Section: .. / linux / security /
| /// File Name: |
DumpRam.c |
Description:
|
A simple tool for Linux that allows the dumping of all physical memory (RAM).
| | Author: | WarGame | | File Size: | 1722 | | Last Modified: | Feb 26 19:15:18 2008 |
| MD5 Checksum: | 9226efe8cb4cc30143ed8d879af57099 |
|
| /// File Name: |
elfcmp-1.0.0.tar.gz |
Description:
|
Elfcmp compares running processes to the their respective binary image to ensure that the process image in memory has not been tampered with after execution. This is useful for security auditing, as other methods that rely strictly on checking disk image checksums are not reliable if only the process image is being tampered with.
| | Author: | Matt Miller | | Homepage: | http://www.hick.org/code.html | | File Size: | 4084 | | Last Modified: | Oct 21 13:24:01 2003 |
| MD5 Checksum: | ae293e91272d71698449a807ba109057 |
|
| /// File Name: |
elfdoctor.c |
Description:
|
Scanner to look up infection techniques that can be used in ELF modules. Includes function hijacking, relocation files, etc. Runs on linux 2.4.X.
| | Author: | Pluf | | File Size: | 6983 | | Last Modified: | Sep 6 17:59:26 2003 |
| MD5 Checksum: | db05d4c0327d757747a9d31ff7f6a0ac |
|
| /// File Name: |
enforcer-0_3_ALPHA.tar.gz |
Description:
|
Enforcer is a Linux security module designed to help improve integrity by providing a subset of Tripwire-like functionality with a LKM. It runs continuously and as each protected file is opened its SHA1 is calculated and compared to a previously stored value. The Enforcer can integrate with TCPA hardware to provide a secure boot when booted with a TCPA enabled boot loader.
| | Homepage: | http://enforcer.sourceforge.net | | Changes: | This release only works with 2.6+ because updates were made to take advantage of Linux 2.6+ kernel features such as native kernel crypto and the new build system. Some bugs were squashed, and some features were added. A user-space helper was written to mount an encrypted loopback filesystem where the encryption key is the secret protected by the TPM. Some stand alone programs that implement TCPA functions such as MakeIdentity, CertifyKey, etc. were written. | | File Size: | 249755 | | Last Modified: | Dec 14 17:53:56 2003 |
| MD5 Checksum: | bfb914e98cf37292ffa871337b3f58f2 |
|
| /// File Name: |
envcheck.tgz |
Description:
|
Klogd Local Exploit. Envcheck is a Linux kernel module which detects and prevents exploitation of the recent glibc vulnerabilities by intercepting the execve system call and sanitising the enviroment passed. At the cost of a very small performance penalty, it has advantages over a glibc upgrade, including logging of exploit attempts, it works with statically linked binaries, it is transparent to applications that may be sensitive to a change of glibc, and it partially protects libc5.
| | Author: | Lionel Cons | | Homepage: | http://c.home.cern.ch/c/cons/www/security/ | | File Size: | 6481 | | Last Modified: | Sep 13 16:40:21 2000 |
| MD5 Checksum: | f094b9437a462e5c8b6ef4b047751b0e |
|
| /// File Name: |
exitwound.tgz |
Description:
|
exitwound is a ptrace shared library redirection backdoor that is based on the technique described in Phrack 59-8. It attempts to redirect certain string handling routines commonly used in Internet services to trapdoored functions which yield a connect back shell on a specifically constructed passphrase. The benefits of this lie in the fact that no extra malicious processes or listening ports are needed, avoiding crude forms of forensic analysis.
| | Author: | salvia twist | | Homepage: | http://hack.batcave.net/ | | File Size: | 7219 | | Last Modified: | Aug 10 17:52:36 2003 |
| MD5 Checksum: | bd2c6717a90b9ab4bff89fab73ea1368 |
|
| /// File Name: |
ext2hide-0.99.9.tar.gz |
Description:
|
ext2hide allows the user to save and restore an arbitrary number of files to and from the reserved space in an ext2/3 filesystem's primary and backup superblocks. Using ext2hide, you can use this reserved section to store an arbitrary number of files, where they will be completely invisible to normal filesystem utilities, but still residing in permanent storage on disk. This can be useful for passwords, public keys, anything you like.
| | Author: | Jason McManus | | Homepage: | http://sourceforge.net/projects/ext2hide/ | | File Size: | 34579 | | Last Modified: | Apr 10 20:27:03 2006 |
| MD5 Checksum: | 5fad72166dbdf5efe539ab97337fb75d |
|
| /// File Name: |
fpf.tar.gz |
Description:
|
FPF is a lkm for Linux which changes the TCP/IP stack in order to emulate other OS's TCP fingerprint. The package contains the lkm and a parser for the nmap file that let you choose directly the os you want.
| | Author: | Fusys, Cyrax | | Homepage: | http://www.pkcrew.org | | File Size: | 6456 | | Last Modified: | Dec 2 21:10:23 2000 |
| MD5 Checksum: | 96e0d902d790672c9e645fca88cc09e7 |
|
| /// File Name: |
grsecurity-1.9.14-2.4.24.patch |
Description:
|
A new grsecurity patch has been released for the 2.4.25 Linux kernel series. It implements a detection/prevention/containment strategy. It prevents most forms of address space modification, confines programs via its Role-Based Access Control system, hardens syscalls, provides full-featured auditing, and implements many of the OpenBSD randomness features. It was written for performance, ease-of-use, and security. The RBAC system has an intelligent learning mode that can generate least privilege policies for the entire system with no configuration. All of grsecurity supports a feature that logs the IP of the attacker that causes an alert or audit.
| | Author: | spender | | Homepage: | http://www.grsecurity.net | | File Size: | - | | Last Modified: | Remote File |
| MD5 Checksum: | - |
|
| /// File Name: |
grsecurity-2.1.8-2.4.32-20060121164..> |
Description:
|
A new grsecurity patch has been released for the 2.4.32 Linux kernel series. It implements a detection/prevention/containment strategy. It prevents most forms of address space modification, confines programs via its Role-Based Access Control system, hardens syscalls, provides full-featured auditing, and implements many of the OpenBSD randomness features. It was written for performance, ease-of-use, and security. The RBAC system has an intelligent learning mode that can generate least privilege policies for the entire system with no configuration. All of grsecurity supports a feature that logs the IP of the attacker that causes an alert or audit.
| | Author: | spender | | Homepage: | http://www.grsecurity.net | | File Size: | 151780 | | Last Modified: | Jan 27 15:07:40 2006 |
| MD5 Checksum: | 77e5fd7d8bb0eeb8ed8e9d0a4bff5cde |
|
| /// File Name: |
grsecurity-2.1.8-2.6.14.6-200601211..> |
Description:
|
A new grsecurity patch has been released for the 2.6.14.6 Linux kernel series. It implements a detection/prevention/containment strategy. It prevents most forms of address space modification, confines programs via its Role-Based Access Control system, hardens syscalls, provides full-featured auditing, and implements many of the OpenBSD randomness features. It was written for performance, ease-of-use, and security. The RBAC system has an intelligent learning mode that can generate least privilege policies for the entire system with no configuration. All of grsecurity supports a feature that logs the IP of the attacker that causes an alert or audit.
| | Author: | spender | | Homepage: | http://www.grsecurity.net | | File Size: | 165773 | | Last Modified: | Jan 27 15:11:04 2006 |
| MD5 Checksum: | 327972c2f4e8fab890f58d67bb69e77f |
|
| /// File Name: |
grsecurity-2.1.9-2.4.33.2-200608231..> |
Description:
|
A new grsecurity patch has been released. It implements a detection/prevention/containment strategy. It prevents most forms of address space modification, confines programs via its Role-Based Access Control system, hardens syscalls, provides full-featured auditing, and implements many of the OpenBSD randomness features. It was written for performance, ease-of-use, and security. The RBAC system has an intelligent learning mode that can generate least privilege policies for the entire system with no configuration. All of grsecurity supports a feature that logs the IP of the attacker that causes an alert or audit.
| | Author: | spender | | Homepage: | http://www.grsecurity.net | | File Size: | 162213 | | Last Modified: | Aug 27 02:37:37 2006 |
| MD5 Checksum: | de2c3d1c8733bafe8b9a7d4db0eccc82 |
|
| /// File Name: |
gspy-0.1.2-src.tar.gz |
Description:
|
Gspy retrieves images from a video4linux device and processes these into a daily mpeg movie on the disk drive. Each image is recorded with a time stamp to insure accurate real world correlation. Special motion detection algorithms are used to reduce the size of the daily movies by eliminating pictures with similar content as well as the normal compression obtained via the mpeg process. The result is a time lapse video per day with nonlinear time compression using only the images of interest. Screenshot available here.
| | Author: | Lawrence P. Glaister | | Homepage: | http://gspy.sourceforge.net | | File Size: | 145920 | | Last Modified: | Jul 22 00:26:36 2000 |
| MD5 Checksum: | 48e012647be50f3b40f1dc5039a4dd5a |
|
| /// File Name: |
imsafe-full-0.2.2.tar.gz |
Description:
|
Imsafe is a host-based intrusion detection tool for Linux which does anomaly detection at the process level and tries to detect various type of attacks. Since Imsafe doesn't know anything about specific attacks, it can detect unknown and unpublished attacks or any other form of malicious use of the monitored application. Created for Linux systems but works on almost every UNIX flavor by watching strace outputs. Screenshots available here. Warning: Still in alpha.
| | Homepage: | http://imsafe.sourceforge.net | | File Size: | 561021 | | Last Modified: | Feb 26 03:48:51 2001 |
| MD5 Checksum: | f81f500184bfe3ac5785abd2cf1dd377 |
|
| /// File Name: |
ip_scfw-0.9.1.tar.gz |
Description:
|
The SYN cookie firewall implements syn cookie syn flood protection on all hosts behind it. Contains a patch to Linux kernel 2.2.17 and an administration tool.
| | Homepage: | http://www.bronzesoft.org/projects/scfw | | File Size: | 18678 | | Last Modified: | Oct 21 03:02:27 2000 |
| MD5 Checksum: | 35b808ade7e0faa9571b7feb2fb0c5c4 |
|
| /// File Name: |
ippersonality-20000727-2.4.0-test4...> |
Description:
|
The Linux IP Personality patch fools OS detection by changing some characteristics of the network traffic. Among the things that can be changed are the TCP Initial Sequence Number (ISN), TCP initial window size, TCP options (their types, but also their order in the packet), answers to some pathological TCP packets, and answers to some UDP packets.
| | Author: | Gael Roualland | | Homepage: | http://ippersonality.sourceforge.net | | File Size: | 208892 | | Last Modified: | Jul 27 22:37:34 2000 |
| MD5 Checksum: | 00fe261a0a8609e014e586d7f22b77b0 |
|
| /// File Name: |
ippersonality-20010724-2.4.7.tar.gz |
Description:
|
The IP Personality project is a patch to Linux 2.4 kernels that adds netfilter features: it enables the emulation of other OSes at network level, thus fooling remote OS detection tools such as nmap that rely on network fingerprinting. The characteristics that can be changed are TCP Initial Sequence Number (ISN), TCP initial window size, TCP options (their types, values and order in the packet), IP ID numbers, answers to some pathological TCP packets, and answers to some UDP packets.
| | Author: | Gael Roualland and Jean-Marc Saffroy | | Homepage: | http://ippersonality.sourceforge.net | | Changes: | This release adds new manglings to fool latest versions of nmap (2.54BETA), and has lots of code improvement. Ported to kernel v2.4.7. | | File Size: | 150069 | | Last Modified: | Jul 29 05:22:40 2001 |
| MD5 Checksum: | 47004368805cffd9ff53ac4079961c9b |
|
| /// File Name: |
ippersonality-20020427-2.4.18.tar.g..> |
Description:
|
The IP Personality project is a patch to Linux 2.4 kernels that adds netfilter features: it enables the emulation of other OSes at network level, thus fooling remote OS detection tools such as nmap that rely on network fingerprinting. The characteristics that can be changed are TCP Initial Sequence Number (ISN), TCP initial window size, TCP options (their types, values and order in the packet), IP ID numbers, answers to some pathological TCP packets, and answers to some UDP packets.
| | Author: | Gael Roualland and Jean-Marc Saffroy | | Homepage: | http://ippersonality.sourceforge.net | | Changes: | Ported to Linux 2.4.18 / iptables 1.2.2. | | File Size: | 8742 | | Last Modified: | May 27 04:41:39 2002 |
| MD5 Checksum: | 881fec3573f5810dc722bb1fd96fc970 |
|
| /// File Name: |
iptrap-0.2.tar.gz |
Description:
|
IPtrap listens to several TCP ports to simulate fake services (X11, Netbios, DNS, etc) . When a remote client connects to one of these ports, his IP address gets immediately firewalled and an alert is logged. It runs with iptables and ipchains, but any external script can also be launched. IPv6 is supported.
| | Homepage: | http://www.jedi.claranet.fr | | File Size: | 85904 | | Last Modified: | May 2 22:30:16 2001 |
| MD5 Checksum: | c22367c11e2ee3494b468bb59acd0b0d |
|
| /// File Name: |
iptrap-0.3.tar.gz |
Description:
|
IPtrap listens to several TCP ports to simulate fake services (X11, Netbios, DNS, etc) . When a remote client connects to one of these ports, his IP address gets immediately firewalled and an alert is logged. It runs with iptables and ipchains, but any external script can also be launched. IPv6 is supported.
| | Homepage: | http://www.jedi.claranet.fr | | Changes: | Logging the scanned port, and no more iptables/ipchains zombies. | | File Size: | 86155 | | Last Modified: | May 3 17:38:22 2001 |
| MD5 Checksum: | 5581b89f08d851939c9cbdd38f3358eb |
|
| /// File Name: |
Kfence.c |
Description:
|
Kfence provides kernel protection against basic exploitation techniques, including stack and heap overflows and format string exploits, by patching /dev/kmem and redirecting system_call to test if the eip of the caller is in the wrong memory region. Tested on Linux kernels 2.4.18-14 and 2.4.7-10.
| | Author: | ins1der | | File Size: | 6099 | | Last Modified: | Aug 10 18:21:17 2003 |
| MD5 Checksum: | c12aadfde8374d961c43c9fb2309870d |
|
| /// File Name: |
kfencev1.2.c |
Description:
|
Kfence version 1.2 provides kernel protection against basic exploitation techniques, including stack and heap overflows and format string exploits, by patching /dev/kmem and redirecting system_call to test if the eip of the caller is in the wrong memory region.
| | Author: | ins1der | | Changes: | Added .bss exec protection, simplified shellcode, added a better struct extraction method, added support for all 2.2.x and 2.4.x kernels. | | File Size: | 7275 | | Last Modified: | Aug 25 23:27:17 2003 |
| MD5 Checksum: | 9aa3ccf1a93852710026277cd614db63 |
|
| /// File Name: |
klgr.tgz |
Description:
|
klgr is a basic keylogger for Linux that loads as a module, but will hide from lsmod.
| | Author: | LynX | | Homepage: | http://rootteam.void.ru | | File Size: | 8597 | | Last Modified: | Apr 27 19:06:55 2003 |
| MD5 Checksum: | 0b56b0ecae612a6c4e8e8118112ff3c0 |
|
| /// File Name: |
Komahayown-0.2b.tgz |
Description:
|
Komahayown is a utility that makes use of the Syscall proxying idea using shellcodes. Instructions are in Spanish.
| | Author: | Matias Sedalo | | Homepage: | http://www.shellcode.com.ar | | File Size: | 70236 | | Last Modified: | May 28 03:34:12 2003 |
| MD5 Checksum: | 80276e945e930c244d18f1bce06d87fa |
|
|
|
|
|
![.:[ packet storm ]:.](/images/ps-ani.gif)
