By Seán Boran (sean at boran.com) for SecurityPortal
This is a summary of changes to free security tools over the last week.
An archive of previous digests is available at http://securityportal.com/research/research.wst.html
.
You can receive this digest via Email, visit http://securityportal.com/subscribe.html
.
Updates to favourite free tools this week include: nmap, SSL, SSH, tcpdump, PGP, apache, dante, bastille-linux, perl, amavis.
Tools for Windows include TFAK, RBA proxy filter, Harden NT
Linux/Unix/Cross Platform: 52 tools in the basket this week!
Nmap, Fyodor
http://www.nmap.org
- Remote Nmap 0.4.1 beta, Tuomo Makinen
http://rnmap.sourceforge.net
Remote Nmap (Rnmap) is a pair of client and server programs which allow for various authorized clients to run their port scans from a centralized server. Clients should run on any Python supported platform. For server, Python and Nmap portscanner are required. For the client, Python needs to be installed.- Nwhack.pl v1.0.0, Farm 9 Team
http://207.33.208.248/content/Free_Tools/Pen_Tools
Nwhack.pl is a simple tool for taking Nmap machine parsable output and putting it into a Postgres SQL Database. This allows a powerful data correlation if Nmap is run on a regular basis. Nwhack.pl requires Postgres modules from CPAN.
SSL
- mod_ssl 2.7.1-1.3.14, Ralf S. Engelschall
http://www.modssl.org
mod_ssl provides provides strong SSL/TLS cryptography for Apache.
• Changes: version 2.7.1 for Apache 1.3.14, includes a new cyclic buffer to have faster and more efficient performance than the old hash table. It includes an experimental support for the ENGINE branch of OpenSSL 0.9.6. The RSAref suport has been completely removed.- Stunnel 3.8 - devel 3.8p4, Michal Trojnara
http://www.stunnel.org
The Stunnel program is designed to work as an SSL encryption wrapper between remote client and local (inetd-startable) or remote server. It can be used to add SSL functionality to commonly used inetd daemons like POP2, POP3, and IMAP servers without any changes in the programs' code. The Stunnel source code is not a complete product: a functioning SSL library such as OpenSSL or SSLeay is still needed in order to compile Stunnel.
SSH
- PuTTY 0.50, Simon Tatham
http://www.chiark.greenend.org.uk/~sgtatham/puttyPuTTY is a free implementation of Telnet and SSH for Win32 platforms.
• Major release Support for v2 protocol, RSA public key authentication, ssh agent, Running "putty -cleanup" will now remove all files/registry entries and many small bug fixes/enhancements. See also:
http://www.chiark.greenend.org.uk/~sgtatham/putty/changes.html
- Zebedee 2.0.1 - devel: 2.1.3, Zebedee
http://www.winton.org.uk/zebedeeZebedee is a simple program to establish an encrypted, compressed “tunnel” for TCP/IP or UDP data transfer between two systems. Zebedee works on Linux platforms and also on Windows 95, 98 and NT.
• Changes: release of the new development version 2.1.3.
Tcpdump 3.5.2, Laurence Berkeley Laboratory Network Research Group
http://www.tcpdump.orgTcpdump is an advanced tool for network monitoring and data acquisition. It is one of the most well-known sniffers/network utilities for Unix.
• Changes: This new stable release incorporates Libpcap 0.5.2 and some bug fixes.
PGP
- pgpgpg 0.13, Michael Roth
http://www.nessie.de/mroth/pgpgpgPgpgpg is a wrapper around Gnu Privacy Guard which takes PGP 2.6 command line options, translate them and then call GnuPG (Gnu Privacy Guard) to perform the desired action. PGP and GnuPG are encryption programs with high security encryption engines. The goal of pgpgpg is to plug in a command line syntax in front of GnuPG equal to PGP 2.6.
- KPGPCrypt 2.0.0 - devel: 2.0.1, Christian Rossi
http://members.tripod.com/cgrossi/index.htmKPGPCrypt is a PGP 5.xx, PGP 6.xx and GPG 1.xx graphic shell including complete key management, key server functions and encrypt, sign and decrypt messages.
- GNU PGP 1.0.4, Free Software Foundation
http://www.gnupg.org• New: a security update has been released.
• Changes: a serious bug which could lead to false signature verification results when more than one signature is fed to GPG has been fixed in this new release. The new utility gpgv which is a stripped down version of gpg could be used to verify signatures against a list of trusted keys. Rijndael (AES) is now supported.
PHP 4.0.3
http://www.php.net/do_download.php?download_file=php-4.0.3.tar.gzPHP 4.0.3 is mostly a security-oriented maintenance release, therefore it's strongly recommended for all users of PHP to upgrade to it.
Apache 1.3.14 - Apache 2.0 Alpha
Apache Software Foundation and The Apache Server Project
http://www.apache.org/distThis version of Apache is primarily a security fix and bug fix release, but there are a few new features and improvements. Version 1.3.13 was never released. Apache 2.0 Alpha is now available for alpha testing.
- Summary of security fixes:
• problem with the Rewrite module, mod_rewrite, allowed access to any file on the web server under certain circumstances.
• the handling of Host: headers in mass virtual hosting configurations, mod_vhost_alias, could allow access to any file on the server.
• if a cgi-bin directory is under the document root, the source to the scripts inside it could be sent if using mass virtual hosting.- Main new features:
• support for a directory-based configuration system.
• support for name-based virtual hosting without needing to specify an IP address in the configuration file.
• the SetEnvIf and BrowserMatch range of directives are now able to be used in .htaccess files.
• the new keyword 'ProductOnly' in the ServerTokens directive could be used (to only return the string "Apache" as version).
• the new digest authentication module, mod_auth_digest has had a number of fixes and upgrades applied.- Selected new features that relate to windows platforms:
• the project files have been converted to work with Microsoft Visual C 6.0.
• the DBM package "sdbm" is now bundled with Apache.
• Windows 95 and 98 can now benefit from an emulation of the NT services, including install and uninstall options.
• a comprehensive review of the Windows documentation has been performed.
• preparations for allowing Apache to be built using the free Borland bcc 5.5 compiler.- Selected new features relating to other platforms:
• support for the new FreeBSD accept filters feature.
• includes a number of alterations for the MPE platform.
• the default serialized accept has been changed for AIX 4.3 to provide a performance improvement on multiple CPU machines.
• DSO support added for BS2000 and OS/390 USS platforms
• a directory layout for Solaris 8 has been added to the configuration system
• the proxy module mod_proxy has been patched so that it can be built on BeOS 4.5.2
• updated configuration script to allow building on IBM's IA-64 version of AIX- For more details about the enhancements in version 1.3.14, please consult http://www.apache.org/dist/CHANGES_1.3.
Apache 1.3.14 is available for download from
http://httpd.apache.org/dist.
Binary distributions are available from
http://httpd.apache.org/dist/binaries.
There is a Windows installer for 1.3.14 in the binaries/win32/ directory.
Dante v1.1.5, Inferno Nettverk A/S
http://www.inet.no/danteDante is a free implementation of the proxy protocols socks version 4, socks version 5 (rfc1928), and msproxy. It can be used as a firewall between networks. The package consists of two parts, a socks server and a proxy client which supports socks, msproxy, and HTTP proxies. Commercial support is available.
• Changes: this version fixes installation and compilation problems on some Linux platforms
Bastille Linux v1.1.1.pre4, Jay Beale
http://bastille-linux.sourceforge.net
Perl News
http://news.perl.org/
- DDJ Adds Perl Section
Dr. Dobb's Journal has added a new Perl area to its "Programmer's Resources" area, with Brent Michalski as the editor.- PerlMx 1.0 Released [Perl Releases]
PerlMx version 1.0 has been released. PerlMx is a mail filter engine for Sendmail. Sendmail now allows scripting of all stages of an e-mail transaction, and PerlMx allows those scripts to be written in Perl. PerlMx requires Perl 5.6.0 and Sendmail 8.11.0 or Sendmail Switch 2.0.6. It runs on Solaris 2.6 or higher for SPARC, and Red Hat Linux or higher for x86.
AMaViS - A Mail Virus Scanner 0.2.1-pre3, Christian Bricart
http://www.amavis.orgApart from the usual typo and cosmetic changes: broken links updated in documentation improved detection for uuencoded mails (if sent inline) improved handling of self-extracting files a bit fixed possible mail loss in Sendmail and postfix when used as relay.
TFAK 4.5, SnakeByte
http://www.kryptocrew.de/snakebyte/indexe.htmTFAK is a Freeware Anti-Trojan program for Windows, which detects and removes the most used Trojans. TFAK also provides several other features which help to remove and control Trojans.
Note: tools announced on SecurityFocus are not necessarily updates or new or free, it's just that someone posted an announcement. We try out best to only notify you of new or updated, free, tools.
RBA Proxy Filter 1.0c, Erwin Richards
http://erwin.richard.net/rbaproxy.htmRBA Proxy Filter is essentially a plug-in for Microsoft Proxy Server 2.0 that lets you assign lists of allowed web sites to different NT groups. Often it is necessary to give some clients access to a well defined set of web servers without giving them full internet access. RBAProxy lets you define up to 15 different lists and assign them to NT groups. This plug-in has been developed for Windows 2000 and Windows NT.
Harden NT, Bart Timmermans and Filip Sneppe
http://www.securityfocus.com/tools/1789HardenNT is a tool created to automate the task of securing one or more Microsoft Windows based computers. It is specifically aimed at securing Windows NT 4.0 machines, although some of the functionality could also be used on Windows 95 and 98 and even Windows 2000 networks.
The Hardening of Windows NT 4.0, Micheal Espinola Jr,
http://pw1.netcom.com/~honeyluv/download.htmlA check list to harden NT 4.0 platforms.
Cryptcat
Jeff Nathan, Matt W, Frank Knobbe, Dragos, Bill Weiss, Jimmy, http://207.33.208.248/content/News/Free_Tools/CryptcatCryptcat is the standard netcat enhanced with twofish encryption.Cryptcat is available for Windows and for Linux platforms.
• Changes: the -k option has been added and allows use of another key than the hardcoded key. Cryptcat now also compiles on OpenBSD/FreeBSD platforms and includes MSVC++ makes.
1 1logger-0.1.3, Antirez
http://www.kyuzz.org/antirez/sigsegv11logger is a small kernel patch, a module and some userspace tools to add SIGSEGV logging and history capabilities to Linux 2.2.x. 11logger is very useful in security auditing and general debugging.
snoopy 1.2, Mike Baker
http://packetstorm.securify.com/linux/securitySnoopy is designed to log all commands executed by providing a transparent wrapper around calls to execve() via LD_PRELOAD. Logging is done via syslogd and written to authpriv, allowing secure offsite logging of activity.
Calamaris 2.39, Cord Beermann
http://calamaris.cord.de/Welcome.html.enCalamaris parses Squid and NetCache Native Logfiles and generates reports about Peak-usage, Request-Methods, Status- report of incoming and outgoing requests, second and Top-level destinations, content-types and performance.
Webalizer 2.01-05 - devel: 2.01-6, NevaLabs (Claudio Neves)
http://www.mrunix.net/webalizerWebalizer is a web server log analysis program. Written in C to be extremely fast and highly portable, Webalizer supports standard Common Logfile Format server logs, generates report that could be configured from the command line, supports multiple languages and could be used with unlimited log file sizes or with partial logs (rotating logs).
• Changes: new development version 2.01.6
IPchains-firewall 1.7.2, Ian Hall-Beyer
http://firewall.langistix.comIPchains-firewall is an easily-configurable shell script to establish masquerading and firewalling rules using IPchains. The package contains several scripts to establish firewalling for a single machine and to establish firewalling for a system acting as a router (also over multiple interfaces). The distribution also includes a copy of midentd v1.6, to enable identd over the masqueraded network. IPchains-firewall runs on FreeBSD, Linux, OpenBSD and Solaris.
Security-script v0.08
, Peter Halliday
http://halliday.wl.vg/scriptsSecurity-script is a port of FreeBSD's /etc/security script. It check many aspects of your system's security and then emails you with the results. Checks include finding setuid of files and directories, uid's of 0, the count of the firewall wall rules set up to deny or reject, checks for failed logins, and checks for rejected connections.
IPtables-firewall 0.99 Beta (devel version), Ian Hall-Beyer
http://firewall.langistix.comIPtables-firewall (like IPchains-firewall) is an easily-configurable shell script to establish NAT and firewalling rules using IPtables. The script self-configures out of the box for IP addresses, netmasks, and interfaces. All that is needed is a command line specification of external and internal interface names. It automatically determines type of firewall to set up (standalone, routing, or NAT) based on interface IP addresses. The distribution also includes a copy of midentd, to enable identd over the masqueraded network. IPtables-firewall runs on Linux platforms.
Immunix OS 6.2, WireX Communications, Inc
http://immunix.orgImmunix is a family of tools designed to enhance system integrity by hardening system components and platforms against security attacks. The Immunix OS is a Linux platform hardened with the Immunix tool set. The Immunix security tools (StackGuard, SubDomain, and CryptoMark) provide security bug tolerance so that even if a security vulnerability is found in one of the programs supplied with Immunix, the vulnerability probably will not be exploitable by attackers. Immunix OS is based on Red Hat 6.2, but with all C source-available programs re-compiled with the StackGuard compiler. The result is a system that is fundamentally compatible with Red Hat Linux, but is secured against a majority of all Internet security attacks.
PortWatcher 0.2.0, Ckrit
http://old.dhs.org/index.cgi?s=ProjectsPortWatcher is a portscan detect/block script that is implemented in Perl and utilizes Linux's built-in IPchains facility for blocking evil-doers. PortWatcher blocks port scans in quasi-real-time via IPchains.
T.Rex Open Source Firewall 1.0.1, Freemont Avenue Software
http://www.opensourcefirewall.comThe T.Rex Open Source Firewall runs on Linux, Solaris, and IBM's AIX. It includes features like VPN support, NAT, advanced application proxy, Web caching, workload balancing, content filtering, high availability, SOCKS support, and much more.
sspft 0.20d, Sean Loaring
http://www.geocities.com/sloaring/projects.htmlsspft stands for simple, secure, port forwarding tunnel. By using sspft local client ports can be used as proxies to services on remote systems. All of the traffic that runs between the sspft client and the sspft server is encrypted using blowfish.
FreeVeracity 3.0, Ross Williams
http://www.freeveracity.orgFreeVeracity is a free intrusion detection tool for free platforms (GNU/Linux, FreeBSD, NetBSD, OpenBSD, etc.) that uses cryptographic hashes to detect file changes that may indicate a network intrusion.
Stateful packet filter 2.0.3 alpha, Brian J. Murrell
ftp://ftp.interlinx.bc.ca/pub/spfStateful Packet Filter (SPF) allows to constantly adjust an inbound packet filter to deal with allowing traffic in based on what was sent out.
CDSA 3.11, Intel's Architecture Lab
http://developer.intel.com/IAL/securityCDSA (Common Data Security Architecture) is middleware that provides an open and extendable infrastructure for accessing security services through a standard API. Types of security services include encryption, certificate management, secure data storage, trust policy, SPKI authorization, and biometrics authentication. The source code is available for Windows and Linux platforms.
tproxy 1.0, Tony Kimball
http://sourceforge.net/projects/tproxytproxy is a user-space TCP proxy daemon, which has support for firewall transit via telnet proxy, and transmission of out-of-band data.
ppp-in-telnet 1.0, Tony Kimball
http://sourceforge.net/projects/ppp-in-telnetPPP-in-telnet allows Solaris users to establish a PPP tunnel through a firewall by means of a telnet proxy. It talks to the telnet proxy to connect to a pppd listening on a port on the Internet, and shuttles bytes between pppd and the telnet proxy.
911 0.0.1 (devel), Erik Tayler
http://63.248.48.143911 is a centralized interface that allows to control whisker and Nmap from a single program. It employs portscanning, OS detection, and searching for vulnerable Web-based applications/scripts.
Automatic Security 2.1, Holden Karau
http://www.automaticsecurityunderlinux.comAutomatic Security is an expect script which tracks security notices on securityfocus.com and will download and test new updates when they are released. If your system is vulnerable the script will notify you through its log so that you can install the patch as soon as possible. Patching is not automatic for safety reasons.
Secure Export System 0.0, Keith Lewis
ftp://ftp.monash.edu.au/pub/keithl/SESSES is a utility running on Linux platforms and that solve this basic problem: users in the labs cannot be reliably prevented from becoming root on the PCs. In order to live with this potential security threat, SES provides a Kerberos authenticated interaction between the PC and the NFS server, which results in the NFS server exporting the user's home directory to the PC the user is using, for only the duration of session. SES replaces an earlier system called LKNFS which used special PCs that filtered NFS traffic between the PCs in labs and the NFS servers.
SnowDisk 1.0 (devel), Scott G. Miller
ftp://ftp.gamora.org/pub/gamora/snowdiskSnowDisk takes an input file, then uses GPG and the random device to write the file in encrypted form to a Unix device (a floppy for example), followed by random data from /dev/urandom. The result is a floppy filled with apparently random data, with no partition information that can leak the size or structure of the encrypted information.
Topsecret 9931, Siva R. Krishna
http://users.fdn.com/~nomad01/topsl.htmlTopsecret is a program to encrypt your sensitive files by using a "Catalyst" file as the encryption key.
Loopy 0.1.2 (devel), Ian Wehrman
http://wehrman.com/ian/loopyLoopy is a small shell script which allows users to easily create, mount and unmount multiple encrypted loopback device file systems. Loopy requires the International Kernel Patch, as well as all other utilities normally required to use encrypted loopback file systems.
CryptoPadSplicer 0.4, Boris Wesslowski
http://www.kybs.de/boris/software.shtmlCryptoPadSplicer is a conduit for a Palm application called CryptoPad. It can transfer, decrypt, and save files from a PalmPilot to a PC.
yyyRSA 1.0.0, Erik Thiele
http://www.erikyyy.de/yyyRSAyyyRSA is a simple program to encrypt and decipher messages with the RSA asymmetrical encryption algorithm. It supports arbitrary key lengths. The program concentrates on RSA, the mathematics is done with GNU MP library, and entropy is generated by /dev/random.
OutGuess 0.13b, Niels Provos
http://www.outguess.orgOutGuess is a universal steganographic tool that allows the insertion of hidden information into the redundant bits of data sources.
Phantom Cipher 1.1, Kaz Kylheku
http://users.footprints.net/~kaz/phantom.htmlPhantom is an original block cipher.
Steghide 0.3, Stefan Hetzl
http://www.crosswinds.net/~shetzl/steghideA steganography tool.
SafeGossip 0.0.1 (devel), Pete Chown
http://www.skygate.co.uk/safegossipSafeGossip provides SSL support for FTP, IMAP, POP, SMTP and telnet.
Mailcrypt 3.5.5, Len Budney
http://www.nb.net/~lbudney/linux/software/mailcrypt.htmlMailcrypt is an Emacs Lisp package which provides a simple interface to public key cryptography with PGP. Mailcrypt integrates strong cryptography in the normal mail and news handling environment.
Secret-share 0.0.0, Damien Miller
http://www.mindrot.org/codeSecret-share is a small program that cryptographically split a file into multiple pieces.
Nanocrypt 0.0.1 (unmaintained), Damien Miller
http://www.mindrot.org/codeNanocrypt is a program to encrypt and decrypt files using the RC4 algorithm.
Audio-entropyd 0.0.0 (unmaintained), Damien Miller
http://www.mindrot.org/codeAudio-entropyd is a daemon that reseeds the Linux kernel random number generator with noise sourced from a stereo soundcard.
scp-wrapper 1.0.0, Dave Cinege
ftp://ftp.psychosis.comScp-wrapper is a wrapper for scp and cp.
ECLiPt Secure Tunnel 0.3.1 (devel), Martin Preishuber
http://eclipt.uni-klu.ac.at/frames.phpECLiPt Secure Tunnel is a tool for encrypting any TCP connection, based on a client/daemon. It was mainly developed to stop sniffer attacks on non-secure connections (e.g. POP3, HTTP)
KeyNote 0.1
Angelos D. Keromytis, Matt Blaze
http://www.cis.upenn.edu/~angelos/keynote.htmlKeyNote is a simple and flexible trust-management system. It provides a single, unified language for both local policies and credentials.
Secure Sockets Agent Client 1.2.5 - Secure Sockets Agent Server 1.2.6, Privador
http://www.privador.com/products/extranet/index.phtmlThe SSA is a system for securing the insecure or insufficiently secure communication between the existing network applications. It provides almost any client/server application with strong cryptographic security, ensuring both integrity and confidentiality of the exchanged data as well as authenticating both the client and the server. The SSA Server runs in the application program server computer and constitutes the server end of the secure tunnel.
Crypt++.el 2.88, Karl Berry
ftp://ftp.cs.umb.edu/pub/miscCrypt++.el is a package of Lisp functions that recognize automatically encrypted and encoded (i.e., compressed) files when they are first visited or written. The BUFFER corresponding to the file is decoded and/or decrypted before it is presented to the user.
Sigs 0.50, Daniel J. Bernstein
http://cr.yp.to/sigs.htmlThe Sigs package provides secure digital signatures with verification.
Coder 1.0, Satya
http://satyaonline.cjb.net/download.htmlCoder is a file encryption/decryption program written in C, using the XOR method.
Topsecret Net 0.90 (devel), Siva R. Krishna
http://users.fdn.com/~nomad01/topsnet.htmlTopsecret_net is a network encryption program.
Rubber Hose 0.8.2 (devel), Rubberhose development team
http://www.rubberhose.orgRubberhose is a plausibly deniable cryptographic system. It provides an encrypted file system that stores more than one piece of information in the same partition in such a way that it is computationally infeasible to prove what and if data exists.
BlindCrypt 0.2 (devel), Hellraiser
http://www.ezkracho.com.arBLiND is a new encryption algorithm
srm 1.2.0, Matthew Gauthier
http://sourceforge.net/projects/srmSrm (secure rm) is a command-line compatible rm which destroys file contents before unlinking.
PiranhaWAP 1.1, Elc technologies
http://www.elctech.com/piranha.shtmlPiranhaWAP allows the display of real-time system information such as uptime, load average, and memory information on WAP/WML-enabled devices such as cellular phones and PDAs.
Note: tools announced on SecurityFocus are not necessarily updates or new or free, it's just that someone posted an announcement. We try out best to only notify you of new or updated, free, tools.
TPWL.pl - Trivial PassWord Lab, William (BJ) Bellamy Jr
http://www.blueadder.com/Tools.htmThis Perl script provides a laboratory approach to producing and testing trivial passwords. Administrators an use this script to help verify that their staff are not using weak or easy to guess passwords. It requires the Perl modules Win32-Lanman version 1.0.7 -
ftp://ftp.roth.net/pub/ntperl/Others/Lanman.
Vlad 0.7.3, Razor Security
http://razor.bindview.com/tools/vlad/index.shtmlVLAD the Scanner is an open-source security scanner that checks for the SANS Top Ten security vulnerabilities commonly found to be the source of a system compromise. It has been tested on Linux, OpenBSD, and FreeBSD. It requires several Perl modules to run (see the README for more details).
Multiscan 0.8, Karl Söderström
http://sourceforge.net/projects/multiscanMultiscan is a simple portscanner coded in c and running under Linux, which allows you to scan a range of IP addresses.
IPtables 1.1.1, Netfilter Core Team
http://netfilter.kernelnotes.orgIPtables is built on top of Netfilter, the new packet alteration framework for Linux 2.4. It is an enhancement on IPchains, and is used to control packet filtering, Network Address Translation (masquerading, port forwarding, transparent proxying), and special effects. This release fixes several bugs.
Webmin 0.82, J. Cameron
http://www.webmin.com/webminWebmin is a web-based interface for system administration for Unix. Using any browser that supports tables and forms (and Java for the File Manager module), Webmin allow to setup user accounts, Apache, DNS, file sharing, etc. Webmin consists of a simple web server, and a number of CGI programs which directly update system files like /etc/inetd.conf and /etc/passwd. The web server and all CGI programs are written in Perl version 5, and use no external modules. Webmin runs on any Linux platforms supporting Perl, on Solaris and UNIX.
MailScan 0.2, Andy Kruger
http://www.andykruger.com/mailscanMailScan is an email scanner that plugs into Sendmail as a mailer. All messages are passed into MailScan for header or body (including attachment file names) scanning/filtering (MailScan could optionally be linked with a UNIX anti-virus software). Based on scan results, the messages are moved to quarantine areas and a customized notification message could optionally be sent to the recipient.
Seán Boran is an IT security consultant based in Switzerland and the author of the online IT Security Cookbook.
| © Copyright 2000, SecurityPortal Inc. & Seán .Boran, All Rights Reserved, Last Update: 19 October, 2000 |