exploit the possibilities

Register | Login

FilesNewsUsersAuthors

Home Files News &[SERVICES_TAB]About Contact Add New

Showing 1 - 25 of 52

Files from Michael Rash

Fwknop Port Knocking Utility 2.6.11

Posted Feb 7, 2024

Authored by Michael Rash | Site cipherdyne.org

fwknop implements an authorization scheme that requires only a single encrypted packet to communicate various pieces of information, including desired access through a Netfilter policy and/or specific commands to execute on the target system. The main application of this program is to protect services such as SSH with an additional layer of security in order to make the exploitation of vulnerabilities much more difficult. The authorization server works by passively monitoring authorization packets via libpcap.

Changes: Fixed two bugs in PF handling code. Added ALLOW_ANY_USER_AGENT for ENABLE_SPA_OVER_HTTP mode so that fwknopd will accept any User-Agent string coming from the client. Various fixes to the AppArmor profile to support recent versions of Debian and Ubuntu. Add gpg.conf and gpg-agent.conf to set pinentry-mode loopback to restore GPG full cycle tests. A couple additional updates to the test suite.

tags | tool, scanner, vulnerability

systems | unix

SHA-256 | bcb4e0e2eb5fcece5083d506da8471f68e33fb6b17d9379c71427a95f9ca1ec8

Download | Favorite | View

Fwknop Port Knocking Utility 2.6.10

Posted Aug 8, 2018

Authored by Michael Rash | Site cipherdyne.org

fwknop implements an authorization scheme that requires only a single encrypted packet to communicate various pieces of information, including desired access through a Netfilter policy and/or specific commands to execute on the target system. The main application of this program is to protect services such as SSH with an additional layer of security in order to make the exploitation of vulnerabilities much more difficult. The authorization server works by passively monitoring authorization packets via libpcap.

Changes: Added MAX_FW_TIMEOUT to access.conf stanzas to allow a maximum number of seconds for client-specified timeouts in SPA packets. Bug fix in CMD_EXEC mode to make sure to call exit() upon any error from execvpe(). Various other additions and fixes.

tags | tool, scanner, vulnerability

systems | unix

SHA-256 | 2b15050bae92ec5210fcac944a7aa4bf9c651333a2b2960aabcd5cfc1d527cf1

Download | Favorite | View

Fwknop Port Knocking Utility 2.6.9

Posted Jun 9, 2016

Authored by Michael Rash | Site cipherdyne.org

fwknop implements an authorization scheme that requires only a single encrypted packet to communicate various pieces of information, including desired access through a Netfilter policy and/or specific commands to execute on the target system. The main application of this program is to protect services such as SSH with an additional layer of security in order to make the exploitation of vulnerabilities much more difficult. The authorization server works by passively monitoring authorization packets via libpcap.

Changes: Added support for the SHA3 "Keccak" algorithm. Added support for libnetfilter_queue so that fwknopd can acquire SPA packets via the NFQ target. Various other additions and fixes.

tags | tool, scanner, vulnerability

systems | unix

SHA-256 | 9022a0e1b3ee1dc9cd1323efcc0e5f8f24bc521e19e9779efd9d23a3aa3e5577

Download | Favorite | View

Fwknop Port Knocking Utility 2.6.8

Posted Dec 24, 2015

Authored by Michael Rash | Site cipherdyne.org

fwknop implements an authorization scheme that requires only a single encrypted packet to communicate various pieces of information, including desired access through a Netfilter policy and/or specific commands to execute on the target system. The main application of this program is to protect services such as SSH with an additional layer of security in order to make the exploitation of vulnerabilities much more difficult. The authorization server works by passively monitoring authorization packets via libpcap.

Changes: Added a major new feature that allows fwknopd to easily integrate with third-party devices and software. Added new access.conf directives. Various other updates.

tags | tool, scanner, vulnerability

systems | unix

SHA-256 | 5999c2cffd231caf3082a5169fbac2f4a3f5db8309355c5615c98998718198ff

Download | Favorite | View

Fwknop Port Knocking Utility 2.6.7

Posted Aug 26, 2015

Authored by Michael Rash | Site cipherdyne.org

fwknop implements an authorization scheme that requires only a single encrypted packet to communicate various pieces of information, including desired access through a Netfilter policy and/or specific commands to execute on the target system. The main application of this program is to protect services such as SSH with an additional layer of security in order to make the exploitation of vulnerabilities much more difficult. The authorization server works by passively monitoring authorization packets via libpcap.

Changes: When command execution is enabled with ENABLE_CMD_EXEC for an access.conf stanza, added support for running commands via sudo. Added --key-gen to fwknopd. Added a script from Jonathan Bennett at extras/console-qr/console-qr.sh to generate QR codes from fwknopd access.conf keys. Various other updates.

tags | tool, scanner, vulnerability

systems | unix

SHA-256 | ed6f8cfbda6dc76a56a994465188b49419267492ebc6d5328e0947479bd2714b

Download | Favorite | View

Fwknop Port Knocking Utility 2.6.6

Posted Apr 24, 2015

Authored by Michael Rash | Site cipherdyne.org

fwknop implements an authorization scheme that requires only a single encrypted packet to communicate various pieces of information, including desired access through a Netfilter policy and/or specific commands to execute on the target system. The main application of this program is to protect services such as SSH with an additional layer of security in order to make the exploitation of vulnerabilities much more difficult. The authorization server works by passively monitoring authorization packets via libpcap.

Changes: fwknopd can now function as a generic SPA gateway. Various bug fixes.

tags | tool, scanner, vulnerability

systems | unix

SHA-256 | bb1d6613c5df7d0723b1a1100ed5cf195677a314d64b50433da90882a491b074

Download | Favorite | View

Fwknop Port Knocking Utility 2.6.5

Posted Dec 18, 2014

Authored by Michael Rash | Site cipherdyne.org

fwknop implements an authorization scheme that requires only a single encrypted packet to communicate various pieces of information, including desired access through a Netfilter policy and/or specific commands to execute on the target system. The main application of this program is to protect services such as SSH with an additional layer of security in order to make the exploitation of vulnerabilities much more difficult. The authorization server works by passively monitoring authorization packets via libpcap.

Changes: Added a new access.conf variable "DESTINATION" to define the destination address for which an SPA packet will be accepted. The string "ANY" is also accepted if a valid SPA packet should be honored to any destination IP. Bug fix to ensure that proper bounds are enforced when importing digest cache files from previous fwknopd executions.

tags | tool, scanner, vulnerability

systems | unix

SHA-256 | ad431ad8aae28d22666eb7a12646328f564eae8e6cb70fd1d2d6506e44d82ab0

Download | Favorite | View

Fwknop Port Knocking Utility 2.6.4

Posted Nov 18, 2014

Authored by Michael Rash | Site cipherdyne.org

fwknop implements an authorization scheme that requires only a single encrypted packet to communicate various pieces of information, including desired access through a Netfilter policy and/or specific commands to execute on the target system. The main application of this program is to protect services such as SSH with an additional layer of security in order to make the exploitation of vulnerabilities much more difficult. The authorization server works by passively monitoring authorization packets via libpcap.

Changes: Added a UDP server mode so that SPA packets can be acquired via UDP directly without having to use libpcap. Replaced all popen() and system() calls with execvpe() with no usage of the environment. Added support for firewalld to the fwknopd daemon on RHEL 7 and CentOS 7.

tags | tool, scanner, vulnerability

systems | unix

SHA-256 | 17d4345d3e61adaa10c443fde75200dc8279ba7180a7f5276fadd5dba3e82f11

Download | Favorite | View

Fwknop Port Knocking Utility 2.6.3

Posted Jul 30, 2014

Authored by Michael Rash | Site cipherdyne.org

fwknop implements an authorization scheme that requires only a single encrypted packet to communicate various pieces of information, including desired access through a Netfilter policy and/or specific commands to execute on the target system. The main application of this program is to protect services such as SSH with an additional layer of security in order to make the exploitation of vulnerabilities much more difficult. The authorization server works by passively monitoring authorization packets via libpcap.

Changes: External IP resolution now over SSL by default. Integrated a python fuzzer. Various other updates and additions.

tags | tool, scanner, vulnerability

systems | unix

SHA-256 | 4558b06eb91d9a0b43993abfaea01eb2270bb13da50cb6379a6d96e1aeae2b47

Download | Favorite | View

Fwknop Port Knocking Utility 2.6.2

Posted Apr 29, 2014

Authored by Michael Rash | Site cipherdyne.org

fwknop implements an authorization scheme that requires only a single encrypted packet to communicate various pieces of information, including desired access through a Netfilter policy and/or specific commands to execute on the target system. The main application of this program is to protect services such as SSH with an additional layer of security in order to make the exploitation of vulnerabilities much more difficult. The authorization server works by passively monitoring authorization packets via libpcap.

Changes: A double free bug in the libfko SPA parser discovered with a new Python SPA payload fuzzer was fixed.

tags | tool, scanner, vulnerability

systems | unix

SHA-256 | 92311a25dae68122806d37929790c2408098f3c43731bd5ab23095b364530af8

Download | Favorite | View

Fwknop Port Knocking Utility 2.6.1

Posted Apr 14, 2014

Authored by Michael Rash | Site cipherdyne.org

fwknop implements an authorization scheme that requires only a single encrypted packet to communicate various pieces of information, including desired access through a Netfilter policy and/or specific commands to execute on the target system. The main application of this program is to protect services such as SSH with an additional layer of security in order to make the exploitation of vulnerabilities much more difficult. The authorization server works by passively monitoring authorization packets via libpcap.

Changes: When SPA packets are built with GnuPG, the fwknopd daemon now requires a valid GnuPG signature by default, and a new variable GPG_DISABLE_SIG was added for backwards compatibility (but using this is not a recommended configuration). A bug was fixed in fwknopd for a memory in SPA packet decryption when GnuPG is used. A new code coverage mode was added to the test suite to interface with the 'lcov' tool. Several other minor bugs were fixed.

tags | tool, scanner, vulnerability

systems | unix

SHA-256 | fefe71bc82b13c396c9783e78663a1a6faf83cea01138da7c626e451249b8ce2

Download | Favorite | View

Fwknop Port Knocking Utility 2.6.0

Posted Jan 13, 2014

Authored by Michael Rash | Site cipherdyne.org

fwknop implements an authorization scheme that requires only a single encrypted packet to communicate various pieces of information, including desired access through a Netfilter policy and/or specific commands to execute on the target system. The main application of this program is to protect services such as SSH with an additional layer of security in order to make the exploitation of vulnerabilities much more difficult. The authorization server works by passively monitoring authorization packets via libpcap.

Changes: This release adds HMAC support to the Android client, adds an AppArmor policy for the fwknop daemon, adds support for building on Mac OS X "Mavericks", and adds a new Valgrind test mode via the CPAN Test::Valgrind module. A few bugs were fixed with dealing with GnuPG encryption modes in the fwknopd daemon, and the fwknop project has a Coverity defect score of zero.

tags | tool, scanner, vulnerability

systems | unix

SHA-256 | 350866d7e9b2a739edb1f5bda89100ca631d5ea5f23995da2c005bed14cba47e

Download | Favorite | View

Fwknop Port Knocking Utility 2.5.1

Posted Jul 28, 2013

Authored by Michael Rash | Site cipherdyne.org

fwknop implements an authorization scheme that requires only a single encrypted packet to communicate various pieces of information, including desired access through a Netfilter policy and/or specific commands to execute on the target system. The main application of this program is to protect services such as SSH with an additional layer of security in order to make the exploitation of vulnerabilities much more difficult. The authorization server works by passively monitoring authorization packets via libpcap.

Changes: A bugfix in the fwknop client to reset terminal settings to original values after entering keys via stdin. A bugfix in the fwknopd daemon to not print a PID file existence warning. A test suite bugfix to not run an iptables Rijndael HMAC test on non-Linux systems.

tags | tool, scanner, vulnerability

systems | unix

SHA-256 | 6c364875431542e3f00b8c2fc0e354e4ddf333ed282f83e28a0d6a79326572d5

Download | Favorite | View

Fwknop Port Knocking Utility 2.5

Posted Jul 22, 2013

Authored by Michael Rash | Site cipherdyne.org

fwknop implements an authorization scheme that requires only a single encrypted packet to communicate various pieces of information, including desired access through a Netfilter policy and/or specific commands to execute on the target system. The main application of this program is to protect services such as SSH with an additional layer of security in order to make the exploitation of vulnerabilities much more difficult. The authorization server works by passively monitoring authorization packets via libpcap.

Changes: This release added support for HMAC SHA-256 authenticated encryption in the encrypt-then-authenticate model. Many bugs discovered by the Coverity static analyzer were fixed. OpenSSL compatibility tests were added to the test suite. Client stanza saving ability was added for the ~/.fwknoprc file, simplifying fwknop client usage. The ability to automatically generate both Rijndael and HMAC keys with --key-gen was added.

tags | tool, scanner, vulnerability

systems | unix

SHA-256 | ebf0f5a55992e516fa44063993cbcc51bb9555cef769ac9ab5d8be77a8df99dc

Download | Favorite | View

Fwknop Port Knocking Utility 2.0.4

Posted Dec 11, 2012

Authored by Michael Rash | Site cipherdyne.org

fwknop implements an authorization scheme that requires only a single encrypted packet to communicate various pieces of information, including desired access through a Netfilter policy and/or specific commands to execute on the target system. The main application of this program is to protect services such as SSH with an additional layer of security in order to make the exploitation of vulnerabilities much more difficult. The authorization server works by passively monitoring authorization packets via libpcap.

Changes: On the server side, this release adds a chain_exists() check to SPA rule creation so that if any of the fwknop chains are deleted out from under fwknopd, they will be recreated on the fly. It adds new SPA packet fuzzing capability to the test suite to assist in validation of SPA operations. It adds upstart config for systems running the upstart daemon. An OpenBSD ndbm/gdbm usage bugfix. ICMP type/code client command line arguments have been added for when SPA packets are sent over ICMP.

tags | tool, scanner, vulnerability

systems | unix

SHA-256 | e6a88e969264ff23bd5837a47e5b60b8c4d36fc8a2326c6b377f8447ecf2adea

Download | Favorite | View

Fwknop Port Knocking Utility 2.0.3

Posted Sep 8, 2012

Authored by Michael Rash | Site cipherdyne.org

fwknop implements an authorization scheme that requires only a single encrypted packet to communicate various pieces of information, including desired access through a Netfilter policy and/or specific commands to execute on the target system. The main application of this program is to protect services such as SSH with an additional layer of security in order to make the exploitation of vulnerabilities much more difficult. The authorization server works by passively monitoring authorization packets via libpcap.

Changes: Several DoS/code execution vulnerabilities for malicious fwknop clients that manage to get past the authentication stage (so such clients must possess a valid encryption key) have been fixed. Permissions and ownership checks have been added to all files consumed by the fwknop client and server. RPM builds have been fixed by including the $(DESTDIR) prefix for uninstall-local and install-exec-hook stages in Makefile.am.

tags | tool, scanner, vulnerability

systems | unix

SHA-256 | f7f306a66c641020e7c7a820eaa3743e2700ddee6e26cca37440db95df56b986

Download | Favorite | View

Fwknop Port Knocking Utility 2.0.2

Posted Aug 21, 2012

Authored by Michael Rash | Site cipherdyne.org

fwknop implements an authorization scheme that requires only a single encrypted packet to communicate various pieces of information, including desired access through a Netfilter policy and/or specific commands to execute on the target system. The main application of this program is to protect services such as SSH with an additional layer of security in order to make the exploitation of vulnerabilities much more difficult. The authorization server works by passively monitoring authorization packets via libpcap.

Changes: Better handling of GnuPG for SPA packet decryption on the server side (accounts for no passphrase gpg keys when gpg-agent or pinentry are otherwise required). A bugfix in SPA packet replay detection code. A check for the existence of the iptables 'comment' match when the serve is deployed on Linux. Several other bugfixes.

tags | tool, scanner, vulnerability

systems | unix

SHA-256 | 2a79ffeabce01eff333b2eef7357d4d7d43237af4526cc2bd9b282907439aea7

Download | Favorite | View

Fwknop Port Knocking Utility 2.0.1

Posted Jul 24, 2012

Authored by Michael Rash | Site cipherdyne.org

fwknop implements an authorization scheme that requires only a single encrypted packet to communicate various pieces of information, including desired access through a Netfilter policy and/or specific commands to execute on the target system. The main application of this program is to protect services such as SSH with an additional layer of security in order to make the exploitation of vulnerabilities much more difficult. The authorization server works by passively monitoring authorization packets via libpcap.

Changes: Various bug fixes including several minor memory leaks. Added parsing of valgrind output to produce a listing of functions that have been flagged. Various other tweaks.

tags | tool, scanner, vulnerability

systems | unix

SHA-256 | bfb10445f74a3bad526d0bc5d4bdd023e4c36c32ecbaf3e20091f91bbf16c5c1

Download | Favorite | View

Fwknop Port Knocking Utility 2.0

Posted Jan 2, 2012

Authored by Michael Rash | Site cipherdyne.org

fwknop implements an authorization scheme that requires only a single encrypted packet to communicate various pieces of information, including desired access through a Netfilter policy and/or specific commands to execute on the target system. The main application of this program is to protect services such as SSH with an additional layer of security in order to make the exploitation of vulnerabilities much more difficult. The authorization server works by passively monitoring authorization packets via libpcap.

Changes: This is the production release of the fwknop C rewrite. It brings Single Packet Authorization to three different Open Source firewalls (iptables, ipfw, and pf), embedded systems, and mobile devices. The fwknopd server runs on Linux, Mac OS X, FreeBSD, and OpenBSD. The client runs on all of these platforms as well as Android, the iPhone, and Cygwin under Windows. In addition, the client is portable, and can be compiled as a native Windows binary.

tags | tool, scanner, vulnerability

systems | unix

SHA-256 | e272a89bb05740d89b6d0eef96460f165e52b285cb635d39794bf0db91a8a7d5

Download | Favorite | View

Fwknop Port Knocking Utility 2.0rc5

Posted Dec 15, 2011

Authored by Michael Rash | Site cipherdyne.org

fwknop implements an authorization scheme that requires only a single encrypted packet to communicate various pieces of information, including desired access through a Netfilter policy and/or specific commands to execute on the target system. The main application of this program is to protect services such as SSH with an additional layer of security in order to make the exploitation of vulnerabilities much more difficult. The authorization server works by passively monitoring authorization packets via libpcap.

Changes: This release adds OpenBSD PF support, adds a new FORCE_NAT mode to transparently force authenticated connections to specified internal systems, adds a comprehensive test suite, and adds the ability to automatically expire SPA keys. Several memory handling bugfixes were made.

tags | tool, scanner, vulnerability

systems | unix

SHA-256 | 125d5d1970d4ec04aabdd90dbc6c7f44e001a9608b9e4e267079f6bcd47b5370

Download | Favorite | View

Fwknop Port Knocking Utility

Posted Sep 10, 2009

Authored by Michael Rash | Site cipherdyne.org

fwknop implements an authorization scheme that requires only a single encrypted packet to communicate various pieces of information, including desired access through a Netfilter policy and/or specific commands to execute on the target system. The main application of this program is to protect services such as SSH with an additional layer of security in order to make the exploitation of vulnerabilities much more difficult. The authorization server works by passively monitoring authorization packets via libpcap.

Changes: The FKO module that is part of the libfko library was fully integrated for all SPA routines: encryption/decryption, digest calculation, replay attack detection, etc. The ability to recover from interface error conditions was added, such as when fwknopd sniffs a ppp interface (say, associated with a VPN) that goes away and then is recreated. The fwknop client was updated to include the SPA destination before DNS resolution when sending an SPA packet over an HTTP request.

tags | tool, scanner, vulnerability

systems | unix

SHA-256 | b4fcde370773c710927230c0d84100a4aaa2060eb497cf896a97d752b2856e87

Download | Favorite | View

Fwknop Port Knocking Utility

Posted May 13, 2009

Authored by Michael Rash | Site cipherdyne.org

fwknop implements an authorization scheme that requires only a single encrypted packet to communicate various pieces of information, including desired access through a Netfilter policy and/or specific commands to execute on the target system. The main application of this program is to protect services such as SSH with an additional layer of security in order to make the exploitation of vulnerabilities much more difficult. The authorization server works by passively monitoring authorization packets via libpcap.

Changes: Support was added for ipfw "sets" on FreeBSD and Mac OS X systems. A segfault on Debian systems that was exposed in some circumstances with older versions of libpcap was fixed. The --icmp-type and --icmp-code command line arguments were added for the fwknop client in order to manually set the ICMP type/code values when using "--Spoof-proto icmp" or "--Server-proto icmp". Support was added for multiple include/exclude test identifying strings (separated by commas).

tags | tool, scanner, vulnerability

systems | unix

SHA-256 | 5d2960bc3f4497e07183ae8c6b84acda0e456c67a5a75a98056df613c15e0466

Download | Favorite | View

Fwknop Port Knocking Utility

Posted Jan 14, 2009

Authored by Michael Rash | Site cipherdyne.org

fwknop implements an authorization scheme that requires only a single encrypted packet to communicate various pieces of information, including desired access through a Netfilter policy and/or specific commands to execute on the target system. The main application of this program is to protect services such as SSH with an additional layer of security in order to make the exploitation of vulnerabilities much more difficult. The authorization server works by passively monitoring authorization packets via libpcap.

Changes: Added the ability to send SPA packet over HTTP to a webserver. Added ENABLE_EXTERNAL_CMDS for fwknopd to control whether the EXTERNAL_CMD_OPEN and EXTERNAL_CMD_CLOSE directives are used. Various bug fixes.

tags | tool, scanner, vulnerability

systems | unix

SHA-256 | bb36216abec00d3f8fea30ac8e3768a249f2ee181fd05c5064ac5a94ec069781

Download | Favorite | View

Fwknop Port Knocking Utility

Posted Nov 21, 2008

Authored by Michael Rash | Site cipherdyne.org

fwknop implements an authorization scheme that requires only a single encrypted packet to communicate various pieces of information, including desired access through a Netfilter policy and/or specific commands to execute on the target system. The main application of this program is to protect services such as SSH with an additional layer of security in order to make the exploitation of vulnerabilities much more difficult. The authorization server works by passively monitoring authorization packets via libpcap.

Changes: Added support to fwknop for the Linux 'any' interface. Added support for interfacing fwknop with third party software through the addition of three new variables in the access.conf file. Various other fixes and additions.

tags | tool, scanner, vulnerability

systems | unix

SHA-256 | 5aff527da9609ee49281d1ed5966d462e0ac99a728ad2fd9d3550456bdc9e1e9

Download | Favorite | View

Fwknop Port Knocking Utility

Posted Oct 1, 2008

Authored by Michael Rash | Site cipherdyne.org

fwknop implements an authorization scheme that requires only a single encrypted packet to communicate various pieces of information, including desired access through a Netfilter policy and/or specific commands to execute on the target system. The main application of this program is to protect services such as SSH with an additional layer of security in order to make the exploitation of vulnerabilities much more difficult. The authorization server works by passively monitoring authorization packets via libpcap.

Changes: Added GPG_NO_REQUIRE_PREFIX to access.conf. Bugfix to make sure that neither fwknop nor fwknopd reference any options file in GnuPG mode. Added the ability to control the path used for the gpg binary. Various other fixes and additions.

tags | tool, scanner, vulnerability

systems | unix

SHA-256 | cbca7184b4fd7ca14c3895bc11c96bef5d4ff3b6abacc9e5653b1362fc05be0f

Download | Favorite | View