Security Tools List
by Bernd Eckenfels, ecki@lina.inka.de,
2002-01-18 for Freefire.org
This is a list of security tools.
Free (Open Source) Tools
- Packet Generators
- [ftp] ipsend -
generates TCP/IP packets with a scripting language ([mail] Darren Reed)
- [html] SPAK Module
generates TCP/IP packets by a shell pipe (IP, TCP, UDP) ([html] Karyl F. Stein)
- [html ???] TOD -
Touch of Death. Is able to kill connections, if used with sniffit ([mail] Brecht Claerhout)
- [html] udpprobe Send and receive UDP Packets
- [tgz] arping in ip-utils by Alexey Kuznetsov can send arp-pings, unsolicited and gratious arp, it can also detect ip address collisions
- [html] nidsbench
Anzen Computing is pleased to announce the initial release of
nidsbench, a network intrusion detection system test suite.
(OpenBSD, FreeBSD, BSD/OS, Linux, Solaris)
- [html] Libnet
is an API to help with the construction and handling of network
packets. It provides a portable framework for low-level network
packet writing and handling (use libnet in conjunction with libpcap and
you can write some really cool stuff).
- [html] Net::Rawip
module for perl to support sending of Raw IP Data
- [ftp] PyPcap
Python lib high level Raw IP API
- [html] SendIP Project Purple's
Command Line IP Packet Sender (large amount of options) (Mike Ricketts)
- [html] nemesis
nemesis is a command-line UNIX network packet injection suite based on libnet.
- [html] rain
rain is powerful tool for testing stability of
hardware and software utilizing IP protocols. It
offers its users the capability of creating their
own packets with a wide variety of command line options.
- [html] tcpreplay
Suite of tools to edit and replay traffic captured in PCAP format (Aaron Turner)
- Ressource: see Raw IP Networking FAQ
- Traffic Generators
- [html] Traffic Generators for Linux
Arni's summary on Traffic Generating Tools for Linux (ttcp, tg, netspec)
- nidsbench includes a TCP load generator, too
- Network Scanning and Diag
- [html] nmap
good Port scanning tool which supports all well-known methods.
On the namp Page is a link list of other scanning tools, too.
- [dir] netdiag
Collection of Diagnosis Tools: strobe,
tcpspray, trafshow, statnet, netwatch, tcpblast and netload. Source can be
found on all Debian Mirrors in source/net/netdiag*.tar.gz
- [html] netcat from Hobbit -
Swiss Army Knife for TCP and UDP (like socket). Simple Port
Scanner, simple Port redirector and simple access to sockets from Scripts.
- [html] iptraf
LAN statistic utility for Linux
- [dir] btng
Beholder, The Next Generation RMON compliant Ethernet monitor
- [dir] smb-nat
SMB Network Analysis Tool (1.0 and 2.0beta)
- [ftp] ADMsmb
ADM smb is a security scanner for Samba/LAN Manager Server Message Blocks/Window Shares from the ADM CreW
- [html] PortScanner
a simple TCP Portscanner
- [html] DOSTracker
MCI's DOSTracker can recognize and trace quite a few Deny-Of-Service Attacks on CISCO Networks back to the entry point of the attack.
- [html] queso
Queso identifies operating systems via the TCP packet signature
- [html] SmbScanner
SMB (Windows Share) Scanner by !Hispahack
- [html] traffic-vis
can visualize amount of traffic on IP networks between hosts
- [dir] icmpquery
handy C programm to query netmask and time of a remote host via ICMP from David G. Andersen
- [html] exscan
strobe port scanner which identifies the running services.
- [html] hping
TCP pinger, can analyse networks and hosts (on a TCP Flag level :).
Very interesting tool the test TCP/IP stacks. With this spoofed scanning is
possible.
- [html] BSB-Monitor
simple network monitor which scans network and outputs a result HTML page.
- [ftp] iputils
by Alexey Kuznetsov can be used to debug network problems with ping/traceroute/arping/tracepath (MTU discovery)/clockdiff (supporting IP Timestamps)
- [html] Calamaris
squid log analyzer
- [html] yapm
yet another ping monior can ping a list of hosts and show the
results on web pages.
- [html] ntop
shows network usage in curses (top like) or on web, is libpcap based and cool.
- [html] nstreams
Nstreams is a program which analyzes the streams that occur on a network. It displays which streams are
generated by the users between several networks, and between the networks and the outside. It can optionally
generate the ipchains or ipfw rules that will match these streams, thus only allowing what is required for the users,
and nothing more.
- [html] nikto
Extensible Perl script to scan Web Servers and CGIs to gather information and check for common
vulnerabilities.
- Host Security Scanners
- [html] satan
Scanner with Web Frontend from Dan Farmer and
Wietse Venema (look at his papers and tools)
- [html] gate. modular Linux Scanner
Uses a user-friendly Curses GUI. (by tishina, not supported anymore)
- [html] EARS
(Emergency Audit Response System) is one of the first efforts in
development of a single system working to identify, monitor and
respond to abnormal system/user/network behavior (such as hacker
intrusions) on a distributed level, in real-time. (by tishina)
- [html] saint
scanner based on Satan (not realy free)
- [html] COPS
a Un*x host security tool from Dan Farmer
- [txt] Tiger
'tiger' is a set of scripts from TAMU [dir] that scan a Un*x system looking for security problems, in the same fashion as Dan Farmer's COPS.
- [html] SARA
Security Auditors Research Assistent, based on the SATAN model
- [html] OpenVAS
a security Scanner for Linux and Windows (based on Nessus and Gnessus)
- Dumping, Sniffing and Network IDS
- [ftp] tcpdump -
uses [ftp] libcap
to capture network packets
- [html] sniffit -
Packet Sniffer ([mail] Brecht Claerhout)
- [html] epan -
offline protocol analyser for tcpdump ([html] Peter Tobias)
- [ftp] tcpshow -
reformats tcpdump output ([mail] Mike Ryan)
- [html] ITA -
List of software in the Internet Traffic Archive, used to analyse,
simulate and anonymize traffic
- [html] Argus - CMUs Network Monitoring
Tool. Note: Argus 1.7 is ported to a lot of architectures, but it is not
Free anymore.
- [html] karpski
A Gtk based sniffer with a nice GUI, well suited for ARP monitoring
- [html] ethereal
it's a utility that lets you capture and analyze network traffic. Based on GTK.
- [html] IPAC
IP Accounting Frontend to ipfwadm
- [txt] netlog
TAMUs network logging toolkit [dir] including logging monitors for UDP and TCP, an extractor, and [txt] netwatch a real time network monitor
- [html] KSniff
KSniff is a packet sniffer/analyzer developed for the KDE project which supports plugins written in TCL.
- [html] Gnusniff
GTK based multithreadad Sniffer, aims to be cool looking and easy to use.
- [html] ippl
logs icmp, udp and tcp packets multithreaded. Can be configured with apache style rules and uses a DNS cache
- [html] XIP
protocol analyzer / nice graphical tcpdump akin to EtherReal
- [html] ngrep
a network "grep" like utility to capture data. Can be used to look
at the payload, too.
- [html] Perro
three daemons to log ICMP, UDP and TCP Connections
- [html] Snort
Snort is a libpcap-based packet sniffer/logger which can be used as a
lightweight network intrusion detection system. It features rules based
logging and can perform protocol analysis. See the nice ressource page about sec info, too.
- [html] scanlogs
Solar Designer's port scan detector from Phrack 53.
- TODO:
- [html] IPAudit
libpcap based connection logger, builds summary of all in promisc mode captured sessions
- [html] aps
simple text mode IP PAcket Sniffer (for Ethernet on Linux)
- [html] RazorBack SNORT Intrusion Detection
Front-End. GNOME 1.2 Application adds a realtime visual indicator for SNORT Intrusion detection events. -Leigh Purdie, Intersectalliance
- [html] WSA IBM's Wireless Security Auditor is a
Linux Software for iPAQ PDA to easyly audit the Security of an 802.11
wireless LAN. This site features the Software and even some basic info on
the gaping holes in the 802.11 protocol (even in the WEP encryption). A must
read for wireless LAN user.
- ipgrab
- icmpinfo
- ESniff
- net-acct
- arpwatch
- getethers
- netwatch
- trafshow
- ip daemons
- [html] SHADOW
This is the Mother of Network Intrusion Detection Systems and still
maintained with a large, experienced community of analysts. Good for
forensic. License unclear?
- IP Filter, NAT, VPN, IP encryption
See comp.dcom.vpn for discussions.
- [html] CIPE
Crypted IP Encapsulation (Daemon and Module for Linux). Very lightweight secure VPN Solution by Olaf Titz
- [html] CIPE-Win32 Sourceforge Project which
brings CIPE VPN Software to the Wintel platform. Great!
- [html] IP Filter
(TCP/IP Packet Filtering package for *BSD* based Systems and Linux including NAT, transparent Proxies and statefull screening.
- [html] masq/masqd
for Linux and [html] winmasq the win32 frontend from Jaume Miralles.
- [html] ipfwadm paper
about Linux build in packet filter by Jos Vos.
- [html] The Linux FreeS/WAN Project
with IPSEC & IKE
- [html] SINUS Firewall
dynamic statefull packet filter for Linux (sf firewall, sifi).
- [html] Linux IP-NAT Forum
real RFC NAT with Linux 2.0 from Michael Hasenstein
- [html] VPN for OpenBSD
in the current-tree of OpenBSD you can find a IPsec implementation
and a photurisd key management daemon. This is documented in [html] vpn(8).
- [html] ppptcp
Tunnel PPP over an arbitrary TCP connection
- [txt] PPP on top of SSH
simple scripts to build a VPN based on SSH
- [html] drawbridge
TAMU's Filtering Bridge, a firewall Solution. Old Versions where running on DOS, the current version [dir] is running on FreeBSD.
- [html] VPS
Virtual Private Server for building VPNs based on PPP-over-SSH
- [html] jlip
jlip is a SLIP-driver with additional features like one logical link over many physical lines (multiline), IP-over-TCP tunnelling with public key hosts authorization (elliptic curves) and data encryption (blowfish with 112-448 bits key) for VPNs (Virtual Private Networks). It currently works under FreeBSD only and there are no english docs. A russian to english translation is welcome.
- [html] NRL IPv6+IPsec Software Distribution
- [html] Linux Virtual Server
load balancing by LinuxDirector
- [html] HTTPTunnel
build data tunnels using the HTTP protocol (through firewalls) by Lars Brinkhoff
- [html] vpnd uses Blowfish to build a secured tunnel between to Linux Boxes in user mode
- [html] pipsecd
- [html] tunnelv
RSA/Blowfish based VPN Tunnel Daemon for Linux using ethertap
- [html] ipchains
the 2.2 Linux IP Filter. On this page you can find the HOWTO, a "ipchains-in-a-nutshell" summary and the libfw, which can be used to manipulate and use the kernel filter from user space.
- [html] netfilter/iptables
the 2.3-2.5 Linux Packet Filter Framework from the ipchains co-author Paul Russel
- [html] Fwctl
high level rulesets can be used to construct ipchains chains, very
nice (perl) tool from Francis J. Lacoste at iNsu Innovations. inc.
Can be used on RH or Debian Systems to confgure a ip chains firewall on
boot.
- [html] Zeebedee
establishes a cypted tunnel for TCP connections on win32 and Unix.
Can tunnel multiple TCP connections and add optional bzip2 compression.
- [html] taptunnel
ethernet tunnels for he linux tap device (over TCP with 3DES support)
- [html]
- [html] SPF
a "Stateful" packet filter based on dynamically entering ipchains rules from a user mode daemon (getting events via netlink).
- [html] LinuxVPN Masquerade
very good ressource on Masquerading VPN Clients
and Servers (IPSEC, SSH, PPTP) with Linux. Useful links to tools and kernel
modules. Thanks John Hardin!
- [html] Return-RST
User mode Daemon which returns RST packets for denied connections with Linux 2.2 IPChains. (Note: netfilter with Linux 2.4 supports this out of the Box)
- Crypto+Privacy
- [html] GnuPG - The GNU Privacy Guard, a free PGP (2.6, 5.x, OpenPGP)
- [html] psst... A free Shecure Shell Implementation
- [html] CTC is a freeware PGP-interoperable encryption software package (including a PGP lib and a Mac Client)
- [html] SSLapps FAQ about aaplications based on SSLeay
- [html] SRP Telnet and FTP
Secure Remote Password Project
- [html] Nautilus
Secure voice conversation
- [html] PGPPhone
Freeware Voice-over-IP Solution for Win32 with PGP security
- [html] Cryptonite
pure Java package for strong encryption
- [html] gPGPshell
gtk-interface to PGP and GnuPG
- [html] Oscar
a project aimed at designing and constructing a public key
certification system. The system will include all
necessary components including, a Certificate Authority, Certificate
repository and client interface. The Oscar project aims to conform to existing and
emerging standards such as the IETF PKIX, OSI X.509, and RSA PKCS
standards. Oscar stands for Open Secure Certificate ARchitechture.
- [html] MindTerm
ssh client Java Applet (GPL) including RSA, DES, 3DES, RC4 and
Blowfish and classes for ssh server.
- [html] ORBit-SSL Opensource Project to add CORBASEC Featres to the ORB used by GNOME by Rainbow Diamond
- [html] slush
the slush project tries to generate a secure remote login based on SSL/TLS and X.509
- [html] pyCA
Tools to run a CA based on OpenSSL and Python, from Michael Stroeder
- [html] OpenSSL
The OpenSSL Project is a collaborative effort to develop a robust,
commercial-grade, full-featured, and Open Source toolkit
implementing the Secure Sockets Layer (SSL v2/v3) and Transport
Layer Security (TLS v1) protocols with full-strength cryptography
world-wide.
- Superservers and TCP Wrappers
- xinetd
- UCSPI tcpserver
- tcpcontrol
- TCP Wrapper
- [dir] g2s
An interesting inetd replacement including tcpwrapper/chrootuid/relay
- [html] tcp_server
small and simple tcp server
- [html] smstart
sendmail starter without root priveledges
- Proxies (and Cache)
- API-level Emulators and Proxies
- [html] usocksd
User-Mode Socks5 Daemon
- [html] Dante
circuit-level firewall/proxy (socks4,5 and experiemental MS Proxy client) under BSD/CMU-style license
- SOCKS 4+5, ssocksd
- term
- slirp
- Port Forwarders
- [html] rinetd
redirects multiple tcp connections to remote hosts (behind the firewall)
from Thomas Boutell at Boutell.Com, Inc
- [dir] redir simple TCP Port redirector
- netcat See describtion in Section Network Scanning
- socket The program implements access to TCP sockets from shell level.
- [html] plugdaemon
Daemon to redirect connections, with some support for load balancing from Peter da Silva
- [dir] uredir
simple udp redirector
- FTP
- [html] SuSE Proxy-Suite
a set of programs to enhance firewall security. The first (and
currently only) component being released is the FTP-Proxy.
- [html] jftpgw FTP
Proxy including support for trtansparent proxy on Linux 2.4.x and a Gateway
to sshd Servers with FTP Clients.
- [html] Frox
A small transparent FTP Proxy for Linux. Optional Support for direct login
and cache via external HTTP Proxy.
- Mail
- [ftp] IspMailGate
a general-purpose email filter integrated into sendmail, written in Perl and based on the MIME-tools. (not realy free)
- [html] smtpd/smtpfwd
Free Store+Forward SMTP Relay with Header-Filtering
- Secure Tunnels
- ssh (not realy free)
- [ftp] sslwrap
inetd redirector for SSL to unsecure services like POP3 or HTTP
- [html] stunnel
SSL wrapper like sslwrap can run from inetd or standalone,
can wrap remote services
- See delegate
- [html] netpipes
makes TCP/IP streams usable in shell scripts. Includes a ssl-wrapper in the US/Canada Version
- [dir] edssl
Security enhancement daemon (SSL wrapper)
- [html] Virtual TUNnel
easy and modular solution to create tunnels in usermode with traffic
shaping, compression, and encryption.
- HTTP (and CONNECT for SSL)
- Web-Servers which are able to act as an HTTP Proxy:
[html] Apache,
[html] W3C httpd (CERN),
[html] Jigsaw (the W3C's Java Server),
[html] Roxen.
(See the Section in Yahoo!)
- [html] WebFilter
is a extension to the CERN Proxy for Content Filtering (like Advertising)
- [html] Squid - powerfull Internet Object Cache
- [html] WWWOffle
Proxy optimized for Offline Browsing
- [html] The Internet Junkbuster
standalone Proxy which can filter Content from Web Pages
- [hmtl] Muffin
HTTP (SSL connect) Proxy written in Java with Filter capability
- [html] RabbIt
filtering Web-Proxy in Java, especially for slow lines, can produce lowres images on the fly
- [html] tinyproxy
small proxy for http. Does not cache and can be run in anon mode
- [html] twhttpd
twhttpd is developed in a scenes to help the protection web servers (and web browser clients) by checking the HTTP protocol header data. The design has already put most modern web base attacks into consideration and hence can protect most web servers without very in-depth knowledge about the attacking techniques. On the other hand, the script like configuration file also makes the proxy very much flexible to fit into many different special environments.
- [html] httpf
A WWW Security Proxy (in C using POSIX threads) for filtering HTTP and HTML to only forward allowed/harmless content.
- NNTP (News)
- [html] Acme.Nnrpd multithreaded Java NNTP Proxy
- Misc Protocols
- [html] ByPRoxy
A personal Proxy for Filtering Internet Access (HTTP, SMTP, POP3, NNTP) (not realy free)
- [html] tircproxy
A Proxy for IRC (Internet Relay Chat) featuring DCC support by Bjarni Einarsson
- [html] DeleGate
Proxy/Cache/conversion/server for multiple protocols (FTP, Gopher, HTTP, NNTP, POP, SMTP, Telnet, Wais, X, LDAP, LPR, CU-SeeMe, Socks, ICP, SSL) runs on different platforms.
- [html] xgate
allows X11 connections through one-way firewalls like socks.
- [html] FreeTDS
free implementation of Microsofts and SyBase' TDS (Tabular DataStream) database client access protocol
- [html] bnc
a simple irc bouncing (proxy) tool
- [html] OpenH323 Project
produces a code lib to handle H.323 (internet telephony). Can be used to build a secure Proxy.
- [html] Juniper Firewall Toolkit
from Obtuse Systems Corporation (now open source!).
Utilities from Obtuse.
- [html] stone
small application proxy to redirect TCP ad UDP, optional Support for SSL and HTTP Proxies.
Can act as an HTTP Proxy, POP/APOP converter and supports win32 and unix.
- [html] Bluetail Mail Robustifier
load balancing for POP/SMTP/IMAP (commercial with trial dl)
- [html]oops
HTTP/FTP Proxy with cache in raw data partitions, ACLs and small footprint
- [html] JonAMA
a SSL enabling reverse proxy for multiple services (threaded) supporting CA and CRL checks
- [html] FK
Free Replacement for the famous FWTK (formerly from TIS).
- [html] Astaro Security Linux
commercial distribution for a point+click firewall. Rumors are, that it not realy secure and not realy free. The license for "Astaro-OSS" is well hidden, but you can find it here
[html]. Installation requires to delete all Data on Harddisk.
- [html] SmoothWall GPL
A Firewall/VPN Installation featuring easy install/configuration with Web Frontend. Completely GPL. (Inclding FreeSWan, Linux 2.2, DHCP, ADSL Support, SSH Applet, Port Forward, ISDN4L).
The faxt, that IPCop is a spin-off may show problems in the project?
- [html] IPCop
SmoothWall GPL fork.
- [html] OpenAntivirus.org
contains a lot of malware/anti virus projects like samba-vscan (on Access Scanner for Samba VFS).
- [html] Kaladix
Yet another secure Linux distribution from Germany, featuring Crypto and RSBAC.
- Authentication and Directory Services
- [html] xtacas
an extended Version of Cisco's TACAS Server by Vikas Aggarwal
- [html] Cistron RADIUS server
by Miquel van Smoorenburg
- [html] Mig's RADIUS LAbs
some summaries on the Linux-radius list
- [html] Lucent RADIUS
RADIUS Whitepaper, FAQ and Server
- [html] RADIUS Services for NDS
Novell offers this for free download
- [html] RADIUS Services for NDS german Intro
at the LRZ Munic
- [html] Basic Merit AAA Server
The Server formerly known as Merit Radius Server
- [html] LDAP at U-M
free Server and Clients for LDAP and X.500
- [html] Linux directory services
integrating LDAP into Linux (as a replacement for NIS)
- [html] Innosoft's LDAP World Implementation Survey
including free implementations
- [html] GAP
the General Authentication Protocol by Olaf Titz.
- [html] ident2
rewrite if an identd/auth protocol server
- [html] OpenLDAP
LDAP Tools based on the UMich's LDAP
- [html] Simple Distributed DataBase (SDDB)
a system designed to hold network directory type information across multiple machines. It is
designed to be an intranet level service rather than in an internet level
one. It allows updates to occur in multiple places (seperated by WAN links)
and yet the data to be merged into one seamless directory.
- [html] OPIE
One Time Passwords in Everything from NRL IST's good OTP Page
- Intrusion detecton
- Host Based (Auditing, Anormaly Detection)
- [html] lids
Linux Kernel based intrusion detection, can seal and lock down
processes, filesystems and files. Secure them from modification and monitor
access by a kernel module. From the Linux IDS Project.
- [html] Samhain
Besides an excelent file integrity checker it offers some more checks and features cryptografic security (tamper, spoofing) in distributed installations
- [html] Snare
Host Based IDS ([html] Article by 8Wire). GPL Linux Kernel Module for audit trails and GUI.
- [html] St. Jude
Linux Kernel Level IDS to protect the integrity of the host by detecting improper priveledge elevation/transition.
- [html] ImSafe
Monitors applications on Linux and does heuristics and analysing of normal behaviour. The goal is to detect new/unknown attacks on network services.
- [html] Free Agents DIDS
agent based distributed intrusion detection system (alpha as of 01/2002)
- File Integrity Checking
- Tripwire
- [html] NCSfck
file integrity checker (like tripwire)
- [html] Nannie
It monitors system files for change in inode, size, etc. and notifies you if a change occurs.
- [ftp] l5
Hobbits file integrity checker
- [html] l6
L6 is a file data integrity checker using both the MD5 and SHA-1
hash algorithms. This tool can detect file tampering based on hashes
generated by both algorithms and other inode information (not as
reliable tho). It also provides a useful, lightweight and flexible
interface (written in perl) to verify file data integrity, and the
output and functionality resembles that of L5. (By Patrick Gilbert)
- [ftp] bsign
embeds hash and/or digital signature in ELF files
- [html] Advanced Intrusion Detection Environment
AIDE s a free replacement for Tripwire (file integrity checker)
- [html] chkrootkit
Checker for known Rootkits
- [html] debsums
Debian checksum checker
- [html] Integrit
File Integrity Checker with own Database, periodically checks for attribute and checksum changes. Nice daily reports by mail.
- Attack Detection
- Gabriel
- tocsin
- courtney
- [html] Abacus Project
with
PortSentry (Port Scan Detection and Active Defense System) and
HostSentry (Host based login anomaly detection and response tool) and
Logcheck (for syslog, TIS, tcpd and abacus
logfiles)
Note the limited commercial redistribution! Note also, that
PortSentry Counter Measurements and listen() Mode (non-Unix) are not
recommended. See for example [html] PortSentry/Snort
Compared.
- [html] FakeBO
fakes Back Orifice server responses and logs every attempt to a logfile or stdout
- [html] Shadow Project
Building a Network Monitoring and Analysis Capability Step by Step (from SANS' Cooperative Intrusion Detection Evaluation and Response (CIDER) Project)
- [html] hunt
tool to do connection hijacking detection, arp-spoofing detection,
mac discovery and connection watching by Pavel Krauz
- Network Management, Data Collecting
- [html] gxsnmp
the GNOME Network Management Application. On this page you find some good links to SNMP Solutions
- [html] Scotty and Tkined
TKined is small and nice network management station
based on Scotty which extends TCL with interesting network capabilkities.
- [html] Hummingbird Project
distributed data collecting with Postgres SQL backend
- [html] Pong3
system management tool
- [html] ucd-snmp
SNMP suit from the UC Davis, including support for Linux ipfwadm
- [html] psntools
managing a great number of user accounts at a site
- [html] PIKT
PIKT is a multi-functional tool for monitoring systems, reporting and fixing problems, and managing system configurations.
- [html] cheops
GTK network shell which maps hosts and offers tools to work on them, uses portscanner and queries OStype
- [html] lanlord
dhcpd lease reporting program designed to let you know who has what address lease to which machine. It runs on the DHCP Server as a CGI and uses CSS to modify output.
- [html] traffic-vis
tarffic-vis is a network monitoring/auditing tool. It is based on the
desire to have a free (GPL) tool which can graphically plot
communications between hosts on a TCP/IP network and quickly answer
questions such as Who is saturating our Internet link? :)
It is developed by Damien Miller and uses libpcap
- [html] DEMARC Web
Frontend for monitoring network (services), hosts. Also has hooks to Traffic
Stats and IDS.
- [html] NetSaint
Another Web based Network Monitoring System. Written in C for Linux. See
some more tools like that on [html]
the others monitor page of the netsaint doc.
- [html] Big Sister
Yet another Web based Monitoring Solution, clone of Big Brother.
Runs on *nix and Windos.
- [html] OpenNMS
It is yet another Web Frontend for Network Management. It is special
cause it is based on J2EE Technology. IT supports some Asset management and
in contrast tot he other Network Management Systems, it understands about
"Interfaces" of "nodes".
- Logging & Log Analysis
- swatch
- [html] Logcheck
Fast and Reliable Log File Auditing (not realy free)
- [html] wots
WOTS is a logfile monitoring utility written in perl5. It's based on swatch but is brand new.
- [html] squij
analyse squid logfiles for refresh pattern setting
- [html] logscanner
a logscanner which can perform realtime notifications
- [html] nlog
nmap 2.x log management and analyzer toolkit.
- [html] logsurfer
logfile analysis tool from Wolfgang Ley
- [html] firesoft
tar archive with perl scripts to analyze ipchains and snort logfiles.
Can even generate a bar graph for a quick overview.
- [html] BackLog WinNT Eventlog to Syslog
converter. Windows NT service that facilitates the real time central
collection and processing of Windows NT Event Log information. All three
event logs (Application, System and Security) are monitored, and event
information is converted to comma delimited text format, then delivered
over UDP to a remote server. -Leigh Purdie, Intersectalliance
- Firewall Configuration and Adminstration UI
- [html] FCT
Fireall Configuration tool can generate ipfwadm and IPFilter Rules
- [html] ipfwadm dotfile module
makes setting up of ipfwadm files for simple installations easy.
John Hardin wrote that module for Jesper Pedersen's
[html] Dotfile Generator.
- [html] Mason
shellscript which generates ipfwadm rules by sniffing actual traffic patterns ([mail] William Stearns)
- [html] DNi
IP Filtering Firewall script for dial-up users based on javascript for Linux' ipfwadm
- [html] Fake
relace existing systems with backup servers (hot spare backup systems)
- [ftp] TkFirewall
full control over Linux' network filters (by a GUI for categories)
- [html] gfcc
GTK++ Firewall Control Center. Very nice GTK based GUI to generate
ipchains filter entries for the ip packet filter in Linux 2.2 kernels.
- [html] filterrules
tests firewalls for active filter rules and outputs them reliable.
- Operating Systems (Kernel, Patches, Extensions, Hardening, Compiler, Libs)
- [html] Linux
- [html] FreeBSD
- [html] OpenBSD
pretty secure OS
- [html] NetBSD
- [html] Rule Set Based Access Control for Linux
- [html Titan
is a collection of programs, each of which either fixes or
tightens one or more potential security problems with a particular aspect
in the setup or configuration of a Solaris/Unix system. Conceived and created by
Brad Powell, it was written in Bourne shell, and its simple modular design
makes it trivial for anyone who can write a shell script or program to add
to it, as well completely understand the internal workings of the system.
- [html] etherboot
make Linux Boot ROMS
- [html] netboot
With the Netboot package you can boot a computer with an Intel processor via an IP network without accessing a harddisk or diskette.
- [html] OSKit
a development kit lets you easily build your own kernel that can run on bare hardware. It has lots of component libraries and example kernels, and has almost everything you need to build a new OS.
- [html] OpenBIOS
only a BIOS you have te source for can help you check the integrity of your IT Security solution. Check out the Project.
- [html] The Gibraltar Projekt
from rene.mayrhofer@vianova.at tries to build a Firewal Distribution
based on Debian GNU/Linux (which is bootable from CD)
- [html] Click
new modular software router (usermode or linux kernel). Flexible
Configuration. Visit the Site and get the papers to understand Routing
Issues!
- [html] StackGuard
The modified C Compiler from Immunix to defend Buffer Overlow Exploits. It is the base of the Immunix Distribution.
- Small and Micro Sized Systems (one Disk, CD) + FW Distribution
- dmoz:Computers:Software:Operating Systems:Linux:Distributions:Tiny
- [html] Linuxrouter.org project which builds a toolkit for harddisk-less routers based on Linux
- [html] Thin Linux Project another mini Linux Distribution for embedded applications
- [html] muLinux
- [html] hal91 Floppy Linux
- [html] DLX Single Floppy Linux Disribution
- [html] LOAF Linux on a Floppy
- [html] tomsrtbt "The most Linux on 1 floppy disk."
- [html] PicoBSD Small FreeBSD
- [html] The EDGE Router Project by FirePlug: small basic firewall based on ThinLinux
- [html] Trinux
A Linux Security Toolkit. Boot-Disks with some Scan/Sniff Tools
- [html] floppyfw
- [html] Xdenu a small Linux distribution kit.
- [html] One Disk Linux Howto
- [html] pocket-linux
- [html] Small Linux Big Enough
- [html] fluf (cz)
- [html] CCLinux
- [html] LinuxEmbedded
- [html] Traveller's Linux
- [html] Tiny Linux
smal linux distribution (for reusing old computers)
- [html] Zdisk
rescue disk with chooseable Linux kernel
- [html]Vector Linux
Small distribution (can install major packet formats)
- [html] PeeWeeLinux
small distribution for embedded applications and floppy-base systems.
- [html] Finnix
bootable Linux CD distribution
- [html] Freshmeat Index of Mini Distributions
- [html] fli4l Easy to use
ISDN/DSL-Router, Firewall on a Disk. Including modules and single config
file configuration (including a Win32 Wizard). Web Page is available
in german and english.
- [html] KNOPPIX
Bootable Linux (Debian based) CD with good Hardware Detection, a complete
System on a compressed Image. Includes Rescue Tools, Network Auditing, ...
- [html] ClosedBSD
A FreeBSD based single floppy disk packet filter and NAT router for ethernet. Features a curses GUI. BSD style license
- [html] theWall
Another FreeBSD/PicoBSD based single floppy router with filtering and NAT function. It supports remote admin, but I wonder why "telnet" is mentioned on the home page of the project. Supports PXE netboot and Flash Usage.
- Static Code Analyzers
- [html] Flawfinder
Finds potential security flaws in C/C++ source code.
- Unsorted (TODO, still german)
© Copyright 2001, Bernd Eckenfels, ecki@lina.inka.de, Germany
History of Changes: changes.txt
|
![[freefire logo]](../images/ff-logo.gif){kind=logo}
