spidernet uses a network of host-based IDS and a logging monitor that allows to watch a large amount of remote systems for file changes of a defined list of files and for promisc network interfaces. Sessions are strongly encrypted with cast, and checksums are generated using the reliable md5 algorithm.
baf7f2637c9eb566884edd1a273592dc130ba3738d83a677d39d9c9321a2624eSynnergy Networks msadc scanner - This is just a basic string scanner that happens to scan for the msadc module string.
43eb2a907f3b1f2f09d00bfb5c51fe0347776efd1e8c47248536521263f254a9PIKT, an innovative new paradigm for administering heterogeneous networked workstations, is a multi-functional tool for monitoring systems, reporting and fixing problems, and managing system configurations. PIKT is quickly gathering potential as a serious security management system. PIKT comprises an embedded scripting language with unique, labor-saving features.
4cea49c0e7a805248c463412ea01be2ffc723bb144ba5eb3d5f9e9bfdccbe2e1Dragonmount Networks Advisory - DNA1999-002 Fictional Daemon (an FTP and telnet server) contains several security problems including possible DOS attacks, probably remote execution of code, and poor logging practices. In addition, any user with write permission can retrieve or delete any file on the system, even above the root directory.
f35dfe1dd5a0a5d04eff0de52b28e065943dab9688194e2f0a7b1e8f3f4c1858Cgichk CGI scanner written in perl, modified to scan class C networks.
a2deef6877725c7e9fcb795b34cb047f02ff094e77ea7e2c3c29e120bb867767Msadc scanner written in C.
79fcfe1da03fa9b25d2da57eeaad62b81849b49f5fec6f829e047412a40e6b64It was found that few of IRCnet's ircd's with +topic module can be rebooted remotely. This has already been abused in the ircnet community, and ircd has been patched, however some ircnet servers are still vulnerable.
e29ff3df62bf3c6697a8ca3f13ef886811d1027e78c5f84035de65f98d8335c5LCAP allows a system administrator to remove specific capabilities from the kernel in order to make the system more secure. LCAP modifies the value in the sysctl file /proc/sys/kernel/cap-bound. "Capabilities" are a form of kernel-based access control. Linux kernel versions 2.2.11 and greater include the idea of a "capability bounding set," a list of capabilities that can be held by any process on the system. If a capability is removed from the bounding set, the capability may not be used by any process on the system (even processes owned by root).
79f1cab11a97386dfb1abb7ee35c06024cbbb328c3e9ac3d07ca56306a7a9baelidentd is an identd replacement with many features including fake users, random fake users, restricted fake user responses, matching against the passwd file for fake responses and more.
4256d36832606e5c8db053e57e99d69447bb373ecd9b63e2c14006869aee8898Network Promiscuous Ethernet Detector, rewriten with Libnet/libpcap so it works on FreeBSD, OpenBSD, and linux, possibly more. neped scans your subnet and detects promiscuous boxes that might be running sniffers or similar applications, using hacked ARPs (non broadcast), only listened by promiscuous ethernets.
13ae8d3a11fae60402ab6957375f70e36f63594d0a78cf2adabdb15ea22ae9fbBased on my neped-libnet source, just figures out what boxens in your lan run IP stack and are in the same subnet with you.
8c962758543cf1efe692d94441b24554c815e04aa8d5b7945d7c03c243946076nmap is a utility for port scanning large networks, although it works fine for single hosts. Sometimes you need speed, other times you may need stealth. In some cases, bypassing firewalls may be required. Not to mention the fact that you may want to scan different protocols (UDP, TCP, ICMP, etc.). You just can't do all this with one scanning mode. And you don't want to have 10 different scanners around, all with different interfaces and capabilities. Thus I incorporated virtually every scanning technique I know into nmap. Added about 70 new OS fingerprints so that Nmap can detect more systems. The most important new fingerprints are probably: The new SP5+ NT boxes, Solaris 8, Sega Dreamcast, Latest Windows 2000 builds, OpenBSD 2.6. RPM available here.
ab3c7adff9ecf67b09ce4a6bc878078e7f8554a9a12ca505e46fa0b8657f539elogarp is a small perl script which uses tcpdump to grab ethernet and source IP addresses. It runs on the system "learning" these addresses, and logging ether/ip address mismatches. It monitors ethernet/IP address mapping and generates a list of mismatches to stdout. Useful for seeing if users on your subnet are "stealing" IP addresses. Alpha code! Requires perl and tcpdump.
eff82dae68188a5bb682e5dca584a373ac7fa8d042ae23a730b63039727f06fbAnalyze your syslogs for security or system problems by creating a list of normal behaviour to ignore; everything else is something you should be aware of. Requires perl 5.
a4626676b5ffe216cedb28247dbad441c03e97009db3d8215c2b82542511f0danullidentd is a minimal identd server. All identd requests are responded to with the same (false) answer. It is intended as a very small (possibly secure) daemon to run on a firewall for connections to servers that use identd responses.
b72f3c74a2a1fa71f4c4a3ec2391f50d0b3137f0bcd823382cc8bf192cc5d37aSends message to everyone on unix system via syslog().
8b460aeffee0803febdf2426c780562770f36304c6fde34be6c55959b72a02e2Sadmind exploit stack pointer brute forcer, just ./sadmindex-brute-lux [arch] <host> and it will brute force the stack pointer, it'll output a message on success and open ingreslock (1524) on the remote computer. This brute forcer requires sadmind exploit by Cheez Whiz.
47d1a23069a0a1db17c1736077ea9a0d65c18f7e0bdfde9047857cbf06ed6867Arpwatch is a tool that monitors ethernet activity and keeps a database of ethernet/ip address pairings. It also reports certain changes via email. Arpwatch requires tcpdump and libpcap. Includes FDDI support, updated ethercodes, uses autoconf.
3ad19c0405230a790331cda32a40cece162ad3129e048ce222e356e6ab485d01
© 2024 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed