Samhain is a file system integrity checker that can be used as a client/server application for centralized monitoring of networked hosts. Databases and configuration files can be stored on the server. Databases, logs, and config files can be signed for tamper resistance. In addition to forwarding reports to the log server via authenticated TCP/IP connections, several other logging facilities (e-mail, console, and syslog) are available. Tested on Linux, AIX, HP-UX, Unixware, Sun and Solaris.
196538799ce48f8d6083757d50e73081299cc378bacc224c2dcebae7a4580180
Publimark is a command line tool to secretly embed text in an audio file. Like cryptography, it uses a pair of keys: the public one can be shared, whereas the private one must be kept secret. Anybody can send a steganographic message, but only the private key owner will be able read it. Marked audio files are still playable.
bc96c067bb5ce51d3d1b4245d54bc954f8ae25907bae0fd4b9273bd2717ac1e3
Tvark is a network monitoring tool with a GUI front-end and is tied to a MySQL database. The GUI provides a view of traffic activity that can be seen from the machine/interface that Tvark is run on. What the end user sees is a list of source nodes on the left, destination nodes on the right, and lines drawn, left to right, showing traffic flow. Tvark runs in realtime, meaning the traffic is shown roughly as it happens with a small delay between it and the display being created.
cf2de69dd5655478a433024e5e6ddcf6e99dd625e0c01a96071e9200f4190f27
AntiExploit is a small Perl script that scans for well known exploit files. It currently recognizes over 1400 suspicious files, and the database is updated weekly. Useful for a system that has a lot of shell accounts being used.
e6d1df85585af18fcb90f03d6c5c20c2cc592659ad66dd582d4099f7d213c24f
Snort2Pf is a small Perl daemon which greps Snort's alertfile and blocks the bad hosts for a given amount of time using pfctl.
438ba365303935c1d4822a8472364a15a56ff6dce642980908580f29c811abf3
Nmap Parser is a Perl module that simplifies the process of developing scripts and collecting information from the XML nmap scan data, which can be obtained by using nmap's -oX switch or from the file handle of a pipe to an nmap process. It uses the XML twig library for parsing, and supports filters.
17fb34d916e2a5c7843cfafe86d295321a35efe0381aeec466c5a7c0678c2e05
Wflogs is a firewall log analysis tool. It can be used to produce a log summary report in plain text, HTML, and XML, or to monitor firewalling logs in real-time. For now, netfilter, ipchains, ipfilter, cisco_pix, cisco_ios, and snort input formats are supported. It is particularly fast when asynchronous DNS resolution is enabled. The goal of the WallFire project is to build a very general and modular firewalling application based on Netfilter or any kind of low-level framework. Wflogs is part of the WallFire project, but can be used independently.
8e13d11758dffc7735b324c4be12e48f6ef1631c08e2dbe48aa4260a742a6701
bup is a patch for bash that modifies the shell to send all user keystrokes via UDP over the network for collection by a sniffer or a syslogd server. It does not depend on syslogd to send the packets. It is part of the Tools/Data_Capture section of The Honeynet Project.
f02236b1503011ed1fdfe5d1c49fa9a09a5fce9feda24b025cded4554d76cc9f
Rootkit Hunter scans files and systems for known and unknown rootkits, backdoors, and sniffers. The package contains one shell script, a few text-based databases, and optional Perl modules. It should run on almost every Unix clone.
a4c2e2d4f5bd6a07a195711c21c8f17f958476c61df2bb22ac923b43c17d09b1
TinyCA is a simple GUI written in Perl-Gtk to manage a small certification authority. It works as a frontend to OpenSSL. TinyCA lets you manage x509 certificates. It is possible to export data in PEM or DER format for use with servers, as PKCS#12 for use with clients, or as S/MIME certificates for use with email programs. It is also possible to import your own PKCS#10 requests and generate certificates from them. It also lets you create and manage SubCAs for more complex setups. The most important certificate extensions can be configured with the graphical frontend. English and German translations are included.
75d3178dc330720a6ebe9f6739dc19397d69948aa03d37bd03616401a22f27d0
mod_ssl provides provides strong cryptography for the Apache 1.3 webserver via the Secure Sockets Layer (SSL v2/v3) and Transport Layer Security (TLS v1). It is based on the SSL/TLS toolkit OpenSSL and supports all SSL/TLS related functionality, including RSA and DSA/DH cipher support, X.509 CRL checking, etc. Additionally it provides special Apache related facilities like DBM and shared memory based inter-process SSL session caching. per-URL SSL session renegotiations, DSO support, etc.
7feea42e546b3ceb59f8da4485f9006ce4fcbaeebd93500bd2835d31f28f90a0
Apache is the most popular webserver on the Internet, quite possibly the best in terms of security, functionality, efficiency, and speed.
156fe239c825961d426a8b503f6a876b4fb872cd002a53f118e57685fcd8e284
Mac OS X versions 10.3.3 and greater along with various browsers suffer from yet another URI silent code execution flaw using the SSH handler.
c173dc60dc3dcd0f29d58c95ff45eb288a767853fda654b6a75c8906df2a304a
The options used by cPanel software to compile Apache 1.3.29 and PHP using the mod_phpsuexec option are flawed and allow any local user to execute arbitrary code as any other user owning a web accessible php file.
958b7c3d603a8a91d715903c8001ca9e73ed468d5964833442f8c7b9303ec0a8
Debian Security Advisory DSA 508-1 - Jaguar discovered a vulnerability in one component of xpcd, a PhotoCD viewer. xpcd-svga, part of xpcd which uses svgalib to display graphics on the console, would copy user-supplied data of arbitrary length into a fixed-size buffer in the pcd_open function.
933ad9aa3641a27d6c66de69c8de545087b7ec673c070c7da435f57c70450c89
R.A.M. Security Advisory - All versions of e107 have a vulnerability in the user.php file that allows malicious attackers the ability to post cross site scripting or html tags to a website for a member.
267412fb6220a6406d117ae380c4a7d40de18ece7e3727e1c5c19947ef2675c2
httprint is a web server fingerprinting tool. It relies on web server characteristics to accurately identify web servers, despite the fact that they may have been obfuscated by changing the server banner strings, or by plug-ins such as mod_security or servermask. httprint can also be used to detect web enabled devices which do not have a server banner string, such as wireless access points, routers, switches, cable modems, etc. httprint uses text signature strings and it is very easy to add signatures to the signature database. httprint can import web servers from nmap network scans, if they are saved in XML format. The current version adds the ability to save reports in CSV and XML formats, and features a completely new method of scoring by confidence ratings to minimize false positives. This version is the Windows release.
28dad18a8aa0c5ccd405f7dc4a7d701cf9a34ff7cc976e108db579a97aca89c4
httprint is a web server fingerprinting tool. It relies on web server characteristics to accurately identify web servers, despite the fact that they may have been obfuscated by changing the server banner strings, or by plug-ins such as mod_security or servermask. httprint can also be used to detect web enabled devices which do not have a server banner string, such as wireless access points, routers, switches, cable modems, etc. httprint uses text signature strings and it is very easy to add signatures to the signature database. httprint can import web servers from nmap network scans, if they are saved in XML format. The current version adds the ability to save reports in CSV and XML formats, and features a completely new method of scoring by confidence ratings to minimize false positives. This version is the Mac OS-X release.
fd34462a1cb921ecf5aed244e7633f95a0808058aa56a91069e6b28ae50f7680
httprint is a web server fingerprinting tool. It relies on web server characteristics to accurately identify web servers, despite the fact that they may have been obfuscated by changing the server banner strings, or by plug-ins such as mod_security or servermask. httprint can also be used to detect web enabled devices which do not have a server banner string, such as wireless access points, routers, switches, cable modems, etc. httprint uses text signature strings and it is very easy to add signatures to the signature database. httprint can import web servers from nmap network scans, if they are saved in XML format. The current version adds the ability to save reports in CSV and XML formats, and features a completely new method of scoring by confidence ratings to minimize false positives. This version is the FreeBSD release.
a29d163083835e04f3ac34d48e56fcbc39f8f5cc7c18ea0d79acbfd4686fbc7b
httprint is a web server fingerprinting tool. It relies on web server characteristics to accurately identify web servers, despite the fact that they may have been obfuscated by changing the server banner strings, or by plug-ins such as mod_security or servermask. httprint can also be used to detect web enabled devices which do not have a server banner string, such as wireless access points, routers, switches, cable modems, etc. httprint uses text signature strings and it is very easy to add signatures to the signature database. httprint can import web servers from nmap network scans, if they are saved in XML format. The current version adds the ability to save reports in CSV and XML formats, and features a completely new method of scoring by confidence ratings to minimize false positives. This version is the Linux release.
3abdeb0ba0bc07b69489438ae6647d34460512df310036ac0f7ce7785a824e2f
Netgear RP114 devices, and possibly other related Netgear hardware, have a URI filtering bypass vulnerability when the URI being evaluated is larger than 220 bytes long.
7c2791d42f4fe25ac35ea87b471ff12f43f5d2022deaf13d5ef51f4d2621d65f
nmapgrep is a small tool customized to grep regular expression patterns from a nmap log file and output the IP addresses that match the pattern.
fee7b6368d25712423e3f5c6f72366c8809222691257594176a7019b4973204e
Amusing graphic of Microsoft's UK web site getting compromised and defaced again in May, 2004.
edb2ed3493028fcae986a0d3855973827917f057e0b23a9a519176ced4557a53
White paper discussing the basics of shellcoding, a quick overview of assembly, and usage of shellcodes.
91df4a2a5aa6a6b5d59ad6bb47315c025fe3c9ede801c8998cd641028cfa2e6a