Weekly Security Tools Digest
2000/10/14 to 2000/10/20

By Seán Boran (sean at boran.com) for SecurityPortal

This is a summary of changes to free security tools over the last week.
An archive of previous digests is available at http://securityportal.com/research/research.wst.html .
You can receive this digest via Email, visit http://securityportal.com/subscribe.html .


The Rundown

Updates to favourite free tools this week include: nmap, SSL, SSH, tcpdump, PGP, apache, dante, bastille-linux, perl, amavis.

Tools for Windows include TFAK, RBA proxy filter, Harden NT

Linux/Unix/Cross Platform: 52 tools in the basket this week!


Favourite Tools

Nmap, Fyodor
http://www.nmap.org

 

SSL

 

SSH

PuTTY is a free implementation of Telnet and SSH for Win32 platforms.
Major release Support for v2 protocol, RSA public key authentication, ssh agent, Running "putty -cleanup" will now remove all files/registry entries and many small bug fixes/enhancements. See also:
http://www.chiark.greenend.org.uk/~sgtatham/putty/changes.html

Zebedee is a simple program to establish an encrypted, compressed “tunnel” for TCP/IP or UDP data transfer between two systems. Zebedee works on Linux platforms and also on Windows 95, 98 and NT.
Changes: release of the new development version 2.1.3.

 

Tcpdump 3.5.2, Laurence Berkeley Laboratory Network Research Group
http://www.tcpdump.org

Tcpdump is an advanced tool for network monitoring and data acquisition. It is one of the most well-known sniffers/network utilities for Unix.
• Changes: This new stable release incorporates Libpcap 0.5.2 and some bug fixes.

 

PGP

Pgpgpg is a wrapper around Gnu Privacy Guard which takes PGP 2.6 command line options, translate them and then call GnuPG (Gnu Privacy Guard) to perform the desired action. PGP and GnuPG are encryption programs with high security encryption engines. The goal of pgpgpg is to plug in a command line syntax in front of GnuPG equal to PGP 2.6.

KPGPCrypt is a PGP 5.xx, PGP 6.xx and GPG 1.xx graphic shell including complete key management, key server functions and encrypt, sign and decrypt messages.

New: a security update has been released.
Changes: a serious bug which could lead to false signature verification results when more than one signature is fed to GPG has been fixed in this new release. The new utility gpgv which is a stripped down version of gpg could be used to verify signatures against a list of trusted keys. Rijndael (AES) is now supported.

 

PHP 4.0.3
http://www.php.net/do_download.php?download_file=php-4.0.3.tar.gz

PHP 4.0.3 is mostly a security-oriented maintenance release, therefore it's strongly recommended for all users of PHP to upgrade to it.

 

Apache 1.3.14 - Apache 2.0 Alpha
Apache Software Foundation and The Apache Server Project
http://www.apache.org/dist

This version of Apache is primarily a security fix and bug fix release, but there are a few new features and improvements. Version 1.3.13 was never released. Apache 2.0 Alpha is now available for alpha testing.

 

Dante v1.1.5, Inferno Nettverk A/S
http://www.inet.no/dante

Dante is a free implementation of the proxy protocols socks version 4, socks version 5 (rfc1928), and msproxy. It can be used as a firewall between networks. The package consists of two parts, a socks server and a proxy client which supports socks, msproxy, and HTTP proxies. Commercial support is available.
• Changes: this version fixes installation and compilation problems on some Linux platforms

 

Bastille Linux v1.1.1.pre4, Jay Beale
http://bastille-linux.sourceforge.net

 

Perl News
http://news.perl.org/

 

AMaViS - A Mail Virus Scanner  0.2.1-pre3, Christian Bricart
http://www.amavis.org

Apart from the usual typo and cosmetic changes: broken links updated in documentation improved detection for uuencoded mails (if sent inline) improved handling of self-extracting files a bit fixed possible mail loss in Sendmail and postfix when used as relay.


Tools for Windows

Packet Storm

TFAK 4.5, SnakeByte
http://www.kryptocrew.de/snakebyte/indexe.htm

TFAK is a Freeware Anti-Trojan program for Windows, which detects and removes the most used Trojans. TFAK also provides several other features which help to remove and control Trojans.

 

SecurityFocus

Note: tools announced on SecurityFocus are not necessarily updates or new or free, it's just that someone posted an announcement. We try out best to only notify you of new or updated, free, tools.

RBA Proxy Filter 1.0c, Erwin Richards
http://erwin.richard.net/rbaproxy.htm

RBA Proxy Filter is essentially a plug-in for Microsoft Proxy Server 2.0 that lets you assign lists of allowed web sites to different NT groups. Often it is necessary to give some clients access to a well defined set of web servers without giving them full internet access. RBAProxy lets you define up to 15 different lists and assign them to NT groups. This plug-in has been developed for Windows 2000 and Windows NT.

 

Harden NT, Bart Timmermans and Filip Sneppe
http://www.securityfocus.com/tools/1789

HardenNT is a tool created to automate the task of securing one or more Microsoft Windows based computers. It is specifically aimed at securing Windows NT 4.0 machines, although some of the functionality could also be used on Windows 95 and 98 and even Windows 2000 networks.

 

The Hardening of Windows NT 4.0, Micheal Espinola Jr,
http://pw1.netcom.com/~honeyluv/download.html

A check list to harden NT 4.0 platforms.


Tools for UNIX/Linux/BSD & Cross-platform

Cryptcat
Jeff Nathan, Matt W, Frank Knobbe, Dragos, Bill Weiss, Jimmy, http://207.33.208.248/content/News/Free_Tools/Cryptcat

Cryptcat is the standard netcat enhanced with twofish encryption.Cryptcat is available for Windows and for Linux platforms.
• Changes: the -k option has been added and allows use of another key than the hardcoded key. Cryptcat now also compiles on OpenBSD/FreeBSD platforms and includes MSVC++ makes.

 

Packet Storm

1 1logger-0.1.3, Antirez
http://www.kyuzz.org/antirez/sigsegv

11logger is a small kernel patch, a module and some userspace tools to add SIGSEGV logging and history capabilities to Linux 2.2.x. 11logger is very useful in security auditing and general debugging.

 

snoopy 1.2, Mike Baker
http://packetstorm.securify.com/linux/security

Snoopy is designed to log all commands executed by providing a transparent wrapper around calls to execve() via LD_PRELOAD. Logging is done via syslogd and written to authpriv, allowing secure offsite logging of activity.

 

FreshMeat

Calamaris 2.39, Cord Beermann
http://calamaris.cord.de/Welcome.html.en

Calamaris parses Squid and NetCache Native Logfiles and generates reports about Peak-usage, Request-Methods, Status- report of incoming and outgoing requests, second and Top-level destinations, content-types and performance.

 

Webalizer 2.01-05 - devel: 2.01-6, NevaLabs (Claudio Neves)
http://www.mrunix.net/webalizer

Webalizer is a web server log analysis program. Written in C to be extremely fast and highly portable, Webalizer supports standard Common Logfile Format server logs, generates report that could be configured from the command line, supports multiple languages and could be used with unlimited log file sizes or with partial logs (rotating logs).
• Changes: new development version 2.01.6

 

IPchains-firewall 1.7.2, Ian Hall-Beyer
http://firewall.langistix.com

IPchains-firewall is an easily-configurable shell script to establish masquerading and firewalling rules using IPchains. The package contains several scripts to establish firewalling for a single machine and to establish firewalling for a system acting as a router (also over multiple interfaces). The distribution also includes a copy of midentd v1.6, to enable identd over the masqueraded network. IPchains-firewall runs on FreeBSD, Linux, OpenBSD and Solaris.

 

Security-script v0.08, Peter Halliday
http://halliday.wl.vg/scripts

Security-script is a port of FreeBSD's /etc/security script. It check many aspects of your system's security and then emails you with the results. Checks include finding setuid of files and directories, uid's of 0, the count of the firewall wall rules set up to deny or reject, checks for failed logins, and checks for rejected connections.

 

IPtables-firewall 0.99 Beta (devel version), Ian Hall-Beyer
http://firewall.langistix.com

IPtables-firewall (like IPchains-firewall) is an easily-configurable shell script to establish NAT and firewalling rules using IPtables. The script self-configures out of the box for IP addresses, netmasks, and interfaces. All that is needed is a command line specification of external and internal interface names. It automatically determines type of firewall to set up (standalone, routing, or NAT) based on interface IP addresses. The distribution also includes a copy of midentd, to enable identd over the masqueraded network. IPtables-firewall runs on Linux platforms.

 

Immunix OS 6.2, WireX Communications, Inc
http://immunix.org

Immunix is a family of tools designed to enhance system integrity by hardening system components and platforms against security attacks.  The Immunix OS is a Linux platform hardened with the Immunix tool set. The Immunix security tools (StackGuard, SubDomain, and CryptoMark) provide security bug tolerance so that even if a security vulnerability is found in one of the programs supplied with Immunix, the vulnerability probably will not be exploitable by attackers. Immunix OS is based on Red Hat 6.2, but with all C source-available programs re-compiled with the StackGuard compiler. The result is a system that is fundamentally compatible with Red Hat Linux, but is secured against a majority of all Internet security attacks.

 

PortWatcher 0.2.0, Ckrit
http://old.dhs.org/index.cgi?s=Projects

PortWatcher is a portscan detect/block script that is implemented in Perl and utilizes Linux's built-in IPchains facility for blocking evil-doers. PortWatcher blocks port scans in quasi-real-time via IPchains.

 

T.Rex Open Source Firewall 1.0.1, Freemont Avenue Software
http://www.opensourcefirewall.com

The T.Rex Open Source Firewall runs on Linux, Solaris, and IBM's AIX. It includes features like VPN support, NAT, advanced application proxy, Web caching, workload balancing, content filtering, high availability, SOCKS support, and much more.

 

sspft 0.20d, Sean Loaring
http://www.geocities.com/sloaring/projects.html

sspft stands for simple, secure, port forwarding tunnel. By using sspft local client ports can be used as proxies to services on remote systems. All of the traffic that runs between the sspft client and the sspft server is encrypted using blowfish.

 

FreeVeracity 3.0, Ross Williams
http://www.freeveracity.org

FreeVeracity is a free intrusion detection tool for free platforms (GNU/Linux, FreeBSD, NetBSD, OpenBSD, etc.) that uses cryptographic hashes to detect file changes that may indicate a network intrusion.

 

Stateful packet filter 2.0.3 alpha, Brian J. Murrell
ftp://ftp.interlinx.bc.ca/pub/spf

Stateful Packet Filter (SPF) allows to constantly adjust an inbound packet filter to deal with allowing traffic in based on what was sent out.

 

CDSA 3.11, Intel's Architecture Lab
http://developer.intel.com/IAL/security

CDSA (Common Data Security Architecture) is middleware that provides an open and extendable infrastructure for accessing security services through a standard API. Types of security services include encryption, certificate management, secure data storage, trust policy, SPKI authorization, and biometrics authentication. The source code is available for Windows and Linux platforms.

 

tproxy 1.0, Tony Kimball
http://sourceforge.net/projects/tproxy

tproxy is a user-space TCP proxy daemon, which has support for firewall transit via telnet proxy, and transmission of out-of-band data.

 

ppp-in-telnet 1.0, Tony Kimball
http://sourceforge.net/projects/ppp-in-telnet

PPP-in-telnet allows Solaris users to establish a PPP tunnel through a firewall by means of a telnet proxy. It talks to the telnet proxy to connect to a pppd listening on a port on the Internet, and shuttles bytes between pppd and the telnet proxy.

 

911 0.0.1 (devel), Erik Tayler
http://63.248.48.143

911 is a centralized interface that allows to control whisker and Nmap from a single program. It employs portscanning, OS detection, and searching for vulnerable Web-based applications/scripts.

 

Automatic Security 2.1, Holden Karau
http://www.automaticsecurityunderlinux.com

Automatic Security is an expect script which tracks security notices on securityfocus.com and will download and test new updates when they are released. If your system is vulnerable the script will notify you through its log so that you can install the patch as soon as possible. Patching is not automatic for safety reasons.

 

Secure Export System 0.0, Keith Lewis
ftp://ftp.monash.edu.au/pub/keithl/SES

SES is a utility running on Linux platforms and that solve this basic problem: users in the labs cannot be reliably prevented from becoming root on the PCs. In order to live with this potential security threat, SES provides a Kerberos authenticated interaction between the PC and the NFS server, which results in the NFS server exporting the user's home directory to the PC the user is using, for only the duration of session. SES replaces an earlier system called LKNFS which used special PCs that filtered NFS traffic between the PCs in labs and the NFS servers.

 

SnowDisk 1.0 (devel), Scott G. Miller
ftp://ftp.gamora.org/pub/gamora/snowdisk

SnowDisk takes an input file, then uses GPG and the random device to write the file in encrypted form to a Unix device (a floppy for example), followed by random data from /dev/urandom. The result is a floppy filled with apparently random data, with no partition information that can leak the size or structure of the encrypted information.

 

Topsecret 9931, Siva R. Krishna
http://users.fdn.com/~nomad01/topsl.html

Topsecret is a program to encrypt your sensitive files by using a "Catalyst" file as the encryption key.

 

Loopy 0.1.2 (devel), Ian Wehrman
http://wehrman.com/ian/loopy

Loopy is a small shell script which allows users to easily create, mount and unmount multiple encrypted loopback device file systems. Loopy requires the International Kernel Patch, as well as all other utilities normally required to use encrypted loopback file systems.

 

CryptoPadSplicer 0.4, Boris Wesslowski
http://www.kybs.de/boris/software.shtml

CryptoPadSplicer is a conduit for a Palm application called CryptoPad. It can transfer, decrypt, and save files from a PalmPilot to a PC.

 

yyyRSA 1.0.0, Erik Thiele
http://www.erikyyy.de/yyyRSA

yyyRSA is a simple program to encrypt and decipher messages with the RSA asymmetrical encryption algorithm. It supports arbitrary key lengths. The program concentrates on RSA, the mathematics is done with GNU MP library, and entropy is generated by /dev/random.

 

OutGuess 0.13b, Niels Provos
http://www.outguess.org

OutGuess is a universal steganographic tool that allows the insertion of hidden information into the redundant bits of data sources.

 

Phantom Cipher 1.1, Kaz Kylheku
http://users.footprints.net/~kaz/phantom.html

Phantom is an original block cipher.

 

Steghide 0.3, Stefan Hetzl
http://www.crosswinds.net/~shetzl/steghide

A steganography tool.

 

SafeGossip 0.0.1 (devel), Pete Chown
http://www.skygate.co.uk/safegossip

SafeGossip provides SSL support for FTP, IMAP, POP, SMTP and telnet.

 

Mailcrypt 3.5.5, Len Budney
http://www.nb.net/~lbudney/linux/software/mailcrypt.html

Mailcrypt is an Emacs Lisp package which provides a simple interface to public key cryptography with PGP. Mailcrypt integrates strong cryptography in the normal mail and news handling environment.

 

Secret-share 0.0.0, Damien Miller
http://www.mindrot.org/code

Secret-share is a small program that cryptographically split a file into multiple pieces.

 

Nanocrypt 0.0.1 (unmaintained), Damien Miller
http://www.mindrot.org/code

Nanocrypt is a program to encrypt and decrypt files using the RC4 algorithm.

 

Audio-entropyd 0.0.0 (unmaintained), Damien Miller
http://www.mindrot.org/code

Audio-entropyd is a daemon that reseeds the Linux kernel random number generator with noise sourced from a stereo soundcard.

 

scp-wrapper 1.0.0, Dave Cinege
ftp://ftp.psychosis.com

Scp-wrapper is a wrapper for scp and cp.

 

ECLiPt Secure Tunnel 0.3.1 (devel), Martin Preishuber
http://eclipt.uni-klu.ac.at/frames.php

ECLiPt Secure Tunnel is a tool for encrypting any TCP connection, based on a client/daemon. It was mainly developed to stop sniffer attacks on non-secure connections (e.g. POP3, HTTP)

 

KeyNote 0.1
Angelos D. Keromytis, Matt Blaze
http://www.cis.upenn.edu/~angelos/keynote.html

KeyNote is a simple and flexible trust-management system. It provides a single, unified language for both local policies and credentials.

 

Secure Sockets Agent Client 1.2.5 - Secure Sockets Agent Server 1.2.6, Privador
http://www.privador.com/products/extranet/index.phtml

The SSA is a system for securing the insecure or insufficiently secure communication between the existing network applications. It provides almost any client/server application with strong cryptographic security, ensuring both integrity and confidentiality of the exchanged data as well as authenticating both the client and the server. The SSA Server runs in the application program server computer and constitutes the server end of the secure tunnel.

 

Crypt++.el 2.88, Karl Berry
ftp://ftp.cs.umb.edu/pub/misc

Crypt++.el is a package of Lisp functions that recognize automatically encrypted and encoded (i.e., compressed) files when they are first visited or written. The BUFFER corresponding to the file is decoded and/or decrypted before it is presented to the user.

 

Sigs 0.50, Daniel J. Bernstein
http://cr.yp.to/sigs.html

The Sigs package provides secure digital signatures with verification.

Coder 1.0, Satya
http://satyaonline.cjb.net/download.html

Coder is a file encryption/decryption program written in C, using the XOR method.

 

Topsecret Net 0.90 (devel), Siva R. Krishna
http://users.fdn.com/~nomad01/topsnet.html

Topsecret_net is a network encryption program.

 

Rubber Hose 0.8.2 (devel), Rubberhose development team
http://www.rubberhose.org

Rubberhose is a plausibly deniable cryptographic system. It provides an encrypted file system that stores more than one piece of information in the same partition in such a way that it is computationally infeasible to prove what and if data exists.

 

BlindCrypt 0.2 (devel), Hellraiser
http://www.ezkracho.com.ar

BLiND is a new encryption algorithm

 

srm 1.2.0, Matthew Gauthier
http://sourceforge.net/projects/srm

Srm (secure rm) is a command-line compatible rm which destroys file contents before unlinking.

 

PiranhaWAP 1.1, Elc technologies
http://www.elctech.com/piranha.shtml

PiranhaWAP allows the display of real-time system information such as uptime, load average, and memory information on WAP/WML-enabled devices such as cellular phones and PDAs.

 

SecurityFocus

Note: tools announced on SecurityFocus are not necessarily updates or new or free, it's just that someone posted an announcement. We try out best to only notify you of new or updated, free, tools.

TPWL.pl - Trivial PassWord Lab, William (BJ) Bellamy Jr
http://www.blueadder.com/Tools.htm

This Perl script provides a laboratory approach to producing and testing trivial passwords. Administrators an use this script to help verify that their staff are not using weak or easy to guess passwords. It requires the Perl modules Win32-Lanman version 1.0.7 -
ftp://ftp.roth.net/pub/ntperl/Others/Lanman.

 

Vlad 0.7.3, Razor Security
http://razor.bindview.com/tools/vlad/index.shtml

VLAD the Scanner is an open-source security scanner that checks for the SANS Top Ten security vulnerabilities commonly found to be the source of a system compromise. It has been tested on Linux, OpenBSD, and FreeBSD. It requires several Perl modules to run (see the README for more details).

 

Multiscan 0.8, Karl Söderström
http://sourceforge.net/projects/multiscan

Multiscan is a simple portscanner coded in c and running under Linux, which allows you to scan a range of IP addresses.

 

IPtables 1.1.1, Netfilter Core Team
http://netfilter.kernelnotes.org

IPtables is built on top of Netfilter, the new packet alteration framework for Linux 2.4. It is an enhancement on IPchains, and is used to control packet filtering, Network Address Translation (masquerading, port forwarding, transparent proxying), and special effects. This release fixes several bugs.

 

Webmin 0.82, J. Cameron
http://www.webmin.com/webmin

Webmin is a web-based interface for system administration for Unix. Using any browser that supports tables and forms (and Java for the File Manager module), Webmin allow to setup user accounts, Apache, DNS, file sharing, etc. Webmin consists of a simple web server, and a number of CGI programs which directly update system files like /etc/inetd.conf and /etc/passwd. The web server and all CGI programs are written in Perl version 5, and use no external modules. Webmin runs on any Linux platforms supporting Perl, on Solaris and UNIX.

 

MailScan 0.2, Andy Kruger
http://www.andykruger.com/mailscan

MailScan is an email scanner that plugs into Sendmail as a mailer. All messages are passed into MailScan for header or body (including attachment file names) scanning/filtering (MailScan could optionally be linked with a UNIX anti-virus software). Based on scan results, the messages are moved to quarantine areas and a customized notification message could optionally be sent to the recipient.


About the Author

Seán Boran is an IT security consultant based in Switzerland and the author of the online IT Security Cookbook.

© Copyright 2000, SecurityPortal Inc. & Seán .Boran, All Rights Reserved, Last Update: 19 October, 2000