Nessus Security Scanner
Remote network security auditor, the client The Nessus Security Scanner is a security
auditing tool. It makes possible to test security modules in an attempt to find vulnerable
spots that should be fixed. . It is made up of two parts: a server, and a client. The
server/daemon, nessusd, is in charge of the attacks, whereas the client, nessus, interferes
with the user through nice X11/GTK+ interface. . This package contains the GTK+ 1.2 client,
which exists in other forms and on other platforms, too.
TCP/IP swiss army knife A simple Unix utility which reads and writes data across network
connections using TCP or UDP protocol. It is designed to be a reliable "back-end" tool that
can be used directly or easily driven by other programs and scripts. At the same time it is
a feature-rich network debugging and exploration tool, since it can create almost any kind
of connection you would need and has several interesting built-in capabilities.
A powerful tool for network monitoring and data acquisition This program allows you to dump
the traffic on a network. It can be used to print out the headers of packets on a network
interface that matches a given expression. You can use this tool to track down network problems,
to detect "ping attacks" or to monitor the network activities.
Flexible packet sniffer/logger that detects attacks Snort is a libpcap-based packet sniffer/logger
which can be used as a lightweight network intrusion detection system. It features rules based
logging and can perform content searching/matching in addition to being used to detect a variety of
other attacks and probes, such as buffer overflows, stealth port scans, CGI attacks, SMB probes, and
much more. Snort has a real-time alerting capability, with alerts being sent to syslog, a separate
"alert" file, or even to a Windows computer via Samba
SAINT (Security Administrator's Integrated Network Tool) is a security assesment tool based on
SATAN. Features include scanning through a firewall, updated security checks from CERT & CIAC
bulletins, 4 levels of severity (red, yellow, brown, & green) and a feature rich HTML interface.
Network traffic analyzer Ethereal is a network traffic analyzer, or "sniffer", for Unix and Unix-like
operating systems. It uses GTK+, a graphical user interface library, and libpcap, a packet capture and
The primary purpose of whisker is to be a URL scanner, which is used to search for known vulnerable
CGIs on websites. Whisker does this by both scanning the the CGIs directly as well as crawling the
website in order to determine what CGIs are already currently in use.
Internet Security Scanner
Internet Scanner performs scheduled and selective probes of communication services, operating systems,
applications and routers to uncover and report systems vulnerabilities that might be open to attack.
Portscan detection daemon PortSentry has the ability to detect portscans(including stealth scans) on the
network interfaces of your machine. Upon alarm it can block the attacker via hosts.deny, dropped route
or firewall rule. It is part of the Abacus program suite. . Note: If you have no idea what a port/stealth
scan is, I'd recommend to have a look at http://www.psionic.com/products/portsentry.html before
installing this package. Otherwise you might easily block hosts you'd better not(e.g. your NFS-server,
A suite of powerful for sniffing networks for passwords and other information. Includes sophisticated
techniques for defeating the "protection" of network switchers.
A file and directory integrity checker. Tripwire is a tool that aids system administrators and users in
monitoring a designated set of files for any changes. Used with system files on a regular (e.g., daily)
basis, Tripwire can notify system administrators of corrupted or tampered files, so damage control
measures can be taken in a timely manner.
HPing2 is a network tool able to send custom ICMP/UDP/TCP packets and to display target replies like
ping does with ICMP replies. It handles fragmentation and arbitrary packet body and size, and can be
used to transfer files under supported protocols. Using hping2, you can: test firewall rules, perform
[spoofed] port scanning, test net performance using different protocols, packet size, TOS (type of
service), and fragmentation, do path MTU discovery, tranfer files (even between really Fascist firewall
rules), perform traceroute-like actions under different protocols, fingerprint remote OSs, audit a
TCP/IP stack, etc. hping2 is a good tool for learning TCP/IP.
The Security Auditor's Research Assistant (SARA) is a third generation security analysis tool that is
based on the SATAN model which is covered by the GNU GPL-like open license. It is fostering a
collaborative environment and is updated periodically to address latest threats
Packet sniffer and monitoring tool sniffit is a packet sniffer for TCP/UDP/ICMP packets. sniffit is
able to give you very detailed technical info on these packets (SEC, ACK, TTL, Window, ...) but also
packet contents in different formats (hex or plain text, etc. ).
Security Auditing Tool for Analysing Networks This is a powerful tool for analyzing networks for
vulnerabilities created for sysadmins that cannot keep a constant look at bugtraq, rootshell and the
IP Filter is a TCP/IP packet filter, suitable for use in a firewall environment. To use, it can either
be used as a loadable kernel module or incorporated into your UNIX kernel; use as a loadable kernel
module where possible is highly recommended. Scripts are provided to install and patch system files, as
IP packet filter administration for 2.4.X kernels Iptables is used to set up, maintain, and inspect the
tables of IP packet filter rules in the Linux kernel. The iptables tool also supports configuration of
dynamic and static network address translation.
Firewalking is a technique developed by MDS and DHG that employs traceroute-like techniques to analyze
IP packet responses to determine gateway ACL filters and map networks. Firewalk the tool employs the
technique to determine the filter rules in place on a packet forwarding device. The newest version of
the tool, firewalk/GTK introduces the option of using a graphical interface and a few bug fixes.
L0phtCrack is an NT password auditting tool. It will compute NT user passwords from the cryptographic
hashes that are stored by the NT operation system. L0phtcrack can obtain the hashes through many
sources (file, network sniffing, registry, etc) and it has numerous methods of generating password
guesses (dictionary, brute force, etc).
John The Ripper
Description: An active password cracking tool john, normally called john the ripper, is a tool to find
weak passwords of your users.
Advanced packet sniffer and connection intrusion. Hunt is a program for intruding into a connection,
watching it and resetting it. . Note that hunt is operating on Ethernet and is best used for
connections which can be watched through it. However, it is possible to do something even for hosts on
another segments or hosts that are on switched ports.
OpenSSH / SSH
Secure rlogin/rsh/rcp replacement (OpenSSH) OpenSSH is derived from OpenBSD's version of ssh, which
was in turn derived from ssh code from before the time when ssh's license was changed to be non-free.
Ssh (Secure Shell) is a program for logging into a remote machine and for executing commands on a remote
machine. It provides secure encrypted communications between two untrusted hosts over an insecure
network. X11 connections and arbitrary TCP/IP ports can also be forwarded over the secure channel. It
is intended as a replacement for rlogin, rsh and rcp, and can be used to provide rdist, and rsync with
a secure communication channel.
Wietse Venema's TCP wrappers library Wietse Venema's network logger, also known as TCPD or LOG_TCP.
These programs log the client host name of incoming telnet, ftp, rsh, rlogin, finger etc. requests.
Security options are: access control per host, domain and/or service; detection of host name spoofing
or host address spoofing; booby traps to implement an early-warning system.
John The Ripper
An active password cracking tool john, normally called john the ripper, is a tool to find weak passwords
of your users.
Display network usage in top-like format ntop is a Network Top program. It displays a summary of network
usage by machines on your network in a format reminicent of the unix top utility. . It can also be run
in web mode, which allows the display to be browsed with a web browser.
NAT (NetBIOS Auditing Tool)
The NetBIOS Auditing Tool (NAT) is designed to explore the NETBIOS file-sharing services offered by the
target system. It implements a stepwise approach to gather information and attempt to obtain file
system-level access as though it were a legitimate local client.
A portscan detecting tool Scanlogd is a daemon written by Solar Designer to detect portscan attacks on
Online tools for investigating IP addresses and tracking down spammers.
Mails anomalies in the system logfiles to the administrator Logcheck is part of the Abacus Project of
security tools. It is a program created to help in the processing of UNIX system logfiles generated by
the various Abacus Project tools, system daemons, Wietse Venema's TCP Wrapper and Log Daemon packages,
and the Firewall Toolkit© by Trusted Information Systems Inc.(TIS). . Logcheck helps spot problems and
security violations in your logfiles automatically and will send the results to you in e-mail. This
program is free to use at any site. Please read the disclaimer before you use any of this software.
grep for network traffic ngrep strives to provide most of GNU grep's common features, applying them to
the network layer. ngrep is a pcap-aware tool that will allow you to specify extended regular
expressions to match against data payloads of packets. It currently recognizes TCP, UDP and ICMP across
Ethernet, PPP, SLIP and null interfaces, and understands bpf filter logic in the same fashion as more
common packet sniffing tools, such as tcpdump and snoop.
A GTK based network "swiss-army-knife" Cheops gives a simple interface to most network utilities, maps
local or remote networks and can show OS types of the machines on the network.
Retina can scan every machine on your network, including a variety of operating systems, networked
devices, databases and third-party or custom applications, all in record time.
Routines for the construction and handling of network packets. libnet provides a portable framework for
low-level network packet writing and handling. . Libnet features portable packet creation interfaces at
the IP layer and link layer, as well as a host of supplementary functionality. Still in it's infancy
however, the library is evolving quite a bit. Additional functionality and stability are added with
each release. . Using libnet, quick and simple packet assembly applications can be whipped up with
little effort. With a bit more time, more complex programs can be written (Traceroute and ping were
easily rewritten using libnet and libpcap).
Crack / CrackLib
Crack 5 is an update version of Alec Muffett's classic local password cracker. Traditionally these
allowed any user of a system to crack the /etc/passwd and determine the passwords of other users (or
root) on the system. Modern systems require you to obtain read access to /etc/shadow in order to
perform this. It is still a good idea for sysadmins to run a cracker occasionally to verify that all
users have strong passwords.