Stegdetect is an automated tool for detecting steganographic content in images which is capable of detecting several different steganographic methods to embed hidden information in JPEG images. Currently, the detectable schemes are jsteg, jphide, and outguess 01.3b.
11e17ea9f4adb250f6a7213d4c0dd3c0e65b2683d506de2af85ea7489f6ed85f
snort-rep is a Snort reporting tool that can produce text or HTML output from a syslog snort log file. It is intended to be used for daily e-mail reports to the system administrators. If snort v1.8+ is used, all reports contain priority information, and the HTML output contains direct links to the IDS descriptions of whitehats.com.
b9895bf2d3226917e9a405e816c5229d3384461acf45e0229d7459ba3dc9c223
MIME Defanger is a flexible MIME e-mail scanner designed to protect Windows clients from viruses and other harmful executables. It works with Sendmail 8.10 / 8.11 and will alter or delete various parts of a MIME message according to a flexible configuration file.
b4825360f3b65836d1b64b2aadbc71cbfe615a5a8d9835c3f43ff1674b3d115c
Inflex is an email scanner which encapsulates your existing sendmail server setup. It scans both incoming and outgoing email and it does not alter your current /etc/sendmail.cf file. It can scan for email viruses, unwanted file types (eg. EXE, BMP, MPEG) and file names (eg. prettypark.exe). It can also be used to scan for text snippets within emails.
9c66c26c39cc8c6de30b8e4b31c13ab2ec4b8fc3a1ed4c01fd16df3ac39a4819
Knocker is a simple and easy-to-use TCP security port scanner written in C. It is able to analyze hosts and the network services which are running on them. Knocker it is available for Linux and Unix platforms. Both a console version and a GTK+ version are available.
b6c8714ba80236c603d417c1c42b30a02c8465c256262a46bab1a03246b5c0a6
Arpwarp is a tool which attempts to detect ARP spoofing attacks before executing a unix command (such as SSH or Telnet). This is the solaris version - The Linux version is available here.
13f3623d4cadab729d731d9c920bee3dcc06b5f67697649a85a68142852f9f6e
Slides for FX's talk at Defcon 2001 on attacking routing protocols.
68e73b3a5647139ae2a8b7ceb88bc2723866a295c5fdd1b4e948cc7d7e738e78
Snmpbrute.c is a very fast snmp brute forcer. Since it doesn't need to wait for a response, it can guess community's very fast. Tested on Slackware 3.6.
ede6eff88c71d88c2794ccb25e697d8172a81ad26b0789a338f10532bf344097
Petrovich is a GPLed filesystem integrity checker similar to Tripwire. It is written in Perl using standard perl modules available from www.cpan.org. It currently supports Base64 MD2, MD5, and SHA1 hashes. Petrovich has been tested on windows 2000, OpenBSD 2.6 - 2.8, and RedHat Linux 7.1.
f6d1536844bda3897c7a7ee1beafa6a618fa8544f48798df61fb93e8e5a76663
Winfingerprint v0.2.0 - Advanced remote windows OS detection. Current Features: Determine OS using SMB Queries, PDC (Primary Domain Controller), BDC (Backup Domain Controller), NT member server, NT Workstation, SQLServer, Novell Netware Server, Windows for Workgroups, Windows 9X, Enumerate Servers, Enumerate Shares including Administrative ($), Enumerate Global Groups, Enumerate Users, Displays Active Services, Ability to Scan Network Neighborhood, Ability to establish NULL IPC$ session with host, Ability to Query Registry (currently determines Service Pack Level & Applied Hotfixes.
4b22124cb653fd0d9ff945fcd920fd12590a43cc0067a120be6546c68cc4661b
Nmap is a utility for port scanning large networks, although it works fine for single hosts. Sometimes you need speed, other times you may need stealth. In some cases, bypassing firewalls may be required. Not to mention the fact that you may want to scan different protocols (UDP, TCP, ICMP, etc.). Nmap supports Vanilla TCP connect() scanning, TCP SYN (half open) scanning, TCP FIN, Xmas, or NULL (stealth) scanning, TCP ftp proxy (bounce attack) scanning, SYN/FIN scanning using IP fragments (bypasses some packet filters), TCP ACK and Window scanning, UDP raw ICMP port unreachable scanning, ICMP scanning (ping-sweep), TCP Ping scanning, Direct (non portmapper) RPC scanning, Remote OS Identification by TCP/IP Fingerprinting, and Reverse-ident scanning. Nmap also supports a number of performance and reliability features such as dynamic delay time calculations, packet timeout and retransmission, parallel port scanning, detection of down hosts via parallel pings. Screenshot available here.
b66d46f2fbd8e97a4a750e35af1a751650f38394d9bbf8fe0c184c027ba76590