By Seán Boran (sean at boran.com) for SecurityPortal
Weekly Security Tools Digest Archive
http://securityportal.com/research/research.wst.html
To receive this digest via Email:
http://securityportal.com/subscribe.html
This is a summary of changes to free security tools over the last week.
Updates to General free tools this week include Stunnel, The Coroner Toolkit and Tcpdump.
Auditing and Intrusion Monitoring tools include Nessus, Snort, Saint, Sara, NetSaint, Lsof and 8 other new tools.
Firewalls for UNIX/Linux/BSD & Cross-platform include Zorp, IPtables, GShield, RChains, FwLogWatch, Knetfilter and an interesting article about NetFilter.
Tools for Linux/Unix/Cross Platform include Exiscan, BFBTester and 6 other tools (Gpkcs looks interesting).
Tools for Windows includes 5 tools and two new tools which look interesting: Project R3x and PassSafe.
SSL
- Stunnel 3.12
Michal Trojnara
http://www.stunnel.orgThe Stunnel program is designed to work as an SSL encryption wrapper between remote client and local (inetd-startable) or remote server. It can be used to add SSL functionality to commonly used inetd daemons like POP2, POP3, and IMAP servers without any changes in the programs' code. It will negotiate an SSL connection using the OpenSSL or SSLeay libraries. It calls the underlying crypto libraries, so Stunnel supports whatever cryptographic algorithms you compiled into your crypto package. Runs on Windows and UNIX.
• Changes: new version 3.12 that includes more fixes to zombie problem and new patches for the version 3.11. Sometimes people release patches for the current version of Stunnel, sometimes these patches are included in the next version of the software, sometimes they do not. Two new patches are available for Stunnel 3.11: setenv_mf.patch (to have Stunnel set several environment variables that are related to the SSL session, such as the client side certificate) and stdout_mf.patch (to allow Stunnel to read from stdin and write to stdout).
The Coroner's Toolkit (TCT) 1.05
Dan Farmer and Wietse Venema
http://www.porcupine.org/forensics/tct.htmlTCT is a collection of programs that can be used for a post-mortem analysis of a UNIX system after break-in. Notable TCT components are the grave-robber tool that captures information, the ils and mactime tools that display access patterns of files dead or alive, the unrm and lazarus tools that recover deleted files, and the keyfind tool that recovers cryptographic keys from a running process or from files. It runs under FreeBSD, Linux, OpenBSD, Solaris and SunOS.
• Changes: the grave-robber did not correctly handle multi-line df output records (ps_spy.pl, suck_free_inodes.pl). The grave-robber mounted corpse inode scan looked only at the corpse's "root" file system (suck_free_inodes.pl) and grave-robber enabled the default -lPO flags when -c was specified, causing the program to gripe and exit. All these problems are corrected in this new version.
Tcpdump 3.6.1
Laurence Berkeley Laboratory Network Research Group
http://www.tcpdump.orgTcpdump is an advanced tool for network monitoring and data acquisition. It is one of the most well-known sniffers/network utilities for Unix.
• Changes: there is no new version available. The version 3.6.1 is still the latest version. However, binaries for some platforms are available from http://www.tcpdump.org/binaries.html.
Nessus 1.0.7
Renaud Deraison
http://www.nessus.orgNessus 1.0.7 has been released.
• Changes: this new version includes the following changes: HTTP virtual hosts can now be tested, user-modifiable per-plugin timeout, detached scans can be stopped by the client (EXPERIMENTAL), XML input improved (Laurent Bandiera), several issues in the cipher layer fixed, improved the behavior of detached and constant scans (EXPERIMENTAL), nessusd now listens on port 1241 in addition to 3001. Port 1241 has been attributed to Nessus by the IANA, and it will replace port 3001 in the future. This new release includes over 580 security checks. This should be the last 1.0.x release, the efforts of the development team will now be focused on the development of Nessus 1.1.x.
Snort
Martin Roesch & many others
http://ww.snort.org
- Snort IDScenter 2001
Ueli Kistler
http://www.eclipse.fr.fm/snort.htmIDScenter is a tool for setting up Snort for Win32. It is a tool for managing, controlling, and monitoring the Snort IDS. IDScenter support alarm sound functions and has error checking procedures. If Snort is killed, IDScenter restarts Snort immediately. It runs under Windows 2000, Windows 95/98 and Windows NT. Its features are: all features of snort.panel are implemented. The IP / Interface detection is possible. It includes an integrated Alertviewer and an external viewer can be set. An alarm sound can be started if an alert occurs (WAV/Beep). An EXE-File can be started (this is also possible to set in RULES) in case of alert. The autostart in Registry\RUN can be set in IDScenter. Non-visible FORMS, only an icon with alert/stop/start-Status is visible in the taskbar.
- Hog.vim
Phil Wood
http://home.lanl.gov/cpwHog.vim is a vim syntax file for snort rules, with instructions on how to set vim up to use it.
• Changes: Phil Wood has updated hog.vim.
- Snort Ruleset
Jim Forster
http://www.snort.org/snortnews/news.asp
• Changes: Jim Forster has updated the ruleset with MANY new additions and corrections. Thanks to Vitaly Chernobyl, Johan Augustsson, Piotr Bulczak, Andrew Daviel, John McCash, and Andy Beal for most of these changes!
SAINT 3.1.3 beta 1
World Wide Digital Security, Inc.
http://www.wwdsi.com/saintSaint is a security scanning tool based on Satan.
• Changes: SAINT has not been included in the Tools Digest because of a new release but because of a note regarding a bug fix. Linux 2.4 users will need to apply the Linux 2.4 patch to SAINT versions 3.1.3 and earlier. This fixes a bug which causes numerous false alarms.
SARA 3.3.3
Advanced Research Corporation
http://www-arc.com/saraSecurity Auditor's Research Assistant (SARA) is a security analysis tool based on Satan. Checks for common old holes, backdoors, trust relationships, default CGI, common logins, open shares, and much more.
• Changes: a lot of changes with this new version: fixed two small format errors in ReportWriter, corrected some typos in tutorials, fixed tutorial build process, fixed multiple vulnerability reporting of mail relay [relay.sara], reduced RDS false positive by incorporating rfp_msadc.pl [http.sara, perl/contrib/rfp_msadc.pl, reconfig], added test for LPRng vulnerability [depends.sara], changed severity codes for possible false positive readings [depends.sara], added check for Interbase database backdoor [rules/facts], configured attack level 6 [custom 3] for the Ramen signature [sara.cf and http.sara], added csv (comma delimited) format for the ReportWriter, added false reporting notation in all ReportWriter products and dropped writable ftp vulnerabilities on Lexmark printers.
NetSaint Network Monitor 0.0.6 - Devel: 0.0.7
Ethan Galstad
http://www.netsaint.orgNetSaint is a program that will monitor hosts and services on your network. It has the ability to email or page you when a problem arises and when it gets resolved. NetSaint is written in C and is designed to run under Linux, although it should work under most other Unix variants. It can run either as a normal process or as a daemon, intermittently running checks on various services that you specify. The actual service checks are performed by external "plugins" which return service information to NetSaint. Several CGI programs are included with NetSaint in order to allow you to view the current service status, history, etc. via a web browser.
• Changes: new development version 0.0.7 that includes a lot of changes. For more information about the new features and enhancement in version 0.0.7, please consult http://netsaint.sourceforge.net/docs/0_0_7/whatsnew.html.
Chkrootkit 0.21
Nelson Murilo
http://www.chkrootkit.orgChkrootkit locally checks for signs of a rootkit. Includes detection of LKM rootkits, ifpromisc.c to check and see if the interface is in promisc mode, chklastlog.c to check lastlog for deletions, and chkwtmp.c to check wtmp for deletions. Tested on Linux, FreeBSD, Solaris, and OpenBSD.
• Changes: the new version 0.21 includes Ramen Worm detection (including bug fixe on the Ramen Worm detection of version 0.20), latest t0rnkit variant detection and temporary check for promisc mode disabled on Solaris boxes. This new version also includes some bug fixes and typographic corrections.
Syslog-ng 1.4.10 - devel: 1.5.3
Balazs Scheidler
http://www.balabit.hu/en/products/syslog-ngSyslog-ng is a syslogd replacement, but with new functionality for the new generation. The original syslogd allows messages only to be sorted based on priority/facility pair, Syslog-ng adds the possibility to filter based on message contents using regular expressions. The new configuration scheme is intuitive and powerful. Syslog-ng includes filtering using regular expressions, logging forwarding and hash protected logging (planned in version 1.5). It is multi-platform and requires libol-0.2.17.
• Changes: new development version 1.5.3 has been released.
PIKT - Problem Informant/Killer Tool 1.12.1
Robert Osterlund
http://pikt.uchicago.edu/piktPIKT is a cross-platform (AIX, FreeBSD, HP-UX, IRIX, Linux, Solaris, SunOS), multi-functional toolkit for monitoring systems, reporting and fixing problems, and managing system configurations. It consists of an embedded scripting language with unique, labor-saving features, a script and system config file preprocessor, a scheduler, an installer, and other tools.
• Changes: PIKT-1.12.1 will be released Sunday or Monday, Jan 21 or Jan 22.
BigBrother 1.6d UNIX, 1.07d NT WS, 2.2 NT SRV
Sean McGuire
http://bb4.com/index.htmlBigBrother is a system and network monitor. It use a web-based monitoring notification & reporting. Big Brother uses a client-server architecture combined with methods which both push and pull data. Network testing is done by polling all monitored services from a single machine, and reporting these results to a central location (the BBDISPLAY). If you want local system information, you can install a BB client on the local machine, which will send CPU, process, disk space, and logfile status reports in periodically. Each report is timestamped with an expiration date (like milk). This lets us know when a report is no longer valid, which is usually an indication of a more serious problem.
• Changes: new Windows NT4 client executable version 1.07d. The executable version 2.2 for Windows NT4 server is now available. Clients are now available for Novell Netware (client version 0.2), Mac OS (client version 1.0b6) and for AS/400 (client version 0.1).
Integrit 1.05.03-stable
Ed L. Cashin
http://integrit.sourceforge.netIntegrit is an alternative to file integrity verification programs like Tripwire and aide. It helps you determine whether an intruder has modified a computer system. Integrit's major advantages are a small memory footprint and simplicity. It works by creating a database that is a snapshot of the most essential parts of your computer system. You put the database somewhere safe, and you can then use it to make sure that no one has made any illicit modifications to the computer system. In the case of a break in, you know exactly which files have been modified, added, or removed.
• Changes: changing conditionally compiled stuff from platform-oriented to more specific, feature-oriented criteria, capitalizing on autoconf-generated info. Improving the portability of Integrit to the Solaris platform. Release files are now signed with my public key. For a stable release, binaries are stripped on installation when the package is configured without the --enable-debug option. New auxiliary program: i-ls. Improved install build process has better make logic and uses BSD install instead of cp. Hashtbl has been included into a standalone library. Clean up dependencies and makes hashtbl useful to users outside the context of Integrit. Documentation has been updated.
Pandora monitor 0.3
Simon Patarin
http://www-sor.inria.fr/projects/relais/pandoraPandora is a general purpose monitoring platform. Its originality stems from its high flexibility and extensibility while still offering good performance. Its architecture is based on component stacks: each basic monitoring task is encapsulated into a component and components are stacked to perform high-level actions.
• Remark: first time in the Tools Digest.
Lsof 4.54
Vic Abell
ftp://vic.cc.purdue.edu/pub/tools/unix/lsofLsof is an extremely powerful Unix diagnostic tool. Its name stands for LiSt Open Files, and it does just that. It lists information about any files that are open by processes currently running on the system. It easily pinpoints which process is using each network connection / open port.
• Changes: fixes for the new FreeBSD 5.0-CURRENT kproc structure, restores a needed GlibC test for Linux, IPv6 fixes, and adds msdosfs support for NetBSD and OpenBSD.
Extensible System Monitor 1.1
Peter Todd
http://esm.sourceforge.netESM (Extensible System Monitor) is a program running on Linux that lets you tie together plugins to monitor your system. For instance if you want to be emailed whenever a hardrive fails you could use the included ESMSysLog monitor and it will notify you of any emergency syslog messages, such as a hardrive failure. If you then decide you also want to know if Tripwire detects anything you can use another monitor that reports on Tripwire. If you want to know if the load on your system suddenly goes up you can do that too. ESM will get the results of all of these monitors, make a system report and then send that report with a sender. All of this is done automatically, so you can get some work done. Writing plugins for ESM is very easy. All a plugin is is just any executable program that communicates with ESM via standard input and output. You can make a plugin with just about anything, shell scripts, Perl programs, C, C++, etc.
• Remark: first time in the Tools Digest.
ISIC - IP Stack Integrity Checker 0.05
Mike Frantzen
http://expert.cc.purdue.edu/~frantzenIts purpose is to test the stability of an IP Stack and its component stacks (TCP, UDP, ICMP et. al.) It does this be generating random packets of the desired protocol. The packets can have tendencies, i.e. by default all packets have a 50% chance of having IP Options. The packets are then sent against the target machine to either penetrate its firewall rules or find bugs in the IP stack of a system. ISIC runs under FreeBSD, Linux and OpenBSD.
• Remark: first time in the Tools Digest.
NetFilter - Article
Jay Beale
http://securityportal.com/cover/coverstory20010122.htmlLinux Gets Stateful Firewalling! The 2.4 kernel's packet filtering system, NetFilter, is Linux's first stateful firewall. Stateful firewalls represent a major technological jump in the intelligence of a firewall and are present in all serious Enterprise firewalling products. Among many enhancements, this "statefulness" allows NetFilter to block/detect many stealth scans that were previously undetected on Linux firewalls.
Knetfilter 2.0.3
Luigi Genoni
http://expansa.sns.it/knetfilterKnetfilter is a KDE 1.X front-end to IPtables, used with Linux kernels 2.4.0 and up to manage the NetFilter functions. It is possible to perform all standard and most "exceptional" system management of a complex firewall within the program.
• Changes: the version 2.0.3 is the new stable version for KDE2.
IPtables Linux Firewall 4.3c-2
Patrik Hildingsson
http://www.kurd.nuIPtables Linux Firewall is a firewall that uses NetFilter in Linux 2.4. It features easy configuration and a DMZ option, logs portscans (limited so they won't flood the logfile), and has stateful inspection, masquerading, and general NAT support.
• Changes: added MAC-addr match, multiport TCP/UDP match and external config file.
Zorp 0.6.0 - Devel: 0.7.12
Balazs Scheidler
http://www.balabit.hu/products/zorpZorp is a new-generation modular proxy firewall suite to fine tune proxy decisions with its built in script language, fully analyze complex protocols (like SSH with several forwarded TCP connections), and utilize outband authentication techniques (unlike common practices where proxy authentication had to be hacked into the protocol).
• Changes: new development version 0.7.12. This new development version includes several bugfixes, most notably. HTTP: accept protocol version 0.9 replies to 1.0 requests. FTP: setting the timeout variable caused SIGSEGVs. SSL actually works, stacking proxies into SSL works. Chainer.TransparentChainer: fixed forced_port support. The problems with exhausted file descriptors are fixed. The HTTP proxy error messages have been written and this new development version supports (experimental) IP options (CIPSO and RIPSO for transferring security labels).
GShield 2.0.2
R. Gregory
http://muse.linuxmafia.org/gshield.htmlGShield is an aggressive, modular firewall script for IPtables which features easy configuration through a BSD-style configuration file, optional NAT support, TCP-wrapper-like functionality for service access, port forwarding, routable protection, DMZ support, and more.
• Changes: several changes in this new version 2.0.2: added option to not log reserved drops, added common multicast addresses to conf/reserved_addresses, enhanced DHCP logging, removed redundant reserved chain, removed redundant NAT entry, common public services now use /etc/services to determine port, added options for bind/domain forwarding, highport_access should now deal with passive FTP, highport blocking is now a toggle and added transparent proxy options.
RChains 200101231739
Curt Rebelein, Junior
ftp://ftp.rebby.com/pub/Linux/software/scripts/firewallRChains is a highly detailed firewall script which implements many features including per host bandwidth monitoring w/ MRTG.
• Changes: Improved the documentation and cleaned a few things up.
FwLogWatch-0.1.3
Boris Wesslowski
http://www.kyb.uni-stuttgart.de/boris/software.shtmlFwLogWatch analyzes the IPchains packet filter logfiles and generates text and HTML summaries. It features real-time anomaly response capability and has an interactive report generator. FwLogWatch has the following modes: log summary mode, interactive report mode and Real-time response mode.
• Changes: several changes in this new version: replaced the sorting algorithm with a stunningly fast linked list mergesort, added two more sorting modes, added PID file for real-time response mode and added CIDR notation support to known host feature.
Exiscan 0.99
Tom Kistner
http://duncanthrax.net/exiscanExiscan is an email virus scanner which works together with the Exim MTA (http://www.exim.org). It is written in Perl and designed to be as subtle and lightweight as possible. Exiscan relies on McAffee's uvscan or Trend Micro's vscan to do the actual scanning work.
• Changes: this version 0.99 is an 1.0 "prerelease". It includes the following new features: moved config to extra file, RAV and AVP demo scanner support, scanner output included in admin notification, configurable notification footer. Update advice: anyone running versions prior to 0.9a should update. 0.9a users should update if they use sender notification.
BFBTester: Brute Force Binary Tester 2.0 - Devel 3.0 Beta
Mike Heffner
http://sourceforge.net/projects/bfbtesterBFBTester is great for doing quick, proactive, security checks of binary programs. BFBTester will perform checks for single and multiple argument command line overflows and environment variable overflows. Versions 2.0-BETA and higher can also watch for tempfile creation activity to alert the user of any programs using unsafe tempfile names.
• Changes: the release of version 2.0 includes a few fixes from the last stable beta, but not much. This is a major rewrite compared with version 1.0. BFBTester is now supported on Solaris and Linux platforms (and still supported on FreeBSD).
Gpkcs 0.6.1
TC TrustCenter GmbH
http://www.trustcenter.de/html/Produkte/TC_PKCS11/1494.htmGpkcs11 is pure software implementation of the PKCS11 API as specified by the document of RSA labs. A HTML copy is in the docs directory. It provides support functions to make the development of support for new tokens easier and contains a complete software token, as well as an automated testing environment. It serves as a testing tool in the development of new applications that contain cryptographic support. It runs on Solaris 2.5.x (tested on SPARC) and on Linux 2.x.y, glibc2. It compiles on Windows systems but no systematic tests were performed, but others have reported regular use of the library under Windows NT.
• Remark: first time in the Tools Digest.
PureTLS 0.9b2
Eric Rescorla
http://www.rtfm.com/puretlsPureTLS is a free Java-only implementation of the SSLv3 and TLSv1 (RFC2246) protocols, with a number of cipher suites. PureTLS is able to read keys out of a subset of OpenSSL-style keyfiles, which makes generating keying material easy (i.e., use OpenSSL). Both client authentication and renegotiation are supported. No support for key generation is currently provided, but it may be provided in a future release. PureTLS was developed by Eric Rescorla for Claymore Systems, Inc. but is being distributed for free because we believe that basic network security is a public good and should be a commodity.
• Remark: first time in the Tools Digest.
Openwall Linux kernel patch 2.2.18-ow2
Solar Designer
http://www.openwall.com/linuxThe Openwall Linux kernel patch is patch is a collection of security "hardening" features for the Linux kernel. In addition to the new features, some versions of the patch contain various security fixes. The "hardening" features of the patch, while not a complete method of protection, provide an extra layer of security against the easier ways to exploit certain classes of vulnerabilities and/or reduce the impact of those vulnerabilities. The patch can also add a little bit more privacy to the system by restricting access to parts of /proc so that users may not see what others are doing.
Tiny SRP 0.7.3
Dr. Tom
http://members.tripod.com/professor_tom/archives/index.htmlThe Tiny SRP library is a stripped-down version of SRP-1.7.1 and OpenSSL-0.9.6 that contains only what is necessary for secure remote passphrase authentication. No other libraries are required. If you already have libsrp installed on both server and client then you don't need this. Tiny SRP is designed for embedded or mini distributions, and is also a quick and easy way to add secure authentication to small client/server projects. Also included is the TSRP protocol, which reduces socket authentication to one function call on each of the client and server.
• Remark: first time in the Tools Digest.
Lomac 1.0.2
Network Associates, Inc.
http://www.pgp.com/research/nailabs/secure-execution/lomac.aspLOMAC (Low Water-Mark Integrity Protection for Linux) is a security enhancement for Linux that uses Low Water-Mark Mandatory Access Control to protect the integrity of processes and data from viruses, Trojan horses, malicious remote users, and compromised root daemons. LOMAC is implemented as a loadable kernel module - no kernel recompilations or changes to existing applications are required. Although not all the planned features are currently implemented, it presently provides sufficient protection to thwart script-kiddies, and is stable enough for everyday use.
• Changes: this release improves the default policy configuration to allow the use of NFS-mounted filesystems, and also includes an update to the manual's discussion of related projects.
VTun 2.4
Maxim Krasnyansky
http://vtun.sourceforge.netVTun is the easiest way to create Virtual Tunnels over TCP/IP networks with traffic shaping, compression, and encryption. It is a user space implementation and doesn't need modification of any kernel parts. VTun supports IP, PPP, SLIP, Ethernet, and other tunnel types. VTun is easily and highly configurable; it can be used for various network tasks like VPN, Mobil IP, Shaped Internet access, Ethernet tunnel, IP address saving, etc.
• Changes: this is the final stable release. This new version includes a configurable keep-alive, a fix for 0 compression level, and an RPM package and docs update.
PassSafe 1.7.1
Counterpane Internet Security, Inc.
http://www.counterpane.com/passsafe.htmlMany computer users today have to keep track of dozens of passwords: for network accounts, online services, premium web sites. Some write their passwords on a piece of paper, leaving their accounts vulnerable to thieves or in-house snoops. Others choose the same password for different applications, which makes life easy for intruders of all kinds. With Password Safe, a free Windows 95 utility, users can keep their passwords securely encrypted on their computers. A single Safe Combination--just one thing to remember--unlocks them all. Version 2.0 of Password Safe will be Open Source.
• Remark: first time in the Tools Digest.
Tiny Personal Firewall build 7
Tiny Software, Inc.
http://www.tinysoftware.com/pwall_news.phpTiny Personal Firewall represents smart, easy-to-use personal security technology that fully protects personal computers against hackers. Built on ICSA-certified security technology, it is also an integral part of The Tiny Software Centrally Managed Desktop Security (CMDS) system selected by the US Air Force for its approximately 500,000 desktop computers. NOTE: Tiny Personal Firewall is intended for users that are NOT running either WinRoute Pro or WinRoute Lite.
• Changes: "EnforceWriteProtection" can be enabled in this version. Better Plug and Play and power management support. "Connect" on UDP socket is now controlled properly. Other small bugs have been fixed.
Pwdump 3
E-business technology, Inc.
http://www.ebiz-tech.comPwdump3 is a Windows NT/2000 remote password hash grabber. It combines the functionality of Pwdump by Jeremy Allison and pwdump2 by Todd Sabin. It can extract the password hashes from a remote Windows NT 4.0 or 2000 box whether or not syskey has been installed. It does this by injecting a process onto the remote system and extracting the hashes and then copying the hashes back to the local system. Using this tool, a system administrator can check on the strength of the passwords on his system. Pwdump3 does not exploit a new vulnerability, it utilizes existing Windows communications capabilities.
• Remark: first time in the Tools Digest.
Crypta 1.0.0
Patrick Parson
http://members.nbci.com/pparson58Crypta is a freeware application for Windows 95, 98 and Me which provides 128 bit encryption for text strings.
NT_security2.reg
Node Solutions, Inc.
http://node.bc.caNT_security2.reg is a registry file which helps administrators to secure their Windows NT 4.0(workstation or server) and some Win2k machines quickly and efficiently. Just to be sure that everything applies to your machine go and check all the entries. If you want to remove one entry just add ';' in front of it.
Comment: We were unable to contact the URL, hopefully it's a temporary problem.
Project R3x 0.60
Bogdan Calin
http://soul4blade.home.roProject R3x is a program for auditing Windows networks. Its main features are: scanning large networks; list NetBIOS name table for each responding computer; provide NetBIOS hostname, currently logged username, MAC address; OS detection using SMB queries (Windows 9x/NT/2k/Unix); enumerate all shares on the remote computer; crack Windows 9x (share level security) passwords using the bug discovered by NSFocus (www.nsfocus.com); probing Windows 9x/NT/2k for weak passwords using a dictionary of commonly used passwords; probing for well known services (such as www/ftp/telnet/smtp...); resolve hostnames (reverse DNS) and output results in a nicely HTML format. Project R3x runs on Windows systems (Windows 9x/Me/NT/2k) but Windows NT or 2000 really recommended.
• Changes: fixed a few bugs, improved the support for Windows NT/2k computers, provide list of shares, users, services, sessions and remote TOD (time of day) from remote computer (NT/2k), grab some information from registry, extended the support for port scanning (banner grabbing), included support for SNMP for inspecting network devices like routers or network printers, support for sending spoofed messages (social engineering), DNS lookup and traceroute support. This HTML output has been improved.
Bcrypt 4.1
Sylvain Martinez
http://www.bcrypt.com (in French: http://www.bcrypt.com/index_fr.html)BUGS is a strong dynamic private key encryption algorithm and applications. It is easy to use, and includes sample applications and documentation. The cryptography library can also be used with your own programs and is multi-platform. Bcrypt runs under Windows 2000, Windows 95/98 and Windows NT.
• Changes: there is an extra option, a "Key type" button in the Information panel, and a minor GUI fix in the Option panel.
Note: tools announced on forums are not necessarily updates or new or free, it's just that someone posted an announcement. We try out best to only notify you only of new or updated free tools.
Seán Boran is an IT security consultant based in Switzerland and the author of the online IT Security Cookbook.
| © Copyright 2001, SecurityPortal Inc. & Seán .Boran, All Rights Reserved, Last Update: 25 January, 2001 |