Section: .. / UNIX / audit /
| /// File Name: |
aexpl-1.0.tar.gz |
Description:
|
AntiExploit is a small Perl script that scans for well known exploit files. It currently recognizes over 1400 suspicious files, and the database is updated weekly. Useful for a system that has a lot of shell accounts being used.
| | Author: | Enrico Kern | | Homepage: | http://www.h07.org | | File Size: | 134985 | | Last Modified: | May 1 13:00:58 2004 |
| MD5 Checksum: | 233a203d625b8756342c708530248d4e |
|
| /// File Name: |
rkhunter-1.0.7.tar.gz |
Description:
|
Rootkit Hunter scans files and systems for known and unknown rootkits, backdoors, and sniffers. The package contains one shell script, a few text-based databases, and optional Perl modules. It should run on almost every Unix clone.
| | Author: | Michael Boelen | | Homepage: | http://www.rootkit.nl/ | | Changes: | Added support for various rootkits and improvements. | | File Size: | 78437 | | Last Modified: | Apr 28 02:01:39 2004 |
| MD5 Checksum: | 0016af0e5ca9aa486cad90508cf47636 |
|
| /// File Name: |
DumpSIS.zip |
Description:
|
Symbian SIS file dumping utility that allows for analysis of potential malware without actual installation of files. It provides information on file headers (UIDs, Version, Number of Languages, Number of files), file list (Destination name by default, Source filename and file type).
| | Author: | Jimmy Shah | | File Size: | 15083 | | Last Modified: | Apr 14 12:06:00 2004 |
| MD5 Checksum: | 578328fa8e962b2f93f1e82ddbde67da |
|
| /// File Name: |
rkhunter-1.0.6.tar.gz |
Description:
|
Rootkit Hunter scans files and systems for known and unknown rootkits, backdoors, and sniffers. The package contains one shell script, a few text-based databases, and optional Perl modules. It should run on almost every Unix clone.
| | Author: | Michael Boelen | | Homepage: | http://www.rootkit.nl/ | | Changes: | Added support for about a dozen Unix variants. | | File Size: | 75095 | | Last Modified: | Apr 12 18:33:00 2004 |
| MD5 Checksum: | 1310df34c65f726e4e449a3f6a3ed54c |
|
| /// File Name: |
rkhunter-1.0.5.tar.gz |
Description:
|
Rootkit Hunter scans files and systems for known and unknown rootkits, backdoors, and sniffers. The package contains one shell script, a few text-based databases, and optional Perl modules. It should run on almost every Unix clone.
| | Author: | Michael Boelen | | Homepage: | http://www.rootkit.nl/ | | Changes: | Fixed bugs and added new features. Added known-bad database with blacklisted binaries. | | File Size: | 73186 | | Last Modified: | Apr 5 16:03:00 2004 |
| MD5 Checksum: | 0c829bac6ffc4f7b63fac20af5a6a0a8 |
|
| /// File Name: |
rkhunter-1.0.1.tar.gz |
Description:
|
Rootkit Hunter scans files and systems for known and unknown rootkits, backdoors, and sniffers. The package contains one shell script, a few text-based databases, and optional Perl modules. It should run on almost every Unix clone.
| | Author: | Michael Boelen | | Homepage: | http://www.rootkit.nl/ | | Changes: | Fixed bugs and added new features. Added support for Linux SuSE 8.2. | | File Size: | 62084 | | Last Modified: | Mar 25 21:12:52 2004 |
| MD5 Checksum: | 243fc637ae18ea5b6ba16113532c98a6 |
|
| /// File Name: |
chkrootkit-043.tar.gz |
Description:
|
Chkrootkit v0.43 locally checks for signs of a rootkit. Chkrootkit includes ifpromisc.c to check and see if the interface is in promisc mode, chklastlog.c to check lastlog for deletions, and chkwtmp.c to check wtmp for deletions, strings.c for quick and dirty strings replacement, check_wtmpx.c to check for wtmpx deletions and the files chkproc.c and chkdirs.c to check for LKM trojans. Tested on Linux 2.0.x, 2.2.x and 2.4.x, FreeBSD 2.2.x, 3.x, 4.x, and 5.x, BSDI, OpenBSD 2.6, 2.7, 2.8, 2.9, 3.0 and 3.1, NetBSD 1.5.2 and Solaris 2.5.1, 2.6 and 8.0, and HP-UX 11.
| | Author: | Nelson Murilo | | Homepage: | http://www.chkrootkit.org | | Changes: | Better PROMISC mode detection on newer Linux kernels, new CGI backdoors detected, new rootkits added, and minor bug fixes. | | File Size: | 33355 | | Last Modified: | Jan 6 17:05:22 2004 |
| MD5 Checksum: | 08646b9bf3a9dc45c25a40946962a839 |
|
| /// File Name: |
env_audit-2.0.tar.gz |
Description:
|
Env_audit is a program that ferrets out everything it can about the environment. It looks for process IDs, UID, GID, signal masks, umask, priority, leaked file descriptors, and environmental variables. It comes with test configurations for anacron, Apache, atd, crond, GDB, inittab, logrotate, PHP, pppd, procmail, rsh, rxvt, Sendmail, SSH, stunnel, sudo, xinetd, and xterm.
| | Author: | Steve Grubb | | Homepage: | http://www.web-insights.net/env_audit/ | | File Size: | 31305 | | Last Modified: | Dec 30 18:49:03 2003 |
| MD5 Checksum: | 05cba8f3d1c1b498b4ded630a0832aa6 |
|
| /// File Name: |
rkhunter-1.00RC3.tar.gz |
Description:
|
Rootkit Hunter scans files and systems for known and unknown rootkits, backdoors, and sniffers. The package contains one shell script, a few text-based databases, and optional Perl modules. It should run on almost every Unix clone.
| | Author: | Michael Boelen | | Homepage: | http://www.rootkit.nl/ | | Changes: | Fixed bugs and added new features. | | File Size: | 41822 | | Last Modified: | Dec 24 03:27:49 2003 |
| MD5 Checksum: | 0e661907740318adc1e13055334034c9 |
|
| /// File Name: |
rkhunter-1.00RC2.tar.gz |
Description:
|
Rootkit Hunter scans files and systems for known and unknown rootkits, backdoors, and sniffers. The package contains one shell script, a few text-based databases, and optional Perl modules. It should run on almost every Unix clone.
| | Author: | Michael Boelen | | Homepage: | http://www.rootkit.nl/ | | File Size: | 39048 | | Last Modified: | Dec 18 00:23:47 2003 |
| MD5 Checksum: | e9194c6ee33726d877114b31d3b4317a |
|
| /// File Name: |
pmacct-0.5.3.tar.gz |
Description:
|
Network tool used to grab IP traffic and keep track of data counts. Makes use of libpcap with a network interface card in promiscuous mode.
| | Author: | Paolo Lucente | | Homepage: | http://www.ba.cnr.it/~paolo/pmacct/ | | File Size: | 85279 | | Last Modified: | Nov 21 00:26:46 2003 |
| MD5 Checksum: | a11d8447afcbc96ce2e72b865bc1cf76 |
|
| /// File Name: |
chkrootkit-0.42b.tar.gz |
Description:
|
Chkrootkit v0.42b locally checks for signs of a rootkit. Chkrootkit includes ifpromisc.c to check and see if the interface is in promisc mode, chklastlog.c to check lastlog for deletions, and chkwtmp.c to check wtmp for deletions, strings.c for quick and dirty strings replacement, check_wtmpx.c to check for wtmpx deletions and the files chkproc.c and chkdirs.c to check for LKM trojans. Tested on Linux 2.0.x, 2.2.x and 2.4.x, FreeBSD 2.2.x, 3.x, 4.x, and 5.x, BSDI, OpenBSD 2.6, 2.7, 2.8, 2.9, 3.0 and 3.1, NetBSD 1.5.2 and Solaris 2.5.1, 2.6 and 8.0, and HP-UX 11.
| | Author: | Nelson Murilo | | Homepage: | http://www.chkrootkit.org | | Changes: | Fixed NPTL threading mechanisms, minor corrections, chkrootkit, a new test (vdir), detection of the worms 55808.A and TC2, and detection of the rootkits Volc, Gold2, Anonoying, Suckit (improved), and ZK (improved). Fixed bugs and added BSDI support. | | File Size: | 31129 | | Last Modified: | Nov 11 00:34:18 2003 |
| MD5 Checksum: | b708c13663b784db1b1e675279707f7e |
|
| /// File Name: |
multimap.pl |
Description:
|
Multimap is a multithreaded wrapper for nmap designed to run a number of concurrent nmap scans and speed up the scan of large networks. Optionally it will launch amap on the open ports and generate an HTML file of the results. Tested with nmap 3.27, 3.30 and amap 4.2.
| | Author: | Stephen de Vries | | Homepage: | http://omega.arcbox.com/~dv8/security/ | | File Size: | 9742 | | Last Modified: | Aug 12 22:34:43 2003 |
| MD5 Checksum: | 9ff4ebedcfb351530faa54e3553e7980 |
|
| /// File Name: |
bug-exploit.tar.bz2 |
Description:
|
bug-exploit is a utility designed to go through a list of setuid and setgid files and will assist a coder in figuring out whether or not a buffer overflow exists in the command line arguments fed to the binary.
| | Author: | Bugghy | | Homepage: | http://vaida.bogdan.googlepages.com/ | | File Size: | 13111 | | Last Modified: | Apr 29 23:22:05 2003 |
| MD5 Checksum: | b734014c1b42f8ded0b07b2c39d31d0e |
|
| /// File Name: |
chkrootkit-0.39a.tar.gz |
Description:
|
Chkrootkit v0.39a locally checks for signs of a rootkit. Chkrootkit includes ifpromisc.c to check and see if the interface is in promisc mode, chklastlog.c to check lastlog for deletions, and chkwtmp.c to check wtmp for deletions, strings.c for quick and dirty strings replacement, check_wtmpx.c to check for wtmpx deletions and the files chkproc.c and chkdirs.c to check for LKM trojans. Tested on Linux 2.0.x, 2.2.x and 2.4.x, FreeBSD 2.2.x, 3.x and 4.x, OpenBSD 2.6, 2.7, 2.8, 2.9, 3.0 and 3.1, NetBSD 1.5.2 and Solaris 2.5.1, 2.6 and 8.0.
| | Author: | Nelson Murilo | | Homepage: | http://www.chkrootkit.org | | Changes: | Solaris bugs where fixed in chkdirs.c, HP-UX support was added to chkdirs.c, A new Adore version was added to chkproc.c, ps thread error fixed in chkproc.c, a Red Hat 8.0 bug was fixed in chkproc.c and detection for several Slapper variants is added to the package. | | File Size: | 29294 | | Last Modified: | Feb 2 14:29:05 2003 |
| MD5 Checksum: | 95c49aae601d402dac063f157de8fb58 |
|
| /// File Name: |
chkrootkit-0.38.tar.gz |
Description:
|
Chkrootkit locally checks for signs of a rootkit. Includes detection of LKM rootkits, ifpromisc.c to check and see if the interface is in promisc mode, chklastlog.c to check lastlog for deletions, and chkwtmp.c to check wtmp for deletions. Tested on Linux 2.0.x, 2.2.x and 2.4.x, FreeBSD 2.2.x, 3.x and 4.x, OpenBSD 2.6, 2.7, 2.8, 2.9, 3.0 and 3.1, NetBSD 1.5.2 and Solaris 2.5.1, 2.6 and 8.0.
| | Author: | Nelson Murilo | | Homepage: | http://www.chkrootkit.org | | Changes: | chkdirs.c added. chkproc.c improvements. Now includes slapper B, sebek LKM, LOC, and Romanian rootkit detection. new test added: trojan tcpdump. Minor bug fixes in the chkrootkit script. | | File Size: | 28500 | | Last Modified: | Dec 24 11:52:04 2002 |
| MD5 Checksum: | 53a0d56d8b5bd1300237fc448c0b37eb |
|
| /// File Name: |
rats-2.0.tar.gz |
Description:
|
RATS, the Rough Auditing Tool for Security, is a security auditing utility for C, C++, Python, Perl and PHP code. RATS scans source code in order to find potentially dangerous function calls. The output generated by RATS can be used as a good starting point for performing manual security audits.
| | Author: | RATS Team | | Homepage: | http://www.securesw.com/rats/ | | Changes: | RATS version 2.0 has updated databases, better output features, a statistics feature and much more. | | File Size: | 326825 | | Last Modified: | Sep 20 03:20:00 2002 |
| MD5 Checksum: | 7eb9ea4262723b9b588628b497f85ea1 |
|
| /// File Name: |
chkrootkit-0.37.tar.gz |
Description:
|
Chkrootkit locally checks for signs of a rootkit. Includes detection of LKM rootkits, ifpromisc.c to check and see if the interface is in promisc mode, chklastlog.c to check lastlog for deletions, and chkwtmp.c to check wtmp for deletions. Tested on Linux 2.0.x, 2.2.x and 2.4.x, FreeBSD 2.2.x, 3.x and 4.x, OpenBSD 2.6, 2.7, 2.8, 2.9, 3.0 and 3.1, NetBSD 1.5.2 and Solaris 2.5.1, 2.6 and 8.0.
| | Author: | Nelson Murilo | | Homepage: | http://www.chkrootkit.org | | Changes: | New rootkits and worms are now detected - Now looks for 41 different ones including OpenBSD rk v1, Illogic rootkit, and SK rootkit, slapper SSL worm, and FreeBSD scalper worm.. Some bugfixes and improvements were made. | | File Size: | 25312 | | Last Modified: | Sep 17 07:19:17 2002 |
| MD5 Checksum: | b0feebea67655daa440da92099dd5187 |
|
| /// File Name: |
netsaint-0.0.7.tar.gz |
Description:
|
Unavailable.
| | File Size: | 1278019 | | Last Modified: | Mar 20 02:03:16 2002 |
| MD5 Checksum: | 5cabd55a73a618acbc82adc76d6ef382 |
|
| /// File Name: |
chkrootkit-0.35.tar.gz |
Description:
|
chkrootkit locally checks for signs of a rootkit. Includes detection of LKM rootkits, ifpromisc.c to check and see if the interface is in promisc mode, chklastlog.c to check lastlog for deletions, and chkwtmp.c to check wtmp for deletions. Tested on Linux, FreeBSD, Solaris, and OpenBSD. Tested on Linux 2.0.x, 2.2.x and 2.4.x (any distribution), FreeBSD 2.2.x, 3.x and 4.x, OpenBSD 2.6, 2.7, 2.8, 2.9 and 3.0, Solaris 2.5.1, 2.6 and 8.0.
| | Author: | Nelson Murilo | | Homepage: | http://www.chkrootkit.org | | Changes: | Now includes its own strings command, tests for ldsopreload and lsof, new ports added to the bindshell test, and several new rootkits and trojans added, including the RST.b trojan, duarawkz, knark LKM, HiDrootkit, Monkit, Bobkit, Pizdakit, and t0rn v8.0. | | File Size: | 23571 | | Last Modified: | Jan 19 00:23:37 2002 |
| MD5 Checksum: | edf50a9c8c6bf09b0a9147f2e6168826 |
|
| /// File Name: |
chkrootkit-0.33.tar.gz |
Description:
|
chkrootkit locally checks for signs of a rootkit. Includes detection of LKM rootkits, ifpromisc.c to check and see if the interface is in promisc mode, chklastlog.c to check lastlog for deletions, and chkwtmp.c to check wtmp for deletions. Tested on Linux, FreeBSD, Solaris, and OpenBSD.
| | Author: | Nelson Murilo | | Homepage: | http://www.chkrootkit.org | | Changes: | New tests added - amd, named, egrep, slogin. Detects more works, including ShitC, Omega, Wormkit, dsc-rootkit, and Maniak. A bug in chklastlog was fixed, as were some other misc bugs. | | File Size: | 15372 | | Last Modified: | Jun 8 21:13:39 2001 |
| MD5 Checksum: | 95302616bae6811f5e9eb02afdbdbe13 |
|
| /// File Name: |
chkrootkit-0.30.tar.gz |
Description:
|
chkrootkit locally checks for signs of a rootkit. Includes detection of LKM rootkits, ifpromisc.c to check and see if the interface is in promisc mode, chklastlog.c to check lastlog for deletions, and chkwtmp.c to check wtmp for deletions. Tested on Linux, FreeBSD, Solaris, and OpenBSD.
| | Author: | Nelson Murilo | | Homepage: | http://www.chkrootkit.org | | Changes: | Now detects RK17 and the lion worm. New tests - Now checks for patched versions of basename, dirname, traceroute, rpcinfo, rexedcs, date, echo, env, timed, identd, pop2, pop3, write, tar, mail, biff, and grep. | | File Size: | 17235 | | Last Modified: | Mar 26 19:54:41 2001 |
| MD5 Checksum: | 2f1c9ec3c3bf62d50c70e25a52ddc1d7 |
|
| /// File Name: |
chkrootkit-0.23.tar.gz |
Description:
|
chkrootkit locally checks for signs of a rootkit. Includes detection of LKM rootkits, ifpromisc.c to check and see if the interface is in promisc mode, chklastlog.c to check lastlog for deletions, and chkwtmp.c to check wtmp for deletions. Tested on Linux, FreeBSD, Solaris, and OpenBSD.
| | Author: | Nelson Murilo | | Homepage: | http://www.chkrootkit.org | | Changes: | Lrk6 detection, rh[67]-shaper detection, RSHA detection, Romanian rootkit detection, test for shell history file anomalies, and a better bindshell test. | | File Size: | 15991 | | Last Modified: | Mar 15 20:47:33 2001 |
| MD5 Checksum: | 989001de68edd7104baa50287d246c2c |
|
| /// File Name: |
chkrootkit-0.21.tar.gz |
Description:
|
chkrootkit locally checks for signs of a rootkit. Includes detection of LKM rootkits, ifpromisc.c to check and see if the interface is in promisc mode, chklastlog.c to check lastlog for deletions, and chkwtmp.c to check wtmp for deletions. Tested on Linux, FreeBSD, Solaris, and OpenBSD.
| | Author: | Nelson Murilo | | Homepage: | http://www.chkrootkit.org | | Changes: | Detects the Ramen worm, latest t0rnkit, and bug fixes. | | File Size: | 14744 | | Last Modified: | Jan 24 17:06:51 2001 |
| MD5 Checksum: | a9d741f3d952a4fb4129194677da93a8 |
|
|
|
|
|
![.:[ packet storm ]:.](/images/ps-ani.gif)
