Section: .. / UNIX / audit /
| /// File Name: |
audit-0.2.tar.gz |
Description:
|
audit v0.2 - The audit program recursively searches through directories looking for files that may not be needed by checking permissions, names, sizes, types, ownership, links, and timestamps. 12k.
| | Author: | Jeff Tranter | | File Size: | 11779 | | Last Modified: | Aug 16 20:04:49 1999 |
| MD5 Checksum: | aa0a2b706857531334fa3b9aad3c2857 |
|
| /// File Name: |
fl0w-s33ker-v1.4.pl |
Description:
|
Simple perl script that can be used to track overflows.
| | Author: | nuTshell | | File Size: | 11731 | | Last Modified: | Feb 2 02:30:03 2005 |
| MD5 Checksum: | 5d6e9038d03f01b4cd0a6340209cce7f |
|
| /// File Name: |
bindinfo.c |
Description:
|
Bindinfo v1.01: allows root to make DNS queries behind firewalls. Works on Solaris, OpenBSD.
| | Author: | Joshua James Drake | | File Size: | 10890 | | Last Modified: | Sep 29 16:06:53 1999 |
| MD5 Checksum: | 063e41e6f5018c2d3112340138f20628 |
|
| /// File Name: |
chkrootkit-0.17.tar.gz |
Description:
|
chkrootkit V. 0.17 locally checks for signs of a rootkit. Includes detection of LKM rootkits, ifpromisc.c to check and see if the interface is in promisc mode, chklastlog.c to check lastlog for deletions, and chkwtmp.c to check wtmp for deletions. Tested on Linux, FreeBSD, and Solaris.
| | Author: | Nelson Murilo | | Homepage: | ftp://ftp.pangeia.com.br/pub/seg/pac/ | | Changes: | Add tests for new and popular variations of rootkits, including Tornkit. Now attempts to identify LKM rootkits. | | File Size: | 10833 | | Last Modified: | Sep 20 18:14:26 2000 |
| MD5 Checksum: | c5e3bb37172ce1b2a605fa53064dac0d |
|
| /// File Name: |
lsekure.v1-alpha3.fts.tgz |
Description:
|
lsekure v1a3 (local [linux] security auditing tool) checks for several local security holes.
| | Author: | Ben-z | | File Size: | 10353 | | Last Modified: | Aug 16 20:04:53 1999 |
| MD5 Checksum: | c368660e062a594007577859843e8431 |
|
| /// File Name: |
multimap.pl |
Description:
|
Multimap is a multithreaded wrapper for nmap designed to run a number of concurrent nmap scans and speed up the scan of large networks. Optionally it will launch amap on the open ports and generate an HTML file of the results. Tested with nmap 3.27, 3.30 and amap 4.2.
| | Author: | Stephen de Vries | | Homepage: | http://omega.arcbox.com/~dv8/security/ | | File Size: | 9742 | | Last Modified: | Aug 12 22:34:43 2003 |
| MD5 Checksum: | 9ff4ebedcfb351530faa54e3553e7980 |
|
| /// File Name: |
courtney-1.2.tar.Z |
Description:
|
Courtney is a tcpdump based portscan threshold detector written in perl as a response to SATAN. It operates by counting the number of new services a machine originates within a time window. If the threshold is exceeded by a host, it is flagged as a potential "SATAN" host. Results depend on your configuation of tcpdump, so this could potentially be used to detect any type of traffic that exceeds a certain threashold of events per unit of time (such as SYNs per minute).
| | File Size: | 9737 | | Last Modified: | Aug 16 20:04:42 1999 |
| MD5 Checksum: | 3257009164eaf10d1e3ae4a7de102f03 |
|
| /// File Name: |
chkrootkit-0.16.tar.gz |
Description:
|
chkrootkit V. 0.16 locally checks for signs of a rootkit. Includes ifpromisc.c to check and see if the interface is in promisc mode, chklastlog.c to check lastlog for deletions, and chkwtmp.c to check wtmp for deletions. Tested on Linux 2.0.x, 2.2.x and FreeBSD 2.2.x, 3.x and 4.0.
| | Author: | Nelson Murilo | | Homepage: | ftp://ftp.pangeia.com.br/pub/seg/pac/ | | Changes: | Add tests for new and popular variations of rootkits, better port for Solaris and performance patches. | | File Size: | 9536 | | Last Modified: | Jul 17 18:37:08 2000 |
| MD5 Checksum: | eb14969d932d3bfa502fd40ecdc9ce35 |
|
| /// File Name: |
lssocks.c |
Description:
|
A small utility that shows all connections by reading open inodes and will even show related PIDs. Very useful for backdoor detection when you cannot trust other binaries.
| | File Size: | 9139 | | Last Modified: | Aug 31 02:54:20 2005 |
| MD5 Checksum: | 7bc6d09c0dc44e4c28392e2b02283a6f |
|
| /// File Name: |
trypop3.c |
Description:
|
Some code I put together to do some testing on the POP3 daemons on some machines installed at work. Attempts to overflow user/password variables.
| | Author: | Missinglnk | | Homepage: | http://tribune.intranova.net/archives/ | | File Size: | 8957 | | Last Modified: | Feb 22 20:30:56 2000 |
| MD5 Checksum: | 1eed4e6879bc0653eaa3935f370ec9aa |
|
| /// File Name: |
sockstat.c |
Description:
|
SocketStat v1.0 - find which processes are using what sockets. Can be used to detect users who clone on irc, connect where they shouldn't (bots on non-bot servers), are running hidden servers, etc.
| | Author: | humble | | File Size: | 8826 | | Last Modified: | Aug 16 20:04:48 1999 |
| MD5 Checksum: | f00ff838c3e2432ccc6b04826912c153 |
|
| /// File Name: |
clfuzz.tar.gz |
Description:
|
clfuzz is a command line argument fuzzer written in Python. It is very useful for auditing setuid binaries for command line overflows.
| | Author: | Pranay Kanwar | | Homepage: | http://www.metaeye.org/warl0ck/ | | File Size: | 8550 | | Last Modified: | Apr 12 00:18:46 2006 |
| MD5 Checksum: | 299ca5891acce1aab09e284802c0e9ea |
|
| /// File Name: |
chkrootkit-0.15.tgz |
Description:
|
chkrootkit V. 0.15 locally checks for signs of a rootkit. Includes ifpromisc.c to check and see if the interface is in promisc mode, chklastlog.c to check lastlog for deletions, and chkwtmp.c to check wtmp for deletions. Tested on Linux 2.0.x, 2.2.x and FreeBSD 2.2.x, 3.x and 4.0.
| | Author: | Nelson Murilo | | Homepage: | ftp://ftp.pangeia.com.br/pub/seg/pac/ | | Changes: | lrk5 detection, Sun/Solaris support, and Red Hat fixes. | | File Size: | 8468 | | Last Modified: | Jul 4 02:37:50 2000 |
| MD5 Checksum: | 918d81248d226f08f3d96f0f27fde3d4 |
|
| /// File Name: |
confcollect-0.1d.tar.gz |
Description:
|
confcollect 0.1d - confcollect gathers information about the system on which it is installed and sends that information to an administrator via e-mail. The entire /etc directory tree is sent along with, optionally, the network interface configuration, routing tables and ipfwadm rules present when the script was run. It can also create and send a list of all installed packages on the system (RPMs only).
| | Author: | Eddie Olsson | | Changes: | Added support for ipchains. | | File Size: | 8425 | | Last Modified: | Aug 16 20:04:54 1999 |
| MD5 Checksum: | e3aeb2d0b91db9fa74980b4b7cbc96bf |
|
| /// File Name: |
confcollect-0.1.tar.gz |
Description:
|
confcollect 0.1 - confcollect gathers information about the system on which it is installed and sends that information to an administrator via e-mail. The entire /etc directory tree is sent along with, optionally, the network interface configuration, routing tables and ipfwadm rules present when the script was run. It can also create and send a list of all installed packages on the system (RPMs only). First release.
| | Author: | Eddie Olsson | | File Size: | 8281 | | Last Modified: | Aug 16 20:04:52 1999 |
| MD5 Checksum: | d31204c94a97964a01246779be192d5f |
|
| /// File Name: |
lgool.c |
Description:
|
Lgool is a program that will search Google for a given vulnerability. It does the exact same thing you could do by going to Google and searching for nasty stuff like passwd.cfg, but without all the trouble of actually opening a web browser. It operates in a way that is similar to "gooscan" (written by johnny and presented at defcon this year).
| | Author: | Innate | | File Size: | 6575 | | Last Modified: | Oct 24 16:37:27 2004 |
| MD5 Checksum: | e55503a54689dadbc3579185b250e9d1 |
|
| /// File Name: |
http.saint |
Description:
|
Bugfix releases 1 and 2 for SAINT v1.3.7. SAINT web site
| | File Size: | 4992 | | Last Modified: | Aug 16 20:04:53 1999 |
| MD5 Checksum: | fd125b23914f6a5d9d5a66053bf001db |
|
| /// File Name: |
flog-0.15.tar.gz |
Description:
|
Flog v0.15 is a nice, fast ftpd log analyzer. It currently only runs on Linux systems. First public release.
| | Author: | Ani Joshi | | File Size: | 4876 | | Last Modified: | Aug 16 20:04:49 1999 |
| MD5 Checksum: | c07ca490e2fd13a85afaacaeedebfeff |
|
| /// File Name: |
check.pl |
Description:
|
Check.pl 1.0 runs through all of the files and directories that it is given as arguments and determines the permissions. It then sends a list of "dangerous" files to stdout which can be redirected to a file. This program should be run as a regular user to check for writeable directories, suid, guid, and writeable files. Helps admins sniff out files that have incorrect permissions.
| | Author: | David Allen | | Changes: | Changes in reporting for first public release, runs slightly faster, added limits to depth of directory recursion so as to avoid the GNOME circular symlink problem in home directories. | | File Size: | 3864 | | Last Modified: | Aug 16 20:04:53 1999 |
| MD5 Checksum: | fc89fa873b32f999dcacd3651153c1c4 |
|
| /// File Name: |
unhide.tgz |
Description:
|
Unhide is a forensic tool to find hidden processes and TCP/UDP ports that are hidden via rootkits, LKMs, or other techniques.
| | Author: | YJesus | | Homepage: | http://www.security-projects.com/?Unhide | | File Size: | 3594 | | Last Modified: | Jan 8 00:11:20 2006 |
| MD5 Checksum: | 32530671eda828f669d8fc4636c7cc37 |
|
| /// File Name: |
lanlord-0.2-2.tar.gz |
Description:
|
Lanlord dhcpd lease reporting program is a python-based program designed to let you know who has what address leased to which machine. It runs on the DHCP Server as a CGI and uses CSS to modify output. lanlord web site
| | File Size: | 3477 | | Last Modified: | Aug 16 20:04:53 1999 |
| MD5 Checksum: | 0c881f42cf3ca02fb35b6b2f60605b8a |
|
| /// File Name: |
lanlord-0.2-1.tar.gz |
Description:
|
Lanlord dhcpd lease reporting program is a python-based program designed to let you know who has what address leased to which machine. It runs on the DHCP Server as a CGI and uses CSS to modify output. lanlord web site
| | File Size: | 3397 | | Last Modified: | Aug 16 20:04:49 1999 |
| MD5 Checksum: | 8445c78c3d3a259d4c68338db6725115 |
|
| /// File Name: |
snmpscan-0.05.tar.gz |
Description:
|
snmpscan 0.05 - snmpscan scans hosts or routers running SNMPD for common communities (passwords). Communities on routers and hosts running snmpd (the simple network management protocol daemon) often have simple communities set. With a community, you can view various stats about a given machine or router, and often times actually make changes to the host. Use this tool to test and eventually secure your snmp devices.
| | Author: | Knight | | Changes: | First release. | | File Size: | 3050 | | Last Modified: | Aug 16 20:04:53 1999 |
| MD5 Checksum: | 668c8183a4a21e32959ccd79135e8662 |
|
|
|
|
|
![.:[ packet storm ]:.](/images/ps-ani.gif)
