Cosc 4765

Security Tools

A note

• This is not intended to be complete list• Cover the more popular

• The tools will be covered by Topic/area of use

Password Crackers

• Ophcrack – Of course a password cracker can be used for

nefarious purposes, but there are plenty of times they come in handy for perfectly legitimate reasons, namely, forgetting your password. If you don't use a password manager and can't remember an important password, try this tool. It claims to recover 99 percent of passwords within seconds. Operating System: Windows, Linux, OS X.

Password Crackers (2)

• Cain and Abel– This Windows-only password recovery tool handles an

enormous variety of tasks.– Also a packet Sniffer!

• It can recover passwords by sniffing the network, cracking encrypted passwords using Dictionary, Brute-Force and Cryptanalysis attacks, recording VoIP conversations, decoding scrambled passwords, revealing password boxes, uncovering cached passwords and analyzing routing protocols.

– It is also well documented.• Also on the download page are some other “interesting” tools.

Wireless key crackers• Aircrack

– The fastest available WEP/WPA cracking toolAircrack is a suite of tools for 802.11a/b/g WEP and WPA cracking.

– It can recover a 40 through 512-bit WEP key once enough encrypted packets have been gathered. It can also attack WPA 1 or 2 networks using advanced cryptographic methods or by brute force.

– The suite includes airodump (an 802.11 packet capture program), aireplay (an 802.11 packet injection program), aircrack (static WEP and WPA-PSK cracking), and airdecap (decrypts WEP/WPA capture files).

– Has a windows installer, live CD and Vmware image.

Network Monitoring• Wireshark

– Wireshark (formerly known as Ethereal) captures and interactively analyzes network traffic. As the world' most popular network protocol analyzer, it has a huge community, and the Web site includes a staggering amount of documentation and support. Operating System: Windows, Linux, OS X.

• tcpdump – Although it doesn't have as many bells and whistles as some newer

programs, tcpdump effectively monitors networks and helps administrators track down problems. Operating System: Linux.

• WinDump – As you might guess from the name, WinDump offers a Windows version of

tcpdump. The site also includes downloads for the WinPCap packet capture and filtering engine. Operating System: Windows.

Network Monitoring (2)• Angry IP Scanner

– Also known as "ipscan," Angry IP Scanner scans IP addresses and ports very quickly. It can generate reports that include NetBIOS information (computer name, workgroup name, and currently logged in Windows user), favorite IP address ranges, web server detection, and more. Operating System: Windows, Linux, OS X.

• Knocker – This simple TCP security port scanner works on multiple platforms and is easy to

use. Operating System: Windows, Linux, Unix. • No updates since 2003.

• NSAT – Short for "Network Security Analysis Tool," NSAT performs bulk scans for 50

different services and hundreds of vulnerabilities. It provides professional-grade penetration testing and comprehensive auditing. Operating System: Linux, Unix, FreeBSD, OS X. • Getting to be badly out of date.

Network Monitoring (3)• SniffDet

– This tool implements a number of different open-source tests to see if any of the machines in your network are running in promiscuous mode or with a sniffer. Note that some of the documentation for this app is in Portuguese. Operating System: Linux.

• SEC – Although we put this app in the Network Monitoring category,

the Simple Event Coordinator (SEC) actually works with many different applications. To use it, you set up a set of rules that specify what actions you want to occur whenever a particular event occurs. Operating System: OS Independent.

Network Monitoring (4)• Ettercap

– In case you still thought switched LANs provide much extra security. It is a terminal-based network sniffer/interceptor/logger for ethernet LANs. It supports active and passive dissection of many protocols (even ciphered ones, like ssh and https). Data injection in an established connection and filtering on the fly is also possible, keeping the connection synchronized. Many sniffing modes were implemented to give you a powerful and complete sniffing suite. Plugins are supported. It has the ability to check whether you are in a switched LAN or not, and to use OS fingerprints (active or passive) to let you know the geometry of the LAN.

• Ntop – A network traffic usage monitor. Ntop shows network usage in a way similar to

what top does for processes. In interactive mode, it displays the network status on the user's terminal. In Web mode, it acts as a Web server, creating an HTML dump of the network status. Operating System: linux, windows, mac

Wireless Network Monitoring• NetStumbler

– Windows 802.11 Sniffer. It is the best known Windows tool for finding open wireless access points ("wardriving"). • They also distribute a WinCE version for PDAs and such named Ministumbler. The

tool is currently free but Windows-only and no source code is provided. It uses a more active approach to finding WAPs than passive sniffers such as Kismet or KisMAC.

• Kismet– Kismet is an console (ncurses) based 802.11 layer2 wireless network

detector, sniffer, and intrusion detection system. It identifies networks by passively sniffing (as opposed to NetStumbler), and can even decloak hidden (non-beaconing) networks if they are in use.

– It can automatically detect network IP blocks by sniffing TCP, UDP, ARP, and DHCP packets, log traffic in Wireshark/TCPDump compatible format, and even plot detected networks and estimated ranges on downloaded maps

Intrusion Detection• Snort

– Boasting of millions of downloads and more than 200,000 registered users, Snort claims to be the mostly widely deployed intrustion detection and prevention system in the world and "the de facto standard for IPS." Developed by Sourcefire, it combines the benefits of signature, protocol and anomaly-based inspection in a single download. Operating System: Linux, Unix, OS X.

• AFICK – Very similar to Tripwire, AFICK (which stands for "Another File Integrity Checker")

monitors changes to your file systems in order to alert you to possible intrusion. It's fast and easy to install. Operating System: Windows, Linux.

• OISF– an open source IDP (Intrusion Detection and Preventation). From the some of

the authors of Snort, that left after Snort was purchased. Operating system: linux

Systems Monitoring

• Nagios– Nagios is a powerful monitoring system that enables

organizations to identify and resolve IT infrastructure problems before they affect critical business processes. And Free

– Takes time to configure, but one up and running it can monitor computers, networks, etc

– And alert you to problems in many area– Can insert notifications from IDS, logs and other

applications.

Log File Analyzers• BASE

– The "Basic Analysis and Security Engine," or BASE, use a Web-based interface to analyze alerts from Snort IDS. Features include role-based user authentication and Web-based setup. Operating System: OS Independent.

• IPtables Log Analyzer – This app makes it easier to understand the log files from your Shorewall, or SUSE Firewall, or Netfilter-

based firewall logs. It organizes rejected, acepted, masqueraded packets, etc. into an attractive HTML page. Operating System: Linux.

• Snare – The various Snare agents are used by hundreds of thousands of users, including many large enterprises,

to collect and analyze security, application, system, DNS, file replication service, and active directory logs. The site includes a variety of open-source downloads for different operating systems and purposes, as well as the commercially available Snare Server. Operating System: Windows, Linux, OS X, others.

• Splunk – Splunk can analyze data from any application, server, or device, making it possible to troubleshoot

problems or investigate security incidents in a fraction of the time it would take otherwise. The enterprise features are free for 60 days, and after that you have to either convert to the free version or pay to keep using the full feature set. Operating System: Windows, Linux, OS X, others.

– Plugins for Nagios as well.

Forensics• ODESSA

– The Open Digital Evidence Search and Seizure Architecture, a.k.a. ODESSA, includes several different tools for collecting and analyzing digital evidence. In addition, it provides the ability to create easy-to-understand reports detailing the results of the analysis. For those who want to learn more about digital forensics, the Web site also offers a number of white papers and articles on related topics. Operating System: Windows, Linux, OS X.

• Live View – This Java-based tool creates a VMWare virtual image of the machine you are analyzing so

that you can interact with it without changing the underlying image or disk. Developed by CERT and the Software Engineering Institute at Carnegie Mellon, it's an excellent tool for forensic examiners. Operating System: Windows.

• The Sleuth Kit – This site offers two sets of forensic tools meant to aid in digital investigations: The Sleuth Kit

is a command line tool for use with Linux, Unix, OS X, Solaris, and BSD systems. The Autopsy Forensic Browser uses the same tools, but makes them more user-friendly by providing an html-based graphic interface that also works with Windows. Operating System: Windows, Linux, OS X.

Data Removal• BleachBit

– In addition to "shredding" deleted files so that they cannot be recovered, BleachBit cleans up your cache, cookies, Internet history, logs, temp files, etc. for faster performance and greater privacy. Operating System: Windows, Linux.

• Eraser – Just because you delete a file doesn't mean it's gone. Eraser makes sure no one can recover

your old files by writing over them with random data. Operating System: Windows • Wipe

– Wipe does the same thing as Eraser, but it works on Linux. Operating System: Linux. • Darik's Boot and Nuke

– Before you give away or donate an old computer, make sure you completely erase the hard drive. How? Just run Darik's Boot and Nuke (DBAN) from a boot disk. Operating System: OS Independent.

• Disk Cleaner – This small utility cleans all the “junk” out of your temporary files, cache etc. It deserves inclusion

in our security tools because it's also handy for protecting your privacy when using public machines. Operating System: Windows

SysAdmin Tools• Inside Security Rescue Toolkit

– Also known as INSERT, the Inside Security Rescue Toolkit packs dozens of helpful security and system administration apps into a single download. In addition to a complete, bootable Linux system (based on Debian), you'll get apps for anti-virus protection, network analysis, forensics, and more. Operating System: Linux.• German only. Use google to translate.

• Network Security Toolkit (NST) – Like INSERT, NST includes a whole lot of tools and a complete Linux distribution

that fit on a CD-ROM. In this case, you get nearly 100 tools and the Linux copy is based on Fedora. Operating System: OS Independent.

• Startup Manager and HiJackThis– Tired of waiting forever while Windows starts up? This app gives you control over

which applications and services launch when you start up your system, so that you get better performance and greater security. Operating System: Windows.

General Tools (2)• Netcat

– The network Swiss army knife– This simple utility reads and writes data across TCP or UDP network connections. It is

designed to be a reliable back-end tool that can be used directly or easily driven by other programs and scripts. At the same time, it is a feature-rich network debugging and exploration tool, since it can create almost any kind of connection you would need, including port binding to accept incoming connections.

– It can sometimes even be hard to find nc110.tgz. – The flexibility and usefulness of this tool have prompted people to write numerous

other Netcat implementations– Socat, which extends Netcat to support many other socket types, SSL encryption,

SOCKS proxies, and more. – There is also Chris Gibson's Ncat, which offers even more features while remaining

portable and compact. – Other takes on Netcat include OpenBSD's nc, Cryptcat, Netcat6, PNetcat, SBD, and so-

called GNU Netcat.

General Tools

• nmap– Nmap ("Network Mapper") is a free and open

source utility for network exploration or security auditing. Many systems and network administrators also find it useful for tasks such as network inventory, managing service upgrade schedules, and monitoring host or service uptime

Vulnerability Scanners

• Nessus– Premier UNIX vulnerability assessment tool– Nessus was a popular free and open source

vulnerability scanner until they closed the source code in 2005 and removed the free "registered feed" version in 2008. A limited “Home Feed” is still available, though it is only licensed for home network use.

Vulnerability Scanners (2)

• Metasploit Framework– It is an advanced open-source platform for developing,

testing, and using exploit code. The extensible model through which payloads, encoders, no-op generators, and exploits can be integrated has made it possible to use the Metasploit Framework as an outlet for cutting-edge exploitation research. It ships with hundreds of exploits. This makes writing your own exploits easier, and it certainly beats scouring the darkest corners of the Internet for illicit shellcode of dubious quality

Web Vulnerability scanners• Nikto

– A more comprehensive web scanner. Nikto is an open source (GPL) web server scanner which performs comprehensive tests against web servers for multiple items.

• WebInspect– SPI Dynamics' WebInspect application security assessment tool helps identify known

and unknown vulnerabilities within the Web application layer. WebInspect can also help check that a Web server is configured properly, and attempts common web attacks such as parameter injection, cross-site scripting, directory traversal, and more. Commercial license only.

• Burp Suite– an integrated platform for performing security testing of web applications. Its various

tools work seamlessly together to support the entire testing process, from initial mapping and analysis of an application's attack surface, through to finding and exploiting security vulnerabilities.

• As a note, most vulnerability scanners check http, but these are specially for web applications.

Want more?

• Top 125 tools. Updated annually.• http://sectools.org/

– But note, not all are tools. • Perl is #23 on the list.

QA&

References

• http://itmanagement.earthweb.com/osrc/article.php/12068_3872596_1/75-Top-Open-Source-Security-Apps.htm

• http://sectools.org/