Section: .. / UNIX / audit /
| /// File Name: |
ipfm-0.8.1.tgz |
Description:
|
IP Flow Meter (ipfm) is a bandwidth analysis tool that counts how the number of bytes each host on specified subnets transfers to internet gateways. It outputs a list of these hosts and their transfer amounts at specified delays. IPFM uses libpcap and aims to be portable.
| | Author: | Robert Cheramy,Andres Krapf | | Changes: | quick bugfix in ipfm.conf.sample. | | File Size: | 18842 | | Last Modified: | Aug 16 20:04:54 1999 |
| MD5 Checksum: | ac1ae8ab63309dd9c559ed433c050285 |
|
| /// File Name: |
ipfm-0.8.tgz |
Description:
|
IP Flow Meter (ipfm) is a bandwidth analysis tool that counts how the number of bytes each host on specified subnets transfers to internet gateways. It outputs a list of these hosts and their transfer amounts at specified delays. IPFM uses libpcap and aims to be portable.
| | Author: | Robert Cheramy,Andres Krapf | | Changes: | bugfixes, signal handling improved, added the NEWLOG feature so IPFM can now handle multiple log configurations. | | File Size: | 18833 | | Last Modified: | Aug 16 20:04:54 1999 |
| MD5 Checksum: | 1d26f3b2da413c6e608b6cbc9935157c |
|
| /// File Name: |
ipfm-0.7.tgz |
Description:
|
IP Flow Meter (ipfm) is a bandwidth analysis tool that counts how the number of bytes each host on specified subnets transfers to internet gateways. It outputs a list of these hosts and their transfer amounts at specified delays. IPFM uses libpcap and aims to be portable.
| | Author: | Robert Cheramy,Andres Krapf | | File Size: | 17557 | | Last Modified: | Aug 16 20:04:53 1999 |
| MD5 Checksum: | 7b213d7eea6d973315c74ea21c014004 |
|
| /// File Name: |
chkrootkit-0.30.tar.gz |
Description:
|
chkrootkit locally checks for signs of a rootkit. Includes detection of LKM rootkits, ifpromisc.c to check and see if the interface is in promisc mode, chklastlog.c to check lastlog for deletions, and chkwtmp.c to check wtmp for deletions. Tested on Linux, FreeBSD, Solaris, and OpenBSD.
| | Author: | Nelson Murilo | | Homepage: | http://www.chkrootkit.org | | Changes: | Now detects RK17 and the lion worm. New tests - Now checks for patched versions of basename, dirname, traceroute, rpcinfo, rexedcs, date, echo, env, timed, identd, pop2, pop3, write, tar, mail, biff, and grep. | | File Size: | 17235 | | Last Modified: | Mar 26 19:54:41 2001 |
| MD5 Checksum: | 2f1c9ec3c3bf62d50c70e25a52ddc1d7 |
|
| /// File Name: |
unhide20080519.tgz |
Description:
|
Unhide is a forensic tool to find hidden processes and TCP/UDP ports that are hidden via rootkits, LKMs, or other techniques.
| | Author: | YJesus | | Homepage: | http://www.security-projects.com/?Unhide | | Changes: | Fixed a race condition and added man pages. | | File Size: | 17104 | | Last Modified: | Jun 28 10:55:29 2008 |
| MD5 Checksum: | 1194ec0f89c6f28e8eb64fb66836f70f |
|
| /// File Name: |
slad2-1.0.tar.gz |
Description:
|
System Local Audit Daemon can run standalone or managed by systems like IBM-Tivoli, HP-OpenView, or Nessus to perform local security checks. It runs on the target hosts and enables them to call security tools like John the Ripper, Tiger, Tripwire, or a virus scanner via a unified XML interface. It is part of the BOSS Project.
| | Author: | lgrunwald | | Homepage: | http://www.dn-systems.org/slad.shtml | | File Size: | 16583 | | Last Modified: | Jan 15 12:40:32 2006 |
| MD5 Checksum: | e0f4c6c3ac98dc876b45aeb60243dcc7 |
|
| /// File Name: |
installwatch-0.5.5.tar.gz |
Description:
|
installwatch 0.5.5 - Installwatch is very useful when you install a new package you've just compiled and want to keep track of changes in your file system. It monitors created and modified files, directories, and permissions. It's very fast because it does not need a "pre-install" phase and it's not fooled by files added or modified by concurrent installations. It is not a wrapper for other install programs, but rather a wrapper for system calls.
| | Author: | Pancrazio `Ezio' de Mauro | | Changes: | This version includes glibc 2.1 support. | | File Size: | 16024 | | Last Modified: | Aug 16 20:04:53 1999 |
| MD5 Checksum: | cd2186c114ca8e16a2c94734d6079916 |
|
| /// File Name: |
chkrootkit-0.23.tar.gz |
Description:
|
chkrootkit locally checks for signs of a rootkit. Includes detection of LKM rootkits, ifpromisc.c to check and see if the interface is in promisc mode, chklastlog.c to check lastlog for deletions, and chkwtmp.c to check wtmp for deletions. Tested on Linux, FreeBSD, Solaris, and OpenBSD.
| | Author: | Nelson Murilo | | Homepage: | http://www.chkrootkit.org | | Changes: | Lrk6 detection, rh[67]-shaper detection, RSHA detection, Romanian rootkit detection, test for shell history file anomalies, and a better bindshell test. | | File Size: | 15991 | | Last Modified: | Mar 15 20:47:33 2001 |
| MD5 Checksum: | 989001de68edd7104baa50287d246c2c |
|
| /// File Name: |
auditd-1.11.tar.gz |
Description:
|
auditd v1.11 for linux - Auditd is part of the linux kernel auditing toolkit. It will capture auditing trails created by the kernel auditing facility from /proc/audit, filter them, and save them in specific log files. Make sure you get the PGP signature and HERT PGP key from the HERT web site.
| | Author: | HERT | | File Size: | 15949 | | Last Modified: | Aug 16 20:04:48 1999 |
| MD5 Checksum: | 9ab900b5dfdab7c608285d632b26a810 |
|
| /// File Name: |
chkrootkit-0.33.tar.gz |
Description:
|
chkrootkit locally checks for signs of a rootkit. Includes detection of LKM rootkits, ifpromisc.c to check and see if the interface is in promisc mode, chklastlog.c to check lastlog for deletions, and chkwtmp.c to check wtmp for deletions. Tested on Linux, FreeBSD, Solaris, and OpenBSD.
| | Author: | Nelson Murilo | | Homepage: | http://www.chkrootkit.org | | Changes: | New tests added - amd, named, egrep, slogin. Detects more works, including ShitC, Omega, Wormkit, dsc-rootkit, and Maniak. A bug in chklastlog was fixed, as were some other misc bugs. | | File Size: | 15372 | | Last Modified: | Jun 8 21:13:39 2001 |
| MD5 Checksum: | 95302616bae6811f5e9eb02afdbdbe13 |
|
| /// File Name: |
DumpSIS-0.81.zip |
Description:
|
Symbian SIS file dumping utility that allows for analysis of potential malware without actual installation of files. It provides information on file headers (UIDs, Version, Number of Languages, Number of files), file list (Destination name by default, Source filename and file type).
| | Author: | Jimmy Shah | | Changes: | Minor fix for decoding If/Else If statements in SIS files. | | File Size: | 15370 | | Last Modified: | Jun 25 08:59:00 2004 |
| MD5 Checksum: | 18bdc6011d498e6180b07e400c066f9c |
|
| /// File Name: |
DumpSIS-0.8.zip |
Description:
|
Symbian SIS file dumping utility that allows for analysis of potential malware without actual installation of files. It provides information on file headers (UIDs, Version, Number of Languages, Number of files), file list (Destination name by default, Source filename and file type).
| | Author: | Jimmy Shah | | Changes: | Fixes decompress bug and compatibility with Perl on Unix. | | File Size: | 15224 | | Last Modified: | Jun 18 01:21:02 2004 |
| MD5 Checksum: | fb42865d6b83fbc513796adabeedf9d1 |
|
| /// File Name: |
DumpSIS.zip |
Description:
|
Symbian SIS file dumping utility that allows for analysis of potential malware without actual installation of files. It provides information on file headers (UIDs, Version, Number of Languages, Number of files), file list (Destination name by default, Source filename and file type).
| | Author: | Jimmy Shah | | File Size: | 15083 | | Last Modified: | Apr 14 12:06:00 2004 |
| MD5 Checksum: | 578328fa8e962b2f93f1e82ddbde67da |
|
| /// File Name: |
flawseeker-v.3.0.pl.txt |
Description:
|
Simple perl script that can be used to track overflows.
| | Author: | nuTshell | | File Size: | 15030 | | Last Modified: | Aug 7 02:28:42 2005 |
| MD5 Checksum: | 056be4c4fd2fee1972fae10eceafcf41 |
|
| /// File Name: |
chkrootkit-0.21.tar.gz |
Description:
|
chkrootkit locally checks for signs of a rootkit. Includes detection of LKM rootkits, ifpromisc.c to check and see if the interface is in promisc mode, chklastlog.c to check lastlog for deletions, and chkwtmp.c to check wtmp for deletions. Tested on Linux, FreeBSD, Solaris, and OpenBSD.
| | Author: | Nelson Murilo | | Homepage: | http://www.chkrootkit.org | | Changes: | Detects the Ramen worm, latest t0rnkit, and bug fixes. | | File Size: | 14744 | | Last Modified: | Jan 24 17:06:51 2001 |
| MD5 Checksum: | a9d741f3d952a4fb4129194677da93a8 |
|
| /// File Name: |
installwatch-0.5.4.tar.gz |
Description:
|
installwatch 0.5.4 is very useful when you install a new package you've just compiled and want to keep track of changes in your file system. It monitors created and modified files, directories, permissions. It's very fast because it does not need a "pre-install" phase and it's not fooled by files added or modified by concurrent installations.
| | Author: | Pancrazio `Ezio' de Mauro | | Changes: | Improved inst2rpm script to detect and use renamed and linked files (often used by install.sh scripts). | | File Size: | 14618 | | Last Modified: | Aug 16 20:04:49 1999 |
| MD5 Checksum: | 2daeb323116d14e4544622de830eb72b |
|
| /// File Name: |
installwatch-0.5.3.tar.gz |
Description:
|
installwatch 0.5.3 - Installwatch is a simple yet effective file integrity tool. It monitors created and modified files, directories, permissions. It's very fast because it does not need a "pre-install" phase and it's not fooled by files added or modified by concurrent installations. Since it's not a wrapped for the install program, it works with every dynamically linked ELF executable.
| | Author: | Pancrazio `Ezio' de Mauro | | Changes: | Improved an internal function that now allows accurate logging of relative paths, better RPM building, and improved inst2rpm script. | | File Size: | 14530 | | Last Modified: | Aug 16 20:04:49 1999 |
| MD5 Checksum: | 0867942fcc23830a13239bdfb9f99bd4 |
|
| /// File Name: |
chkrootkit-0.19.tar.gz |
Description:
|
chkrootkit locally checks for signs of a rootkit. Includes detection of LKM rootkits, ifpromisc.c to check and see if the interface is in promisc mode, chklastlog.c to check lastlog for deletions, and chkwtmp.c to check wtmp for deletions. Tested on Linux, FreeBSD, Solaris, and OpenBSD.
| | Author: | Nelson Murilo | | Homepage: | ftp://ftp.pangeia.com.br/pub/seg/pac/ | | Changes: | Ambient's Rootkit for Linux (ARK) detection, OpenBSD support, xinetd support, new command line options, and bug fixes. | | File Size: | 13837 | | Last Modified: | Dec 27 00:40:40 2000 |
| MD5 Checksum: | b8557bcfc5dae6d0c3579783596fe450 |
|
| /// File Name: |
installwatch-0.5.2.tar.gz |
Description:
|
Installwatch v0.5.2 is a program used to document and monitor file integrity. It monitors created and modified files, directories, permissions.
| | Author: | Pancrazio `Ezio' de Mauro | | File Size: | 13799 | | Last Modified: | Aug 16 20:04:49 1999 |
| MD5 Checksum: | eb28cadc89fa81e2dd5ceabac5832517 |
|
| /// File Name: |
bug-exploit.tar.bz2 |
Description:
|
bug-exploit is a utility designed to go through a list of setuid and setgid files and will assist a coder in figuring out whether or not a buffer overflow exists in the command line arguments fed to the binary.
| | Author: | Bugghy | | Homepage: | http://vaida.bogdan.googlepages.com/ | | File Size: | 13111 | | Last Modified: | Apr 29 23:22:05 2003 |
| MD5 Checksum: | b734014c1b42f8ded0b07b2c39d31d0e |
|
| /// File Name: |
courtney-1.3.tar.Z |
Description:
|
Courtney is a tcpdump based portscan threshold detector written in perl as a response to SATAN. It operates by counting the number of new services a machine originates within a time window. If the threshold is exceeded by a host, it is flagged as a potential "SATAN" host. Results depend on your configuation of tcpdump, so this could potentially be used to detect any type of traffic that exceeds a certain threashold of events per unit of time (such as SYNs per minute).
| | File Size: | 12627 | | Last Modified: | Aug 16 20:04:42 1999 |
| MD5 Checksum: | 0855e4df62582576aa30872720c75e9b |
|
| /// File Name: |
courtney.tar.Z |
Description:
|
Courtney is a tcpdump based portscan threshold detector written in perl as a response to SATAN. It operates by counting the number of new services a machine originates within a time window. If the threshold is exceeded by a host, it is flagged as a potential "SATAN" host. Results depend on your configuation of tcpdump, so this could potentially be used to detect any type of traffic that exceeds a certain threashold of events per unit of time (such as SYNs per minute).
| | File Size: | 12627 | | Last Modified: | Aug 16 20:04:42 1999 |
| MD5 Checksum: | 0855e4df62582576aa30872720c75e9b |
|
| /// File Name: |
fl0w-s33ker-v2.0.pl |
Description:
|
Simple perl script that can be used to track overflows.
| | Author: | nuTshell | | File Size: | 12231 | | Last Modified: | Feb 23 00:16:56 2005 |
| MD5 Checksum: | a398616b16a7eb1d91cecc3af6d8e5b9 |
|
| /// File Name: |
bsqlbf.pl.txt |
Description:
|
Proof of concept tool to be used for blind SQL injection attacks.
| | Author: | Alejandro Ramos | | Homepage: | http://www.unsec.net | | File Size: | 12164 | | Last Modified: | Feb 13 23:37:46 2006 |
| MD5 Checksum: | b35af1cf6570aa23440513c412e1577b |
|
| /// File Name: |
secure-sun-check.txt |
Description:
|
This program checks for 14 common SunOS configuration security loopholes.
| | File Size: | 11918 | | Last Modified: | Aug 16 20:04:44 1999 |
| MD5 Checksum: | e8dfd4319410be7e01952981a267d8a2 |
|
|
|
|
|
![.:[ packet storm ]:.](/images/ps-ani.gif)
