ToolWar | Information Security (InfoSec) Tools: IDS

Suricata (IDS/IPS Engine) :: Tools

<div style="text-align: justify;">
<div class="separator" style="clear: both; text-align: center;">
<img alt="suricata logo" border="0" height="265" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEjBA8R1kVvwx8gIls0T9zJesWG83diVGoQDvpgQ64t30hKH72d_JYtyh6xI7vCSI20ZvkEvN3A3va6GdCt1J0dGvzTFshoa1K338lSeSq1we3BTEUrhBpV9mg7FY32RNfglod3Y94UbDU91/s1600/suricata.png" title="suricata logo" width="320" /></div>
<b>The Suricata Engine</b> is an <b>Open Source Next Generation Intrusion Detection and Prevention Engine.</b> This engine is not intended to just replace or emulate the existing <a href="http://www.toolwar.com/search/label/Tools" target="_blank">tools</a> in the industry, but will bring new ideas and technologies to the field.<br />
<br />
<b>OISF</b> is part of and funded by the Department of Homeland Security's Directorate for Science and Technology HOST program (Homeland Open Security Technology), by the the Navy's Space and Naval Warfare Systems Command (SPAWAR), as well as through the very generous support of the members of the OISF Consortium. More information about the Consortium is available, as well as a list of our current Consortium Members.<br />
<br />
The <b>Suricata </b>Engine and the HTP Library are available to use under the GPLv2.<br />
<br />
The HTP Library is an HTTP normalizer and parser written by Ivan Ristic of Mod <a href="http://www.toolwar.com/search/label/Security" target="_blank">Security</a> fame for the OISF. This integrates and provides very advanced processing of HTTP streams for <b>Suricata</b>. The HTP library is required by the engine, but may also be used independently in a range of applications and tools.</div>
<div style="text-align: justify;">
</div>
<div style="text-align: justify;">
<h3>
Tutorial ::</h3>
<div class="separator" style="clear: both; text-align: center;">
<iframe allowfullscreen="allowfullscreen" frameborder="0" height="266" mozallowfullscreen="mozallowfullscreen" src="https://www.youtube.com/embed/A8e3y2DRiWg?feature=player_embedded" webkitallowfullscreen="webkitallowfullscreen" width="320"></iframe></div>
<div class="separator" style="clear: both; text-align: center;">
</div>
</div>
<div style="text-align: justify;">
<br />
<div class="separator" style="clear: both; text-align: center;">
<iframe allowfullscreen="allowfullscreen" frameborder="0" height="266" mozallowfullscreen="mozallowfullscreen" src="https://www.youtube.com/embed/-CDGwRm2ue8?feature=player_embedded" webkitallowfullscreen="webkitallowfullscreen" width="320"></iframe></div>
<h3>
Download ::</h3>
</div>
<div style="text-align: justify;">
<b>Unix, Linux & Mac :: </b><a href="https://redmine.openinfosecfoundation.org/attachments/download/971/Suricata-1.4.7-1-32bit.msi" target="_blank">Suricata v1.4.7</a> (.tar.gz)<b>
</b></div>
<div style="text-align: justify;">
<b>Windows :: </b><a href="https://redmine.openinfosecfoundation.org/attachments/download/971/Suricata-1.4.7-1-32bit.msi" target="_blank">Suricata v1.4.7.1</a> (.msi)</div>
<div style="text-align: justify;">
<b>Official Website ::</b> <a href="http://www.openinfosecfoundation.org/index.php/download-suricata">http://www.openinfosecfoundation.org/index.php/download-suricata</a></div>

Suricata (IDS/IPS Engine) :: Tools

The Suricata Engine is an Open Source Next Generation Intrusion Detection and Prevention Engine. This engine is not intended to just re...

WAIDPS (Wireless Auditing and IDS/IPS) :: Tools

<div class="MsoNormal" style="text-align: justify;">
<div class="separator" style="clear: both; text-align: center;">
<a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEiP2brw15uNZM6cni3F7-EtWQHYhj-0aNTw7yRP5neqqvJNHGdMiVN1N_0W3-Viquk330eFmeUtUUvL8svfYNwbfTIeN9EHznj0wezjqVUp-xF_BlO8Gs1EjB_PoXg6gp8JdoTV0ztUiuyz/s1600/WAIDPS.png" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" height="281" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEiP2brw15uNZM6cni3F7-EtWQHYhj-0aNTw7yRP5neqqvJNHGdMiVN1N_0W3-Viquk330eFmeUtUUvL8svfYNwbfTIeN9EHznj0wezjqVUp-xF_BlO8Gs1EjB_PoXg6gp8JdoTV0ztUiuyz/s1600/WAIDPS.png" width="400" /></a></div>
<div class="separator" style="clear: both; text-align: center;">
</div>
<span style="font-family: Arial;"><b>WAIDPS</b> (Wireless Auditing, Intrusion Detection and Prevention System) is an open source <b>wireless swissknife</b> written in <a href="http://www.toolwar.com/search/label/Python" target="_blank">Python</a> and work on <a href="http://www.toolwar.com/search/label/Linux" target="_blank">Linux</a> environment. This is a multipurpose tools designed for audit (<a href="http://www.toolwar.com/search/label/Penetration" target="_blank">penetration testing</a>) networks, detect wireless intrusion (WEP/WPA/WPS attacks) and also intrusion prevention (stopping station from associating to access point). Apart from these, it will harvest all <a href="http://www.toolwar.com/search/label/WiFi" target="_blank">WiFi</a> information in the surrounding and store in databases. This will be useful when it comes to auditing a <a href="http://www.toolwar.com/search/label/Network" target="_blank">network </a>if the access point is ‘MAC filtered’ or ‘hidden SSID’ and there isn’t any existing client at that moment. </span></div>
<div class="MsoNormal" style="text-align: justify;">
</div>
<div class="MsoNormal" style="text-align: justify;">
<span style="font-family: Arial;"><b>WAIDPS</b> may be useful to penetration testers, <a href="http://www.toolwar.com/search/label/Wireless" target="_blank">wireless</a> trainers, law enforcement agencies and those who is interested to know more about wireless auditing and protection. The primarily purpose for this script is to detect intrusion. Once wireless detect is found, it display on screen and also log to file on the attack. Additional features are added to current script where previous WIDS does not have are :</span></div>
<div class="MsoNormal" style="margin-left: 0.75in; text-align: justify; text-indent: -0.25in;">
<span style="font-family: Symbol; mso-bidi-font-family: Symbol; mso-fareast-font-family: Symbol;">·<span style="font-family: 'Times New Roman'; font-size: 7pt;">         </span></span><span style="font-family: Arial;">automatically save the attack packets into a file</span></div>
<div class="MsoNormal" style="margin-left: 0.75in; text-align: justify; text-indent: -0.25in;">
<span style="font-family: Symbol; mso-bidi-font-family: Symbol; mso-fareast-font-family: Symbol;">·<span style="font-family: 'Times New Roman'; font-size: 7pt;">         </span></span><span style="font-family: Arial;">interactive mode where users are allow to perform many functions</span></div>
<div class="MsoNormal" style="margin-left: 0.75in; text-align: justify; text-indent: -0.25in;">
<span style="font-family: Symbol; mso-bidi-font-family: Symbol; mso-fareast-font-family: Symbol;">·<span style="font-family: 'Times New Roman'; font-size: 7pt;">         </span></span><span style="font-family: Arial;">allow user to analyse captured packets</span></div>
<div class="MsoNormal" style="margin-left: 0.75in; text-align: justify; text-indent: -0.25in;">
<span style="font-family: Symbol; mso-bidi-font-family: Symbol; mso-fareast-font-family: Symbol;">·<span style="font-family: 'Times New Roman'; font-size: 7pt;">         </span></span><span style="font-family: Arial;">load previously saved pcap file or any other pcap file to be examine</span></div>
<div class="MsoNormal" style="margin-left: 0.75in; text-align: justify; text-indent: -0.25in;">
<span style="font-family: Symbol; mso-bidi-font-family: Symbol; mso-fareast-font-family: Symbol;">·<span style="font-family: 'Times New Roman'; font-size: 7pt;">         </span></span><span style="font-family: Arial;">customizing filters</span></div>
<div class="MsoNormal" style="margin-left: 0.75in; text-align: justify; text-indent: -0.25in;">
<span style="font-family: Symbol; mso-bidi-font-family: Symbol; mso-fareast-font-family: Symbol;">·<span style="font-family: 'Times New Roman'; font-size: 7pt;">         </span></span><span style="font-family: Arial;">customize detection threshold (sensitivity of IDS in detection)</span></div>
<div class="MsoNormal" style="margin-left: 0.5in; text-align: justify;">
</div>
<div class="MsoNormal" style="text-align: justify;">
<span style="font-family: Arial;">At present, <b>WAIDPS</b> is able to detect the following wireless attacks and will subsequently add other detection found in the previous WIDS.</span></div>
<div class="MsoNormal" style="margin-left: 0.75in; text-align: justify; text-indent: -0.25in;">
<span style="font-family: Symbol; mso-bidi-font-family: Symbol; mso-fareast-font-family: Symbol;">·<span style="font-family: 'Times New Roman'; font-size: 7pt;">         </span></span><span style="font-family: Arial;">Association / Authentication flooding</span></div>
<div class="MsoNormal" style="margin-left: 0.75in; text-align: justify; text-indent: -0.25in;">
<span style="font-family: Symbol; mso-bidi-font-family: Symbol; mso-fareast-font-family: Symbol;">·<span style="font-family: 'Times New Roman'; font-size: 7pt;">         </span></span><span style="font-family: Arial;">Detect mass deauthentication which may indicate a possible WPA attack for handshake </span></div>
<div class="MsoNormal" style="margin-left: 0.75in; text-align: justify; text-indent: -0.25in;">
<span style="font-family: Symbol; mso-bidi-font-family: Symbol; mso-fareast-font-family: Symbol;">·<span style="font-family: 'Times New Roman'; font-size: 7pt;">         </span></span><span style="font-family: Arial;">Detect possible WEP attack using the ARP request replay method</span></div>
<div class="MsoNormal" style="margin-left: 0.75in; text-align: justify; text-indent: -0.25in;">
<span style="font-family: Symbol; mso-bidi-font-family: Symbol; mso-fareast-font-family: Symbol;">·<span style="font-family: 'Times New Roman'; font-size: 7pt;">         </span></span><span style="font-family: Arial;">Detect possible WEP attack using chopchop method</span></div>
<div class="MsoNormal" style="margin-left: 0.75in; text-align: justify; text-indent: -0.25in;">
<span style="font-family: Symbol; mso-bidi-font-family: Symbol; mso-fareast-font-family: Symbol;">·<span style="font-family: 'Times New Roman'; font-size: 7pt;">         </span></span><span style="font-family: Arial;">Detect possible WPS pin bruteforce attack by Reaver, Bully, etc.</span></div>
<div class="MsoNormal" style="margin-left: 0.75in; text-align: justify; text-indent: -0.25in;">
<span style="font-family: Symbol; mso-bidi-font-family: Symbol; mso-fareast-font-family: Symbol;">·<span style="font-family: 'Times New Roman'; font-size: 7pt;">         </span></span><span style="font-family: Arial;">Detection of Evil-Twin</span></div>
<div class="MsoNormal" style="margin-left: 0.75in; text-align: justify; text-indent: -0.25in;">
<span style="font-family: Symbol; mso-bidi-font-family: Symbol; mso-fareast-font-family: Symbol;">·<span style="font-family: 'Times New Roman'; font-size: 7pt;">         </span></span><span style="font-family: Arial;">Detection of Rogue Access Point</span></div>
<div class="MsoNormal" style="text-align: justify;">
</div>
<div class="MsoNormal" style="text-align: justify;">
<span style="font-family: Arial;">The whole structure of the <a href="http://www.toolwar.com/search/label/WiFi" target="_blank">Wireless Auditing</a>, <a href="http://www.toolwar.com/search/label/IDS" target="_blank">Intrusion Detection</a> & <a href="http://www.toolwar.com/search/label/IPS" target="_blank">Prevention System</a> will comprise of </span></div>
<div class="MsoNormal" style="text-align: justify;">
<span style="font-family: Arial;">Harvesting WiFi Information         [Done]</span></div>
<div class="MsoNormal" style="text-align: justify;">
<span style="font-family: Arial;">Intrusion Detection                         [Done]</span></div>
<div class="MsoNormal" style="text-align: justify;">
<span style="font-family: Arial;">Intrusion Prevention                       [Done]</span></div>
<div class="MsoNormal" style="text-align: justify;">
<span style="font-family: Arial;">Auditing (Testing network)            [Done]</span></div>
<div class="MsoNormal" style="text-align: justify;">
<span style="font-family: Arial;">Other additional item include analyzing of packets, display of captured dump, display network barchart and much more.</span></div>
<div class="MsoNormal" style="text-align: justify;">
</div>
<div class="MsoNormal" style="text-align: justify;">
<b><span style="font-family: Arial;">Requirements</span></b></div>
<div class="MsoNormal" style="text-align: justify;">
<span style="font-family: Arial;">No special equipment is required to use this script as long as you have the following :</span></div>
<div class="MsoNormal" style="text-align: justify;">
</div>
<div class="MsoNormal" style="text-align: justify;">
<span style="font-family: Arial;">   1. Root access (admin)</span></div>
<div class="MsoNormal" style="text-align: justify;">
<span style="font-family: Arial;">   </span><span style="font-family: Arial;">2. Wireless interface which is capable of monitoring and injection</span></div>
<div class="MsoNormal" style="text-align: justify;">
<span style="font-family: Arial;">   </span><span style="font-family: Arial;">3. Python 2.7 installed </span></div>
<div class="MsoNormal" style="text-align: justify;">
<span style="font-family: Arial;">   </span><span style="font-family: Arial;">4. <a href="http://www.toolwar.com/2013/09/aircrack-ng-12-beta.html" target="_blank">Aircrack-NG suite</a>installed</span></div>
<div class="MsoNormal" style="text-align: justify;">
<span style="font-family: Arial;">   </span><span style="font-family: Arial;">5. TShark installed</span></div>
<div class="MsoNormal" style="text-align: justify;">
<span style="font-family: Arial;">   </span><span style="font-family: Arial;">6 TCPDump installed</span></div>
<div class="MsoNormal" style="text-align: justify;">
<span style="font-family: Arial;">   </span><span style="font-family: Arial;">7 Mergecap installed (for joining pcap files)</span></div>
<div style="text-align: justify;">
<span style="font-family: Arial;">   </span><span style="font-family: Arial;">8 xterm  installed</span></div>
<div style="text-align: justify;">
<div style="text-align: left;">
<br /></div>
<div style="text-align: left;">
<b><span style="font-weight: normal;"><span style="font-family: Arial;"><b>Structure of WAIDS’ Display :: </b></span></span></b></div>
<div class="MsoNormal">
<span style="font-family: Arial;">Before starting with the detail description of the whole application, WAIDPS display structures are separated in several parts. For better understanding, the structures are as below.</span></div>
<div class="MsoNormal">
</div>
<div class="MsoNormal">
<b><span style="font-family: Arial;">WiFi-Harvesting Module</span></b></div>
<div class="MsoNormal">
<span style="font-family: Arial;">- Collecting/Storing of Access Points/Stations details and the relationship with each other. [<b>Access Points / Wireless Clients Listing</b>]</span></div>
<span style="font-family: Arial;">- Displaying of unassociated station information and its probe </span></div>
<div style="text-align: justify;">
<span style="font-family: Arial;">[<b>Unassociated Stations</b>]</span> <br />
<div class="MsoNormal">
<span style="font-family: Arial;">- Allowing user to enter MAC addresses / Names to be monitored </span></div>
<div class="MsoNormal">
<span style="font-family: Arial;">[<b>Monitoring Panel</b>]</span></div>
<span style="font-family: Arial;">- Association of stations to access point, station switch from one access point to another, station acting as both a wireless client and access point, etc </span></div>
<div style="text-align: justify;">
<span style="font-family: Arial;">[<b>Association/Connection Alert</b>]</span> <br />
<div class="MsoNormal">
</div>
<div class="MsoNormal">
<b><span style="font-family: Arial;">Intrusion Detection</span></b></div>
<div class="MsoNormal">
<span style="font-family: Arial;">- Capture/Analyzing of packets </span></div>
<div class="MsoNormal">
<span style="font-family: Arial;">- Displaying of Station/Access Point MAC addresses and detected suspicious data count [<b>Suspicious Activity Listing</b>]</span></div>
<div class="MsoNormal">
<span style="font-family: Arial;">- Displaying of analysed WEP/WPA/WPS attack pattern and its detail [<b>Attack Detected</b>]</span></div>
<div class="MsoNormal">
</div>
</div>
<h3 style="text-align: justify;">
Tutorials ::</h3>
<div style="text-align: justify;">
<b>Screenshots ::  </b><a href="http://syworks.blogspot.in/2014/04/waidps-wireless-auditing-intrusion.html" target="_blank">Click Here</a><br />
<b>Text & Image Tutorial :: </b><a href="http://syworks.blogspot.in/2014/04/waidps-wireless-auditing-intrusion.html" target="_blank">Click Here</a><br />
<b>Installation Tutorial::</b><br />
<div class="separator" style="clear: both; text-align: center;">
<iframe allowfullscreen="allowfullscreen" frameborder="0" height="266" mozallowfullscreen="mozallowfullscreen" src="https://www.youtube.com/embed/aGTQAWoeujA?feature=player_embedded" webkitallowfullscreen="webkitallowfullscreen" width="320"></iframe></div>
<span id="goog_894600077"></span><span id="goog_894600078"></span>
</div>
<div style="text-align: justify;">
<br /></div>
<div style="text-align: justify;">
<b>More Video Tutorials: </b> <a href="https://www.youtube.com/watch?v=s7kzQqOY3X0&index=2&list=PLrekpjW7JwW-T0CeXP8GwudtJmTJ6KZ8O" target="_blank">Click Here</a></div>
<h3 style="text-align: justify;">
Download ::</h3>
<div style="text-align: justify;">
<b>Linux :: </b><a href="https://github.com/SYWorks/waidps/archive/master.zip" target="_blank">WAIDPS</a><b> (.py)</b></div>
<div style="text-align: justify;">
<b>Source ::</b> <a href="https://github.com/SYWorks/waidps" target="_blank">https://github.com/SYWorks/waidps</a> </div>
<div style="text-align: justify;">
<b>Submitted By :: </b>SYChua</div>

WAIDPS (Wireless Auditing and IDS/IPS) :: Tools

WAIDPS (Wireless Auditing, Intrusion Detection and Prevention System) is an open source wireless swissknife written in Python and wo...

AIEngine (Artificial Intelligent Engine) :: Tools

<div class="separator" style="clear: both; text-align: center;">
<img alt="AIEngine (Artificial Intelligent Engine)" border="0" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEjygwBGjzyQv3FxAMBFEPi4jiHrZl-rqa1pCdx-9Ypc4ofp70ziOSWVZj2iWVv2sA9Dx5YI-3q4in1P1E4PBAX0AQABh8-VVaoynf29hQswZ8nNPEuJ9z-vrteUA8KGJFyshyVafOArLC7F/s1600/Artificial+Intelligent+Engine.jpg" title="AIEngine (Artificial Intelligent Engine)" /></div>
<div style="text-align: justify;">
<b>AIEngine</b> is a next generation interactive/programmable packet inspection engine with capabilities of learning without any human intervention, NIDS functionality, DNS domain classification, network collector and many others.  <b><br /></b><br />
<b>AIEngine (Artificial Intelligent Engine)</b> is a <i><a href="http://www.toolwar.com/search/label/Packet" target="_blank">packet</a> inspection engine</i> with capabilities of learning without any human intervention. <b>AIEngine</b> helps <a href="http://www.toolwar.com/search/label/Network" target="_blank">network</a>/security profesionals to <b>identify traffic</b> and develop signatures for use them on<b> </b><i>NIDS, <a href="http://www.toolwar.com/search/label/Firewalls" target="_blank">Firewalls</a>, Traffic classifiers</i> and so on.</div>
<div style="text-align: justify;">
<b>AIEngine</b> is written in c++11 and Python, so by using the flexibility of 
<a href="http://www.toolwar.com/search/label/Python" target="_blank">Python</a>, AIEngine could be integrated easely with other functionalities 
and modules in a easy way.<br />
<h3>
Features ::  </h3>
</div>
<ul>
<li>- Counters for IP fragmentation packets.</li>
<li>- Support for TLS1.2 on the SSLProtocol</li>
<li>- Exposed the FrequencyGroup and the LearnerEngine on python.</li>
<li>- Integrate with NetfilterPython or other packet systems.</li>
<li>- Support for python 3.x versions (check INSTALL).</li>
<li>- Sorts the outputs of the HTTP, SSL and DNS most used domains (aiengine binary).</li>
<li>- Support for HTTP1.1 (URI Cache), all the flows will have all the paths taken by the user.</li>
<li>- Shell support. The system have a interactive shell so the user can interact on realtime with the system.</li>
</ul>
<h3>
Tutorial ::</h3>
<b>Configuration :: </b><a href="https://bitbucket.org/camp0/aiengine/wiki/Configurations" target="_blank">Click Here</a><b> </b><br />
<b>Uses & Examples :: </b><a href="https://bitbucket.org/camp0/aiengine/wiki/Home" target="_blank">Click Here</a><br />
<b>Wiki :: </b><a href="https://bitbucket.org/camp0/aiengine/wiki/Home" target="_blank">Click Here</a><br />
<h3>
Download :: </h3>
<b>Linux :: </b><a href="https://bitbucket.org/camp0/aiengine/downloads/aiengine-1.5.tar.gz" rel="nofollow" target="_blank">AIEngine v1.5</a><b> (.tar.gz)</b><br />
<b>Source ::</b> <a href="https://bitbucket.org/camp0/aiengine/overview">https://bitbucket.org/camp0/aiengine/overview</a><br />
<b>Submitted By :: </b>Luis

AIEngine (Artificial Intelligent Engine) :: Tools

AIEngine is a next generation interactive/programmable packet inspection engine with capabilities of learning without any human interven...

FTester (Testing Firewall Filtering Policies and IDS Capabilities) :: Tools

<div style="text-align: justify;">
<div class="section">
      <div class="separator" style="clear: both; text-align: center;">
<a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEg2h4CgTrZX0VYiu63TmUAtbc4QAObotOLBVPALrQnQ8EFD3Xii02746KHPmYlcOy05O2996O4ZQkhmZ02DFzrpgLuSLR8wzAHvdVCdJO_f9rD6xOK9IV7pzIgiROpp2C_RJvsLGF0IkuR7/s1600/FTester+Screenshot.JPG" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img alt="FTester Screenshot" border="0" height="267" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEg2h4CgTrZX0VYiu63TmUAtbc4QAObotOLBVPALrQnQ8EFD3Xii02746KHPmYlcOy05O2996O4ZQkhmZ02DFzrpgLuSLR8wzAHvdVCdJO_f9rD6xOK9IV7pzIgiROpp2C_RJvsLGF0IkuR7/s1600/FTester+Screenshot.JPG" title="FTester Screenshot" width="400" /></a></div>
The <b>Firewall Tester (FTester)</b> is a tool designed for <b>testing firewall
      filtering policies and Intrusion Detection System (IDS) capabilities.</b><br />

The tool consists of two perl scripts, a <span id="goog_1392660018"></span><a href="http://www.toolwar.com/search/label/Packet">packet injector<span id="goog_1392660019"></span></a> (ftest) and a
      listening <a href="http://www.toolwar.com/search/label/Sniffer">sniffer</a> (ftestd). The first script injects custom packets, defined
      in ftest.conf, with a signature in the data part while the sniffer listens for
      such marked packets. The scripts both write a log file which is in the same
      form for both scripts. A comparison of the two produced log files (ftest.log and ftestd.log)
      outlines the packets that were unable to reach the sniffer due to filtering rules
      if these two scripts are ran on hosts placed on two different sides of a
      <a href="http://www.toolwar.com/search/label/IDS">firewall</a>. Stateful inspection firewalls are handled with the 'connection
      spoofing' option. A script called freport is also available to automatically
      parse the log files.<br />

Using the tool is not a completely automated process, ftest.conf must
      be crafted for every different situation. Examples and rules are included in
      the attached configuration file.<br />

The <a href="http://www.toolwar.com/search/label/IDS">IDS (Intrusion Detection System)</a> testing feature can be used
      either with ftest only or with the additional support of ftestd for handling
      stateful inspection IDS, ftest can also use common IDS evasion techniques. The
      script can also process snort rule definition files.<br />

<h3>
Features:</h3>
<ul>
<li>firewall testing</li>
<li>IDS testing</li>
<li>simulation of real tcp connections for stateful inspection firewalls and IDS</li>
<li>TCP connection spoofing</li>
<li>IP fragmentation / TCP segmentation</li>
<li>IDS evasion techniques</li>
</ul>
<b>NOTE</b>: this tool is now outdated and is presented here for historical
      reasons, a complete rewrite with new features and IPv6 support is scheduled for
      sometime in the future.<br />

</div>
</div>
<div style="text-align: justify;">
<br />
<h3>
Tutorials ::</h3>
<b>Installation ::</b><br />

<div class="MsoNormal">
FTester components are PERL scripts. They can be executed on
any platform with a recent version of PERL. Three perl modules -<span style="mso-spacerun: yes;">Ý </span>Net::RawIP, Net::PcapUtils, and NetPacket ñ
are also required. These can be downloaded at the Comprehensive Perl Archive
Network (<a href="http://www.cpan.org/" target="_new">CPAN</a>), and<span style="color: red;"> </span>you
can install them using the CPAN shell. </div>
<div class="MsoNormal">
Installation is quite simple. <span style="font-family: Courier;">Untar</span>
the latest archive. Everything you need will be decompressed along with an
example configuration file, documentation and a script called <span style="font-family: Courier;">freport</span> for comparing <span style="font-family: Courier;">ftest</span> and <span style="font-family: Courier;">ftestd</span>
log files. Before using the package I recommend to read and fully understand
all documentation.</div>
<b>ManPage ::</b> <a href="http://www.inversepath.com/ftester_man.html" target="_blank">Click Here</a><br />
<b>Documentation :: </b><a href="http://dev.inversepath.com/ftester/README" target="_blank">Click Here</a><br />
<b>Published Paper ::</b> <a href="http://www.tisc-insight.com/newsletters/56.html" target="_blank">Click Here</a></div>
<div style="text-align: justify;">
<h3>
Download ::</h3>
</div>
<div style="text-align: justify;">
<b>Linux :: </b><a href="http://dev.inversepath.com/ftester/ftester-latest.tar.gz" target="_blank">FTester-Latest</a> (.tar.gz)<b><br /></b></div>
<div style="text-align: justify;">
<b>Official Website ::</b> <a href="http://www.inversepath.com/ftester.html" target="_blank">http://www.inversepath.com/ftester.html</a></div>

FTester (Testing Firewall Filtering Policies and IDS Capabilities) :: Tools

The Firewall Tester (FTester) is a tool designed for testing firewall filtering policies and Intrusion Detection System (ID...

Wafw00f (Web Application Firewall Detection) :: Tools

<div class="separator" style="clear: both; text-align: center;">
<a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEjEPFB63-uWGx3aIVZ5ZzxS1NkiNshLYe7Jic5FFeulXya-517a-PboH8hrWZkQpOl-mI9kSJMdQo1aByMhfdZITiQalnRB5h2HIgcbwvGtxg6nKUL_ePCsWTbosFDnmLr2IEwNhPzBYca9/s1600/wafw00f+screenshot.JPG" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img alt="wafw00f screenshot" border="0" height="281" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEjEPFB63-uWGx3aIVZ5ZzxS1NkiNshLYe7Jic5FFeulXya-517a-PboH8hrWZkQpOl-mI9kSJMdQo1aByMhfdZITiQalnRB5h2HIgcbwvGtxg6nKUL_ePCsWTbosFDnmLr2IEwNhPzBYca9/s1600/wafw00f+screenshot.JPG" title="wafw00f screenshot" width="400" /></a></div>
<div style="text-align: justify;">
<b>Web Application Firewalls (WAFs) </b>can be detected through 
stimulus/response testing scenarios. Here is a short listing of possible
 detection methods:
</div>
<ul style="text-align: justify;">
<li><b>Cookies</b>: Some WAF products add their own cookie in the HTTP communication.
</li>
<li><b>Server Cloaking</b>: Altering URLs and Response Headers
</li>
<li><b>Response Codes</b>: Different error codes for hostile pages/parameters values
</li>
<li><b>Drop Action</b>: Sending a FIN/RST packet (technically could also be an IDS/IPS)
</li>
<li><b>Pre Built-In Rules</b>: Each WAF has different negative security signatures
</li>
</ul>
<div style="text-align: justify;">
<b>WafW00f </b>is based on these assumptions to determine remote WAFs. </div>
<h3 style="text-align: justify;">
Tutorials ::</h3>
<pre>$ <b>python wafw00f.py http://www.aldeid.com</b>
                                ^     ^
       _   __  _   ____ _   __  _    _   ____
      ///7/ /.' \ / __////7/ /,' \ ,' \ / __/
     | V V // o // _/ | V V // 0 // 0 // _/  
     |_n_,'/_n_//_/   |_n_,' \_,' \_,'/_/    
                               <   
                                ...'
                                
   WAFW00F - Web Application Firewall Detection Tool
   
   By Sandro Gauci && Wendel G. Henrique

Checking http://www.aldeid.com
Generic Detection results:
The site http://www.aldeid.com <span style="background: #ffff00; color: black;">seems to be behind a WAF </span>
Reason: Blocking is being done at connection/packet level.
Number of requests: 13</pre>
<div style="text-align: justify;">
<br /></div>
<h3 style="text-align: justify;">
Download ::</h3>
<div style="text-align: justify;">
<b>Linux :: </b></div>
<pre>$ <b>cd /data/pentest/web/</b>
$ <b>svn checkout <a class="external free" href="http://waffit.googlecode.com/svn/trunk/" rel="nofollow" target="_blank">http://waffit.googlecode.com/svn/trunk/</a> waffit-read-only</b></pre>
<div style="text-align: justify;">
<b>Official Website ::</b> <a href="http://www.aldeid.com/wiki/Wafw00f">http://www.aldeid.com/wiki/Wafw00f</a></div>

Wafw00f (Web Application Firewall Detection) :: Tools

Web Application Firewalls (WAFs) can be detected through stimulus/response testing scenarios. Here is a short listing of possible detec...

Fragroute :: Tools

<div class="separator" style="clear: both; text-align: center;">
<a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEgZ7jo1_vjG2XgLQxevu8HSHLP5HXWK9U13ZtsPZ-8BjIWb42nfMZoi3lZP38PUekGaUY_b7EUj2OB5KGIYr97sJmVvd8ToD6esQTAUUuliELCScxrLNogl82uw6gc38sPZXclTroqB0vzd/s1600/fragroute.JPG" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img alt="fragroute screenshot" border="0" height="235" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEgZ7jo1_vjG2XgLQxevu8HSHLP5HXWK9U13ZtsPZ-8BjIWb42nfMZoi3lZP38PUekGaUY_b7EUj2OB5KGIYr97sJmVvd8ToD6esQTAUUuliELCScxrLNogl82uw6gc38sPZXclTroqB0vzd/s1600/fragroute.JPG" title="fragroute screenshot" width="400" /></a></div>
<div style="text-align: justify;">
<b>Fragroute</b> intercepts, modifies, and rewrites egress traffic destined for a specified host, implementing most of the attacks described in the Secure Networks "Insertion, Evasion, and Denial of Service: Eluding Network Intrusion Detection" paper of January 1998. </div>
<div style="text-align: justify;">
It features a simple ruleset language to delay, duplicate, drop, fragment, overlap, print, reorder, segment, source-route, or otherwise monkey with all outbound packets destined for a target host, with minimal support for randomized or probabilistic behaviour. </div>
<div style="text-align: justify;">
This tool was written in good faith to aid in the testing of network intrusion detection systems, firewalls, and basic TCP/IP stack behaviour.  Please do not abuse this software. </div>
<h3 style="text-align: justify;">
Tutorials ::</h3>
<b> Required libraries ::</b> <br />
<ul>
<li>libdnet </li>
<li>libpcap </li>
<li>libevent (for non-Windows platforms) </li>
</ul>
<div style="text-align: justify;">
<b>Installation :: </b><a href="http://www.monkey.org/~dugsong/fragroute/INSTALL" target="_blank">Click Here</a></div>
<div style="text-align: justify;">
<b>ManPage :: </b><a href="http://www.monkey.org/~dugsong/fragroute/fragroute.8.txt" target="_blank">Click Here</a><br />
<b>Video Tutorial :: </b> </div>
<div class="separator" style="clear: both; text-align: center;">
<iframe allowfullscreen="allowfullscreen" frameborder="0" height="266" mozallowfullscreen="mozallowfullscreen" src="https://www.youtube.com/embed/k7viy_NN8f4?feature=player_embedded" webkitallowfullscreen="webkitallowfullscreen" width="320"></iframe></div>
<div style="text-align: justify;">
</div>
<h3 style="text-align: justify;">
Download ::</h3>
<div style="text-align: justify;">
<b>Linux :: </b><a href="http://www.monkey.org/~dugsong/fragroute/fragroute-1.2.tar.gz" target="_blank">Fragroute v1.2</a> (.tar.gz)</div>
<div style="text-align: justify;">
<b>Official Website :: </b> <a href="http://www.monkey.org/~dugsong/fragroute/">http://www.monkey.org/~dugsong/fragroute/</a></div>

Fragroute :: Tools

Fragroute intercepts, modifies, and rewrites egress traffic destined for a specified host, implementing most of the attacks described in...

WormTrack (Network IDS) :: Tools

<div style="text-align: justify;">
<div class="separator" style="clear: both; text-align: center;">
<img alt="wormtrack " border="0" height="300" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEhS_UOobtkh2f05uE8fyvAf88MMYAlPr8YiidihA2xGZvHZMsYhmnbVhGG_lwY9beh6w82FX9GdK-B4yEJK56j-SYiyBfKseSVHH6hyc4cS5aWRJgwp1oGurg46HM1l9BIs7JRt2d_jPsWn/s1600/WormTrack.jpg" title="wormtrack " width="400" /></div>
<b>WormTrack</b> is a <b>Network based intrusion detection system (NIDS)</b> designed 
to identify scanning activity on the <a href="http://www.toolwar.com/search/label/Network" target="_blank">network</a>, in particular of <a href="http://www.toolwar.com/search/label/Scanner" target="_blank">scanning</a> 
worms (horizontal scanning of the network). It attempts to do that 
WITHOUT having any type of privileged access to the network equipment, 
for example a MONITOR port on a switch. It also doesn't require a 
constant updating of its signature engine, as new threats are released, 
since it is based on <a href="http://www.toolwar.com/search/label/Detect" target="_blank">detection</a> of anomalous  activity - which all Worms,
 that propagate through the network, would exhibit in order to survive 
and spread efficiently. A <b>Network IDS </b>which allows detection of scanning worms on a Local Area 
Network by <a href="http://www.toolwar.com/search/label/Monitoring" target="_blank">monitoring</a> of anomalous ARP traffic. This allows detection of
 scanning threats on the network, without having a privileged access on a
 Switch to set up a dedicated Monitor PORT, nor does it require a 
constant updating of the rules engine to address new threats. </div>
<h3 style="text-align: justify;">
Tutorials ::</h3>
<div style="text-align: justify;">
<b>General Info & Configuration :: </b><a href="http://code.google.com/p/wormtrack/wiki/GeneralInfo" target="_blank">Click Here</a> </div>
<h3 style="text-align: justify;">
Download ::</h3>
<div style="text-align: justify;">
<b>Linux :: </b><a href="http://wormtrack.googlecode.com/files/wormtrack-0.1.tar.gz" target="_blank">WormTrackv0.1</a> (.tar.gz)<b><br /></b></div>
<div style="text-align: justify;">
<b>Source Website ::</b><a href="http://code.google.com/p/wormtrack/" target="_blank"> http://code.google.com/p/wormtrack/</a></div>

WormTrack (Network IDS) :: Tools

WormTrack is a Network based intrusion detection system (NIDS) designed to identify scanning activity on the network , in particular o...

Pytbull (IDS/IPS Testing) :: Framework

<div style="text-align: justify;">
<div class="separator" style="clear: both; text-align: center;">
 <img alt="pytbull ids mode" border="0" height="291" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEgBUJPMHKujz46n6sRck2NZDM075hEsNEerHmckZ-25awz2AFXTsWET-KZg7ngqkBZi0hpKmBHgm9_EwaLliZYrhmFPjNhRYcjqM3beHBHH4szekg9xDZKMPb1parSaCEd4KfgunPEj-e4f/s1600/pytbull-ids-mode.png" title="pytbull ids mode" width="400" /></div>
<b>Pytbull</b> is an <b>Intrusion Detection/Prevention System (IDS/IPS) testing framework</b> for <i><a href="http://www.toolwar.com/2013/09/snort-tools_7.html" target="_blank">Snort</a> and Suricata.</i> We all know the greatness of these two projects. Even though it concentrates on Snort and Suricata, it can possibly be used to test the <a href="http://www.toolwar.com/search/label/Detect" target="_blank">detection</a> and blocking capabilities of other <b><a href="http://www.toolwar.com/search/label/IDS" target="_blank">IDS</a>/<a href="http://www.toolwar.com/search/label/IPS" target="_blank">IPS</a></b> also. You can also use it to compare IDS/IPS, or compare their configuration modifications or to simply check/validate configurations. The <a href="http://www.toolwar.com/search/label/Frameworks" target="_blank">framework</a> is well equipped with about 300 tests grouped in 8 testing modules, such as:You've just set up your Intrusion Detection/Prevention System  (IDS/IPS) and feel "Now I'm secure". But how can you be so sure? And how  much do you trust your IDS/IPS?</div>
<div style="text-align: justify;">
The only way to ensure your <b>IDS/IPS</b> detects and blocks unwanted  traffic is to test it with specific payloads and <a href="http://www.toolwar.com/search/label/Tools" target="_blank">tools</a>, but this job can  take hours or even days...</div>
<div style="text-align: justify;">
Why all this pain? Here is where pytbull comes in!</div>
<div style="text-align: justify;">
<b>Pytbull</b> is a <a href="http://www.toolwar.com/search/label/Python" target="_blank">python</a> based flexible IDS/IPS <a href="http://www.toolwar.com/search/label/Testing" target="_blank">testing</a> framework  shipped with more than 300 tests, grouped in 9 modules, covering a large  scope of attacks (clientSideAttacks, testRules, badTraffic,  fragmentedPackets, multipleFailedLogins, evasionTechniques, shellCodes,  denialOfService, pcapReplay)</div>
<div style="text-align: justify;">
<br /></div>
<h3 style="text-align: justify;">
Tutorials ::</h3>
<div class="separator" style="clear: both; text-align: center;">
<iframe allowfullscreen="allowfullscreen" frameborder="0" height="266" mozallowfullscreen="mozallowfullscreen" src="https://www.youtube.com/embed/_zS1f-F9niw?feature=player_embedded" webkitallowfullscreen="webkitallowfullscreen" width="320"></iframe></div>
<div style="text-align: justify;">
<br /></div>
<h3 style="text-align: justify;">
Download ::</h3>
<div style="text-align: justify;">
<b>Linux ::</b> <a href="https://downloads.sourceforge.net/project/pytbull/pytbull-2.0.tar.bz2" target="_blank">Pytbull v2.0</a> (.tar.bz2)</div>
<div style="text-align: justify;">
<b>Official Website :: </b>http://pytbull.sourceforge.net/ </div>

Pytbull (IDS/IPS Testing) :: Framework

Pytbull is an Intrusion Detection/Prevention System (IDS/IPS) testing framework for Snort and Suricata. We all know the greatness o...

dotDefender (Web Application Firewall) :: Tools

<div style="text-align: justify;">
<div class="separator" style="clear: both; text-align: center;">
<img alt="dotdefender logo" border="0" height="400" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEgNgB-QvtDSLba1_oj3raWHinKyPHlXi03q3ECtSO3gJ48vp-5nB4zTE6VeGXuf2zMoyT4qML8f8UFcVw3vF3eTqukbzuWA2BuOh0SMj7nVWNE42TjUn1Ljvis_vmEN16ihNYTUeLwR-dwx/s640/dotDefender+logo.jpg" title="dotdefender logo" width="640" /></div>
<br />
<b>dotDefender</b> is the market-leading software <b>Web Application Firewall  (WAF)</b>. <b>dotDefender</b> boasts enterprise-class <a href="http://www.toolwar.com/search/label/Security" target="_blank">security,</a> advanced  integration capabilities, easy maintenance and low total cost of  ownership (TCO). <b>dotDefender</b> is the perfect choice for protecting your  website and <a href="http://www.toolwar.com/search/label/Web" target="_blank">web</a> applications today. </div>
<div style="text-align: justify;">
<br /></div>
<h3 style="text-align: justify;">
<b>Tutorials :: </b></h3>
<div style="text-align: justify;">
<br /></div>
<div class="separator" style="clear: both; text-align: center;">
<iframe allowfullscreen="allowfullscreen" frameborder="0" height="266" mozallowfullscreen="mozallowfullscreen" src="https://www.youtube.com/embed/DKlTdoIiaSU?feature=player_embedded" webkitallowfullscreen="webkitallowfullscreen" width="320"></iframe></div>
<div style="text-align: justify;">
</div>
<h3 style="text-align: justify;">
<b>Download ::</b> </h3>
<div style="text-align: justify;">
<b>Windows :: </b><a href="http://www.applicure.com/downloads/5.12%20no%20SP/DotDefender%20Install%2032Bit%20v5.12.13275%20msi.exe" target="_blank">dotDefender V5.12</a></div>
<div style="text-align: justify;">
<b>Debian :: </b><a href="http://www.applicure.com/downloads/5.12/Linux/i386/dotDefender-5.12.Linux.i386.deb.bin.gz" target="_blank">dotDefender V5.12</a></div>
<div style="text-align: justify;">
<b>Linux :: </b><a href="http://www.applicure.com/downloads/5.12/Linux/i386/dotDefender-5.12.Linux.i386.gen.bin.gz" target="_blank">dotDefender V5.12</a></div>
<b>RPM :: </b><a href="http://www.applicure.com/downloads/5.12/Linux/i386/dotDefender-5.12.Linux.i386.rpm.bin.gz" target="_blank">dotDefender V5.12</a>
<b> </b><br />
<b>Official Website :: </b><a href="http://www.applicure.com/">http://www.applicure.com/</a>

dotDefender (Web Application Firewall) :: Tools

dotDefender is the market-leading software Web Application Firewall (WAF) . dotDefender boasts enterprise-class security, advanced ...

ModSecurity (Web Application Firewall) :: Tools

<div style="text-align: justify;">
<div class="separator" style="clear: both; text-align: center;">
<img alt="modsecurity logo" border="0" height="212" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEgqIaR3MOqqt6M9kImwLEM90dn9peh4HGb7o2VN5_LqA_bdR7pZqI6NiXKpATu9GK7SXtf7mbPlWzHP-zqQrAfCIPEzsQuiMRdYdAsbjCDXBBaqUZI9R5Pk_6no9f8fPoZakuUWdh6BxuN1/s640/mod-security+logo.jpg" title="modsecurity logo" width="640" /></div>
</div>
<div style="text-align: justify;">
<b>ModSecurity</b> is a <i>web application firewall</i> that can work either embedded  or as a <b>reverse proxy</b>. It provides protection from a range of <a href="http://www.toolwar.com/search/label/Attack" target="_blank">attacks</a>  against web applications and allows for HTTP traffic monitoring, logging  and real-time analysis. </div>
<h2 style="text-align: justify;">
ModSecurity: Overview</h2>
<div style="text-align: justify;">
</div>
<div style="text-align: justify;">
With over 70% of all attacks now carried out over the web application  level, organisations need every help they can get in making their  systems secure. <b>Web application firewalls</b> are deployed to establish an  external <a href="http://security/" target="_blank">security</a> layer that increases security, detects, and prevents  attacks before they reach web applications. </div>
<h3 style="text-align: justify;">
HTTP Traffic Logging</h3>
<div style="text-align: justify;">
<a href="http://www.toolwar.com/search/label/Web" target="_blank">Web</a> servers are typically well-equipped to log traffic in a form useful  for marketing analyses, but fall short when it comes to logging of  traffic to web applications. In particular, most are not capable of  logging the request bodies. Your adversaries know this, and that is why  most attacks are now carried out via POST requests, rendering your  systems blind. </div>
<div style="text-align: justify;">
ModSecurity makes full HTTP transaction logging possible, allowing  complete requests and responses to be logged. Its logging facilities  also allow fine-grained decisions to be made about exactly what is  logged and when, ensure only the relevant data is recorded. </div>
<h3 style="text-align: justify;">
Real-Time Monitoring and Attack Detection</h3>
<div style="text-align: justify;">
In addition to providing logging facilities, <b>ModSecurity</b> can <a href="http://www.toolwar.com/search/label/Monitoring" target="_blank">monitor</a> the  HTTP traffic in real time in order to detect attacks. In this case <b> ModSecurity</b> operates as a web intrusion detection tool, allowing you to  react to suspicious events that take place at your web systems. </div>
<h3 style="text-align: justify;">
Attack Prevention and Just-in-time Patching</h3>
<div style="text-align: justify;">
<b>ModSecurity</b> can also act immediately to prevent attacks from reaching  your web applications. There are three commonly used approaches: </div>
<ol style="text-align: justify;">
<li><b>Negative security model.</b> Negative security model monitors  requests for anomalies, unusual behaviour, and common web application  attacks. It keeps anomaly scores for each request, IP addresses,  application sessions, and user accounts. Requests with high anomaly  scores are either logged or rejected altogether. </li>
<li><b>Known weaknesses and vulnerabilities.</b> Its rule language  makes ModSecurity an ideal external patching tool. External patching is  all about reducing the window of opportunity. Time needed to patch  application vulnerabilities often runs to weeks in many organisations.  With ModSecurity, applications can be patched from the outside, without  touching the application source code (and even without any access to  it), making your systems secure until a proper patch is produced. </li>
<li><b>Positive security model.</b> When positive security model is  deployed, only requests that are known to be valid are accepted, with  everything else rejected. This approach works best with applications  that are heavily used but rarely updated. </li>
</ol>
<h3 style="text-align: justify;">
Flexible Rule Engine</h3>
<div style="text-align: justify;">
A flexible rule engine sits in the heart of ModSecurity. It  implements the ModSecurity Rule <a href="http://www.toolwar.com/search/label/Language" target="_blank">Language</a>, which is a specialised  programming language designed to work with HTTP transaction data. The  <b>ModSecurity</b> Rule Language was designed to be easy to use, yet flexible:  common operations are simple while complex operations are possible.</div>
<div style="text-align: justify;">
Certified ModSecurity Rules, included with subscription to  <b>ModSecurity</b>, contain a comprehensive set of rules that implement  general-purpose hardening, common web application security issues.  Heavily commented, these rules can be used as a learning tool.</div>
<h3 style="text-align: justify;">
Embedded Deployment</h3>
<div style="text-align: justify;">
ModSecurity is an embeddable web application firewall, which means it  can be deployed as part of your existing web server infrastructure  (Apache, IIS7 and Nginx).</div>
<div style="text-align: justify;">
This deployment method has certain advantages:</div>
<ol style="text-align: justify;">
<li>No changes to existing network. It only takes a few minutes to add  ModSecurity to your existing web servers. And because it was designed to  be completely passive by default, you are free to deploy it  incrementally and only use the features you need. It is equally easy to  remove or deactivate it should decide you don't want it any more. </li>
<li>No single point of failure. Unlike with network-based  deployments, you will not be introducing a new point of failure to your  system. </li>
<li>Implicit load balancing and scaling. Because it works embedded  in web servers, <b>ModSecurity</b> will automatically take advantage of the  additional load balancing and scalability features. You will not need to  think of load balancing and scaling unless your existing system needs  them. </li>
<li>Minimal overhead. Because it works from inside the web server  process there is no overhead for network communication and minimal  overhead in parsing and data exchange. </li>
<li>No problem with encrypted or compressed content. Many <a href="http://www.toolwar.com/search/label/IDS" target="_blank">IDS</a>  systems have difficulties analysing SSL traffic. This is not a problem  for ModSecurity because it is positioned to work when the traffic is  decrypted and decompressed.  </li>
</ol>
<div style="text-align: justify;">
ModSecurity is known to work well on a wide range of operating systems.  Our customers are successfully running it on <a href="http://www.toolwar.com/search/label/Linux" target="_blank">Linux</a>, <a href="http://www.toolwar.com/search/label/Windows" target="_blank">Windows</a>, Solaris,  FreeBSD, OpenBSD, NetBSD, AIX, Mac OS X, and HP-UX. </div>
<h3 style="text-align: justify;">
Network-Based Deployment</h3>
<div style="text-align: justify;">
<b>ModSecurity</b> works equally well when deployed as part of a reverse proxy  server, and many of our customers choose to do so. In this scenario, one  installation of <b>ModSecurity </b>can protect any number or type of back-end  web servers. </div>
<div style="text-align: justify;">
<br /></div>
<h3 style="text-align: justify;">
Tutorials ::</h3>
<div class="separator" style="clear: both; text-align: center;">
</div>
<div class="separator" style="clear: both; text-align: center;">
<iframe allowfullscreen="allowfullscreen" frameborder="0" height="266" mozallowfullscreen="mozallowfullscreen" src="https://www.youtube.com/embed/7w9aHEx-BmE?feature=player_embedded" webkitallowfullscreen="webkitallowfullscreen" width="320"></iframe></div>
<div style="text-align: justify;">
</div>
<div style="text-align: justify;">
</div>
<div style="text-align: justify;">
</div>
<div style="text-align: justify;">
<br /></div>
<div class="separator" style="clear: both; text-align: center;">
<iframe allowfullscreen="allowfullscreen" frameborder="0" height="266" mozallowfullscreen="mozallowfullscreen" src="https://www.youtube.com/embed/P-KJU785CKg?feature=player_embedded" webkitallowfullscreen="webkitallowfullscreen" width="320"></iframe></div>
<div style="text-align: justify;">
<br /></div>
<div class="separator" style="clear: both; text-align: center;">
<iframe allowfullscreen="allowfullscreen" frameborder="0" height="266" mozallowfullscreen="mozallowfullscreen" src="https://www.youtube.com/embed/nMGtIgrVv8s?feature=player_embedded" webkitallowfullscreen="webkitallowfullscreen" width="320"></iframe></div>
<div style="text-align: justify;">
<br /></div>
<h3 style="text-align: justify;">
Download :: </h3>
<div style="text-align: justify;">
<b>Linux :: </b></div>
<div style="text-align: justify;">
<b>Installation - Ubuntu/Debian</b>

<span style="font-family: "Courier New",Courier,monospace;"> </span><br />
<span style="font-family: "Courier New",Courier,monospace;">$ sudo apt-get install libapache2-mod-security </span><br />
<span style="font-family: "Courier New",Courier,monospace;">$ sudo a2enmod mod-security </span><br />
<span style="font-family: "Courier New",Courier,monospace;">$ sudo /etc/init.d/apache2 force-reload</span><br />
<br />
 <b>Installation - Fedora/CentOS</b><span style="font-family: "Courier New",Courier,monospace;"> </span><br />
<span style="font-family: "Courier New",Courier,monospace;">$ sudo yum install mod_security </span><br />
<span style="font-family: "Courier New",Courier,monospace;">$ sudo /etc/init.d/httpd restart</span>

<b> </b><br />
<br />
<b>Windows ::</b></div>
<ul>
<li><a href="https://www.modsecurity.org/tarball/2.7.5/ModSecurityIIS_2.7.5.msi">ModSecurity for IIS MSI Installer</a> </li>
<li><a href="https://www.modsecurity.org/tarball/2.7.5/ModSecurityIIS_2.7.5.msi.sha256">ModSecurity for IIS MSI Installer SHA25</a></li>
</ul>
<b>Official Website :: </b><a href="http://www.modsecurity.org/">http://www.modsecurity.org/</a><br />
<ul>
</ul>
<div style="text-align: justify;">
</div>

ModSecurity (Web Application Firewall) :: Tools

ModSecurity is a web application firewall that can work either embedded or as a reverse proxy . It provides protection from a range ...

Commview (Network Monitor and Analyzer) :: Tools

<div class="separator" style="clear: both; text-align: center;">
<a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEj325VnPYeEK6ly4CYJXLQZBCnGpXso07Hh__zhit87MylbBCCkFqkhrv2USEX8QJ3ErjhZ8vvoiSFuI52w7VRvAyehbHNdHZTsxguVjHscq6YZUH9TH2Eyrq9_zwLaIzKzsGWI8hbWxTRt/s1600/Commview+for+wifi+screenshot.jpg" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img alt="Commview network analyzer screenshot" border="0" height="227" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEj325VnPYeEK6ly4CYJXLQZBCnGpXso07Hh__zhit87MylbBCCkFqkhrv2USEX8QJ3ErjhZ8vvoiSFuI52w7VRvAyehbHNdHZTsxguVjHscq6YZUH9TH2Eyrq9_zwLaIzKzsGWI8hbWxTRt/s400/Commview+for+wifi+screenshot.jpg" title="Commview network analyzer screenshot" width="400" /></a></div>
<div style="text-align: justify;">
<b>CommView</b> is a powerful <b><a href="http://www.toolwar.com/search/label/Network" target="_blank">network</a> monitor</b> and <b>analyzer</b>  designed for LAN administrators, security professionals, network  programmers, home users…virtually anyone who wants a full picture of the  traffic flowing through a PC or LAN segment. Loaded with many  user-friendly features, <b>CommView </b>combines performance and flexibility  with an ease of use unmatched in the industry.   </div>
<div style="text-align: justify;">
This application captures every packet on the wire to display important information such as a <b>list of <a href="http://www.toolwar.com/search/label/Packet" target="_blank">packets</a> and network connections</b>, vital <b>statistics</b>, protocol distribution <b>charts</b>,  and so on. You can examine, save, filter, import and export captured  packets, view <a href="http://www.toolwar.com/search/label/Protocol" target="_blank">protocol</a> decodes down to the lowest layer with <b>full <a href="http://www.toolwar.com/search/label/Analysis" target="_blank">analysis</a></b> of over 70 widespread protocols. With this information, <b>CommView</b> can help you <b>pinpoint network problems</b> and troubleshoot software and hardware. </div>
<div style="text-align: justify;">
CommView includes a <b>VoIP</b> analyzer for in-depth analysis, recording, and playback of SIP and H.323 voice communications. </div>
<div style="text-align: justify;">
<a href="http://www.tamos.com/upload/iblock/b1486ecd9d485e6e0c1aaa85376617e8.png" id="screenshots" rel="lightbox[shots]" title=""></a>CommView  runs on Windows XP / Vista/ 7 / 8 or <a href="http://www.toolwar.com/search/label/WIndows" target="_blank">Windows</a> Server 2003 / 2008 / 2012  (both 32- and 64-bit versions). It requires a 10/100/1000 Mbps Ethernet,  Wireless Ethernet, or Token Ring network card, or a standard dial-up  adapter. For <b>remote monitoring tasks</b>, you can use our special, optional add-on for CommView: CommView Remote Agent.  It allows CommView users to capture network traffic on any computer  where Remote Agent is running, regardless of the computer's physical  location. This powerful and unique technology broadens your monitoring  range: you are no longer limited by your LAN segment or personal  computer. </div>
<h3 style="text-align: justify;">
How can a network analyzer help me? ::</h3>
<div style="text-align: justify;">
If you are a seasoned professional, you definitely know the answer.  Managing a LAN, creating network-oriented software, or performing a  security audit have one thing in common: You're blind without a good  network monitor. Every day, it helps you <b>maintain efficient network data transmission</b>, <b>test firewalls</b> and <a href="http://www.toolwar.com/search/label/IDS" target="_blank"><b>intrusion detection systems</b></a>, or <b>identify problems</b>  with network-based applications. And there is an important economic  reason behind using a network analyzer: it costs a fraction of the price  of information, time, software, and hardware that may potentially be  lost or wasted by <i>not</i> using a network analyzer. A number of <b>case studies</b> describe real-world applications of CommView  in business, government, and education sectors.  </div>
<div style="text-align: justify;">
If you are new to networking, you'll find CommView extremely  useful for understanding how the Internet and your LAN work. Being a  network analyzer (also commonly referred to as a <i>packet analyzer, network monitor, or packet sniffer</i>), it captures and decodes network traffic and makes sense of it, allowing you to <b>see what, where, and how information leaves and enters your computer</b> -- which is critically important for a secure Internet experience. The Online Tutorial is an excellent resource for learning about the many exciting features CommView offers.   </div>
<div style="text-align: justify;">
Be sure to read our white paper, Promiscuous <a href="http://www.toolwar.com/search/label/Monitoring" target="_blank">Monitoring</a> in Ethernet and <a href="http://www.toolwar.com/search/label/WiFi" target="_blank">Wi-Fi</a> Networks,  that examines the problems related to the deployment and usage of  software-based network monitoring solutions in wired and wireless LANs.  It demonstrates the methods of achieving network traffic visibility in  various network configurations that include hubs, switches, routers,  etc.  </div>
<div style="text-align: justify;">
No matter what user category you belong to, you can be certain  that CommView is the right choice for your network monitoring solution.  </div>
<h3 style="text-align: justify;">
What you can do with CommView ::</h3>
<ul class="bullet" style="text-align: justify;">
<li>View detailed IP connections statistics: IP addresses, ports, sessions, etc.  </li>
<li>Reconstruct TCP sessions.  </li>
<li>Map packets to the application that is sending or receiving them. </li>
<li>View protocols distribution, bandwidth utilization, and network nodes charts and tables.  </li>
<li>Generate traffic reports in real time. </li>
<li>Browse captured and decoded packets in real time.  </li>
<li>Search for strings or hex data in captured packet contents.  </li>
<li>Import and export packets in Sniffer®, EtherPeek™, AiroPeek™,  Observer®, NetMon, and Tcpdump formats, export packets in hex and text  formats.  </li>
<li>Configure alarms that can notify you about important events,  such as suspicious packets, high bandwidth utilization, unknown  addresses, etc. </li>
<li>Create your own plug-ins for decoding any protocol. </li>
<li>Exchange data with your application over TCP/IP. </li>
<li>Export any IP address to SmartWhois for quick, easy IP lookup.  </li>
<li>Capture loopback traffic. </li>
</ul>
<h3>
Tutorials ::</h3>
<div class="separator" style="clear: both; text-align: center;">
<iframe allowfullscreen="allowfullscreen" frameborder="0" height="266" mozallowfullscreen="mozallowfullscreen" src="https://www.youtube.com/embed/hdE-s_SQl50?feature=player_embedded" webkitallowfullscreen="webkitallowfullscreen" width="320"></iframe></div>
<h3>
Download ::</h3>
<b>Windows ::</b> 
<a href="http://www.tamos.com/bitrix/redirect.php?event1=download&event2=commview&event3=cv6&goto=/files/cv6.zip" target="_blank">Commview v6.5 (Trial Version)</a><b><br /></b><br />
<b>Official Website :: </b><a href="http://www.tamos.com/products/commview/">http://www.tamos.com/products/commview/</a>

Commview (Network Monitor and Analyzer) :: Tools

CommView is a powerful network monitor and analyzer designed for LAN administrators, security professionals, network programmers, h...

Vulture (Reverse Proxy and Web Application Firewall) :: Tools

<div class="separator" style="clear: both; text-align: justify;">
<img alt="Vulture Web Application firewall logo" border="0" height="120" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEjcN3Rs0hVvmx1PZMlzm4cKq8LfrgzLmawv5_6MTJGCGcv80todCVORuLNw89N_c_q6Bdo12ScoCZC5pVkwGY4LZjHRpyykzf-7j32yGUKJIY-_FBDWsdfPinXJLDDJ1x8ofO4ztGKtEKS1/s640/vulture+web+application+firewall+logo.png" title="Vulture Web Application firewall logo" width="640" /></div>
<div style="text-align: justify;">
<b>Vulture </b>is a <i><span itemprop="description">Open Source Reverse Proxy / Web Application Firewall</span></i><b>. Vulture </b>is a Web-SSO solution based on technology<i> reverse <a href="http://www.toolwar.com/search/label/Proxy" target="_blank">proxy</a></i> 
implemented on a base Apache 2.2. Vulture also provides <i>application <a href="http://www.toolwar.com/search/label/Firewalls" target="_blank">firewall</a></i> functionality and interfaces between <i><a href="http://www.toolwar.com/search/label/Web" target="_blank">Web</a> applications </i>and 
Internet to provide unified <a href="http://www.toolwar.com/search/label/Security" target="_blank">security</a> and authentication.
</div>
<h3 style="text-align: justify;">
<b>Features :: </b></h3>
<div style="text-align: justify;">
The authentication of users with many methods supported
LDAP, SQL, text file, radius server, digital certificates ...
Modular design allows you to add new authentication methods
The spread of authentication on protected applications
The encryption flow
Filtering and rewriting content
Some features to protect against injection attacks
Load balancing
.</div>
<h3 style="text-align: justify;">
Download ::</h3>
<div style="text-align: justify;">
<b>Windows :: </b><a href="https://googledrive.com/host/0B73hnOQoTupkUkdwM2VGOGNWVTA/" target="_blank">Vulture 2.0.7</a> </div>
<h2 style="text-align: justify;">
 <span class="mw-headline" id="Details"> </span></h2>

Vulture (Reverse Proxy and Web Application Firewall) :: Tools

Vulture is a Open Source Reverse Proxy / Web Application Firewall . Vulture is a Web-SSO solution based on technology reverse proxy im...

Comodo Firewall :: Tools

<div style="text-align: justify;">
<div class="separator" style="clear: both; text-align: center;">
<img alt="Comodo Firewall logo" border="0" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEi92gYqhU6WXsU5QSuwFESFgVBUZRIZ93TAb8ZSRVFkaQCazEWClk9C1VhN3JPzO4FXEOvgIEDZouPKkAeFP2mcTXNqBII0QedzsI8xqmfcaqksPzn22tzvkBWT6GUHRHWO_ipJ5d2WUz_T/s1600/comodo-firewall+logo.png" title="Comodo Firewall logo" /></div>
<b>Comodo Firewall</b>  Pro introduces the next evolution in <i>computer security</i>: Default Deny  Protection (DDP™). What is DDP? Most security programs maintain a list  of known <a href="http://www.toolwar.com/search/label/Malware" target="_blank">malware</a>, and use that list to decide which applications and  files shouldn't access a PC. The problem here is obvious. What if the  list of malware is missing some entries, or isn't up to date?</div>
<div style="text-align: justify;">
<b>Comodo <a href="http://www.toolwar.com/search/label/Firewalls" target="_blank">Firewall</a> </b>is the best choice for users seeking a<b> full featured <a href="http://www.toolwar.com/search/label/Security" target="_blank"> security</a> suite.</b> This latest release is suitable for both lightly-skilled  users (still must have knowledge of installed programs) and technically  advanced users. Its robust and active HIPS (or application monitoring  feature), called "Defense+", matches or exceeds the security performance  of pay products. Comodo allows for much control and customization for  the curious or the paranoid. </div>
<div style="text-align: justify;">
<b>Comodo</b> includes a "<i>memory firewall</i>" (against buffer overflow  attacks) and a light sandbox component to limit the way unknown  applications and new software installations affect your computer. The  use of sandbox protection limits the negative effects of malware. It  maintains a lengthy list of known safe applications, but if an unknown  application attempts entry through the firewall, <b>Comodo</b> will deny the  application and ask the user what to do. The new release contains user  friendly features by default while allowing experienced users to  maintain control over ports, protocols, and configurations. </div>
<div style="text-align: justify;">
DDP fixes this problem to ensure complete security. The <b> firewall </b>references a list of over two million known PC-friendly  applications. If a file that is not on this safe-list knocks on your  PC's door, the Firewall immediately alerts you to the possibility of  attacking malware. All this occurs before the <a href="http://www.toolwar.com/search/label/Malware" target="_blank">malware</a> infects your  computer. It's prevention-based security, the only way to keep PCs  totally safe.</div>
<h3 style="font-size: 16px; margin-bottom: 10px; margin-top: 15px; padding: 10px 0px 0px; text-align: justify;">
5 top secrets why Comodo Firewall is different</h3>
<ul class="facts-list" style="text-align: justify;">
<li>No complex configuration issues—perfect for amateur users </li>
<li>Quickly learns user behavior to deliver personalized protection</li>
<li>User-friendly, attractive graphical interface</li>
<li>Lots of configuration options let techies configure things just as they like</li>
<li>DDP-based security keeps you informed and PCs safe</li>
</ul>
<div style="text-align: justify;">
One of the first steps in securing a computer is downloading  and activating a quality firewall to repel intruders. Only this free  firewall software has access to Comodo's extensive safe-list of  PC-friendly applications, a key component of Default Deny Protection™.</div>
<h3>
<b>System Requirements:</b></h3>
<div style="text-align: justify;">
Windows 7 / Vista / XP SP2 / Windows 8, 152 MB RAM / 400 MB space</div>
<div style="text-align: justify;">
<br /></div>
<h3 style="text-align: justify;">
Tutorial :: </h3>
<div class="separator" style="clear: both; text-align: center;">
<iframe allowfullscreen="allowfullscreen" frameborder="0" height="266" mozallowfullscreen="mozallowfullscreen" src="https://www.youtube.com/embed/T4uAAgicpZ4?feature=player_embedded" webkitallowfullscreen="webkitallowfullscreen" width="320"></iframe></div>
<h3 style="text-align: justify;">
Download ::  </h3>
<div style="text-align: justify;">
<b>Windows ::</b> <a href="http://www.comodo.com/home/download/download.php?prod=firewall" target="_blank">Comodo Firewall</a></div>
<h3 style="text-align: justify;">
</h3>

Comodo Firewall :: Tools

Comodo Firewall Pro introduces the next evolution in computer security : Default Deny Protection (DDP™). What is DDP? Most security pr...

Patriot NG (Changes Detection in Windows or in Network) :: Tools

<div class="separator" style="clear: both; text-align: center;">
<a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEhwNXqM7_LHQ7YPJaUfI2fTX1hrSU-cv68o0zWKOpWgQrMx00ihDHzEZ1zQqnMcN-LrAwuFoK8Lafq4glQ95bKL1ZOkMdq_O7GD58r9VgXtkOFpMY9SAsHN-3vcCy0tsleeTTehuydm0HHK/s1600/Patriot+NG+Screenshot.JPG" imageanchor="1" style="clear: left; float: left; margin-bottom: 1em; margin-right: 1em;"><img border="0" height="400" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEhwNXqM7_LHQ7YPJaUfI2fTX1hrSU-cv68o0zWKOpWgQrMx00ihDHzEZ1zQqnMcN-LrAwuFoK8Lafq4glQ95bKL1ZOkMdq_O7GD58r9VgXtkOFpMY9SAsHN-3vcCy0tsleeTTehuydm0HHK/s400/Patriot+NG+Screenshot.JPG" width="176" /></a></div>
<div style="text-align: justify;">
<b>Patriot NG</b> is a <i>'Host IDS' tool</i> which allows <i>real time monitoring of changes in Win<span style="font-size: 14px; line-height: 1.4em;">dows systems or Network attacks.</span></i></div>
<i>
</i>
<h3>
Patriot monitors:</h3>
<ul>
<li>New files in 'Startup' directories</li>
<li>Changes in Registry keys: Indicating whether any sensitive key (autorun, internet explorer settings...) is altered</li>
<li>New Users in the System</li>
<li>New Services installed</li>
<li>Changes in the hosts file</li>
<li>New scheduled jobs</li>
<li>Alteration of the integrity of Internet Explorer: (New BHOs, configuration changes, new toolbars)</li>
<li>Changes in ARP table (Prevention of MITM attacks)</li>
<li>Installation of new Drivers</li>
<li>New Netbios shares</li>
<li>TCP/IP Defense (New open ports, new connections made by processes, PortScan detection...)</li>
<li>Files in critical directories (New executables, new DLLs...)</li>
<li>New hidden windows (cmd.exe / Internet Explorer using OLE objects)</li>
<li>Netbios connections to the System</li>
<li>ARP Watch (New hosts in your network)</li>
<li>NIDS (Detect anomalous network traffic based on editable rules)</li>
</ul>
<h3>
Download ::</h3>
<b>Windows :: </b><a href="http://sbdtools.googlecode.com/files/PatriotNG2.01.zip" target="_blank">Patriot NG 2.01</a><br />
<h3>
Official Website ::</h3>
http://www.security-projects.com/

Patriot NG (Changes Detection in Windows or in Network) :: Tools

Patriot NG is a 'Host IDS' tool which allows real time monitoring of changes in Win dows systems or Network attacks. Patrio...

Kippo (Medium Interaction SSH honeypot) :: Tools

<div dir="ltr" style="text-align: left;" trbidi="on">
<div class="separator" style="clear: both; text-align: center;">
<img alt="honeypot logo" border="0" height="147" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEhrUVnK5ckDMkuVIbcWb8PF91rmwlb202CsV5COPsOlOiB9OW8Kf3estPjnnsJ6541JweeCI7JeDX-vx7oaPW0hMvub34spaMUEdGh-MXyBI-z7LolJEQMxbiOP3YbNt9dKiStrduzDLTvT/s200/honeypot_icon.jpg" title="honeypot logo" width="200" /></div>
<div style="text-align: justify;">
<b>Kippo</b> is a <i>medium interaction SSH honeypot</i> designed to log brute force  attacks and, most importantly, the entire shell interaction performed by  the attacker. </div>
<div style="text-align: justify;">
<br /></div>
<div style="text-align: justify;">
<span style="font-size: large;">Features</span></div>
<div style="text-align: justify;">
Some interesting features: </div>
<ul style="text-align: justify;">
<li>Fake filesystem with the ability to add/remove files. A full fake filesystem resembling a Debian 5.0 installation is included </li>
<li>Possibility  of adding fake file contents so the attacker can 'cat' files such as  /etc/passwd. Only minimal file contents are included  </li>
<li>Session logs stored in an UML compatible  format for easy replay with original timings  </li>
<li>Just like Kojoney, Kippo saves files downloaded with wget for later inspection </li>
<li>Trickery; ssh pretends to connect somewhere, exit doesn't really exit, etc  </li>
</ul>
<div class="separator" style="clear: both; text-align: center;">
<iframe allowfullscreen="allowfullscreen" frameborder="0" height="266" mozallowfullscreen="mozallowfullscreen" src="https://www.youtube.com/embed/7ACOXgeX3ik?feature=player_embedded" webkitallowfullscreen="webkitallowfullscreen" width="320"></iframe></div>
<div style="text-align: justify;">
</div>
<div style="text-align: justify;">
<br />
<b>Download Here :: </b><a href="http://kippo.googlecode.com/files/kippo-0.8.tar.gz" target="_blank">Kippo v0.8.tar.gz</a></div>
<div style="text-align: justify;">
<b>Source :: </b> http://code.google.com/p/kippo/</div>
</div>

Kippo (Medium Interaction SSH honeypot) :: Tools

Kippo is a medium interaction SSH honeypot designed to log brute force attacks and, most importantly, the entire shell interaction pe...

OSSIM (Open Source Security Information Management.) :: Tools

<div dir="ltr" style="text-align: left;" trbidi="on">
<div class="separator" style="clear: both; text-align: center;">
<img alt="OSSIM Logo" border="0" height="76" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEiKHiO374Af3mSSAyULAoG0kCcQsJVpOHnKzFd1sZtjNBW2G8UhmbrtP8agq2Spe3qGKouz9XwP-21bnqVjI68dIP1EnBlYiQxz-IkZ17TIBU4XKfl1m-JdgG3bw0hpwXRNpKUvaESnAC-V/s1600/ossim.jpg" title="OSSIM Logo" width="400" /></div>
<div style="text-align: justify;">
<b>OSSIM</b> stands for <b>Open Source Security Information Management</b>. Its goal  is to provide a comprehensive compilation of tools which, when working  together, grant network/security administrators with a detailed view  over each and every aspect of networks, hosts, physical access devices,  and servers. OSSIM incorporates several other tools, including Nagios and OSSEC HIDS. <b>OSSIM</b> is a powerful suite of geospatial libraries and applications used  to process imagery, maps, terrain, and vector data. The software has  been under active development since 1996 and is deployed across a number of private, federal and civilian agencies.   </div>
<div style="text-align: justify;">
<br /></div>
<div class="separator" style="clear: both; text-align: center;">
<iframe allowfullscreen="allowfullscreen" frameborder="0" height="266" mozallowfullscreen="mozallowfullscreen" src="https://www.youtube.com/embed/AfwSZuND8QI?feature=player_embedded" webkitallowfullscreen="webkitallowfullscreen" width="320"></iframe></div>
<div style="text-align: justify;">
<b></b></div>
<div style="text-align: justify;">
<br />
<b>Download Here ::  </b><a href="http://download.osgeo.org/ossim/release/latest/rhel5-8/sandbox-x86_64-gcc-4.1/dot_gvm.tgz">dot_gvm.tgz</a></div>
<div style="text-align: justify;">
                                <a href="http://download.osgeo.org/ossim/release/latest/windows/omar-server-1.8.16-x86_64-installer.exe">omar-server-1.8.16-x86_64-installer.exe</a></div>
<div style="text-align: justify;">
<b>Official Website ::</b> http://trac.osgeo.org</div>
</div>

OSSIM (Open Source Security Information Management.) :: Tools

OSSIM stands for Open Source Security Information Management . Its goal is to provide a comprehensive compilation of tools which, when...

OSSEC HIDS (Open Source Host-based Intrusion Detection System) :: Tools

<div dir="ltr" style="text-align: left;" trbidi="on">
<div class="separator" style="clear: both; text-align: center;">
<img alt="OSSEC HIDS LOGO" border="0" height="135" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEg5hqb2K8125dyd1VvPYPXuZGkoUB_MMaOaCvQ8UJmkGc_rzg5_pSN4LbyC0sos5v0fje1PInJ7NZFN-1S4vXZFrZPIrnVz7yOztzaN_KdB1vc-kdITq6ho2Ru9-as6vYtx2oggoWLc8Sgl/s320/ossec.jpg" title="OSSEC HIDS LOGO" width="320" /></div>
<div style="text-align: justify;">
<b>OSSEC HIDS</b> is an <i>Open Source Host-based Intrusion Detection System </i>that  performs log analysis, file integrity checking, policy monitoring,  rootkit detection, real-time alerting and active response.  </div>
<div style="text-align: justify;">
It runs on most operating systems, including Linux, MacOS, Solaris, HP-UX, AIX and Windows.  </div>
<div style="text-align: justify;">
Check out <b>OSSEC</b> features and how it works for more information about how OSSEC can help you solve your host-based security problems. </div>
<div style="text-align: justify;">
<br /></div>
<div class="separator" style="clear: both; text-align: center;">
<iframe allowfullscreen="allowfullscreen" frameborder="0" height="266" mozallowfullscreen="mozallowfullscreen" src="https://www.youtube.com/embed/lUMs1uqwRX0?feature=player_embedded" webkitallowfullscreen="webkitallowfullscreen" width="320"></iframe></div>
<div style="text-align: center;">
</div>
<div style="text-align: justify;">
</div>
<div style="text-align: justify;">
<b>Download Here :: </b><a href="http://www.ossec.net/files/ossec-agent-win32-2.7.exe" title="v2.7 Agent for Windows">ossec-agent-win32-2.7.exe</a> (For Windows)</div>
<div style="text-align: justify;">
                                     <a href="http://www.ossec.net/files/ossec-hids-2.7.1-beta-1.tar.gz">ossec-hids-2.7.1-beta-1.tar.gz</a> (For Linux/BSD)</div>
<div style="text-align: justify;">
<b>Official Website :: </b>http://www.ossec.net/</div>
<div style="text-align: justify;">
</div>
</div>

OSSEC HIDS (Open Source Host-based Intrusion Detection System) :: Tools

OSSEC HIDS is an Open Source Host-based Intrusion Detection System that performs log analysis, file integrity checking, policy monitor...

Kismet (Wireless Network Detector, Sniffer, and IDS) :: Tools

<div dir="ltr" style="text-align: left;" trbidi="on">
<div class="separator" style="clear: both; text-align: center;">
<img alt="kismet logo" border="0" height="130" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEjqqWfWo264RkG7B42U_fF7b7b3bOtASozKgoBhPcOUi6xv8lbCQ8Tq70NCQ3uW44ARcj1ZIpvZqQYnOXLFbhXEWpXfYaSX1mvK7oEgQPqdYmgwJTjB1c0PMYHp8pnVz_NwHV8Jgv5JH-Bm/s320/kismet_logo.JPG" title="kismet logo" width="320" /></div>
<div class="ihangp" style="text-align: justify;">
<b>Kismet</b> is an standard 802.11 based layer2 <i>wireless network detector,</i> <i>sniffer,</i> and<i> intrusion detection system</i>.  <b>Kismet </b>will work with any wireless card which supports raw monitoring (rfmon) mode, and (with appropriate hardware) can sniff  802.11b, 802.11a, 802.11g, and 802.11n traffic.  Kismet also supports plugins which allow sniffing other media such as DECT. <br />
<br /></div>
<div style="text-align: justify;">
<b>Kismet</b> identifies networks by passively collecting packets and  detecting standard named networks, detecting (and given time, decloaking) hidden  networks, and infering the presence of nonbeaconing networks via data traffic.</div>
<div style="text-align: justify;">
</div>
<div class="separator" style="clear: both; text-align: center;">
<iframe allowfullscreen="allowfullscreen" frameborder="0" height="266" mozallowfullscreen="mozallowfullscreen" src="https://www.youtube.com/embed/to4x8AzSFJQ?feature=player_embedded" webkitallowfullscreen="webkitallowfullscreen" width="320"></iframe></div>
<div style="text-align: center;">
<br />
<div style="text-align: left;">
<b>Download Here ::  </b><a href="http://www.kismetwireless.net/code/kismet-2013-03-R1b.tar.xz" target="_blank">Kismet-2013-03-R1b</a></div>
<div style="text-align: left;">
<b>Official Website :: </b>http://www.kismetwireless.net/</div>
</div>
</div>

Kismet (Wireless Network Detector, Sniffer, and IDS) :: Tools

Kismet is an standard 802.11 based layer2 wireless network detector, sniffer, and intrusion detection system . Kismet will work wit...

Snort (Network Intrusion Prevention and Detection System) :: Tools

<div dir="ltr" style="text-align: left;" trbidi="on">
<div class="separator" style="clear: both; text-align: center;">
 <img alt="Snort logo" border="0" src="http://www.aboutdebian.com/snort-logo.gif" title="Snort logo" /></div>
<div class="separator" style="clear: both; text-align: justify;">
<b>Snort®</b> is an <i>free open source network intrusion prevention and   detection system (IDS/IPS)</i> developed by <b>Sourcefire</b>.  Combining the benefits of signature, protocol, and anomaly-based  inspection, Snort is the most widely deployed IDS/IPS technology  worldwide. With millions of downloads and nearly 400,000 registered  users, Snort has become the de facto standard for IPS. </div>
<div class="separator" style="clear: both; text-align: justify;">
This network intrusion detection and prevention system excels at traffic  analysis and packet logging on IP networks. Through protocol analysis,  content searching, and various pre-processors, Snort detects thousands  of worms, vulnerability exploit attempts, port scans, and other  suspicious behavior. Snort uses a flexible rule-based language to  describe traffic that it should collect or pass, and a modular detection  engine. Also check out the free Basic Analysis and Security Engine (BASE), a web interface for analyzing Snort alerts.   While <b>Snort</b> itself is free and open source, parent company SourceFire  offers their VRT-certified rules for $499 per sensor per year and a  complementary product line of software and appliances with more  enterprise-level features.  Sourcefire also offers a free 30-day delayed  feed. </div>
<div class="separator" style="clear: both; text-align: justify;">
<br /></div>
<div class="separator" style="clear: both; text-align: center;">
<iframe allowfullscreen="allowfullscreen" frameborder="0" height="266" mozallowfullscreen="mozallowfullscreen" src="https://www.youtube.com/embed/iGuvWQV4iJ4?feature=player_embedded" webkitallowfullscreen="webkitallowfullscreen" width="320"></iframe></div>
<div style="text-align: center;">
<u><b>
</b></u></div>
<div style="text-align: left;">
<br />
<b>Download Here</b><b> </b><b>:: </b><a href="http://www.snort.org/snort-downloads" target="_blank">All Platforms</a><u><b>
</b></u></div>
<div style="text-align: left;">
<b>Official Website</b><b> :: </b>http://www.snort.org/</div>
</div>

Snort (Network Intrusion Prevention and Detection System) :: Tools

Snort® is an free open source network intrusion prevention and detection system (IDS/IPS) developed by Sourcefire . Combining the...

Subscribe to: Posts ( Atom )