ToolWar | Information Security (InfoSec) Tools: Firewalls

Raptor (Web Application Firewall) :: Tools

<div class="separator" style="clear: both; text-align: center;">
<a href="https://1.bp.blogspot.com/-mdxVRSARaHA/V7qsaj8MLyI/AAAAAAAAB8g/2a1-JPkLM4YYZuKSNjMiuysJYR7H45ESACLcB/s1600/Raptor.png" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img alt="Download Web Application Firewall Raptor" border="0" src="https://1.bp.blogspot.com/-mdxVRSARaHA/V7qsaj8MLyI/AAAAAAAAB8g/2a1-JPkLM4YYZuKSNjMiuysJYR7H45ESACLcB/s1600/Raptor.png" title="Raptor Web Application Firewall" /></a></div>
<div style="text-align: justify;">
<b>Raptor</b> is an Open Source Tool, your focus is study of attacks and find intelligent ways to block attacks. Raptor is made in pure C, don’t use regex or other common ways to block attacks, use deterministic finite automaton, yes is diferent and fast like a raptor dinosaur, Raptor follow principle KISS (Keep It Simple), you can use Raptor to simulate attacks and learning new ways to bypasses.</div>
<div style="text-align: justify;">
<br /></div>
<div style="text-align: justify;">
WAF stands for Web Application Firewall. It is widely used nowadays to detect and defend SQL Injections and XSS...</div>
<ul>
<li>    You can block XSS, SQL injection attacks and path traversal with Raptor</li>
<li>    You can use blacklist of IPs to block some users at config/blacklist ip.txt</li>
<li>    You can use IPv6 and IPv4 at communications</li>
<li>    At the future DoS protector, request limit, rule interpreter and Malware detector at uploads.</li>
<li>    At the future SSL/TLS...</li>
</ul>
<b>Installation: </b><br />
to run:<br />$ git clone https://github.com/CoolerVoid/raptor_waf<br />$ cd raptor_waf; make; bin/raptor<br />
<br />
<b>Usage: </b><br />
Up some HTTPd server at port 80<br />$ bin/Raptor -h localhost -p 80 -r 8883 -w 4 -o loglog.txt<br />
<b> </b><br />
<b>Documentation: </b><a href="https://github.com/CoolerVoid/raptor_waf/blob/master/doc/raptor.pdf" rel="nofollow" target="_blank">Click Here</a><b> </b><br />
<h3>
<b>Download: </b></h3>
<b>Linux: </b><a href="http://sourceforge.net/projects/raptorwaf/files/latest/download" rel="nofollow" target="_blank">Raptor</a>  <b><br /></b>

Raptor (Web Application Firewall) :: Tools

Raptor is an Open Source Tool, your focus is study of attacks and find intelligent ways to block attacks. Raptor is made in pure C, don’...

AIEngine (Artificial Intelligent Engine) :: Tools

<div class="separator" style="clear: both; text-align: center;">
<img alt="AIEngine (Artificial Intelligent Engine)" border="0" src="https://4.bp.blogspot.com/-xvp19YsprqU/UttmoGmQSGI/AAAAAAAABcc/QlKD2t4YhBM/s1600/Artificial+Intelligent+Engine.jpg" title="AIEngine (Artificial Intelligent Engine)" /></div>
<div style="text-align: justify;">
<b>AIEngine</b> is a next generation interactive/programmable packet inspection engine with capabilities of learning without any human intervention, NIDS functionality, DNS domain classification, network collector and many others.  <b><br /></b><br />
<b>AIEngine (Artificial Intelligent Engine)</b> is a <i><a href="http://www.toolwar.com/search/label/Packet" target="_blank">packet</a> inspection engine</i> with capabilities of learning without any human intervention. <b>AIEngine</b> helps <a href="http://www.toolwar.com/search/label/Network" target="_blank">network</a>/security profesionals to <b>identify traffic</b> and develop signatures for use them on<b> </b><i>NIDS, <a href="http://www.toolwar.com/search/label/Firewalls" target="_blank">Firewalls</a>, Traffic classifiers</i> and so on.</div>
<div style="text-align: justify;">
<b>AIEngine</b> is written in c++11 and Python, so by using the flexibility of 
<a href="http://www.toolwar.com/search/label/Python" target="_blank">Python</a>, AIEngine could be integrated easely with other functionalities 
and modules in a easy way.<br />
<h3>
Features ::  </h3>
</div>
<ul>
<li>- Counters for IP fragmentation packets.</li>
<li>- Support for TLS1.2 on the SSLProtocol</li>
<li>- Exposed the FrequencyGroup and the LearnerEngine on python.</li>
<li>- Integrate with NetfilterPython or other packet systems.</li>
<li>- Support for python 3.x versions (check INSTALL).</li>
<li>- Sorts the outputs of the HTTP, SSL and DNS most used domains (aiengine binary).</li>
<li>- Support for HTTP1.1 (URI Cache), all the flows will have all the paths taken by the user.</li>
<li>- Shell support. The system have a interactive shell so the user can interact on realtime with the system.</li>
</ul>
<h3>
Tutorial ::</h3>
<b>Configuration :: </b><a href="https://bitbucket.org/camp0/aiengine/wiki/Configurations" target="_blank">Click Here</a><b> </b><br />
<b>Uses & Examples :: </b><a href="https://bitbucket.org/camp0/aiengine/wiki/Home" target="_blank">Click Here</a><br />
<b>Wiki :: </b><a href="https://bitbucket.org/camp0/aiengine/wiki/Home" target="_blank">Click Here</a><br />
<h3>
Download :: </h3>
<b>Linux :: </b><a href="https://bitbucket.org/camp0/aiengine/downloads/aiengine-1.5.tar.gz" rel="nofollow" target="_blank">AIEngine v1.5</a><b> (.tar.gz)</b><br />
<b>Source ::</b> <a href="https://bitbucket.org/camp0/aiengine/overview">https://bitbucket.org/camp0/aiengine/overview</a><br />
<b>Submitted By :: </b>Luis

AIEngine (Artificial Intelligent Engine) :: Tools

AIEngine is a next generation interactive/programmable packet inspection engine with capabilities of learning without any human interven...

Vyatta (Vitrual Router, Firewall and VPN) :: Framework

<div class="block-content content" style="text-align: justify;">
<div style="text-align: justify;">
<br />
<article class="article article-type-page clearfix" id="article-6745" role="article">                 <div class="article-content">
<div class="field field-name-body field-type-text-with-summary field-label-hidden">
<div class="field-items">
<div class="field-item even">
<div class="separator" style="clear: both; text-align: center;">
<img alt="Vyatta Logo" border="0" height="320" src="http://1.bp.blogspot.com/-2gGb9drSWJw/UywpLWjtTxI/AAAAAAAABoI/zDrCwnboE9A/s1600/vyatta+logo.png" title="Vyatta Logo" width="320" /></div>
The  free community <b>Vyatta Core software(VC)</b> is an award-winning open source <a href="http://www.toolwar.com/search/label/Network" target="_blank"> network</a> operating system providing advanced IPv4 and IPv6 routing,  stateful <a href="http://www.toolwar.com/search/label/Firewalls" target="_blank">firewalling</a>, IPSec and SSL OpenVPN, and more. When you add  <b>Vyatta</b> to a standard x86 hardware system, you can create an enterprise  grade network appliance that easily scales from DSL to 10Gbps. <b>Vyatta</b> is  also optimized to run in VMware, Citrix XenServer, Xen, KVM, and Hyper  V, providing networking and <a href="http://www.toolwar.com/search/label/Security" target="_blank">security</a> services to <a href="http://www.toolwar.com/search/label/Virutal" target="_blank">virtual machines</a> and  cloud computing environments. <b>Vyatta</b> has been downloaded over 1,000,000  times, has a community of hundreds of thousands of registered users and  counts dozens of fortune 500 businesses among its commercial customers.<br />
On this site, you'll find all the downloads, <a href="http://www.toolwar.com/search/label/Tools" target="_blank">tools</a>, documentation,  and community resources to help you get up and running with your own  <b>Vyatta-based</b> system. Ask questions in the Forums. Propose new features  and vote on existing proposals. Participate and have fun. We have been  working together with our community for over five years to continue to  enhance the world's leading software-based network OS.<br />
A commercial version of the <b>Vyatta network OS</b> (Vyatta Subscription  Edition) is also available with enterprise-ready management and security  product extensions and complete engineering support including proactive  notifications of security alerts and software releases as well as  priority access to patches & bug fixes.<br />
<b>Vyatta's </b>open, software-based approach to networking has created a  complete network OS that can connect and secure physical <a href="http://www.toolwar.com/search/label/Network" target="_blank">networks</a> as  well as virtual and cloud computing infrastructures. <b>Vyatta</b> software and  appliances offer users a flexible, affordable alternative to  proprietary, hardware-based routers, firewalls, and VPN devices.<br />
Vyatta can help you: <br />
<ul>
<li>Affordably scale large BGP implementations </li>
<li>Keep your network safe with a stateful-inspection firewall </li>
<li>Securely connect remote offices with <a href="http://www.toolwar.com/search/label/VPN" target="_blank">VPN </a></li>
<li>Scale from DSL to 10-Gbps with a single software package</li>
<li>Avoid costly proprietary networking upgrades </li>
<li>Run virtualized networking environments in Xen, KVM and VMware </li>
<li>Add networking and security to blade servers in your data center </li>
<li>Offer cloud based managed security services </li>
<li>Add network redundancy regardless of vendor equipment </li>
<li>Build your own best-of-breed Branch office solution </li>
</ul>
<br />
The <b>Vyatta Core</b> is an integration of a number of components from a  variety of different sources, much the same way as a standard Linux  distribution. Many of the components are licensed under the GNU GPL.  Others carry a BSD license. Still others carry less-popular licenses.  All components of the <b>Vyatta Core</b> carry licenses defined as open source.<br />
License files are included with every package installed in the system  and can be viewed in the /usr/share/doc/package/copyright file.<br />
<br />
<h3>
Tutorials ::</h3>
<b>Use Tips and Tricks :: </b><a href="http://www.vyatta.org/documentation/tips-tricks" target="_blank">Click Here</a><b><br />
</b><br />
<b>Documentations :: </b><a href="http://www.vyatta.org/documentation/translated-docs" target="_blank">Click Here</a><br />
<b>Vyatta Forum :: </b><a href="http://www.vyatta.org/forum" target="_blank">Click Here</a> <br />
<div class="separator" style="clear: both; text-align: center;">
<br /></div>
<div style="text-align: center;">
<iframe allowfullscreen="allowfullscreen" frameborder="0" height="266" mozallowfullscreen="mozallowfullscreen" src="https://www.youtube.com/embed/5JJOE5zeVbM?feature=player_embedded" webkitallowfullscreen="webkitallowfullscreen" width="320"></iframe></div>
<div class="separator" style="clear: both; text-align: center;">
</div>
<div class="separator" style="clear: both; text-align: center;">
</div>
<h3>
Download ::</h3>
<b>Live CD :: </b><a href="http://packages.vyatta.com/vyatta/iso/VC6.6/vyatta-livecd_VC6.6R1_i386.iso" target="_blank">Vyatta Live CD v6.6</a> (.iso)<b></b><br />
<b>Visualization ISO :: </b><a href="http://packages.vyatta.com/vyatta/iso/VC6.6/vyatta-livecd_VC6.6R1_i386.iso" target="_blank">Vyatta Visualization v6.6</a> (.iso)<b> </b>
<b> </b><br />
<b>Official Website ::<a href="https://www.blogger.com/goog_2084089245"> </a></b><a href="http://www.vyatta.org/">http://www.vyatta.org/</a>
</div>
</div>
</div>
</div>
</article></div>
</div>

Vyatta (Vitrual Router, Firewall and VPN) :: Framework

The free community Vyatta Core software(VC) is an award-winning open source network operating system providing...

Nipper Studio (Network Security Audit for Firewall, Switches and Router) :: Tools

<div class="separator" style="clear: both; text-align: center;">
<a href="http://2.bp.blogspot.com/-I3wO7QbIMaU/UyfpB0rVO0I/AAAAAAAABno/Shh_x99wc8M/s1600/Nipper+Home+Report+2.2.jpg" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img alt="nipper tutorial" border="0" height="333" src="http://2.bp.blogspot.com/-I3wO7QbIMaU/UyfpB0rVO0I/AAAAAAAABno/Shh_x99wc8M/s1600/Nipper+Home+Report+2.2.jpg" title="nipper tutorial" width="400" /></a></div>
<div style="text-align: justify;">
<b>Nipper (short for Network Infrastructure Parser, previously known as 
CiscoParse)</b> audits the security of network devices such as switches, 
routers, and firewalls.  It works by parsing and analyzing device 
configuration file which the <b>Nipper</b> user must supply.  This was an open 
source tool until its developer (Titania) released a commercial version 
and tried to hide their old GPL releases. During a <b>network audit Nipper Studio</b> processes the devices’ native configurations and enables you to create a variety of different audit reports. By using traditional methodology for your <a href="http://www.toolwar.com/search/label/Network" target="_blank">network audit</a>, such as manual <a href="http://www.toolwar.com/search/label/Penetration" target="_blank">Penetration Testing</a>, Agent-based software and <a href="http://www.toolwar.com/search/label/Scanner" target="_blank">Network Scanners</a>, you could experience various drawbacks, which does not affect Nipper Studio <a href="http://www.toolwar.com/search/label/Security" target="_blank">security</a> audit software:<br />
<ul>
<li>Network scanners send huge numbers of network probes to a device and can impact performance. Only exposed vulnerabilities are identified, potentially missing many issues.</li>
<li>Agent-based audit software requires software to be installed on the devices during the network audit. This is not possible for all devices and can introduce additional security vulnerabilities.</li>
<li>Manual Penetration Tests examine individual <a href="http://www.toolwar.com/search/label/Network" target="_blank">network</a> devices in detail. However this is slow, expensive and results in point in time audits of only a sample of devices.</li>
<li>Flatten the <a href="http://www.toolwar.com/search/label/Vulnerability" target="_blank">vulnerability assessment</a> process and reduce human error by automatically producing an instant, device specific configuration report, readable by non-technical experts.  </li>
<li>Achieve significant cost savings by automating a detailed configuration vulnerability analysis, typically provided by costly external Penetration Testing. </li>
<li>Improve the productivity and scope of the network audit by quickly performing a thorough vulnerability assessment of multiple complex network devices, providing a detailed security audit report, unachievable with vulnerability scanning technologies. </li>
<li>Stay secure as our security audit software requires no additional services on the device or agents to be installed and can audit the network devices without connecting or scanning them</li>
</ul>
<h3>
Tutorials ::</h3>
<div class="separator" style="clear: both; text-align: center;">
<iframe allowfullscreen="allowfullscreen" frameborder="0" height="266" mozallowfullscreen="mozallowfullscreen" src="https://www.youtube.com/embed/wUtAmowwVD8?feature=player_embedded" webkitallowfullscreen="webkitallowfullscreen" width="320"></iframe></div>
<h3>
 </h3>
<h3>
Download ::</h3>
<b>Windows | Linux | Mac :: </b>
<b> </b><br />
<b>Buy :: </b><a href="https://www.titania.com/shop" target="_blank">Click Here</a><b> </b>
<b> </b><br />
<b>Evaluate Copy :: </b><a href="https://www.titania.com/evaluate" target="_blank">Click Here</a><b>  </b>
<b> </b><br />
<b>Official Website :: </b><a href="https://www.titania.com/nipperstudio" target="_blank">https://www.titania.com/nipperstudio </a></div>

Nipper Studio (Network Security Audit for Firewall, Switches and Router) :: Tools

Nipper (short for Network Infrastructure Parser, previously known as CiscoParse) audits the security of network devices such as switche...

FTester (Testing Firewall Filtering Policies and IDS Capabilities) :: Tools

<div style="text-align: justify;">
<div class="section">
      <div class="separator" style="clear: both; text-align: center;">
<a href="http://4.bp.blogspot.com/-f2MLiVgX6mk/UwiGDz_8SmI/AAAAAAAABkM/WbIqkyXnREc/s1600/FTester+Screenshot.JPG" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img alt="FTester Screenshot" border="0" height="267" src="http://4.bp.blogspot.com/-f2MLiVgX6mk/UwiGDz_8SmI/AAAAAAAABkM/WbIqkyXnREc/s1600/FTester+Screenshot.JPG" title="FTester Screenshot" width="400" /></a></div>
The <b>Firewall Tester (FTester)</b> is a tool designed for <b>testing firewall
      filtering policies and Intrusion Detection System (IDS) capabilities.</b><br />

The tool consists of two perl scripts, a <span id="goog_1392660018"></span><a href="http://www.toolwar.com/search/label/Packet">packet injector<span id="goog_1392660019"></span></a> (ftest) and a
      listening <a href="http://www.toolwar.com/search/label/Sniffer">sniffer</a> (ftestd). The first script injects custom packets, defined
      in ftest.conf, with a signature in the data part while the sniffer listens for
      such marked packets. The scripts both write a log file which is in the same
      form for both scripts. A comparison of the two produced log files (ftest.log and ftestd.log)
      outlines the packets that were unable to reach the sniffer due to filtering rules
      if these two scripts are ran on hosts placed on two different sides of a
      <a href="http://www.toolwar.com/search/label/IDS">firewall</a>. Stateful inspection firewalls are handled with the 'connection
      spoofing' option. A script called freport is also available to automatically
      parse the log files.<br />

Using the tool is not a completely automated process, ftest.conf must
      be crafted for every different situation. Examples and rules are included in
      the attached configuration file.<br />

The <a href="http://www.toolwar.com/search/label/IDS">IDS (Intrusion Detection System)</a> testing feature can be used
      either with ftest only or with the additional support of ftestd for handling
      stateful inspection IDS, ftest can also use common IDS evasion techniques. The
      script can also process snort rule definition files.<br />

<h3>
Features:</h3>
<ul>
<li>firewall testing</li>
<li>IDS testing</li>
<li>simulation of real tcp connections for stateful inspection firewalls and IDS</li>
<li>TCP connection spoofing</li>
<li>IP fragmentation / TCP segmentation</li>
<li>IDS evasion techniques</li>
</ul>
<b>NOTE</b>: this tool is now outdated and is presented here for historical
      reasons, a complete rewrite with new features and IPv6 support is scheduled for
      sometime in the future.<br />

</div>
</div>
<div style="text-align: justify;">
<br />
<h3>
Tutorials ::</h3>
<b>Installation ::</b><br />

<div class="MsoNormal">
FTester components are PERL scripts. They can be executed on
any platform with a recent version of PERL. Three perl modules -<span style="mso-spacerun: yes;">Ý </span>Net::RawIP, Net::PcapUtils, and NetPacket ñ
are also required. These can be downloaded at the Comprehensive Perl Archive
Network (<a href="http://www.cpan.org/" target="_new">CPAN</a>), and<span style="color: red;"> </span>you
can install them using the CPAN shell. </div>
<div class="MsoNormal">
Installation is quite simple. <span style="font-family: Courier;">Untar</span>
the latest archive. Everything you need will be decompressed along with an
example configuration file, documentation and a script called <span style="font-family: Courier;">freport</span> for comparing <span style="font-family: Courier;">ftest</span> and <span style="font-family: Courier;">ftestd</span>
log files. Before using the package I recommend to read and fully understand
all documentation.</div>
<b>ManPage ::</b> <a href="http://www.inversepath.com/ftester_man.html" target="_blank">Click Here</a><br />
<b>Documentation :: </b><a href="http://dev.inversepath.com/ftester/README" target="_blank">Click Here</a><br />
<b>Published Paper ::</b> <a href="http://www.tisc-insight.com/newsletters/56.html" target="_blank">Click Here</a></div>
<div style="text-align: justify;">
<h3>
Download ::</h3>
</div>
<div style="text-align: justify;">
<b>Linux :: </b><a href="http://dev.inversepath.com/ftester/ftester-latest.tar.gz" target="_blank">FTester-Latest</a> (.tar.gz)<b><br /></b></div>
<div style="text-align: justify;">
<b>Official Website ::</b> <a href="http://www.inversepath.com/ftester.html" target="_blank">http://www.inversepath.com/ftester.html</a></div>

FTester (Testing Firewall Filtering Policies and IDS Capabilities) :: Tools

The Firewall Tester (FTester) is a tool designed for testing firewall filtering policies and Intrusion Detection System (ID...

Wafw00f (Web Application Firewall Detection) :: Tools

<div class="separator" style="clear: both; text-align: center;">
<a href="http://1.bp.blogspot.com/-9hNDwHpyIO8/UwiK-X0947I/AAAAAAAABkY/RZBeQUnYjq0/s1600/wafw00f+screenshot.JPG" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img alt="wafw00f screenshot" border="0" height="281" src="http://1.bp.blogspot.com/-9hNDwHpyIO8/UwiK-X0947I/AAAAAAAABkY/RZBeQUnYjq0/s1600/wafw00f+screenshot.JPG" title="wafw00f screenshot" width="400" /></a></div>
<div style="text-align: justify;">
<b>Web Application Firewalls (WAFs) </b>can be detected through 
stimulus/response testing scenarios. Here is a short listing of possible
 detection methods:
</div>
<ul style="text-align: justify;">
<li><b>Cookies</b>: Some WAF products add their own cookie in the HTTP communication.
</li>
<li><b>Server Cloaking</b>: Altering URLs and Response Headers
</li>
<li><b>Response Codes</b>: Different error codes for hostile pages/parameters values
</li>
<li><b>Drop Action</b>: Sending a FIN/RST packet (technically could also be an IDS/IPS)
</li>
<li><b>Pre Built-In Rules</b>: Each WAF has different negative security signatures
</li>
</ul>
<div style="text-align: justify;">
<b>WafW00f </b>is based on these assumptions to determine remote WAFs. </div>
<h3 style="text-align: justify;">
Tutorials ::</h3>
<pre>$ <b>python wafw00f.py http://www.aldeid.com</b>
                                ^     ^
       _   __  _   ____ _   __  _    _   ____
      ///7/ /.' \ / __////7/ /,' \ ,' \ / __/
     | V V // o // _/ | V V // 0 // 0 // _/  
     |_n_,'/_n_//_/   |_n_,' \_,' \_,'/_/    
                               <   
                                ...'
                                
   WAFW00F - Web Application Firewall Detection Tool
   
   By Sandro Gauci && Wendel G. Henrique

Checking http://www.aldeid.com
Generic Detection results:
The site http://www.aldeid.com <span style="background: #ffff00; color: black;">seems to be behind a WAF </span>
Reason: Blocking is being done at connection/packet level.
Number of requests: 13</pre>
<div style="text-align: justify;">
<br /></div>
<h3 style="text-align: justify;">
Download ::</h3>
<div style="text-align: justify;">
<b>Linux :: </b></div>
<pre>$ <b>cd /data/pentest/web/</b>
$ <b>svn checkout <a class="external free" href="http://waffit.googlecode.com/svn/trunk/" rel="nofollow" target="_blank">http://waffit.googlecode.com/svn/trunk/</a> waffit-read-only</b></pre>
<div style="text-align: justify;">
<b>Official Website ::</b> <a href="http://www.aldeid.com/wiki/Wafw00f">http://www.aldeid.com/wiki/Wafw00f</a></div>

Wafw00f (Web Application Firewall Detection) :: Tools

Web Application Firewalls (WAFs) can be detected through stimulus/response testing scenarios. Here is a short listing of possible detec...

ModSecurity (Web Application Firewall) :: Tools

<div style="text-align: justify;">
<div class="separator" style="clear: both; text-align: center;">
<img alt="modsecurity logo" border="0" height="212" src="http://3.bp.blogspot.com/-9zzXy65oit4/UqhzCp9d89I/AAAAAAAABOY/S7ZlF1x1TlE/s640/mod-security+logo.jpg" title="modsecurity logo" width="640" /></div>
</div>
<div style="text-align: justify;">
<b>ModSecurity</b> is a <i>web application firewall</i> that can work either embedded  or as a <b>reverse proxy</b>. It provides protection from a range of <a href="http://www.toolwar.com/search/label/Attack" target="_blank">attacks</a>  against web applications and allows for HTTP traffic monitoring, logging  and real-time analysis. </div>
<h2 style="text-align: justify;">
ModSecurity: Overview</h2>
<div style="text-align: justify;">
</div>
<div style="text-align: justify;">
With over 70% of all attacks now carried out over the web application  level, organisations need every help they can get in making their  systems secure. <b>Web application firewalls</b> are deployed to establish an  external <a href="http://security/" target="_blank">security</a> layer that increases security, detects, and prevents  attacks before they reach web applications. </div>
<h3 style="text-align: justify;">
HTTP Traffic Logging</h3>
<div style="text-align: justify;">
<a href="http://www.toolwar.com/search/label/Web" target="_blank">Web</a> servers are typically well-equipped to log traffic in a form useful  for marketing analyses, but fall short when it comes to logging of  traffic to web applications. In particular, most are not capable of  logging the request bodies. Your adversaries know this, and that is why  most attacks are now carried out via POST requests, rendering your  systems blind. </div>
<div style="text-align: justify;">
ModSecurity makes full HTTP transaction logging possible, allowing  complete requests and responses to be logged. Its logging facilities  also allow fine-grained decisions to be made about exactly what is  logged and when, ensure only the relevant data is recorded. </div>
<h3 style="text-align: justify;">
Real-Time Monitoring and Attack Detection</h3>
<div style="text-align: justify;">
In addition to providing logging facilities, <b>ModSecurity</b> can <a href="http://www.toolwar.com/search/label/Monitoring" target="_blank">monitor</a> the  HTTP traffic in real time in order to detect attacks. In this case <b> ModSecurity</b> operates as a web intrusion detection tool, allowing you to  react to suspicious events that take place at your web systems. </div>
<h3 style="text-align: justify;">
Attack Prevention and Just-in-time Patching</h3>
<div style="text-align: justify;">
<b>ModSecurity</b> can also act immediately to prevent attacks from reaching  your web applications. There are three commonly used approaches: </div>
<ol style="text-align: justify;">
<li><b>Negative security model.</b> Negative security model monitors  requests for anomalies, unusual behaviour, and common web application  attacks. It keeps anomaly scores for each request, IP addresses,  application sessions, and user accounts. Requests with high anomaly  scores are either logged or rejected altogether. </li>
<li><b>Known weaknesses and vulnerabilities.</b> Its rule language  makes ModSecurity an ideal external patching tool. External patching is  all about reducing the window of opportunity. Time needed to patch  application vulnerabilities often runs to weeks in many organisations.  With ModSecurity, applications can be patched from the outside, without  touching the application source code (and even without any access to  it), making your systems secure until a proper patch is produced. </li>
<li><b>Positive security model.</b> When positive security model is  deployed, only requests that are known to be valid are accepted, with  everything else rejected. This approach works best with applications  that are heavily used but rarely updated. </li>
</ol>
<h3 style="text-align: justify;">
Flexible Rule Engine</h3>
<div style="text-align: justify;">
A flexible rule engine sits in the heart of ModSecurity. It  implements the ModSecurity Rule <a href="http://www.toolwar.com/search/label/Language" target="_blank">Language</a>, which is a specialised  programming language designed to work with HTTP transaction data. The  <b>ModSecurity</b> Rule Language was designed to be easy to use, yet flexible:  common operations are simple while complex operations are possible.</div>
<div style="text-align: justify;">
Certified ModSecurity Rules, included with subscription to  <b>ModSecurity</b>, contain a comprehensive set of rules that implement  general-purpose hardening, common web application security issues.  Heavily commented, these rules can be used as a learning tool.</div>
<h3 style="text-align: justify;">
Embedded Deployment</h3>
<div style="text-align: justify;">
ModSecurity is an embeddable web application firewall, which means it  can be deployed as part of your existing web server infrastructure  (Apache, IIS7 and Nginx).</div>
<div style="text-align: justify;">
This deployment method has certain advantages:</div>
<ol style="text-align: justify;">
<li>No changes to existing network. It only takes a few minutes to add  ModSecurity to your existing web servers. And because it was designed to  be completely passive by default, you are free to deploy it  incrementally and only use the features you need. It is equally easy to  remove or deactivate it should decide you don't want it any more. </li>
<li>No single point of failure. Unlike with network-based  deployments, you will not be introducing a new point of failure to your  system. </li>
<li>Implicit load balancing and scaling. Because it works embedded  in web servers, <b>ModSecurity</b> will automatically take advantage of the  additional load balancing and scalability features. You will not need to  think of load balancing and scaling unless your existing system needs  them. </li>
<li>Minimal overhead. Because it works from inside the web server  process there is no overhead for network communication and minimal  overhead in parsing and data exchange. </li>
<li>No problem with encrypted or compressed content. Many <a href="http://www.toolwar.com/search/label/IDS" target="_blank">IDS</a>  systems have difficulties analysing SSL traffic. This is not a problem  for ModSecurity because it is positioned to work when the traffic is  decrypted and decompressed.  </li>
</ol>
<div style="text-align: justify;">
ModSecurity is known to work well on a wide range of operating systems.  Our customers are successfully running it on <a href="http://www.toolwar.com/search/label/Linux" target="_blank">Linux</a>, <a href="http://www.toolwar.com/search/label/Windows" target="_blank">Windows</a>, Solaris,  FreeBSD, OpenBSD, NetBSD, AIX, Mac OS X, and HP-UX. </div>
<h3 style="text-align: justify;">
Network-Based Deployment</h3>
<div style="text-align: justify;">
<b>ModSecurity</b> works equally well when deployed as part of a reverse proxy  server, and many of our customers choose to do so. In this scenario, one  installation of <b>ModSecurity </b>can protect any number or type of back-end  web servers. </div>
<div style="text-align: justify;">
<br /></div>
<h3 style="text-align: justify;">
Tutorials ::</h3>
<div class="separator" style="clear: both; text-align: center;">
</div>
<div class="separator" style="clear: both; text-align: center;">
<iframe allowfullscreen="allowfullscreen" frameborder="0" height="266" mozallowfullscreen="mozallowfullscreen" src="https://www.youtube.com/embed/7w9aHEx-BmE?feature=player_embedded" webkitallowfullscreen="webkitallowfullscreen" width="320"></iframe></div>
<div style="text-align: justify;">
</div>
<div style="text-align: justify;">
</div>
<div style="text-align: justify;">
</div>
<div style="text-align: justify;">
<br /></div>
<div class="separator" style="clear: both; text-align: center;">
<iframe allowfullscreen="allowfullscreen" frameborder="0" height="266" mozallowfullscreen="mozallowfullscreen" src="https://www.youtube.com/embed/P-KJU785CKg?feature=player_embedded" webkitallowfullscreen="webkitallowfullscreen" width="320"></iframe></div>
<div style="text-align: justify;">
<br /></div>
<div class="separator" style="clear: both; text-align: center;">
<iframe allowfullscreen="allowfullscreen" frameborder="0" height="266" mozallowfullscreen="mozallowfullscreen" src="https://www.youtube.com/embed/nMGtIgrVv8s?feature=player_embedded" webkitallowfullscreen="webkitallowfullscreen" width="320"></iframe></div>
<div style="text-align: justify;">
<br /></div>
<h3 style="text-align: justify;">
Download :: </h3>
<div style="text-align: justify;">
<b>Linux :: </b></div>
<div style="text-align: justify;">
<b>Installation - Ubuntu/Debian</b>

<span style="font-family: "Courier New",Courier,monospace;"> </span><br />
<span style="font-family: "Courier New",Courier,monospace;">$ sudo apt-get install libapache2-mod-security </span><br />
<span style="font-family: "Courier New",Courier,monospace;">$ sudo a2enmod mod-security </span><br />
<span style="font-family: "Courier New",Courier,monospace;">$ sudo /etc/init.d/apache2 force-reload</span><br />
<br />
 <b>Installation - Fedora/CentOS</b><span style="font-family: "Courier New",Courier,monospace;"> </span><br />
<span style="font-family: "Courier New",Courier,monospace;">$ sudo yum install mod_security </span><br />
<span style="font-family: "Courier New",Courier,monospace;">$ sudo /etc/init.d/httpd restart</span>

<b> </b><br />
<br />
<b>Windows ::</b></div>
<ul>
<li><a href="https://www.modsecurity.org/tarball/2.7.5/ModSecurityIIS_2.7.5.msi">ModSecurity for IIS MSI Installer</a> </li>
<li><a href="https://www.modsecurity.org/tarball/2.7.5/ModSecurityIIS_2.7.5.msi.sha256">ModSecurity for IIS MSI Installer SHA25</a></li>
</ul>
<b>Official Website :: </b><a href="http://www.modsecurity.org/">http://www.modsecurity.org/</a><br />
<ul>
</ul>
<div style="text-align: justify;">
</div>

ModSecurity (Web Application Firewall) :: Tools

ModSecurity is a web application firewall that can work either embedded or as a reverse proxy . It provides protection from a range ...

Vulture (Reverse Proxy and Web Application Firewall) :: Tools

<div class="separator" style="clear: both; text-align: justify;">
<img alt="Vulture Web Application firewall logo" border="0" height="120" src="http://4.bp.blogspot.com/-yuT35kJ2Nlk/UoYK6QPEPXI/AAAAAAAABDU/Z7ibyE9qJSY/s640/vulture+web+application+firewall+logo.png" title="Vulture Web Application firewall logo" width="640" /></div>
<div style="text-align: justify;">
<b>Vulture </b>is a <i><span itemprop="description">Open Source Reverse Proxy / Web Application Firewall</span></i><b>. Vulture </b>is a Web-SSO solution based on technology<i> reverse <a href="http://www.toolwar.com/search/label/Proxy" target="_blank">proxy</a></i> 
implemented on a base Apache 2.2. Vulture also provides <i>application <a href="http://www.toolwar.com/search/label/Firewalls" target="_blank">firewall</a></i> functionality and interfaces between <i><a href="http://www.toolwar.com/search/label/Web" target="_blank">Web</a> applications </i>and 
Internet to provide unified <a href="http://www.toolwar.com/search/label/Security" target="_blank">security</a> and authentication.
</div>
<h3 style="text-align: justify;">
<b>Features :: </b></h3>
<div style="text-align: justify;">
The authentication of users with many methods supported
LDAP, SQL, text file, radius server, digital certificates ...
Modular design allows you to add new authentication methods
The spread of authentication on protected applications
The encryption flow
Filtering and rewriting content
Some features to protect against injection attacks
Load balancing
.</div>
<h3 style="text-align: justify;">
Download ::</h3>
<div style="text-align: justify;">
<b>Windows :: </b><a href="https://googledrive.com/host/0B73hnOQoTupkUkdwM2VGOGNWVTA/" target="_blank">Vulture 2.0.7</a> </div>
<h2 style="text-align: justify;">
 <span class="mw-headline" id="Details"> </span></h2>

Vulture (Reverse Proxy and Web Application Firewall) :: Tools

Vulture is a Open Source Reverse Proxy / Web Application Firewall . Vulture is a Web-SSO solution based on technology reverse proxy im...

Comodo Firewall :: Tools

<div style="text-align: justify;">
<div class="separator" style="clear: both; text-align: center;">
<img alt="Comodo Firewall logo" border="0" src="http://2.bp.blogspot.com/-LCEYyELJBBQ/UoYJylytiwI/AAAAAAAABDM/ads-3CY5ers/s1600/comodo-firewall+logo.png" title="Comodo Firewall logo" /></div>
<b>Comodo Firewall</b>  Pro introduces the next evolution in <i>computer security</i>: Default Deny  Protection (DDP™). What is DDP? Most security programs maintain a list  of known <a href="http://www.toolwar.com/search/label/Malware" target="_blank">malware</a>, and use that list to decide which applications and  files shouldn't access a PC. The problem here is obvious. What if the  list of malware is missing some entries, or isn't up to date?</div>
<div style="text-align: justify;">
<b>Comodo <a href="http://www.toolwar.com/search/label/Firewalls" target="_blank">Firewall</a> </b>is the best choice for users seeking a<b> full featured <a href="http://www.toolwar.com/search/label/Security" target="_blank"> security</a> suite.</b> This latest release is suitable for both lightly-skilled  users (still must have knowledge of installed programs) and technically  advanced users. Its robust and active HIPS (or application monitoring  feature), called "Defense+", matches or exceeds the security performance  of pay products. Comodo allows for much control and customization for  the curious or the paranoid. </div>
<div style="text-align: justify;">
<b>Comodo</b> includes a "<i>memory firewall</i>" (against buffer overflow  attacks) and a light sandbox component to limit the way unknown  applications and new software installations affect your computer. The  use of sandbox protection limits the negative effects of malware. It  maintains a lengthy list of known safe applications, but if an unknown  application attempts entry through the firewall, <b>Comodo</b> will deny the  application and ask the user what to do. The new release contains user  friendly features by default while allowing experienced users to  maintain control over ports, protocols, and configurations. </div>
<div style="text-align: justify;">
DDP fixes this problem to ensure complete security. The <b> firewall </b>references a list of over two million known PC-friendly  applications. If a file that is not on this safe-list knocks on your  PC's door, the Firewall immediately alerts you to the possibility of  attacking malware. All this occurs before the <a href="http://www.toolwar.com/search/label/Malware" target="_blank">malware</a> infects your  computer. It's prevention-based security, the only way to keep PCs  totally safe.</div>
<h3 style="font-size: 16px; margin-bottom: 10px; margin-top: 15px; padding: 10px 0px 0px; text-align: justify;">
5 top secrets why Comodo Firewall is different</h3>
<ul class="facts-list" style="text-align: justify;">
<li>No complex configuration issues—perfect for amateur users </li>
<li>Quickly learns user behavior to deliver personalized protection</li>
<li>User-friendly, attractive graphical interface</li>
<li>Lots of configuration options let techies configure things just as they like</li>
<li>DDP-based security keeps you informed and PCs safe</li>
</ul>
<div style="text-align: justify;">
One of the first steps in securing a computer is downloading  and activating a quality firewall to repel intruders. Only this free  firewall software has access to Comodo's extensive safe-list of  PC-friendly applications, a key component of Default Deny Protection™.</div>
<h3>
<b>System Requirements:</b></h3>
<div style="text-align: justify;">
Windows 7 / Vista / XP SP2 / Windows 8, 152 MB RAM / 400 MB space</div>
<div style="text-align: justify;">
<br /></div>
<h3 style="text-align: justify;">
Tutorial :: </h3>
<div class="separator" style="clear: both; text-align: center;">
<iframe allowfullscreen="allowfullscreen" frameborder="0" height="266" mozallowfullscreen="mozallowfullscreen" src="https://www.youtube.com/embed/T4uAAgicpZ4?feature=player_embedded" webkitallowfullscreen="webkitallowfullscreen" width="320"></iframe></div>
<h3 style="text-align: justify;">
Download ::  </h3>
<div style="text-align: justify;">
<b>Windows ::</b> <a href="http://www.comodo.com/home/download/download.php?prod=firewall" target="_blank">Comodo Firewall</a></div>
<h3 style="text-align: justify;">
</h3>

Comodo Firewall :: Tools

Comodo Firewall Pro introduces the next evolution in computer security : Default Deny Protection (DDP™). What is DDP? Most security pr...

Netfilter (Firewalling, NAT and Packet Managing ) :: Tools

<div dir="ltr" style="text-align: left;" trbidi="on">
<div class="separator" style="clear: both; text-align: center;">
<img alt="netfilter logo" border="0" src="http://2.bp.blogspot.com/-auREqVRNzpo/UmvvilN5F3I/AAAAAAAAA7U/4Ou1XYA-uhw/s1600/netfilter-logo2.png" title="netfilter logo" /></div>
<div style="text-align: justify;">
<b>Netfilter</b> is a <i>powerful packet filter implemented</i> in the standard Linux  kernel. The userspace iptables tool is used for configuration. It now  supports packet filtering (stateless or stateful), all kinds of network  address and port translation (NAT/NAPT), and multiple API layers for 3rd  party extensions. It includes many different modules for handling  unruly protocols such as FTP.</div>
<div style="text-align: justify;">
<b>netfilter</b> is a set of hooks inside the Linux kernel that allows kernel modules to register callback functions with the network stack.  A registered callback function is then called back for every packet that traverses the respective hook within the network stack. iptables is a generic table structure for the definition of rulesets.  Each rule within an IP table consists of a number of classifiers (iptables matches) and one connected action (iptables target). </div>
<h2 class="title" style="clear: both; text-align: justify;">
Main Features</h2>
<div class="itemizedlist" style="text-align: justify;">
<ul class="itemizedlist" type="bullet">
<li class="listitem" style="list-style-type: disc;">stateless packet filtering (IPv4 and IPv6)</li>
<li class="listitem" style="list-style-type: disc;">stateful packet filtering (IPv4 and IPv6)</li>
<li class="listitem" style="list-style-type: disc;">all kinds of network address and port translation, e.g. NAT/NAPT (IPv4 and IPv6)</li>
<li class="listitem" style="list-style-type: disc;">flexible and extensible infrastructure</li>
<li class="listitem" style="list-style-type: disc;">multiple layers of API's for 3rd party extensions</li>
</ul>
</div>
<div style="text-align: justify;">
<br />
<div class="separator" style="clear: both; text-align: center;">
<iframe allowfullscreen="allowfullscreen" frameborder="0" height="266" mozallowfullscreen="mozallowfullscreen" src="https://www.youtube.com/embed/kcOzdpi8cwg?feature=player_embedded" webkitallowfullscreen="webkitallowfullscreen" width="320"></iframe></div>
</div>
<div style="text-align: justify;">
<br />
<b>Download Here :: </b>git clone git://git.netfilter.org/iptables.git<br />
<br />
<b>Official Website :: </b>http://www.netfilter.org/</div>
</div>

Netfilter (Firewalling, NAT and Packet Managing ) :: Tools

Netfilter is a powerful packet filter implemented in the standard Linux kernel. The userspace iptables tool is used for configuration...

Burp Suite 2020.12.1 :: Tools

<div dir="ltr" style="text-align: left;" trbidi="on">
<div class="separator" style="clear: both; text-align: center;"><a href="https://1.bp.blogspot.com/-vZuABOGgQz8/X_nBf1XbwdI/AAAAAAAACG4/z0LB5_EhCQgo-5gMnD-u7ezlhYVeZQ0IwCLcBGAsYHQ/s836/Burp-Suite-Professional-2020-Free-Download.jpg" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img alt="Burp Suite Professional 2020.12.1" border="0" data-original-height="484" data-original-width="836" height="231" src="https://1.bp.blogspot.com/-vZuABOGgQz8/X_nBf1XbwdI/AAAAAAAACG4/z0LB5_EhCQgo-5gMnD-u7ezlhYVeZQ0IwCLcBGAsYHQ/w400-h231/Burp-Suite-Professional-2020-Free-Download.jpg" title="Burp Suite Professional 2020.12.1" width="400" /></a></div><br /><div style="text-align: justify;">
<b>Burp Suite</b> is a large platform for performing security testing of web applications. Its various tools work seamlessly  together to support the entire testing process, from initial mapping and  analysis of an application's attack surface, through to finding and  exploiting security vulnerabilities. </div>
<div style="text-align: justify;">
Burp gives you full control, letting you combine advanced manual  techniques with state-of-the-art automation, to make your work faster, more  effective, and more fun.</div>
<div style="text-align: justify;">
It contains a variety of tools with numerous interfaces between them  designed to facilitate and speed up the process of attacking an  application. All of the tools share the same framework for handling and  displaying HTTP messages, persistence, authentication, proxies, logging,  alerting and extensibility.  There is a limited free version and also  Burp Suite Professional ($399 per user per year). </div>
<div class="rounded-corner-box grey-box">
<ul class="green-list" style="text-align: justify;">
<li>An intercepting <b>Proxy</b>,  which lets you inspect and modify traffic between your browser and the  target application.</li>
<li>An application-aware <b>Spider</b>,  for crawling content and functionality.</li>
<li>An advanced web application <b>Scanner</b>,  for automating the detection of numerous types of vulnerability.</li>
<li>An <b>Intruder</b> tool, for  performing powerful customized attacks to find and exploit unusual  vulnerabilities.</li>
<li>A <b>Repeater</b> tool, for  manipulating and re-sending individual requests.</li>
<li>A <b>Sequencer</b> tool, for  testing the randomness of session tokens.</li>
<li>The ability to <b> save your work</b> and resume working later.</li>
<li><b>Extensibility</b>, allowing you  to easily write your own plugins, to perform complex and highly  customized tasks within Burp.</li>
</ul>
<div class="separator" style="clear: both; text-align: center;">
<iframe allowfullscreen="allowfullscreen" frameborder="0" height="266" mozallowfullscreen="mozallowfullscreen" src="https://www.youtube.com/embed/pBkzvp7xuCI?feature=player_embedded" webkitallowfullscreen="webkitallowfullscreen" width="320"></iframe></div>
<div style="text-align: center;">
</div>
<div style="text-align: left;">
<br />
<b>Download Here :: </b><a href="https://portswigger.net/burp/releases/professional-community-2020-12-1" target="_blank">Burp Suite v2020.12.1</a><b>
</b></div>
<div style="text-align: left;">
<b>Source ::</b> http://portswigger.net/index.html</div>
</div>
</div>

Burp Suite 2020.12.1 :: Tools

Burp Suite is a large platform for performing security testing of web applications. Its various tools work seamlessly together to suppor...

Snort (Network Intrusion Prevention and Detection System) :: Tools

<div dir="ltr" style="text-align: left;" trbidi="on">
<div class="separator" style="clear: both; text-align: center;">
 <img alt="Snort logo" border="0" src="http://www.aboutdebian.com/snort-logo.gif" title="Snort logo" /></div>
<div class="separator" style="clear: both; text-align: justify;">
<b>Snort®</b> is an <i>free open source network intrusion prevention and   detection system (IDS/IPS)</i> developed by <b>Sourcefire</b>.  Combining the benefits of signature, protocol, and anomaly-based  inspection, Snort is the most widely deployed IDS/IPS technology  worldwide. With millions of downloads and nearly 400,000 registered  users, Snort has become the de facto standard for IPS. </div>
<div class="separator" style="clear: both; text-align: justify;">
This network intrusion detection and prevention system excels at traffic  analysis and packet logging on IP networks. Through protocol analysis,  content searching, and various pre-processors, Snort detects thousands  of worms, vulnerability exploit attempts, port scans, and other  suspicious behavior. Snort uses a flexible rule-based language to  describe traffic that it should collect or pass, and a modular detection  engine. Also check out the free Basic Analysis and Security Engine (BASE), a web interface for analyzing Snort alerts.   While <b>Snort</b> itself is free and open source, parent company SourceFire  offers their VRT-certified rules for $499 per sensor per year and a  complementary product line of software and appliances with more  enterprise-level features.  Sourcefire also offers a free 30-day delayed  feed. </div>
<div class="separator" style="clear: both; text-align: justify;">
<br /></div>
<div class="separator" style="clear: both; text-align: center;">
<iframe allowfullscreen="allowfullscreen" frameborder="0" height="266" mozallowfullscreen="mozallowfullscreen" src="https://www.youtube.com/embed/iGuvWQV4iJ4?feature=player_embedded" webkitallowfullscreen="webkitallowfullscreen" width="320"></iframe></div>
<div style="text-align: center;">
<u><b>
</b></u></div>
<div style="text-align: left;">
<br />
<b>Download Here</b><b> </b><b>:: </b><a href="http://www.snort.org/snort-downloads" target="_blank">All Platforms</a><u><b>
</b></u></div>
<div style="text-align: left;">
<b>Official Website</b><b> :: </b>http://www.snort.org/</div>
</div>

Snort (Network Intrusion Prevention and Detection System) :: Tools

Snort® is an free open source network intrusion prevention and detection system (IDS/IPS) developed by Sourcefire . Combining the...

Subscribe to: Posts ( Atom )