Open Source Corner 40 Free and Open Source Security Tools There Are Thousands of Open Source Security Tools with Both Defensive and Offensive Security Capabilities

Open Source Corner 40 Free and Open Source Security Tools There are thousands of open source security tools with both defensive and offensive security capabilities. The following are essential security tools that will help you to secure your systems and networks - Compiled by Sonam Yadav

Nmap OpenVAS OSSEC Nmap helps your network and ports OpenVAS is an open source OSSEC is a free, open-source host- with the number one port scanning vulnerability scanning suite that grew based intrusion detection system tool. Nmap now features powerful NSE from a fork of the Nessus engine (HIDS). It performs log analysis, integrity scripts that can detect vulnerabilities, when it went commercial. It manages checking, Windows registry monitoring, misconfiguration and security related all aspects of a security vulnerability Toolkit detection, time-based alerting, information around network services. management system from web-based and active response. It provides intrusion After you have nmap installed, be sure dashboards. detection for most operating systems, to look at the features of the included Download: http://www.openvas.org/ including Linux, OpenBSD, FreeBSD, OS ncat - its netcat on steroids. vm.html X, Solaris and Windows. OSSEC has a Download: http://filehippo.com/ centralized, cross-platform architecture download_nmap/ allowing multiple systems to be easily monitored and managed. Download: http://ossec.github.io/ downloads.html

Security Onion Metasploit Framework OpenSSH Security Onion is a network security The Metasploit Project is a It secures all your traffic between two monitoring distribution that can computer security project that points by tunneling insecure protocols replace expensive commercial gray provides information about through an SSH tunnel. It includes boxes with blinking lights. Security security vulnerabilities and aids easy access to copy files securely. It Onion is easy to setup and configure. in penetration testing and IDS can be used as poor man’s VPN for With minimal effort, you will start to signature development. Metasploit Open Wireless Access points (airports, detect security-related events on your Framework, a tool for developing coffee shops). Tunnel back through network. Detect everything from brute and executing exploit code against your home computer and the traffic is force scanning kids to those nasty a remote target machine. Other then secured in transit. Access internal APT’s. important sub-projects include the network services through SSH tunnels Download: https://sourceforge.net/ Opcode Database, shellcode archive, using only one point of access. From projects/security-onion/ and related research. Windows, you will probably want to Download: http://download.cnet. have putty as a client and WinSCP for com/Metasploit/3000-2653_4- copying files. Under Linux just use the 75289381.html command line ssh and scp. Download: https://sourceforge.net/ projects/sshwindows/ pcquest.com twitter.com/pcquest facebook.com/pcquest linkd.in/pcquest [email protected] DECEMBER 2016 PCQuest 45 Open Source Corner

Wireshark NetSurveyor Truecrypt Wireshark helps to view traffic NetSurveyor is a free but closed It encrypts all the things. Truecrypt in as much detail as you want. source Wi-Fi stumbler and basic is a strong encryption utility that Use Wireshark to follow network analyzer. It displays the basic AP can encrypt entire volumes or streams and find problems. TCP details but doesn’t specify the create an encrypted container dump and Tshark are command exact authentication or encryption within a file system. Use Truecrypt line alternatives. Wireshark runs on method. It can also record data to protect your flash drives. If it gets Windows, Linux, FreeBSD or OSX for extended periods and played- lost, even the NSA will have trouble based systems. back in the future. You can also reading the data. Download: http://filehippo.com/ create useful reports in Adobe PDF Download: http://filehippo.com/ download_wireshark/ format, which includes a snapshot download_truecrypt/ of the AP details and all the graphs. NetSurveyor Pro adds the ability to view and record actual performance stats of APs you’re connected to instead of using just its broadcast beacons.. Download: http://download.cnet. com/NetSurveyor/3000-2085_4- 10882471.html.

NetStumbler Vistumbler inSSIDer NetStumbler is one of the oldest and Vistumbler is a newer open source InSSIDer is a relatively new open most known Wi-Fi stumblers and runs that displays the basic AP details, source Wi-Fi stumbler which shows on Windows and Windows CE/Mobile. including the exact authentication the usual list of AP details but doesn’t It lists nearby APs and displays their and encryption methods, and can show the exact authentication basic details: SSID, channel, speed, even speak the SSID and RSSI of method. You can see the encryption MAC address, vendor, and encryption. APs. Similar to NetStumbler, you can method used but can’t distinguish, for Unlike most other stumblers, it also view a list of all APs or drill down to example, between WPA-PSK and WPA- shows the signal, noise, and signal-to- those categorized by authentication, Enterprise networks. Like most other noise ratio (SNR) levels. Additionally, it encryption, channel, network type, and stumblers, inSSIDer doesn’t include has GPS support to record AP locations SSID. You can also view graphs of the the noise or signal-to-noise (SNR) when war driving. AP signals in addition to viewing text values; just gives you the RSSI values. Download: http://netstumbler. readouts. It’s highly customizable and Download: http://inssider.en.softonic. en.softonic.com/ offers flexible configuration options. com/ For example, you can define and save AP names to better distinguish them in the future. In addition to basic GPS support to record AP locations, it supports live tracking within the application using Google Earth. Download: https://sourceforge.net/ projects/vistumbler/

46 PCQuest DECEMBER 2016 pcquest.com twitter.com/pcquest facebook.com/pcquest linkd.in/pcquest [email protected] Meraki WiFi Stumbler Kismet Nikto This is a simple web-based Kismet is a free and open Wi- Nikto is great for firing at a web stumble, runs in most browsers Fi stumbler, packet sniffer and server to find known vulnerable on Macs and PCs and even works intrusion detection system for scripts, configuration mistakes, when offline. It displays most of Windows, Mac OS X, Linux, and and related security problems. It the basic wireless details (with BSD.It shows the AP details, won’t find your XSS and SQL web signal levels in percentages) including the SSID of “hidden” application bugs, but it does find and offers a bar graph of APs networks. Plus it reports the noise many things that other tools miss. per channel. It doesn’t allow levels and gives you the signal- Download: http://webscripts. any customization and doesn’t to-noise (SNR) values. It can also softpedia.com/script/Security- offer any additional functionality capture the raw wireless packets Systems/Nikto-70370.html beyond displaying the network to a PCAP file, so you can import basics and letting you perform into Wireshark, TCP dump, and searches of the data. However, other tools. this stumbler is still useful if you Download: https://www. want to check wireless signals kismetwireless.net/download. from a computer that doesn’t shtml already have a stumbler installed. Download: http://xirrus-wi-fi- inspector.en.softonic.com/

Icinga 2 Zenoss Core OpenNMS Icinga began life as a fork of system Another open source stalwart, An extremely flexible network monitoring application. It was Zenoss Core gives network management solution, OpenNMS can completely rewritten to give users a administrators a complete, one-stop handle any network management modern interface, support for multiple solution for tracking and managing task, whether it’s device management, databases, and an API to integrate all of the applications, servers, application performance monitoring, numerous extensions. With out-of- storage, networking components, inventory control, or events the-box load balancing, notifications, virtualization tools and other elements management. With IPv6 support, a and configuration, Icinga 2 shortens of an enterprise infrastructure. robust alerts system, and the ability the time to installation for complex Administrators can make sure the to record user scripts to test Web environments. Icinga 2 supports hardware is running efficiently and applications, OpenNMS has everything Graphite natively, giving administrators take advantage of the modular design network administrators and testers real-time performance graphing to plug in ZenPacks for extended need. OpenNMS has become, as now without any fuss. functionality. a mobile dashboard, called OpenNMS Download: http://meraki-wifi- Download: https://sourceforge.net/ Compass, lets networking pros keep stumbler.soft112.com/ projects/zenoss/ an eye on their network even when they’re out and about. Download: https://sourceforge.net/ projects/opennms/ pcquest.com twitter.com/pcquest facebook.com/pcquest linkd.in/pcquest [email protected] DECEMBER 2016 PCQuest 47 Open Source Corner 8 Latest Linux Distros The best Linux distro for you may not be the best Linux distro for another user. Many Linux users are distro- hoppers, regularly moving from distribution to distribution. Some may be looking for the perfect distro, while others are simply curious about the latest Linux developments. Here are the eight latest ones.

1 Bodhi Linux 2. Debian 3. Ubuntu Bodhi Linux is a lightweight Linux Debian is a Unix-like computer Ubuntu is often said to be the most distribution based on Ubuntu that uses operating system that is composed popular Linux distribution. The default the Moksha Desktop Environment. entirely of free software, most of installation features the Unity desktop, The philosophy for the distribution which is under the GNU General Public which was designed to answer Ubuntu is to provide a minimal base system License, and packaged by a group of founder Mark Shuttleworth’s challenge so that users can populate it with individuals called the Debian Project. to free software to build a desktop to the software they want. Thus, by Three main branches are offered: rival OS X. default, it only includes software Stable, Testing, and Unstable. Unity is best suited for those who use that is essential to most Linux users, The Debian Stable Linux distribution is one or two applications at a time. It including file browsers (PCManFM), a one of the most popular for personal is not designed for easy switching web browser (Midori) and a terminal computers and network servers and back and forth between windows. emulator (Terminology). It does not has been used as a base for several Users who like to customize panel include software or features that other distributions. The Debian Testing applets and the desktop may also find its developers deem unnecessary. and Unstable branches are rolling it lacking. However, if the forthcoming To make populating systems with release and eventually become the Ubuntu Touch phone succeeds, users software easy, Bodhi Linux developers Stable distribution after development may enjoy the luxury of having the maintain an online database of and testing. Packages are first same desktop on all their devices. lightweight software that can be uploaded to Unstable, from which they Download: http://www.ubuntu.com/ installed in one click via capture. migrate to Testing. download/desktop Download: http://www.bodhilinux. Download: https://www.debian.org/ com/download/

4. openSUSE 5. Manjaro 6. Fedora openSUSE is the community Manjaro is Arch Linux with the labor Fedora is an operating system based distribution on which SUSE Linux removed. Instead of requiring a on the Linux kernel, developed by the is based. Although it releases disk manual setup following a long list of community-supported Fedora Project images based on GNOME, openSUSE, instructions, Manjaro uses a modified and sponsored by Red Hat. Fedora like Mageia, is widely viewed as a version of the Ubuntu installer. Other- contains software distributed under KDE-oriented distribution. In fact, the wise, it shares Arch’s appeal — that a free and open-source license and differences in the default layouts of is, both Manjaro and Arch are fast and aims to be on the leading edge of openSUSE and Mageia shows just how lightweight and have rolling releases, such technologies. Fedora is generally versatile KDE can be. updating packages individually and no less bug-prone than any other For developers, one of the appeals continually rather than having regu- distribution. Fedora has a reputation of openSUSE might be its Open Build larly scheduled new versions. Have a for focusing on innovation, integrating Service, which aids in creating disk look at Manjaro if you curious about new technologies early on and images, including the cross-platform why people should be so interested working closely with upstream Linux compilation of packages. in Arch, or want a distribution that is communities. Download: https://software. always up to date. Download: https://getfedora.org/en/ opensuse.org/421/en Download: https://sourceforge.net/ workstation/download/ projects/manjarolinux/

48 PCQuest DECEMBER 2016 pcquest.com twitter.com/pcquest facebook.com/pcquest linkd.in/pcquest [email protected] 7. Linux Mint (Cinnamon and MATE) 8.Mageia Linux Mint (Cinnamon and MATE) has become a major Mageia is one of the leading distributions that distribution by giving users what they want. Not only does feature the KDE desktop and features a simple but it support two desktops, Cinnamon and MATE, but it also well-designed default desktop. offers versions based on Ubuntu and Debian. Underlying Those familiar with GNOME might take a while most of its variations is the usual collection of GNOME-based to understand aspects of Mageia’s KDE desktop, technologies and applications. MATE is a fork of GNOME 2, such as the addition of desktop icons in Folder with an increasing number of modernizations, starting with a Views or the use of Activities to organize multiple menu confined to a single window. Cinnamon is Linux Mint’s desktops by tasks instead of applications. The own desktop and features overlays for viewing virtual desktops possible degree of customization is also far and directories, and a growing number of panel applets and greater than in GNOME’s. Depending on your desklets, the desktop equivalent of applets — each of which background, Mageia could require a short allows users to customize by placing utilities in convenient period of adjustment. Otherwise, once you are locations. Both MATE and Cinnamon are traditional desktops to accustomed to the differences, Mageia is an which most users should have no trouble adjusting, regardless outstanding general purpose Linux distribution. of their experience. Download: https://www.mageia.org/en/ Download: https://www.linuxmint.com/download.php downloads/

5 Big Data Apps For Growing Businesses

1. Tamr 2. Esri ArcGIS 3. Zaloni Bedrock Tamr is a data-connection and Esri ArcGIS, as the name implies, Zaloni is widely recognized as providing machine-learning platform is a Geographic Information the only fully integrated, single platform designed to make enterprise data System (GIS) that makes it easy solution on top of Hadoop that integrates as easy to find, explore, and use to create data-driven maps and Data Ingestion, Organization, and as Google. According to Tamr, visualizations. It keeps on top Preparation with Metadata Management due to the cost and complexity of key performance indicators and Workflow. Many businesses know of connecting and preparing the and analyzes trends and spatial they want to implement a Hadoop data vast, untapped reserves of data connections that impact every lake, but don’t know how to do so in a sources available for analysis, aspect of your organization’s cost-effective, scalable way. With Zaloni most organizations use less than operations. Bedrock, the process is automated. 10 percent of the relevant data Download: http://www.esri. According to Zaloni, you set it up once available to them. com/software/arcgis/explorer- and you’re done. It doesn’t matter how Download: http://www. desktop/download much data you are adding to the lake tamedos.com/downloads/ since there is no technical limit. downloads.htm Download: http://info.zaloni.com/ download-bedrock-overvie pcquest.com twitter.com/pcquest facebook.com/pcquest linkd.in/pcquest [email protected] DECEMBER 2016 PCQuest 49 Open Source Corner

4. Roambi 5. Cloudera Enterprise Roambi is a business application that changes raw Cloudera is now making inroads into the Internet of business data into interactive graphics designed for Things market with its app, locking down a deal with mobile devices on the iOS platform such as Apple Inc.’s a major home automation company. Cloudera offers iPhone, iPad and iPad Mini. The applications connect the highest performance and lowest cost platform to popular information systems including Excel or for using data to drive better business outcomes. Salesforce.com and business intelligence systems such Cloudera Enterprise provides the centralized as Cognos and corporate databases such as Microsoft management and robust support that you need to SQL. Roambi re-designs the way people interact with, operate Hadoop effectively as a mission-critical piece share, and present data from a completely mobile of your technology infrastructure. Cloudera Enterprise perspective. Mobile workers need the ability to access helps you become information-driven by leveraging and analyze the same business data they use in the office the best of the open source community with the in order to make smart, on-the-go decisions. Roambi enterprise capabilities you need to succeed with contends that it was founded to solve this very problem. Apache Hadoop in your organization. Download: https://play.google.com/store/apps/ Download: http://www.cloudera.com/downloads/ details?id=com.mellmo.roambi&hl=en manager/5-7-1.html

9 New Open Source Development Tools

1. Bazel 2. Falcon 3. Jsonnet Bazel is Google’s own build Falcon describes itself as “a As you might guess from the tool, now publicly available in JavaScript library for efficient data name, the Jsonnet configuration Beta. Bazel has built-in support fetching.” Created by Netflix, it language was designed to simplify for building both client and allows Web apps to get and display the process of writing JSON. server software, including client data very quickly, improving the Developers can use it to help applications for both Android and end user experience. It is still organize JSON data. Operating iOS platforms. It also provides an in developer preview status. System: Windows, Linux, OS X. Multi extensible framework that you Operating System: Windows, Linux, Time Frame Charting is one of the can use to develop your own build OS X. most important aspects of Falcon. rules. Operating System: Linux, Download: https://sourceforge. In Falcon, you can easily compute OS X net/projects/falconcpp/ studies on a higher time frame and Download: https://github.com/ use it on a lower time frame. bazelbuild/bazel Download: https://sourceforge. net/projects/csjson/

50 PCQuest DECEMBER 2016 pcquest.com twitter.com/pcquest facebook.com/pcquest linkd.in/pcquest [email protected] 4. React 5. Nuclide 6. Office UI Fabric React is “a JavaScript library for A nuclide is an integrated development Microsoft made Office UI Fabric building user interfaces.” It provides environment that supports both mobile generally available on GitHub. It’s a the “View” component in model–view– and Web development. It is built on front-end fabric that allows developers controller (MVC) software architecture top of Atom, and it can integrate to build Office-like Web apps and add- and is specifically designed for with Flow, Hack, and Mercurial. ins. Operating System: Windows one-page applications with data that Operating System: Windows, Linux, We use Fabric throughout Office to changes over time. OS X. Nuclide is the IDE for developing create functional and engaging user React makes it painless to create Hack-based web applications, interfaces. Now that Fabric is open interactive UIs. Design simple views providing auto-completion and inline source, you can apply the same Office for each state in your application error highlighting. A nuclide is a set Design Language to your own web ex- and React will efficiently update and of packages implemented on top of periences. With Fabric, you can create render just the right components when Atom, and we are working closely with an engaging customer experience and your data changes. Operating System: GitHub to contribute upstream to the save development time. OS Independent core project. Download: https://dev.office.com/ Download: http://reactjs.cn/ Download: https://github.com/ fabric/getting-started/ downloads.html facebook/nuclide

7. Parse SDKs 8. Neovim 9. YAPF Parse is a mobile backend as a Neovim is a refactor — and some- The ultimate goal is that the code YAPF service that simplifies the process of times redactor — in the tradition of produces is as good as the code that a creating mobile apps. Earlier this year, Vim, which itself derives from Stevie. programmer would write if they were it open sourced three of its SDKs, and It is not a rewrite but a continuation following the style guide. It takes away it promised to release the rest in the and extension of Vim. Many clones and some of the drudgeries of maintaining your future. derivatives exist; some are very clever, code. YAPF takes a different approach. It’s Parse Server is a new project, but none are Vim. Neovim strives to based on ‘clang-format’. In essence, the separate from the hosted Parse API be a superset of Vim except for some algorithm takes the code and reformats it service. Our intention is to provide and intentionally-removed misfeatures. It to the best formatting that conforms to the support the growth of an open-source is built for users who want the good style guide, even if the original code didn’t API server and allow new developers parts of Vim, and more. violate the style guide. The idea is also to benefit from the powerful Parse The msg pack API enables struc- similar to the tools for the Go programming client SDKs regardless of where their tured communication to and from language: end all holy wars about format- application logic and data is stored. any programming language. Remote ting - if the whole code base of a project Operating System: iOS, OS X, Android plugins run as co-processes that is simply piped through YAPF whenever Download: https://parse.com/docs/ communicate with Neovim safely and modifications are made, the style remains downloads asynchronously.Operating System: consistent throughout the project and Windows, Linux, OS X there’s no point arguing about style in Download: https://github.com/ every code review. Operating System: OS neovim/neovim Independent. Download: https://github.com/google/yapf pcquest.com twitter.com/pcquest facebook.com/pcquest linkd.in/pcquest [email protected] DECEMBER 2016 PCQuest 51 Open Source Corner 5 Full and Free Games

1. Cradle of Egypt 2. The Wizbury School 3. Azteca Take a step back in time to an era before of Magic Launch into the valiant quest for the the great Pharaohs and magnificent The Wizbury School of Magic has been treasures of the ancient civilization in a monuments of Egypt existed. There, you burgled, and the thief is on the loose. It’s marvelous arcade puzzle shining with nice are the one with the foresight to bring all up to you now, follow the clues and track visuals, 60 challenging levels and a variety of of the tribes together and start building down the culprit. Collect items across bonuses. Complete the game and you will get what will become one of the greatest campus and sell them at the local shop a splendid reward that’ll come in handy even civilizations that humans have ever known. to rebuild Wizbury in time for the coming if you are not in the game. The adventure Take the journey and travel through five Magician’s Guild inspection! Meet a quirky requires you to use your quick wits and skill ancient epochs to build your own Egypt. cast of wizards and witches, students, and as you will need to shoot an orb into the Start from a small village and develop your professors, ghosts and ghouls! Seek out moving chain of colored balls trying to create settlement into a most powerful nation hidden secrets across campus, and even a sequence of spheres of the same color, through 100 fantastic Match 3 levels. try your hand at spellcasting! Dozens of which will disappear. As all the moving balls Travel through five epochs and build your mini-games and over 40 unique trophies to vanish, your way to the treasure room will own Egypt in this fun Match 3 journey. earn as you help save the Wizbury School be cleared. If you like games like Zuma(R) or Download: http://www.gametop.com/ of Magic! Luxor(R) you will enjoy this free full version download-free-games/cradle-of-egypt/ Download: http://www.gametop.com/ game too. download.html download-free-games/chronicles-of- Download: http://www.gametop.com/ albian-2/download.html download-free-games/azteca/download.html

Disclaimer: All software descriptions have been taken from their respective download sites, and PCQuest does not endorse them in any way 4. 8 Ball Pool 5. Lethal Brutal Racing whatsoever. Also, while Pool 8-ball is a billiards simulator. The Lethal Brutal Racing is everything you the PCQuest team spends game can be played either against a would expect from a game with such a computer or human opponents on the name. Build your own monster vehicle a lot of time in carefully same PC. Pool Game rules hints for with weapons to take part in crazy racing identifying, compiling, beginners, help ball or direction help for tracks. There are no rules, you can crash, and thoroughly testing practicing. Free game features 8-ball pool shoot and push your competitors away game; difficulty levels from easy to expert; from the track. Use nitro boosts to get each and every software save and load game feature; game rules extra speed when you need it. Lethal mentioned here, we are not hint; help ball, direction help. Brutal Racing is 3D car action from responsible for any kind Download: http://www.gametop. beginning till the end. 25 challenging com/download-free-games/8-ball-pool/ tracks to complete. of mal-function or damage download.html Download: http://www.gametop.com/ they might cause. download-free-games/lethal-brutal-racing/ download.html

52 PCQuest DECEMBER 2016 pcquest.com twitter.com/pcquest facebook.com/pcquest linkd.in/pcquest [email protected]