nabou is a Perl script which can be used to monitor changes to your system. It provides file integrity checking, and can also watch crontabs, suid files and user accounts for changes. It stores all data in standard dbm databases.
019b0c4dee7550c6cd0751b626165a3f55bc4f61a5fa7c5625819d3ea3b8b49aAIDE (Advanced Intrusion Detection Environment) is a free replacement for Tripwire(tm). It generates a database that can be used to check the integrity of files on server. It uses regular expressions for determining which files get added to the database. You can use several message digest algorithms to ensure that the files have not been tampered with.
5dee27d47207ca133a301e18c0c59bdc2abb08a2b906b1261ed19d9c6c13340fIP Accounter is an IP accounting package for Linux. It collects, summarizes, and nicely displays IP accounting data. Its output can be a simple ASCII table, or graph images. Ipchains and iptables are supported. Logs are stored in files, gdbm, or even a PostgreSQL database.
53d7f202df6fa533fc715c38574675eadbdeca3a0da22b676bbee3cf54363162Samhain is a file system integrity checker that can be used as a client/server application for centralized monitoring of networked hosts. Databases and configuration files can be stored on the server. In addition to forwarding reports to the log server via authenticated TCP/IP connections, several other logging facilities (e-mail, console, tamper-resistant log file, and syslog) are available. Tested on Linux, AIX 4.1, HP-UX 10.20, Unixware 7.1.0, and Solaris 2.6.
57915adfc75ee9222a4ef5b77baf86b7129924b58636c1b09870321da5661fc8Snort-rep is a Snort reporting tool that can produce text or HTML output from a syslog snort log file. It is intended to be used for daily e-mail reports to the system administrators. If snort v1.8+ is used, all reports contain priority information, and the HTML output contains direct links to the IDS descriptions of whitehats.com.
44f8754a53bd1c55c9085fec01fe3be5f8a6c13d2fa786514054627fc6cad946The Anomy mail sanitizer is a filter designed to block email-based attacks such as trojans and viruses. It reads an RFC822 or MIME message and removes or renames attachments, truncate unusually long MIME header fields and sanitizes HTML by disabling Javascript and Java. It uses a single-pass pure Perl MIME parser, which can make it both more efficient and more precise than other similar programs and has built-in support for third-party virus scanners.
448ebf7e7ba5a70a0fb1c549472d2079623c957c7c24895c5661cdc5660255d1The goal of FireStarter is to provide an easy to use, yet powerful, GUI tool for setting up, administrating and monitoring firewalls for Linux machines. FireStarter is made for the GNOME desktop. It can actively monitor your firewall and list any unauthorized connection attempts made to your machine in a readable table format.
50c3bb56fe3aac1cb63f0bde11be2dcb177d034c174ffeb77b23b6df9619e97fMIME Defanger is a flexible MIME e-mail scanner designed to protect Windows clients from viruses and other harmful executables. It works with Sendmail 8.11 / 8.12 and will alter or delete various parts of a MIME message according to a flexible configuration file.
71296584b2f196f5e90a35058fa920d1088fc2ff8c46c80919e6749385126716Outlook Web Access v5.5 SP4 and below contains a vulnerability which allows remote users to view files in the directory /lib. Several files can be viewed.
8c7dc9af27e85a64ba81631abf2529c58b7a940d065c1225988bae3eeb1a932eThe Phusion Webserver v1.0 for Windows 9x/NT/2000 contains three remote vulnerabilities which allow users to see and retrieve any file on the server. Exploit information included.
803f44e633274876ffbcfb29b2146327c1f1601a0dfad1a62a327fe9914c10b2Win32 port of RATS v1.3, a security auditing utility for C, C++, Python, Perl and PHP code. Source available on homepage. Added recursive directory scanning while porting.
6cd4590bbf81dfb9a02353d40417f518f8b432a5d29fa31ef218ffa0e478d1c6Microsoft Security Advisory MS02-006 - A buffer overrun is present in all implementations of Microsoft SNMP services. Sending a malformed management request to a system running an affected version of the SNMP service, an attacker can execute code of his choice in the LocalSystem context or cause denial of service. A patch is under development to eliminate the vulnerability. In the meantime, Microsoft recommends that customers who use the SNMP service disable it. Microsoft FAQ on this issue available here.
7304dc6744937a8448ea65ff5c97d203fcd636643ccba425a0f43e66c631932fMicrosoft Security Advisory MS02-005 - A cumulative patch for IE 5.01, 5.5, and 6.0 is available which fixes six security vulnerabilities. Several of them are very serious. Microsoft FAQ on this issue available here.
9b54f193cdc4f9515a07af66bb266947fd08b7e3b1aeb50eb5602e169c5e760cPatch against samba 2.2.2 which allows mounting of unpatched win 9x+me machines without knowing the password. There is an option to retrieve the password very quickly too, and another to switch between the two password if both read only and read-write ones are presents.
abb2ee0f8ddd2bad2811f283572a75c9f79c45d05546be94f9919f5d6ec132aeNSAT (Network Security Analysis Tool) is a fast, stable bulk security scanner designed to audit remote network services and check for versions, security problems, gather information about the servers and the machine and much more. Unlike many other auditing tools, it can collect information about services independently of vulnerabilities, which makes it "timeless", meaning it doesn't depend on frequent updates as new vulnerabilities are found.
f229b7ddb5745a46d6b3ba6917503f79c7fde08d0df8fb0fb1473e5ab06b17fcSNScan v1.04 is a Windows GUI SNMP detection utility that can quickly and accurately identify SNMP enabled devices on a network. This utility can effectively indicate devices that are potentially vulnerable to SNMP related security threats. SNScan allows for the scanning of SNMP specific ports (e.g. UDP 161, 193, 391 and 1993) and the use of standard (i.e. "public") and non-standard (i.e. user-defined) SNMP community names. User defined community names may be used to more effectively evaluate the presence of SNMP enabled devices in more complex networks.
25db527b88761f7b1fe8253afd030667ba1828c7602d33bfc118f16416509e9aWmap v1.2 is a cgi scanner that attempts to be smarter than most. To increase the chance of finding useful stuff, wmap has a file containing interesting Directories (dirs.db) and other file containing common cgi dirs (dircgis.db) to search for. If a directory is found is added to the test. This include all the directories that are found in the html tags. For each directory found, not only scans for vulnerable CGI's (cgis.db) it scan for interesting files (ex. passwords.tmp) included in the file (file.db) and does an http PUT scan.
9401723e6a8fa8cef94bcdef5cc3e81baf2fd849c83c526c353df37664fcb743Avirt Gateway 4.2 remote exploit.
c7c71b607fa45cf484a658d01ea6310238e1dd14cda3695bca1c9028168cf405Ettercap v0.6.3.1 and below advisory and remote root exploit against Linux. Due to improper use of the memcpy() function, anyone can crash ettercap and execute code as root user.
0707e613e12873f42925d43ba22b3e2a53a3329febbdea8c7110ba8cc31f4e41Zlister is a UNIX system administration tool designed to provide comprehensive filesystem management. The complete filesystem is listed, compressed, diff'd with the previous set and stored for reference. Time-saving tool, designed to quickly list the details of any file/directory, or of any pattern searched for. Provides comprehensive tool for filesystem searching. Supported with copious documentation. Tested on Solaris, HP/UX, and Linux.
833b6bce344a81b6b54db7a0118b83bbf591c2b1bb6c0681c7a94eabc3daa706This is a kernel patch to prevent stealth, fin, and rst scans. Also slows down the tcp connect scan. Tested on debian potato running 2.4.16. Tested with nmap and queso - Changes OS fingerprint.
34dc5fef83c2a347dc0f9e61a28b304f44dd7ead8a44a36b2bf875b32880c4a0Domino Hash Breaker v1.0 is a tool that tries to guess a Lotus Domino HTTP password from his hash and a dictionary file. It needs Lotus Notes R5 client installation and nnotes.dll.
6ffe6b4d13ef659fc146b7ce4167173e4c037d1dc3cf2705bafc99210557c714Ettercap is a network sniffer/interceptor/logger for switched LANs. It uses ARP poisoning and the man-in-the-middle technique to sniff all the connections between two hosts. Features character injection in an established connection - you can inject characters to server (emulating commands) or to client (emulating replies) while maintaining an established TCP connection! Integrated into a easy-to-use and powerful ncurses interface.
2e5e1b6e1ccae2dd9cb8c61834b5261e022625336f213b52edcf49bc2ce2ca60
© 2024 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed