Lista de Discussão Rede Wan - http://www.networkdesigners.com.br
Pode interessar......
[ ]´s
Leandro Guimarães
Analista de Suporte
AGA S.A.
Tel: (0xx21) 546-1014 ext:227
Fax:(0xx21) 543-1279
email: [EMAIL PROTECTED]
Top 50 Security Tools
Nessus http://www.nessus.org/
Description: Remote network security
auditor, the
client The Nessus Security Scanner is a
security
auditing tool. It makes possible to test
security
modules in an attempt to find vulnerable
spots that
should be fixed. . It is made up of two
parts: a
server, and a client. The server/daemon,
nessusd, is
in charge of the attacks, whereas the
client, nessus,
interferes with the user through nice
X11/GTK+
interface. . This package contains the
GTK+ 1.2
client, which exists in other forms and
on other
platforms, too.
Netcat http://www.l0pht.com/~weld/netcat/
Note: This is an unofficial site
Description: TCP/IP swiss army knife A simple
Unix utility
which reads and writes data across network
connections
using TCP or UDP protocol. It is designed to
be a reliable
"back-end" tool that can be used directly or
easily driven
by other programs and scripts. At the same
time it is a
feature-rich network debugging and
exploration tool, since
it can create almost any kind of connection
you would need
and has several interesting built-in
capabilities.
Tcpdump http://www.tcpdump.org/
Description: A powerful tool for network
monitoring
and data acquisition This program allows
you to dump
the traffic on a network. It can be used
to print out
the headers of packets on a network
interface that
matches a given expression. You can use
this tool to
track down network problems, to detect
"ping attacks"
or to monitor the network activities.
Snort http://www.snort.org/
Description: flexible packet
sniffer/logger that
detects attacks Snort is a libpcap-based
packet
sniffer/logger which can be used as a
lightweight
network intrusion detection system. It
features rules
based logging and can perform content
searching/matching in addition to being
used to detect
a variety of other attacks and probes,
such as buffer
overflows, stealth port scans, CGI
attacks, SMB
probes, and much more. Snort has a
real-time alerting
capability, with alerts being sent to
syslog, a
separate "alert" file, or even to a
Windows computer
via Samba.
Saint http://www.wwdsi.com/saint/
Description: SAINT (Security
Administrator's Integrated
Network Tool) is a security assesment tool
based on
SATAN. Features include scanning through a
firewall,
updated security checks from CERT & CIAC
bulletins, 4
levels of severity (red, yellow, brown, &
green) and a
feature rich HTML interface.
Ethereal http://ethereal.zing.org/
Description: Network traffic analyzer
Ethereal is a
network traffic analyzer, or "sniffer",
for Unix and
Unix-like operating systems. It uses
GTK+, a graphical
user interface library, and libpcap, a
packet capture
and filtering library.
Whisker http://www.wiretrip.net/rfp/p/doc.asp?id=21&iface=2
Description: Rain.Forest.Puppy's excellent CGI
vulnerability scanner
Internet Security Scanner http://www.iss.net/
Note: This tool costs
significant $$$ to use,
and does not come with
source code.
Description: A popular
commercial network
security scanner.
Abacus Portsentry http://www.psionic.com/abacus/portsentry/
Description: Portscan detection daemon
PortSentry has the
ability to detect portscans(including stealth
scans) on the
network interfaces of your machine. Upon
alarm it can block
the attacker via hosts.deny, dropped route or
firewall
rule. It is part of the Abacus program suite.
. Note: If
you have no idea what a port/stealth scan is,
I'd recommend
to have a look at
http://www.psionic.com/abacus/portsentry/
before installing this package. Otherwise you
might easily
block hosts you'd better not(e.g. your
NFS-server,
name-server, ...).
DSniff http://naughty.monkey.org/~dugsong/dsniff/
Description: A suite of powerful for sniffing
networks for
passwords and other information. Includes
sophisticated
techniques for defeating the "protection" of
network
switchers.
Tripwire http://www.tripwire.com/
Note: Depending on usage, this tool may
have expensive
licensing feesassociated with it.
Description: A file and directory
integrity checker.
Tripwire is a tool that aids system
administrators and
users in monitoring a designated set of
files for any
changes. Used with system files on a
regular (e.g.,
daily) basis, Tripwire can notify system
administrators of corrupted or tampered
files, so
damage control measures can be taken in
a timely
manner.
Cybercop Scanner
http://www.pgp.com/asp_set/products/tns/ccscanner_intro.asp
Note: This tool costs significant $$$ to use, and
does not
come with source code. A powerful demo version is
available
for testing.
Description: Another popular commercial scanner
Hping2 http://www.kyuzz.org/antirez/hping/
Description: hping2 is a network
tool able to send custom
ICMP/UDP/TCP packets and to display
target replies like ping does with
ICMP replies. It handles
fragmentation and arbitrary packet
body and size, and can be used to
transfer files under supported
protocols. Using hping2, you can:
test firewall rules, perform
[spoofed] port scanning, test net
performance using different
protocols, packet size, TOS (type
of service), and fragmentation, do
path MTU discovery, tranfer files
(even between really Fascist
firewall rules), perform
traceroute-like actions under
different protocols, fingerprint
remote OSs, audit a TCP/IP stack,
etc. hping2 is a good tool for
learning TCP/IP.
SARA http://www-arc.com/sara/
Description: The Security Auditor's
Research Assistant
(SARA) is a third generation security
analysis tool that
is based on the SATAN model which is
covered by the GNU
GPL-like open license. It is fostering a
collaborative
environment and is updated periodically to
address
latest threats.
Sniffit
http://reptile.rug.ac.be/~coder/sniffit/sniffit.html
Description: packet sniffer and monitoring tool
sniffit is a
packet sniffer for TCP/UDP/ICMP packets. sniffit
is able to
give you very detailed technical info on these
packets (SEC,
ACK, TTL, Window, ...) but also packet contents
in different
formats (hex or plain text, etc. ).
SATAN http://www.fish.com/satan/
Description: Security Auditing Tool for
Analysing
Networks This is a powerful tool for
analyzing networks
for vulnerabilities created for sysadmins
that cannot
keep a constant look at bugtraq,
rootshell and the
like.
IPFilter http://coombs.anu.edu.au/ipfilter/
Description: IP Filter is a TCP/IP packet
filter, suitable
for use in a firewall environment. To use,
it can either
be used as a loadable kernel module
orincorporated into
your UNIX kernel; use as a loadable kernel
module where
possible is highly recommended. Scripts are
provided to
install and patch system files, as required.
iptables/netfilter/ipchains/ipfwadm
http://netfilter.kernelnotes.org/
Description: IP packet filter
administration
for 2.4.X kernels Iptables is
used to set up,
maintain, and inspect the tables
of IP packet
filter rules in the Linux
kernel. The iptables
tool also supports configuration
of dynamic
and static network address
translation.
Firewalk http://www.packetfactory.net/Projects/Firewalk/
Description: Firewalking is a technique developed
by MDS and
DHG that employs traceroute-like techniques to
analyze IP
packet responses to determine gateway ACL filters
and map
networks. Firewalk the tool employs the technique
to determine
the filter rules in place on a packet forwarding
device. The
newest version of the tool, firewalk/GTK
introduces the option
of using a graphical interface and a few bug
fixes.
Strobe http://www.insecure.org/nmap/index.html#other
Description: A "Classic" high-speed TCP port
scanner
L0pht Crack http://www.l0pht.com/l0phtcrack/
Note: No source code is included (except in
research
version) and their is a $100 registration
fee.
Description: L0phtCrack is an NT password
auditting tool.
It willcompute NT user passwords from the
cryptographic
hashes that are stored by the NT operation
system.
L0phtcrack can obtain the hashes through
many sources
(file, network sniffing, registry, etc) and
it has
numerous methods of generating password
guesses
(dictionary, brute force, etc).
John The Ripper http://www.openwall.com/john/
Description: An active password cracking
tool john,
normally called john the ripper, is a
tool to find
weak passwords of your users.
Hunt http://www.cri.cz/kra/index.html#HUNT
Description: Advanced packet sniffer and
connection
intrusion. Hunt is a program for intruding into
a
connection, watching it and resetting it. .
Note that hunt
is operating on Ethernet and is best used for
connections
which can be watched through it. However, it is
possible to
do something even for hosts on another segments
or hosts
that are on switched ports.
OpenSSH / SSH http://www.openssh.com/
http://www.ssh.com/commerce/index.html
Note: The ssh.com version cost money
for some uses, but source code is
available.
Description: Secure rlogin/rsh/rcp
replacement (OpenSSH) OpenSSH is
derived from OpenBSD's version of ssh,
which was in turn derived from ssh
code from before the time when ssh's
license was changed to be non-free.
Ssh (Secure Shell) is a program for
logging into a remote machine and for
executing commands on a remote
machine. It provides secure encrypted
communications between two untrusted
hosts over an insecure network. X11
connections and arbitrary TCP/IP ports
can also be forwarded over the secure
channel. It is intended as a
replacement for rlogin, rsh and rcp,
and can be used to provide rdist, and
rsync with a secure communication
channel.
tcp wrappers ftp://ftp.porcupine.org/pub/security/index.html
Description: Wietse Venema's TCP wrappers
library Wietse
Venema's network logger, also known as TCPD or
LOG_TCP. .
These programs log the client host name of
incoming telnet,
ftp, rsh, rlogin, finger etc. requests.
Security options are:
access control per host, domain and/or service;
detection of
host name spoofing or host address spoofing;
booby traps to
implement an early-warning system.
Ntop http://www.ntop.org/
Description: display network usage in
top-like format
ntop is a Network Top program. It
displays a summary
of network usage by machines on your
network in a
format reminicent of the unix top
utility. . It can
also be run in web mode, which allows
the display to
be browsed with a web browser.
traceroute/ping/telnet http://www.linux.com/
Description: These are utilities
that virtually
all UNIX boxes already have. In
fact, even
Windows NT has them ( but the
traceroute command
is called tracert ).
NAT (NetBIOS Auditing Tool)
http://www.tux.org/pub/security/secnet/tools/nat10/
Note: This is an unofficial download site.
Description: The NetBIOS Auditing Tool (NAT) is
designed to
explorethe NETBIOS file-sharing services
offered by the
target system. It implements a stepwise
approach to gather
information and attempt to obtain file
system-level access
as though it were a legitimate local client.
scanlogd http://www.openwall.com/scanlogd/
Description: A portscan detecting tool
Scanlogd is a
daemon written by Solar Designer to detect
portscan
attacks on your maschine.
Sam Spade http://samspade.org/t/
http://www.samspade.org/
Description: Online tools for
investigating IP addresses and
tracking down spammers.
NFR http://www.nfr.com/
Note: Source code was once freely
available but I do
not know if this is still the case. Some
usage may
cost money.
Description: A commercial sniffing
application for
creating intrusiondetection systems.
Source code was
at one time available, but I do not know
if that is
still the case.
logcheck http://www.psionic.com/abacus/logcheck/
Description: Mails anomalies in the system
logfiles to the
administrator Logcheck is part of the Abacus
Project of
security tools. It is a program created to
help in the
processing of UNIX system logfiles generated
by the various
Abacus Project tools, system daemons, Wietse
Venema's TCP
Wrapper and Log Daemon packages, and the
Firewall Toolkit©
by Trusted Information Systems Inc.(TIS). .
Logcheck helps
spot problems and security violations in your
logfiles
automatically and will send the results to you
in e-mail.
This program is free to use at any site.
Please read the
disclaimer before you use any of this
software.
Perl http://www.perl.org/
Description: A very powerful scripting
language which
is often used to create "exploits" for
the purpose of
verifying security vulnerabilities. Of
course, it is
also used for all sorts of other things.
Ngrep http://www.packetfactory.net/Projects/ngrep/
Description: grep for network traffic ngrep
strives to provide
most of GNU grep's common features, applying
them to the
network layer. ngrep is a pcap-aware tool that
will allow you
to specify extended regular expressions to match
against data
payloads of packets. It currently recognizes
TCP, UDP and ICMP
across Ethernet, PPP, SLIP and null interfaces,
and
understands bpf filter logic in the same fashion
as more
common packet sniffing tools, such as tcpdump
and snoop.
Cheops http://www.marko.net/cheops/
Description: A GTK based network
"swiss-army-knife"
Cheops gives a simple interface to most
network
utilities, maps local or remote networks
and can show OS
types of the machines on the network.
Vetescan http://www.self-evident.com/
Description: Vetescan is a bulk
vulnerability scanner
which contains programs to check for
and/or exploit
many remote network security exploits that
are known
for Windows or UNIX. It includes various
programs for
doing different kinds of scanning. Fixes
for
vulnerablities are included along with the
exploits.
Retina http://www.eeye.com/html/Products/Retina.html
Note: Commercial product with no source code
available. A demo binary is available for
testing.
Description: A commercial security scanner by the
great guys at eeye.
Libnet http://www.packetfactory.net/libnet/
Description: Routines for the
construction and handling of network
packets. libnet provides a portable
framework for low-level network
packet writing and handling. .
Libnet features portable packet
creation interfaces at the IP layer
and link layer, as well as a host of
supplementary functionality. Still
in it's infancy however, the library
is evolving quite a bit. Additional
functionality and stability are
added with each release. . Using
libnet, quick and simple packet
assembly applications can be whipped
up with little effort. With a bit
more time, more complex programs can
be written (Traceroute and ping were
easily rewritten using libnet and
libpcap).
Crack / Libcrack http://www.users.dircon.co.uk/~crypto/
Description: Crack 5 is an update version of
Alec
Muffett's classiclocal password cracker.
Traditionally
these allowed any user of a system to crack
the
/etc/passwd and determine the passwords of
other users (or
root) on the system. Modern systems require
you to obtain
read access to /etc/shadow in order to
perform this. It is
still a good idea for sysadmins to run a
cracker
occasionally to verify that all users have
strong
passwords.
Cerberus Internet Scanner http://www.cerberus-infosec.co.uk/cis.shtml
Description: CIS is a free security scanner
written and
maintained by Cerberus Information Security,
Ltd and is
designed to help administrators locate and
fix security
holes in their computer systems. Runs on
Windows NT or
2000. No source code is provided.
Swatch http://www.stanford.edu/~atkins/swatch/
Description: Swatch was originally written to
actively
monitor messages as they were written to a log
file via the
UNIX syslog utility. It has multiple methods
of alarming,
both visually and by triggering events. The
perfect tools
for a master loghost. This is a beta release
of version 3.0,
so please use it with caution. The code is
still slightly
ahead of the documentation, but examples
exist. NOTE: Works
flawlessly on Linux (RH5), BSDI and Solaris
2.6 (patched).
OpenBSD http://www.openbsd.org/
Description: The OpenBSD project
produces a FREE,
multi-platform 4.4BSD-based UNIX-like
operating
system. Our efforts place emphasis on
portability,
standardization, correctness, security,
and
cryptography. OpenBSD supports binary
emulation of
most programs from SVR4 (Solaris),
FreeBSD, Linux,
BSDI, SunOS, and HPUX.
Nemesis http://celerity.bartoli.org/nemesis/
Description: The Nemesis Project is designed
to be
acommandline-based, portable human IP stack
for
UNIX/Linux. The suite is broken down by
protocol, and
should allow for useful scripting of
injected packet
streams from simple shell scripts.
LSOF ftp://vic.cc.purdue.edu/pub/tools/unix/lsof/
Description: List open files. Lsof is a
Unix-specific
diagnostic tool. Its name stands for LiSt Open
Files, and it
does just that. It lists information about any
files that are
open by processes current running on the system.
The binary
is specific to kernel version 2.2
Lids http://www.turbolinux.com.cn/lids/
Description: The LIDS is an intrusion
detection/defense
system inLinux kernel. The goal is to protect
linux systems
against root intrusions, by disabling some
system calls in
the kernel itself. As you sometimes need to
administrate
the system, you can disable LIDS protection.
IPTraf http://cebu.mozcom.com/riker/iptraf/
Description: Interactive Colorful IP LAN
Monitor IPTraf is
an ncurses-based IP LAN monitor that generates
various
network statistics including TCP info, UDP
counts, ICMP and
OSPF information, Ethernet load info, node
stats, IP
checksum errors, and others. . Note that since
2.0.0 IPTraf
requires a kernel >= 2.2
IPLog http://ojnk.sourceforge.net/
Description: iplog is a TCP/IP traffic
logger.
Currently, it is capable of logging TCP,
UDP and ICMP
traffic. iplog 2.0 is a complete re-write
of iplog 1.x,
resulting in greater portability and
better performance.
iplog 2.0 contains all the features of
iplog 1.x as well
as several new ones. Major new features
include a packet
filter and detection of more scans and
attacks. It
currently runs on Linux, FreeBSD, OpenBSD,
BSDI and
Solaris. Ports to other systems, as well
as any
contributions at all, are welcome at this
time.
Fragrouter http://www.anzen.com/research/nidsbench/
Description: Fragrouter is aimed at testing
the correctness
of a NIDS,according to the specific TCP/IP
attacks listed in
the Secure Networks NIDS evasion paper. [2]
Other NIDS
evasion toolkits which implement these attacks
are in
circulation among hackers or publically
available, and it is
assumed that they are currently being used to
bypass NIDSs
Queso http://www.apostols.org/projectz/queso/
Note: A couple of the OS detection tests in
Queso were later
incorporated into Nmap. A paper we wrote on OS
detection is
available here.
Description: Guess the operating system of a
remote machine
by looking in the TCP replies.
GPG/PGP http://www.gnupg.org/
http://www.pgp.com/
Description: The GNU Privacy Guard
(GnuPG) is a
complete and free replacement for PGP,
developed in
Europe. Because it does not use IDEA or
RSA it can be
used without any restrictions. GnuPG is
a RFC2440
(OpenPGP) compliant application. PGP is
the famous
encryption program which helps secure
your data from
eavesdroppers and other risks.
______________________________________________________________________
To unsubscribe, write to [EMAIL PROTECTED]