Poate foloseste cineva
Scuze daca e prea multa informatie dar lista nu e completa.
Scuze daca enervez pe cineva....
Se poate folosi cu succes :
http://www.securityportal.com/
------------------------------------------------------------
Auditing and Intrusion Monitoring Tools
------------------------------------------------------------
ACID 0.9.5 - Devel. 0.9.6b11 - Roman Danyliw
http://acidlab.sourceforge.net
ACID stands for Analysis Console for Intrusion Databases and is a
PHP-based
analysis engine to search and process a database of security incidents
generated by the NIDS Snort. The features currently include: search
interface for finding alerts matching practically any criteria, this
includes arrival time, signature time, source/dest address/port, flags,
payload, etc. furthermore, these queries can be made arbitrarily complex
to
satisfy almost any parameters. Alert Groups: allow for a logical
grouping of
alerts on which analysis can be done, it is a quick way to combine
multiple
searches or to associate a comment with an alert or group of alerts.
Alert
purging to remove false positives. Statistics: snapshot statistics to
assess
current network state, aggregate statistics on a per sensor, IP, or
alert
basis and graphing alert arrival over time. All analysis is done in
real-time.
Changes: New development version 0.9.6b11 that includes query speed
optimizations and partial schema v103 support.
RazorBack 1.0.1 - InterSect Alliance
http://www.intersectalliance.com/projects
RazorBack is a log analysis program that interfaces with the Snort open
source Intrusion Detection System to provide real-time visual
notification
when an intrusion signature has been detected on the network. Snort
should
be configured to send data to syslog for RazorBack to display the data.
RazorBack is designed to work within the GNOME framework on Unix
platforms.
Changes: RazorBack is now out of beta cycle. Removed the automatic
column
resize. Minor memory leak removed. RazorBack now works with Snort 1.8.
SAINT 3.2.1 - World Wide Digital Security, Inc.
http://www.wwdsi.com/saint
Saint is a security scanning tool based on Satan. Latest versions of
SAINT
are now released only to SAINTwriter and SAINTexpress customers. The
latest
SAINT version is 3.3.4 (03/July/01). Older versions of SAINT are still
released to all users.
Changes: Version 3.2.1 has been released to all users (07/July/01). This
new
release includes checks for FTP filename globbing vulnerability, for the
Adore worm, for NTP servers and for Alcatel ADSL modems. The
documentation
has been updated for these new features.
PIKT - Problem Informant/Killer Tool 1.13.1 - Devel: 1.14.0pre6 - Robert
Osterlund
http://pikt.uchicago.edu/pikt
PIKT is a cross-platform (AIX, FreeBSD, HP-UX, IRIX, Linux, Solaris,
SunOS),
multi-functional toolkit for monitoring systems, reporting and fixing
problems, and managing system configurations. It consists of an embedded
scripting language with unique, labor-saving features, a script and
system
config file preprocessor, a scheduler, an installer, and other tools.
Changes: Release of the sixth pre-release (beta) of the 1.14.0 series:
fixed
several more minor parser bugs.
LIDS 0.9.1 - Devel: 0.10.0 (2.2.19 kernel) / 1.0.10 (2.4.5 kernel) -
Huagang
Xie
http://www.lids.org
The Linux Intrusion Detection System is a patch which enhances the
kernel's
security. When it's in effect, many system administration operations can
be
made impossible even for root. You can turn the security protection "on"
or
"off" on the fly and you can hide sensitive processes and prevent anyone
from using ptrace or any other capability on your system. LIDS can also
provide raw device and I/O access protection.
Changes: New development version 1.0.10 for 2.4.5 kernel. This version
add a
new feature: time restriction for the ACL and merge a patch from David
Spreen to make lidsadm compatible with GCC 3.0. With the new time
restriction feature, you can define the time scale for ACLs.
Samhain 1.2.4 - Samhain Labs
http://la-samhna.de/samhain
Samhain is a file system integrity checker that can optionally be used
as a
client/server application for centralized monitoring of networked hosts.
Databases and configuration files can be stored on the server. In
addition
to forwarding reports to the log server via authenticated TCP/IP
connections, several other logging facilities (e-mail, console,
tamper-resistant log file, and syslog) are available. Samhain has been
tested on Linux, AIX 4.1, HP-UX 10.20, UnixWare 7.1.0, and Solaris 2.6.
Changes: Bugfix for the reading stealth option, and fix for RFC 2822
compliance of the built-in mailer. On request, when watching
login/logout
events, the IP address is logged in addition to the DNS host name (if
supported by the OS).
Viperdb 0.9.8 - Peter Surda
http://panorama.sth.ac.at/viperdb
Viperdb is a file checker. It is meant to be run from cron on a regular
basis in order to monitor strange activity on a system. It supports
checking
of size, mtime, privileges, UID/GID, added/deleted files, and MD5
checksums.
Data isn't stored in a single archive as in Tripwire, but is split among
all
the monitored directories. This Viperdb is in fact a fork of the
original,
as the original authors seem unreachable.
Changes: This new version includes an option parsing bugfix and a
locking
bugfix.
John the Ripper 1.6 - Devel: 1.6.29 - Openwall Project
http://www.openwall.com/john
John the Ripper is a password cracker, currently available for UNIX,
DOS,
Win32. Its primary purpose is to detect weak UNIX passwords.
Changes: No information about the changes.
remote vulnerability scanner 4.8
rvscan (remote vulnerability scanner) is a package to scan a host for
almost
all known vulnerabilties commonly being used. It includes hundreds of
vulnerable CGI checks, OS and Linux distribution guessing, and
vulnerability
checks for imapd, bind, ftpd, httpd, fingerd, pop3d, pop2d, lpd, ntpd,
etc.
rvscan also attempts to determine whether the host allows multiple POP3
authentication, SMTP user probing, and ICMP echo requests.
http://og.overflow.org/
Snort 1.7 - Martin Roesch
http://www.snort.org
Snort is a lightweight network intrusion detection system, capable of
performing real-time traffic analysis and packet logging on IP networks.
It
can perform protocol analysis, content searching/matching and can be
used to
detect a variety of attacks and probes, such as buffer overflows,
stealth
port scans, CGI attacks, SMB probes, OS fingerprinting attempts, and
much
more. Snort uses a flexible rules language to describe traffic that it
should collect or pass, as well as a detection engine that utilizes a
modular plugin architecture. Snort has a real-time alerting capability
as
well, incorporating alerting mechanisms for syslog, a user specified
file, a
UNIX socket, or WinPopup messages to Windows clients using Samba's
smbclient.
Changes: New signatures: Erik Fichtner sent MS01-035 Signatures. Please
check your snort.conf file and verify you have $EXTERNAL_NET and
$HTTP_SERVERS defined, if you do not these rules will cause errors on
startup. (ERROR: = Port value missing in rule!).
IDScenter 1.08d - Ueli Kistler
http://www.eclipse.fr.fm
IDScenter is a tool for setting up Snort for Win32. It is a tool for
managing, controlling, and monitoring the Snort IDS. IDScenter support
alarm
sound functions and has error checking procedures. If Snort is killed,
IDScenter restarts Snort immediately. It runs under Windows 2000,
Windows
95/98 and Windows NT. Its features are: all features of snort.panel are
implemented. The IP / Interface detection is possible. It includes an
integrated Alertviewer and an external viewer can be set. An alarm sound
can
be started if an alert occurs (WAV/Beep). An EXE-File can be started
(this
is also possible to set in RULES) in case of alert. The autostart in
Registry\RUN can be set in IDScenter. Non-visible FORMS, only an icon
with
alert/stop/start-Status is visible in the taskbar.
Changes: New Features: start minimized Snort console, internal log
viewer:
search function, arachNIDS lookup, IP WHOIS lookup (ARIN) and cursor
position at list line (latest alert information). External viewer
(default
browser) support for WinSnort2HTML, SnortSnarf and ACID generated sites.
Better error information. Dialogs opens in already selected folder.
Changed
layout. Corrected bugs: email function: log file bug corrected and Snort
starts now in its own directory ("Test configuration" too).
SARA 3.4.6 - Advanced Research Corporation
http://www-arc.com/sara
Security Auditor's Research Assistant (SARA) is a security analysis tool
based on Satan. Checks for common old holes, backdoors, trust
relationships,
default CGI, common logins, open shares, and much more.
Changes: Added authoritative test for IIS Index services exploit and
authoritative test for IIS FrontPage-RAD exploit (extreme only).
Corrected
minor bugs in http.sara and in configuration management. Improved
hosttype-ing of Windows 2000.
Firestorm NIDS 0.1.6 - Scaramanga
http://www.scaramanga.co.uk/firestorm
Firestorm will be a fully featured network intrusion detection system.
It
aims to support lots of open standards. At the moment it is just a
sensor,
but plans are to support central correlation databases and an analyst
console. Firestorm should compile on any POSIX-like OS. So far only
Linux is
tested. Current features are: fully pluggable, capture from libpcap
files,
Snort rule support, almost as many matchers as Snort, support for IP,
Ethernet and other common protocols, string match, TTL, and IP ID
matchers.
Changes: Libpcap_file understands Redhat "Extended" capfiles. Linux
firewall
netlink capture. Optional internal leak checker. Fixed a memory leak in
IP
matcher. Some better macros for plugin hackers. Uncommented locking code
in
print functions. Changed lots of print_out()s to print_raw()s (more
efficient). Removed fsync() in print_xxx, less syscalls, more efficient.
Tidied up code by wrapping it all before 80 chars. Installer and RPM
spec
file are included. Alert target yet more verbose, prints time, etc.
StMichael_LKM 0.04 - Tim Lawless
http://www.sourceforge.net/projects/stjude
StMichael is a Linux kernel module (LKM) that attempts to detect and
divert
attempts to install a kernel-module backdoor into a running Linux
system.
This is done by monitoring the init_module and delete_module process for
changes in the system call table. This is a experimental version, and a
spin
off from the Saint Jude Project.
Changes: Added the SHA1 checksum to complement the md5 checksumming.
Added
timers: periodically revalidate the kernel, this is done via a timer and
by
wrapping the exit call to call the integrity checking. Added
configuration
script. Code cleanup to accommodate future inclusion in the StJude_LKM.
Inclusion of demo modules that will trigger the StMichael LKM.
-- FreshMeat --
Want to see your name in lights?
SecurityPortal is looking for up-to-date how-to papers covering real
world
security topics. Examples of how-to's already in development are "How to
Secure Outlook" and "How To Roll out PGP to Your Desktops".
If you have talent or experience in a specific area and would like to
publish a security how-to, please contact us at
mailto:[EMAIL PROTECTED]
------------------------------------------------------------
Auditing and Intrusion Monitoring Tools
------------------------------------------------------------
Firestorm NIDS 0.1.5 - Scaramanga
http://www.scaramanga.co.uk/firestorm
Firestorm will be a fully featured network intrusion detection system.
It
aims to support lots of open standards. At the moment it is just a
sensor,
but plans are to support central correlation databases and an analyst
console. Firestorm should compile on any POSIX-like OS. So far only
Linux is
tested. Current features are: fully pluggable, capture from libpcap
files,
Snort rule support, almost as many matchers as Snort, support for IP,
Ethernet and other common protocols, string match, TTL, and IP ID
matchers.
Changes: String match and TCP bugfix. Keep better track of internal
resources. VIM syntax file for config files included. Targets get access
to
rule. Matchers need not have match functions (i.e.: they are metadata).
Added some better cleanup templates. Aggregated TCP/IP headers to
improve
cross platform support. Added TCP flags display to alert target, fixed
chroot/drop privileges to warn if not superuser and added IP TOS
matcher,
like snorts, not very user friendly. Fragbits IP matcher.
John the Ripper 1.6 - Devel: 1.6.28 - Openwall Project
http://www.openwall.com/john
John the Ripper is a password cracker, currently available for UNIX,
DOS,
Win32. Its primary purpose is to detect weak UNIX passwords.
Changes: No information about the changes.
------------------------------------------------------------
Auditing and Intrusion Monitoring Tools
------------------------------------------------------------
Snort 1.7 - Martin Roesch
http://www.snort.org
SnortPlot.pl - Angelos Karageorgiou
http://www.unix.gr
SnortPlot.pl is a Perl script that rework Snort logs to graphically plot
attack signatures in 3D.
Note: First time in the Tools Digest.
Nmap 2.53 - Devel: 2.54beta25 - Fyodor
http://www.insecure.org/nmap
Nmap is a utility for port scanning large networks, although it works
fine
for single hosts. Sometimes you need speed, other times you may need
stealth. In some cases, bypassing firewalls may be required. Not to
mention
the fact that you may want to scan different protocols (UDP, TCP, ICMP,
etc.). Nmap supports Vanilla TCP connect() scanning, TCP SYN (half open)
scanning, TCP FIN, Xmas, or NULL (stealth) scanning, TCP ftp proxy
(bounce
attack) scanning, SYN/FIN scanning using IP fragments (bypasses some
packet
filters), TCP ACK and Window scanning, UDP raw ICMP port unreachable
scanning, ICMP scanning (ping-sweep), TCP Ping scanning, Direct (non
portmapper) RPC scanning, Remote OS Identification by TCP/IP
Fingerprinting,
and Reverse-ident scanning. Nmap also supports a number of performance
and
reliability features such as dynamic delay time calculations, packet
timeout
and retransmission, parallel port scanning, detection of down hosts via
parallel pings.
Changes: New development version 2.54beta25. Bug fixes and portability
improvements are included. Added a whole bunch of new OS fingerprints
(and
adjustments) ranging from big important ones (Linux 2.4.X, OpenBSD 2.9,
FreeBSD 4.3, Cisco 12.2.1, MacOS X, etc) to some that are more obscure.
Upgraded Libpcap to the latest version, and fixed some issues with the
new
Libpcap under Linux.
NetSaint Network Monitor 0.0.7 beta4 - Ethan Galstad
http://www.netsaint.org
NetSaint Easy Administration Tool 4.7 - Jason Blakey
http://netsaint.sourceforge.net/download
NEAT is a web administration interface for NetSaint written in Perl.
Version
2.5 works for both the 0.0.4 and 0.0.5 releases of NetSaint, while
version
4.5 works with NetSaint versions 0.0.6 and 0.0.7. NEAT allows you to
add/edit/delete definitions in your host configuration file and restart
NetSaint upon completion of the configuration changes. It does not
require a
database to store configuration data.
Changes: Added even more checking for the VERIFY_COMMAND option, added
commands.cfg to be a default config file in neat4.options and added a
"Choose Type" item to the entity creation dropdown.
NetSaint Aggregate Notification System 0.3 - Nicholas Tang
http://www.nachtwache.org/projects/netsaint/utilities/nans
This add-on is designed to aggregate notifications from NetSaint,
thereby
preventing floods of alerts in large installations. It is a drop-in
replacement that doesn't require any changes to the existing NetSaint
configuration other than telling it to use NANS instead of your current
notification commands. It is configurable on per-contact basis and
allows
for different levels of aggregation for epager vs. email notifications.
Note: First time in the Tools Digest.
Chkrootkit 0.33 - Nelson Murilo
http://www.chkrootkit.org
Chkrootkit locally checks for signs of a rootkit. Includes detection of
LKM
rootkits, ifpromisc.c to check and see if the interface is in promisc
mode,
chklastlog.c to check lastlog for deletions, and chkwtmp.c to check wtmp
for
deletions. Tested on Linux, FreeBSD, Solaris, and OpenBSD. The following
commands are examined: amd, basename, biff, chfn, chsh, cron, date,
dirname,
du, echo, egrep, env, find, fingerd, gpm, grep, identd, ifconfig, inetd,
killall, login, ls, mail, mingetty, named, netstat, passwd, pidof, pop2,
pop3, ps, pstree, rlogin, rpcinfo, rshd, sendmail, slogin, sshd, su,
syslogd, tar, tcpd, telnetd, timed, top, traceroute and write.
Changes: This version includes new tests (amd, named, egrep and slogin),
ShitC Worm detection, Omega Worm detection, Wormkit Worm detection,
dsc-rootkit detection, new ports added to the bindshell test: 1524,
5665,
60001, 10008, 12321, chklastlog bug fix and some bug fixes.
-- FreshMeat --
Flawfinder 0.15 - David Wheeler
http://www.dwheeler.com/flawfinder
Flawfinder can scan source code and identify out potential security
flaws,
ranking them by likely severity. Flawfinder works on Unix-like systems
(tested on GNU/Linux), and it should be easy to port to Windows systems.
It
requires Python to run.
Changes: Several minor changes. Please refer to the changelog file for
more
information: http://www.dwheeler.com/flawfinder/ChangeLog
Nabou 1.8 - Thomas Linden
http://www.nabou.org
Nabou is a Perl script which can be used to monitor changes to files and
directories on your system using MD5 checksums. It can also watch
crontabs,
suid files, and user accounts for changes, and it stores all data in
standard DBM databases. Nabou is highly configurable; you can exclude
files
from being checked, configure which file attributes it should look for,
use
custom checks, and much more.
Note: First time in the Tools Digest.
-- PacketStorm --
StMichael_LKM 0.03 - Tim Lawless
http://www.sourceforge.net/projects/stjude
StMichael is a Linux kernel module (LKM) that attempts to detect and
divert
attempts to install a kernel-module backdoor into a running Linux
system.
This is done by monitoring the init_module and delete_module process for
changes in the system call table. This is a experimental version, and a
spin
off from the Saint Jude Project.
Changes: Added md5 checksums to the contents of system calls, added
cloaking
to hide the presence of StMichael, and its symbols. Since StMichael
cause
the rootkits to not work as expected, we do not want to give away any
useful
debugging information.
Guardian 1.2.0 - Anthony Stevens
http://home.golden.net/~elim
Guardian is a standalone Perl script that works in conjunction with
SNORT.
Guardian will watch the Snort alert log file for alerts and put the
offending host into denial by defining an IPchains rule to deny the host
and
will remember which hosts it has put into this list. Hosts will remain
in
denial for a configurable period of time after which they will be
removed
from the denial list. This functionality should keep the denial list
manageable and small for busy hosts.
Note: First time in the Tools Digest.
AutoInstall 1.0 - Richard Howlett
http://www.snort.org/Files/autoinstall.bat
This is a batch file which will do the following operations: download
all
necessary files if they do not already exist, extract all downloads into
temporary installation directory, install WinPcap driver, install Snort
for
Windows with Mysql support, setup Vision rules and create a default
configuration file, install Activestate Perl, install SnortSnarf,
install
Mysql database running as a service, create the snort database, tables
and
user in Mysql and install and configure Acid, including php405 and
adodb.
Note: First time in the Tools Digest.
Nessus 1.0.8 - Devel: 1.1.2 - Renaud Deraison
http://www.nessus.org
The "Nessus" Project aims to provide to the internet community a free,
powerful, up-to-date and easy to use remote security scanner. A security
scanner is a software which will audit remotely a given network and
determine whether bad guys (AKA 'crackers') may break into it, or misuse
it
in some way. Unlike many other security scanners, Nessus does not take
anything for granted. That is, it will not consider that a given service
is
running on a fixed port - that is, if you run your web server on port
1234,
Nessus will detect it and test its security. It will not make its
security
tests regarding the version number of the remote services, but will
really
attempt to exploit the vulnerability. Nessus is very fast, reliable and
has
a modular architecture that allows you to fit it to your needs.
Changes: The version 1.0.8 of Nessus has been released and includes
various
minor bugfixes and over 650 security checks.
---
Send e-mail to '[EMAIL PROTECTED]' with 'unsubscribe rlug' to
unsubscribe from this list.
