Desperate is a collection of tools used to extract of usernames via EXPN and finger, and obtaining IP addresses via "brute force" DNS lookups. Contains lists of commonly used usernames and DNS names. Coded in PERL.
3eec3182b844f67054826bdc9dd5a20cdd822e3c2ec7659e61d174b262aeea46
Weekly Newsletter from Help Net Security - Covers weekly roundups of security events that were in the News the past week. In this issue: Mercur Mailserver 3.3 remote overflow.
fbe97dcb39720d47026ff9b6c2dcc37d8bf67cecacf24735fbef6327f93def61
KillOE is a modified msoe.dll which gets rid of the MSN Outlook Express 5.5 Banner when used in conjunction with hotmail accounts. Replacing C:\program files\Outlook Express\msoe.dll with this version of the DLL will allow you to use whatever HTML code you wish to see in place of the banner. No longer supported by author.
515cdc5082640d7673c633b253292444b2771462f9fb3fe48ce51d52e0c90bc5
Bios Cracker v1.3a can display the password on 7 types of BIOS's.
f757d865e663226a7429090c46493ea93a43d3cc99d0a026aacd02ed12a4cdb6
Datehack changes your computer date in an attempt at letting you use shareware longer.
a36ed3b75f86c91c2471fe755c3f4bd36d3f1115c8f22a2ff2ddca3e2b62c9cd
Snadboy's Revelation enables you to retrieve long-forgotten passwords that Windows presents as a mysterious row of asterisks. Drag and drop the Snadboy's Revelation marker to the masked password field to retrieve the information.
67e33ad40189677cb874aa1f273e75168301cd64338e0ca9c0ba4db8fd3590d2
Red Hat Security Advisory RHSA-2001:021-06 - Zope v2.3.1b1 and below contains vulnerabilities which allow users with through-the-web scripting capabilities on a Zope site to make inappropriate changes to ZClass instances.
b1ad22b20aafe367c47d50a1609b50e47d38a5a98223a48780d1dd4eb4199170
Vudu is a simple X.25 NUA scanner for Unix systems. It is written in bash for portability. Tested on Solaris.
2dcad5359323ccb260a10fc12d3502c644bce9be6574b8ac75f7bed8d285e5d2
Mod_Id is an interesting Apache Module which is an IDS system watching for suspicious URL's.
e611f4ddfa50d863dbee64de332fb55bda3cc532ddfaa9b45fa3e423d83b4d3d
Microsoft Security Advisory MS01-013 - The Windows 2000 event viewer snap-in has an unchecked buffer in a section of the code that displays the detailed view of event records. If the event viewer attempts to display an event record that contains specially malformed data in one of the fields, code of the attacker's choice can be made to run with the privileges of the user running the event viewer. Microsoft FAQ on this issue available here.
fd428d11543b426f8a0c1f9971572740551089ba5b2c2d6b0713c7bb5424dbe0
Man-cgi v1.3 and v2.0 contains remote vulnerabilities which allow any file on the web server to be viewed, and some implementations allow remote command execution due to lack of filtering of hex encoded characters. Exploit URL's included.
bde148ba24eeeaed3cbb01ed7b0992252003c4928d9ca6fd786ddf9a3fc401df
The goal of FireStarter is to provide an easy to use, yet powerful, GUI tool for setting up, administrating and monitoring firewalls for Linux machines. FireStarter is made for the GNOME desktop. It can actively monitor your firewall and list any unauthorized connection attempts made to your machine in a readable table format.
a3f02c3ede9f5832a1aa09d32f304ede7de570446448b6469f640353b914790b
Ettercap is a network sniffer/interceptor/logger for switched LANs. It uses ARP poisoning and the man-in-the-middle technique to sniff all the connections between two hosts. Features character injection in an established connection - you can inject characters to server (emulating commands) or to client (emulating replies) while maintaining an established TCP connection! Integrated into a easy-to-use and powerful ncurses interface.
bdf24244a7ea783e0a7b9ce1bcf0c15e306fddf6f02fc6247b25e081458877bd
Imsafe is a host-based intrusion detection tool for Linux which does anomaly detection at the process level and tries to detect various type of attacks. Since Imsafe doesn't know anything about specific attacks, it can detect unknown and unpublished attacks or any other form of malicious use of the monitored application. Created for Linux systems but works on almost every UNIX flavor by watching strace outputs.
2fe6fdb67a96f0f613caf52cbe4cc4ad693af7efebce22f5d431a85b5c718c35
Cheops-ng is a graphical network management tool for mapping and monitoring your network. It has host/network discovery functionality, OS detection, and it also does a port scan of each computer to tell what services are running, so you can use or administer them.
10360bba996d9733ae12c12637aa0dcccc04ebca49ceb0f483e9859118c71028
syslog-ng is a multi-platform syslogd replacement, with lots of new functionality. The original syslogd allows messages only to be sorted based on priority/facility pair, syslog-ng adds the possibility to filter based on message contents using regular expressions. The configuration scheme is both intuitive and powerful.
64e91633f1a9766f0c64eff9a320b0029dbb43917615c0cf5d23a7f68e9e79c2
VB Script Creator takes an executable, and stores it in ascii codes into a vb script. When this vb script is executed, it will create a new exe and execute it. It could be useful but it shows how an executable can live dormant inside a vb script. Windows source included.
137d508fecdb0efd429e9e2c3ef6d7e8b762fe3ae51d82d0b767c1a5099c1a8a
Dcisco.c reads from a list of routers and uses them to ping-flood a single host. Logs into the routers and uses the ping command. This is an improved version of rampage.c.
3676aae7eb4800c0ad769791e1f7efa0322de1a346981ba17fa835a361ce5e58
Scponly is an alternative shell (of sorts) for system administrators who would like to provide file transfer over SSH without providing any remote execution privileges. Functionally, it is best described as a wrapper to the "tried and true" ssh suite of applications. Features extra logging, chroot, file listing, and security checks.
f894ecf542cfb22d54f2c6fb2668dc840d9d06185591ea7d505abc77a0b829f1
Red Hat Security Advisory RHSA-2001:017-03 - The Red Hat Secure Web Server 2.0 contains a vulnerability in Analog which can allow a malicious user to use the ALIAS command to construct very long strings which were not checked for length.
937c98584adb80c8c76e1a4ead91999c86c9013777778032594796c4f8feb7bf
A remotely exploitable stack overflow has been discovered in Imapd v12.264 and below in the handling of the lsub command. Since an account is required, mail only users will be able to get shell access. Tested against Slackware 7.0, 7.1, Redhat 6.2, and Conectiva Linux 6.0. Fix available here.
2410c7335840d45d8cc28af5b2e3ca6d01c8dd7c5959b1f0099e67233e56f150
Passing a long value to a password text box in Internet Explorer causes it to freeze.
2bca69dcf2346db1f6da3fa3559006b46075f6de3d3854008908ab748240a7f1
NewSyslog is an updated version of a package put together by Theodore Tso of MIT Project Athena (which is included in NetBSD, FreeBSD, OpenBSD, etc.). This version has a mix of features from all of the other versions, and it has been made more portable than any of the others with the help of GNU Autoconf.
7ade2ad7a9193f2c8a6f3c728ae16f29dac99208cc2a03552576e9c4ee9b3f6d
ViperDB is a file checker. It is meant to be run from cron on a regular basis in order to monitor strange activity on a system. It supports checking of size, mtime, privileges, UID/GID, added/deleted files, and (as of 0.9.3) MD5 checksums. Data isn't stored in a single archive as in tripwire, but is split among all the monitored directories. This ViperDB is in fact a fork of the original, as the original authors seem unreachable.
a68a09bc591a1b9b7f96d7c08fef3bf95f413957808bc250c6a9de249c58b420
MD5mon is a file monitor that verifies files by computing their checksums. The shell script is suitable for use as a basic security checking tool from cron. It features configurable monitoring levels, local copies of find/md5sum, and integrity checks to prevent tampering with itself. It can also use a more secure shasum instead of md5sum.
4b3886734324f04fab377511023d5ae0c9dbdbd5db446f455e3c4d58129385f7