Please click our sponsor
| Miscellaneous UNIX Security Tools Section | |
| Electric Fence 2.1 - Electric Fence stops your program on the exact instruction that overruns (or underruns) a malloc() memory buffer. GDB will then display the source-code line that causes the bug. It works by using the virtual-memory hardware to create a red-zone at the border of each buffer - touch that, and your program stops. Catch all of those formerly impossible-to-catch overrun bugs that have been bothering you for years. Changes: Removed work-arounds, most operating systems and C libraries have been fixed now. By Bruce Perens. | |
| Electric Fence 2.2.0
- Electric Fence stops your program on the exact instruction that overruns
(or underruns) a malloc() memory buffer. GDB will then display the source-code
line that causes the bug. It works by using the virtual-memory hardware
to create a red-zone at the border of each buffer - touch that, and your
program stops. Catch all of those formerly impossible-to-catch overrun bugs
that have been bothering you for years. Changes: Electric Fence will now
debug multi-threaded programs correctly. Besides the static version, it's
loadable as a shared library using LD_PRELOAD, thus you don't have to re-link
your program to debug it with Electric Fence. The command "ef |
|
| Electric Fence 2.2.2 - Electric Fence stops your program on the exact instruction that overruns (or underruns) a malloc() memory buffer. GDB will then display the source-code line that causes the bug. It works by using the virtual-memory hardware to create a red-zone at the border of each buffer - touch that, and your program stops. Catch all of those formerly impossible-to-catch overrun bugs that have been bothering you for years. Changes: Merge in bug-fixes, multi-thread patch, shared library patch, debian/ subdirectory used for building the Debian package. By Bruce Perens. | |
| Nemesis 1.0 - Nemesis is a Video Security System for Linux. Its aim is to replace expensive commercial video surveilance systems with an inexpensive Linux solution. All you need is a camera, video input card, and a moderate amount of hard disk. Changes: Initial release. By John Ferlito. | |
| SANS Security Digest Vol 3 Num 1 - Excellent security digest with current information on vulnerabilities, exploits, security news, security vendors, patches, and more. From The SANS Institute. | |
| Secure Linux kernel patch for 2.1.131. By dumped - sekure SDI. | |
| Readme file with comprehensive description of SNMP::Monitor v0.1008. | |
| SNMP::Monitor v0.1008 - SNMP::Monitor - A Perl module for watching interface status, logging interface utilization and arbitrary other SNMP queries. Features: add or delete routers from or to a set of managed routers, start a permanently running monitor that is watching your interfaces and can do logging into a database, display a graphical view of the interface utilization via the WWW, show interface statistics, includes an access control system that restricts access to given users based on interface and/or host. 27k. By Jochen Wiedmann. | |
| Readme file. | |
| SNMP::Monitor - A Perl module for watching interface status, logging interface utilization and arbitrary other SNMP queries. Features: add or delete routers from or to a set of managed routers, start a permanently running monitor that is watching your interfaces and can do logging into a database, display a graphical view of the interface utilization via the WWW, show interface statistics, includes an access control system that restricts access to given users based on interface and/or host. By Jochen Wiedmann. | |
| Sorry, a description is unavailable. | |
| SNMP::Monitor - A Perl module for watching interface status, logging interface utilization and arbitrary other SNMP queries. Features: add or delete routers from or to a set of managed routers, start a permanently running monitor that is watching your interfaces and can do logging into a database, display a graphical view of the interface utilization via the WWW, show interface statistics, includes an access control system that restricts access to given users based on interface and/or host. SNMP-Monitor-0.1010.readme By Jochen Wiedmann. | |
| Readme file. | |
| See above. | |
| UNIX : A Hacking Tutorial. By: Sir Hackalot. | |
| Advanced File Hide & Redirect Module 0.2b by lcamtuf. | |
| Tool for experimenting with and manipulating ARP packets. Homepage here. By Ulandron. | |
| Based on my neped-libnet source, just figures out what boxens in your lan run IP stack and are in the same subnet with you. By CyberPsychotic | |
| Basic CallerID Logger is a perl script which provides CID logging to a database. It was written to use mysql but as long as you can generate the table for your own database, it should work fine. It puts the data into the table without any format changes; the idea is that an auxiliary program can make the format changes when it displays the data. Homepage here. By Bill Adams | |
| "The Mr.Fong Device" wwwboard v1.00 - A new wwwboard script, based on Matt Wrights design, but with lots of bugfixes and security features. Uses some of the code from the wwwboard on this site for enhanced security. By CyberArmy. | |
| Improved WWWBoard 1.1 ('Albert Fong Device') - This 'Improved WWWBoard' is a complete "hacker" revamp of the Matt's Script WWWBoard. It has been recoded to prevent exploit of all known wwwboard attacks. With anti-spamming features, user and topic banning, auto-cutting, and all known bug fixes: well over 30 patches. By Nick, of CyberArmy. | |
| Bug is a spy program for linux, which reads from the microphone and sends the audio back to the client in UDP packets. Will not disrupt audio playback. By SectorX | |
| CGIProxy v1.0 is a Perl CGI script that acts as an anonymous HTTP Proxy. No user information is transmitted, so it is useful as an anonymouse proxy. It has additional features such as filtering out all images (text only browsing), for the bandwidth-impaired. By James Marshall. | |
| CGIProxy v1.1 is a Perl CGI script that acts as an HTTP proxy. Through it, you can retrieve resources that may be inaccessible from your own machine. No user info is transmitted, so it can be used as an anonymous proxy. Options include text-only browsing (to save bandwidth), cookie support, simple ad filtering, and encoded target URLs. Changes: Target URLs can be encoded for privacy, cookies can be supported, filter support for banner ads, several bugfixes and cleanups. By James Marshall. | |
| Allows you to leave your logs on serial device connected to separate machine. | |
| This patch will upgrade CU Sudo version 1.5.9 to version 1.5.9 patchlevel 1. By Todd C. Miller. | |
| sudo 1.5.9p1 - Sudo (superuser do) allows a system administrator to give certain users (or groups of users) the ability to run some (or all) commands as root while logging all commands and arguments. Sudo operates on a per-command basis, it is not a replacement for the shell. Changes: Added dirfd() macro for systems without it, better check for socket() in -lsocket -lnsl in configure, minor configure fixes, fixed a bug wrt quoting characters in command args, make --without-sendmail works, fixed a segv if HOST_IN_LOG defined and gethostbyname() fails, fixed a parse bug wrt the ! operator and runas specs, use new emalloc/erealloc/estrdup functions, new PAM code that should work on both Solaris and Linux, make sudo's usage info better when mutually exclusive args are given and don't rely on argument order to detect this, in visudo, shift return value of system() by 8 to get the real exit value. By Todd C. Miller. | |
| sudo 1.5.9p2 - Sudo (superuser do) allows a system administrator to give certain users (or groups of users) the ability to run some (or all) commands as root while logging all commands and arguments. Sudo operates on a per-command basis, it is not a replacement for the shell. By Todd C. Miller. | |
| sudo 1.6b2 - Sudo (superuser do) allows a system administrator to give certain users (or groups of users) the ability to run some (or all) commands as root while logging all commands and arguments. Sudo operates on a per-command basis, it is not a replacement for the shell. By Todd C. Miller. | |
| See description above. | |
| See description above. | |
| cyberanon v1.1 - Anonymizer CGI script that makes surfing the web anonymously a breeze. By Nick. | |
| Cyber Anonymizer CGI Script - Cyber Anonymizer CGI Script - Install on your web server and start surfing anonymously. By Nick. | |
| dll file required for Windows NT binaries (htc.exe and hts.exe) of httptunnel v2.4. | |
| This program gathers as much information as possible about an intruder's system, using nmap, netcat. By Dave Dittrich. | |
| Dword.pl - This will convert a given IP address into it's dword equiv, as described in "How to Obscure Any URL", available here. By Bro Evil | |
| Sorry, a description is unavailable. | |
| Findfixed.pl searches through C code looking for fixed-length buffers. Homepage here. By Missnglnk | |
| "Preventing remote OS detection via tcp/ip stack fingerprinting" - An excellent security improvement module describing how you can mask your operating system from tcp/ip stack fingerprinting tools such as nmap and queso while still being functional. By PGCI Inc.. | |
| fwg is a program that mimicks the functionality of WinGate, except it logs the entire session. This is good for giving out to unsuspecting script kiddies and then stealing their w4r3z. Homepage here. By Ajax | |
| fwmail is a small secure daemon for inetd that forwards incoming smtp traffic to another sendmail server, acting as a gateway, and optionally anonymizing the senders origin. Version 1.1. Homepage here. By Mixter | |
| gatelogin 1.0.0 - When set as a users shell, gatelogin will read a config file when the user logs in, and display a list of machines which the user can log into behind a firewall etc. The config may include the 'machine' string local followed by a valid shell to allow the user to login to the gateway using that shell. Changes: First release. By Brett Lomas. | |
| StackGuard is a compiler approach for defending programs and systems against "stack smashing" attacks. Stack smashing attacks are the most common form of security vulnerability. Programs that have been compiled with StackGuard are largely immune to stack smashing attacks. Protection requires no source code changes at all. When a vulnerability is exploited, StackGuard detects the attack in progress, raises an intrusion alert, and halts the victim program. Binary release, Terminator canary mechanism. By Immunix | |
| StackGuard is a compiler approach for defending programs and systems against "stack smashing" attacks. Stack smashing attacks are the most common form of security vulnerability. Programs that have been compiled with StackGuard are largely immune to stack smashing attacks. Protection requires no source code changes at all. When a vulnerability is exploited, StackGuard detects the attack in progress, raises an intrusion alert, and halts the victim program. Binary release, Terminator Lite: like the Terminator, but does not provide a "death handler". This allows you to customize intrusion response, and also allows you to compile very delicate packages such as glibc. By Immunix | |
| StackGuard is a compiler approach for defending programs and systems against "stack smashing" attacks. Stack smashing attacks are the most common form of security vulnerability. Programs that have been compiled with StackGuard are largely immune to stack smashing attacks. Protection requires no source code changes at all. When a vulnerability is exploited, StackGuard detects the attack in progress, raises an intrusion alert, and halts the victim program. Binary release, Terminator Random: uses the more secure Random Canary protection. By Immunix | |
| Generic shellcode for i386. Supports FreeBSD, netBSD, openBSD, and linux. CyberPsychotic, K.A.L.U.G. | |
| UNIX hacking and network security, by Red Knight. | |
| Fake shellcode generator, ala apache.c. By Neeko | |
| httptunnel v2.4 (client) for Windows NT creates a bidirectional virtual data path tunnelled in HTTP requests. The requests can be sent via an HTTP proxy if so desired. This can be useful for users behind restrictive firewalls. If WWW access is allowed through an HTTP proxy, it's possible to use httptunnel and, say, telnet or PPP to connect to a computer outside the firewall. Requires cygwin1.dll. By Lars Brinhoff. Windows NT binaries by Philip Craig, built with Cygwin 20.b1. | |
| httptunnel v2.4 (server) for Windows NT creates a bidirectional virtual data path tunnelled in HTTP requests. The requests can be sent via an HTTP proxy if so desired. This can be useful for users behind restrictive firewalls. If WWW access is allowed through an HTTP proxy, it's possible to use httptunnel and, say, telnet or PPP to connect to a computer outside the firewall. Requires cygwin1.dll. By Lars Brinhoff. Windows NT binaries by Philip Craig, built with Cygwin 20.b1. | |
| This package contains a daemon, written as a Perl script plus configuration file, that provides a simple HTTP router, banner advertisement blanker, cache and cookie cutter. You configure your web browser to use it as a web proxy. httproute relays user requests to a web proxy that depends on the URL prefix. If the URL prefix matches a configured list of known advertising servers, httproute answers the request itself with a 1x1 gif image of a black pixel, thus blanking banner ads and speeding page loading (especially on a slow line). httproute can be configured to route its requests to encrypted TCP tunnels established with ssh, making it possible to compress and encrypt some or all of your web traffic at least as far as the proxy server. httproute can strip and/or lie about information from your browser's requests that can potentially compromise your privacy, including the Referer: and User-Agent: options. It strips incoming cookies, except from sites explicitly listed in the configuration file. By Phil Karn. | |
| httptunnel v1.1 can create a two-way data path through an HTTP proxy, from your isolated computer forced to use an HTTP proxy to any system on the Internet you have access to. By Lars Brinhoff. | |
| httptunnel v1.101 can create a two-way data path through an HTTP proxy, from your isolated computer forced to use an HTTP proxy, to a system on the Internet you have access to. Tons of bugfixes and code optimizations in this release. By Lars Brinhoff. | |
| httptunnel v1.102 can create a two-way data path through an HTTP proxy, from your isolated computer forced to use an HTTP proxy, to a system on the Internet you have access to. Even more bugfixes and code improvements. By Lars Brinhoff. | |
| See description above. This release fixes the annoying buffering bug and adds debugging facilities. | |
| httptunnel can create a two-way data path through an HTTP proxy, from your isolated computer forced to use an HTTP proxy, to a system on the Internet you have access to. This version includes fixes to compile on Solaris and other systems without getopt_long(). By Lars Brinhoff. | |
| httptunnel can create a two-way data path through an HTTP proxy, from your isolated computer forced to use an HTTP proxy, to a system on the Internet you have access to. This version includes lots of enhancements, code optimization, and bugfixes. By Lars Brinhoff. | |
| httptunnel can create a two-way data path through an HTTP proxy, from your isolated computer forced to use an HTTP proxy, to a system on the Internet you have access to. By Lars Brinhoff. | |
| httptunnel can create a two-way data path through an HTTP proxy, from your isolated computer forced to use an HTTP proxy, to a system on the Internet you have access to. Changes: This version has a major incompatibility change in the protocol and is generally more robust. This is a beta release in anticipation of 2.0. By Lars Brinhoff. | |
| See description above. | |
| See description above. | |
| httptunnel v1.97 can create a two-way data path through an HTTP proxy, from your isolated computer forced to use an HTTP proxy, to a system on the Internet you have access to. Changes: This version has a major incompatibility change in the protocol and is generally more robust. This is a beta release in anticipation of 2.0. Changes: Improved poll() emulation and HTTP parsing. hts --content-length works now. Experimental setsockopt() settings to make connections more reliable. By Lars Brinhoff. | |
| httptunnel v1.98 can create a two-way data path through an HTTP proxy, from your isolated computer forced to use an HTTP proxy, to a system on the Internet you have access to. Lots fo bugfixes in this release. By Lars Brinhoff. | |
| httptunnel v1.99 can create a two-way data path through an HTTP proxy, from your isolated computer forced to use an HTTP proxy, to a system on the Internet you have access to. Lots of bugfixes in this release. By Lars Brinhoff. | |
| httptunnel v2.0 (the long-awaited release) creates a bidirectional virtual data path tunnelled in HTTP requests. The requests can be sent via an HTTP proxy if so desired. This can be useful for users behind restrictive firewalls. If WWW access is allowed through an HTTP proxy, it's possible to use httptunnel and, say, telnet or PPP to connect to a computer outside the firewall. By Lars Brinhoff. | |
| httptunnel v2.3 creates a bidirectional virtual data path tunnelled in HTTP requests. The requests can be sent via an HTTP proxy if so desired. This can be useful for users behind restrictive firewalls. If WWW access is allowed through an HTTP proxy, it's possible to use httptunnel and, say, telnet or PPP to connect to a computer outside the firewall. Changes: --pid-file option, --proxy-authorization fix, set proxy_authorization option on tunnel, new proxy_authorization variable/option, better HP-UX support, many bugfixes. By Lars Brinhoff. | |
| httptunnel v2.4 creates a bidirectional virtual data path tunnelled in HTTP requests. The requests can be sent via an HTTP proxy if so desired. This can be useful for users behind restrictive firewalls. If WWW access is allowed through an HTTP proxy, it's possible to use httptunnel and, say, telnet or PPP to connect to a computer outside the firewall. Changes: Bug fixes, OS/2 Warp port, new options: --proxy-authorization, --user-agent, --pid-file. By Lars Brinhoff. | |
| See description above. Changes: Numerous bugfixes and code optimizations. | |
| httptunnel creates a bidirectional data channel through an HTTP proxy, from your isolated computer behind a restrictive firewall, to a system on the Internet you have access to. Changes: Bugfixes and improved stability, Debianization, compatibility with Universal TUN driver, and many new options for improved operation. Homepage here. By Lars Brinhoff | |
| Daemon that sits on a port and waits for a connection, once found, it sends an ident request. Demonstrates use of syslogd functions and fork(). Homepage here. By Missnglnk | |
| ISIC - 0.05 (IP Stack Integrity Check). Crafts random packets and launches them. Can fix or randomize source/dest IP's and Ports. You can specify the percentage of packets to fragment, to have IP options, to have bad IP versions.... Just about every field can be automagically twiddled. It contains distinct programs for TCP, UDP, ICMP, IP with a randomized protocol field and a program for randomized raw ethernet frames. Compiles and should work using Libnet under OpenBSD, Solaris, Linux and FreeBSD. Homepage here. By Mike Frantzen | |
| libifconfig is a simple library that exports the basic capabilities of the ifconfig(8) administrative tool on Unix operating systems. It allows ifconfig's functions to be performed programatically without executing ifconfig, and provides easy access to the information typically returned from ifconfig. Moreover, libifconfig does this through an interface common to multiple platforms, improving portability. Homepage here. By Asriel | |
| libtcp++ is a C++ class library to facilitate the creation of TCP/IP clients and servers. It has two classes, TcpClient and TcpServer. TcpServer has build it logging capability and a peer detection method in addition to regular server functionality. By Sasha Pachev. | |
| libtcp++ is a C++ class library to facilitate the creation of TCP/IP clients and servers. It has two classes, TcpClient and TcpServer. TcpServer has build it logging capability and a peer detection method in addition to regular server functionality. By Sasha Pachev. | |
| libtcp++ 0.0.1c - Allows you to create C++ TCP/IP clients and servers without having to worry about gethostbyname, sockect, connect, bind, listen and accept. Has two classes, TcpClient and TcpServer. Both can do logging in addition to regular stuff that their names would suggest. Changes: Added debug() and set_debug_level() methods to TcpServer class. By Sasha Pachev. | |
| libtcp++ 0.0.2 - libtcp++ allows you to create C++ TCP/IP clients and servers without having to worry about gethostbyname, sockect, connect, bind, listen and accept. It has three classes, TcpClient, TcpServer and TcpIpRuleSet. TcpClient allows you to initiate TCP/IP connections, TcpServer is an abstract class to be used for creating servers by inheriting from it, and TcpIpRuleSet allows you to establish a set of IP-based access rules, and check IPs against them. Changes: Added IP-based access control option to TcpServer. By Sasha Pachev. | |
| lidentd is an identd replacement with many features including fake users, random fake users, restricted fake user responses, matching against the passwd file for fake responses and more. By Drago | |
| Kernel-level tty spy software, compatible with linux 2.2 and glibc. Based on Halflife's article from Phrack 50. Homepage here. | |
| A NetBUS client for Linux that works with NetBus 1.60. Homepage here. By nuope | |
| Linux rootkit. | |
| List Not Closed Files. Lets you not only list not closed files but also write/read etc. to it. Also inserting commands into stdin of programs (say SSH) is possible. Needs libpopt and x86/linux kernel 2.2. By S. Krahmer | |
| Lockconsole is a program to lock the tty while you're away, and then require password to unlock again. While locked you will not be able to switch to another VC. It will always accept root password to unlock. By Martin C. | |
| mailtunnel v0.2 consists of a set of Perl scripts that lets you tunnel any data over convential mailsystems. All you need is one box on the blocked network, and an account on an outside (internet-connected) system. By Magnus Lundstrom. | |
| memwatch 2.59 - memwatch is a fault tolerant memory leak and corruption detection tool. Basically, you add a header file to your souce code files, and compile with MEMWATCH defined or not. The header file MEMWATCH.H contains detailed instructions. Changes: Fixes some warnings under high-sensitivity settings. By Johan Lindh. | |
| memwatch 2.60 - memwatch is an ANSI C fault tolerant memory leak and corruption detection tool. Basically, you add a header file to your souce code files, and compile with MEMWATCH defined or not. The header file MEMWATCH.H contains detailed instructions. Changes: Another high-sensitivity warning fixed. Looking to compile a list of platforms and projects using memwatch; changed the README to this effect. By Johan Lindh. | |
| nmap - check the nmap directory for latest versions. | |
| See description below. | |
| See description below. | |
| npasswd 2.05 - Npasswd is a replacement for the passwd command for UNIX. It subjects user passwords to stringent guessability checks to decrease the chance of users choosing vulnerable passwords. It addresses other deficiencies found in standard password change programs. Npasswd is designed to replace the programs passwd, chfn and chsh. You'll need npasswd-words.tar.gz (5.6 MB) to use npasswd. By Clyde Hoover. | |
| For use withNpasswd. | |
| nullidentd is a minimal identd server. All identd requests are responded to with the same (false) answer. It is intended as a very small (possibly secure) daemon to run on a firewall for connections to servers that use identd responses. Homepage here. | |
| This package contains a patch to the Linux 2.2.2 kernel that disables the CPU serial number misfeature in the new Intel Pentium III processor at boot time. Also included is a fairly comprehensive CPU identification program for Intel and AMD processors that will display the PIII serial number if it is available. Run it both before and after installing the patch to verify that it is working. By Phil Karn. | |
| Parses all the IP addresses out of a text file. By bugEyed | |
| passwdd 0.02-patch1 - passwdd is a client/server package which allows basic synchronization of password files among different machines. There are Linux server and Linux console clients. With Visual C/C++ you can compile the Windows version of the clients. Perl CGIs are included as well. Changes: Several minor bugfixes. By Alexander Feldman. | |
| passwdd 0.02 - passwdd is a client/server packages which allows basic synchronization of password files among different machines. There are Linux server and Linux console clients. With Visual C/C++ you can compile the Windows version of the clients. Perl CGIs are included as well. Changes: Now you can add and delete users, the entire code is rewritten in C++, autoconf is used to make configure script, a lot of new features are added and the suite is now tested with RedHat Linux, not only with Slackware. By Alexander Feldman. | |
| passwdd is a client/server packages which allows basic synchronization of password files among different machines. There are Linux server and Linux console clients. With Visual C/C++ you can compile the Windows version of the clients. Perl CGIs are included as well. Changes: SunOS compatibility. Homepage here. By Alexander Feldman | |
| Patch for rsbac-2.2.12-v1.0.9.tar.gz | |
| GNU Phantom.Security is a computer-controlled security system. Using the software and a simple circuit board (diagram included) that you build, you can create a good basic security system that is computer controlled. The system can use off-the-shelf security devices like motion sensors, door magnets, and fire/smoke detectors with little to moderate modification. You can have a total of 5 devices per port. And if the machine the system is running on is connected to a LAN/WAN or the Internet, you can have it send e-mail. If you have a pager or cell phone capable of receiving e-mail, then you will have around the clock intrusion/fire detection for your home or office. By Joe Thielen. | |
| pingd v0.5.1 - pingd for Linux. Allows wrapping and logging of pings by moving the function to a daemon and into userland. Requires tcp wrappers, libnet, and of course a kernel rebuild. By daemon9/route. | |
| ppp-system v1.3c - This program is a complete PPP connect system with ISP cycling, support for multipal PPP lines, automatic firewalling/foawarding (and/or masquerading) support, as well as a few handy scripts like mk/rmfirewall for instant firewalling of any Class A/B/C/D, or curip, curhip, chk4net and more. Also now fully detects and supports ip chains (kern v2.1). By Preston A. Elde. | |
| Hardin's Custom Procmail Kit (requires procmail). By John Hardin. | |
| If you've ever used Solar Designer's secure-linux series of patches for the Linux kernel, you might have noticed that the /proc privacy patch seems to make many popular programs like w, top, ps, etc very unhappy. This is due to the way libproc, a component of procps, handles /proc/#/stat files that are unreadable. This patch gives libproc the ability to gracefully handle such entries. This patch works on procps 1.2.8 and 1.2.9. Howto: 'zcat procps-1.2.9.slp.gz | patch -p1', then compile and install procps normally. By animate2. | |
| proxy 1.1 - Proxy is a C application that when run on a multi-homed host will forward all packets from source, to destination. Where source might be a system on the internet, and destination might be a box on a private network behind a multi-homed linux machine. It's also good for setting up sort of a 'bounce back' connection for poeple trying to attack you. Just run the proxy and point the outgoing connection to your attackers system, and they will end up attacking their own machine. Multi-threaded version. By Sonny Parlin. | |
| proxy 1.2 - Proxy is a C application that when run on a multi-homed host will forward all packets from source, to destination. Where source might be a system on the internet, and destination might be a box on a private network behind a multi-homed linux machine. It's also good for setting up sort of a 'bounce back' connection for poeple trying to attack you. Just run the proxy and point the outgoing connection to your attackers system, and they will end up attacking their own machine. Threaded and runs from inetd. By Sonny Parlin. | |
| proxy 2.0 - Proxy is a C application that when run on a multi-homed host will forward all packets from source, to destination. Where source might be a system on the internet, and destination might be a box on a private network behind a multi-homed linux machine. It's also good for setting up sort of a 'bounce back' connection for poeple trying to attack you. Just run the proxy and point the outgoing connection to your attackers system, and they will end up attacking their own machine. Threaded and runs from inetd. Changes: Proxy 2.0 is a complete re-write from 1.1 and 1.2, uses select() for I/O, now a filtering proxy. By Sonny Parlin. | |
| prxtools is a suite of proxy tools used to find/identify/test/abuse/use http proxys. 'fizzbounce' maps a tcp connection from a local port over a remote http proxy server which does http-relay to a remote host (defaultly insecure cacheflow proxies and misconfigured squids will do fine). 'polysyndeton' is a simple http proxy (not a real proxy though), that splits http requests among a variable number of http proxies, partly anonymizing your requests and making it more (far away from impossible) difficult to trace you. 'prxtest' reliably tests a http proxy for relay and proxying ability. 'soxtest' reliably tests a socks 5 server for relay ability. By scut. | |
| Pretty Simple Password Generator (PSPG) is a small and fast password generator for creating secure, non-pronounceable passwords which are harder to break. Changes: This release features code modularization, documentation updates and a ChangeLog. Homepage here. By Karellen | |
| Many sendmail daemons can be abused to get information about what accounts exist. By following basic RFC standart procedues - without VRFY and EXPN - we can still list the valid users using by another command as suggested in [RFC821]. Includes demonstration code smtp-cracker.c. By Lucas Fontes and Nelson Brito | |
| Ricochet is an automated agent for tracing and reporting internet junk mail (a.k.a Spam). Ricochet analyses the headers of a spam to identity the machines used for its injection, looks up the email addresses of the machine owners and mails out a complaint to them. Ricochet uses various network information resources like nameserver records, MX records and Whois databases worldwide to collect and verify this information. Homepage here. By Vipul Ved Prakash | |
| Sorry, a description is unavailable. | |
| Sorry, a description is unavailable. | |
| A replacement for the Sun rpcbind program that offers access control and copious logging. Allows host access control based on network addresses. 55k. By Wietse Venema. | |
| Rule Set Based Access Control (RSBAC) is based on the Generalized Framework for Access Control (GFAC) by Abrams and LaPadula and provides a flexible system of access control based on several modules. All security relevant system calls are extended by security enforcement code. This code calls the central decision component, which in turn calls all active decision modules and generates a combined decision. This decision is then enforced by the system call extensions. Decisions are based on the type of access (request type), the access target and on the values of attributes attached to the subject calling and to the target to be accessed. Additional independent attributes can be used by individual modules, e.g. the privacy module (PM). All attributes are stored in fully protected directories, one on each mounted device. Thus changes to attributes require special system calls provided. As all types of access decisions are based on general decision requests, many different security policies can be implemented as a decision module. A general goal of RSBAC has been to some day reach (obsolete) Orange Book (TCSEC) B1 level. See also patch-2.2.12.gz. | |
| Ever thought that this is possible? A tool to encrypt strings in C-sourcefiles and automatically decrypt it at runtime. (version 1.0) Scramble was found to work also well on FreeBSD (3.1 tested). By S. Krahmer | |
| Secure Shell v1.2 - Secure Shell is a shell script for secure logins using encryption and dual authorization. It prevents non-authorized users from logging into a shell server even if they have the correct login/pass. If you're using v1.1 or before, please upgrade (symlink hole fixed in v1.2)! By wtmp. | |
| Secure Linux -- kernel patch for Linux 2.0.33 ... 2.0.36. By Solar Designer. | |
| Patch to sh(1) that adds denying and logging features (user ID, username, process ID, parent process ID, parent process name, login name). Checks against /etc/sh.deny and if the parent/calling program is listed then execution is halted and logged. Homepage here. By Omachonu Ogali | |
| Shambler (firewall trap) looks at process table, and kills unauthorized process. Run periodically from cron. Uses a simple config file to define what users are allowed. Specifically, when the shambler runs it will search the process table for any UIDs or usernames that DO NOT appear in this list. Any UID or username that does not appear in this list will be killed, and a message logged via syslog. Think of the shambler as a booby trap; cheap (no overhead), easy to install, simple to use, and hurts like hell if anyone actually falls into it. :) By Jay D. Allen. | |
| Solaris 2.4 rootkit. | |
| Solaris 2.5.1 rootkit. | |
| System call tracer for SunOS 4.x, Linux, System V release 4, Solaris 2.x and Irix 5.x. strace is a useful diagnositic, instructional, and debugging tool. System adminstrators, diagnosticians and troubleshooters will find it invaluable for solving problems with programs for which the source is not readily available since they do not need to be recompiled in order to trace them. Students, hackers and the overly-curious will find that a great deal can be learned about a system and its system calls by tracing even ordinary programs. And programmers will find that since system calls and signals are events that happen at the user/kernel interface, a close examination of this boundary is very useful for bug isolation, sanity checking and attempting to capture race conditions. By Rick Sladkey. | |
| System call tracer for SunOS 4.x, Linux, System V release 4, Solaris 2.x and Irix 5.x. strace is a useful diagnositic, instructional, and debugging tool. System adminstrators, diagnosticians and troubleshooters will find it invaluable for solving problems with programs for which the source is not readily available since they do not need to be recompiled in order to trace them. Students, hackers and the overly-curious will find that a great deal can be learned about a system and its system calls by tracing even ordinary programs. And programmers will find that since system calls and signals are events that happen at the user/kernel interface, a close examination of this boundary is very useful for bug isolation, sanity checking and attempting to capture race conditions. By Rick Sladkey. | |
| strace 3.99.1 - strace is a useful diagnositic, instructional, and debugging tool. System adminstrators, diagnosticians and troubleshooters will find it invaluable for solving problems with programs for which the source is not readily available. Changes: strace works correctly on Linux sparc now, no segfaults on alpha anymore and strace compiles and works correctly on solaris. By Rick Sladkey. | |
| strace 3.99 - strace is a useful diagnositic, instructional, and debugging tool. System adminstrators, diagnosticians and troubleshooters will find it invaluable for solving problems with programs for which the source is not readily available. Changes: General fixes for use with various kernels, numerous syscall updates and better network protocol support. By Rick Sladkey. | |
| strace 4.1 is a useful diagnositic, instructional, and debugging tool. System adminstrators, diagnosticians and troubleshooters will find it invaluable for solving problems with programs for which the source is not readily available. Changes: More support for Linux/MIPS, updates to the network-code and additional/improved Linux syscalls. Homepage here. By Rick Sladkey | |
| Strace is a system call trace, a debugging tool which prints out a trace of all the system calls made by another process/program. The program to be traced need not be recompiled for this, so you can use it on binaries for which you don't have source. System calls and signals are events that happen at the user/kernel interface. A close examination of this boundary is very useful for bug isolation, sanity checking and attempting to capture race and buffer overflow conditions. Homepage here. By Wichert Akkerman | |
| sugarplum 0.8.2 - Sugarplum is an automated spam-poisoner. Its purpose is to feed large quantities of realistic and enticing but otherwise utterly useless data to wandering spam-bots such as EmailSiphon, Cherry Picker, etc. The intention is to so contaminate spammers' databases as to require culling out large portions, including any real data, and/or to require that spambots be instructed to avoid your site. Sugarplum detects so-called "stealth" spambots, and can be used to activate firewalling or more aggressive countermeasures at the administrator's option. It includes Apache mod_rewrite rules for known spambots. Changes: bugfixes, improvements, added more spambot info and DoS patterns. By Devin Carraway. | |
| sugarplum 0.8 - Sugarplum is an automated spam-poisoner. Its purpose is to feed large quantities of realistic and enticing but otherwise utterly useless data to wandering spam-bots such as EmailSiphon, Cherry Picker, etc. The intention is to so contaminate spammers' databases as to require culling out large portions, including any real data, and/or to require that spambots be instructed to avoid your site. Sugarplum detects so-called "stealth" spambots, and can be used to activate firewalling or more aggressive countermeasures at the administrator's option. It includes Apache mod_rewrite rules for known spambots. Changes: First public release. By Devin Carraway. | |
| Solaris 2.5.1 rootkit. | |
| Surgery is a CGI-based UTMP modifier/cleaner. Homepage here. By Missinglnk | |
| taptunnel 0.2 is a client and server for creating Ethernet tunnels over TCP/IP-networks (such as the Internet). It can be used to connect two private networks over a public network. It uses raw-ethernet, and therefore can tunnel a variety of protocols (IPX, ARP, IPv4, IPv6, DHCP, etc). Changes: This version is a complete rewrite. New features include INETD/XINETD-support, strong encryption using the mcrypt-library and moved from C to C++. By Lennart Poettering. | |
| taptunnel 0.21 is a client and server for creating Ethernet tunnels over TCP/IP-networks (such as the Internet). It can be used to connect two private networks over a public network. It uses raw-ethernet, and therefore can tunnel a variety of protocols (IPX, ARP, IPv4, IPv6, DHCP, etc). It also uses the new ethertap-device of the Linux kernel 2.2 and above. Features: fast, simple, carries all protocols which work with the ethernet, may be used as ethernet-long-distance-bridge, really simple to setup, uses strong crypto (Blowfish, DES, TripleDES, 3-WAY, GOST, SAFER64, SAFER128, CAST128, TEAN, TwoFISH) for secure connections, open source, free(GPL). Changes: This version is a complete rewrite. New features include fix for INETD/XINETD-support, strong encryption using the mcrypt-library and moved from C to C++. By Lennart Poettering. | |
| tcpgate is a daemon that listens on a port for connections, and when the connection is made, proxies/bounces it to the host/port pair specified in the config file unmodified. Very simple, but very useful when you need to get around a bad route/firewall or fool some smart alec access control without having to telnet a million times from host to host. By Sasha Pachev. | |
| tcpgate 0.0.2 - tcpgate is a tcp gateway/proxy. It listens on a port, when connection is made, opens another connection to the target host on the target port and forwards the packets unmodified. The target host sees the connection as coming from the host where tcpgate is running. Changes: Added IP-based access control options. If you are upgrading, upgrade libtcp++ to the most recent version also, available at the same site. By Sasha Pachev. | |
| TTY-Watcher is a utility to monitor and control users on a single system. It is based on the IP-Watcher utility, which can be used to monitor and control users on an entire network. It is similar to advise or tap, but with many more advanced features and a user friendly (either X-Windows or text) interface. TTY-Watcher allows the user to monitor every tty on the system, as well as interact with them by: to the real owner of the TTY without interfering with the commands he's typing. The message will only be displayed on his screen and will not be sent to the underlying process. Aside from monitoring and controlling TTYs, individual connections can be logged to either a raw logfile for later playback (somewhat like a VCR) or to a text file. SunOS 4.x/Solaris 2. Homepage here. | |
| udpshell v1-0 - Bindshell that uses UDP as transport protocol, with a data crypt option. By Flow. | |
| userv is a Unix system facility to allow one program to invoke another when only limited trust exists between them. It is a tool for system administrators, who often find themselves with a program running as one user which needs to be able to do certain things as another user. | |
| The Veganizer is a spam counter-attack. It searches the headers of a specified message for all associated IPs and Domains, then sends mail to pre-specified addresses at those servers (abuse@, postmaster@) as well as addresses found by a whois query on the IPs/Domains. The mail sent will also include the original message with full headers. By Francisco Roque | |
| The Veganizer is a spam counter-attack. It searches the headers of a specified message for all associated IPs and Domains, then sends mail to pre-specified addresses at those servers (abuse@, postmaster@) as well as addresses found by a whois query on the IPs/Domains. The mail sent will also include the original message with full headers. Changes: A changed whois lookup scheme that accounts for additional registrars, a changed IP whois lookup scheme that accounts for APNIC, ARIN, and RIPE, and a .veganizerrc resource file for user-changeable variables which includes what was formerly in spamtemplate.txt. Homepage here. By Francisco Roque | |
| The Veganizer is a spam counter-attack. It searches the headers of a specified message for all associated IPs and Domains, then sends mail to pre-specified addresses at those servers (abuse@, postmaster@) as well as addresses found by a whois query on the IPs/Domains. The mail sent will also include the original message with full headers. Changes: Smarter domain matching, bugfixes. Homepage here. By Francisco Roque | |
| VPPP 1.2 - VPPP provides a virtual PPP channel over a TCP connection with traffic shaping. It is a user space implememtation which does not require any kernel modification. VPPP currently only supports simple authorization based on the client's IP address. This system has been tested on Linux but ports to other Unixes should be very easy. | |
| VPPP provides a virtual PPP channel over a TCP connection with traffic shaping. It is a user space implememtation which does not require any kernel modification. This system has been tested on Linux but ports to other Unixes should be very easy. This release features password-based authentication, code optimization, better parsing, config files, shaper reworked, asymetrical inbound/outbound shaping. By Maxim Krasnyansky. | |
| vppp 2.1 - VPPP provides a virtual PPP channel over a TCP connection with traffic shaping. It is a user space implememtation which does not require any kernel modification. VPPP supports simple authorization based on the host and password keys. This system has been tested only on Linux (i386, Alpha) yet but ports to other Unixes should be very easy. Changes: Deflate compression implemented using zlib, some bugfixes. By Maxim Krasnyansky. | |
| This perl script sends 'magic packets' to wake-on-lan enabled ethernet adapters, in order to remotely power up a PC. Homepage here. By Ico Doornekamp | |
| Whois2 recursively queries whois servers. This makes it simple to determine the complete information about domain ownership in today's shared registry system. By Tom Rothamel | |
| Simple non-caching HTTP proxy. Great for situations when the official route between two hosts is down/slow/firewalled , the routers cannot be reconfigured, and you need to look at a page on the one host from the other. In addition, it now support user-agent spoofing (there are a few sites that play a smart alec and will not show you pages unless they like your User-agent), regexp content filtering (to get rid of junk ads when you go places), and IP-based access control. By Sasha Pachev. | |
| www_proxy 0.0.3 - www_proxy is a non-caching HTTP proxy with capability of modifying the User-Agent field. It has customizable content filterig capablity and unlike most proxy servers, it logs the contents of the body of a POST request, not just the header. This tool is handy for debugging CGI scripts, search engine submission programs, bypassing problematic routes and firewalls, and for getting rid of junk HTML content. Changes: Added custom content filters. You can now write a program/script that reads STDIN, changes the content that came from the web server, and writes the modified content to STDOUT, and use it for a filter. C, C++, awk, sed, Perl, anyhting will do for a filter. www_proxy now needs the new version of libtcp++ (0.0.1c). By Sasha Pachev. |