all tty. Availabilityftp://coast.cs.purdue.edu/pub/tools/unix Wu-ftpdDescriptionA replacement ftp server for UNIX systems that includes extensive logging and a way to limit the number of ftp users. AvailabilityXinetdDescriptionA replacement for inetd with extensive logging and access control capabilities for both TCP and UDP services. Availabilityftp://ftp.cdrom.com/.37/security/coast/mirrors/ftp.topsail.org/xinetd/ |