Pode interessar......
[ ]�s
Leandro Guimar�es
Analista de Suporte
AGA S.A.
Tel: (0xx21) 546-1014 ext:227
Fax:(0xx21) 543-1279
email: [EMAIL PROTECTED]
Top 50 Security Tools
Nessus http://www.nessus.org/
Description: Remote network
security auditor, the
client The Nessus Security
Scanner is a security
auditing tool. It makes possible
to test security
modules in an attempt to find
vulnerable spots that
should be fixed. . It is made up
of two parts: a
server, and a client. The
server/daemon, nessusd, is
in charge of the attacks, whereas
the client, nessus,
interferes with the user through
nice X11/GTK+
interface. . This package
contains the GTK+ 1.2
client, which exists in other
forms and on other
platforms, too.
Netcat http://www.l0pht.com/~weld/netcat/
Note: This is an unofficial site
Description: TCP/IP swiss army knife A
simple Unix utility
which reads and writes data across
network connections
using TCP or UDP protocol. It is
designed to be a reliable
"back-end" tool that can be used
directly or easily driven
by other programs and scripts. At the
same time it is a
feature-rich network debugging and
exploration tool, since
it can create almost any kind of
connection you would need
and has several interesting built-in
capabilities.
Tcpdump http://www.tcpdump.org/
Description: A powerful tool for
network monitoring
and data acquisition This program
allows you to dump
the traffic on a network. It can
be used to print out
the headers of packets on a
network interface that
matches a given expression. You
can use this tool to
track down network problems, to
detect "ping attacks"
or to monitor the network
activities.
Snort http://www.snort.org/
Description: flexible packet
sniffer/logger that
detects attacks Snort is a
libpcap-based packet
sniffer/logger which can be used
as a lightweight
network intrusion detection
system. It features rules
based logging and can perform
content
searching/matching in addition to
being used to detect
a variety of other attacks and
probes, such as buffer
overflows, stealth port scans,
CGI attacks, SMB
probes, and much more. Snort has
a real-time alerting
capability, with alerts being
sent to syslog, a
separate "alert" file, or even to
a Windows computer
via Samba.
Saint http://www.wwdsi.com/saint/
Description: SAINT (Security
Administrator's Integrated
Network Tool) is a security
assesment tool based on
SATAN. Features include scanning
through a firewall,
updated security checks from CERT &
CIAC bulletins, 4
levels of severity (red, yellow,
brown, & green) and a
feature rich HTML interface.
Ethereal http://ethereal.zing.org/
Description: Network traffic
analyzer Ethereal is a
network traffic analyzer, or
"sniffer", for Unix and
Unix-like operating systems. It
uses GTK+, a graphical
user interface library, and
libpcap, a packet capture
and filtering library.
Whisker http://www.wiretrip.net/rfp/p/doc.asp?id=21&iface=2
Description: Rain.Forest.Puppy's excellent CGI
vulnerability scanner
Internet Security Scanner http://www.iss.net/
Note: This tool costs
significant $$$ to use,
and does not come with
source code.
Description: A popular
commercial network
security scanner.
Abacus Portsentry
http://www.psionic.com/abacus/portsentry/
Description: Portscan detection daemon
PortSentry has the
ability to detect portscans(including
stealth scans) on the
network interfaces of your machine.
Upon alarm it can block
the attacker via hosts.deny, dropped
route or firewall
rule. It is part of the Abacus program
suite. . Note: If
you have no idea what a port/stealth
scan is, I'd recommend
to have a look at
http://www.psionic.com/abacus/portsentry/
before installing this package.
Otherwise you might easily
block hosts you'd better not(e.g. your
NFS-server,
name-server, ...).
DSniff
http://naughty.monkey.org/~dugsong/dsniff/
Description: A suite of powerful for
sniffing networks for
passwords and other information. Includes
sophisticated
techniques for defeating the "protection"
of network
switchers.
Tripwire http://www.tripwire.com/
Note: Depending on usage, this
tool may have expensive
licensing feesassociated with it.
Description: A file and directory
integrity checker.
Tripwire is a tool that aids
system administrators and
users in monitoring a designated
set of files for any
changes. Used with system files
on a regular (e.g.,
daily) basis, Tripwire can notify
system
administrators of corrupted or
tampered files, so
damage control measures can be
taken in a timely
manner.
Cybercop Scanner
http://www.pgp.com/asp_set/products/tns/ccscanner_intro.asp
Note: This tool costs significant $$$ to use,
and does not
come with source code. A powerful demo
version is available
for testing.
Description: Another popular commercial
scanner
Hping2 http://www.kyuzz.org/antirez/hping/
Description: hping2 is a network
tool able to send custom
ICMP/UDP/TCP packets and to display
target replies like ping does with
ICMP replies. It handles
fragmentation and arbitrary packet
body and size, and can be used to
transfer files under supported
protocols. Using hping2, you can:
test firewall rules, perform
[spoofed] port scanning, test net
performance using different
protocols, packet size, TOS (type
of service), and fragmentation, do
path MTU discovery, tranfer files
(even between really Fascist
firewall rules), perform
traceroute-like actions under
different protocols, fingerprint
remote OSs, audit a TCP/IP stack,
etc. hping2 is a good tool for
learning TCP/IP.
SARA http://www-arc.com/sara/
Description: The Security Auditor's
Research Assistant
(SARA) is a third generation
security analysis tool that
is based on the SATAN model which
is covered by the GNU
GPL-like open license. It is
fostering a collaborative
environment and is updated
periodically to address
latest threats.
Sniffit
http://reptile.rug.ac.be/~coder/sniffit/sniffit.html
Description: packet sniffer and monitoring
tool sniffit is a
packet sniffer for TCP/UDP/ICMP packets.
sniffit is able to
give you very detailed technical info on
these packets (SEC,
ACK, TTL, Window, ...) but also packet
contents in different
formats (hex or plain text, etc. ).
SATAN http://www.fish.com/satan/
Description: Security Auditing
Tool for Analysing
Networks This is a powerful tool
for analyzing networks
for vulnerabilities created for
sysadmins that cannot
keep a constant look at bugtraq,
rootshell and the
like.
IPFilter http://coombs.anu.edu.au/ipfilter/
Description: IP Filter is a TCP/IP
packet filter, suitable
for use in a firewall environment. To
use, it can either
be used as a loadable kernel module
orincorporated into
your UNIX kernel; use as a loadable
kernel module where
possible is highly recommended.
Scripts are provided to
install and patch system files, as
required.
iptables/netfilter/ipchains/ipfwadm
http://netfilter.kernelnotes.org/
Description: IP packet
filter administration
for 2.4.X kernels
Iptables is used to set up,
maintain, and inspect the
tables of IP packet
filter rules in the Linux
kernel. The iptables
tool also supports
configuration of dynamic
and static network
address translation.
Firewalk
http://www.packetfactory.net/Projects/Firewalk/
Description: Firewalking is a technique
developed by MDS and
DHG that employs traceroute-like
techniques to analyze IP
packet responses to determine gateway ACL
filters and map
networks. Firewalk the tool employs the
technique to determine
the filter rules in place on a packet
forwarding device. The
newest version of the tool, firewalk/GTK
introduces the option
of using a graphical interface and a few
bug fixes.
Strobe http://www.insecure.org/nmap/index.html#other
Description: A "Classic" high-speed TCP port
scanner
L0pht Crack http://www.l0pht.com/l0phtcrack/
Note: No source code is included
(except in research
version) and their is a $100
registration fee.
Description: L0phtCrack is an NT
password auditting tool.
It willcompute NT user passwords from
the cryptographic
hashes that are stored by the NT
operation system.
L0phtcrack can obtain the hashes
through many sources
(file, network sniffing, registry,
etc) and it has
numerous methods of generating
password guesses
(dictionary, brute force, etc).
John The Ripper http://www.openwall.com/john/
Description: An active password
cracking tool john,
normally called john the ripper,
is a tool to find
weak passwords of your users.
Hunt http://www.cri.cz/kra/index.html#HUNT
Description: Advanced packet sniffer and
connection
intrusion. Hunt is a program for
intruding into a
connection, watching it and resetting
it. . Note that hunt
is operating on Ethernet and is best
used for connections
which can be watched through it.
However, it is possible to
do something even for hosts on another
segments or hosts
that are on switched ports.
OpenSSH / SSH http://www.openssh.com/
http://www.ssh.com/commerce/index.html
Note: The ssh.com version cost money
for some uses, but source code is
available.
Description: Secure rlogin/rsh/rcp
replacement (OpenSSH) OpenSSH is
derived from OpenBSD's version of ssh,
which was in turn derived from ssh
code from before the time when ssh's
license was changed to be non-free.
Ssh (Secure Shell) is a program for
logging into a remote machine and for
executing commands on a remote
machine. It provides secure encrypted
communications between two untrusted
hosts over an insecure network. X11
connections and arbitrary TCP/IP ports
can also be forwarded over the secure
channel. It is intended as a
replacement for rlogin, rsh and rcp,
and can be used to provide rdist, and
rsync with a secure communication
channel.
tcp wrappers
ftp://ftp.porcupine.org/pub/security/index.html
Description: Wietse Venema's TCP
wrappers library Wietse
Venema's network logger, also known as
TCPD or LOG_TCP. .
These programs log the client host name
of incoming telnet,
ftp, rsh, rlogin, finger etc. requests.
Security options are:
access control per host, domain and/or
service; detection of
host name spoofing or host address
spoofing; booby traps to
implement an early-warning system.
Ntop http://www.ntop.org/
Description: display network
usage in top-like format
ntop is a Network Top program. It
displays a summary
of network usage by machines on
your network in a
format reminicent of the unix top
utility. . It can
also be run in web mode, which
allows the display to
be browsed with a web browser.
traceroute/ping/telnet http://www.linux.com/
Description: These are
utilities that virtually
all UNIX boxes already
have. In fact, even
Windows NT has them ( but
the traceroute command
is called tracert ).
NAT (NetBIOS Auditing Tool)
http://www.tux.org/pub/security/secnet/tools/nat10/
Note: This is an unofficial download
site.
Description: The NetBIOS Auditing Tool
(NAT) is designed to
explorethe NETBIOS file-sharing services
offered by the
target system. It implements a stepwise
approach to gather
information and attempt to obtain file
system-level access
as though it were a legitimate local
client.
scanlogd http://www.openwall.com/scanlogd/
Description: A portscan detecting
tool Scanlogd is a
daemon written by Solar Designer to
detect portscan
attacks on your maschine.
Sam Spade http://samspade.org/t/
http://www.samspade.org/
Description: Online tools for
investigating IP addresses and
tracking down spammers.
NFR http://www.nfr.com/
Note: Source code was once freely
available but I do
not know if this is still the
case. Some usage may
cost money.
Description: A commercial
sniffing application for
creating intrusiondetection
systems. Source code was
at one time available, but I do
not know if that is
still the case.
logcheck http://www.psionic.com/abacus/logcheck/
Description: Mails anomalies in the
system logfiles to the
administrator Logcheck is part of the
Abacus Project of
security tools. It is a program created
to help in the
processing of UNIX system logfiles
generated by the various
Abacus Project tools, system daemons,
Wietse Venema's TCP
Wrapper and Log Daemon packages, and
the Firewall Toolkit�
by Trusted Information Systems
Inc.(TIS). . Logcheck helps
spot problems and security violations
in your logfiles
automatically and will send the results
to you in e-mail.
This program is free to use at any
site. Please read the
disclaimer before you use any of this
software.
Perl http://www.perl.org/
Description: A very powerful
scripting language which
is often used to create
"exploits" for the purpose of
verifying security
vulnerabilities. Of course, it is
also used for all sorts of other
things.
Ngrep
http://www.packetfactory.net/Projects/ngrep/
Description: grep for network traffic
ngrep strives to provide
most of GNU grep's common features,
applying them to the
network layer. ngrep is a pcap-aware tool
that will allow you
to specify extended regular expressions
to match against data
payloads of packets. It currently
recognizes TCP, UDP and ICMP
across Ethernet, PPP, SLIP and null
interfaces, and
understands bpf filter logic in the same
fashion as more
common packet sniffing tools, such as
tcpdump and snoop.
Cheops http://www.marko.net/cheops/
Description: A GTK based network
"swiss-army-knife"
Cheops gives a simple interface to
most network
utilities, maps local or remote
networks and can show OS
types of the machines on the
network.
Vetescan http://www.self-evident.com/
Description: Vetescan is a bulk
vulnerability scanner
which contains programs to check
for and/or exploit
many remote network security
exploits that are known
for Windows or UNIX. It includes
various programs for
doing different kinds of scanning.
Fixes for
vulnerablities are included along
with the exploits.
Retina http://www.eeye.com/html/Products/Retina.html
Note: Commercial product with no source code
available. A demo binary is available for
testing.
Description: A commercial security scanner by the
great guys at eeye.
Libnet http://www.packetfactory.net/libnet/
Description: Routines for the
construction and handling of network
packets. libnet provides a portable
framework for low-level network
packet writing and handling. .
Libnet features portable packet
creation interfaces at the IP layer
and link layer, as well as a host of
supplementary functionality. Still
in it's infancy however, the library
is evolving quite a bit. Additional
functionality and stability are
added with each release. . Using
libnet, quick and simple packet
assembly applications can be whipped
up with little effort. With a bit
more time, more complex programs can
be written (Traceroute and ping were
easily rewritten using libnet and
libpcap).
Crack / Libcrack http://www.users.dircon.co.uk/~crypto/
Description: Crack 5 is an update
version of Alec
Muffett's classiclocal password
cracker. Traditionally
these allowed any user of a system to
crack the
/etc/passwd and determine the
passwords of other users (or
root) on the system. Modern systems
require you to obtain
read access to /etc/shadow in order to
perform this. It is
still a good idea for sysadmins to run
a cracker
occasionally to verify that all users
have strong
passwords.
Cerberus Internet Scanner
http://www.cerberus-infosec.co.uk/cis.shtml
Description: CIS is a free security
scanner written and
maintained by Cerberus Information
Security, Ltd and is
designed to help administrators
locate and fix security
holes in their computer systems. Runs
on Windows NT or
2000. No source code is provided.
Swatch http://www.stanford.edu/~atkins/swatch/
Description: Swatch was originally
written to actively
monitor messages as they were written
to a log file via the
UNIX syslog utility. It has multiple
methods of alarming,
both visually and by triggering events.
The perfect tools
for a master loghost. This is a beta
release of version 3.0,
so please use it with caution. The code
is still slightly
ahead of the documentation, but
examples exist. NOTE: Works
flawlessly on Linux (RH5), BSDI and
Solaris 2.6 (patched).
OpenBSD http://www.openbsd.org/
Description: The OpenBSD project
produces a FREE,
multi-platform 4.4BSD-based
UNIX-like operating
system. Our efforts place
emphasis on portability,
standardization, correctness,
security, and
cryptography. OpenBSD supports
binary emulation of
most programs from SVR4
(Solaris), FreeBSD, Linux,
BSDI, SunOS, and HPUX.
Nemesis http://celerity.bartoli.org/nemesis/
Description: The Nemesis Project is
designed to be
acommandline-based, portable human IP
stack for
UNIX/Linux. The suite is broken down
by protocol, and
should allow for useful scripting of
injected packet
streams from simple shell scripts.
LSOF
ftp://vic.cc.purdue.edu/pub/tools/unix/lsof/
Description: List open files. Lsof is a
Unix-specific
diagnostic tool. Its name stands for LiSt
Open Files, and it
does just that. It lists information
about any files that are
open by processes current running on the
system. The binary
is specific to kernel version 2.2
Lids http://www.turbolinux.com.cn/lids/
Description: The LIDS is an intrusion
detection/defense
system inLinux kernel. The goal is to
protect linux systems
against root intrusions, by disabling
some system calls in
the kernel itself. As you sometimes
need to administrate
the system, you can disable LIDS
protection.
IPTraf http://cebu.mozcom.com/riker/iptraf/
Description: Interactive Colorful IP
LAN Monitor IPTraf is
an ncurses-based IP LAN monitor that
generates various
network statistics including TCP info,
UDP counts, ICMP and
OSPF information, Ethernet load info,
node stats, IP
checksum errors, and others. . Note
that since 2.0.0 IPTraf
requires a kernel >= 2.2
IPLog http://ojnk.sourceforge.net/
Description: iplog is a TCP/IP
traffic logger.
Currently, it is capable of logging
TCP, UDP and ICMP
traffic. iplog 2.0 is a complete
re-write of iplog 1.x,
resulting in greater portability
and better performance.
iplog 2.0 contains all the features
of iplog 1.x as well
as several new ones. Major new
features include a packet
filter and detection of more scans
and attacks. It
currently runs on Linux, FreeBSD,
OpenBSD, BSDI and
Solaris. Ports to other systems, as
well as any
contributions at all, are welcome
at this time.
Fragrouter
http://www.anzen.com/research/nidsbench/
Description: Fragrouter is aimed at
testing the correctness
of a NIDS,according to the specific
TCP/IP attacks listed in
the Secure Networks NIDS evasion paper.
[2] Other NIDS
evasion toolkits which implement these
attacks are in
circulation among hackers or publically
available, and it is
assumed that they are currently being
used to bypass NIDSs
Queso http://www.apostols.org/projectz/queso/
Note: A couple of the OS detection tests
in Queso were later
incorporated into Nmap. A paper we wrote
on OS detection is
available here.
Description: Guess the operating system
of a remote machine
by looking in the TCP replies.
GPG/PGP http://www.gnupg.org/
http://www.pgp.com/
Description: The GNU Privacy
Guard (GnuPG) is a
complete and free replacement
for PGP, developed in
Europe. Because it does not use
IDEA or RSA it can be
used without any restrictions.
GnuPG is a RFC2440
(OpenPGP) compliant application.
PGP is the famous
encryption program which helps
secure your data from
eavesdroppers and other risks.
|
