nabou is a Perl script which can be used to monitor changes to your system. It provides file integrity checking, and can also watch crontabs, suid files and user accounts for changes. It stores all data in standard dbm databases.
0c60cccfe62bccc9121edfdcd307f2ed
AIDE (Advanced Intrusion Detection Environment) is a free replacement for Tripwire(tm). It generates a database that can be used to check the integrity of files on server. It uses regular expressions for determining which files get added to the database. You can use several message digest algorithms to ensure that the files have not been tampered with.
84b608ccf5051d41a8ccfee87ced5428
IP Accounter is an IP accounting package for Linux. It collects, summarizes, and nicely displays IP accounting data. Its output can be a simple ASCII table, or graph images. Ipchains and iptables are supported. Logs are stored in files, gdbm, or even a PostgreSQL database.
28cd91725407fe4ee4d06ad8c59f9f9f
Samhain is a file system integrity checker that can be used as a client/server application for centralized monitoring of networked hosts. Databases and configuration files can be stored on the server. In addition to forwarding reports to the log server via authenticated TCP/IP connections, several other logging facilities (e-mail, console, tamper-resistant log file, and syslog) are available. Tested on Linux, AIX 4.1, HP-UX 10.20, Unixware 7.1.0, and Solaris 2.6.
c618ffeb8a3066131770171dae1ae4e7
Snort-rep is a Snort reporting tool that can produce text or HTML output from a syslog snort log file. It is intended to be used for daily e-mail reports to the system administrators. If snort v1.8+ is used, all reports contain priority information, and the HTML output contains direct links to the IDS descriptions of whitehats.com.
73e746580d3225a2f577b5b7da27a32a
The Anomy mail sanitizer is a filter designed to block email-based attacks such as trojans and viruses. It reads an RFC822 or MIME message and removes or renames attachments, truncate unusually long MIME header fields and sanitizes HTML by disabling Javascript and Java. It uses a single-pass pure Perl MIME parser, which can make it both more efficient and more precise than other similar programs and has built-in support for third-party virus scanners.
526c1b5cd1a63e22e4a0145c2b4e3466
The goal of FireStarter is to provide an easy to use, yet powerful, GUI tool for setting up, administrating and monitoring firewalls for Linux machines. FireStarter is made for the GNOME desktop. It can actively monitor your firewall and list any unauthorized connection attempts made to your machine in a readable table format.
80e101dc3b5d8ba0f539e26d08ef829d
MIME Defanger is a flexible MIME e-mail scanner designed to protect Windows clients from viruses and other harmful executables. It works with Sendmail 8.11 / 8.12 and will alter or delete various parts of a MIME message according to a flexible configuration file.
f3f8f0b81f1c116e3c811b97da08f55e
Outlook Web Access v5.5 SP4 and below contains a vulnerability which allows remote users to view files in the directory /lib. Several files can be viewed.
e286965a9f9784f4ce96810b83dc804d
The Phusion Webserver v1.0 for Windows 9x/NT/2000 contains three remote vulnerabilities which allow users to see and retrieve any file on the server. Exploit information included.
b4e2fc8e7e9cdd04853f63e4c5e9440c
Win32 port of RATS v1.3, a security auditing utility for C, C++, Python, Perl and PHP code. Source available on homepage. Added recursive directory scanning while porting.
aa56b17993d81363b6bc8da6e28157e0
Microsoft Security Advisory MS02-006 - A buffer overrun is present in all implementations of Microsoft SNMP services. Sending a malformed management request to a system running an affected version of the SNMP service, an attacker can execute code of his choice in the LocalSystem context or cause denial of service. A patch is under development to eliminate the vulnerability. In the meantime, Microsoft recommends that customers who use the SNMP service disable it. Microsoft FAQ on this issue available here.
c520e1feae7da96d7ddfb6a9f37a72de
Microsoft Security Advisory MS02-005 - A cumulative patch for IE 5.01, 5.5, and 6.0 is available which fixes six security vulnerabilities. Several of them are very serious. Microsoft FAQ on this issue available here.
483dcd8b4143066b114cce577671f610
Patch against samba 2.2.2 which allows mounting of unpatched win 9x+me machines without knowing the password. There is an option to retrieve the password very quickly too, and another to switch between the two password if both read only and read-write ones are presents.
d4841e3c82684808b62748164d5a737d
NSAT (Network Security Analysis Tool) is a fast, stable bulk security scanner designed to audit remote network services and check for versions, security problems, gather information about the servers and the machine and much more. Unlike many other auditing tools, it can collect information about services independently of vulnerabilities, which makes it "timeless", meaning it doesn't depend on frequent updates as new vulnerabilities are found.
755829bbb0427fdbc134d225577b6a17
SNScan v1.04 is a Windows GUI SNMP detection utility that can quickly and accurately identify SNMP enabled devices on a network. This utility can effectively indicate devices that are potentially vulnerable to SNMP related security threats. SNScan allows for the scanning of SNMP specific ports (e.g. UDP 161, 193, 391 and 1993) and the use of standard (i.e. "public") and non-standard (i.e. user-defined) SNMP community names. User defined community names may be used to more effectively evaluate the presence of SNMP enabled devices in more complex networks.
15a77747bf2146c15440d721f35fca0f
Wmap v1.2 is a cgi scanner that attempts to be smarter than most. To increase the chance of finding useful stuff, wmap has a file containing interesting Directories (dirs.db) and other file containing common cgi dirs (dircgis.db) to search for. If a directory is found is added to the test. This include all the directories that are found in the html tags. For each directory found, not only scans for vulnerable CGI's (cgis.db) it scan for interesting files (ex. passwords.tmp) included in the file (file.db) and does an http PUT scan.
db909b7bb866f015d9152671a46a299f
Avirt Gateway 4.2 remote exploit.
2cb24144b917c29d940aec3a793ce033
Ettercap v0.6.3.1 and below advisory and remote root exploit against Linux. Due to improper use of the memcpy() function, anyone can crash ettercap and execute code as root user.
0c82da692b29ca1a658346fc4f68b5c5
Zlister is a UNIX system administration tool designed to provide comprehensive filesystem management. The complete filesystem is listed, compressed, diff'd with the previous set and stored for reference. Time-saving tool, designed to quickly list the details of any file/directory, or of any pattern searched for. Provides comprehensive tool for filesystem searching. Supported with copious documentation. Tested on Solaris, HP/UX, and Linux.
f05c8dea1ae3f6d406a71cc3acf31fdb
This is a kernel patch to prevent stealth, fin, and rst scans. Also slows down the tcp connect scan. Tested on debian potato running 2.4.16. Tested with nmap and queso - Changes OS fingerprint.
7664c535e3f8bccb107a2265b76d9b52
Domino Hash Breaker v1.0 is a tool that tries to guess a Lotus Domino HTTP password from his hash and a dictionary file. It needs Lotus Notes R5 client installation and nnotes.dll.
3fc1b927247ecf20d8e933aca448c976
Ettercap is a network sniffer/interceptor/logger for switched LANs. It uses ARP poisoning and the man-in-the-middle technique to sniff all the connections between two hosts. Features character injection in an established connection - you can inject characters to server (emulating commands) or to client (emulating replies) while maintaining an established TCP connection! Integrated into a easy-to-use and powerful ncurses interface.
7c5449f488deb177c91b99af8687ef03