cmd5checkpw is a checkpassword-compatible authentication program that uses the CRAM-MD5 authentication mode. It was designed primarily to work with qmail but it can be used by any other program that knows how to use checkpassword compatible authentication.
ee9f6830e73b0888bcd6c5079a9c8f15b406139b5aa6579ef6cb7b0678da5973
StacheldrahtV4 - (German for "barbed wire") combines features of the "trinoo" distributed denial of service tool, with those of the original TFN, and adds encryption of communication between the attacker and stacheldraht masters and automated update of the agents.
324f5cedf781850646c2ca7ce3d9fd632bfd7b5c9e2d7fdf2c11a660509b805c
logi.crypto is a pure Java package for strong encryption. It includes ciphers (RSA, ElGamal, DES, triple-DES, Blowfish), encryption modes (ECB, CBC, CFB, OFB), Key exchange (Diffie-Hellman, RSA, ElGamal, etc.), hash functions (MD5, SHA1), and signatures (RSA, ElGamal). Key-exchange and encryption in any mode can be applied to any InputStream and OutputStream objects.
69168e0ec61fe0d4cf720aaf52e4b278cd9addc3226616b86ad2456978203f9e
Docmirc 2 - Allows you to prefor a number of netbeui attacks. All from just 2 clicks HighLight the user name and right click. Current features include a nat frontend, portscanner,netbeui and IIS security scanning and much more.
e0d7873abbaba99343cbb99a05a3494d9d9a46c7cf0d5fec4a0f2000ca85335f
Findip.mrc is a mIRC script written in response to a BugTraq post about an AustNet vulnerability - findip determines the real host or IP of a given nick if either is cloaked behind an AustNet Virtual World account.
84435972fcbd6c9a22cc3a395fcf8e28a15a22e8160c53c8a2aa0d07d316330c
webscan.c is a fast multithreaded CGI and HTTP version scanner that is based off cgichk and can easily be updated. the cgi scanning y2k problem has been fixed in this version.
372b8f130488d7e78531ef9c5af3f4d89272bf0bea639a363479d76074b96827
virii.tgz is a collection of files that are supposedly infected by a linux/elf virus that could be out and spreading in the wild. it also contains a detailed description of the suspicious actions the virus performs and the patterns that can be found in the files.
691df8cc678c2caba81db01501a7fea033cd8923437ce4c457b094a89f4c0b82
trojans.txt is a paper that deals with methods of analyzing, debugging and disassembling unix binaries, looking for viruses, trojans and other malicious code.
2f61e64d50b8c2d733f5e9c50f4c109ea0f3666891cdbb2f2f1d557a1acfded7
rawpowr.c can access a block device containing an EXT2 file system in raw mode, changing all executables into suid executables. this demonstrates that security can easily be breached as soon as block devices are directly writable by the attacker.
f5afd86837980a670a4ef1348fba298322ae697efa523ae82d8a9196380a98bf
SPCheck is a command line utility that can be used to check the service pack and hot fixes on any NT Workstation or Server (assuming you have administrative privileges on the machine). SPCheck v.1.4 checks multiple machines and generates a web page or a comma-delimited text file that you can easily import in a spreadsheet or database program. SPCheck works by remotely connecting to the Registry of NT machines. It parses through the registry information looking at the key for the Service Pack and for the hot fix subkeys.
fefa92cd62fb08b9f2846d287a1f9e31880983f980b475ed37f7d999646c9c8e
gfcc (GTK+ Firewall Control Center) is a GTK+ application which can control Linux firewall policies and rules, based on ipchains package.
4b23414e7fbefa5a9affd21f6d9d3e4f31fd25471cd47977e307c0a5fc316d26
xinetd is a replacement for inetd, the internet services daemon. Anybody can use it to start servers that don't require privileged ports because xinetd does not require that the services in its configuration file be listed in /etc/services. It can do access control on all services based on the address of the remote host and time of access. Access control works on all services, whether multi-threaded or single-threaded and for both the TCP and UDP protocols.
a528f89a968bcdedac0b5782feecf1e96f24612b805d170deb7b06c73168b154
AIDE (Advanced Intrusion Detection Environment) is a free replacement for Tripwire(tm). It generates a database that can be used to check the integrity of files on server. It uses regular expressions for determening which files get added to the database. You can use several message digest algorithms to ensure that the files have not been tampered with.
77e4b8084e2fccdce1f43a5b385cf99c249900d85677dc057eadaca54b1d0caf
rpc.amd remote exploit with spoofed source address.
329325fa62c5fbb59239de4158cdfa9412f4a122b2491697f843abe351bd7e4c
Snort is a libpcap-based packet sniffer/logger which can be used as a lightweight network intrusion detection system. It features rules based logging and can perform content searching/matching in addition to being used to detect a variety of attacks and probes, such as buffer overflows, stealth port scans, CGI attacks, SMB probes, and much more. Snort has a real-time alerting capabilty, with alerts being sent to syslog, a seperate "alert" file, or as WinPopup messages via Samba's smbclient.
eb3ef74dbb68f330618db7c3b2af27654b28a5914760f07f9c33108db2d881f8
IPFW-FILTER-REVISION#2 - FreeBSD kernel module that allows a certain IP to bypass ipfilter firewall rules. Tested on FreeBSD 4.0-19990705-CURRENT.
027a95d705dc634b8a0987584bce303b00eba6c0f378350baaac7c490b888686