By Seán Boran (sean at boran.com) for SecurityPortal
Weekly Security Tools Digest Archive
http://securityportal.com/research/research.wst.html
To receive this digest via Email:
http://securityportal.com/subscribe.html
This is a summary of changes to free security tools over the last week.
Updates to General free tools this week include MindTerm, PGP, PGPenvelope, Stunnel, Ssldump, Tripwire, BIND, Tcpdump and Linux Kernel.
Auditing and Intrusion Monitoring tools include Snort, RazorBack which seems interesting, NetSaint, LIDS, ICU, SAStk and 3 other tools.
Firewalls for UNIX/Linux/BSD & Cross-platform include Firewalk, Ferm, GShield, GShieldconf, IPtables, FirewallLogDaemon and 5 other tools.
Tools for Linux/Unix/Cross Platform include Libnet, Zebedee, Anomy Sanitizer, APG, SecureFTP, Sectar, Linux VPN masquerade and 10 other tools.
Tools for Windows include Backlog, WinNTConfig and IDA Pro freeware version.
SSH
- MindTerm SSH 1.99pre4 (demo)
Mats Andersson
http://www.mindbright.se/mindtermMindTerm is a complete ssh-client in pure Java. It can be used either as a standalone Java application or as a Java applet. Three packages of importance are provided (terminal, ssh, and security). The terminal package is a rather complete vt102/xterm-terminal, and the ssh-package contains the ssh- protocol and also "drop-in" socket replacements to use ssh-tunnels transparently from a Java application/applet. It also contains functionality to realize a ssh-server. Finally, the security package contains RSA, DES, 3DES, Blowfish, IDEA, and RC4 ciphers.
Changes: the version 1.99pre4 is now available. Two new features: built in SCP client (with GUI) for simple file-transfer (can be used both in SSH1 and SSH2). The file-transfer continues independently from the logged in shell where it was started (can also be used stand-alone in command-line mode without GUI for use in scripts); built in SFTP client (currently text only) for simple file-transfer (only available with SSH2).
PGP
- PGPi 7.0.3
PGP International
http://www.pgpi.orgPGPi is the international variant of PGP (Pretty Good Privacy), a public key encryption program. PGP is the de-facto standard for email encryption today, with millions of users worldwide. The international PGP versions differ slightly from the US versions, but otherwise they are completely interoperable.
Changes: PGP 7.0 is finally available as freeware for Windows 9x/NT/2000 and MacOS.
- PGPenvelope 2.9.0
Frank Tobin
http://pgpenvelope.sourceforge.netPGPenvelope is an interface to help meld using Pine with GnuPG. It also includes procmail filtering mechanisms.
Remark: first time in the Tools Digest.
SSL
- Stunnel 3.13
Michal Trojnara
http://www.stunnel.orgThe Stunnel program is designed to work as an SSL encryption wrapper between remote client and local (inetd-startable) or remote server. It can be used to add SSL functionality to commonly used inetd daemons like POP2, POP3, and IMAP servers without any changes in the programs' code. It will negotiate an SSL connection using the OpenSSL or SSLeay libraries. It calls the underlying crypto libraries, so Stunnel supports whatever cryptographic algorithms you compiled into your crypto package. Runs on Windows and UNIX.
Changes: new Stunnel patches for version 3.11: smb_kai.patch adds SMB support to Stunnel for samba/windows mounts. client_smtp_om.patch allows client mode SMTP protocol.
- Ssldump 0.9b1, patch 1
Eric Rescorla
http://www.rtfm.com/ssldumpSsldump is an SSLv3/TLS network protocol analyzer. It identifies TCP connections on the chosen network interface and attempts to interpret them as SSLv3/TLS traffic. When it identifies SSLv3/TLS traffic, it decodes the records and displays them in a textual form to stdout. If provided with the appropriate keying material, it will also decrypt the connections and display the application data traffic.
Changes: 0.9b1 fixes bugs in 0.9a1 and adds portability to new platforms: ported to Linux, Solaris, and HP/UX. Added decoding of printable characters when printing hex data. Man page cleanups and assorted other printing cleanups.
Tripwire 2.3.0-50
Tripwire, Inc.
http://www.tripwire.orgTripwire is a system integrity checker, a utility that compares properties of designated files and directories against information stored in a previously generated database. Any changes to these files are flagged and logged, including those that were added or deleted, with optional email reporting. Additionally, support files (databases, reports, etc.) are cryptographically signed.
Changes: security fixes with respect to temp file handling, as well a new global email option.
BIND 9.1.1rc1
Internet Software Consortium
http://www.isc.org/products/BINDBIND (Berkeley Internet Name Domain) is an implementation of the Domain Name System (DNS) protocols and provides an openly re-distributable reference implementation of the major components of the Domain Name System, including: a Domain Name System server (named), a Domain Name System resolver library and tools for verifying the proper operation of the DNS server.
Changes: the latest version of BIND 8 is still version 8.2.3. New version 9.1.1rc1. BIND 9.1.1rc1 is a release candidate for BIND 9.1.1. It contains fixes for a number of bugs in BIND 9.1.0 but no new features.
Tcpdump 3.6.2
Laurence Berkeley Laboratory Network Research Group
http://www.tcpdump.orgTcpdump is an advanced tool for network monitoring and data acquisition. It is one of the most well-known sniffers/network utilities for Unix.
Changes: release of the version 3.6.2 of Tcpdump. This new version fixes problems compiling on older Linux distributions.
Linux-2.4.1
http://www.kernel.orgNew stable version 2.4.1 of Linux Kernel. The latest beta version of the Linux kernel is 2.3.99-pre9.
Changes: for more information about the changes for the version 2.4.1, refer to http://www.kernel.org/pub/linux/kernel/v2.4/ChangeLog-2.4.1. Changes for the latest beta version 2.3.99: mainly a number of small details and some driver updates. The socket datagram handling one is important, and has already been posted separately on Linux-kernel. The VIA driver update is rather important if you have one of the newer VIA chipsets.
Snort 1.7
Martin Roesch & many others
http://ww.snort.orgChanges: Michael Davis releases the much awaited Snort 1.7 for Win32. The snort-1.7-win32 source code now contains all version of snort-win32 and contains all needed header files and libraries. Compilation should be as simple as running 'nmake' in the WIN32-PRJ directory because there is now a WIN32 Makefile present.
Downloads:
- Standard snort-1.7-win32 Binary: http://download.datanerds.net/binaries/snort-1.7-win32-static.zip
- Snort-1.7-win32 FlexRESP Binary: http://download.datanerds.net/binaries/snort-1.7-win32-FlexRESP-static.zip
- Snort-1.7-win32 MySQL Binary: http://download.datanerds.net/binaries/snort-1.7-win32-MySQL-static.zip
- Snort-1.7-win32 Source Code: http://download.datanerds.net/source/snort-1.7-win32-source.zip
- RazorBack 0.1
InterSect Alliance
http://www.intersectalliance.com/projectsRazorBack is a log analysis program that interfaces with the SNORT open source Intrusion Detection System to provide real time visual notification when an intrusion signature has been detected on the network. RazorBack is designed to work within the GNOME framework on Unix platforms.
Remark: first time in the Tools Digest.
- Installing snort and running it under daemontools
Simon B.
http://simonbs.com/snort.phpDaemontools is a collection of tools for managing UNIX services. This is a guide to installing daemontools and snort.
Remark: first time in the Tools Digest.
NetSaint Network Monitor 0.0.6 - Devel: 0.0.7 alpha7
Ethan Galstad
http://www.netsaint.orgNetSaint is a program that will monitor hosts and services on your network. It has the ability to email or page you when a problem arises and when it gets resolved. NetSaint is written in C and is designed to run under Linux, although it should work under most other Unix variants. It can run either as a normal process or as a daemon, intermittently running checks on various services that you specify. The actual service checks are performed by external "plugins" which return service information to NetSaint. Several CGI programs are included with NetSaint in order to allow you to view the current service status, history, etc. via a web browser.
Changes: the development version 0.0.7 alpha7 is now available but no information regarding the changes. A beta 1 version should be arriving in a week or so, pending some documentation updates that I have to do.
LIDS 0.9.1 - Devel: 0.9.12 (2.2.18 kernel) / 1.0.5 (2.4.1 kernel)
Xie Hua Gang
http://www.lids.orgThe Linux Intrusion Detection System is a patch which enhances the kernel's security. When it's in effect, many system administration operations can be made impossible even for root. You can turn the security protection on or off on the fly and you can hide sensitive processes and prevent anyone from using ptrace or any other capability on your system. LIDS can also provide raw device and I/O access protection.
Changes: new stable version 1.0.5 for Linux kernels 2.4.1. This release fixes a memory crash in open_namei(), the capable() to prevent fsuid, lids_cap_log() capability violate security_alert only when it is disable, some tty_name export bugs, and a problem with lidsadm compiling.
Integrity checking utility 0.3 (Devel)
Andreas Östling
http://nitzer.dhs.org/ICU/ICU.htmlICU (Integrity Checking Utility) is a PERL program used for executing AIDE filesystem integrity checks on remote hosts from an ICU server and sending reports via email. This is done with help from SSH.
Changes: ICU now checks the database creation timestamp before and after the check and makes sure it is more recent after the check. After a database initialization, ICU checks the database and makes sure it actually contains a creation timestamp. Added "mail_icu_admin_invalid_timestamp" parameter to ICU.conf. Error message printed and/or mail is now sent when a hostname can't be resolved. Log messages are now sent to syslog line by line, not all lines as one message. More logging. Three new parameters in ICU.conf: ignore_future_atimes, ignore_future_ctimes and ignore_future_mtimes. The client install script now looks for scp in $PATH and /usr/local/bin/ (which is not in everybody's path) and it does also verify that the files were copied correctly. Fixed several other bugs. The documentation has been updated and the code has been cleaned up.
Samhain 0.9.12 - Devel: 1.1.6
Rainer
http://la-samhna.de/samhainSamhain is a file system integrity checker that can optionally be used as a client/server application for centralized monitoring of networked hosts. Databases and configuration files can be stored on the server. In addition to forwarding reports to the log server via authenticated TCP/IP connections, several other logging facilities (e-mail, console, tamper-resistant log file, and syslog) are available. Samhain has been tested on Linux, AIX 4.1, HP-UX 10.20, UnixWare 7.1.0, and Solaris 2.6.
Changes: new development version 1.1.6. Fixed bug in sh_readconf_line (segfault on erroneous config lines).
Slackware Administrators Security Toolkit 0.1.1
John Jenkins
http://sourceforge.net/projects/sastkSAStk (Slackware Administrators Security tool kit) aims to provide a set of tools and utilities to install and maintain a reasonable level of security for the Slackware GNU/Linux distribution. At the same time, it should ease administration with a new centralized initialization setup and background information on what the daemons do.
Changes: no information about the changes in this new version.
ACID 0.9.6b2
Roman Danyliw
http://www.andrew.cmu.edu/~rdanyliw/snort/snortacid.htmlACID stands for Analysis Console for Intrusion Databases and is a PHP-based analysis engine to search and process a database of security incidents generated by the NIDS Snort. The features currently include: - Search interface for finding alerts matching practically any criteria. This includes arrival time, signature time, source/dest address/port, flags, payload, etc. Furthermore, these queries can be made arbitrarily complex to satisfy almost any parameters. - Alert Groups: allow for a logical grouping of alerts on which analysis can be done. It a quick way to combine multiple searches or to associate a comment with an alert or group of alerts - Alert purging - Statistics: - % of traffic for each protocol - Alerts: # of src/dst IP, last/first arrival time - Sensor statistics - Graph # of arrived alert over a period of time - last x-number of alerts by protocol - All features are provided in real-time.
Remark: first time in the Tools Digest. Version 0.9.5 is the stable release. Current version 0.9.6b2 is no stable but includes DB Abstraction - MySQL and PostgreSQL support.
Shadow 1.6
US Navy
http://www.nswc.navy.mil/ISSEC/CID/shadowForm.htmlThe program’s secret is simple: Unlike commercially available software that scans reams and reams of data to check for keywords that could indicate an attack, Shadow monitors only who is sending information where. It doesn’t check the contents of the communication at all. It is freely distributed online. Like most open source programs, there is some documentation, but no official support -- although there is a huge community of programmers who have looked at the code and have written improvements and continue to tinker with the way it functions.
Changes: no information regarding the changes.
Firewalk 1.0
Mike D. Schiffman & David E. Goldsmith
http://www.packetfactory.net/Projects/FirewalkFirewalking is a technique that employs traceroute-like techniques to analyze IP packet responses to determine gateway ACL filters and map networks. Firewalk the tool employs the technique to determine the filter rules in place on a packet forwarding device.
Changes: the newest version of the tool, Firewalk/GTK introduces the option of using a graphical interface and a few bug fixes.
Ferm 0.0.15 (Devel)
Auke Kok
http://www.geo.vu.nl/~koka/fermFerm compiles ready-to-go firewall rules from a structured rule-setup. These rules will be executed by the preferred kernel interface, such as IPchains and IPtables. Ferm will also add in modularizing firewalls, because it creates the possibility to split up the firewall into several different files, which can be loaded at will, so you can dynamically adjust your rules.
Changes: added possibility of "" parameters including spaces and special characters, handy for 'log-prefix', fixed minor 'rejectt' bug, added a realistic ferm config example and fixed IPtables log error (Klaus Lichtenwalder).
Firedraw 1.0-beta1 (stable)
Babar
http://freshmeat.net/projects/firedrawFiredraw permits administration of a network's firewalls through a graphical Web interface. It generates firewall rules according to objects and services created by the user, which can be of different types, such as a workstation, a domain, a network, etc. In a similar manner, Firedraw's Service Manager lets the user manage services such as Web (HTTP), mail (SMTP), and file transfer (FTP).
Remark: first time in the Tools Digest.
GShield 2.0.3
R. Gregory
http://muse.linuxmafia.org/gshield.htmlGShield is an aggressive, modular firewall script for IPtables which features easy configuration through a BSD-style configuration file, optional NAT support, TCP-wrapper-like functionality for service access, port forwarding, routable protection, DMZ support, and more.
Changes: fixed typo for https entry, fixed typo for FW_ROOT in routables (thanks V. Hodges), added forwarding for SSH, blacklist logging and added toggle for "default logging".
GshieldConf 0.32
Davinci
http://members.home.com/vhodges/gshieldconf.htmlGshieldConf is a simple tool to edit GShield configuration files. It can be extended when changes are made to the configuration file format and preserves settings which it does not know about.
Remark: first time in the Tools Digest.
Firewall Builder 0.8.7
Lord Vkurland
http://www.crocodile.org/~vadim/fwbuilderFirewall Builder consists of a GUI and set of policy compilers for various firewall platforms. It helps users maintain a database of objects and allows policy editing using simple drag-and-drop operations. The GUI and policy compilers are completely independent, and support for a new firewall platform can be added to the GUI without any changes to the program (only a new policy compiler is needed). This provides for a consistent abstract model and the same GUI for different firewall platforms. It currently supports IPchains, IPtables, and IPfilter.
Changes: this is bugfix release. It incorporates several fixes in both GUI and compilers reported by beta-testers. We also include beta version of new XML DTD (see etc/fwbuilder.dtd). This release still does not use it, it is included for preview purposes. Feedback is welcomed! There should be no more 0.8.x releases as we start major rewrite to switch to the new XML DTD. Significant improvements to GUI are coming with it, too. This is what is going to become 0.9.0 when it is ready.
MonMotha's IPtables Masquerading Firewall 2.3.0
MonMotha and Steff
http://t245.dyndns.org/~monmotha/firewallMonMotha's IPtables firewall is a shell script that implements masquerading and basic security using IPtables. It is easily configurable by modifying the options near the beginning and does not need to be rerun every time your IP address changes, making it perfect for users with dialup connections. Many features, such as SSH rulesets and limited flood protection, are available. There are three branches: the default branch (actual version is 2.3.0), the IPtables-insecure branch (actual version is 2.0.1) and the IPtables 2.2 branch (actual version is 2.2.0).
Changes: new IPtable-insecure version that includes major bugfixes. Initial release 2.2.0 for IPtables 2.2.
Firewall Log Daemon 1.3
Ian Jones
http://www.speakeasy.org/~roux/dmnFirewall Log Daemon is a program written in C which will watch for IPchains or IPtables log alerts in real-time. The program will start a small daemon process that parses and resolves firewall logs by reading a FIFO that syslog writes to. It can queue a batch of alerts and mail them to you, or can be used in a script to crunch an existing log file or data stream. It features hostname, port, protocol, and ICMP type/code lookup, with output formatted by a user-defined template.
Changes: now includes SYSV init script, includes a man page: firelogd(8). RPMS now available. Makefile changed to include init script (make install & uninstall). Committed heresy in dmn_main: now we wait for for syslog to come back online if it is restarted. Match for IPchains fixed for user defined chain name. Fixed incorrect matches in extended port match. Fixed match.h to accommodate IPchains "REDIRECT [[:digit:]]*". Fixed match.h to account for possible incomplete data sent in ICMP error (triggering packet). New Features: now captures and decodes all fields in packet log, included "decode.php" and corresponding template for a web-based log entry decoder. Bugfixes: fixed icmp.c sscanf bug, fixed IPtables regex bug, makefile patch by Richard Ellis, added header files to target dep.'s
RChains 200102061216
Curt Rebelein, Junior
http://rchains.rebby.comRChains is a highly detailed firewall script which implements many features including per host bandwidth monitoring w/ MRTG.
Changes: added support for a TCP printer. Fixed DHCP support. Added support for a DHCP server on the internal interface. Added support for ssh1. Reorganized scripts to make them easier to manage. Added a CGI log report. Moved to GNU GPL.
EasyChains 0.9.3-3b
Dejavo
http://dejavo.virtualave.net/djvlinux.htmlEasyChains is a very easy-to-use GUI for the console firewall script. It makes it easy to create a custom firewall using the firewall generator, or you can add and remove custom rules from a numbered list. You can generate a monitor for the console and for X.
Changes: the problem in EasyChains0.9.3-3 structure with the 'Load with PPP' and 'Load at Boot' that didn't work has been fixed in this new release.
Fwmap 01.4
Linons
http://fwmap.sourceforge.netFwmap is a tool designed to manage your firewalls and to add services hosts using. You can build an image of your network and simply add rules to your firewall by adding used or provided services to your hosts.
Remark: first time in the Tools Digest.
Libnet 1.0.2b
Mike D. Schiffman
http://www.packetfactory.net/libnetLibnet is a collection of routines to help with the construction and handling of network packets. It provides a portable framework for low-level network packet shaping, handling and injection. Libnet features portable packet creation interfaces at the IP layer and link layer, as well as a host of supplementary and complementary functionality. Using Libnet, quick and simple packet assembly applications can be whipped up with little effort. With a bit more time, more complex programs can be written (Traceroute and ping were easily rewritten using Libnet and Libpcap).
Changes: added OpenBSD 2.7 etherspoof lkm and kernel patch. Added FreeBSD 4.0-STABLE etherspoof kernel patch. Added FreeBSD 4 support for automatic MAC address spoofing (via ioctl). No more lkm! Added VRRP support. Fixed a NULL pointer check in libnet_checksum.c. Fixed a function naming problem in libnet_if_addr.c. Fixed a potential byte error in libnet_version. Fixed a potential overflow in libnet_link_sockpacket.c and libnet_link_dlpi.c. Fixed a manpage discrepancy (get_ip_addr returns host-byte, not network-byte). Fixed arena allocation code (misalignments and whatnot) and arena manpage entry (2 arguments were swapped). Fixed datatype discrepancies (u_char was used liberally when char should have been used). Fixed the PF_PACKET interface to work correctly. Version 1.0.2 messed up the install stuff, this is now fixed. Fixed the config.sub to correctly look for arm* architecture. Fixed the test.sh script.
Zebedee 2.2.0
Neil Winton
http://www.winton.org.uk/zebedeeZebedee is a simple program to establish an encrypted, compressed “tunnel” for TCP/IP or UDP data transfer between two systems. This allows traffic such as telnet, ftp and X to be protected from snooping as well as potentially gaining performance over low-bandwidth networks from compression.
Changes: this new version adds SO_KEEPALIVE code to (eventually) reap dead client connections. Modify ftpgw.tcl to mitigate memory leak that shows up with TCL versions. This version is still not perfect, but it's better! Fix FreeBSD detaching. Handle hostnames that resolve to multiple addresses on both client and server side. Fix bug in picking up default target host.
The Anomy mail sanitizer 1.35
Bjarni R. Einarsson
http://mailtools.anomy.netThe Anomy mail sanitizer is a filter designed to block email-based security risks, such as Trojans and viruses. It can scan an arbitrarily complex RFC822 or MIME message and remove or rename attachments, truncate unusually long MIME header fields and sanitize HTML by disabling JavaScript, etc. It uses a single-pass pure Perl MIME parser, which can make it both more efficient and more precise than other similar programs. The sanitizer has built-in support for third-party virus scanners.
Changes: made "defang" the fallback policy for "save" or "scan" policies when creating the temporary file fails for some reason. Added the "file_default_name" and "feat_force_name" variables. The former is the file name used for comparing unnamed parts with the filename policies, the latter makes the sanitizer add a file name to unnamed parts, based on the part's MIME type. Added a rule to truncate overly long Subject lines which might be interpreted as file names. This addresses at least part of the Outlook Express 5.5 HTML.dropper bug discussed on Bugtraq on the 17. Jan. 2001. Added the LAYER tag to the list of defanged HTML tags. This is in response to the discussions on Bugtraq about how to exploit web-based email solutions by using layers to put new buttons/links on top of the email program's buttons. Added more default file names for different MIME-types. Modified multipart-MIME and Base64 code to properly preserve multipart pre- and postambles and whitespace near MIME boundaries. Fixed a very minor white-space related bug in MIMEStream's header parser.
APG - Automated Password Generator 1.2.0
Adel I. Mirzazhanov
http://www.adel.nursat.kz/apgAPG is the tool set for random password generation. There is a Standalone version that generates some random words of required type and prints them to standard output and there is a network version that consist of an APG server and of an APG client. When client's request is arrived, the server generates some random words of predefined type and send them to client over the network (according to RFC0972). APG uses two Password Generation Algorithms: the Pronounceable Password Generation Algorithm (according to NIST FIPS 181) and the Random Character Password Generation Algorithm with 19 configurable modes of operation. The password length parameters are configurable as well as the amount of generated passwords. It supports /dev/random. It has the ability to use password generation service from any type of box (Mac, WinXX, etc.) that connected to network and has the ability to enforce remote users to use only allowed type of password generation.
Changes: minor security fixes and changed random character password generation algorithm. Changed user random seed generation procedures.
Secure FTP v1.04
Gary Cohen and Brian Knight
http://www.glub.com/products/secureftpSecure FTP is a client package that allows for a secure connection to be made to an FTP daemon. In this release, we support connecting via the Secure Sockets Layer, or SSL. Future releases may support other authentication mechanisms (e.g. Kerberos, OPIE). This client is supported on Windows and any Unix platform where a Java 2 (or Swing) runtime environment is present. It was written in 100% Pure Java and can act as either an application or an applet. The applet version will only run under Windows at this time, but we are looking into other solutions. Since crypto is present in this product, US export restrictions are in affect. If you reside in an embargoed country you will not be allowed to use this product. Secure FTP is a joint production with the San Diego Supercomputer Center.
Changes: better handling of certificates that don't have a City, State, and/or Country in their common name. Fixed typos in our Japanese and Italian versions.
SILC 20010203 (Devel)
Pekka Riikonen
http://silc.pspt.fiSILC (Secure Internet Live Conferencing) is a protocol which provides secure conferencing services in the Internet over insecure channels. SILC superficially resembles IRC, although they are very different internally. The purpose of SILC is to provide secure conferencing services. Strong cryptographic methods are used to secure all traffic.
Changes: a lot of changes for this new version. Please refer to http://silc.pspt.fi/changes.txt for more details.
Daemontools 0.7
D. J. Bernstein
http://cr.yp.to/daemontools.htmlDaemontools: a collection of tools for managing UNIX services.
Remark: first time in the Tools Digest.
Sectar 1.0
Brian Wagener & Katrina Illari
http://sourceforge.net/projects/starSecure Tar (Sectar) doesn't create encrypted tape archives (tar files) yet, but it can encrypt/decrypt files only using multiple blocksizes, and keysizes using the AES algorithm Rijndael. Once the standalone application is stable, then I will incorporate it with tar. The encryption is exported under exemption TSU 740.13.
Changes: first stable and complete version. The compression has been added and modified to work correctly with stdin.
Linux VPN Masquerade 2.2.18
John D. Hardin
http://www.impsec.org/linux/masquerade/ip_masq_vpn.htmlLinux VPN Masquerade allows you to use an IPsec or PPTP VPN host (client or server) behind a Linux masquerading firewall. No more hogging the cable modem when you need to connect to the office network.
Remark: first time in the Tools Digest.
uPKI 1.0
Dean Povey
http://security.dstc.com/products/upkiuPKI is an implementation of PKI services optimized for embedded platforms. The design of uPKI has emphasized flexibility and simplicity. The result is a toolkit which is lightweight and fast. It includes support for X.509, PKIX, RSA, DSA, SHA-1, MD5, DES, 3-DES, PKCS#10, PKCS#8, and HTTP.
Remark: first time in the Tools Digest.
Libmcrypt 2.4.9
Nikos Mavroyanopoulos
http://mcrypt.hellug.grLibmcrypt is a library which provides a uniform interface to several symmetric encryption algorithms. It is intended to have a simple interface to access encryption algorithms in ofb, cbc, cfb, and ecb modes. The algorithms it supports are DES, 3DES, RIJNDAEL, Twofish, IDEA, GOST, CAST-256, ARCFOUR, SERPENT, SAFER+, and more. The algorithms and modes are also modular so you can add and remove them on the fly without recompiling the library.
Remark: first time in the Tools Digest.
Libmhash 0.8.9
Nikos Mavroyanopoulos
http://mhash.sourceforge.netLibmhash is a thread-safe hash library implemented in C, and provides a uniform interface to a large number of hash algorithms (MD5, SHA-1, HAVAL, RIPEMD160, TIGER, GOST). These algorithms can be used to compute checksums, message digests, and other signatures. The HMAC support implements the basics for message authentication, following RFC 2104.
Remark: first time in the Tools Digest.
StegFS 1.1.3
Andrew McDonald
http://ban.joh.cam.ac.uk/~adm36/StegFSStegFS is a steganographic file system for Linux. It offers security beyond that afforded by a regular cryptographic file system, since it not only encrypts data, but also provides a plausible deniability mechanism by securely hiding the data. It is designed to give the user a very high level of protection against being compelled to disclose its contents. StegFS extends the standard Linux file system (ext2fs), allowing normal and several levels of hidden files to coexist. This allows some data to remain hidden even if some of the keys are compromised.
Remark: first time in the Tools Digest.
PhpSecurePages 0.21b
Paul Kruyt
http://www.phpSecurePages.f2s.comPhpSecurePages is a PHP module to secure pages with a login name and password. It can handle multiple user groups (each with their own viewing rights), store data in a MySQL database or a configuration file, and be used to identify your Web site viewers. It also has multiple language support as well as session support for both PHP3 and PHP4.
Remark: first time in the Tools Digest.
JavaPad 1.2.0
Erlend Aakre
http://home.no.net/erlaak/programs/javapad/about.htmlJavaPad is a Java implementation of the "one time pad" cryptography algorithm. It works well as a standalone application in text mode or in graphical mode. It can generate keys and encrypt files. JavaPad can be easily used as a library by other applications as streams, and such use requires only a few lines of code. This is a good way to incorporate strong symmetric encryption in your application.
Remark: first time in the Tools Digest.
BsdFPF
Cthulhu
http://www.pkcrew.orgFingerPrintFucker is an lkm for Linux that changes the TCP/IP stack in order to emulate other OSs against TCP/IP fingerprinting. The package contains the lkm and a parser for the Nmap file that let you choose directly the OS you want. It works at least with FreeBSD.
Remark: first time in the Tools Digest.
Eliott 1.0
Frank DENIS
http://www.jedi.claranet.fr/eliottEliott is a Linux tool to help system administrators and programmers discover insecure temporary files creation, even in closed-source applications. Eliott watches a directory for files creation/deletion/writes using the dnotify facility of Linux kernel 2.4.x . Every change is logged, even temporary files with a very short life time, that usually can't be manually noticed. In addition to logging, ELIOTT can simulate hard-link exploits in order to find and report vulnerable applications.
Remark: first time in the Tools Digest.
Backlog
InterSect Alliance
http://www.intersectalliance.com/projects/index.htmlBacklog is a Windows NT service that facilitates the real time central collection and processing of Windows NT Event Log information. All three event logs (Application, System and Security) are monitored, and event information is converted to comma delimited text format, then delivered over UDP to a remote server. Backlog is currently configured to deliver audit information to a SYSLOG server running on a remote (or local) machine.
Remark: first time in the Tools Digest.
WinNTConfig (document)
InterSect Alliance
http://www.intersectalliance.com/projects/index.htmlGraded Risk Based Security Configuration for Windows NT - How to secure a Windows NT machine, based upon the agreed security risk profile of the target system. Includes Initial Installation, System Accounts, User Accounts and Rights, File and Registry Access Control, Network Access Control, Subsystems, Malicious Code, and Event Logging.
Remark: first time in the Tools Digest.
IDA Pro - Freeware Edition
DataRescue Inc.
http://www.datarescue.com/idabaseThe freeware version of the Interactive Disassembler Pro. Supports 80x86 binaries and FLIRT, a unique Fast Library Identification and Recognition Technology that automatically recognizes standard compiler library calls. Widely used in COTS validation and hostile code analysis. It runs under DOS, Windows 2000, Windows 95/98 and Windows NT.
Remark: first time in the Tools Digest.
Note: tools announced on forums are not necessarily updates or new or free, it's just that someone posted an announcement. We try out best to only notify you only of new or updated free tools.
Seán Boran is an IT security consultant based in Switzerland and the author of the online IT Security Cookbook.
| © Copyright 2001, SecurityPortal Inc. & Seán .Boran, All Rights Reserved, Last Update: 08 février, 2001 |