Vyatta (Vitrual Router, Firewall and VPN) :: Framework

<div class="block-content content" style="text-align: justify;"> <div style="text-align: justify;"> <br /> <article class="article article-type-page clearfix" id="article-6745" role="article"> <div class="article-content"> <div class="field field-name-body field-type-text-with-summary field-label-hidden"> <div class="field-items"> <div class="field-item even"> <div class="separator" style="clear: both; text-align: center;"> <img alt="Vyatta Logo" border="0" height="320" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEhjZ08VeGbo_xXjPTm80en0xpKtHVEsztocx4UkyNj8XcEOklwOsoLpOrOJ9RIi5nqp4y9IlAQ4uUUssHWFzDRGtuowfzaD9ujUFVSNWPnhTLhA8CJf3JethTM45UNfDaSOy-aplzk6SivT/s1600/vyatta+logo.png" title="Vyatta Logo" width="320" /></div> The free community <b>Vyatta Core software(VC)</b> is an award-winning open source <a href="http://www.toolwar.com/search/label/Network" target="_blank"> network</a> operating system providing advanced IPv4 and IPv6 routing, stateful <a href="http://www.toolwar.com/search/label/Firewalls" target="_blank">firewalling</a>, IPSec and SSL OpenVPN, and more. When you add <b>Vyatta</b> to a standard x86 hardware system, you can create an enterprise grade network appliance that easily scales from DSL to 10Gbps. <b>Vyatta</b> is also optimized to run in VMware, Citrix XenServer, Xen, KVM, and Hyper V, providing networking and <a href="http://www.toolwar.com/search/label/Security" target="_blank">security</a> services to <a href="http://www.toolwar.com/search/label/Virutal" target="_blank">virtual machines</a> and cloud computing environments. <b>Vyatta</b> has been downloaded over 1,000,000 times, has a community of hundreds of thousands of registered users and counts dozens of fortune 500 businesses among its commercial customers.<br /> On this site, you'll find all the downloads, <a href="http://www.toolwar.com/search/label/Tools" target="_blank">tools</a>, documentation, and community resources to help you get up and running with your own <b>Vyatta-based</b> system. Ask questions in the Forums. Propose new features and vote on existing proposals. Participate and have fun. We have been working together with our community for over five years to continue to enhance the world's leading software-based network OS.<br /> A commercial version of the <b>Vyatta network OS</b> (Vyatta Subscription Edition) is also available with enterprise-ready management and security product extensions and complete engineering support including proactive notifications of security alerts and software releases as well as priority access to patches & bug fixes.<br /> <b>Vyatta's </b>open, software-based approach to networking has created a complete network OS that can connect and secure physical <a href="http://www.toolwar.com/search/label/Network" target="_blank">networks</a> as well as virtual and cloud computing infrastructures. <b>Vyatta</b> software and appliances offer users a flexible, affordable alternative to proprietary, hardware-based routers, firewalls, and VPN devices.<br /> Vyatta can help you: <br /> <ul> <li>Affordably scale large BGP implementations </li> <li>Keep your network safe with a stateful-inspection firewall </li> <li>Securely connect remote offices with <a href="http://www.toolwar.com/search/label/VPN" target="_blank">VPN </a></li> <li>Scale from DSL to 10-Gbps with a single software package</li> <li>Avoid costly proprietary networking upgrades </li> <li>Run virtualized networking environments in Xen, KVM and VMware </li> <li>Add networking and security to blade servers in your data center </li> <li>Offer cloud based managed security services </li> <li>Add network redundancy regardless of vendor equipment </li> <li>Build your own best-of-breed Branch office solution </li> </ul> <br /> The <b>Vyatta Core</b> is an integration of a number of components from a variety of different sources, much the same way as a standard Linux distribution. Many of the components are licensed under the GNU GPL. Others carry a BSD license. Still others carry less-popular licenses. All components of the <b>Vyatta Core</b> carry licenses defined as open source.<br /> License files are included with every package installed in the system and can be viewed in the /usr/share/doc/package/copyright file.<br /> <br /> <h3> Tutorials ::</h3> <b>Use Tips and Tricks :: </b><a href="http://www.vyatta.org/documentation/tips-tricks" target="_blank">Click Here</a><b><br /> </b><br /> <b>Documentations :: </b><a href="http://www.vyatta.org/documentation/translated-docs" target="_blank">Click Here</a><br /> <b>Vyatta Forum :: </b><a href="http://www.vyatta.org/forum" target="_blank">Click Here</a> <br /> <div class="separator" style="clear: both; text-align: center;"> <br /></div> <div style="text-align: center;"> <iframe allowfullscreen="allowfullscreen" frameborder="0" height="266" mozallowfullscreen="mozallowfullscreen" src="https://www.youtube.com/embed/5JJOE5zeVbM?feature=player_embedded" webkitallowfullscreen="webkitallowfullscreen" width="320"></iframe></div> <div class="separator" style="clear: both; text-align: center;"> </div> <div class="separator" style="clear: both; text-align: center;"> </div> <h3> Download ::</h3> <b>Live CD :: </b><a href="http://packages.vyatta.com/vyatta/iso/VC6.6/vyatta-livecd_VC6.6R1_i386.iso" target="_blank">Vyatta Live CD v6.6</a> (.iso)<b></b><br /> <b>Visualization ISO :: </b><a href="http://packages.vyatta.com/vyatta/iso/VC6.6/vyatta-livecd_VC6.6R1_i386.iso" target="_blank">Vyatta Visualization v6.6</a> (.iso)<b> </b> <b> </b><br /> <b>Official Website ::<a href="https://www.blogger.com/goog_2084089245"> </a></b><a href="http://www.vyatta.org/">http://www.vyatta.org/</a> </div> </div> </div> </div> </article></div> </div>

Vyatta (Vitrual Router, Firewall and VPN) :: Framework

The free community Vyatta Core software(VC) is an award-winning open source network operating system providing...

Read more »

Nagios XI (System and Network Monitoring) :: Tools

<div style="text-align: justify;"><div class="separator" style="clear: both; text-align: center;"><img alt="Nagios Logo" border="0" height="139" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEijPJbT23GqEsND51gYYV9dlritrv4VMN0Y_kXrjsPpMF35HF9jV7QqyVxhKZU5jyF825HFNPBEghQzSXXvo9xLLhE3Hc1ybP9g6HiYYyh2rdXCLL-4OPuEAaCQhLgw9nJ8CBXoG1BT6l5L/s1600/xi-logo-large.png" title="Nagios Logo" width="320" /></div><b>Nagios XI </b>is a system and <a href="http://www.toolwar.com/search/label/Monitoring" target="_blank">network monitoring</a> application. It watches hosts and services that you specify, alerting you when things go bad and when they get better. Some of its many features include monitoring of <a href="http://www.toolwar.com/search/label/Network" target="_blank">network</a> services (SMTP, POP3, HTTP, NNTP, ICMP, etc.), monitoring of host resources (processor load, disk usage, etc.), and contact notifications when service or host problems occur and get resolved (via email, pager, or user-defined method).</div><div style="text-align: justify;"><b>With Nagios you can:</b> </div><ul style="padding-left: 25px;"><li>Monitor your entire IT infrastructure</li> <li>Spot problems <i>before</i> they occur</li> <li>Know immediately when problems arise</li> <li>Share availability data with stakeholders</li> <li>Detect security breaches</li> <li>Plan and budget for IT upgrades</li> <li>Reduce downtime and business losses</li> </ul><div style="text-align: justify;"><br /> </div><h3 style="text-align: justify;">Tutorials ::</h3><div style="text-align: justify;"><b>Text Tutorials :: </b><a href="http://library.nagios.com/library/products/nagiosxi/tutorials/" target="_blank">Click Here </a> </div><div style="text-align: justify;"><b>Documentation :: </b><a href="http://library.nagios.com/library/products/nagiosxi/documentation" target="_blank">Click Here</a> </div><div class="separator" style="clear: both; text-align: center;"><iframe allowfullscreen="allowfullscreen" frameborder="0" height="266" mozallowfullscreen="mozallowfullscreen" src="https://www.youtube.com/embed/mXUxXV17Nd4?feature=player_embedded" webkitallowfullscreen="webkitallowfullscreen" width="320"></iframe></div><div style="text-align: justify;"> </div><h3 style="text-align: justify;">Download ::</h3><div style="text-align: justify;"><b>Windows | Linux  :: </b><a href="http://library.nagios.com/library/products/nagiosxi/downloads/main" target="_blank">Nagios XI</a><b> </b></div><div style="text-align: justify;"><b>Official Website :: </b> <a href="http://www.nagios.org/">http://www.nagios.org/</a></div>

Nagios XI (System and Network Monitoring) :: Tools

Nagios XI is a system and network monitoring application. It watches hosts and services that you specify, alerting you when things go bad ...

Read more »

Nipper Studio (Network Security Audit for Firewall, Switches and Router) :: Tools

<div class="separator" style="clear: both; text-align: center;"> <a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEjog3YqJ3FIoxb_rLEWgJPXiIWYhWS7Ihd2IOrLYGhAqOaRm7ioEB6gatr6PgzNw7OJf7ol2pC-Z9-TVfpQewGb_ryDyAt_h2uNqzrlhRtW194rN4xFfH7jYM3ivYb0TPmgsj7rIChoKIYR/s1600/Nipper+Home+Report+2.2.jpg" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img alt="nipper tutorial" border="0" height="333" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEjog3YqJ3FIoxb_rLEWgJPXiIWYhWS7Ihd2IOrLYGhAqOaRm7ioEB6gatr6PgzNw7OJf7ol2pC-Z9-TVfpQewGb_ryDyAt_h2uNqzrlhRtW194rN4xFfH7jYM3ivYb0TPmgsj7rIChoKIYR/s1600/Nipper+Home+Report+2.2.jpg" title="nipper tutorial" width="400" /></a></div> <div style="text-align: justify;"> <b>Nipper (short for Network Infrastructure Parser, previously known as CiscoParse)</b> audits the security of network devices such as switches, routers, and firewalls. It works by parsing and analyzing device configuration file which the <b>Nipper</b> user must supply. This was an open source tool until its developer (Titania) released a commercial version and tried to hide their old GPL releases. During a <b>network audit Nipper Studio</b> processes the devices’ native configurations and enables you to create a variety of different audit reports. By using traditional methodology for your <a href="http://www.toolwar.com/search/label/Network" target="_blank">network audit</a>, such as manual <a href="http://www.toolwar.com/search/label/Penetration" target="_blank">Penetration Testing</a>, Agent-based software and <a href="http://www.toolwar.com/search/label/Scanner" target="_blank">Network Scanners</a>, you could experience various drawbacks, which does not affect Nipper Studio <a href="http://www.toolwar.com/search/label/Security" target="_blank">security</a> audit software:<br /> <ul> <li>Network scanners send huge numbers of network probes to a device and can impact performance. Only exposed vulnerabilities are identified, potentially missing many issues.</li> <li>Agent-based audit software requires software to be installed on the devices during the network audit. This is not possible for all devices and can introduce additional security vulnerabilities.</li> <li>Manual Penetration Tests examine individual <a href="http://www.toolwar.com/search/label/Network" target="_blank">network</a> devices in detail. However this is slow, expensive and results in point in time audits of only a sample of devices.</li> <li>Flatten the <a href="http://www.toolwar.com/search/label/Vulnerability" target="_blank">vulnerability assessment</a> process and reduce human error by automatically producing an instant, device specific configuration report, readable by non-technical experts.  </li> <li>Achieve significant cost savings by automating a detailed configuration vulnerability analysis, typically provided by costly external Penetration Testing. </li> <li>Improve the productivity and scope of the network audit by quickly performing a thorough vulnerability assessment of multiple complex network devices, providing a detailed security audit report, unachievable with vulnerability scanning technologies. </li> <li>Stay secure as our security audit software requires no additional services on the device or agents to be installed and can audit the network devices without connecting or scanning them</li> </ul> <h3> Tutorials ::</h3> <div class="separator" style="clear: both; text-align: center;"> <iframe allowfullscreen="allowfullscreen" frameborder="0" height="266" mozallowfullscreen="mozallowfullscreen" src="https://www.youtube.com/embed/wUtAmowwVD8?feature=player_embedded" webkitallowfullscreen="webkitallowfullscreen" width="320"></iframe></div> <h3>  </h3> <h3> Download ::</h3> <b>Windows | Linux | Mac :: </b> <b> </b><br /> <b>Buy :: </b><a href="https://www.titania.com/shop" target="_blank">Click Here</a><b> </b> <b> </b><br /> <b>Evaluate Copy :: </b><a href="https://www.titania.com/evaluate" target="_blank">Click Here</a><b>  </b> <b> </b><br /> <b>Official Website :: </b><a href="https://www.titania.com/nipperstudio" target="_blank">https://www.titania.com/nipperstudio </a></div>

Nipper Studio (Network Security Audit for Firewall, Switches and Router) :: Tools

Nipper (short for Network Infrastructure Parser, previously known as CiscoParse) audits the security of network devices such as switche...

Read more »

Argus (Auditing Network Activity) :: Tools

<div class="separator" style="clear: both; text-align: center;"> <img alt="Argus Logo" border="0" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEhB9EePKFj7bOOAmUlulpXxUps3bKmylywSIIPNjOKR95TlmXfzBpotmDPvTpombemgv5gs8g-qGAFLcjAB8y7S0iSCjatcaY9LTAFt-OoP0EOMiONWPCNZ_119wIkga4ZTRn1ILz9jhpfa/s1600/ArgusOptimizationCycle.gif" title="Argus Logo" /></div> <div style="text-align: justify;"> <b>Argus</b> is a fixed-model Real Time Flow <a href="http://www.toolwar.com/search/label/Monitoring" target="_blank">Monitor</a> designed to track and report on the status and performance of all network transactions seen in a data <a href="http://www.toolwar.com/search/label/Network" target="_blank">network</a> traffic stream. Argus provides a common data format for reporting flow metrics such as connectivity, capacity, demand, loss, delay, and jitter on a per transaction basis. The record format that Argus uses is flexible and extensible, supporting generic flow identifiers and metrics, as well as application/protocol specific information.</div> <div style="text-align: justify;"> <br /></div> <div class="plaintext" style="text-align: justify;"> <b>Argus </b>is composed of an advanced comprehensive network flow data generator, the<b> Argus</b> sensor, which processes packets (either capture files or live <a href="http://www.toolwar.com/search/label/Packet" target="_blank">packet</a> data) and generates detailed network flow status reports of all the flows in the packet stream. Argus captures much of the packet dynamics and semantics of each flow, with a great deal of data reduction, so you can store, process, inspect and <a href="http://www.toolwar.com/search/label/Analysis" target="_blank">analyze</a> large amounts of network data efficiently. <b>Argus</b> provides reachability, availability, connectivity, duration, rate, load, good-put, loss, jitter, retransmission, and delay metrics for all network flows, and captures most attributes that are available from the packet contents, such as L2 addresses, tunnel identifiers (MPLS, GRE, ESP, etc...), <a href="http://www.toolwar.com/search/label/IDS" target="_blank">protocol ids</a>, SAP's, hop-count, options, L4 transport identification (RTP, RTCP detection), host flow control indications, etc...</div> <div class="plaintext" style="text-align: justify;"> <br /></div> <div class="plaintext" style="text-align: justify;"> Argus is used by many sites to generate network activity reports for every network transaction on their networks. The network audit data that <b>Argus</b> generates is great for <a href="http://www.toolwar.com/search/label/Security" target="_blank">security</a>, operations and performance management. The data is used for network forensics, non-repudiation, network asset and service inventory, behavioral baselining of server and client relationships, detecting covert channels, and analyzing Zero day events.</div> <div class="plaintext" style="text-align: justify;"> <br /></div> <div class="plaintext" style="text-align: justify;"> Argus is an Open Source project, currently running on <a href="http://www.toolwar.com/search/label/Mac" target="_blank">Mac OS X,</a> <a href="http://www.toolwar.com/search/label/Linux" target="_blank">Linux</a>, Solaris, FreeBSD, OpenBSD, NetBSD, AIX, IRIX, <a href="http://www.toolwar.com/search/label/Windows" target="_blank">Windows</a> (under Cygwin) and OpenWrt, and has been ported to many hardware accelerated platforms, such as Bivio, Pluribus, Arista, and Tilera. The software should be portable to many other environments with littleor no modifications. Performance is such that auditing an entire enterprise's Internet activity can be accomplished using modest computing resources.</div> <div style="text-align: justify;"> <br /></div> <h3 style="text-align: justify;"> Tutorials ::</h3> <div style="text-align: justify;"> <b>How To :: </b><a href="http://www.qosient.com/argus/howto.shtml" target="_blank">Click Here</a><b><br /></b></div> <b>Wiki :: </b><a href="http://nsmwiki.org/index.php?title=Argus" target="_blank">Click Here</a><br /> <h3 style="text-align: justify;"> Download ::</h3> <div style="text-align: justify;"> <b>Windows | Mac | Linux ::  </b><a href="http://qosient.com/argus/src/argus-3.0.6.1.tar.gz" target="_blank">Argus v3.0.6.1</a><b> | </b><a href="http://qosient.com/argus/src/argus-clients-3.0.6.2.tar.gz" target="_blank">Argus v3.0.6.1 Client</a><b> </b></div> <div style="text-align: justify;"> <b>Official Website :: </b><a href="http://www.qosient.com/argus/">http://www.qosient.com/argus/</a><b><br /></b></div> <div style="text-align: justify;"> <br /></div>

Argus (Auditing Network Activity) :: Tools

Argus is a fixed-model Real Time Flow Monitor designed to track and report on the status and performance of all network transactions s...

Read more »

Nmap and Zenmap (Network Discovery and Security Auditing) :: Tools

<div style="text-align: justify;"> <div class="separator" style="clear: both; text-align: center;"> <img alt="nmap scanner logo" border="0" height="210" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEiPn1QPXq_tY_zK1uLIjY-6fyXimOMxgo3rq52s-03wGFIiM3FEUXb1R_uZpS2QvMEucVny6EK7w0eYYGJ5JKDgUtasnKL7WqkAIA5QMKqB05XXAv_va-hOLNd2wlIHxv1cUDpxCVa4kxbF/s1600/nmap.jpg" title="nmap scanner logo" width="400" /></div> </div> <div style="text-align: justify;"> <b>Nmap ("Network Mapper")</b> is a free and open source (license) utility for <b>network discovery and security auditing.</b> Many systems and network administrators also find it useful for tasks such as <a href="http://www.toolwar.com/search/label/Network" target="_blank">network</a> inventory, managing service upgrade schedules, and <a href="http://www.toolwar.com/search/label/Monitoring" target="_blank">monitoring</a> host or service uptime. Nmap uses raw IP packets in novel ways to determine what hosts are available on the network, what services (application name and version) those hosts are offering, what operating systems (and OS versions) they are running, what type of <a href="http://www.toolwar.com/search/label/Packet" target="_blank">packet</a> filters/firewalls are in use, and dozens of other characteristics. It was designed to rapidly scan large networks, but works fine against single hosts. Nmap runs on all major computer operating systems, and official binary packages are available for <a href="http://www.toolwar.com/search/label/Linux" target="_blank">Linux</a>, <a href="http://www.toolwar.com/search/label/Windows" target="_blank">Windows</a>, and <a href="http://www.toolwar.com/search/label/Mac" target="_blank">Mac OS X</a>. In addition to the classic command-line Nmap executable, the Nmap suite includes an advanced <a href="http://www.toolwar.com/search/label/GUI" target="_blank">GUI</a> and results viewer <b>(Zenmap)</b>, a flexible data transfer, redirection, and debugging tool (Ncat), a utility for comparing scan results (Ndiff), and a packet generation and response <a href="http://www.toolwar.com/search/label/Analysis" target="_blank">analysis tool</a> (Nping).<br /> <br /> <b>Nmap</b> was named “<a href="http://www.toolwar.com/search/label/Security" target="_blank">Security</a> Product of the Year” by Linux Journal, Info World, LinuxQuestions.Org, and Codetalker Digest. It was even featured in twelve movies, including The Matrix Reloaded, Die Hard 4, Girl With the Dragon Tattoo, and The Bourne Ultimatum.<br /> <br /> <b>Nmap is::</b></div> <ul style="text-align: justify;"> <li>    Flexible: Supports dozens of advanced techniques for mapping out networks filled with IP filters, <a href="http://www.toolwar.com/search/label/IDS" target="_blank">firewalls</a>, routers, and other obstacles. This includes many port scanning mechanisms (both TCP & UDP), <b>OS detection</b>, version detection, ping sweeps, and more. See the documentation page.</li> <li>    Powerful: Nmap has been used to scan huge networks of literally hundreds of thousands of machines.</li> <li>    Portable: Most operating systems are supported, including Linux, Microsoft Windows, FreeBSD, OpenBSD, Solaris, IRIX, Mac OS X, HP-UX, NetBSD, Sun OS, Amiga, and more.</li> <li>    Easy: While Nmap offers a rich set of advanced features for power users, you can start out as simply as "nmap -v -A targethost". Both traditional command line and graphical (GUI) versions are available to suit your preference. Binaries are available for those who do not wish to compile Nmap from source.</li> <li>    Free: The primary goals of the Nmap Project is to help make the Internet a little more secure and to provide administrators/auditors/hackers with an advanced tool for exploring their networks. Nmap is available for free download, and also comes with full source code that you may modify and redistribute under the terms of the license.</li> <li>    Well Documented: Significant effort has been put into comprehensive and up-to-date man pages, whitepapers, tutorials, and even a whole book! Find them in multiple languages here.</li> <li>    Supported: While Nmap comes with no warranty, it is well supported by a vibrant community of developers and users. Most of this interaction occurs on the Nmap mailing lists. Most bug reports and questions should be sent to the nmap-dev list, but only after you read the guidelines. We recommend that all users subscribe to the low-traffic nmap-hackers announcement list. You can also find Nmap on Facebook and Twitter. For real-time chat, join the #nmap channel on Freenode or EFNet.</li> <li>    Acclaimed: <b>Nmap</b> has won numerous awards, including "Information Security Product of the Year" by Linux Journal, Info World and Codetalker Digest. It has been featured in hundreds of magazine articles, several movies, dozens of books, and one comic book series. Visit the press page for further details.</li> <li>    Popular: Thousands of people download <b>Nmap</b> every day, and it is included with many operating systems (Redhat Linux, Debian Linux, Gentoo, FreeBSD, OpenBSD, etc). It is among the top ten (out of 30,000) programs at the Freshmeat.Net repository. This is important because it lends Nmap its vibrant development and user support communities. </li> </ul> <h3> Tutorials ::</h3> <b>Tutorial (Max OS X) :: </b><a href="http://nmap.org/book/inst-macosx.html#inst-macosx-source">Click Here</a><br /> <b>Tutorial (Windows) :: </b><a href="http://nmap.org/book/inst-windows.html#inst-win-source">Click Here</a> <b><br /> </b><br /> <b>Tutorial (Linux) ::</b> <a href="http://nmap.org/book/inst-source.html">Click Here</a><br /> <b>Installation :: </b><a href="http://nmap.org/book/install.html" target="_blank">Click Here</a>   <br /> <b>Tutorials From Basics :: </b><a href="http://nmap.org/bennieston-tutorial/">Click Here </a><br /> <b>Video Tutorial :: </b><br /> <div class="separator" style="clear: both; text-align: center;"> <iframe allowfullscreen="allowfullscreen" frameborder="0" height="266" mozallowfullscreen="mozallowfullscreen" src="https://www.youtube.com/embed/RJxF7puQFXI?feature=player_embedded" webkitallowfullscreen="webkitallowfullscreen" width="320"></iframe></div> <b> </b> <br /> <h3> Download ::</h3> <h3> </h3> <b>Download ZenMap (GUI of Nmap) :: </b><a href="http://nmap.org/zenmap/">Click Here</a><b> </b><br /> <b>Windows :: </b><a href="http://nmap.org/dist/nmap-6.40-setup.exe">Nmap-Latest</a> (.exe) <b> </b><br /> <b>Linux :: </b><a href="http://nmap.org/dist/nmap-6.40.tar.bz2">Nmap Latest</a> (.tar.bz2)<b> </b><br /> <b>Mac :: </b><a href="http://nmap.org/dist/nmap-6.40-2.dmg">Nmap Latest</a> (.dmg)<b> </b> <b>  </b><br /> <b>Official Website ::</b> <a href="http://nmap.org/">http://nmap.org/</a> <br /> <div style="text-align: justify;"> </div>

Nmap and Zenmap (Network Discovery and Security Auditing) :: Tools

Nmap ("Network Mapper") is a free and open source (license) utility for network discovery and security auditing. Many syste...

Read more »

SAINT 8 (Security Auditing Suite) :: Framework

<div style="text-align: justify;"> <div class="separator" style="clear: both; text-align: center;"> <img alt="SAINT LOGO" border="0" height="107" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEgA7ITNbIsTcKUwW4ShEmmGIi_tc3r93_yUAm8uaCmmHsBBhYfr3EemJ8Cqkmicl1Fhpd9D3UxPy_DS7kuqAJEVvVADbttEn7PYmcWl3xA3gQEQWKeMojScYzNb7yO1L08sAs_4K6kEYXHm/s1600/SAINT.jpg" title="SAINT LOGO" width="200" /></div> <b>SAINT 8</b> is a <b>fully-integrated security tool suite</b> that combines <a href="http://www.toolwar.com/search/label/Vulnerability" target="_blank">vulnerability scanning</a>, with <a href="http://www.toolwar.com/search/label/Penetration" target="_blank">penetration testing</a>, social engineering tools and configuration assessments. Use the combined power of these tools to identify vulnerabilities on <a href="http://www.toolwar.com/search/label/Network" target="_blank">network</a> devices, operating systems, desktop applications, <a href="http://www.toolwar.com/search/label/Web" target="_blank">Web applications</a>, databases, and more; run packaged penetration tests through pre-configured policies, run vulnerability-specific exploits for target-directed investigation; execute social engineering through packaged exploit Tools; and execute platform-specific configuration auditing, using NIST’s SCAP standards and protocols.  <b>SAINT 8 </b>then provides a robust set of <a href="http://www.toolwar.com/search/label/Analysis" target="_blank">analysis</a> and reporting features to perform ad hoc analytics, view strategic level results across 1 or many assessments, and then build reports from pre-defined templates, compliance reports or build your own custom reports from over 150 customizable settings. <b>SAINT's</b> current repository includes over 4,200 <a href="http://www.toolwar.com/search/label/Vulnerability" target="_blank">vulnerability</a> checks and 900+ exploits - which span over 48,000 Common Vulnerability Exposures (CVEs), plus numerous vulnerabilities that do not currently have a CVE assigned. Vulnerability checks and exploit development is a daily activity, that includes delivery of new checks twice a week, through an automated plug-in. This agentless scanning solution can be delivered via a cloud-based version <b> (WebSAINT Pro 8)</b>, deployed standalone, shared as a server-based solution, or as a multi-<a href="http://www.toolwar.com/search/label/Scanner" target="_blank">scanner</a> architecture for large enterprise or load balanced scanning.</div> <br /> <h3> Tutorials ::</h3> <b>Video Tutorial :: </b><a href="http://www.youtube.com/watch?v=ibW6gLNYrf8" target="_blank">Click Here </a><br /> <b>Exploit Tools List :: </b><a href="http://www.saintcorporation.com/solutions/exploitTools.html" target="_blank">Click Here</a><b></b><br /> <br /> <h3> Download :: </h3> <b>Windows :: </b><a href="https://www.saintcorporation.com/resources/requestEvaluation.html" target="_blank">Request a Evaluation Copy</a><b> </b><br /> <b>Official Website :: </b><a href="https://www.saintcorporation.com/products/SAINT8.html">https://www.saintcorporation.com/products/SAINT8.html</a><br /> <b>Submitted By :: </b>SAINT Corporation <br /> <div style="text-align: justify;"> <br /></div>

SAINT 8 (Security Auditing Suite) :: Framework

SAINT 8 is a fully-integrated security tool suite that combines vulnerability scanning , with penetration testing , social engineering ...

Read more »

FTester (Testing Firewall Filtering Policies and IDS Capabilities) :: Tools

<div style="text-align: justify;"> <div class="section"> <div class="separator" style="clear: both; text-align: center;"> <a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEg2h4CgTrZX0VYiu63TmUAtbc4QAObotOLBVPALrQnQ8EFD3Xii02746KHPmYlcOy05O2996O4ZQkhmZ02DFzrpgLuSLR8wzAHvdVCdJO_f9rD6xOK9IV7pzIgiROpp2C_RJvsLGF0IkuR7/s1600/FTester+Screenshot.JPG" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img alt="FTester Screenshot" border="0" height="267" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEg2h4CgTrZX0VYiu63TmUAtbc4QAObotOLBVPALrQnQ8EFD3Xii02746KHPmYlcOy05O2996O4ZQkhmZ02DFzrpgLuSLR8wzAHvdVCdJO_f9rD6xOK9IV7pzIgiROpp2C_RJvsLGF0IkuR7/s1600/FTester+Screenshot.JPG" title="FTester Screenshot" width="400" /></a></div> The <b>Firewall Tester (FTester)</b> is a tool designed for <b>testing firewall filtering policies and Intrusion Detection System (IDS) capabilities.</b><br /> The tool consists of two perl scripts, a <span id="goog_1392660018"></span><a href="http://www.toolwar.com/search/label/Packet">packet injector<span id="goog_1392660019"></span></a> (ftest) and a listening <a href="http://www.toolwar.com/search/label/Sniffer">sniffer</a> (ftestd). The first script injects custom packets, defined in ftest.conf, with a signature in the data part while the sniffer listens for such marked packets. The scripts both write a log file which is in the same form for both scripts. A comparison of the two produced log files (ftest.log and ftestd.log) outlines the packets that were unable to reach the sniffer due to filtering rules if these two scripts are ran on hosts placed on two different sides of a <a href="http://www.toolwar.com/search/label/IDS">firewall</a>. Stateful inspection firewalls are handled with the 'connection spoofing' option. A script called freport is also available to automatically parse the log files.<br /> Using the tool is not a completely automated process, ftest.conf must be crafted for every different situation. Examples and rules are included in the attached configuration file.<br /> The <a href="http://www.toolwar.com/search/label/IDS">IDS (Intrusion Detection System)</a> testing feature can be used either with ftest only or with the additional support of ftestd for handling stateful inspection IDS, ftest can also use common IDS evasion techniques. The script can also process snort rule definition files.<br /> <h3> Features:</h3> <ul> <li>firewall testing</li> <li>IDS testing</li> <li>simulation of real tcp connections for stateful inspection firewalls and IDS</li> <li>TCP connection spoofing</li> <li>IP fragmentation / TCP segmentation</li> <li>IDS evasion techniques</li> </ul> <b>NOTE</b>: this tool is now outdated and is presented here for historical reasons, a complete rewrite with new features and IPv6 support is scheduled for sometime in the future.<br /> </div> </div> <div style="text-align: justify;"> <br /> <h3> Tutorials ::</h3> <b>Installation ::</b><br /> <div class="MsoNormal"> FTester components are PERL scripts. They can be executed on any platform with a recent version of PERL. Three perl modules -<span style="mso-spacerun: yes;">Ý </span>Net::RawIP, Net::PcapUtils, and NetPacket ñ are also required. These can be downloaded at the Comprehensive Perl Archive Network (<a href="http://www.cpan.org/" target="_new">CPAN</a>), and<span style="color: red;"> </span>you can install them using the CPAN shell. </div> <div class="MsoNormal"> Installation is quite simple. <span style="font-family: Courier;">Untar</span> the latest archive. Everything you need will be decompressed along with an example configuration file, documentation and a script called <span style="font-family: Courier;">freport</span> for comparing <span style="font-family: Courier;">ftest</span> and <span style="font-family: Courier;">ftestd</span> log files. Before using the package I recommend to read and fully understand all documentation.</div> <b>ManPage ::</b> <a href="http://www.inversepath.com/ftester_man.html" target="_blank">Click Here</a><br /> <b>Documentation :: </b><a href="http://dev.inversepath.com/ftester/README" target="_blank">Click Here</a><br /> <b>Published Paper ::</b> <a href="http://www.tisc-insight.com/newsletters/56.html" target="_blank">Click Here</a></div> <div style="text-align: justify;"> <h3> Download ::</h3> </div> <div style="text-align: justify;"> <b>Linux :: </b><a href="http://dev.inversepath.com/ftester/ftester-latest.tar.gz" target="_blank">FTester-Latest</a> (.tar.gz)<b><br /></b></div> <div style="text-align: justify;"> <b>Official Website ::</b> <a href="http://www.inversepath.com/ftester.html" target="_blank">http://www.inversepath.com/ftester.html</a></div>

FTester (Testing Firewall Filtering Policies and IDS Capabilities) :: Tools

The Firewall Tester (FTester) is a tool designed for testing firewall filtering policies and Intrusion Detection System (ID...

Read more »

Wafw00f (Web Application Firewall Detection) :: Tools

<div class="separator" style="clear: both; text-align: center;"> <a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEjEPFB63-uWGx3aIVZ5ZzxS1NkiNshLYe7Jic5FFeulXya-517a-PboH8hrWZkQpOl-mI9kSJMdQo1aByMhfdZITiQalnRB5h2HIgcbwvGtxg6nKUL_ePCsWTbosFDnmLr2IEwNhPzBYca9/s1600/wafw00f+screenshot.JPG" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img alt="wafw00f screenshot" border="0" height="281" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEjEPFB63-uWGx3aIVZ5ZzxS1NkiNshLYe7Jic5FFeulXya-517a-PboH8hrWZkQpOl-mI9kSJMdQo1aByMhfdZITiQalnRB5h2HIgcbwvGtxg6nKUL_ePCsWTbosFDnmLr2IEwNhPzBYca9/s1600/wafw00f+screenshot.JPG" title="wafw00f screenshot" width="400" /></a></div> <div style="text-align: justify;"> <b>Web Application Firewalls (WAFs) </b>can be detected through stimulus/response testing scenarios. Here is a short listing of possible detection methods: </div> <ul style="text-align: justify;"> <li><b>Cookies</b>: Some WAF products add their own cookie in the HTTP communication. </li> <li><b>Server Cloaking</b>: Altering URLs and Response Headers </li> <li><b>Response Codes</b>: Different error codes for hostile pages/parameters values </li> <li><b>Drop Action</b>: Sending a FIN/RST packet (technically could also be an IDS/IPS) </li> <li><b>Pre Built-In Rules</b>: Each WAF has different negative security signatures </li> </ul> <div style="text-align: justify;"> <b>WafW00f </b>is based on these assumptions to determine remote WAFs. </div> <h3 style="text-align: justify;"> Tutorials ::</h3> <pre>$ <b>python wafw00f.py http://www.aldeid.com</b> ^ ^ _ __ _ ____ _ __ _ _ ____ ///7/ /.' \ / __////7/ /,' \ ,' \ / __/ | V V // o // _/ | V V // 0 // 0 // _/ |_n_,'/_n_//_/ |_n_,' \_,' \_,'/_/ < ...' WAFW00F - Web Application Firewall Detection Tool By Sandro Gauci && Wendel G. Henrique Checking http://www.aldeid.com Generic Detection results: The site http://www.aldeid.com <span style="background: #ffff00; color: black;">seems to be behind a WAF </span> Reason: Blocking is being done at connection/packet level. Number of requests: 13</pre> <div style="text-align: justify;"> <br /></div> <h3 style="text-align: justify;"> Download ::</h3> <div style="text-align: justify;"> <b>Linux :: </b></div> <pre>$ <b>cd /data/pentest/web/</b> $ <b>svn checkout <a class="external free" href="http://waffit.googlecode.com/svn/trunk/" rel="nofollow" target="_blank">http://waffit.googlecode.com/svn/trunk/</a> waffit-read-only</b></pre> <div style="text-align: justify;"> <b>Official Website ::</b> <a href="http://www.aldeid.com/wiki/Wafw00f">http://www.aldeid.com/wiki/Wafw00f</a></div>

Wafw00f (Web Application Firewall Detection) :: Tools

Web Application Firewalls (WAFs) can be detected through stimulus/response testing scenarios. Here is a short listing of possible detec...

Read more »

Fragroute :: Tools

<div class="separator" style="clear: both; text-align: center;"> <a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEgZ7jo1_vjG2XgLQxevu8HSHLP5HXWK9U13ZtsPZ-8BjIWb42nfMZoi3lZP38PUekGaUY_b7EUj2OB5KGIYr97sJmVvd8ToD6esQTAUUuliELCScxrLNogl82uw6gc38sPZXclTroqB0vzd/s1600/fragroute.JPG" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img alt="fragroute screenshot" border="0" height="235" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEgZ7jo1_vjG2XgLQxevu8HSHLP5HXWK9U13ZtsPZ-8BjIWb42nfMZoi3lZP38PUekGaUY_b7EUj2OB5KGIYr97sJmVvd8ToD6esQTAUUuliELCScxrLNogl82uw6gc38sPZXclTroqB0vzd/s1600/fragroute.JPG" title="fragroute screenshot" width="400" /></a></div> <div style="text-align: justify;"> <b>Fragroute</b> intercepts, modifies, and rewrites egress traffic destined for a specified host, implementing most of the attacks described in the Secure Networks "Insertion, Evasion, and Denial of Service: Eluding Network Intrusion Detection" paper of January 1998. </div> <div style="text-align: justify;"> It features a simple ruleset language to delay, duplicate, drop, fragment, overlap, print, reorder, segment, source-route, or otherwise monkey with all outbound packets destined for a target host, with minimal support for randomized or probabilistic behaviour. </div> <div style="text-align: justify;"> This tool was written in good faith to aid in the testing of network intrusion detection systems, firewalls, and basic TCP/IP stack behaviour. Please do not abuse this software. </div> <h3 style="text-align: justify;"> Tutorials ::</h3> <b> Required libraries ::</b> <br /> <ul> <li>libdnet </li> <li>libpcap </li> <li>libevent (for non-Windows platforms) </li> </ul> <div style="text-align: justify;"> <b>Installation :: </b><a href="http://www.monkey.org/~dugsong/fragroute/INSTALL" target="_blank">Click Here</a></div> <div style="text-align: justify;"> <b>ManPage :: </b><a href="http://www.monkey.org/~dugsong/fragroute/fragroute.8.txt" target="_blank">Click Here</a><br /> <b>Video Tutorial :: </b> </div> <div class="separator" style="clear: both; text-align: center;"> <iframe allowfullscreen="allowfullscreen" frameborder="0" height="266" mozallowfullscreen="mozallowfullscreen" src="https://www.youtube.com/embed/k7viy_NN8f4?feature=player_embedded" webkitallowfullscreen="webkitallowfullscreen" width="320"></iframe></div> <div style="text-align: justify;"> </div> <h3 style="text-align: justify;"> Download ::</h3> <div style="text-align: justify;"> <b>Linux :: </b><a href="http://www.monkey.org/~dugsong/fragroute/fragroute-1.2.tar.gz" target="_blank">Fragroute v1.2</a> (.tar.gz)</div> <div style="text-align: justify;"> <b>Official Website :: </b> <a href="http://www.monkey.org/~dugsong/fragroute/">http://www.monkey.org/~dugsong/fragroute/</a></div>

Fragroute :: Tools

Fragroute intercepts, modifies, and rewrites egress traffic destined for a specified host, implementing most of the attacks described in...

Read more »

SARA (Security Auditor's Research Assistant) :: Tools

<div class="separator" style="clear: both; text-align: center;"> <img alt="SARA - Security Auditor's Research Assistant" border="0" height="328" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEiTrFtEfewv2qJbhJrO35NMjPReB75buAjazNxPAGzn_8ewu8Kl2MR6bqR7jOcWgPl2nauo85Ttm13awIkk-HKsG3RzQwwaqJLguI0HYkFQBNeOqERU6aVXWY7Iloxk6dJPbufNj51Rz3NM/s1600/network-security-tips.jpg" title="SARA - Security Auditor's Research Assistant" width="640" /></div> <div style="text-align: justify;"> The <b>Security Auditor's Research Assistant (SARA)</b> is a third generation <b>network security analysis tool</b> that that has been available and actively updated for over 10 years. Sadly, all good things have to come to an end and so it goes for SARA. <b>SARA 7.9.1</b> is our last release.(1 May 2009) Actually, SARA-7.9.2a is the final release (1 August 2009).<br /><br />SARA:</div> <ol style="text-align: justify;"> <li>    Operates under Unix, <a href="http://www.toolwar.com/search/label/Linux" target="_blank">Linux</a>, <a href="http://www.toolwar.com/search/label/Mac" target="_blank">MAC OS/X</a> or <a href="http://www.toolwar.com/search/label/Windows" target="_blank">Windows</a> (through coLinux) OS'.</li> <li>    Integrates the National Vulnerability Database (NVD).</li> <li>    Performs SQL injection tests.</li> <li>    Performs exhaustive XSS tests</li> <li>    Can adapt to many firewalled environments.</li> <li>    Support remote self scan and API facilities.</li> <li>    Used for CIS benchmark initiatives</li> <li>    Plug-in facility for third party apps</li> <li>    CVE standards support</li> <li>    Enterprise search module</li> <li>    Standalone or daemon mode</li> <li>    Free-use open SATAN oriented license</li> </ol> <div style="text-align: justify;"> The first generation assistant, the Security Administrator's Tool for Analyzing <a href="http://www.toolwar.com/search/label/Network" target="_blank">Networks</a> (SATAN) was developed in early 1995. It became the benchmark for <a href="http://www.toolwar.com/search/label/Analysis" target="_blank">network security analysis</a> for several years. However, few updates were provided and the tool slowly became obsolete in the growing threat environment. <br /><br /><h3> Tutorials ::</h3> <b><span style="font-size: small;">Installation ::</span></b> <span style="font-weight: normal;"><a href="http://www-arc.com/sara/cosara/index.shtml" target="_blank">Click Here</a></span><br /> <h3> Download ::</h3> <b>Windows :: </b><a href="http://www-arc.com/sara/downloads/cosara/cosara-7.4.1.exe" target="_blank">coSARA v7.4.1</a> (.exe)<b><br />Linux :: </b><a href="http://www-arc.com/sara/downloads/sara-7.9.2a.tgz" target="_blank">SARA v7.9.2a</a> (.tar.gz)<b><br />Official Website :: </b><a href="http://www-arc.com/sara/">http://www-arc.com/sara/</a><br /><br /></div>

SARA (Security Auditor's Research Assistant) :: Tools

The Security Auditor's Research Assistant (SARA) is a third generation network security analysis tool that that has been available ...

Read more »

ACE (Telephony Analysis) :: Tools

<div class="separator" style="clear: both; text-align: center;"> <a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEhWLRvwL7u17Q85XO9IPzEMIVsSg9m8CoZRlKLo-f6NhIRybAW0vQo3-YLRAXw_xVs3yOaaI3CQClkkVlDjbGbvYks6TS9rXYckfQzKMuMOSTC0JF9EmfHYq9swqpI1cBXSTCePFuQDtCaG/s1600/VoIP+Phones.jpg" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" height="304" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEhWLRvwL7u17Q85XO9IPzEMIVsSg9m8CoZRlKLo-f6NhIRybAW0vQo3-YLRAXw_xVs3yOaaI3CQClkkVlDjbGbvYks6TS9rXYckfQzKMuMOSTC0JF9EmfHYq9swqpI1cBXSTCePFuQDtCaG/s1600/VoIP+Phones.jpg" width="640" /></a></div> <div style="text-align: justify;"> <b>ACE (Automated Corporate Enumerator)</b> is a simple yet powerful <b><a href="http://www.toolwar.com/search/label/VOIP" target="_blank">VoIP</a> Corporate Directory enumeration tool</b> that mimics the behavior of an IP Phone in order to download the name and extension entries that a given phone can display on its screen interface. In the same way that the "corporate directory" feature of VoIP hardphones enables users to easily dial by name via their VoIP handsets, ACE was developed as a research idea born from <b>"VoIP Hopper"</b> to automate VoIP <a href="http://www.toolwar.com/search/label/Attack" target="_blank">attacks</a> that can be targeted against names in an enterprise Directory. The concept is that in the future, attacks will be carried out against users based on their name, rather than targeting VoIP traffic against random RTP audio streams or IP addresses. ACE works by using DHCP, TFTP, and HTTP in order to download the VoIP corporate directory. It then outputs the directory to a text file, which can be used as input to other VoIP assessment tools. <b> ACE is a standalone utility,</b> but its functions are integrated into UCSniff.</div> <div style="text-align: justify;"> <br /></div> <div style="text-align: justify;"> <b>Features ::</b></div> <div style="text-align: justify;"> ACE currently supports the VoIP corporate directory used in Cisco Unified IP Phones. It works in the following way:</div> <ul style="text-align: justify;"> <li>Spoofs CDP to get VVID</li> <li>Adds Voice VLAN Interface (VLAN Hop) - subsequent traffic is tagged with VVID</li> <li>Sends DHCP request tagged with VVID</li> <li>Decodes TFTP Server IP Address via DHCP Option 150</li> <li>Sends a TFTP request for IP Phone configuration file</li> <li>Parses file, learning Corporate Directory URL</li> <li>Sends an HTTP GET request for Directory</li> <li>Parses XML Data, writing directory users to a formatted text file</li> </ul> <h3 style="text-align: justify;"> Tutorials ::</h3> <div style="text-align: justify;"> <b>Usages :: </b></div> <div style="text-align: justify;"> ACE can be used in one of two ways. First, it can auto-discover the TFTP Server IP Address via DHCP, or (second) the user can specify the TFTP Server IP address as a command line parameter of the tool. In either case, you must supply the MAC Address of the IP Phone with the -m option in order for the tool to correctly download the configuration file via TFTP.<br />ACE v1.0: Automated Corporate (Data) Enumerator<br />Usage: ace [-i interface] [ -m mac address ] [ -t tftp server ip address | -c cdp mode | -v voice vlan id | -r vlan interface | -d verbose mode ]<br /><br />-i (Mandatory) Interface for sniffing/sending packets<br />-m (Mandatory) MAC address of the victim IP phone<br />-t (Optional) tftp server ip address<br />-c (Optional) 0 CDP sniff mode, 1 CDP spoof mode<br />-v (Optional) Enter the voice vlan ID<br />-r (Optional) Removes the VLAN interface<br />-d (Optional) Verbose | debug mode<br /><br />Example Usages:<br />Usage requires MAC Address of IP Phone supplied with -m option<br />Usage: <span style="font-family: "Courier New",Courier,monospace;">ace -t -m</span><br /><br />Mode to automatically discover TFTP Server IP via DHCP Option 150 (-m)<br />Example: <span style="font-family: "Courier New",Courier,monospace;">ace -i eth0 -m 00:1E:F7:28:9C:8e</span><br /><br />Mode to specify IP Address of TFTP Server<br />Example: <span style="font-family: "Courier New",Courier,monospace;">ace -i eth0 -t 192.168.10.150 -m 00:1E:F7:28:9C:8e</span><br /><br />Mode to specify the Voice VLAN ID<br />Example: <span style="font-family: "Courier New",Courier,monospace;">ace -i eth0 -v 96 -m 00:1E:F7:28:9C:8E</span><br /><br />Verbose mode<br />Example: <span style="font-family: "Courier New",Courier,monospace;">ace -i eth0 -v 96 -m 00:1E:F7:28:9C:8E -d</span><br /><br />Mode to remove vlan interface<br />Example: <span style="font-family: "Courier New",Courier,monospace;">ace -r eth0.96</span><br /><br />Mode to auto-discover voice vlan ID in the listening mode for CDP<br />Example: <span style="font-family: "Courier New",Courier,monospace;">ace -i eth0 -c 0 -m 00:1E:F7:28:9C:8E</span><br /><br />Mode to auto-discover voice vlan ID in the spoofing mode for CDP<br />Example: <span style="font-family: "Courier New",Courier,monospace;">ace -i eth0 -c 1 -m 00:1E:F7:28:9C:8E</span></div> <h3 style="text-align: justify;"> Download ::</h3> <div style="text-align: justify;"> <b>Linux :: </b><a href="http://sourceforge.net/projects/ucsniff/files/ace/ace-1.10.tar.gz/download" target="_blank">ACE v1.10</a> (.tar.gz)<b><br /> </b></div> <div style="text-align: justify;"> <b>Official Website :: </b><a href="http://ucsniff.sourceforge.net/ace.html">http://ucsniff.sourceforge.net/ace.html</a></div>

ACE (Telephony Analysis) :: Tools

ACE (Automated Corporate Enumerator) is a simple yet powerful VoIP Corporate Directory enumeration tool that mimics the behavior of ...

Read more »

SSLsplit (MITM Attack against SSL/TLS) :: Tools

<div class="separator" style="clear: both; text-align: center;"> <img alt="sslsplit" border="0" height="220" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEhiKnDa1SmFAz2I_uUyfY8OE-KawIYa9Rk7T3wbyfUM42-zCwgo1Hs18FThDil200FpKE2OdkcCO9Uvk0_lHGNieQuDLgJxQVuvj7VN0Yhxbtky5w-AyzRHrrqWZB4Qrf8q5dafKyblfRnO/s1600/SSLsplit.jpg" title="sslsplit" width="400" /></div> <div style="text-align: justify;"> <span style="font-family: inherit;"><b>SSLsplit</b> is a tool for <b><a href="http://www.toolwar.com/search/label/MITM" target="_blank">man-in-the-middle attacks</a> against SSL/TLS</b> encrypted <a href="http://www.toolwar.com/search/label/Network" target="_blank">network</a> connections. Connections are transparently intercepted through a network address translation engine and redirected to SSLsplit. <b>SSLsplit</b> terminates SSL/TLS and initiates a new SSL/TLS connection to the original destination address, while logging all data transmitted. SSLsplit is intended to be useful for network <a href="http://www.toolwar.com/search/label/Forensics" target="_blank">forensics</a> and <a href="http://www.toolwar.com/search/label/Penetration" target="_blank">penetration testing</a>.</span></div> <br /> <div style="text-align: justify;"> <span style="font-family: inherit;"><b>SSLsplit </b>supports plain TCP, plain SSL, HTTP and HTTPS connections over both IPv4 and IPv6. For SSL and HTTPS connections, SSLsplit generates and signs forged X509v3 certificates on-the-fly, based on the original server certificate subject DN and subjectAltName extension. <b>SSLsplit</b> fully supports Server Name Indication (SNI) and is able to work with RSA, DSA and ECDSA keys and DHE and ECDHE cipher suites. <b>SSLsplit </b>can also use existing certificates of which the private key is available, instead of generating forged ones. <b>SSLsplit</b> supports NULL-prefix CN certificates and can deny OCSP requests in a generic way. SSLsplit removes HPKP response headers in order to prevent public key pinning.</span></div> <h3 style="text-align: justify;"> Tutorials ::</h3> <div style="text-align: justify;"> <b>Installation ::</b></div> <div style="text-align: justify;"> SSLsplit is or will be available as a package or port on the following systems:</div> <ul style="text-align: justify;"> <li>OpenBSD: security/sslsplit</li> <li>Arch Linux AUR: sslsplit</li> <li>Fedora: sslsplit</li> <li>Kali: sslsplit</li> <li>Backtrack: sslsplit</li> </ul> <div style="text-align: justify;"> <b>To install from source:</b></div> <div style="text-align: justify;"> <pre><code class=" ruby">make make <span class="keymethods">test</span> <span class="comment"># optional unit tests</span> make install <span class="comment"># optional install</span> </code></pre> </div> <div style="text-align: justify;"> <br /></div> <div style="text-align: justify;"> <b>Usage ::</b></div> <div style="text-align: justify;"> <pre><code class=" sql">% sslsplit -h <span class="keyword">Usage</span>: sslsplit [options...] [proxyspecs...] -c pemfile use CA cert (<span class="keyword">and</span> <span class="keyword">key</span>) <span class="keyword">from</span> pemfile <span class="keyword">to</span> sign forged certs -k pemfile use CA <span class="keyword">key</span> (<span class="keyword">and</span> cert) <span class="keyword">from</span> pemfile <span class="keyword">to</span> sign forged certs -C pemfile use CA chain <span class="keyword">from</span> pemfile (intermediate <span class="keyword">and</span> root CA certs) -K pemfile use <span class="keyword">key</span> <span class="keyword">from</span> pemfile <span class="keyword">for</span> leaf certs (<span class="keyword">default</span>: generate) -t certdir use cert+chain+<span class="keyword">key</span> PEM files <span class="keyword">from</span> certdir <span class="keyword">to</span> target <span class="keyword">all</span> sites matching the common <span class="keyword">names</span> (non-matching: generate if CA) -O deny <span class="keyword">all</span> OCSP requests <span class="keyword">on</span> <span class="keyword">all</span> proxyspecs -P passthrough SSL connections if they cannot be split because <span class="keyword">of</span> client cert auth <span class="keyword">or</span> <span class="keyword">no</span> matching cert <span class="keyword">and</span> <span class="keyword">no</span> CA (<span class="keyword">default</span>: <span class="keyword">drop</span>) -g pemfile use DH <span class="keyword">group</span> params <span class="keyword">from</span> pemfile (<span class="keyword">default</span>: keyfiles <span class="keyword">or</span> auto) -G curve use ECDH named curve (<span class="keyword">default</span>: secp160r2 <span class="keyword">for</span> non-RSA leafkey) -Z disable SSL/TLS compression <span class="keyword">on</span> <span class="keyword">all</span> connections -s ciphers use the given OpenSSL cipher suite spec (<span class="keyword">default</span>: <span class="keyword">ALL</span>:-aNULL) -e engine specify <span class="keyword">default</span> NAT engine <span class="keyword">to</span> use (<span class="keyword">default</span>: ipfw) -E list available NAT engines <span class="keyword">and</span> exit -u <span class="keyword">user</span> <span class="keyword">drop</span> <span class="keyword">privileges</span> <span class="keyword">to</span> <span class="keyword">user</span> (<span class="keyword">default</span> if run <span class="keyword">as</span> root: nobody) -j jaildir chroot() <span class="keyword">to</span> jaildir (<span class="keyword">default</span> if run <span class="keyword">as</span> root: /var/empty) -p pidfile <span class="keyword">write</span> pid <span class="keyword">to</span> pidfile (<span class="keyword">default</span>: <span class="keyword">no</span> pid file) -l logfile <span class="keyword">connect</span> log: log one line summary per <span class="keyword">connection</span> <span class="keyword">to</span> logfile -L logfile content log: <span class="keyword">full</span> data <span class="keyword">to</span> file <span class="keyword">or</span> named pipe (excludes -S) -S logdir content log: <span class="keyword">full</span> data <span class="keyword">to</span> separate files <span class="keyword">in</span> dir (excludes -L) -d daemon mode: run <span class="keyword">in</span> background, log error messages <span class="keyword">to</span> syslog -D debug mode: run <span class="keyword">in</span> foreground, log debug messages <span class="keyword">on</span> stderr -V print version information <span class="keyword">and</span> exit -h print <span class="keyword">usage</span> information <span class="keyword">and</span> exit proxyspec = type listenaddr+port [natengine|targetaddr+port|<span class="string">"sni"</span>+port] e.g. http <span class="number">0.0</span>.<span class="number">0.0</span> <span class="number">8080</span> www.roe.ch <span class="number">80</span> # http/<span class="number">4</span>; static hostname dst https ::<span class="number">1</span> <span class="number">8443</span> <span class="number">2001</span>:db8::<span class="number">1</span> <span class="number">443</span> # https/<span class="number">6</span>; static address dst https <span class="number">127.0</span>.<span class="number">0.1</span> <span class="number">9443</span> sni <span class="number">443</span> # https/<span class="number">4</span>; SNI DNS lookups tcp <span class="number">127.0</span>.<span class="number">0.1</span> <span class="number">10025</span> # tcp/<span class="number">4</span>; <span class="keyword">default</span> NAT engine ssl <span class="number">2001</span>:db8::<span class="number">2</span> <span class="number">9999</span> pf # ssl/<span class="number">6</span>; NAT engine <span class="string">'pf'</span> Example: sslsplit -k ca.<span class="keyword">key</span> -c ca.pem -P https <span class="number">127.0</span>.<span class="number">0.1</span> <span class="number">8443</span> https ::<span class="number">1</span> <span class="number">8443</span></code></pre> </div> <div style="text-align: justify;"> <code class=" sql"><span style="font-family: "Courier New",Courier,monospace;"><b><span style="font-weight: normal;"><span class="number"><br /></span></span></b></span> </code></div> <div style="text-align: justify;"> <br /></div> <h3 style="text-align: justify;"> Requirements ::</h3> <div style="text-align: justify;"> SSLsplit depends on the OpenSSL and libevent 2.x libraries. The build depends on GNU make and a POSIX.2 environment in <code>PATH</code>. The (optional) unit tests depend on the check library.</div> <div style="text-align: justify;"> SSLsplit currently supports the following operating systems and NAT engines:</div> <ul style="text-align: justify;"> <li>FreeBSD: pf rdr and divert-to, ipfw fwd, ipfilter rdr</li> <li>OpenBSD: pf rdr-to and divert-to</li> <li>Linux: netfilter REDIRECT and TPROXY</li> <li>Mac OS X: ipfw fwd and pf rdr (experimental)</li> </ul> <h3> Download ::</h3> <b>Linux :: </b><a href="http://mirror.roe.ch/rel/sslsplit/sslsplit-0.4.8.tar.bz2" target="_blank">SSLsplit v0.4.8</a> (.tar.bz2)<b><br /></b><br /> <b>Official Website ::</b> <a href="http://www.roe.ch/SSLsplit">http://www.roe.ch/SSLsplit</a><br /><code class=" ruby"><span class="comment"></span> </code>

SSLsplit (MITM Attack against SSL/TLS) :: Tools

SSLsplit is a tool for man-in-the-middle attacks against SSL/TLS encrypted network connections. Connections are transparently interc...

Read more »

Simple Packet Sender- SRS (Packet Crafting) :: Tools

<div class="separator" style="clear: both; text-align: center;"> <a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEh7BUKKw498tOZ31MifYW6bPLuJau7rdayfP5pA059VWTSs2bX9U8wBoL0uzzMGPCSIx2uJ2Zd0U3siY6mMaSIHGNiuByoH6wcWmPvKxDi_QhXGorMs_JAvn14nckZgM-3C0XybRLTQpiVN/s1600/tcp-ipv4.png" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img alt="Simple Packet sender screenshot" border="0" height="285" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEh7BUKKw498tOZ31MifYW6bPLuJau7rdayfP5pA059VWTSs2bX9U8wBoL0uzzMGPCSIx2uJ2Zd0U3siY6mMaSIHGNiuByoH6wcWmPvKxDi_QhXGorMs_JAvn14nckZgM-3C0XybRLTQpiVN/s1600/tcp-ipv4.png" title="Simple Packet sender screenshot" width="320" /></a></div> <div style="text-align: justify;"> <b>Simple Packet Sender (SPS)</b> is a linux <b>packet crafting tool</b>. Supports IPv4, IPv6 including extension headers, and tunneling IPv6 over IPv4. Written in C on <a href="http://www.toolwar.com/search/label/Linux" target="_blank">Linux</a> with <a href="http://www.toolwar.com/search/label/GUI" target="_blank">GUI</a> built using GTK+ and released under GPLv3. Does not require pcap.</div> <h3 style="text-align: justify;"> <b>Features:</b></h3> <div style="text-align: justify;"> <a href="http://www.toolwar.com/search/label/Packet" target="_blank">Packet</a><a href="http://www.toolwar.com/search/label/Packet" target="_blank"> crafting</a> and sending one, multiple, or flooding IPv4 and IPv6 packets of type TCP, ICMP, or UDP (or cycle through all three). All values within ethernet frame can be modified arbitrarily. Supports IPv4 header options, TCP header options, and TCP, ICMP and UDP data as well, input from either: keyboard as UTF-8/ASCII, keyboard as hexadecimal, or from file. IPv6 support includes: hop-by-hop, "first" and "last" destination, routing, authentication, and encapsulating security payload (ESP) extension headers. For those without access to a native IPv6 <a href="http://www.toolwar.com/search/label/Network" target="_blank">network</a>, IPv6 packets can be transmitted over IPv4 (6to4).</div> <div style="text-align: justify;"> Packet fragmentation for IPv4, IPv6, and 6to4. Assumed maximum transmission unit (MTU) can be changed if unusual fragment sizes are needed. IP addresses and port numbers can be randomized. A configurable traceroute function, which supports TCP, ICMP, and UDP packets with all the features mentioned above. View packets in hexadecimal/ASCII representation, in both unfragmented and fragmented forms. All packet settings can be saved to and loaded from file. IP and ASN delegation functions, including: country name/code search and reverse-search, autonomous system (AS) number search by country and reverse-search,  IPv4 and IPv6 address delegation search and reverse-search.</div> <div style="text-align: justify;"> ARP (IPv4) and Neighbor Discovery (IPv6) for querying a LAN for MAC addresses of local nodes.</div> <div style="text-align: justify;"> Retrieve MAC address and current MTU setting of any attached network interface. Domain name resolution and <a href="http://www.toolwar.com/search/label/Reverse" target="_blank">reverse</a> resolution.</div> <div style="text-align: justify;"> <br /></div> <h3 style="text-align: justify;"> Tutorial ::</h3> <div style="text-align: justify;"> <b>Wiki ::</b> <a href="http://sourceforge.net/p/simplepacket/wiki/Home/" target="_blank">Click Here</a></div> <h3 style="text-align: justify;"> Download ::</h3> <div style="text-align: justify;"> <b>Linux :: </b><a href="https://sites.google.com/site/simplepacketsender/sps-4.2.tar.gz?attredirects=0" target="_blank">Simple Packet Sender</a> (.tar.gz)<b><br /></b></div> <div style="text-align: justify;"> <b>Official Website ::</b> <a href="https://sites.google.com/site/simplepacketsender/">https://sites.google.com/site/simplepacketsender/</a></div>

Simple Packet Sender- SRS (Packet Crafting) :: Tools

Simple Packet Sender (SPS) is a linux packet crafting tool . Supports IPv4, IPv6 including extension headers, and tunneling IPv6 over I...

Read more »

PuTTY (SSH and Telnet Client) :: Tools

<div class="separator" style="clear: both; text-align: center;"> <img alt="putty logo" border="0" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEg3zvoJcKewErjVHSTjvbSDUjRlAnvLx8DNoFccuOvxFsCFHnuKCMJYOJ1NrhyfEBId03fqOnulo2MIoeDxqIbix4vgflC093Md_UhkccEcdQQ4NZiRT5mNwvddKjRoz6N4izQD-ufOng6j/s1600/putty+logo.png" title="putty logo" /></div> <div style="text-align: justify;"> <b>PuTTY</b> is a free <b>implementation of Telnet and SSH for Windows and Unix</b> platforms, along with an <code>xterm</code> terminal emulator. It is written and maintained primarily by Simon Tatham. </div> <div style="text-align: justify;"> <b>PuTTY</b> is a free and <i>open-source terminal emulator</i>, serial console and <a href="http://www.toolwar.com/search/label/Network" target="_blank">network</a> file transfer application. It supports several network <a href="http://www.toolwar.com/search/label/Protocol" target="_blank">protocols</a>, including SCP, SSH, Telnet and rlogin. The name "<b>PuTTY</b>" has no definitive meaning, though "tty" is the name for a terminal in the Unix tradition, usually held to be short for Teletype.<br /> <br /> <b>PuTTY</b> was originally written for Microsoft <a href="http://www.toolwar.com/search/label/Windows" target="_blank">Windows</a>, but it has been ported to various other operating systems. Official ports are available for some Unix-like platforms, with work-in-progress ports to Classic Mac OS and <a href="http://www.toolwar.com/search/label/Mac" target="_blank">Mac</a> OS X, and unofficial ports have been contributed to platforms such as Symbian and Windows Mobile.<br /> </div> <h3 style="text-align: justify;"> Tutorials :: </h3> <div class="separator" style="clear: both; text-align: center;"> <iframe allowfullscreen="allowfullscreen" frameborder="0" height="266" mozallowfullscreen="mozallowfullscreen" src="https://www.youtube.com/embed/9CZphjhQxIQ?feature=player_embedded" webkitallowfullscreen="webkitallowfullscreen" width="320"></iframe></div> <div style="text-align: justify;"> <br /></div> <h3 style="text-align: justify;"> Download ::</h3> <div style="text-align: justify;"> <b>Windows :: </b><a href="http://the.earth.li/~sgtatham/putty/latest/x86/putty.exe" target="_blank">PuTTY x86</a> <b>(.exe)</b></div> <div style="text-align: justify;"> <b>Unix :: </b><a href="http://the.earth.li/~sgtatham/putty/latest/putty-0.63.tar.gz" target="_blank">PuTTY</a><b> (.tar.gz)</b></div> <div style="text-align: justify;"> <b>Official Website ::</b> <a href="http://www.chiark.greenend.org.uk/~sgtatham/putty/">http://www.chiark.greenend.org.uk/~sgtatham/putty/</a></div>

PuTTY (SSH and Telnet Client) :: Tools

PuTTY is a free implementation of Telnet and SSH for Windows and Unix platforms, along with an xterm terminal emulator. It is written ...

Read more »

WormTrack (Network IDS) :: Tools

<div style="text-align: justify;"> <div class="separator" style="clear: both; text-align: center;"> <img alt="wormtrack " border="0" height="300" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEhS_UOobtkh2f05uE8fyvAf88MMYAlPr8YiidihA2xGZvHZMsYhmnbVhGG_lwY9beh6w82FX9GdK-B4yEJK56j-SYiyBfKseSVHH6hyc4cS5aWRJgwp1oGurg46HM1l9BIs7JRt2d_jPsWn/s1600/WormTrack.jpg" title="wormtrack " width="400" /></div> <b>WormTrack</b> is a <b>Network based intrusion detection system (NIDS)</b> designed to identify scanning activity on the <a href="http://www.toolwar.com/search/label/Network" target="_blank">network</a>, in particular of <a href="http://www.toolwar.com/search/label/Scanner" target="_blank">scanning</a> worms (horizontal scanning of the network). It attempts to do that WITHOUT having any type of privileged access to the network equipment, for example a MONITOR port on a switch. It also doesn't require a constant updating of its signature engine, as new threats are released, since it is based on <a href="http://www.toolwar.com/search/label/Detect" target="_blank">detection</a> of anomalous activity - which all Worms, that propagate through the network, would exhibit in order to survive and spread efficiently. A <b>Network IDS </b>which allows detection of scanning worms on a Local Area Network by <a href="http://www.toolwar.com/search/label/Monitoring" target="_blank">monitoring</a> of anomalous ARP traffic. This allows detection of scanning threats on the network, without having a privileged access on a Switch to set up a dedicated Monitor PORT, nor does it require a constant updating of the rules engine to address new threats. </div> <h3 style="text-align: justify;"> Tutorials ::</h3> <div style="text-align: justify;"> <b>General Info & Configuration :: </b><a href="http://code.google.com/p/wormtrack/wiki/GeneralInfo" target="_blank">Click Here</a> </div> <h3 style="text-align: justify;"> Download ::</h3> <div style="text-align: justify;"> <b>Linux :: </b><a href="http://wormtrack.googlecode.com/files/wormtrack-0.1.tar.gz" target="_blank">WormTrackv0.1</a> (.tar.gz)<b><br /></b></div> <div style="text-align: justify;"> <b>Source Website ::</b><a href="http://code.google.com/p/wormtrack/" target="_blank"> http://code.google.com/p/wormtrack/</a></div>

WormTrack (Network IDS) :: Tools

WormTrack is a Network based intrusion detection system (NIDS) designed to identify scanning activity on the network , in particular o...

Read more »

Autopsy (Digital Investigation Analysis) :: Tools

<div class="separator" style="clear: both; text-align: center;"> <img alt="Autopsy logo" border="0" height="200" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEjf21td83eNESL_QTE9NjV-ZSQnqexy4JbWFatUW-4KkqydKjwnSYKqQmPFBy6cnZG7rQZEG7X211P1v_klRTAzd3_Ee5pDqpYn3sfpupP4ff-ao6WwTUaeq8fqKi0PgJQiwb-loD4CvqrI/s1600/autopsy+logo.jpg" title="Autopsy logo" width="200" /></div> <div style="text-align: justify;"> <b>Autopsy</b> is a graphical interface to the <a href="http://www.toolwar.com/search/label/CLI" target="_blank"><i>command line</i></a> <b>digital investigation analysis tools</b> in <a href="http://www.toolwar.com/2014/01/the-sleuth-kit-tsk-forensics-framework.html" target="_blank"> The Sleuth Kit</a>. Together, they can analyze <i>Windows and UNIX</i> disks and file systems (NTFS, FAT, UFS1/2, Ext2/3).</div> <div style="text-align: justify;"> <b>The Sleuth Kit </b>and <b>Autopsy</b> are both Open Source and run on UNIX platforms (you can use Cygwin to run them both on <a href="http://www.toolwar.com/search/label/Windows" target="_blank">Windows</a>). As <b>Autopsy</b> is HTML-based, you can connect to the <b>Autopsy</b> server from any platform using an HTML browser. Autopsy provides a "File Manager"-like interface and shows details about deleted data and file system structures.</div> <h3 style="text-align: justify;"> <span style="font-size: small;">Analysis Modes</span></h3> <ul style="text-align: justify;"> <li>A <b>dead analysis</b> occurs when a dedicated <a href="http://www.toolwar.com/search/label/Analysis" target="_blank">analysis</a> system is used to examine the data from a suspect system. In this case, <b>Autopsy</b> and The Sleuth Kit are run in a trusted environment, typically in a lab. Autopsy and TSK support raw, Expert Witness, and AFF file formats. </li> <li>A <b>live analysis</b> occurs when the suspect <a href="http://www.toolwar.com/search/label/System" target="_blank">system</a> is being analyzed while it is running. In this case, <b>Autopsy</b> and The Sleuth Kit are run from a CD in an untrusted environment. This is frequently used during incident response while the incident is being confirmed. After it is confirmed, the system can be acquired and a dead analysis performed. </li> </ul> <h3 style="text-align: justify;"> Evidence Search Techniques</h3> <ul style="text-align: justify;"> <li><b>File Listing</b>: Analyze the files and directories, including the names of deleted files and files with Unicode-based names.</li> <li><b>File Content</b>: The contents of files can be viewed in raw, hex, or the ASCII strings can be extracted. When data is interpreted, Autopsy sanitizes it to prevent damage to the local analysis system. Autopsy does not use any client-side scripting languages.</li> <li><b>Hash Databases</b>: Lookup unknown files in a <a href="http://www.toolwar.com/search/label/Hash" target="_blank">hash</a> database to quickly identify it as good or bad. Autopsy uses the NIST <i>National Software Reference Library (NSRL)</i> and user created databases of known good and known bad files </li> <li><b>File Type Sorting</b>: Sort the files based on their internal signatures to identify files of a known type. Autopsy can also extract only graphic images (including thumbnails). The extension of the file will also be compared to the file type to identify files that may have had their extension changed to hide them.</li> <li><b>Timeline of File Activity</b>: In some cases, having a timeline of file activity can help identify areas of a file system that may contain evidence. Autopsy can create timelines that contain entries for the Modified, Access, and Change (MAC) times of both allocated and unallocated files.</li> <li><b>Keyword Search</b>: Keyword searches of the file system image can be performed using ASCII strings and grep regular expressions. Searches can be performed on either the full file system image or just the unallocated space. An index file can be created for faster searches. Strings that are frequently searched for can be easily configured into Autopsy for automated searching. </li> <li><b>Meta Data Analysis</b>: Meta Data structures contain the details about files and directories. Autopsy allows you to view the details of any meta data structure in the file system. This is useful for recovering deleted content. Autopsy will search the directories to identify the full path of the file that has allocated the structure.</li> <li><b>Data Unit Analysis</b>: Data Units are where the file content is stored. Autopsy allows you to view the contents of any data unit in a variety of formats including ASCII, hexdump, and strings. The file type is also given and Autopsy will search the meta data structures to identify which has allocated the data unit. </li> <li><b>Image Details</b>: File system details can be viewed, including on-disk layout and times of activity. This mode provides information that is useful during data recovery. </li> </ul> <h3 style="text-align: justify;"> Case Management</h3> <ul style="text-align: justify;"> <li><b>Case Management</b>: Investigations are organized by <i>cases</i>, which can contain one or more <i>hosts</i>. Each host is configured to have its own time zone setting and clock skew so that the times shown are the same as the original user would have seen. Each host can contain one or more file system images to analyze. </li> <li><b>Event Sequencer</b>: Time-based events can be added from file activity or IDS and firewall logs. Autopsy sorts the events so that the sequence of incident events can be more easily determined. </li> <li><b>Notes</b>: Notes can be saved on a per-host and per-investigator basis. These allow you to make quick notes about files and structures. The original location can be easily recalled with the click of a button when the notes are later reviewed. All notes are stored in an ASCII file. </li> <li><b>Image Integrity</b>: It is crucial to ensure that files are not modified during analysis. Autopsy, by default, will generate an MD5 value for all files that are imported or created. The integrity of any file that Autopsy uses can be validated at any time. </li> <li><b>Reports</b>: Autopsy can create ASCII reports for files and other file system structures. This enables you to quickly make consistent data sheets during the investigation.</li> <li><b>Logging</b>: Audit logs are created on a case, host, and investigator level so that actions can be easily recalled. The exact Sleuth Kit commands that are executed are also logged.</li> <li><b>Open Design</b>: The code of Autopsy is open source and all files that it uses are in a raw format. All configuration files are in ASCII text and cases are organized by directories. This makes it easy to export the data and archive it. It also does not restrict you from using other tools that may solve the specific problem more appropriately.</li> <li><b>Client Server Model</b>: Autopsy is HTML-based and therefore you do not have to be on the same system as the file system images. This allows multiple investigators to use the same server and connect from their personal systems.</li> </ul> <div style="text-align: justify;"> <b>Autopsy</b> is written in <a href="http://www.toolwar.com/2013/09/perl-language.html" target="_blank">Perl</a> and runs on the same UNIX platforms as <a href="http://www.toolwar.com/2014/01/the-sleuth-kit-tsk-forensics-framework.html" target="_blank">The Sleuth Kit</a>:</div> <ul style="text-align: justify;"> <li><a href="http://www.toolwar.com/search/label/Linux" target="_blank">Linux</a></li> <li><a href="http://www.toolwar.com/search/label/Mac" target="_blank">Mac OS X</a></li> <li>Open & FreeBSD</li> <li>Solaris</li> <li>Cygwin (you cannot use the win32 executables that can be downloaded from this site, you must build in Cygwin) </li> </ul> <h3> Tutorial ::</h3> <div class="separator" style="clear: both; text-align: center;"> <iframe allowfullscreen="allowfullscreen" frameborder="0" height="266" mozallowfullscreen="mozallowfullscreen" src="https://www.youtube.com/embed/RUgmkvt2WNg?feature=player_embedded" webkitallowfullscreen="webkitallowfullscreen" width="320"></iframe></div> <h3>  </h3> <h3> Download ::</h3> <b>Windows :: </b><a href="http://sourceforge.net/projects/autopsy/files/autopsy/3.0.8/autopsy-3.0.8-32bit.msi/download" target="_blank">Autopsy 3.0.8x32</a> (.msi) | <a href="http://sourceforge.net/projects/autopsy/files/autopsy/3.0.8/autopsy-3.0.8-64bit.msi/download" target="_blank">Autopsy 3.0.8x64</a> (.msi)<br /> <b>Linux :: </b><a href="http://sourceforge.net/projects/autopsy/files/autopsy/2.24/autopsy-2.24.tar.gz/download" target="_blank">Autopsy 2.08</a> (.tar.gz)<br /> <b>Official Website :: </b><a href="http://www.sleuthkit.org/autopsy/index.php" target="_blank">http://www.sleuthkit.org/autopsy/index.php </a>

Autopsy (Digital Investigation Analysis) :: Tools

Autopsy is a graphical interface to the command line digital investigation analysis tools in The Sleuth Kit . Together, they can anal...

Read more »

Oryon C Portable (Intelligence Investigations) :: Tools

<div style="text-align: justify;"> <div class="separator" style="clear: both; text-align: center;"> <img alt="Oryon C Portable Logo" border="0" height="207" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEh9kco19KpeXKaOauklNcyR7Mqb7aJToI227Jp6oVRMqzmUOFIlCx9AYR3LMlp8AGhOmyEa0UPcI5NByrn9hNG9fuAw57vrtUBXHIMsrLXi-W0kkuu8ZML7Dl0gTJV-ElkjIiF733Q5Kh1k/s1600/Oryon+c+Prortable.png" title="Oryon C Portable Logo" width="400" /></div> <b>Oryon C Portable</b> is a <a href="http://www.toolwar.com/search/label/Browser" target="_blank"><b>web browser</b></a> designed to <i>assist researchers</i> in conducting <b>Open Source Intelligence investigations</b>. <b>Oryon</b> comes with dozens of pre-installed <a href="http://www.toolwar.com/search/label/Tools" target="_blank">tools</a> and a select set of links cataloged by category – including those that can be found in the OI Shared Resources.<br /> <br /> <b>Specification ::</b><br /> <br /> - Based on SRWare Iron version 31.0.1700.0 (Chromium)<br /> - More than 70 pre-installed tools to support investigators in their everyday work<br /> - More than 600 links to specialized sources of information and online investigative tools<br /> - Additional privacy protection features<br /> - A ready to use opml file containing a sorted collection of information sources in the fields such as: OSINT, Intelligence, InfoSec, defense, and more.<br /> <br /> <b>Version Info ::</b><br /> 0.1 Initial release<br /> <br /> <b>Type ::</b><br /> Portable. No need to install, you can start using straightaway in your desktop, pendrive, etc.<br /> <br /> <b>Platform ::</b><br /> <a href="http://www.toolwar.com/search/label/Windows" target="_blank">Windows</a> : XP, Vista, 7 x32 & x64<br /> <br /> <b>License ::</b><br /> Various Open Source Licenses</div> <div style="text-align: justify;"> <br /></div> <h3 style="text-align: justify;"> Tutorials ::</h3> <div style="text-align: justify;"> <b>Documentation ::</b> <a href="http://osintinsight.com/Documentation.pdf" target="_blank">Click Here</a></div> <div style="text-align: justify;"> <br /></div> <h3 style="text-align: justify;"> Download ::</h3> <div style="text-align: justify;"> <b>Windows :: </b><a href="http://sourceforge.net/projects/oryon/files/latest/download" target="_blank">Oryon C Portable-v0.1</a><b> (.exe)</b></div> <div style="text-align: justify;"> <b>Official Website :: </b><a href="http://osintinsight.com/oryon.php">http://osintinsight.com/oryon.php</a></div> <div style="text-align: justify;"> <b>Submitted By ::</b> OSINTINSIGHT</div>

Oryon C Portable (Intelligence Investigations) :: Tools

Oryon C Portable is a web browser designed to assist researchers in conducting Open Source Intelligence investigations . Oryon comes...

Read more »

TCPXtract (Network Traffic Extracting) :: Tools

<div style="text-align: justify;"> <div class="separator" style="clear: both; text-align: center;"> <img alt="tcpxtract" border="0" height="266" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEgAqmL04htFo4cwsqJf60ruYKJbVcXmUbnsVr1NDB1wzSsk8wfB8iamSOsfzWyNH0v1iebn8mHNvwO-8axc4WJdJLZmoXI_3x0tQUpTiPg4Prr5CYbJTMM3xExj4w9FAXAXPlvmmPMw3Wm6/s1600/tcpxtract.jpg" title="tcpxtract" width="400" /></div> <b>tcpxtract</b> is a tool for <b>extracting files from network traffic</b> based on file signatures. Extracting files based on file type headers and footers (sometimes called <i>"carving"</i>) is an age old data <a href="http://www.toolwar.com/search/label/Recovery" target="_blank">recovery</a> technique. Tools like <a href="http://www.toolwar.com/2013/11/foremost-tools.html" target="_blank">Foremost</a> employ this technique to recover files from arbitrary data streams. <b>Tcpxtract</b> uses this technique specifically for the application of intercepting files transmitted across a <a href="http://www.toolwar.com/search/label/Network" target="_blank">network</a>. Other <a href="http://www.toolwar.com/search/label/Tools" target="_blank">tools</a> that fill a similar need are driftnet and EtherPEG. driftnet and <b>EtherPEG</b> are tools for <a href="http://www.toolwar.com/search/label/Monitoring" target="_blank">monitoring</a> and extracting graphic files on a network and is commonly used by network administrators to police the internet activity of their users. The major limitations of driftnet and EtherPEG is that they only support three filetypes with no easy way of adding more. The search technique they use is also not scalable and does not search across <a href="http://www.toolwar.com/search/label/Packet" target="_blank">packet</a> boundries. <b>tcpxtract</b> features the following:<br /> <ul> <li>Supports 26 popular file formats out-of-the-box. New formats can be added by simply editing its config file.</li> <li>With a quick conversion, you can use your old Foremost config file with tcpxtract.</li> <li>Custom written search algorithm is lightning fast and very scalable.</li> <li>Search algorithm searches across packet boundries for total coverage and forensic quality.</li> <li>Uses libpcap, a popular, portable and stable library for network data capture.</li> <li>Can be used against a live network or a tcpdump formatted capture file. </li> </ul> <br /> <h3> Tutorial ::</h3> <div class="separator" style="clear: both; text-align: center;"> <iframe allowfullscreen="allowfullscreen" frameborder="0" height="266" mozallowfullscreen="mozallowfullscreen" src="https://www.youtube.com/embed/uLQokDjcivU?feature=player_embedded" webkitallowfullscreen="webkitallowfullscreen" width="320"></iframe></div> <br /> <h3> Download :: </h3> <b>Linux :: </b><a href="http://prdownloads.sourceforge.net/tcpxtract/tcpxtract-1.0.1.tar.gz?download" target="_blank">tcpxtract v1.01</a> (.tar.gz)<b> </b><br /> <b>Official Website ::</b> <a href="http://tcpxtract.sourceforge.net/">http://tcpxtract.sourceforge.net/</a></div>

TCPXtract (Network Traffic Extracting) :: Tools

tcpxtract is a tool for extracting files from network traffic based on file signatures. Extracting files based on file type headers and...

Read more »

iScan Online :: Tools

<div class="separator" style="clear: both; text-align: center;"> <img alt="iscan logo online " border="0" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEgeslw6s4bc1vdJpAy_EBblVvuVFaHURRWxOkNzjUnX9V89kGe-adrQQhV7XBSPrnczstoi85guEuodmRteZGABDY-ALPPiGYapmKUWj2XLLvFzmZ0CHTSFwsYTyffYtCtRHMwmzMDQPNqj/s1600/iscan+online+logo.png" title="iscan logo online " /></div> <div style="text-align: justify;"> <b>iScan Online</b> is the <i>vulnerability scanning solutions for Computing and Mobility.</i> <b>iScan Online</b> delivers its <i><a href="http://www.toolwar.com/search/label/Vulnerability" target="_blank">vulnerability</a> <a href="http://www.toolwar.com/search/label/Scanner" target="_blank">scanning</a></i> through a <b>browser plugin, native mobile app</b> or alternatively as a downloadable <a href="http://www.toolwar.com/search/label/CLI" target="_blank">CLI</a> executable.<br /> <br /> For BYOD environments, HTML and Javascript snippets are provided to scan any laptop or <a href="http://www.toolwar.com/search/label/Phone" target="_blank">mobile device</a> connecting to a network and/or <a href="http://www.toolwar.com/search/label/Web" target="_blank">web </a>application.<br /> <br /> Data is submitted to the cloud console where HTML, CSV and <a href="http://www.toolwar.com/search/label/PDF" target="_blank">PDF</a> reports are available. JSON data is readily available with the RESTful API.<br /> <br /> Supported platforms covered for vulnerability and data discovery scanning are: <a href="http://www.toolwar.com/search/label/Windows" target="_blank">Windows</a>, <a href="http://www.toolwar.com/search/label/Mac" target="_blank">Mac OS X</a>, <a href="http://www.toolwar.com/search/label/Android" target="_blank">Android</a> and Apple iOS. Desktops, Servers, Smartphones and Tablets supported.</div> <div style="text-align: justify;"> </div> <div style="text-align: justify;"> <h3> Tutorials ::</h3> <div class="separator" style="clear: both; text-align: center;"> <iframe allowfullscreen="allowfullscreen" frameborder="0" height="266" mozallowfullscreen="mozallowfullscreen" src="https://www.youtube.com/embed/SIIbrXW8ZMg?feature=player_embedded" webkitallowfullscreen="webkitallowfullscreen" width="320"></iframe></div> <h3> Download ::</h3> </div> <div style="text-align: justify;"> <b>Android (Play Store) ::</b> <a href="https://play.google.com/store/apps/details?id=com.iscanonline.iscanandroid" target="_blank">https://play.google.com/store/apps/details?id=com.iscanonline.iscanandroid </a></div> <div style="text-align: justify;"> <b>Official Website & Online Plugins ::</b> <a href="https://www.iscanonline.com/" target="_blank">https://www.iscanonline.com/</a></div> <div style="text-align: justify;"> <b>Submitted By ::</b> iScan Online </div>

iScan Online :: Tools

iScan Online is the vulnerability scanning solutions for Computing and Mobility. iScan Online delivers its vulnerability scanning ...

Read more »

Beast-Check (SSL/TLS BEAST Vulnerability Check) :: Tools

<div class="separator" style="clear: both; text-align: center;"> <a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEiPX99p7OpWXx86CRPoDgco35kA8zXAjBG_l0dAQqBWT0feEqj9A1w1aPOcGpyS0DbdryxrvPzF4dTTNWY5ygzT9bP3hy9j04M3iACwFr6i2ykH2cC2G1p5-gauXZ_gz_9gWFAsUToI4Bik/s1600/beast-check+vulnerability+scanner.jpg" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img alt="beast-check vulnerability scanner" border="0" height="200" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEiPX99p7OpWXx86CRPoDgco35kA8zXAjBG_l0dAQqBWT0feEqj9A1w1aPOcGpyS0DbdryxrvPzF4dTTNWY5ygzT9bP3hy9j04M3iACwFr6i2ykH2cC2G1p5-gauXZ_gz_9gWFAsUToI4Bik/s640/beast-check+vulnerability+scanner.jpg" title="beast-check vulnerability scanner" width="640" /></a></div> <div style="text-align: justify;"> <b>Beast-Chec</b>k is a small <i>perl script</i> that <i>checks a target server</i> whether it is <i><b>prone to BEAST <a href="http://www.toolwar.com/search/label/Vulnerability" target="_blank">vulnerability</a></b></i> via target preferred cipher. It assumes no workaround (i.e. EMPTY FRAGMENT) applied in target server. Some sources said this workaround was disabled by default for compatibility reasons. This may be the reason why RC4 ciphersuite was widely chosen as highest preferred ciphersuite for the primary workaround. </div> <h3 style="text-align: justify;"> Tutorial ::</h3> <div style="text-align: justify;"> <span style="font-size: large;">Uses ::  </span></div> <pre class="prettyprint"><span class="pln">$ </span><span class="pun">./</span><span class="pln">beast</span><span class="pun">.</span><span class="pln">pl </span><span class="pun">===============================================</span><span class="pln"> SSL</span><span class="pun">/</span><span class="pln">TLS BEAST </span><span class="typ">Vulnerability</span><span class="pln"> </span><span class="typ">Check</span><span class="pln">  </span><span class="kwd">by</span><span class="pln"> YGN </span><span class="typ">Ethical</span><span class="pln"> </span><span class="typ">Hacker</span><span class="pln"> </span><span class="typ">Group</span><span class="pun">,</span><span class="pln"> http</span><span class="pun">:</span><span class="com">//yehg.net/</span><span class="pln"> </span><span class="pun">===============================================</span><span class="pln"> </span><span class="typ">Usage</span><span class="pun">:</span><span class="pln"> beast</span><span class="pun">.</span><span class="pln">pl host </span><span class="pun">[</span><span class="pln">port</span><span class="pun">]</span><span class="pln"> port </span><span class="pun">=</span><span class="pln"> </span><span class="lit">443</span><span class="pln"> </span><span class="kwd">by</span><span class="pln"> </span><span class="kwd">default</span><span class="pln"> </span><span class="pun">{</span><span class="pln">optional</span><span class="pun">}</span></pre> <pre class="prettyprint"><span class="pun"> </span></pre> <div class="prettyprint"> <span style="font-family: inherit;"><span style="font-size: small;"><span class="pun"><b>Example :: Scanning Google</b></span></span></span></div> <pre class="prettyprint"><span class="pun"><b><span class="pln"> </span></b></span></pre> <pre class="prettyprint"><span style="background-color: white;"><span class="pun"><span class="pln">$ </span><span class="pun">./</span><span class="pln">beast</span><span class="pun">.</span><span class="pln">pl www</span><span class="pun">.</span><span class="pln">google</span><span class="pun">.</span><span class="pln">com </span><span class="pun">===============================================</span><span class="pln"> SSL</span><span class="pun">/</span><span class="pln">TLS BEAST </span><span class="typ">Vulnerability</span><span class="pln"> </span><span class="typ">Check</span><span class="pln">  </span><span class="kwd">by</span><span class="pln"> YGN </span><span class="typ">Ethical</span><span class="pln"> </span><span class="typ">Hacker</span><span class="pln"> </span><span class="typ">Group</span><span class="pun">,</span><span class="pln"> http</span><span class="pun">:</span><span class="com">//yehg.net/</span><span class="pln"> </span><span class="pun">===============================================</span><span class="pln"> </span><span class="typ">Target</span><span class="pun">:</span><span class="pln"> www</span><span class="pun">.</span><span class="pln">google</span><span class="pun">.</span><span class="pln">com</span><span class="pun">:</span><span class="lit">443</span><span class="pln"> </span><span class="com">## The target is NOT vulnerable to BEAST attack. ##</span><span class="pln"> </span><span class="typ">Protocol</span><span class="pun">:</span><span class="pln"> TLS v1</span><span class="typ">Server</span><span class="pln"> </span><span class="typ">Preferred</span><span class="pln"> </span><span class="typ">Cipher</span><span class="pun">:</span><span class="pln"> ECDHE</span><span class="pun">-</span><span class="pln">RSA</span><span class="pun">-</span><span class="pln">RC4</span><span class="pun">-</span><span class="pln">SHA</span><span class="typ">Vulnerable</span><span class="pun">:</span><span class="pln"> NO</span>  </span></span></pre> <pre class="prettyprint"><span style="background-color: white;"><span class="pun"> </span></span></pre> <div class="separator" style="clear: both; text-align: center;"> <iframe allowfullscreen="allowfullscreen" frameborder="0" height="266" mozallowfullscreen="mozallowfullscreen" src="https://www.youtube.com/embed/4uCn1bjEC7s?feature=player_embedded" webkitallowfullscreen="webkitallowfullscreen" width="320"></iframe></div> <pre class="prettyprint"><span style="background-color: white;"><span class="pun"> </span></span></pre> <h3 style="text-align: justify;"> Download :: </h3> <div style="text-align: justify;"> <b><span style="font-size: small;">Linux & Windows :: </span></b><a href="http://beast-check.googlecode.com/files/beast.pl" target="_blank">Beast-Check </a>(Perl Script)</div> <div style="text-align: justify;"> <b>Official Website :: </b><a href="http://yehg.net/">http://yehg.net/</a></div>

Beast-Check (SSL/TLS BEAST Vulnerability Check) :: Tools

Beast-Chec k is a small perl script that checks a target server whether it is prone to BEAST vulnerability via target preferred ciphe...

Read more »