Kismet is an 802.11b wireless network sniffer. It is capable of sniffing using almost any wireless card supported in Linux, which currently divide into cards handled by libpcap and the Linux-Wireless extensions (such as Cisco Aironet), and cards supported by the Wlan-NG project which use the Prism/2 chipset (such as Linksys, Dlink, and Zoom). Besides Linux, Kismet also supports FreeBSD, OpenBSD and Mac OS X systems. Features Multiple packet capture sources, Runtime network sorting by AP MAC address (bssid), IP block detection via ARP and DHCP packet dissection, Cisco product detection via CDP, Ethereal and tcpdump compatible file logging, Airsnort-compatible "interesting" (cryptographically weak) logging, Secure SUID behavior, GPS devices and wireless devices fingerprinting. Kismet also includes a tool called gpsmap that can be used to create maps from logged GPS data. Full changelog here.
58841c5ea62ff35044a0c96cd73420569272aeaeadf15d133444cdd183c5e58e
IP Accounter is an IP accounting package for Linux. It collects, summarizes, and nicely displays IP accounting data. Its output can be a simple ASCII table, or graph images. Ipchains and iptables are supported. Logs are stored in files, gdbm, or even a PostgreSQL database.
d529514ca86f53f756ac1e2ffb9173c643090b75add154a9d849adc8c6903ff0
DSINet Security Advisory DSINET-SA-02-01 - Web-CyrAdm v0.5.2 and below contains a remote denial of service vulnerability.
ba242380d4f682e24aac783eb1cde075f23c147ef23b9fa049411c4356f3f841
Efs_local.c is a stack based local root buffer overflow exploit for Linux/x86. Tested against Gentoo Linux 1.4-rc1, RedHat Linux 8.0, and Slackware Linux 8.0 and 8.1.
10a4e86143fae5d4e2bb104454a83029d59958991655fd1343111fd4877b96ad
Firewall Builder consists of object-oriented GUI and set of policy compilers for various firewall platforms. In Firewall Builder, firewall policy is a set of rules, each rule consists of abstract objects which represent real network objects and services (hosts, routers, firewalls, networks, protocols). Firewall Builder helps user maintain database of objects and allows policy editing using simple drag-and-drop operations. Firewall Builder can be used to manage firewalls built on variety of platforms including, but not limited to, Linux running iptables and FreeBSD or Solaris running ipfilter.
be2ad72a5f7e58bec5e293f07cddf1c771191addf410c6a726252e11b9718624
Mixmaster is an anonymous remailer which provides protection against traffic analysis and allow sending electronic mail anonymously or pseudonymously. It is every unix using citizens civic duty to run a remailer and help ward off the evil forces of censorship. It is a well known fact that running a remailer will make you automatically cool.
dc4fcffb0cd3a0dc6875bece51bd58b8bf3fdf930b6ed0f2dbe26db56a581e53
Incident.pl is a small script which, when given syslogs generated by snort or other tools, can generate an incident report for events that appear to be attempted security attacks, gather information on the remote host, and report the attack to the appropriate administrators.
94727682cc12dced9d7ffa50e8436c87b0d5e89def9f32c37727cfcad072daef
WifiScanner is an analyzer and detector of 802.11b stations and access points which can listen alternatively on all the 14 channels, write packet information in real time, search access points and associated client stations, and can generate a graphic of the architecture using GraphViz. All network traffic may be saved in the libpcap format for post analysis. It works under Linux with a PrismII card and with the linux-wlan driver.
f269f212c20055db7cca7e48e8928cd7e2c5a799c2b39a04d9ce52edbab9c15d
Local proof of concept for non-setuid binary /bin/sfxload which overflows the $HOME environment variable. Tested on Red Hat 7.0 and 7.2. Other setuid programs may call this binary, leading to privilege escalation.
fba83a1d7358cb4bbde5773a64e9b9700c008093044e9eb8b18d983f0b18adb3
The Linux-kernel security patch for kernel v2.4.20 includes security improvements that implement random PIDs, random port numbers for IPv4, NAT, and IPv6, and enhanced random numbers for networking. Patch for kernel 2.4.19 is also available.
6f102e4e2251dea6bab82965b32acee2a2adf66b4f4402ecb74b9243577c3a89
Amap is a scanning tool that allows you to identify the applications that are running on a specific port. It does this by connecting to the port(s) and sending trigger packets. These trigger packets will typically be an application protocol handshake (i.e. SSL). Amap then looks up the response in a list and prints out any match it finds. Adding new response identifications can be done just by adding them to an easy-to-read text file. With amap, you will be able to identify that SSL server running on port 3445 and some oracle listener on port 233!
81509d637b18008571d20a69abeb7186061b19f044b882b42974720a61efebdf
Cups-1.1.17 and below remote denial of service exploit. Tested against Red Hat Linux 7.0 and 7.3.
06b5099910189dc6cc9b50a2ea27515f24becd3bf3b677bd9981ee2dec92f31b
Wmap v1.3 is a cgi scanner that attempts to be smarter than most. To increase the chance of finding useful stuff, wmap has a file containing interesting Directories (dirs.db) and other file containing common cgi dirs (dircgis.db) to search for. If a directory is found is added to the test. This include all the directories that are found in the html tags. For each directory found, not only scans for vulnerable CGI's (cgis.db) it scan for interesting files (ex. passwords.tmp) included in the file (file.db) and does an http PUT scan.
ac3b777a7381abf8276557c6f9dd8e715134d18322a8f3c05dc95e3bee0f5fe2
Putty v0.52 and below remote exploit which is a fake ssh server to exploit connecting putty clients. Downloads and executes an attacker supplied URL. Tested on linux and Cygwin against putty 0.52 running on WinXP and Win2000.
ea55431a7edf4385d9cf0057092c53eb171bc0bbe707f33ad5a241852b5dadbe
CST is a java based web scanner that scans using a database of scripts (user editable). The sample databases included contains +1600 possibly vulnerable scripts/dirs. You can scan with or without a proxy server. The scanner has 11 different Anti-IDS tactics and sends fake "X-Forwarded-For:", "Referer:" and "User-Agent:" headers to hide your scan even more. You can also specify a wait time between 2 script fetches. The scanner uses HEAD requests instead of GET for faster scanning, and has support for scanning virtual hosts. You can also specify another port to scan instead of the standard port 80. The scanner outputs the scripts/dirs that return a 200, 403 or 401 HTTP code and outputs the webserver software. A full and comprehensive manual is included.
ed1ed005823058fb585949b6d3946ff5897c5e5582d334a7717c3cc986dc9e71
Phrack Magazine Issue 60 - In this issue: Tool Armory, Smashing the kernel stack for fun and profit, Burning the bridge - Cisco IOS exploits, Static kernel patching, Big loop integer protection, Basic integer overflows, SMB/CIFS by The Root, Firewall spotting with broken CRC, Low cost and portable GPS jammer, Traffic lights, Phrack Loopback, and Linenoise.
3690f5a1d901b67fc582fd34d7b25039745141927e2147844a3da68dba7d9570
Kismet is an 802.11b wireless network sniffer. It is capable of sniffing using almost any wireless card supported in Linux, which currently divide into cards handled by libpcap and the Linux-Wireless extensions (such as Cisco Aironet), and cards supported by the Wlan-NG project which use the Prism/2 chipset (such as Linksys, Dlink, and Zoom). Besides Linux, Kismet also supports FreeBSD, OpenBSD and Mac OS X systems. Features Multiple packet capture sources, Runtime network sorting by AP MAC address (bssid), IP block detection via ARP and DHCP packet dissection, Cisco product detection via CDP, Ethereal and tcpdump compatible file logging, Airsnort-compatible "interesting" (cryptographically weak) logging, Secure SUID behavior, GPS devices and wireless devices fingerprinting. Kismet also includes a tool called gpsmap that can be used to create maps from logged GPS data. Full changelog here.
bf57bdba2faff2d72c22509caad8cc4d79f26bff1b59d0fe40b015cfd2a8f913
Stunnel is a program that allows you to encrypt arbitrary TCP connections inside SSL (Secure Sockets Layer) available on both Unix and Windows. Stunnel can allow you to secure non-SSL aware daemons and protocols (like POP, IMAP, NNTP, LDAP, etc) by having Stunnel provide the encryption, requiring no changes to the daemon's code. Windows binaries available here.
61e51010a9f5607ef22ee081ec9779a36b84263324c21ccfbf0333aafc617056
HAP-Linux is a collection of security related patches which are designed to be applied after Solar Designers Openwall patches are installed. Changes include some extra information in the printks, and the ability to allow hard links to files you don't own which are in your group, and the ability to follow links & pipes in +t directories if they are not world-writable. This is useful for getting various daemons to run chrooted as a non-root user, and some secure drop- directory stuff.
ec95d399e782ae50089db7bae0321094d5c149714e53f397be0590e26494cd10
Nmap is a utility for port scanning large networks, although it works fine for single hosts. Sometimes you need speed, other times you may need stealth. In some cases, bypassing firewalls may be required. Not to mention the fact that you may want to scan different protocols (UDP, TCP, ICMP, etc.). Nmap supports Vanilla TCP connect() scanning, TCP SYN (half open) scanning, TCP FIN, Xmas, or NULL (stealth) scanning, TCP ftp proxy (bounce attack) scanning, SYN/FIN scanning using IP fragments (bypasses some packet filters), TCP ACK and Window scanning, UDP raw ICMP port unreachable scanning, ICMP scanning (ping-sweep), TCP Ping scanning, Direct (non portmapper) RPC scanning, Remote OS Identification by TCP/IP Fingerprinting, and Reverse-ident scanning. Nmap also supports a number of performance and reliability features such as dynamic delay time calculations, packet timeout and retransmission, parallel port scanning, detection of down hosts via parallel pings.
aa3edc6058a3a326d43fe9d3b245719bb78fb5549c1a7baad0dc6f381b176ef6
Efshit is an exploit for the efstool vulnerability. Unlike other exploits for this vulnerability, Efshit is robust, has a wide range of attack options, incorporates brute forcing, and actually works.
832cf510139b6658abbfd12c0a8fc81a46eea6532be15b619d2c7bf4e3854b9e
Lookout.c watches utmp and executes a specified command when a certain user logs in.
166042e8d3d6caa0c2f7106191e596206f645e94fc36c5f2b2fa7e29bbaa1aba
Email Security through Procmail 1.137 - Email Security through Procmail attempts to address the trend towards "enhancing" email clients with support for active content, which exposes end-users to many and varied threats, by "sanitizing" email: removing obvious exploit attempts and disabling the channels through which exploits are delivered. Facilities for detecting and blocking Trojan Horse exploits and worms are also provided.
5835b37fa391d7f8b9c86f8d02e7ae80e677ffe9aa99a75bb00380be8f5fb085
The VisNetic WebSite Server for Windows v3.5.13.1 and below contains a remote denial of service vulnerability which can be exploited by sending a 5000 character URL.
3c584629b51d943bbf04163d06512c711249ee635d947585e6b48ef586d7e361
FTP clients, including those that may be embedded in web clients, can be vulnerable to certain directory traversal attacks by modified FTP servers. If successful, the attacks could allow the server to overwrite or create arbitrary files outside of the client's working directory, subject to file/directory permissions and the privilege level of the client. Vulnerable clients include wget-1.8.1, OpenBSD 3.0 ftp, and Solaris 2.7 and 2.7 ftp.
e04b3f39784fb43911484c74fae121e90aac99afd0985873bce51157ed79afb2