Section: .. / UNIX / audit /
| /// File Name: |
its4-1.1.1.tgz |
Description:
|
ITS4 scans C and C++ source code, looking for function calls that have potential security vulnerabilities. For some calls, ITS4 tries to perform some code analysis to determine how risky the call is. In each case, ITS4 provides a problem report, including a short description of the potential problem and suggestions on how to fix the code.
| | Homepage: | http://www.cigital.com/services/its4/ | | File Size: | 59870 | | Last Modified: | Nov 17 04:02:18 2000 |
| MD5 Checksum: | 2c0373fa2b5c82ea8f238aa051d3c09e |
|
| /// File Name: |
chkrootkit-0.17.tar.gz |
Description:
|
chkrootkit V. 0.17 locally checks for signs of a rootkit. Includes detection of LKM rootkits, ifpromisc.c to check and see if the interface is in promisc mode, chklastlog.c to check lastlog for deletions, and chkwtmp.c to check wtmp for deletions. Tested on Linux, FreeBSD, and Solaris.
| | Author: | Nelson Murilo | | Homepage: | ftp://ftp.pangeia.com.br/pub/seg/pac/ | | Changes: | Add tests for new and popular variations of rootkits, including Tornkit. Now attempts to identify LKM rootkits. | | File Size: | 10833 | | Last Modified: | Sep 20 18:14:26 2000 |
| MD5 Checksum: | c5e3bb37172ce1b2a605fa53064dac0d |
|
| /// File Name: |
freev_v300_linux386.tar.gz |
Description:
|
FreeVeracity is a general-purpose data integrity tool that uses cryptographic hashes to detect changes in files. This is the GNU/linux version, FreeBSD, NetBSD, and OpenBSD versions available here.
| | Homepage: | http://www.freeveracity.org | | File Size: | 508282 | | Last Modified: | Aug 28 15:27:10 2000 |
| MD5 Checksum: | bd7ffa307736f3a400767f81a2627879 |
|
| /// File Name: |
chkrootkit-0.16.tar.gz |
Description:
|
chkrootkit V. 0.16 locally checks for signs of a rootkit. Includes ifpromisc.c to check and see if the interface is in promisc mode, chklastlog.c to check lastlog for deletions, and chkwtmp.c to check wtmp for deletions. Tested on Linux 2.0.x, 2.2.x and FreeBSD 2.2.x, 3.x and 4.0.
| | Author: | Nelson Murilo | | Homepage: | ftp://ftp.pangeia.com.br/pub/seg/pac/ | | Changes: | Add tests for new and popular variations of rootkits, better port for Solaris and performance patches. | | File Size: | 9536 | | Last Modified: | Jul 17 18:37:08 2000 |
| MD5 Checksum: | eb14969d932d3bfa502fd40ecdc9ce35 |
|
| /// File Name: |
chkrootkit-0.15.tgz |
Description:
|
chkrootkit V. 0.15 locally checks for signs of a rootkit. Includes ifpromisc.c to check and see if the interface is in promisc mode, chklastlog.c to check lastlog for deletions, and chkwtmp.c to check wtmp for deletions. Tested on Linux 2.0.x, 2.2.x and FreeBSD 2.2.x, 3.x and 4.0.
| | Author: | Nelson Murilo | | Homepage: | ftp://ftp.pangeia.com.br/pub/seg/pac/ | | Changes: | lrk5 detection, Sun/Solaris support, and Red Hat fixes. | | File Size: | 8468 | | Last Modified: | Jul 4 02:37:50 2000 |
| MD5 Checksum: | 918d81248d226f08f3d96f0f27fde3d4 |
|
| /// File Name: |
chklastlog.c |
Description:
|
chklastlog.c v1.3 checks lastlog and wtmp for signs of tampering. It will detect most log wiping programs, such as z2 and zap.
| | Changes: | Linux/FreeBSD port, new Red Hat compatibility. | | File Size: | 2171 | | Last Modified: | Jul 4 02:21:47 2000 |
| MD5 Checksum: | ec7e4916679ab5a52db61c032fe711af |
|
| /// File Name: |
chkwtmp.c |
Description:
|
Chkwtmp v1.1 checks /var/log/wtmp for signs of deletion, such as use of zap or z2 or similar log wiping programs. See also chklastlog.c
| | Changes: | Linux/FreeBSD port by Nelson Murilo. | | File Size: | 1565 | | Last Modified: | Jul 4 02:15:39 2000 |
| MD5 Checksum: | fce4743b75085d417016f7dc81d8bad7 |
|
| /// File Name: |
zodiac-0.4.9.tar.gz |
Description:
|
Zodiac is a portable, extensible and multithreaded DNS tool. It is meant to be used as a DNS packet monitor and DNS protocol test and debuging tool. It's basic features are: sniffing of DNS datagrams on an ethernet device, decoding of all types of DNS packets, including safe decompression (partly finished, SOA record are, for example, not decoded yet), nice display and gui, if you like ncurses and text based frontends, always interactive in all situations through built in command line, threaded and flexible design. Advanced features include: local DNS spoof handler, jizz DNS spoof, exploiting a weakness in old bind implementations, determines jizz-weakness, id-prediction and resolver type remotely, id spoofing, exploiting a weakness in the dns protocol itself, implements some advanced DNS denial of service attacks, including flood, label compression and unres attack, advanced DNS smurf.
| | Author: | Scut | | Homepage: | http://www.team-teso.net | | Changes: | Now runs on *BSD, and fixed some bugs. | | File Size: | 67620 | | Last Modified: | Jun 19 01:28:29 2000 |
| MD5 Checksum: | 9cca1d25152f969e0e28db1d1cc9a4e7 |
|
| /// File Name: |
bsyrin1.zip |
Description:
|
Buffer Syringe is a tool for checking servers/daemons (e.g. ftp) for buffer overflow(s) on given parameter(s) (a stress tool if you may). It has a flexible configuration file where you input the parameters needed to run the program and it logs sessions to textfile for easy viewing and printing.
| | Author: | Digital Monkey | | File Size: | 24821 | | Last Modified: | Apr 17 17:48:54 2000 |
| MD5 Checksum: | 7c18e001b401c47b2eb6f113cc730c42 |
|
| /// File Name: |
its4-1.0.1.tgz |
Description:
|
ITS4 is a command-line tool for statically scanning C and C++ source code for security vulnerabilities. ITS4 scans through source code for potentially dangerous function calls that are stored in a database. Anything that is in the database gets flagged. ITS4 tries to automate a lot of the grepping usually done by hand when performing security audits.
| | Author: | John Viega | | Homepage: | http://www.rstcorp.com/its4/ | | Changes: | Added support for Visual C++ 5.0 and later, Added GNU getopt to the distribution, license changes, portability fixes. | | File Size: | 56047 | | Last Modified: | Feb 24 16:28:49 2000 |
| MD5 Checksum: | 659c18b10012a4ae6f71073bc578e088 |
|
| /// File Name: |
trypop3.c |
Description:
|
Some code I put together to do some testing on the POP3 daemons on some machines installed at work. Attempts to overflow user/password variables.
| | Author: | Missinglnk | | Homepage: | http://tribune.intranova.net/archives/ | | File Size: | 8957 | | Last Modified: | Feb 22 20:30:56 2000 |
| MD5 Checksum: | 1eed4e6879bc0653eaa3935f370ec9aa |
|
| /// File Name: |
its4-1.0.tgz |
Description:
|
ITS4 is a command-line tool for statically scanning C and C++ source code for security vulnerabilities. ITS4 scans through source code for potentially dangerous function calls that are stored in a database. Anything that is in the database gets flagged. ITS4 tries to automate a lot of the grepping usually done by hand when performing security audits.
| | Author: | John Viega | | Homepage: | http://www.rstcorp.com/its4/ | | File Size: | 44742 | | Last Modified: | Feb 22 14:20:47 2000 |
| MD5 Checksum: | bcf4c815b8d6d114e98b78e8db03141d |
|
| /// File Name: |
pidentd-3.0.10.tar.gz |
Description:
|
Pidentd v3 is a much improved version of the original Ident daemon both in terms of speed, code quality and features. Features include multithreading, a "configure" script, startup autodetection, much clearer/rewritten C code, doesn't run as root after startup, has a configuration file and can be started from /etc/inittab (on systems using a SysV init).
| | Author: | Peter Eriksson | | Homepage: | http://sf.www.lysator.liu.se/~pen/pidentd/ | | Changes: | Solaris 8 support, a bugfix with a missing setsid() call causing Pidentd to terminate when running as a standalone daemon, and support for using /dev/random (on Linux) for encryption key generation. | | File Size: | 109746 | | Last Modified: | Jan 18 13:33:41 2000 |
| MD5 Checksum: | cac1118987ce2721982616599c096b0a |
|
| /// File Name: |
zodiac-0.4.6.tar.gz |
Description:
|
Zodiac is a portable, extensible and multithreaded DNS tool. It is meant to be used as a DNS packet monitor and DNS protocol test and debuging tool. It's basic features are: sniffing of DNS datagrams on an ethernet device, decoding of all types of DNS packets, including safe decompression (partly finished, SOA record are, for example, not decoded yet), nice display and gui, if you like ncurses and text based frontends, always interactive in all situations through built in command line, threaded and flexible design. Advanced features include: local DNS spoof handler, jizz DNS spoof, exploiting a weakness in old bind implementations, determines jizz-weakness, id-prediction and resolver type remotely, id spoofing, exploiting a weakness in the dns protocol itself, implements some advanced DNS denial of service attacks, including flood, label compression and unres attack, advanced DNS smurf.
| | Author: | Scut | | Homepage: | http://www.packetfactory.net/zodiac/ | | File Size: | 67197 | | Last Modified: | Dec 30 21:15:09 1999 |
| MD5 Checksum: | b4879fd854efa41ed52aef5bd8522b4c |
|
| /// File Name: |
tara-2.0.9.tar.gz |
Description:
|
Tiger Analytical Research Assistant (TARA) is an upgrade to the TAMU 'tiger' program. At the time TARA was created, tiger hadn't been updated for several years.... however tiger is now being maintained (see below). There were numerous changes made to the 'systems' directories. Output was streamlined to provide a more readable report file. Also, minor bugs in the 'scripts' directory were corrected. TARA was tested under Red Hat Version 5.x, 6.x, SGI IRIX 5.3, 6.x, and SunOS 5.x. This upgrade was performed by the Advanced Research Corporation under a contract from the the United States Government. (WHAT?) These scripts basically check common localhost security issues such as filesystem permissions, suid executables, path security violations, etc.
| | Homepage: | http://home.arc.com/tara/index.html | | File Size: | 355267 | | Last Modified: | Dec 11 16:01:51 1999 |
| MD5 Checksum: | c1c7c81d0591cb6fe64ec7627c90ac86 |
|
| /// File Name: |
bindinfo.c |
Description:
|
Bindinfo v1.01: allows root to make DNS queries behind firewalls. Works on Solaris, OpenBSD.
| | Author: | Joshua James Drake | | File Size: | 10890 | | Last Modified: | Sep 29 16:06:53 1999 |
| MD5 Checksum: | 063e41e6f5018c2d3112340138f20628 |
|
| /// File Name: |
zodiac-0.2.25.tar.gz |
Description:
|
Zodiac is a portable, extensible and multithreaded DNS tool. It is meant to be used as a DNS packet monitor and DNS protocol test and debuging tool. It's basic features are: sniffing of DNS datagrams on an ethernet device, decoding of all types of DNS packets, including safe decompression (partly finished, SOA record are, for example, not decoded yet), nice display and gui, if you like ncurses and text based frontends, always interactive in all situations through built in command line, threaded and flexible design. Advanced features include: local DNS spoof handler, jizz DNS spoof, exploiting a weakness in old bind implementations, determines jizz-weakness, id-prediction and resolver type remotely, id spoofing, exploiting a weakness in the dns protocol itself, implements some advanced DNS denial of service attacks, including flood, label compression and unres attack, advanced DNS smurf.
| | Author: | scut smiler | | File Size: | 41549 | | Last Modified: | Sep 27 16:52:21 1999 |
| MD5 Checksum: | 4c90a5a527abca8c47f7bbcd48429000 |
|
| /// File Name: |
zylyx-0.1.1.tar.gz |
Description:
|
Zylyx 0.1.1. Zylyx is a multiple purpose http url locator, which is able to find files that would be otherwise lost. it tries to find files within the caches of http proxies that are no longer existent on their original location. to do this it spawns a number of subprocesses which each connect to a proxy server and try to retrieve the original url. if the proxy doesn't have the file it fails, else the subprocess returns the file location.
| | Author: | teso | | File Size: | 21766 | | Last Modified: | Sep 27 16:51:25 1999 |
| MD5 Checksum: | 476c506dde6c12fafd58528cc39e29f8 |
|
| /// File Name: |
cops_dan_farmer.txt |
Description:
|
Cops and Robbers.
| | Author: | Dan Farmer | | File Size: | 36020 | | Last Modified: | Aug 16 20:05:00 1999 |
| MD5 Checksum: | eb12b6db7883146ec698e5aefc2c816a |
|
| /// File Name: |
ipmeter-0.9b-19990616.tar.gz |
Description:
|
IPmeter 0.9b - IPmeter is a network usage metering and billing application for IP traffic. The IPmeter system integrates network flows from metering nodes and uses this transaction data to generate graphical usage reports. IPmeter is designed to serve the needs of the Internet Presence Provider (IPP) market. However, IPmeter may also be deployed as a security auditing tool or as an enterprise network accounting application.
| | Author: | IP23 | | Changes: | First public announcement. | | File Size: | 2088571 | | Last Modified: | Aug 16 20:05:00 1999 |
| MD5 Checksum: | 6db1b1403d95ccda8d9e64464af41766 |
|
| /// File Name: |
ipmeter-0.9b-19990615.tar.gz |
Description:
|
IPmeter 0.9b - IPmeter is a network usage metering and billing application for IP traffic. The IPmeter system integrates network flows from metering nodes and uses this transaction data to generate graphical usage reports. IPmeter is designed to serve the needs of the Internet Presence Provider (IPP) market. However, IPmeter may also be deployed as a security auditing tool or as an enterprise network accounting application.
| | Author: | IP23 | | Changes: | First public announcement. | | File Size: | 2088561 | | Last Modified: | Aug 16 20:04:59 1999 |
| MD5 Checksum: | c37d08f2bf7fe9606ed76f6ca3cd2952 |
|
| /// File Name: |
ipmeter-0.9b-19990614.tar.gz |
Description:
|
IPmeter 0.9b - IPmeter is a network usage metering and billing application for IP traffic. The IPmeter system integrates network flows from metering nodes and uses this transaction data to generate graphical usage reports. IPmeter is designed to serve the needs of the Internet Presence Provider (IPP) market. However, IPmeter may also be deployed as a security auditing tool or as an enterprise network accounting application.
| | Author: | IP23 | | Changes: | First public announcement. | | File Size: | 2088125 | | Last Modified: | Aug 16 20:04:57 1999 |
| MD5 Checksum: | 80cb4bbb1c5fecb02f5ffd188521152a |
|
| /// File Name: |
ipmeter-0.9b-19990613.tar.gz |
Description:
|
IPmeter 0.9b - IPmeter is a network usage metering and billing application for IP traffic. The IPmeter system integrates network flows from metering nodes and uses this transaction data to generate graphical usage reports. IPmeter is designed to serve the needs of the Internet Presence Provider (IPP) market. However, IPmeter may also be deployed as a security auditing tool or as an enterprise network accounting application.
| | Author: | IP23 | | Changes: | First public announcement. | | File Size: | 2088130 | | Last Modified: | Aug 16 20:04:56 1999 |
| MD5 Checksum: | f27278daff97c5e59052642d792cc1ba |
|
| /// File Name: |
confcollect-0.1d.tar.gz |
Description:
|
confcollect 0.1d - confcollect gathers information about the system on which it is installed and sends that information to an administrator via e-mail. The entire /etc directory tree is sent along with, optionally, the network interface configuration, routing tables and ipfwadm rules present when the script was run. It can also create and send a list of all installed packages on the system (RPMs only).
| | Author: | Eddie Olsson | | Changes: | Added support for ipchains. | | File Size: | 8425 | | Last Modified: | Aug 16 20:04:54 1999 |
| MD5 Checksum: | e3aeb2d0b91db9fa74980b4b7cbc96bf |
|
| /// File Name: |
ipfm-0.8.1.tgz |
Description:
|
IP Flow Meter (ipfm) is a bandwidth analysis tool that counts how the number of bytes each host on specified subnets transfers to internet gateways. It outputs a list of these hosts and their transfer amounts at specified delays. IPFM uses libpcap and aims to be portable.
| | Author: | Robert Cheramy,Andres Krapf | | Changes: | quick bugfix in ipfm.conf.sample. | | File Size: | 18842 | | Last Modified: | Aug 16 20:04:54 1999 |
| MD5 Checksum: | ac1ae8ab63309dd9c559ed433c050285 |
|
|
|
|
|
![.:[ packet storm ]:.](/images/ps-ani.gif)
