Desperate is a collection of tools used to extract of usernames via EXPN and finger, and obtaining IP addresses via "brute force" DNS lookups. Contains lists of commonly used usernames and DNS names. Coded in PERL.
3f4a9327eb0650a87901c43df92f9eef
Weekly Newsletter from Help Net Security - Covers weekly roundups of security events that were in the News the past week. In this issue: Mercur Mailserver 3.3 remote overflow.
23f174625252483cf9f7e70bd6f436a9
KillOE is a modified msoe.dll which gets rid of the MSN Outlook Express 5.5 Banner when used in conjunction with hotmail accounts. Replacing C:\program files\Outlook Express\msoe.dll with this version of the DLL will allow you to use whatever HTML code you wish to see in place of the banner. No longer supported by author.
9d781337839c84e4a5fde52f6fb44fc5
Bios Cracker v1.3a can display the password on 7 types of BIOS's.
adfaa325b069b0b98b94a773adc02a0d
Datehack changes your computer date in an attempt at letting you use shareware longer.
b18a0cf43897d17f9f64cfbc898a5ac8
Snadboy's Revelation enables you to retrieve long-forgotten passwords that Windows presents as a mysterious row of asterisks. Drag and drop the Snadboy's Revelation marker to the masked password field to retrieve the information.
a9bc008e13347aa5231824b5a6bfa9f2
Red Hat Security Advisory RHSA-2001:021-06 - Zope v2.3.1b1 and below contains vulnerabilities which allow users with through-the-web scripting capabilities on a Zope site to make inappropriate changes to ZClass instances.
d5986138f850f9a8d95f5a0e8287d564
Vudu is a simple X.25 NUA scanner for Unix systems. It is written in bash for portability. Tested on Solaris.
11728d9aca87410b9599ef05177c8f76
Mod_Id is an interesting Apache Module which is an IDS system watching for suspicious URL's.
695e16ef65ffaf086eaca589a1f92212
Microsoft Security Advisory MS01-013 - The Windows 2000 event viewer snap-in has an unchecked buffer in a section of the code that displays the detailed view of event records. If the event viewer attempts to display an event record that contains specially malformed data in one of the fields, code of the attacker's choice can be made to run with the privileges of the user running the event viewer. Microsoft FAQ on this issue available here.
47f9ebd0a3a2b6d2797f6df75b1746da
Man-cgi v1.3 and v2.0 contains remote vulnerabilities which allow any file on the web server to be viewed, and some implementations allow remote command execution due to lack of filtering of hex encoded characters. Exploit URL's included.
3245d6534465bdf950b124781e2eba7f
The goal of FireStarter is to provide an easy to use, yet powerful, GUI tool for setting up, administrating and monitoring firewalls for Linux machines. FireStarter is made for the GNOME desktop. It can actively monitor your firewall and list any unauthorized connection attempts made to your machine in a readable table format.
15616618ffbb1ade9a3b8df7530f2809
Ettercap is a network sniffer/interceptor/logger for switched LANs. It uses ARP poisoning and the man-in-the-middle technique to sniff all the connections between two hosts. Features character injection in an established connection - you can inject characters to server (emulating commands) or to client (emulating replies) while maintaining an established TCP connection! Integrated into a easy-to-use and powerful ncurses interface.
76b6c89d8ea99f9afb454e37344c5035
Imsafe is a host-based intrusion detection tool for Linux which does anomaly detection at the process level and tries to detect various type of attacks. Since Imsafe doesn't know anything about specific attacks, it can detect unknown and unpublished attacks or any other form of malicious use of the monitored application. Created for Linux systems but works on almost every UNIX flavor by watching strace outputs.
f81f500184bfe3ac5785abd2cf1dd377
Cheops-ng is a graphical network management tool for mapping and monitoring your network. It has host/network discovery functionality, OS detection, and it also does a port scan of each computer to tell what services are running, so you can use or administer them.
7a45a419fab7e81d7df9be8473e2cd17
syslog-ng is a multi-platform syslogd replacement, with lots of new functionality. The original syslogd allows messages only to be sorted based on priority/facility pair, syslog-ng adds the possibility to filter based on message contents using regular expressions. The configuration scheme is both intuitive and powerful.
63f863635f74021cf91bae7cac1fe52b
VB Script Creator takes an executable, and stores it in ascii codes into a vb script. When this vb script is executed, it will create a new exe and execute it. It could be useful but it shows how an executable can live dormant inside a vb script. Windows source included.
28517a892e018f0e4b5605b3579da567
Dcisco.c reads from a list of routers and uses them to ping-flood a single host. Logs into the routers and uses the ping command. This is an improved version of rampage.c.
c5198595c942219fe8a2d323fa09ccaa
Scponly is an alternative shell (of sorts) for system administrators who would like to provide file transfer over SSH without providing any remote execution privileges. Functionally, it is best described as a wrapper to the "tried and true" ssh suite of applications. Features extra logging, chroot, file listing, and security checks.
f7bf7f2ddc1e631e874a3c24823df5df
Red Hat Security Advisory RHSA-2001:017-03 - The Red Hat Secure Web Server 2.0 contains a vulnerability in Analog which can allow a malicious user to use the ALIAS command to construct very long strings which were not checked for length.
bbd13809cb39e1479927e3ab427be690
A remotely exploitable stack overflow has been discovered in Imapd v12.264 and below in the handling of the lsub command. Since an account is required, mail only users will be able to get shell access. Tested against Slackware 7.0, 7.1, Redhat 6.2, and Conectiva Linux 6.0. Fix available here.
8cb7018cec6491d94289309fa80cb3f8
Passing a long value to a password text box in Internet Explorer causes it to freeze.
32bcc0a7e6098ec4f849e7f6deb1a053
NewSyslog is an updated version of a package put together by Theodore Tso of MIT Project Athena (which is included in NetBSD, FreeBSD, OpenBSD, etc.). This version has a mix of features from all of the other versions, and it has been made more portable than any of the others with the help of GNU Autoconf.
0ec5b318de23a3a106959c05ece8b438
ViperDB is a file checker. It is meant to be run from cron on a regular basis in order to monitor strange activity on a system. It supports checking of size, mtime, privileges, UID/GID, added/deleted files, and (as of 0.9.3) MD5 checksums. Data isn't stored in a single archive as in tripwire, but is split among all the monitored directories. This ViperDB is in fact a fork of the original, as the original authors seem unreachable.
2170734913963ac2e62e00288ba14cb9
MD5mon is a file monitor that verifies files by computing their checksums. The shell script is suitable for use as a basic security checking tool from cron. It features configurable monitoring levels, local copies of find/md5sum, and integrity checks to prevent tampering with itself. It can also use a more secure shasum instead of md5sum.
056b68dce82a2bededb23634ffa2a935