Weekly Security Tools Digest
2000/09/01 to 2000/09/07

By Seán Boran (sean at boran.com) for SecurityPortal


The Rundown

Favourite tools this week include OpenSSH 2.20p1, Nmap 2.54BETA4, Saint 2.2, and Sara v3.1.8. Tools for Windows include an event log management tool, a hotfix checker tool, and a web vulnerability scanner. UNIX based tools include PIKT - a multi-functional tool for monitoring systems, Pdump, a perl packet sniffer, and GASP, a protocol encoder/decoder.


Favourite Tools


SSH

OpenSSH 2.2.0p1 released
ftp://ftp.openbsd.org/pub/OpenBSD/OpenSSH/portable/

A patch for OpenSSH 2.1.1p4 portable integrates Challenge/response authentication, especially Cryptocard. Does not use PAM. Download from media solutions.
http://projects.jdimedia.nl/index.phtml?BROW=1&ID=openssh&W=999&H=229


Nessus

Commerical support is now available from Nessus Consulting.
http://www.nessus.com


Nmap

2.54BETA4 is now available
http://www.insecure.org


Saint

2.2 Released
http://wwdsilx.wwdsi.com/saint/

A new check for smurf and fraggle amplifiers, based upon NMAP. Check for: Trinity distributed denial-of-service tool, Specialized Header (Translate: f) vulnerability in Microsoft web servers, bboard vulnerability in Sun Java Web Server,  vulnerability in ntop, netauth.cgi and htgrep,  root accounts with empty passwords, for guest and administrator accounts with empty passwords, writable Netbios shares. Fixed compilation problem for Red Hat 6.2, bug in NFS check affecting Solaris 7 and 8.I


Sara

v3.1.8 Released
http://161.58.8.77/arccom/__Sara/

Improved tutorials for http and smb, Added multi tasking support, Fixed error reporting date in daemon mode, Fixed errors in html.pl introduced in 3.1.7, Added test for IRIX telnetd vulnerability, Fixed a problem importing SARA Report data into Office 2000, and Fixed problem with get_targets (FW vs non FW).


Tools for Windows


SecuriTeam


WinZapper, event log managing tool

http://www.securiteam.com/tools/WinZapper__event_log_managing_tool.html


HFCheck, Windows 2000 IIS Hotfix Checking Tool

http://www.securiteam.com/tools/HFCheck__Windows_2000_IIS_Hotfix_Checking_Tool.html


Packet Storm


twwwscan05.zip Sep 5 22:17:42 2000

TWWWscan is a Windows based www vulnerability scanner which looks for 227 www/cgi vulnerabilities . Displays http header, server info, and tries for accurate results. Now features anti-IDS url encoding and passive mode scan.
Tested on win95 osr2 win98,win98se,win nt4,win 2k/Me. Changes: Web Server Detection Improved, added http_port, addded info option, and bugs were fixed. By TSS.

http://search.iland.co.kr/twww


SecurityFocus


Forensic Toolkit 1.4 by NT Objectives

The Forensic ToolKit contains several Win32 Command line tools that can help you examine the files on a NTFS disk partition for unauthorized activity. List files by their last access time, search for access times between certain time frames, scan the disk for hidden files, data streams. Dump file and security attributes. Report on audited files. Discover altered ACL's. See if a server reveals too much info via NULL sessions.

http://www.ntobjectives.com/forensic.htm


Tools for UNIX/Linux/BSD & Cross-platform

Packet Storm


pikt-1.11.0.tar.gz

Sep 5 22:13:16 2000 - PIKT is a multi-functional tool for monitoring systems, reporting and fixing problems, and managing system configurations. PIKT is quickly gathering potential as a serious security management system. PIKT comprises an embedded scripting language with unique, labor-saving features. Binaries available here. Changes: Added new 'piktc -m#' option for doing checksum compares (file integrity checking). Speeded up associative array processing. Fixed a serious memory leak in the script parser, also several other bugs and new features.

By Robert Osterlund
http://pikt.uchicago.edu/pikt


bird.pl

Sep 5 21:41:23 2000 - bird.pl is a source code scanner which uses regular expressions to search for 12 common insecure C calls and 8 common insecure perl functions.

By Zorgon


telnetfp_0.1.0.tar.gz

Sep 5 21:35:09 2000 - Telnetfp is an OS detection tool which uses do / dont requests via telnet to determine remote OS type. Contains 23 OS fingerprints.

By Palmers
http://teso.scene.at


inux-2.2.17-stealth1.diff

Sep 5 19:01:30 2000 - Patch for linux kernel 2.2.17 to discard packets that many OS detection tools use to query the TCP/IP stack. Includes logging of the dropped query packets and packets with bogus flags. Changes: Now works with kernel v2.2.17.

By Sean Trifero
http://www.innu.org/~sean


fileutils-4.0-lm.tar.gz

Sep 5 18:58:42 2000 - Landmine Fileutils is a modified fileutils package for Linux which logs the arguments used for execution to syslog. Includes patched copies of chmod, chgrp, chown, cp, dir, ln, ls, mkdir, mv, rm, rmdir, and touch.

By Sean Trifero
http://www.innu.org/~sean


linux-2.2.17.tar.gz

Sep 5 15:46:05 2000 - Linux Kernel version 2.2.17. Changes: This is the newest stable release. Linux 2.2.17 contains no large security updates but changes but does include fixes for ipchains firewalling, raw SCSI/IDE commands, and keymap reloads now require root access.

Release notes here.
http://www.kernel.org/pub/linux/kernel/v2.2/


sscan2k-pre5.HWA.tar.gz

Aug 30 17:57:48 2000 - sscan2k-pre5, Remote Auditing Tool that scans for more than 200 known vulnerabilities that are able to be found remotely, It depends on the operating system that the target host is running on to check for the vulnerabilities to prevent unecessary bandwidth to be used. Now comes with an easy to use configuration
program much like xf86config, it also brings the option to use NMAP to guess operating system or to use sscan2k's scripted modules which are very updatable by the user. Multiple host scanning was improved.

By eth0
http://www.hwa-security.net


FreshMeat


Pdump 0.779

By Samy Kamkar
http://pdump.lucidx.com/

Perl packet sniffer that dumps, monitors, and modifies traffic on a network.


FireWall Log Spawn 1.0.5

By Karl
http://www.shagz.org/files.html

FireWall Log Spawn is a simple Perl script which collects firewall information from the specified source, formats it to make it easier to read, and places it in another file.


SecurityFocus

Note from SecurityFocus: tools announced on SF are not necessarily updates or new, it's just that someone posted an announcement. We try only to notify you only of new or updated tools, but it's not easy. Also, not all tools are free.


sifi 0.1.6

By R. Muchsel, R. Schmid, M. Stock. H. Weidner
http://www.ifi.unizh.ch/ikm/SINUS/firewall/

The SINUS Firewall is a TCP/IP packet filter for Linux. Some of its features are stateful inspection of TCP communications, text-based configuration, graphical management interface for configuration of several firewalls, dynamic rules, prevention of packet and address spoofing, extensive logging, alerting, and counter intelligence.


Guardbot

By Shuo-yen Choo,  Co-Author Tien Lee, tien@guardbot.com
http://www.guardbot.com

Guardbot encrypts HTML pages with DES encryption. The encrypted pages can be viewed directly in a web browser. The Guardbot protected page generates a password prompt, and the page is decrypted with the included Java applet. Guardbot can be used for password protecting web sites, encrypting html documents for secure transport, etc


Ganymede 0.99.3

By Computer Science Division of the Applied Research Laboratories of The University of Texas at Austin 
http://www.arlut.utexas.edu/gash2

GANYMEDE is a portable and customizable network directory management system, released under the GNU General Public License. It is free software. It is similar in concept (if not in scale) to network directory systems like Microsoft's ActiveDirectory and Novell's Novell Directory Services. GANYMEDE differs in that it is written entirely in Java (making everything very portable), and in that it is designed to provide management for existing NIS, DNS, LDAP, and other network directory servers, not to replace them.


Falcon Firewall Project 0.1.5

By Falcon Open Group
http://falcon.naw.de

The Falcon Project (Free Application-Level CONnection kit) is an open firewall project with the intention of developing a free, secure and OS-independent firewall system. Falcon consists of three major modules: Falcons's own proxies (written in Perl); 3rd-party proxies (squid / qmail / BIND8), each modified for chroot environment; and general concepts for OS hardening, chrooting etc.


Fast IP Routing Accounting (FIPRA) 0.65c

By Roger Abrahamsson and Peter Hellman
http://www.umplug.org/fipra

FIPRA (Fast IP Routing Accounting) is a tool for logging IP traffic at high speeds. The logging part is moved inside the kernel and adds as little as possible to the overhead of handling IP packets. To that is coupled a daemon which moves data out of kernel space and into an SQL database.


GASP (Generator and Analyzer System for Protocols) 0.90

By Laurent Riesterer
http://laurent.riesterer.free.fr/gasp/

GASP stands for 'Generator and Analyzer System for Protocols'. It allows you to decode and encode any protocols you specify. The main use is to test network applications: you can construct packets by hand and test the behavior of your program when facing some strange packets. But you can apply it to a lot of other applications: e.g. manipulating graphical files or executable headers. Just describe the specification of the structured data. GASP is divided in two parts: a compiler which takes the specification of the protocols and generates the code to handle it, this code is a new Tcl command as GASP in build upon Tcl/Tk and extends the scripting facilities provided by Tcl.


PIKT - Problem Informant/Killer Tool 1.11.0

By Robert Osterlund
http://pikt.uchicago.edu/pikt/dist/

PIKT is a cross-platform, multi-functional toolkit for monitoring systems, reporting and fixing problems, and managing system configurations. It consists of an embedded scripting language with unique, labor-saving features, a script and system config file preprocessor, a scheduler, an installer, and other tools.


Antivore

By ChainMail Inc.
http://www.antivore.org

Mithril Secure Server, dubbed Antivore, acts as a proxy between email clients and mail servers. It manages encryption keys, signing, encrypting, etc. It encrypts whenever possible, signs messages always, and automatically looks up public keys to encrypt outgoing mail. All key management is handled by the server. All keys are stored on the server in encypted form. Data on disc is always encrypted, and encrypted data is only in memory and over secure channels like SSL.

SDSC/GT Secure FTP by Gary Cohen and Brian Knight   http://www.glub.com/products/secureftp/ Secure FTP is a client package that allows for a secure connection to be made to an FTP daemon via SSL.


About the Author

Seán Boran is an IT security consultant based in Switzerland and the author of the online IT Security Cookbook.

© Copyright 2000, SecurityPortal Inc. & Seán .Boran, All Rights Reserved, Last Update: 08 September, 2000