Crank is a project to provide a GUI toolkit to facilitate (and where possible, automate) the breaking of classical (pen-and-paper) cryptosystems. Initial focus is on the cryptanalysis of monoalphabetic substitution ciphers.
11d8590fd645d22db4952bf7a9556d8c93728eaa26e128a01db40b7fcd679faf
VTun is the easiest way to create Virtual Tunnels over TCP/IP networks with traffic shaping, compression, and encryption. It is a user space implementation and doesn't need modification of any kernel parts. VTun supports IP, PPP, SLIP, Ethernet, and other tunnel types. VTun is easily and highly configurable; it can be used for various network tasks like VPN, Mobil IP, Shaped Internet access, Ethernet tunnel, IP address saving, etc.
295d299fc81b7f6aad33dfa1814f44e007067b6af27cfd3a8c8e8ca8f3e7c086
OptOut - A clean and simple Spyware Detection and Removal tool for Windows. Many software now contains the Aureate (Radiate) "Spyware" software that sends some statistics on your computer use into a central server, to be used for "Marketing".
67e2c68f392c43d6a547f6f7aa73997db4014aa3edda10664e829e53493a0fc0
This Java script will cause Internet Explorer to consume 100% resources.
37fd1eabbdbe8272dd0ce763e7f8d8c888aeb4e557e21eba18d3ac7943018484
Denial of service attack against the Iris The Network Traffic Analyzer beta 1.01. Causes Iris to hang when it the traffic is examined.
5b1013b4f1ea308f0e334e50bc71d89bb6e9bad05d9e96f4c14bc650f4c4acdc
chkrootkit locally checks for signs of a rootkit. Includes detection of LKM rootkits, ifpromisc.c to check and see if the interface is in promisc mode, chklastlog.c to check lastlog for deletions, and chkwtmp.c to check wtmp for deletions. Tested on Linux, FreeBSD, Solaris, and OpenBSD.
c435fd9700ceaa071891150d6134945cfc7d03d4ae79334562567a2b0e0ccbab
The Yahoo Instant Messenger client can be caused to crash when sent a "snd=yahoo" string several times.
501c405e17d1b0172d295c37b8fe3f1c9278b4ff0d0b25da8de92f416c0fc129
Ramen-Clean is a perl script which checks to see if your system is infected with the Ramen Linux Worm, and cleans it.
ec6151123ba6ffb27be8c53ad7721d5f82d64dbd9038c509816cf188450a54c3
Debian Security Advisory DSA-018-1 - A heap overflow has been found in tinyproxy which allows remote attackers to execute commands as user nobody.
3e98c0d1d4f6e1198e269a03fda51327e5cf2860834b0eba1615ed91b1d083fd
Trojans First Aid Kit v4.5 is a client for 25 remote access trojans, which can detect and remove 481 remote access trojans. Archive password is set to p4ssw0rd. Use at your own risk.
1aeea5fe2ff7a0ee2195982c1ebffb451ac498ef20a4ee47eb81b21b6033a185
RenAttach is an e-mail filter/processor which runs from a user's .forward file. It is designed to protect end users (particularly those using Windows) from malicious e-mail attachments. It does not scan specifically for viruses, but rather renames e-mail attachments so that they can not be accidentally executed. It handles both UUencoded and MIME-encoded attachments.
09d518fd000151398079a955f6b482f4e75197864ec6f5517676a6a49d565106
PIKT is a cross-platform, multi-functional toolkit for monitoring systems, reporting and fixing problems, security management, and updating system configurations. PIKT comprises an embedded scripting language with unique, labor-saving features. Binaries available here.
df49bfd9c950c505012c5d14ff52354ce12ef434dcf693f89282890afb29e40c
Fwlogwatch analyzes the ipchains, netfilter, or iptables packet filter logfiles and generates text and HTML summaries. Features realtime anomaly alerting capability, an interactive report generator, and the ability to cut off attacks by adding firewall rules.
e4d45b21e838a1b80506887b3e9b081df98f3ba3689424b074b030466c52e1c1
Exiscan is an email virus scanner which works together with the Exim MTA and McAffee's uvscan or Trend Micro's vscan. It is written in Perl and is designed to be as subtle and lightweight as possible. The special thing about exiscan is that is does not resend messages after scanning them, so that the process is fully transparent to the MTA and requires only minimal reconfiguration of Exim.
dcc36ff6a184f5566d6c3ff981830aee163070a130687b7fc29cec396ddef8b8
Integrit is an alternative to file integrity verification programs like tripwire and aide. It helps you determine whether an intruder has modified a computer system. integrit's major advantages are a small memory footprint and simplicity. It works by creating a database that is a snapshot of the most essential parts of your computer system. You put the database somewhere safe, and you can then use it to make sure that no one has made any illicit modifications to the computer system. In the case of a break in, you know exactly which files have been modified, added, or removed.
edfc18f6b88382a2c7b6d50d62817b6fa12015e4265cfcaf4ba3507c16cc68fb
LOMAC is a security enhancement for Linux that uses Low Water-Mark Mandatory Access Control to protect the integrity of processes and data from viruses, Trojan horses, malicious remote users, and compromised root daemons. LOMAC is implemented as a loadable kernel module - no kernel recompilations or changes to existing applications are required. Although not all the planned features are currently implemented, it presently provides sufficient protection to thwart script-kiddies, and is stable enough for everyday use. Whitepaper available here.
0d6bb71c87c2370538365cb2fe36ecc897989499bd4e09686b27542d0101a6e4
Lsof is an extremely powerful unix diagnostic tool. Its name stands for LiSt Open Files, and it does just that. It lists information about any files that are open by processes currently running on the system. It easily pinpoints which process is using each network connection / open port.
b0a3b06cdc1bb110b2db01e086838f715ae231fd53fdf6db0ce9617538c43b5f
ISS Security Alert - Ramen Linux Worm. A self-propagating worm known as Ramen is currently exploiting well-known holes (wu-ftp, rpc.statd, and LPRng) in unpatched Red Hat Linux 6.2 systems and in early versions of Red Hat 7.0. In addition to scanning for additional systems and propagating to vulnerable systems, the worm also defaces Web servers it encounters by replacing the "index.html" file. It may also interfere with some networks supporting multicasting.
5fafe03a3ac411b8a7266fdb981c05bf1655ddbeb36af33ffcc0cace05e380fc
ISS Security Alert Summary for January 1, 2001 - Volume 6 Number 2. 115 new vulnerabilities were reported this month. This document has links to more information and full advisories on each. Includes: exmh-error-symlink, informix-webdriver-symlink, informix-webdriver-admin-access, zonealarm-mutex-dos, zonealarm-batfile-dos, shockwave-flash-swf-bo, macos-multiple-users, http-cgi-ikonboard, http-cgi-technote-main, xwindows-char-dos, 1stup-mail-server-bo, dialog-symlink, ibm-wcs-admin, http-cgi-technote-print, iis-web-form-submit, hpux-kermit-bo, bsguest-cgi-execute-commands, bslist-cgi-execute-commands, infinite-interchange-dos, oracle-execute-plsql, ksh-redirection-symlink, oracle-webdb-admin-access, infinite-interchange-dos, gnupg-detached-sig-modify, gnupg-reveal-private, zonealarm-nmap-scans, zonealarm-open-shares, win2k-index-service-activex, proftpd-size-memory-leak, weblogic-dot-bo, mdaemon-imap-dos, zope-calculate-roles, itetris-svgalib-path, bsd-ftpd-replydirname-bo, sonata-command-execute, solaris-catman-symlink, solaris-patchadd-symlink, stunnel-format-logfile, hp-top-sys-files, zope-legacy-names, mrj-runtime-malicious-applets, coffeecup-ftp-weak-encryption, watchguard-soho-fragmented-packets, jpilot-perms, mediaservices-dropped-connection-dos, watchguard-soho-web-auth, watchguard-soho-passcfg-reset, http-cgi-simplestguest, safeword-palm-pin-extraction, mdaemon-lock-bypass-password, cisco-catalyst-ssh-mismatch, microsoft-iis-file-disclosure, ezshopper-cgi-file-disclosure, winnt-mstask-dos, bftpd-site-chown-bo, aim-remote-bo, subscribemelite-gain-admin-access, zope-image-file, http-cgi-everythingform, http-cgi-simplestmail, http-cgi-ad, kde-kmail-weak-encryption, aolim-buddyicon-bo, aim-remote-bo, rppppoe-zero-length-dos, proftpd-modsqlpw-unauth-access, gnu-ed-symlink, oops-ftputils-bo, oracle-oidldap-write-permission, foolproof-security-bypass, broadvision-bv1to1-reveal-path, ssldump-format-strings, coldfusion-sample-dos, kerberos4-arbitrary-proxy, kerberos4-auth-packet-overflow, kerberos4-user-config, kerberos4-tmpfile-dos, homeseer-directory-traversal, offline-explorer-reveal-files, imail-smtp-auth-dos, apc-apcupsd-dos, cisco-catalyst-telnet-dos, ultraseek-reveal-path, irc-dreamforge-dns-dos, mailman-alternate-templates, markvision-printer-driver-bo, nt-ras-reg-perms, nt-snmp-reg-perms, nt-mts-reg-perms, irc-bitchx-dns-bo, ibm-db2-gain-access, ibm-db2-dos, vsu-source-routing, vsu-ip-bridging, ftp-servu-homedir-travers, cisco-cbos-web-access, watchguard-soho-get-dos, phone-book-service-bo, cisco-cbos-syn-packets, cisco-cbos-invalid-login, cisco-cbos-icmp-echo, linux-diskcheck-race-symlink, ie-form-file-upload, mssql-xp-paraminfo-bo, majordomo-auth-execute-commands, ie-print-template, aix-piobe-bo, aix-pioout-bo, aix-setclock-bo, aix-enq-bo, aix-digest-bo, and aix-setsenv-bo.
5e663d9821efd059b23f294cdfa745ad9b5a6aab6c5de4ec2febfa417d586623
nPULSE is a web-based network monitoring package for Unix-like operating systems. It can quickly monitor tens, hundreds, even thousands of sites/device s at a time on multiple ports. nPULSE is written in Perl, uses nmap as its core scanning engine, and comes with its own mini web server for extra security.
f85fbe66c2788a43ee1f11d069a16eb8e8f72a9731746fbd5ddd6f1a8f1fc3ff
Wap-nmap enables an nmap scan from a WAP enabled device and pumps the results back to the device.
8aa53e853a8fd9600bf15901535ab6a7ec62cf343cf8a35506eb31236db1f6db
Introduction to the MIPS architecture and the IRIX operating system, focusing on how to write shellcode for IRIX. Includes 3 sample shell codes. This is an updated version of the article in Phrack 56.
4ae9d1a99adae30ec567bcc47c657eb5fa712b7d9ea625abbd8747f87f01cfae
NT_security2.reg is a registry file which helps admins secure their Windows NT 4.0(ws/server) and some Win2k machines quickly and efficiently. Just to be sure that everything applies to your machine go and check all the entries. If you want to remove one entry just add ';' in front of it.
33e07cf94bbf1636acf4144b044c46f65e2cf72bdaa5e787e6a6c9bd17a3c2ee
Passive System Fingerprinting using Network Client Applications - Passive target fingerprinting involves the utilization of network traffic between two hosts by a third system to identify the types of systems being used. Because no data is sent to either system by the monitoring party, detection approaches the impossible. Methods which rely solely on the IP options present in normal traffic are limited in the accuracy about the targets. Further inspection is also needed to determine avenues of vulnerability, as well. We describe a method to rapidly identify target operating systems and version, as well as vectors of attack, based on data sent by client applications. While simplistic, it is robust. The accuracy of this method is also quite high in most cases. Four methods of fingerprinting a system are presented, with sample data provided.
bb873d3148a6748b1b8efd1e392bfed62e1e67e0d048e17472c9f51b415581b9
GuardDog is a firewall configuration utility for KDE on Linux. GuardDog is aimed at two groups of users - novice to intermediate users who are not experts in TCP/IP networking and security, and those users who don't want the hassle of dealing with cryptic shell scripts and ipchains parameters. Features an easy to use goal oriented GUI and the ability to generate ipchains scripts as output. Screenshot here.
bc6f2e991e436803feba33541d6247ae0cf592a6f0d97c8a1ca61e82f8f85071