Security Related Tools

Table of Contents

• Anti-SPAM
  
• Anti-Virus
  
• Cryptography
  
• Forensics
  
• Honeypots and Honeynets
  
• Integrity Checkers
  
• Intrusion Detection
  
• Log Monitors
  
• Misc
  
• Network Data Capture
  
• Network Flow Analysis
  
• Password Crackers
  
• Scanners
  
• Security Auditor
  
• Wireless
  

Anti-SPAM

• SpamAssassin -- mail filter to identify SPAM
• bogofilter -- fast bayesian SPAM filter

Anti-Virus

• OpenAntiVirus -- anti-virus research project
• AMaViS -- A Mail Virus Scanner
• Clam AntiVirus -- anti-virus toolkit for Unix, for integration with mail servers (attachment scanning)

Cryptography

• OpenSSH -- a free version of the SSH protocol
• PGP -- international PGP home page
• GnuPG -- GNU Privacy Guard

Forensics

• The Coroner's Toolkit (TCT)
• Sleuth Kit
• Autopsy -- forensic browser
• The Forensic Toolkit -- set of tools to help examine NTFS for unauthorized activity

Honeypots and Honeynets

• sessionlimit -- tool designed to interact with OpenBSD pf in order to contain the intruders activities after a honeypot compromise
• Snort_inline -- modifications to Snort that can block or modify attacks based on matching signatures
• Honeyd -- a small daemon that creates virtual hosts on a network
• Sebek2 -- tool used in a honeynet to capture attacker activity
• Honey Control -- command line tool used to adminster a GenII honeynet

Integrity Checkers

• chkrootkit -- locally checks for signs of a rootkit
• Tripwire -- policy driven file system integrity checking tool
• AIDE -- a free replacement for Tripwire

Intrusion Detection

• Snort -- The Lightweight Network Intrusion Detection System
• Hogwash -- instead of closing ports like a traditional firewall, it drops or modifies specific packets based on a signature match
• Shadow -- intrusion detection system built on inexpensive hardware and free software
• Fragrouter -- tests the correctness of a NIDS, according to specific TCP/IP attacks

Log Monitors

• Swatch -- actively monitor messages as they are written to a log file via the UNIX syslog utility
• Logcheck/LogSentry -- automatically monitors system logs and mails security violations on a periodic basis

Misc

• lsof (for LiSt Open Files) -- displays information about files open to Unix processes
• Netcat -- simple network utility which reads and writes data across network connections, using TCP or UDP protocol
• Hping2 -- network tool able to send custom ICMP/UDP/TCP packets and to display target replies like ping does with ICMP replies
• NTop -- a network traffic usage monitor
• PsTools -- kit that comes with a number of command line tools that help administering Windows NT/2K systems
• Handle -- utility that displays information about open handles for any process in the system
• ListDLLs -- utility that shows which DLLs are loaded on Windows 9x/NT/2K

Network Data Capture

• tcpdump -- dump traffic on a network
• Wireshark -- network protocol analyzer -- The Ethereal network protocol analyzer has changed its name to Wireshark.
• WinDump -- tcpdump for Windows
• Ettercap -- a terminal-based network sniffer/interceptor/logger for ethernet LANs
• Ngrep -- grep for network traffic

Network Flow Analysis

• Argus -- track and report on the status and performance of all network transactions seen in a data network traffic stream

Password Crackers

• John -- an active password cracking tool, normally called John The Ripper, to find weak passwords of your users
• Crack/Cracklib -- update version of Alec Muffett's classic local password cracker
• Brutus -- a network brute-force authentication cracker
• THC-Hydra -- parallized network authentication cracker

Scanners

• Nmap -- network mapper
• ScanSSH -- scans a list of addresses and networks for running SSH protocol servers and their version numbers
• Whisker -- Rain.Forest.Puppy's excellent CGI vulnerability scanner

Security Auditor

• Nessus -- remote network security auditor (also a security scanner)
• FPort -- identify unknown open ports and their associated applications

Wireless

• AirSnort -- tool for wireless networks to recover encryption keys
• AirTraf -- package with many features that can help administering wireless networks
• BSD-Airtools -- package that provides a complete toolset for wireless 802.11b auditing
• Kismet -- 802.11 wireless network sniffer
• NetStumbler -- Windows utility for 802.11b based wireless network auditing
• SSIDsniff -- tool used to discover access points and save captured traffic
• WEPcrack -- tool for breaking 802.11 WEP secret keys