Network Traffic Analyzer (formerly known as sniffer) is designed to be an extremely powerful, configurable, and versatile tool for monitoring network traffic. It can be used as a plain sniffer, as a tool for accounting, dynamic firewall updates, and many more things. It features scripting support and an event-driven architecture.
2a3912e05cf9a52bd3afea5f9a8013210a3db30e922d20a3b6b090d9f91ebebb
DansGuardian is a web content filter which currently runs on Linux, FreeBSD, OpenBSD and Solaris. It filters the actual content of pages based on many methods including phrase matching, PICS filtering and URL filtering. It does not purely filter based on a banned list of sites like lesser totally commercial filters. DansGuardian is designed to be completely flexible and allows you to tailor the filtering to your exact needs. It can be as Draconian or as un-obstructive as you want.
f0003cc7c44bf053003f746583a595dcc3b843748cdbf0bb8475ed89a538c8f3
RPCAP is a Remote Packet Capture system. It enables you to run a packet capture program (the server) on a target computer, which will sniff the network traffic on that system, and uplink the captured packets to another host (the client), where the captured packets can be processed, analyzed and archived . The rpcap system thus consists of two separate processes, the server (or agent) which captures network traffic on a remote system, and a client, which receives and processes these packets. The server code is a standalone executable program which uses the libpcap packet capture library to capture network traffic. The client is a library called librpcap, which is linked to a user program and used on the client system in a manner identical to libpcap, to receive and process the captured packets.
bc9423ceb9e73e1b4bc2ddfd8483ebc0f006bcb4ad31602eda4b13475b5a0596
Rtdump is a version of tcpdump modified to capture traffic on remote systems and networks. It links to librpcap rather than libpcap. Apart from the additional requirements introduced by the remote capture paradigm, rtdump is identical to tcpdump in command syntax and use.
7612b9f2f2c55b9865bc449622ea8614fc7b42d351530ccf677791dbbb7157c3
Logrep is a framework for extraction and presentation of information from several kinds of logfiles. Currently Snort, Squid, Postfix, Apache, Trend Micro VirusWall, and Microsoft IIS are supported. Includes HTML reports, 2D analysis, overview page, secure communication, and bar charts.
4e765d1e6b2f97a48521f2ccb109118602a06e59be467aef7b1378894b4a9136
Packit offers the ability to monitor, manipulate and inject IPv4 (and soon IPv6) traffic (TCP/UDP/ICMP) on and into your network. This can be valuable in testing firewalls, intrusion detection systems and in general TCP/IP auditing. At the comment Packit can be run using one of two modes. packet capture, and IPv4 packet injection. Packit is dependent on libnet 1.1.0+ and libpcap and has been tested with numerous FreeBSD and Linux kernels.
ea2fcd0a0b3d8168358f5503f81d46ced5a6bc48fc9a0b78f88d32b2481ab3de
The cipherfunk Patched Linux Kernels provide patch sets that focus on security enhancements, optimizations, and bugfixes to the current stable Linux Kernel. They are suitable for workstation or high-end server use in both production and development environments.
5ef0770b74439a0e0d70f94a607274936cd7648e93aca444311a9c43428e871b
The Bastille Hardening System attempts to "harden" or "tighten" the Linux/Unix operating systems. It currently supports Red Hat and Mandrake systems, with support on the way for Debian, SuSE, TurboLinux and HP-UX. We attempt to provide the most secure, yet usable, system possible. Screenshot available here..
fb6d096a829d4241956085f69b5c3dde765b7ef522d6db5c5f2603f328ea2a3b
The Multi Router Traffic Grapher (MRTG) is a tool to monitor the traffic load on network-links. MRTG generates HTML pages containing graphical images which provide a LIVE visual representation of this traffic. Check http://www.ee.ethz.ch/stats/mrtg for an example. MRTG is based on Perl and C and works under UNIX and Windows NT.
789694b170187543e100c18ad5cd223ff4f9c46d2e0e955ffdf50fa259145563
Kismet is an 802.11b wireless network sniffer. It is capable of sniffing using almost any wireless card supported in Linux, which currently divide into cards handled by libpcap and the Linux-Wireless extensions (such as Cisco Aironet), and cards supported by the Wlan-NG project which use the Prism/2 chipset (such as Linksys, Dlink, and Zoom). Besides Linux, Kismet also supports FreeBSD, OpenBSD and Mac OS X systems. Features Multiple packet capture sources, Runtime network sorting by AP MAC address (bssid), IP block detection via ARP and DHCP packet dissection, Cisco product detection via CDP, Ethereal and tcpdump compatible file logging, Airsnort-compatible "interesting" (cryptographically weak) logging, Secure SUID behavior, GPS devices and wireless devices fingerprinting. Kismet also includes a tool called gpsmap that can be used to create maps from logged GPS data. Full changelog here.
4267968d657ec3c48333621ddfa6f1f203183b082cf08fbcd73101d2575cd1a3
Stunnel is a program that allows you to encrypt arbitrary TCP connections inside SSL (Secure Sockets Layer) available on both Unix and Windows. Stunnel can allow you to secure non-SSL aware daemons and protocols (like POP, IMAP, NNTP, LDAP, etc) by having Stunnel provide the encryption, requiring no changes to the daemon's code. Windows binaries available here.
3f292c6513d671f71f3fb635363a9f819662fc4c0989be4dc1e6ba7edbc7e14e
The Complete Trojans Text. Contents:What Is a Trojan Horse,Trojans Today,The Future Of Trojans,Anti-virus Scanners,How You Can Get Infected -From ICQ,From IRC,From attachment,From Physical Access,From Trick,How Dangerous a trojan can be,Different Kinds Of Trojans,Remote Access Trojans,Password Sending Trojans, Keyloggers,Destructive Trojans,FTP Trojans,Who can Infect you?What is the attacker looking for?How trojans work?The Most COmmon Trojan Ports,Anti-trojans software -Log Monitor,PrcView,XNetStatm,AtGuard,Conseal PC Firewall,LockDown2000,TDS. Archive password is set to p4ssw0rd. Use at your own risk.
60fb960c3356495ffadf73b60d770925f0d93995f1b5f388d491cf90d94b4dc5
N-Stealth v3.5 is a vulnerability assessment tool for Windows which scans webservers for bugs that allow attackers to gain access. Uses a database of 19,000 vulnerabilities and exploits.
f3d9cfd5d8699e4a7fd25ae3862d5e286853c68aeb7b8551bf5331421a42ef0a
Mr-Lynd0 is a log clener and an instrument to hide user or to change user and host. cleans ip user and host in log files /var/log/ and hides yourself in a linux box editing wtmp and utmp.
564386d1467a24eda7b936061486582973aa2faf5391ccf1aefa2a6eda2b0bc9
Perlbot v1.9.2 contains a remote command execution vulnerability. Fix included.
1cb46c10f809342bb6dcd5681375800119327da30ee9b0584de6fcf65a6bec19
Resolver.c finds DNS names of given IP addresses using gethostbyaddr. Tested on Linux.
f875eb7ab996896cb1465284dab1af31ee82e5c20a6c36ceb52d432cbf20155c
Windows 2000 Service Pack 3 can be crashed remotely via TCP port 135 due to a vulnerability in the DCE-RPC stack of Windows 2000 and related OS's. This vulnerability allows anyone who can connect to port 135 TCP to disable the RPC service. Disabling the RPC service causes the machine to stop responding to new RPC requests, disabling almost all functionality. Proof of concept available here.
542a8cc5b49599b1ff7b27bc7d61b0fce3dc381c63264d8103928579a9a3db5a
Hgod is a small denial of service tool which runs on Windows 2000 and XP and sends several types of packet floods.
cd4c3c139e0b67f3f2858226ab5fef95d29d2d65e371699023710137716b85e6
Allinone.c is a backdoor which is a http server, a sockets transmit server, a shell backdoor, a icmp backdoor, a bind shell backdoor, a http shell, copy file from remote host, can use a socks5 proxy.
8f201af10c9ea8b56334a03fde6e27f55687f913f7e789605ebcb8bfbb2472e3
PlanetDNS v1.14 remote buffer overflow exploit which sends 6K of data to port 80 of PlanetWeb.
f9b9023362601fc0dd91c3c2596c3a5dbacc94a522db51d9b2b684122fa16bb3
Perlbot v1.0 contains a remote command execution vulnerability. Fix included.
a453005144ff53b47232f667cab07fb558ce2faef8d863776417f5133da7ecac
Molly v0.5, a simple IRC bot, has a remote command execution vulnerability.
de62902cfd60d5669ce7aa5ae775c74b939aa91c990f1a6f94003714552a1f80
TCP Port Scanner, by Cellat
50931289409820908177caafbda572a94d38f191c874d0108e7d58dce13a4aa8
291 byte BSD ptrace shellcode which injects a bindcode into the ppid, useful for breaking chroot.
6550b1322a482de0869c99df39964fef13a59b4b140fc85adee39bda14d4dcaf
Hackbot v2.14 is an host exploration tool and banner grabber. It scans hosts for FTP banners, SSH banners, Open Relays, EXPN and VRFY options, more than 200 common CGI vulnerabilities and common indexable directories, NT unicode vulnerabilities and NT nimda infections.
1a35fc593b830443865629022963080c2a7ec60a4bc217fd12e1071e7e4610db