Security Tools Digest
2000/08/30 to 2000/09/07

Security Tools Digest Archive
http://www.securityportal.com/research/XXXXXXXXXXXXXX

By Seán Boran (sean at boran.com) for SecurityPortal


Favourite tools

SSH
OpenSSH 2.2.0p1 released.
A patch for OpenSSH 2.1.1p4 portable integrates Challenge/response authentication, especially Cryptocard. Does not use PAM. Download from media solutions.

Nessus: Commerical support is now available from Nessus Consulting.

Nmap: 2.54BETA4 is now available.

Saint: 2.2 released Changes: A new check for smurf and fraggle amplifiers, based upon NMAP. Check for: Trinity distributed denial-of-service tool, Specialized Header (Translate: f) vulnerability in Microsoft web servers, bboard vulnerability in Sun Java Web Server,  vulnerability in ntop, netauth.cgi and htgrep,  root accounts with empty passwords, for guest and administrator accounts with empty passwords, writable Netbios shares.
Fixed compilation problem for Red Hat 6.2, bug in NFS check affecting Solaris 7 and 8.I

Sara v3.1.8 released. Changes: Improved tutorials for http and smb, Added multi tasking support, Fixed error reporting date in daemon mode, Fixed errors in html.pl introduced in 3.1.7, Added test for IRIX telnetd vulnerability, Fixed a problem importing SARA Report data into Office 2000, and Fixed problem with get_targets (FW vs non FW).


Tools for Windows

SecuriTeam

WinZapper, event log managing tool
HFCheck, Windows 2000 IIS Hotfix Checking Tool

Packet storm

twwwscan05.zip Sep 5 22:17:42 2000
TWWWscan is a Windows based www vulnerability scanner which looks for
227 www/cgi vulnerabilities . Displays http header, server info, and tries for
accurate results. Now features anti-IDS url encoding and passive mode scan.
Tested on win95 osr2 win98,win98se,win nt4,win 2k/Me. Changes: Web Server
Detection Improved, added http_port, addded info option, and bugs were fixed.
Homepage: http://search.iland.co.kr/twww . By TSS

SecurityFocus

Forensic Toolkit 1.4 by NT Objectives, http://www.ntobjectives.com/forensic.htm
The Forensic ToolKit contains several Win32 Command line tools that can help you examine the files on a NTFS disk partition for unauthorized activity. List files by their last access time, search for access times between certain time frames, scan the disk for hidden files, data streams. Dump file and security attributes. Report on audited files. Discover altered ACL's. See if a server reveals too much info via NULL sessions.


Tools for UNX/Linux/BSD & Cross platform

Packet storm

pikt-1.11.0.tar.gz  Sep 5 22:13:16 2000
PIKT is a multi-functional tool for monitoring systems, reporting and fixing
problems, and managing system configurations. PIKT is quickly gathering
potential as a serious security management system. PIKT comprises an
embedded scripting language with unique, labor-saving features. Binaries
available here. Changes: Added new 'piktc -m#' option for doing checksum
compares (file integrity checking). Speeded up associative array processing.
Fixed a serious memory leak in the script parser, also several other bugs and new
features. Homepage: http://pikt.uchicago.edu/pikt. By Robert Osterlund

bird.pl Sep 5 21:41:23 2000
bird.pl is a source code scanner which uses regular expressions to search for 12
common insecure C calls and 8 common insecure perl functions. By Zorgon

telnetfp_0.1.0.tar.gz  Sep 5 21:35:09 2000
Telnetfp is an OS detection tool which uses do / dont requests via telnet to
determine remote OS type. Contains 23 OS fingerprints. Homepage:
http://teso.scene.at. By Palmers

inux-2.2.17-stealth1.diff Sep 5 19:01:30 2000
Patch for linux kernel 2.2.17 to discard packets that many OS detection tools use
to query the TCP/IP stack. Includes logging of the dropped query packets and
packets with bogus flags. Changes: Now works with kernel v2.2.17. Homepage:
http://www.innu.org/~sean. By Sean Trifero

fileutils-4.0-lm.tar.gz Sep 5 18:58:42 2000
Landmine Fileutils is a modified fileutils package for Linux which logs the
arguments used for execution to syslog. Includes patched copies of chmod,
chgrp, chown, cp, dir, ln, ls, mkdir, mv, rm, rmdir, and touch. Homepage:
http://www.innu.org/~sean. By Sean Trifero

linux-2.2.17.tar.gz Sep 5 15:46:05 2000
Linux Kernel version 2.2.17. Changes: This is the newest stable release. Linux
2.2.17 contains no large security updates but changes but does include fixes for
ipchains firewalling, raw SCSI/IDE commands, and keymap reloads now require
root access. Release notes here. Homepage:
http://www.kernel.org/pub/linux/kernel/v2.2/.

sscan2k-pre5.HWA.tar.gz  Aug 30 17:57:48 2000
sscan2k-pre5, Remote Auditing Tool that scans for more than 200 known
vulnerabilities that are able to be found remotely, It depends on the operating
system that the target host is running on to check for the vulnerabilities to prevent
unecessary bandwidth to be used. Now comes with an easy to use configuration
program much like xf86config, it also brings the option to use NMAP to guess
operating system or to use sscan2k's scripted modules which are very updatable
by the user. Multiple host scanning was improved. Homepage:
http://www.hwa-security.net. By eth0

FreshMeat

Pdump 0.779 by Samy Kamkar, http://pdump.lucidx.com/ 
Perl packet sniffer that dumps, monitors, and modifies traffic on a network.

FireWall Log Spawn 1.0.5 by Karl,  http://www.shagz.org/files.html
FireWall Log Spawn is a simple Perl script which collects firewall information from the specified source, formats it to make it easier to read, and places it in another file.

SecurityFocus

Note: tools announced on SF are not necessarily updates or new, it's just that someone posted an announcement. We try only to notify you only of new or updated tools, but it's not easy. Also, not all tools are free.

sifi 0.1.6 by R. Muchsel, R. Schmid, M. Stock. H. Weidner,   http://www.ifi.unizh.ch/ikm/SINUS/firewall/
The SINUS Firewall is a TCP/IP packet filter for Linux. Some of its features are stateful inspection of TCP communications, text-based configuration, graphical management interface for configuration of several firewalls, dynamic rules, prevention of packet and address spoofing, extensive logging, alerting, and counter intelligence.

Guardbot by Shuo-yen Choo,  Co-Author Tien Lee, tien@guardbot.com, http://www.guardbot.com
Guardbot encrypts HTML pages with DES encryption. The encrypted pages can be viewed directly in a web browser. The Guardbot protected page generates a password prompt, and the page is decrypted with the included Java applet. Guardbot can be used for password protecting web sites, encrypting html documents for secure transport, etc

Ganymede 0.99.3 by Computer Science Division of the Applied Research Laboratories of The University of Texas at Austin  http://www.arlut.utexas.edu/gash2
GANYMEDE is a portable and customizable network directory management system, released under the GNU General Public License. It is free software. It is similar in concept (if not in scale) to network directory systems like Microsoft's ActiveDirectory and Novell's Novell Directory Services. GANYMEDE differs in that it is written entirely in Java (making everything very portable), and in that it is designed to provide management for existing NIS, DNS, LDAP, and other network directory servers, not to replace them.

Falcon Firewall Project 0.1.5 by Falcon Open Group, http://falcon.naw.de The Falcon Project (Free Application-Level CONnection kit) is an open firewall project with the intention of developing a free, secure and OS-independent firewall system. Falcon consists of three major modules: Falcons's own proxies (written in Perl); 3rd-party proxies (squid / qmail / BIND8), each modified for chroot environment; and general concepts for OS hardening, chrooting etc.

Fast IP Routing Accounting (FIPRA) 0.65c by Roger Abrahamsson and Peter Hellman   http://www.umplug.org/fipra
FIPRA (Fast IP Routing Accounting) is a tool for logging IP traffic at high speeds. The logging part is moved inside the kernel and adds as little as possible to the overhead of handling IP packets. To that is coupled a daemon which moves data out of kernel space and into an SQL database.

GASP (Generator and Analyzer System for Protocols) 0.90 by Laurent Riesterer,   http://laurent.riesterer.free.fr/gasp/
GASP stands for 'Generator and Analyzer System for Protocols'. It allows you to decode and encode any protocols you specify. The main use is to test network applications: you can construct packets by hand and test the behavior of your program when facing some strange packets. But you can apply it to a lot of other applications: e.g. manipulating graphical files or executable headers. Just describe the specification of the structured data. GASP is divided in two parts: a compiler which takes the specification of the protocols and generates the code to handle it, this code is a new Tcl command as GASP in build upon Tcl/Tk and extends the scripting facilities provided by Tcl.

PIKT - Problem Informant/Killer Tool 1.11.0 by Robert Osterlund,   http://pikt.uchicago.edu/pikt/dist/ 
PIKT is a cross-platform, multi-functional toolkit for monitoring systems, reporting and fixing problems, and managing system configurations. It consists of an embedded scripting language with unique, labor-saving features, a script and system config file preprocessor, a scheduler, an installer, and other tools.

Antivore by ChainMail Inc., http://www.antivore.org
Mithril Secure Server, dubbed Antivore, acts as a proxy between email clients and mail servers. It manages encryption keys, signing, encrypting, etc. It encrypts whenever possible, signs messages always, and automatically looks up public keys to encrypt outgoing mail. All key management is handled by the server. All keys are stored on the server in encypted form. Data on disc is always encrypted, and encrypted data is only in memory and over secure channels like SSL.

SDSC/GT Secure FTP by Gary Cohen and Brian Knight   http://www.glub.com/products/secureftp/ Secure FTP is a client package that allows for a secure connection to be made to an FTP daemon via SSL.


Seán Boran is an IT security consultant based in Switzerland and the author of the online IT Security Cookbook.

© Copyright 2000, SecurityPortal Inc. & Seán Boran, All Rights Reserved, Last Update: 07 September, 2000