mod_ssl provides provides strong cryptography for the Apache 1.3 webserver via the Secure Sockets Layer (SSL v2/v3) and Transport Layer Security (TLS v1). It is based on the SSL/TLS toolkit OpenSSL and supports all SSL/TLS related functionality, including RSA and DSA/DH cipher support, X.509 CRL checking, etc. Additionally it provides special Apache related facilities like DBM and shared memory based inter-process SSL session caching. per-URL SSL session renegotiations, DSO support, etc.
8d0ec271ba5a8b57a38a31609fe38ed2c151ea9ec0d364126e728cdb81fc945cAWStats is a short for Advanced Web Statistics. It's a free tool that generates advanced web (but also ftp, syslog or mail) server access statistics graphically. This log analyzer works as a CGI or from command line and shows you all possible information your log contains, in few graphical web pages. It uses a partial information file to be able to process large log files often and quickly. It can analyze log files from IIS (W3C log format), Apache log files (NCSA combined/XLF/ELF log format or common/CLF log format), WebStar and most of all web, proxy, wap servers (and even syslog, ftp servers or mail logs). Take a look at this comparison table for an idea on differences between most famous statistics tools.
044206e655ee8a88d642af8c38323392fcc4c50ee6ea04e601ff1b4c86081601Logrep is a framework for extraction and presentation of information from several kinds of logfiles. Currently Snort, Squid, Postfix, Apache, Trend Micro VirusWall, and Microsoft IIS are supported. Includes HTML reports, 2D analysis, overview page, secure communication, and bar charts.
23b7d1333a66a1c965c242d4db8423122ff9a8a4c677ddb911bf0c7152eca4b9Samhain is a file system integrity checker that can be used as a client/server application for centralized monitoring of networked hosts. Databases and configuration files can be stored on the server. In addition to forwarding reports to the log server via authenticated TCP/IP connections, several other logging facilities (e-mail, console, tamper-resistant log file, and syslog) are available. Tested on Linux, AIX 4.1, HP-UX 10.20, Unixware 7.1.0, and Solaris 2.6.
7657c537a6bc7e2a336650f2d4336be9ccf992a0b360eb1644489a0d3e326f24FLEA is a linux rootkit for all distributions.
1418ef1097de4a79f600218cad9b6a181eda2e8f9f5ed8d5e3b27b95fd6b7290iDEFENSE Security Advisory 10.03.2002 - Apache v1.3 before 1.3.27 contains a vulnerability in its shared memory scoreboard which allows attackers who can execute commands under the Apache UID to either send a (SIGUSR1) signal to any process as root, in most cases killing the process, or launch a local denial of service (DoS) attack.
1b8f434591124f806dbac5b6052e75154ad5df6e848f041cf4b42f88cb0d8f31SunOS 5.5, 5.5.1 and Solaris 2.6, 2.7, and 2.8 SPARC and SunOS 5.7 and 5.8 x86 /bin/login TTYPROMPT remote exploit.
6f38570fff5965430e3795883b29ecd89446facfe2854c27837e6d2ce22a4cc0Thor Larholm security advisory TL#004 - Microsoft Windows 98 through XP contains an overflow in the Windows Help facility which allows arbitrary code execution. Denial of service exploit information included. Demonstration available here.
bea9be97470c7487053026c3e2c1f3610d8ef2897d9cfc633dcf350e2450936cBearshare v4.0.6 and below is contains a directory traversal bug which allows remote attackers to view any file on the system by sending a specially crafted HTTP request. Exploit URL's included.
cad3d0362461a14c8ccbd95f6f1f600ac94604d550985ae00256a9005707e65cScan Associates Security Advisory - Microsoft SQL Server 7.0 and 2000 with all service packs contains an exploitable buffer overflow in the OpenDataSource function when connecting to a "Microsoft Visual FoxPro Driver". Fix available here.
26e594e72485ff41b1bc279d93df4f59a5b54c044de21868a546dfab542a2cbcBRUTUS v0.5 is a remote TCP/IP service brute forcer. It tries to break in using TELNET, FTP and POP3 protocols. Login list generation through SMTP vrfy brute-forcing is also supported.
ae062f6d34c14746efa6629ff0f71bb26b6530315949714ee106b88ce0a3b1d5WARD v1.8 is a classic war dialer - it scans a list of phone numbers, finding the ones where a modem is answering the call. WARD can generate phone numbers lists based on a user-supplied mask, in incremental or random order. Remember to change some defines to make it fit your current system configuration. WARD is one of the fastest PBX scanners around (and possibly the best for UNIX environment). Tested on OpenBSD and Linux.
de328d9308ffc5500adcca4fe49a4be425aed38f7e62550cd8043829c52709a5Microsoft Security Advisory MS02-057 - The Sun Microsystems RPC library in Microsoft's Services for UNIX (SFU) 3.0 on the Interix SDK contains three vulnerabilities, some of which allow remote code execution.
5acec35c4cedcc8aff24a306b384a7772763962d930ae71f8b073f37ff63e2fbMicrosoft Security Advisory MS02-056 - A Cumulative Patch for SQL Server 7.0, Microsoft Data Engine (MSDE) 1.0, Microsoft SQL Server 2000, and Microsoft Desktop Engine (MSDE) 2000 fix four vulnerabilities, some of which allow attackers to take complete control over the system.
3bf76166be49ef8d4f9d411cefac284e9a953d42055775e31b63ba8cd2072d44Microsoft Security Advisory MS02-055 - A remotely exploitable buffer overflow in the HTML Help facility in Windows allows remote code execution via web page or HTML email on all versions of Windows.
40085ad491b3bf7c5e066a96491cdee2d23461e4cae9eca0322bf8b25086bcb8Microsoft Security Advisory MS02-054 - On Windows 98 with Plus! Pack, Windows Me and Windows XP, the Compressed Folders feature has an unchecked buffer in the program that handles the decompressing of files from a zipped file, allowing code of the attackers choice to run.
0073160f2cd0980100428ae4c75321cad44b866e6c57d5aca764031e6e60a48aSnort is an open source network intrusion detection system, capable of performing real-time traffic analysis and packet logging on IP networks. It can perform protocol analysis, content searching/matching and can be used to detect a variety of attacks and probes, such as buffer overflows, stealth port scans, CGI attacks, SMB probes, OS fingerprinting attempts, and much more. Includes real time alerting, incorporating alerting mechanisms for syslog, a user specified file, a UNIX socket, or WinPopup messages via smbclient.
405a94e8fcc2629b63d6e303d88e32b16e4fd2363154cf2d02bd4de74d10d041Apache v2.0.43 - Apache is the most popular webserver on the Internet, and ranks well in terms of security, functionality, efficiency, and speed. Changelog available here.
340e0f3ddc87e1dd13973c52b1bc99ec86ac5b5ef5cc105cda34cc7ff32d0d93Kerberos 4 cracker.
1e2ec4124c5ea5abc860098482da56da54827ff1882ff0bc51e8a78488c36135Monkey S/Key challenge/response auditor and white paper. Works similarly in nature to Alec Muffet's CRACK. In essence it takes the md4 value in either HEX or English words and compares it to a dictionary.
91361b4f1c1136c90bd9c318b67f64854190eb95ae32e1899a0166c2aa19e602NotSync demonstrates the simplicity of obtaining and decoding the Palm system password. This version imitates the initial stages of the HotSync process via the IR port and retrieves and decodes the password of the target device.
7c3c502a14191792cb5a0b396a99c3ae44638139bd248d926f033f961fd04774Dcetest is a tool which probes a windows machine over TCP port 135, dumping MSRPC endpoint information. It can be though of as the equivalent of rpcinfo -p against a Windows box. Dcetest can also be very useful once inside a DMZ to fingerprint Windows machines on the network. Similar to the rpcdump program from Microsoft, but does not need a DCE stack and so runs on Unixes.
4a319a08ae0838234f5b6fbd0b4d2e0fac7560a7553a4e1b043527cc17032aa3Apache is the most popular webserver on the Internet, quite possibly the best in terms of security, functionality, efficiency, and speed. Changelog available here.
921d6d247d3ad958a4453d6f5d00e4c8b68b958b021542ec1ad3a6c640b4bef8Security Auditor's Research Assistant (SARA) is a security analysis tool based on the SATAN model. It is updated twice a month to address the latest threats. Checks for common old holes, backdoors, trust relationships, default cgi, common logins, open shares, and much more.
a661b9f271e0bf1ffb19d638027beb79af15e52c66aa40ddb44a06a329ede7c0
© 2022 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed