Software for Audit and Security Professionals
Blackhat Security Testing Tools
Tools for Audit and Security Professionals
- Software for Audit and Security Professionals
AAFID
Description
AAFID (Autonomous Agents for Intrusion Detection) is a distributed monitoring and intrusion detection system that employs small stand-alone programs (Agents) to perform monitoring functions in the hosts of a network
Availability
ftp://coast.cs.purdue.edu/pub/COAST/tools/AAFID/
Argus
Description
Argus is a powerful tool for monitoring IP networks. It provides tools for sophisticated analysis of network activity that can be used to verify the enforcement of network security policies, network performance analysis and more.
Availability
Arpwatch
Description
An ethernet monitor program that keeps tracks of ethernet/IP address pairings.
Availability
Advanced Security audit trail Analysis on uniX (ASAX)
Description
System that helps system administrators process and analyze data maintained in log files. There are two versions: a single host audit trail analysis version and a distributed audit trail analysis version.
Availability
ftp://ftp.auscert.org.au/pub/coast/tools/unix/
Bastille
Description
Software that helps new sysadmins harden Red Hat Linux.
Availability
CHKACCT
Description
Checks the settings and security of the current user's account and prints explanatory messages to the user about how to fix the problems.
Availability
ftp://coast.cs.purdue.edu/pub/tools/unix
CHKLASTLOG
Description
Analyzes the lastlog file to ensure that no entries have been deleted.
Availability
CHKWTMP
Description
Analyzes the WTMP file to ensure that no entries have been deleted.
Availability
Computer Oracle and Password System (COPS)
Description
Checks UNIX systems for common security problems.
Availability
ftp://coast.cs.purdue.edu/pub/tools/unix
Courtney
Description
A program that tries to identify the use of SATAN on a subnet. The program tcpdump also is needed to run Courtney.
Availability
ftp://ciac.llnl.gov/pub/ciac/sectools/unix
CPM
Description
CPM is a Check for network interfaces in Promiscuous Mode, of those workstations that might run a sniffer.
Availability
ftp://ciac.llnl.gov/pub/ciac/sectools/unix
Crack
Description
Crack is a password cracker.
Availability
ftp://sable.ox.ac.uk/pub/comp/security/COAST/tools/unix
Cracklib
Description
Checks plaintext words against those generated by Crack.
Availability
ftp://sable.ox.ac.uk/pub/comp/security/COAST/tools/unix
Deslogin
Description
Provides a more secure method for remote login than telnet or rlogin in untrusted networks. Deslogin encrypts the connection using DES.
Availability
ftp://ftp.uu.net/pub/security/des/
Domain Internet Groper (DIG)
Description
Dig is a network utility that queries Domain Name Servers. It is similar to nslookup, but more flexible.
Availability
Drawbridge
Description
Powerful bridging filter package.
Availability
ftp://ftp.cert.dfn.de/pub/tools/net/drawbridge/
Domain Obscenity Control (DOC)
Description
Diagnoses misbehaving domains by sending queries off to the appropriate nameservers and performing simple anlaysis of the responses.
Availability
ftp://coast.cs.purdue.edu/pub/tools/unix
Fping
Description
An efficient way to test whether a large number of hosts are up.
Availability
ftp://ftp.cdrom.com/.25/FreeBSD/distfiles/fping/
Fremont
Description
Fremont is a network topology discovery program.
Availability
ftp://ftp.cs.colorado.edu/pub/cs/distribs/fremont
Gabriel
Description
Gives the system administrator an early warning of a possible network intrusion by detecting and identifying unauthorized network probing.
Availability
GhostScript
Description
A PostScript interpreter.
Availability
http://www.cs.wisc.edu/~ghost/
GNU Privacy Guard (GPG)
Description
A free relpacement for PGP that uses no patented algorithms and supports OpenPGP.
Availability
Hobgoblin
Description
Checks file system consistency against a description for conformity between the described and actual file properties.
Availability
ftp://coast.cs.purdue.edu//pub/tools/unix
Ident-Scan
Description
A TCP scanner that among other functions retrieves the username owning the daemon running on the specified port, by sending out an ident request to identd. Useful for determining who is running daemons on high ports or searching for misconfigurations such as httpd running as root, other daemons running under the wrong uids.
Availability
IFSTATUS
Description
Checks the network interfaces for any in debug or promiscuous mode.
Availability
ftp://coast.cs.purdue.edu/pub/tools/unix
Internet Security Scanner (ISS)
Description
Checks hosts within a specified range of IP address for various security vulnerabilities in sendmail, anonymous FTP setup, NFS and many more.
Availability
IPACL
Description
Filters incoming and outgoing TCP and UDP in a SVR4/386 kernel.
Availability
ftp://ftp.win.tue.nl /pub/security
IPchains
Description
Linux firewall implementation.
Availability
http://www.rustcorp.com/linux/ipchains
IPmasquerade
Description
Linux network address translation (NAT) implementation.
Availability
Klaxon
Description
Detects portscanner attacks such as ISS and SATAN.
Availability
ftp://coast.cs.purdue.edu//pub/tools/unix
Latrodectus Cyberneticus
Description
Designed to probe sites looking for PERL executables in cgi-bin.
Availability
Linux FreeS/WAN
Description
IPSec/IKE implementation for building secure channels and VPNs.
Availability
http://www.xs4all.nl/~freeswan
Logcheck
Description
Checks logs and sends e-mail alerts.
Availability
http://www.psionic.com/abacus/logcheck
Logdaemon
Description
Replacement for system ftp, rlogin, rexec, rsh daemons and the login program that has added security features such as login in failures and S/Key one-time password support.
Availability
ftp://ftp.win.tue.nl /pub/security
LSOF
Description
Lists all open files being used by running processes, to help determine whether a process is benign or malicious software.
Availability
ftp://ftp.digex.net/.10/FreeBSD/FreeBSD-current/ports/sysutils/lsof/
Nessus
Description
Security scanner intended to update and extend SATAN.
Availability
Netcat
Description
Netcat aids with bug testing, port scanning, address spoofing, buffer overflowing, and any other server testing or simulation you want.
Availability
ftp://avian.org:/src/hacks/nc100.tgz
Netlog
Description
Network logging and monitoring for all TCP and UDP connections on a subnet. Netlog also includes tools for analyzing the output.
TCPLOGGER: Logs all TCP connections on a subnet
UDPLOGGER: Logs all UDP connections on a subnet
EXTRACT: Processes the logs generated by tcplogger and udplogger
Availability
ftp://ftp.auscert.org.au/pub/coast/tools/unix/
New COPS Analysis and Report Program (NCARP)
Description
Data analysis tool for viewing and analyzing multiple COPS result files.
Availability
ftp://coast.cs.purdue.edu/pub/tools/unix
NFSWatch
Description
NFSWatch monitors NFS requests and measures response time for each RPC. It also logs reply traffic.
Availability
ftp://coast.cs.purdue.edu/pub/tools/unix
Npasswd
Description
A replacement for the system passwd command that does not accept poor passwords.
Availability
ftp://ftp.cc.utexas.edu/people/clyde/npasswd/
OpenBSD
Description
Secure and free multi-platform OS that includes strong encryption.
Availability
OpenSSH
Description
Secure shell for terminal emulation and file transfer; replace Telnet.
Availability
Osh
Description
Osh is a restricted C shell that allows the administrator to control access to files and directories and to provide logging.
Availability
ftp://ftp.auscert.org.au/pub/coast/tools/unix/
Passwd+
Description
Passwd+ is a proactive password checker that replaces the system passwd command. It enforces the selection of good passwords.
Availability
ftp://ftp.dartmouth.edu/pub/security
PGP
Description
Pretty Good Privacy (PGP) protects documents such as e-mail from unauthorized reading using public key encryption. (Some versions are export restricted.)
Availability
ftp://ftp.eff.org/pub/Net_info/Tools/Crypto/PGP/
Portmapper
Description
It is a modified version of portmapper that reduces the vulnerabilities and disallows proxy access.
Availability
ftp://ftp.win.tue.nl /pub/security
RAUDIT
Description
PERL script that audits each user's .rhosts file and reports on total number of rhosts entries, total number of non-operations entries, total number of remote entries and illegal entries.
Availability
ftp://coast.cs.purdue.edu/pub/tools/unix
RIACS Auditing Package
Description
File scanning system for auditing a file system for possible security or accounting problems.
Availability
ftp://coast.cs.purdue.edu/pub/tools/unix
RIPEM
Description
Riordan's Internet Privacy Enhanced Mail (RIPEM) improves the security of e-mail by verifying the authenticity of the message sender among other things. (Export restricted.)
Availability
ftp://ftp.uwo.ca/pub/unix/network/WWW/SSLeay-0.9.0b/crypto/ripemd/
Rpcbind
Description
A modified version of rpcbind (System V.4 portmapper) that prevents intruders from bypassing NFS export restrictions.
Availability
ftp://ftp.win.tue.nl /pub/security
Rsucker
Description
Acts as a fake r* daemon and logs attempts in syslog.
Availability
ftp://coast.cs.purdue.edu/pub/tools/unix
SAINT
Description
Security scanner.
Availability
http://wwdsilx.wwdsi.com/saint
SATAN
Description
SATAN is a program that gathers network information such as the type of machines and services available on the machines as well as potential security flaws.
Availability
ftp://ftp.win.tue.nl /pub/security
Scan-Detector
Description
Scan-detector determines when an automated scan of UDP/TCP ports is being done on a host running this program. Logs to either syslog or strerr.
Availability
ftp://coast.cs.purdue.edu/pub/tools/unix
Screend
Description
Screend lets you add packet filtering to the kernel of BSD-based UNIX systems.
Availability
Security Profile Inspector (SPI)
Description
SPI performs functions similar to COPS and Tripwire, and tracks important security patches on a per-platform basis. Limited government distribution.
Availability
ftp://cert.unisa.it/pub/Tools/Admin/SPI/
Securscan
Description
Securscan checks SGIs for many security vulnerabilities.
Availability
ftp://ftp.vis.colostate.edu/securescan/securscan/
Sendmail
Description
A replacement for the system sendmail. This version includes all of the latest patches.
Availability
ftp://ftp.cs.berkeley.edu/pub/sendmail
Sendmail wrapper
Description
The sendmail wrapper provides limited protection against local sendmail attacks.
Availability
ftp://ftp.auscert.org.au/security/tools
Shadow
Description
This package includes everything that is necessary to use a shadow password file.
Availability
ftp://ftp.cc.utexas.edu/source/development/languages/perl-stuff/UT/Solaris2/Shadow/
SHADOW
Description
Intrusion detection system based on TCPdump.
Availability
http://www.nswc.navy.mil/ISSEC/CID
Smrsh
Description
Smrsh is a restricted shell for sendmail to limit the number of programs that can be executed by sendmail.
Availability
SNMP Probes
Description
Gains detailed information about a network and its hosts.
Availability
ftp://lancaster.andrew.cmu.edu/pub/snmp-dist
Squid
Description
Full-feature Web proxy caching software that supports Internet Caching Protocol (ICP) and Secure Socket Layer (SSL).
Availability
SSH
Description
SSH (Secure Shell) is an enhanced version of rlogin, rsh and rcp that provides RSA authentication and communication encryption as well as many other security improvements. (Export restrictions apply.)
Availability
Strobe
Description
Strobe displays all active listening TCP ports on remote hosts. It uses an algorithm that efficiently uses network bandwidth.
Availability
ftp://ftp.auscert.org.au/pub/coast/tools/unix/
Sudo
Description
Sudo allows a system administrator to give limited root privileges to users and log their activities. This version of Sudo also is known as CU-sudo.
Availability
ftp://ftp.cs.colorado.edu/pub/sudo
SWATCH
Description
SWATCH or Simple Watcher monitors log files created by syslog, and allows the system administrator to take specific actions (e.g. e-mail or page the administrator) when logged events or patterns of events occur.
Availability
ftp://coast.cs.purdue.edu/pub/tools/unix
ftp://ftp.stanford.edu/general/security-tools/swatch
TCP Wrapper
Description
Controls access to various network services through the use of an access control list. It also provides logging information of wrapped network services that may be used to prevent or monitor of network attacks.
Availability
ftp://ftp.win.tue.nl /pub/security
Tcpdump
Description
It captures and dumps protocol packets to monitor or debug a network.
Availability
Tiger
Description
Tiger is a set of scripts to scan a UNIX system looking for security problems, a la COPS.
Availability
ftp://ftp.auscert.org.au/pub/coast/tools/unix/TAMU
ftp://coast.cs.purdue.edu/pub/tools/unix/tiger/TAMU
Tklogger
Description
Tklogger monitors log files in realtime (almost) on a user-defined polling interval. You can split messages into low or high priority. It watches log files generated by syslog.
Availability
ftp://ftp.eng.auburn.edu/pub/doug/tklogger
Traceroute
Description
Traceroute traces the route IP packets take from the current system to a destination system.
Availability
ftp://ftp.psc.edu/pub/net_tools
Trimlog
Description
Trimlog helps you manage log files by reading a configuration file to determine what files to trim, how to trim them, and how much they should be trimmed.
Availability
ftp://coast.cs.purdue.edu/pub/tools/unix
Tripwire
Description
Tripwire measures all changes to a UNIX file system. It compares stored values set in the configuration file to calculated values when the program runs.
Availability
ftp://coast.cs.purdue.edu/pub/tools/unix
http://www.tripwiresecurity.com
TTY-Watcher
Description
TTY-Watcher monitors, logs and interacts with all tty.
Availability
ftp://coast.cs.purdue.edu/pub/tools/unix
Wu-ftpd
Description
A replacement ftp server for UNIX systems that includes extensive logging and a way to limit the number of ftp users.
Availability
Xinetd
Description
A replacement for inetd with extensive logging and access control capabilities for both TCP and UDP services.
Availability
ftp://ftp.cdrom.com/.37/security/coast/mirrors/ftp.topsail.org/xinetd/