The SMB Auditing Tool is a password auditing tool for the Windows and the SMB platform. It makes it possible to exploit the timeout architecture bug in Windows 2000/XP, making it extremely fast to guess passwords on these platforms. Running a large password file against Windows 2000/XP, shows statistics up to 1200 logins/sec. This means that you could run a commonly used English dictionary with 53 000 words against a server under a minute. Supports SMB over Netbios and native SMB over tcp port 445. Compiles on Linux, BSD, and Cygwin.
1e3300ae5e5ea40279f6d80a3ed0fccb68f2cde69c5f19250d5446805f317df0
Zap3.c cleans WTMP, UTMP, lastlog, messages, secure, xferlog, httpd.access_log, httpd.error_log. Check your log file and edit the source accordingly. Tested in Mandrake 7.2 and 8.0.
ddd7dd5733de189aa0a69ac6afdd5c760c285b48f1e5c5ea29875d8409b854cb
Mac OS X v10.1 and below contains a local root vulnerability which allows logged in users to get a root shell by running a specific series of applications. More info here.
46aabb3e472e54612654c559a4bc57f5adf76fa15eb0274b3c38f0cc2b38d0d4
Proton is a proxy tunneling application for Windows which supports SOCKS v4 and 5. When a connection is established with ProTon, it'll create a chain of proxy connections through many proxy servers until it reaches its destination.
27104ef1de57bf20b8aa3728a86e95510f4276a665e4bdee266013fce9718aa2
Lsof is an extremely powerful unix diagnostic tool. Its name stands for LiSt Open Files, and it does just that. It lists information about any files that are open by processes currently running on the system. It easily pinpoints which process is using each network connection / open port. FAQ available here.
1e39c392e1016b61346c7830245b6b687bbb0fe67fc1d4576878af2447c25ac0
Samhain (stable branch) is a file system integrity checker that can be used as a client/server application for centralized monitoring of networked hosts. Databases and configuration files can be stored on the server. In addition to forwarding reports to the log server via authenticated TCP/IP connections, several other logging facilities (e-mail, console, tamper-resistant log file, and syslog) are available. Tested on Linux, AIX 4.1, HP-UX 10.20, Unixware 7.1.0, and Solaris 2.6.
92952b60551212215a3ff7938055c795c0c7cf7520c9ecfa02d8165549e7e816
The Openwall Linux kernel patch is a collection of security "hardening" features for the Linux kernel which can stop most 'cookbook' buffer overflow exploits. The patch can also add more privacy to the system by restricting access to parts of /proc so that users may not see what others are doing. Also tightens down file descriptors 0, 1, and 2, implements process limits and shared memory destruction.
27be7ee7003f92bb269f8c06f2f5b50f031cf87b73e9625e13dc8557c28755c3
Proof of concept netkit-0.17-7 local root exploit. Exploits buffer overflow in the AYT handling of in.telnetd, due to bad logic in the handling of snprintf().
07af0ba46d6de20ca342e399bb7aa78397e7c268f742d6e103c05772650f39da
HAP-Linux is a collection of security related patches which are designed to be applied after Solar Designers Openwall patches are installed. Changes include some extra information in the printks, and the ability to allow hard links to files you don't own which are in your group, and the ability to follow links & pipes in +t directories if they are not world-writable. This is useful for getting various daemons to run chrooted as a non-root user, and some secure drop- directory stuff.
0606ce0041917ab33a0b71bce0ad1540aa2deb46952477f11f0692d76c5afc46
The Openwall Linux kernel patch is a collection of security "hardening" features for the Linux kernel which can stop most 'cookbook' buffer overflow exploits. The patch can also add more privacy to the system by restricting access to parts of /proc so that users may not see what others are doing. Also tightens down file descriptors 0, 1, and 2, implements process limits and shared memory destruction.
e01a3bfee12ea89cb9334e05f90bbe2f39bf5239fcfc5e7946664dbdb915c6fc
GnoScan is a multi-threaded network scan and security utility with an intuitive graphical user interface. It runs under GNOME. This is not the world's first port scanner, but certainly one of the most easy ones to use.
1234ce122d16aef5618475fbc813993283391b05a7f5f817cc40a970cbced999
Ipfw-graph displays a graphical overview of the amount of bytes going through your FreeBSD ipfw-rules and a piled overview of the percentage based on which rule it happened.
445cc53409fdf516cf5fb1af20253331265a2fdc9e36c81458fa9389da3fcaca
Ethereal is a GTK+-based network protocol analyzer, or sniffer, that lets you capture and interactively browse the contents of network frames. The goal of the project is to create a commercial-quality analyzer for Unix and to give Ethereal features that are missing from closed-source sniffers. Screenshot available here.
41665c8dc7ea0746a504ecf19cc4a77f307fed8ffc8c1d1bac3d4b2a19710780
Incident.pl is a small script which, when given syslogs generated by snort or other tools, can generate an incident report for events that appear to be attempted security attacks, gather information on the remote host, and report the attack to the appropriate administrators.
f3d2808aedba283d932feccb92c56fc6400bf41a09006aa8dab2182362aec3ca
Firewall Builder consists of object-oriented GUI and set of policy compilers for various firewall platforms. In Firewall Builder, firewall policy is a set of rules, each rule consists of abstract objects which represent real network objects and services (hosts, routers, firewalls, networks, protocols). Firewall Builder helps user maintain database of objects and allows policy editing using simple drag-and-drop operations. Firewall Builder can be used to manage firewalls built on variety of platforms including, but not limited to, Linux running iptables and FreeBSD or Solaris running ipfilter.
56427fb7fe0bb13b185e6ab52a016f4c7ec66424a49639c32ffc4708631d711a
Netdude is the NETwork DUmp data Displayer and Editor for tcpdump tracefiles. It is a GUI-based tool that allows you to make detailed changes to packets in tcpdump tracefiles. It can set the value of every field in IP, TCP, and UDP packet headers, copy, move, and delete packets in the tracefile, and fragment and reassemble IP packets. Netdude addresses the need for a tool that allows developers of networking code to easily create specific traffic patterns in order to test features of their software. Tested on Linux and FreeBSD.
f34961b4787080babac787618b4f2457859ed5b6ef94719455a03419aec8131a
SPIKE is an attempt to write an easy to use generic protocol API that helps reverse engineer new and unknown network protocols. It features several working examples. Includes a web server NTLM Authentication brute forcer and example code that parses web applications and DCE-RPC (MSRPC).
7e69f5a7ea1c2db4f13b9a857608b55c2483d9a7cac5201fa6c77932596fff0e
Sharefuzz is a shared library which automatically detects environment variable overflows in Unix systems. This tool can be used to ensure all necessary patches have been applied, or as a reverse engineering tool.
0480a8b835c431bca82601dd41dc51c21bcc45bbe1255266dc0b363224021c64
Dcetest is a tool which probes a windows machine over TCP port 135, MSRPC endpoint information. It can be though of as the equivalent of rpcinfo -p against a Windows box. Dcetest can also be very useful once inside a DMZ to fingerprint Windows machines on the network.
ffbb04526ee0bf44a9473b3dcc612da556022d5a3544d152f88fba267258ba75
mod_ssl provides provides strong cryptography for the Apache 1.3 webserver via the Secure Sockets Layer (SSL v2/v3) and Transport Layer Security (TLS v1). It is based on the SSL/TLS toolkit OpenSSL and supports all SSL/TLS related functionality, including RSA and DSA/DH cipher support, X.509 CRL checking, etc. Additionally it provides special Apache related facilities like DBM and shared memory based inter-process SSL session caching. per-URL SSL session renegotiations, DSO support, etc.
258d6de5c22c0dd6882ba379b29ecf97f133631f9c1b14f950ae016c6034b098
Apache is the most popular webserver on the Internet, quite possibly the best in terms of security, functionality, efficiency, and speed.
a62d1ce96e01b798f8d6ef33269508e96d8d8149f2d068dcc212d1697a82d06d
Samba prior to v2.0.8 local root exploit. Tested against Red Hat 5.1 - 7.0.
3559da9478ef6e2ad5bec74cb1fb9c968334a18bfaaedcff07c6f53c7ef83ec8
PIKT is a cross-platform, multi-functional toolkit for monitoring systems, reporting and fixing problems, security management, and updating system configurations. PIKT comprises an embedded scripting language with unique, labor-saving features. Binaries available here.
edb5d5aab3099948e83989762565afb9b9c5f76aa40ff518d84b1eb309eab40f
Horus is a tool for "third host" or "dumbhost" scanning. It can provide very stealth-ed portscans by using another source address in the SYN-packets of the portscan. This method will be almost invisible to the target host, since no direct connection is made from your computer to the target system. Tested on Linux.
a9d3745c610339116db47b8dc13f892e8cda110fce3eb01cd5f25189b6ff8b04
ISS has discovered a remote Denial of Service (DoS) vulnerability in Citrix MetaFrame. Citrix MetaFrame is an application server that works with Windows Terminal Services. This vulnerability causes a MetaFrame installation to crash or blue screen and requires an affected system to be restarted manually. No local access is needed to exploit this vulnerability.
4ac34a8787598472e233d32474352c12be8616df6bec830ac5dd73fd29b0f80d