NEAT is a script language driven exploit/vulnerability management tool that does active penetration testing. This is a pre-release with documentation and code snippets. NEAT is similar to raccess but is more sophisticated.
3504b18ed44995a578ca6d94d649f0788ec9ab3b7e95519729b758e51dae3931
Neolock is a tool that is a combination of console security locking tool (vlock) matrix console screensaver (cmatrix). Provides more discreet and nicer console locking.
01937d9fa051df13c9c2ce9e53868292bbdcdbd54089efe33b5a92a62ebed84f
Illeech is a collection of search engine harvesting scripts (google/altavista).
de59bef71023f82b82ba35921b16bbc0df99d1434b1f29cd532ce50cdceb5b58
LibMix is a library that provides an API for various useful functions, including an AES encryption interface, various network front-ends and low level datagram functions, as well as functions for string manipulations and other miscellaneous utility functions. It also includes functions to transmit encrypted data via stateless spoofed datagrams (tfntransmit/tfnread).
3ede82477a74c9bed8a16871140f28014546d82ae8bb96930b6d37e11009edbf
Q v2.4 is a client / server backdoor which features remote shell access with strong encryption for root and normal users, and a encrypted on-demand tcp relay/bouncer that supports encrypted sessions with normal clients using the included tunneling daemon. Also has stealth features like activation via raw packets, syslog spoofing, and single on-demand sessions with variable ports.
2d8a95a485190f541768a388e0121ea5d72b3a2fef27146e83365acda245229d
iSSL is a library offering a minimal cryptographical API that uses the ciphers RSA and AES to establish SSL-alike, secure encrypted communications between two peers communicating through a network socket, including session key generation and public key exchange.
c7b076983ae443493c28658e3f700e1ee7cb1fe373f4da1f97a31184309e9977
LibMix is a library that provides an API for various useful functions, including an AES encryption interface, various network front-ends and low level datagram functions, as well as functions for string manipulations and other miscellaneous utility functions. It also includes functions to transmit encrypted data via stateless spoofed datagrams (tfntransmit/tfnread).
e91e91671ec8107ea5c701f575aa40fbaca42f747a3f260f3c34ab05a4de7de7
Introduction to programming in C - Written with the goal of letting people get the most knowledge as fast as possible from it.
9439ef84c7e9724856d38b8067ccdb5e81490db2fac03db7cd2b1ac0b573b0fd
md5bd.c is a shell server/backdoor that uses a md5 encrypted password to authenticate, therefore the password cannot be retrieved from the server.
a4877757ba86f16bd156b9e926a303adac81bca585de68a7f81d07662984df4f
Ping Analysis Tool II (PAT) performs icmp echo scans on a range of ip addresses as fast as physically possible. Features a dual-threaded scanning process and allows you to scan from a list of IP's.
8439bbaf530edef8540c0a91d5e8db14e343611eef1a9c0d9de2ea4f516e736e
LibMix v1.08 is a library that provides an API for various useful functions, including an AES encryption interface, various network front-ends and low level datagram functions, as well as functions for string manipulations and other miscellaneous utility functions. It also includes functions to transmit encrypted data via stateless spoofed datagrams (tfntransmit/tfnread).
4aae1256a63683a1da1511ff27fa8a427aebb21600240b29bc77fc7dd95c9c78
nbnbs.c is a NetBIOS name bulk security scanner for unix. It does long-range network scans for NetBIOS names (Windows and UNIX Samba servers) and logs positives. Based off of nbname.c by mynock and ADM.
77d520ec6b6eb6156335fd5b225da0e5207d28fdb14cf91ee8d8c0764e0f58d8
Q v2.0 is a client / server backdoor which features remote shell access with strong encryption for root and normal users, and a encrypted on-demand tcp relay/bouncer that supports encrypted sessions with normal clients using the included tunneling daemon. Also has stealth features like activation via raw packets, syslog spoofing, and single on-demand sessions with variable ports.
708411ad4b73a24961baed61737827818d04eda970f7ae85a0b814d5bf7def52
LibMix v1.07 is a library that provides an API for various useful functions, including an AES encryption interface, various network front-ends and low level datagram functions, as well as functions for string manipulations and other miscellaneous utility functions. It also includes functions to transmit encrypted data via stateless spoofed datagrams (tfntransmit/tfnread).
81abb26a06a625cf09c0cef212cb1b761809502154a107cc2d39b61ff2b266a2
LibMix v1.05 is a library that provides an API for various useful functions, including an AES encryption interface, various network front-ends and low level datagram functions, as well as functions for string manipulations and other miscellaneous utility functions. It also includes functions to transmit encrypted data via stateless spoofed datagrams (tfntransmit/tfnread).
a43c83e60f1526ed38138346b9102a4cb27bc1531e235eb0bd78c583dea8a013
Coding in C - a summary of some popular mistakes. Most of them are not detected at compile time with all warnings enabled, which makes them very nasty and hard to detect.
737d50616c03d55f8e032bb3348892b062e5ced53d2c378786dbda33ef725c28
shlog.c is a small program that will do getpeername on its input descriptor, and log a remote host, if it is invoked via a remote session, along with uid/gid to syslog. can be used as additional logging tool for login shells (by putting it into the system profile).
bd42d52088d6edf926cf9b9ece53c386df3616f092ad9588f1a8757e43cc353f
pcfs.c is a tool that creates a fake CFS (cryptographic file system) encrypted directory tree, which is reasonable indistinguishable from a real CFS directory. It proves that just having a CFS styled directory doesn't prove it actually contains real encrypted data.
cb278ff823f8b81b672492dcb35960e85ed6420efa14288465dab6f4d48d20ae
webscan.c is a fast multithreaded CGI and HTTP version scanner that is based off cgichk and can easily be updated. the cgi scanning y2k problem has been fixed in this version.
372b8f130488d7e78531ef9c5af3f4d89272bf0bea639a363479d76074b96827
virii.tgz is a collection of files that are supposedly infected by a linux/elf virus that could be out and spreading in the wild. it also contains a detailed description of the suspicious actions the virus performs and the patterns that can be found in the files.
691df8cc678c2caba81db01501a7fea033cd8923437ce4c457b094a89f4c0b82
trojans.txt is a paper that deals with methods of analyzing, debugging and disassembling unix binaries, looking for viruses, trojans and other malicious code.
2f61e64d50b8c2d733f5e9c50f4c109ea0f3666891cdbb2f2f1d557a1acfded7
rawpowr.c can access a block device containing an EXT2 file system in raw mode, changing all executables into suid executables. this demonstrates that security can easily be breached as soon as block devices are directly writable by the attacker.
f5afd86837980a670a4ef1348fba298322ae697efa523ae82d8a9196380a98bf
Stasis is a tool to fool atime/mtime timestamp checking. It records the timestamp of files, then periodically finds atime/mtime changes and restores the old timestamps, as if the files were never accessed / changed.
eb63609efc1350e5ecc18faffda1b59339dc10d5a460127fa971feb32673d225
Intrusion Detection Evasion System is a daemon that monitors connections, and forges additional packets to hide from and disturb network monitoring processes of IDS and sniffers. It does this by inserting rst/fin and ack packets with bogus payloads and invalid sequence numbers that only affect network monitors. It also sends a custom amount of SYN requests from arbitrary sources on every real connection attempt it sees, which can for example be used to simulate coordinated scans.
70928c72e9594e3b31e86cabaaf959e292ac9e456f7add9f9d4fb015debc78bc
Q 1.0 is a client / server backdoor which features remote shell access with strong encryption for root and normal users, and a encrypted on-demand tcp relay/bouncer that supports encrypted sessions with normal clients using the included tunneling daemon. Also has stealth features like activation via raw packets, syslog spoofing, and single on-demand sessions with variable ports. This version is downward compatible and includes a few bugfixes that make the remote access daemon work reliably.
35ffdfbefeac850bb2ce4ff8a3613dbf68aaa7ef7147b5b4a9a14bcbff725692