#!/bin/sh # securitybox.sh - Turn a generic or Debian SO into a security auditing m achine with one command # Version 1.01 # ekx0day at GMAIL.COM # Yu may have r00t privileges in order to install if [ `id | cut -d= -f3 | cut -d\( -f1` = 0 ] then echo echo " Okay, you are r00t and can run this script" echo sleep 1 # dnswalk #Checks dns zone information using nameserver lookups #dnswalk is a DNS debugger. It performs zone transfers of specified #domains, and checks the database in numerous ways for internal #consistency, as well as accuracy. apt-get -y install dnswalk

# dns-bruteforce # dnsenum # dnsmap # DNSPredict # Finger Google

#finger-ldap #Finger for machines that authenticate against LDAP #finger-ldap displays information about system users, by calling the BSD #finger command. However, it works around a gross inefficiency of #BSD finger's full-name matching algorithm by exploiting the LDAP #Search Filter mechanism, outlined in RFC 2254. #apt-get -y install finger-ldap # Commented out because the install asked too many questions

# Firewalk # Goog Mail Enum # Google-search # Googrape # Gooscan # Host #utility for querying DNS servers #'host' is a utility, similar to 'nslookup' (deprecated) or 'dig', #used to query DNS servers for domain names and zones. # #This package provides the original version of 'host', originally #in the package 'dnsutils'. BIND9 provides a similar utility, in #'bind9-host'. # apt-get -y install bind9-host apt-get -y install host

#Internetwork Routing Protocol Attack Suite #Despite the "exciting" title this is merely a collection of programs #used for advanced network operations, testing, and debugging. # #CDP and the route injectors can be useful in a production network. #Several other tools are useful for security and firewall testing. #Finally some tools such as netenum are useful for general admin #scripting. # #Like all powerful tools, someone whom is terminally stupid could #cause great damage when using these tools, so be careful. # #cdp - Cisco discovery protocol packet sender #igrp - IGRP route injector #ass - Autonomous system scanner #irdp - IRDP sender #irdpresponder - IRDP responder #itrace - ICMP based traceroute #tctrace - TCP SYN based traceroute #protos - ICMP based port scanner #netmask - Asks for netmask via ICMP #file2cable - Dumps any binary file direct to ethernet #dfkaa - Troubleshoot devices formerly known as Ascend (Pipeline, etc) #netenum - Ping scanner designed for shell scripts #hsrp - HSRP failover tester #icmp_redirect - ICMP redirection system #timestamp - ICMP timestamp requester #dhcpx - DHCP server "exerciser" # #I placed this program in "non-free" because per the license: #1) A developer is required to get written permission to use code # from IRPAS in derivative works #2) Users are barred from using this software for illegal purposes apt-get -y install irpas

# Pirana # QGoogle # Relay Scanner # SMTP-Vrfy

# - Network Mapping # Amap 5.2 # Autoscan 0.99_R1

# cdpr #Cisco Discovery Protocol Reporter #cdpr listens on specified network interfaces for Cisco Discovery #Protocol packets. It then decodes those packets and outputs the #information, optionally sending the information to a server for #processing. apt-get -y install cdpr

# Cheops NG #Network swiss army knife #Cheops-ng is a Network management tool for mapping and monitoring #your network. It has host/network discovery functionality as well as #OS detection of hosts making. Cheops-ng has the ability to probe hosts to see #what services they are running. On some services, cheops-ng is actually #able to see what program is running for a service and the version #number of that program. # #Cheops-ng is a replacement for Cheops ('ng' stands for 'Next Generation'). #Main differences with cheops are: # * Cheops is a GUI program whereas cheops-ng has a backend server # that is running all of the time. The GUI for cheops-ng just logs into # the server to use the server's functions, like OS detection and mapping. # * OS detection is done with nmap not with queso (which is out of date) # * Cheops-ng does not have monitoring capabilities yet. # * It is being maintained and supported # #Homepage: http://cheops-ng.sourceforge.net apt-get -y install cheops-ng

# doscan #port scanner for discovering services on large networks #doscan is a tool to discover TCP services on your network. It is #designed for scanning a single ports on a large network. doscan #contacts many hosts in parallel, using standard TCP sockets provided #by the . It is possible to send strings to remote #hosts, and collect the banners they return. # #There are better tools for scanning many ports on a small set of #hosts, for example nmap. apt-get -y install doscan

# Fping #sends ICMP ECHO_REQUEST packets to network hosts #fping is a ping like program which uses the Internet Control Message Protocol #(ICMP) echo request to determine if a target host is responding. fping #differs from ping in that you can specify any number of targets on the command #line, or specify a file containing the lists of targets to ping. Instead of #sending to one target until it times out or replies, fping will send out a #ping packet and move on to the next target in a round-robin fashion. # # Homepage: http://www.fping.com/ apt-get -y install fping # #Active Network Smashing Tool #hping3 is a network tool able to send custom ICMP/UDP/TCP packets and #to display target replies like ping does with ICMP replies. It handles #fragmentation and arbitrary packet body and size, and can be used to #transfer files under supported protocols. Using hping3, you can test #firewall rules, perform (spoofed) port scanning, test network #performance using different protocols, do path MTU discovery, perform #traceroute-like actions under different protocols, fingerprint remote #operating systems, audit TCP/IP stacks, etc. hping3 is scriptable #using the TCL language. #apt-get -y install hping2 apt-get -y install hping3 # IDSWakeup #tool for testing network intrusion detection systems #idswakeup is a Bourne shell script invoking hping2 (required) and iwu #(part of this package) to generate false alarms in order to check if #a network intrusion detection system works all right. # #idswakeup requires no configuration and includes many common attack #simulations. apt-get -y install idswakeup

# Python-Scapy #Packet generator/sniffer and network scanner/discovery #Scapy is a powerful interactive packet manipulation tool, packet #generator, network scanner, network discovery, packet sniffer, etc. It #can for the moment replace hping, 85% of nmap, arpspoof, arp-sk, arping, #tcpdump, tethereal, p0f, .... # #In scapy you define a set of packets, then it sends them, receives #answers, matches requests with answers and returns a list of packet couples #(request, answer) and a list of unmatched packets. This has the big advantage #over tools like nmap or hping that an answer is not reduced to #(open/closed/filtered), but is the whole packet. # # Homepage: http://www.secdev.org/projects/scapy/ apt-get -y install python-scapy # IKE-Scan #discover and fingerprint IKE hosts (IPsec VPN Servers) #ike-scan discovers IKE hosts and can also fingerprint them using the #retransmission backoff pattern. # #ike-scan does two things: # #a) Discovery: Determine which hosts are running IKE. # This is done by displaying those hosts which respond to the IKE requests # sent by ike-scan. # . #b) Fingerprinting: Determine which IKE implementation the hosts are using. # This is done by recording the times of the IKE response packets from the # target hosts and comparing the observed retransmission backoff pattern # against known patterns. # . # The retransmission backoff fingerprinting concept is discussed in more # detail in the UDP backoff fingerprinting paper which should be included # in the ike-scan kit as udp-backoff-fingerprinting-paper.txt. apt-get -y install ike-scan

# IKEProbe # lft #layer-four traceroute #lft sends various TCP SYN and FIN probes (differing from Van Jacobson's #UDP-based method) utilizing the IP protocol "time to live" field and #attempts to elicit an ICMP TIME_EXCEEDED response from each gateway along #the path to some host. #lft also listens for various TCP and ICMP messages along the way to assist #network managers in ascertaining per-protocol heuristic routing information #and can optionally retrieve various information about the networks it #traverses. # #Homepage: http://www.mainnerve.com/lft/index.html apt-get -y install lft # Netdiscover #active/passive address scanner using arp requests #The netdiscover tool is an active/passive address reconnaissance #program, mainly developed to gain informations about wireless #networks without dhcp servers in wardriving scenarios. It can #also be used on switched networks. Built on top of libnet and #libpcap, it can passively detect online hosts or search for #them by sending arp requests. Furthermore, it can be used to #inspect your network's arp traffic and find network addresses #using auto scan mode which will scan for common local networks. apt-get -y install netdiscover

# Nmap #The Network Mapper #Nmap is a utility for network exploration or security auditing. It #supports ping scanning (determine which hosts are up), many port #scanning techniques, version detection (determine service protocols #and application versions listening behind ports), and TCP/IP #fingerprinting (remote host OS or device identification). Nmap also #offers flexible target and port specification, decoy/stealth scanning, #sunRPC scanning, and more. Most Unix and Windows platforms are #supported in both GUI and commandline modes. Several popular handheld #devices are also supported, including the Sharp Zaurus and the iPAQ. apt-get -y install nmap # NmapFE

# ndiff #Compares two nmap scans #NDiff is a tool that can take the output from two nmap scans #and give you the difference between them. # #The difference can be new or removed hosts and services. apt-get -y install ndiff

# NWatch #Network service detector #NWatch is a sniffer but can be conceptualized as a "passive port #scanner", in that it is only interested in IP traffic and it organizes #results as a port scanner would. # #The advantage of this tool is that services that are open for a short #period of time can be detected with NWatch while successive nmap scans #will miss them. The disadvantage is that the service have to be actively #used to be detected. apt-get -y install nwatch

# P0f #Passive OS fingerprinting tool #p0f performs passive OS detection based on SYN packets. Unlike nmap #and queso, p0f does recognition without sending any data. #Additionally, it is able to determine the distance to the remote #host, and can be used to determine the structure of a foreign or #local network. When running on the gateway of a network it is able #to gather huge amounts of data and provide useful statistics. On a #user-end computer it could be used as powerful IDS add-on. p0f #supports full tcpdump-style filtering expressions, and has an #extensible and detailed fingerprinting database. apt-get -y install p0f

# pnscan #Multi threaded port scanner #Pnscan is a multi threaded port scanner that can scan a large network #very quickly. If does not have all the features that nmap have but #is much faster. apt-get -y install pnscan # PSK-Crack # Paketto #Unusual TCP/IP testing tools #The Paketto Keiretsu is a collection of tools that use new and unusual #strategies for manipulating TCP/IP networks. scanrand is said to be #faster than nmap and more useful in some scenarios. # #This package includes: # * scanrand, a very fast port, host, and network trace scanner # * minewt, a user space NAT/MAT (MAC Address Translation) gateway # * linkcat(lc), that provides direct access to the network (Level 2) # * paratrace, a "traceroute"-like tool using existing TCP connections # * phentropy, that plots a large data source onto a 3D matrix apt-get -y install paketto

# SinFP # UnicornScan # UnicornScan pgsql 0.4.6e module version 1.03

# XProbe2 #Remote OS identification #Xprobe2 allows you to determine what operating system is running on a #remote host. It sends several packets to a host and analyses the #returned answers. # #Xprobe2's functionality is comparable to the OS fingerprinting feature #in nmap (written by a different Fyodor): # - Outputs its level of confidence about the OS on the remote host. # - Remains usable even if intermediate systems (routers, firewalls) make # slight modifications to the packets. # - Can list the type of intermediate device (e.g. " IP masquerading"). # - Modular architecture allows new fingerprinting tests and new OS # signatures to be added. # #Project homepage: apt-get -y install xprobe

# PBNJ #a suite of tools to monitor changes on a network #PBNJ is a network suite to monitor changes that occur on a network #over time. It does this by checking for changes on the target #machine(s), which includes the details about the services running on #them as well as the service state. PBNJ parses the data from a scan #and stores it in a database. PBNJ uses Nmap to perform scans. apt-get -y install pbnj # zenmap #The Network Mapper Front End #Zenmap is an Nmap frontend. It is meant to be useful for advanced users #and to make Nmap easy to use by beginners. It was originally derived #from Umit, an Nmap GUI created as part of the Google Summer of Code. apt-get -y install zenmap

# - Vulnerability Identification # Absinthe # Bed # CIRT Fuzzer # Checkpwd # Cisco Auditing Tool # Cisco Enable Bruteforcer # Cisco Global Exploiter # Cisco OCS Mass Scanner # Cisco Scanner # Cisco Torch

# Curl #Get a file from an HTTP, HTTPS or FTP server #curl is a client to get files from servers using any of the supported #protocols. The command is designed to work without user interaction #or any kind of interactivity. # #curl offers a busload of useful tricks like proxy support, user #authentication, ftp upload, HTTP post, file transfer resume and more. apt-get -y install curl

# eLinks #Advanced text-mode WWW browser #ELinks (Enhanced Links) is a lynx-like character mode browser, created #from the Links browser with many patches and enhancements. It includes #support for rendering tables and frames, features background downloads, #can display colors, supports the Lua scripting language, IPV6 and has #many other features. apt-get -y install elinks

# fragroute #Test a NIDS by attempting to evade using fragmented packets #fragroute intercepts, modifies, and rewrites egress traffic destined #for a specified host, implementing most of the attacks described in the #Secure Networks "Insertion, Evasion, and Denial of Service: Eluding #Network Intrusion Detection" paper of January 1998. # #It features a simple ruleset language to delay, duplicate, drop, #fragment, overlap, print, reorder, segment, source-route, or otherwise #monkey with all outbound packets destined for a target host, with #minimal support for randomized or probabilistic behaviour. # #This tool was written in good faith to aid in the testing of network #intrusion detection systems, firewalls, and basic TCP/IP stack #behaviour. Please do not abuse this software. apt-get -y install fragroute

# fragrouter #Test a NIDS by attempting to evade using fragmented packets #Fragrouter is aimed at testing the correctness of a NIDS, according #to the specific TCP/IP attacks listed in the Secure Networks NIDS #evasion paper. ``Insertion, Evasion, and Denial of Service: Eluding #Network Intrusion Detection.'' It does this by routing network #traffic in such a way as to elude most network intrusion detection #systems. apt-get -y install fragrouter

# fuzz #stress-test programs by giving them random input #The fuzz generator is designed to attack certain kinds of software and #expose one particular kind of bug common in software. This is the #situation where the programmer implicitly makes some assumptions about #the data stream that the program will be parsing. If the data stream #is substantially different then the program might not be able to deal #with it. apt-get -y install fuzz

# Fuzzer 1.2 # GFI LanGuard 2.0 # GetSids # HTTP PUT # Halberd # harden-remoteaudit #Audit your remote systems from this host #This package helps you to install a set of tools to check remote systems, #sniff for passwords and more. Observe that this kind of activity can be #illegal so you have to check if you are authorized to do so in the environment #where you install this package. # #You can check exploits, sniff for passwords and similar things. # #Nessus note: You have to have the nessus client installed on some host. The #client is provided by the 'nessus' package. You can install it on the same #host but that is not necessary. # #NOTE! This package includes packages that can damage the system that #you audit. It should ONLY be used to audit hosts, networks or systems #that you are allowed to audit. I repeat: it can damage the hosts that are #checked. You have been warned! apt-get -y install harden-remoteaudit

# Httprint # Httprint GUI # ISR-Form # Jbrofuzz # List-Urls # Merge Router Config # Metacoretex # Metoscan # Mezcal HTTP/S # Mibble MIB Browser # Mistress

# Nessus #Remote network security auditor #The Nessus Security Scanner is a security auditing tool. It makes #possible to test security modules in an attempt to find vulnerable #spots that should be fixed. # #It is made up of two parts: a server, and a client. The server/daemon, #nessusd, is in charge of the attacks, whereas the client, nessus, #provides the user a nice X11/GTK+ interface. # #This package contains the GTK+ client, which exists in other #forms and on other platforms, too. apt-get -y install nessus apt-get -y install nessusclient apt-get -y install nessusd apt-get -y install nessus-plugins apt-get -y install nessus-dev

# Nikto # OAT # Onesixtyone # OpenSSL-Scanner # Paros Proxy # Peach

# Router Audit Tool #Tool for auditing Cisco router configuration #The Router Audit Tool (rat) audits router configurations. #It will log into the routers specified using provided login #information, download the configuration and audit against a #set of provided rules. # #This package also provides the NSA's Cisco Router Configuration #Guide. apt-get -y install router-audit-tool

# RPCDump # RevHosts # SMB Bruteforcer

# SMB Client #a LanManager-like simple client for Unix #The Samba software suite is a collection of programs that #implements the SMB/CIFS protocol for unix systems, allowing you to serve #files and printers to Windows, NT, OS/2 and DOS clients. This protocol #is sometimes also referred to as the LanManager or NetBIOS protocol. # #This package contains some client components of the Samba suite. In #particular it includes the command line utilities smbclient, smbtar, #and smbspool. If you want to mount shares exported from Microsoft #Windows machines or a Samba server you must install the smbfs package. apt-get -y install smb-client

# SMB Serverscan

# SMB-NAT #Netbios Auditing Tool #This tool can perform various security checks on remote #servers running NetBIOS file sharing services. It #is capable of enumerating shares and make break-in attempts #using a (user-provided) list of users and passwords. apt-get -y install smb-nat

# SMBdumpusers # SMBgetserverinfo # SNMP Scanner # SNMP Walk

# scli #a collection of SNMP command line management tools #The scli package was written in order to have small and efficient command #line utility to monitor and configure network devices and host systems. The #scli package is based on the SNMP management protocol and it utilizes a #MIB compiler called smidump to generate C stub code. In fact, virtually no #SNMP knowledge is required in order to extend the scli programs with new #features. # #In other words, the slogan for this little package is: # # "After more than 10 years of SNMP, I felt it is time for really useful # command line SNMP monitoring and configuration tools. ;-)" # #(description taken from upstream sources) # #scli replaces the stools package apt-get -y install scli

# Spike Proxy #Web application security testing proxy #SPIKE proXy is part of the SPIKE Application Testing Suite, #It functions as an HTTP and HTTPS proxy, and allows the web developer #or web application auditor low level access to the entire web application #interface, while also providing a bevy of automated tools and techniques #for discovering common problems. These automated tools include: # # - Automated SQL Injection Detection # - Web Site Crawling (guaranteed not to crawl sites other than # the one being tested) # - Login form brute forcing # - Automated overflow detection # - Automated directory traversal detection # #In addition to automated analysis, SPIKE proXy allows the user to #analyse the internals of the web application by viewing and changing #all variables, cookies, headers, or other parts of the request and #resubmit them. Also, a single installation can be shared by multiple users. apt-get -y install spikeproxy

# SQL Inject # SQL Scanner # SQLLibf # SQLbrute # Sidguess # xsmbrowser #X11 tool for navigating SMB Networks #xSMBrowser is a tool for navigating SMB Networks (Samba, SMB, CIFS). #It retains the features of the program it was based upon (Microsoft's #Network Neighborhood), but adds convenient features for Unix users. #These include mounting, ability to change networks on-the-fly, and #conveniences such as a Stop Button. apt-get -y install xsmbrowser # Snmpcheck # Snmp Enum # Spike # Stompy # SuperScan # TNScmd # Taof # VNC_bypauth

# Wapiti #Web application vulnerability scanner #Wapiti allows you to audit the security of your web applications. #It performs "black-box" scans, i.e. it does not study the source code of the #application but will scans the webpages of the deployed webapp, looking for #scripts and forms where it can inject data. #Once it gets this list, Wapiti acts like a fuzzer, injecting payloads to see #if a script is vulnerable. #Wapiti can detect the following vulnerabilities: # - File Handling Errors (Local and remote include/require, fopen, ...) # - Database Injection (PHP/JSP/ASP SQL Injections and XPath Injections) # - XSS (Cross Site Scripting) Injection # - LDAP Injection # - Command Execution detection (eval(), system(), passtru()...) # - CRLF Injection (HTTP Response Splitting, session fixation...) # # Homepage: http://wapiti.sourceforge.net/ #apt-get -y install wapiti

# Yersinia #Network vulnerabilities check software #Yersinia is a framework for performing layer 2 attacks. It is designed #to take advantage of some weakeness in different network protocols. It #pretends to be a solid framework for analyzing and testing the deployed #networks and systems. # #Attacks for the following network protocols are implemented in this #particular release: # - Spanning Tree Protocol (STP). # - Cisco Discovery Protocol (CDP). # - Dynamic Trunking Protocol (DTP). # - Dynamic Host Configuration Protocol (DHCP). # - Hot Standby Router Protocol (HSRP). # - 802.1q. # - 802.1x. # - Inter-Switch Link Protocol (ISL). # - VLAN Trunking Protocol (VTP). # # Homepage: http://www.yersinia.net/ #apt-get -y install yersina

# zzuf #transparent application input fuzzer #Zzuf is a transparent fuzzer. It works by intercepting applications' file #and network operations and changing random bits in their input. Its behaviour #is deterministic, making it easy to reproduce bugs. # #Zzuf has support for variable fuzzing ratio, character filtering, fuzzing #decision based on filenames and optional network fuzzing. It can also stop #processes that run for too long or that output too much data. apt-get -y install zzuf

# sqlanlz # sqldict # sqldumplogins # sqlquery # sqlupload

# - Penetration # Framework3-MsfC # Framework3-MsfUpdate # Framework3-Msfcli # Framework3-Msfweb # Init Pgsql (autopwn) # Milw0rm Archive # MsfCli # MsfConsole # MsfUpdate # OpenSSL-To-Open # Update Milw0rm

# - Privilege Escalation # Ascend attacker

# BitTwist #libpcap-based Ethernet packet generator #Bit-Twist is designed to complement tcpdump, which by itself has done a great #job in capturing network traffic. Bit-Twist can regenerate the captured #traffic onto a live network (the packets are generated from tcpdump trace #file, generating a .pcap file). # #Bit-Twist also comes with a comprehensive trace file editor to allow to change #the contents of a trace file. # #Generally, a packet generator is useful in simulating networking traffic or #scenario, testing firewall, IDS, and IPS, and troubleshooting various network #problems. # #The Bit-Twist features are: # # * send multiple trace files at a time; # * send packets at a specific speed or line rate in Mbps; # * comprehensive trace file editor with control over most fields in # Ethernet, ARP, IP, ICMP, TCP, and UDP headers with automatic header # checksum correction; # * append user payload to existing packets after a specific header; # * select a specific range of packets and save them in another trace file; # * if you are teaching Computer Networks classes, you may find Bit-Twist # useful as a practical teaching material. It gives your students a # hands-on experience to learn various networking protocols etc. apt-get -y install bittwist

# CDP Spoofer # Cisco Enable Bruteforcer # Crunch Dictgen # DHCPX Flooder # DNSspoof

# Driftnet #Picks out and displays images from network traffic #Inspired by EtherPEG, Driftnet is a program which listens to network #traffic and picks out images from TCP streams it observes. It is #interesting to run it on a host which sees a lot of web traffic. # #(Obviously, this is an invasion of privacy of a fairly blatant sort. #Also, if you are possessed of Victorian sensibilities, and share an #unswitched network with others who are not, you should probably not #use it.) # # Homepage: http://www.ex-parrot.com/~chris/driftnet/ apt-get -y install driftnet

# Dsniff #Various tools to sniff network traffic for cleartext insecurities #This package contains several tools to listen to and create network traffic: # # * arpspoof - Send out unrequested (and possibly forged) arp replies. # * dnsspoof - forge replies to arbitrary DNS address / pointer queries # on the Local Area Network. # * dsniff - password sniffer for several protocols. # * filesnarf - saves selected files sniffed from NFS traffic. # * macof - flood the local network with random MAC addresses. # * mailsnarf - sniffs mail on the LAN and stores it in mbox format. # * msgsnarf - record selected messages from different Instant Messengers. # * sshmitm - SSH monkey-in-the-middle. proxies and sniffs SSH traffic. # * sshow - SSH traffic analyser. # * tcpkill - kills specified in-progress TCP connections. # * tcpnice - slow down specified TCP connections via "active" # traffic shaping. # * urlsnarf - output selected URLs sniffed from HTTP traffic in CLF. # * webmitm - HTTP / HTTPS monkey-in-the-middle. transparently proxies. # * webspy - sends URLs sniffed from a client to your local browser # (requires libx11-6 installed). # #Please do not abuse this software. apt-get -y install dsniff

# Etherape #graphical network monitor modeled after etherman #EtherApe is an etherman clone. It displays network activity #graphically. Active hosts are shown as circles of varying size, #and traffic among them is shown as lines of varying width. It's #Gnome and libpcap based. apt-get -y install etherape

# EtterCap #Multipurpose sniffer/interceptor/logger for switched LAN #Ettercap supports active and passive dissection of many protocols #(even ciphered ones) and includes many feature for network and host #analysis. # #Data injection in an established connection and filtering (substitute #or drop a packet) on the fly is also possible, keeping the connection #synchronized. # #Many sniffing modes were implemented to give you a powerful and complete #sniffing suite. It's possible to sniff in four modes: IP Based, MAC Based, #ARP Based (full-duplex) and PublicARP Based (half-duplex). # #It has the ability to check whether you are in a switched LAN or #not, and to use OS fingerprints (active or passive) to let you know the #geometry of the LAN. apt-get -y install ettercap

# HSRP Spoofer # Hash Collision # Httpcapture # Hydra # Hydra GTK # ICMP Redirect

# ICMPush #ICMP packet builder #icmpush is a tool that builds ICMP packets fully customized #from command line. # #It supports the following ICMP error types: Redirect, Source #Quench, Time Exceeded, Destination Unreach and Parameter #Problem. # #And the following ICMP information types: Address Mask Request, #Timestamp, Information Request, Echo Request, Router Solicitation #and Router Advertisement. apt-get -y install icmpush # IGRP Spoofer # IRDP Responder # IRDP Spoofer

# John the Ripper #active password cracking tool #john, mostly known as John the Ripper, is a tool designed to help systems #administrators to find weak (easy to guess or crack through brute force) #passwords, and even automatically mail users warning them about it, if it #is desired. # #It can also be used with different cyphertext formats, including Unix's #DES and MD5, Kerberos AFS passwords, Windows' LM hashes, BSDI's extended DES, #and OpenBSD's Blowfish. # #Homepage: http://www.openwall.com/john/ apt-get -y install john

# Lodowep

# Medusa #fast, parallel, modular, login brute-forcer for network services #Medusa is intended to be a speedy, massively parallel, modular, login #brute-forcer. The goal is to support as many services which allow remote #authentication as possible. The author considers following items as some of #the key features of this application: # * Thread-based parallel testing. Brute-force testing can be # performed against multiple hosts, users or passwords # concurrently. # * Flexible user input. Target information (host/user/password) can # be specified in a variety of ways. For example, each item can be # either a single entry or a file containing multiple entries. # Additionally, a combination file format allows the user to # refine their target listing. # * Modular design. Each service module exists as an # independent .mod file. This means that no modifications are # necessary to the core application in order to extend the # supported list of services for brute-forcing. apt-get -y install medusa

# nast #packet sniffer and lan analyzer #Can sniff in normal mode or in promiscuous mode the packets on a network #interface and log it. It dumps the headers of packets and the payload in # or ascii-hex format. You can apply a filter. The sniffed data can #be saved in a separated file. # #As analyzer tool, it has many features like: # * Build LAN hosts list # * Follow a TCP-DATA stream # * Find LAN internet gateways # * Discover promiscuous nodes # * Reset an established connection # * Perform a single half-open portscanner # * Perform a multi half-open portscanner # * Find link type (hub or switch) # * Catch daemon banner of LAN nodes # * Control arp answers to discover possible arp-spoofings # * Byte counting with an optional filter # * Write reports logging # #It also provides a ncurses menu. apt-get -y install nast # Nemesis #TCP/IP Packet Injection Suite #The Nemesis Project is designed to be a commandline-based, portable #human IP stack for UNIX/Linux. The suite is broken down by protocol #and should allow for useful scripting of injected packet streams from #simple shell scripts. # #Key features: # * support for ARP, DNS, ICMP, IGMP, OSPF, RIP, TCP, UDP protocols # * layer 2 or layer 3 injection # * packet payload from file # #Homepage: http://www.packetfactory.net/Projects/nemesis/ apt-get -y install nemesis

# NetSed #The network packet altering stream editor #NetSED is small and handful utility designed to alter the contents of #packets forwarded thru your network in real time. It is really useful #for network hackers in following applications: # # * black-box protocol auditing - whenever there are two or more # proprietary boxes communicating over undocumented protocol (by # enforcing changes in ongoing transmissions, you will be able to # test if tested application is secure), # # * fuzz-alike experiments, integrity tests - whenever you want to test # stability of the application and see how it ensures data integrity, # # * other common applications - fooling other people, content filtering, # etc etc - choose whatever you want to. # #It perfectly fits ngrep, and tcpdump tools suite. apt-get -y install netsed

# Ntop #display network usage in top-like format #ntop is a Network Top program. It displays a summary of network usage by #machines on your network in a format reminiscent of the unix top utility. # #It can also be run in web mode, which allows the display to be browsed with #a web browser. apt-get -y install ntop

# Packit #Network Injection and Capture #Packit is a network auditing tool. Its value is derived from its ability #to customize, inject, monitor, and manipulate IP traffic. By allowing you #to define (spoof) nearly all TCP, UDP, ICMP, IP, ARP, RARP, and Ethernet #header options, Packit can be useful in testing firewalls, intrusion #detection systems, port scanning, simulating network traffic, and general #TCP/IP auditing. Packit is also an excellent tool for learning TCP/IP. apt-get -y install packit

# PHoss

# PackETH #ethernet packet generator #packeth is a GUI packet generator tool for ethernet. #It allows you to create and send any possible packet #or sequence of packets on the ethernet. # #You can create and send any ethernet packet. The #supported protocols are: ethernet II, ethernet #802.3, 802.1q, QinQ, ARP, IPv4, UDP, TCP, ICMP, #IGMP, RTP. apt-get -y install packeth

# Rcrack

# sendip #A commandline tool to allow sending arbitrary IP packets #SendIP has a large number of command line options to specify the #content of every header of a RIP, TCP, UDP, ICMP or raw IPv4 and IPv6 #packet. It also allows any data to be added to the packet. Checksums #can be calculated automatically, but if you wish to send out wrong #checksums, that is supported too. apt-get -y install sendip

# SIPdump # SMB Sniffer

# Sing #A fully programmable ping replacement #Sing is a little tool that sends ICMP packets fully customized from command #line. The main purpose is to replace/complement the nice ping command #with certain enhancements as: # - Send fragmented packets (Linux and BSD). # - Send monster packets > 65534 (Linux and BSD). # - Send/read spoofed packets.(Libpcap included in distribution). # - Send many ICMP Information types in addition to the ECHO REQUEST type # sent by default as Address Mask Request, Timestamp, Information Request, # - Router Solicitation and Router Advertisement. # - Send many ICMP error types: Redirect, Source Quench, Time Exceeded, # Destination Unreach and Parameter Problem. # - Send to host with Loose or Strict Source Routing. # - Use little fingerprinting techniques to discover Windows or Solaris # boxes. # - Send ICMP packets emulating certain OS: Cisco, Solaris, Linux, Shiva, # Unix and Windows at the moment. apt-get -y install sing # Note: sing asks whether to be suid - this response should be scripted # sucrack #multithreaded su bruteforcer #sucrack is a multithreaded Linux/UNIX tool for cracking local user #accounts via wordlist bruteforcing su apt-get -y install sucrack

# tcpxtract #extracts files from network traffic based on file signatures #tcpxtract is a fast console tool to extract files from network traffic #based on file headers and footers (so called carving). #26 file formats are supported out of the box by tcpxtract but new formats #can be added without problems. #Foremost configurations are simple to convert to tcpxtracts configuration #files. # #It uses libpcap and it can be used with tcpdump files. apt-get -y install tcpxtract

# TFTP-Brute # THC PPTP

# TcPick #TCP stream sniffer and connection tracker #This libpcap-based textmode sniffer can: # * track, reassemble and reorder TCP streams # * save the captured flows in different files or display them in the terminal # * display all the stream on the terminal with different display modes like # hexdump, hexdump + ascii, only printable characters, raw mode, colorized # mode ... # * handle several network interface types, including ethernet cards and PPP # interfaces apt-get -y install tcpick

# VNCrack # WebCrack

# #network traffic analyzer #Wireshark is a network traffic analyzer, or "sniffer", for Unix and #Unix-like operating systems. A sniffer is a tool used to capture #packets off the wire. Wireshark decodes numerous protocols (too many #to list). # #This package provides wireshark (the GTK+ version) apt-get -y install wireshark

# Wireshark Wifi # WyD # XSpy

# chntpw #NT SAM password recovery utility #This little program provides a way to view information and #change user passwords in a Windows NT/2000 userdatabase file. #Old passwords need not be known since they are overwritten. #In addition it also contains a simple registry editor #(same size data writes) and an hex-editor which enables you to #fiddle around with bits and bytes in the file as you wish. # #If you want GNU/Linux bootdisks for offline password recovery #you can add this utility to custom image disks or use those provided #at the tools homepage. # # Homepage: http://home.eunet.no/~pnordahl/ntpasswd/ apt-get -y install chntpw

# bkhive #Dump the syskey bootkey from a Windows NT/2K/XP system hive #This tool is designed to recover the syskey bootkey from a Windows NT/2K/XP #system hive. Then we can decrypt the SAM file with the syskey and dump #password hashes. # #Syskey is a Windows feature that adds an additional encryption layer to the #password hashes stored in the SAM database. apt-get -y install bkhive

# samdump2 #Dump Windows 2k/NT/XP password hashes #This tool is designed to dump Windows 2k/NT/XP password hashes from a SAM #file. It requires the syskey key which can be found with tools like bkhive. # #Syskey is a Windows feature that adds an additional encryption layer to the #password hashes stored in the SAM database. apt-get -y install samdump2

# - Maintaining Access # 3proxy # Backdoors # Matahari

# CryptCat #TCP/IP swiss army knife extended with twofish encryption #Cryptcat is a simple Unix utility which reads and writes data across #network connections, using TCP or UDP protocol while encrypting the #data being transmitted. #It is designed to be a reliable "back-end" tool that can be used directly #or easily driven by other programs and scripts. At the same time, it is a #feature-rich network debugging and exploration tool, since it can create #almost any kind of connection you would need and has several interesting #built-in capabilities. apt-get -y install cryptcat

# httptunnel #Tunnels a data stream in HTTP requests. #Creates a bidirectional virtual data stream tunnelled in #HTTP requests. The requests can be sent via a HTTP proxy #if so desired. apt-get -y install httptunnel

# ICMPTX

# Iodine #tool for tunneling IPv4 data through a DNS server #This is a piece of software that lets you tunnel IPv4 data through a DNS #server. This can be usable in different situations where internet access is #firewalled, but DNS queries are allowed. # #iodine is similar to nstx but has password authentication, brings up the #tun interface automatically and lets the user specify the IP address as a #command line option. apt-get -y install iodine

# NSTX #Tunnel IP over DNS #nstx allows you to pass IP packets via DNS queries. This allows you to use #standard network protocols when otherwise only DNS would be available. apt-get -y install nstx

# Privoxy #Privacy enhancing HTTP Proxy #Privoxy is a web proxy with advanced filtering capabilities for #protecting privacy, filtering web page content, managing cookies, #controlling access, and removing ads, banners, pop-ups and other #obnoxious Internet junk. Privoxy has a very flexible configuration #and can be customized to suit individual needs and tastes. Privoxy #has application for both stand-alone systems and multi-user networks. # #Privoxy is based on Internet Junkbuster (tm). apt-get -y install privoxy

# tor #anonymizing overlay network for TCP #Tor is a connection-based low-latency anonymous communication system which #addresses many flaws in the original onion routing design. # #In brief, Onion Routing is a connection-oriented anonymizing communication #service. Users choose a source-routed path through a set of nodes, and #negotiate a "virtual circuit" through the network, in which each node #knows its predecessor and successor, but no others. Traffic flowing down #the circuit is unwrapped by a symmetric key at each node, which reveals #the downstream node. # #Basically Tor provides a distributed network of servers ("onion #routers"). Users bounce their tcp streams (web traffic, ftp, ssh, etc) #around the routers, and recipients, observers, and even the routers #themselves have difficulty tracking the source of the stream. # #Note that Tor does no protocol cleaning. That means there is a danger that #application protocols and associated programs can be induced to reveal #information about the initiator. Tor depends on Privoxy and similar protocol #cleaners to solve this problem. # #Client applications can use the Tor network by connecting to the local #onion proxy. If the application itself does not come with socks support #you can use a socks client such as tsocks. Some web browsers like mozilla #and web proxies like privoxy come with socks support, so you don't need an #extra socks client if you want to use Tor with them. # #This package enables only the onion proxy by default, but it can be configured #as a relay (server) node. # #Remember that this is development code -- don't rely on the current Tor #network if you really need strong anonymity. # #The latest information can be found at http://tor.eff.org/, or on the #mailing lists, archived at http://archives.seul.org/or/talk/ or #http://archives.seul.org/or/announce/. apt-get -y install tor

# ProxyTunnel

# Rinetd #Internet TCP redirection server #rinetd redirects TCP connections from one IP address and port to another, #with basic IP-based access control. # #rinetd is a single-process server which handles any number of connections #to the address/port pairs specified in the file /etc/rinetd.conf. Since #rinetd runs as a single process using nonblocking I/O, it is able to #redirect a large number of connections without a severe impact on the #machine. This makes it practical to run services on machines inside an IP #masquerading firewall. apt-get -y install rinetd

# TinyProxy #A lightweight, non-caching, optionally anonymizing http proxy #An anonymizing http proxy which is very light on system resources, #ideal for smaller networks and similar situations where other proxies #(such as Squid) may be overkill and/or a security risk. Tinyproxy can #also be configured to anonymize http requests (allowing for exceptions #on a per-header basis). apt-get -y install tinyproxy

# sbd

# socat #multipurpose relay for bidirectional data transfer #Socat (for SOcket CAT) establishes two bidirectional byte streams #and transfers data between them. Data channels may be files, pipes, #devices (terminal or modem, etc.), or sockets (Unix, IPv4, IPv6, raw, #UDP, TCP, SSL). It provides forking, logging and tracing, different #modes for interprocess communication and many more options. # #It can be used, for example, as a TCP relay (one-shot or daemon), #as an external socksifier, as a shell interface to Unix sockets, #as an IPv6 relay, as a netcat and rinetd replacement, to redirect #TCP-oriented programs to a serial line, or to establish a relatively #secure environment (su and chroot) for running client or server shell #scripts inside network connections. apt-get -y install socat

# - Covering Tracks # Housekeeping

# - Radio Network Analysis # - 802.11 # AFrag # ASLeap

# Air Crack NG #wireless WEP/WPA cracking utilities #aircrack-ng is an 802.11a/b/g WEP/WPA cracking program that can recover a #40-bit, 104-bit, 256-bit or 512-bit WEP key once enough encrypted packets have #been gathered. Also it can attack WPA1/2 networks with some advanced #methods or simply by brute force. # #It implements the standard FMS attack along with some optimizations, #thus making the attack much faster compared to other WEP cracking tools. #It can also fully use a multiprocessor system to its full power in order #to speed up the cracking process. # #aircrack-ng is a fork of aircrack, as that project has been stopped by #the upstream maintainer. apt-get -y install aircrack-ng # Air Decap # Air Replay # Airmon Script # Airpwn # AirSnarf # Airbase # Airodump # Airoscript # Airsnort # CowPatty # FakeAP # GenKeys # Genpmk # Hotspotter # Karma

# Kismet #Wireless 802.11b monitoring tool #Kismet is a 802.11b wireless network sniffer. It is capable of sniffing #using almost any supported wireless card using the Airo, HostAP, Wlan-NG, #and Orinoco (with a kernel patch) drivers. # #Can make use of sox and festival to play audio alarms for network events #and speak out network summary on discovery. Optionally works with gpsd #to map scanning. apt-get -y install kismet

# MDK2

# MacChanger #utility for manipulating the MAC address of network interfaces #Features: # # * set specific MAC address of a network interface # * set the MAC randomly # * set a MAC of another vendor # * set another MAC of the same vendor # * set a MAC of the same kind (eg: wireless card) # * display a vendor MAC list (today, 6200 items) to choose from # #Homepage: http://www.alobbs.com/macchanger apt-get -y install macchanger

# MacChanger-GTK #a GTK+ interface for GNU/MACchanger #MACchanger is an utility for manipulating the MAC #address of network interfaces. This program was #made using Glade and Perl. # #Homepage: http://www.mogaal.com/macchanger-gtk apt-get -y install macchanger-gtk

# Unload Drivers # Wep_crack # Wep_decrypt

# WEPLab #tool designed to break WEP keys #WepLab is a tool designed to teach how WEP works, what different #vulnerabilities it has, and how they can be used in practice to #break a WEP protected wireless network. # #WepLab can dump network traffic, analyse it or crack the WEP key. apt-get -y install weplab

# WifiTap # Wicrawl

# Wlassistant #User friendly KDE frontend for wireless network connection #Wireless Assistant scans for wireless access points and displays link quality, #encryption and other useful information. When user wants to connect to a #network, Wireless Assistant opens up its wizards and guides the user through #Wi-Fi settings. After a successful connection is made the settings are #remembered so next time the user won't have to enter them again. # # Homepage: http://wlassistant.sourceforge.net/ #apt-get -y install wlassistant #Commented out because homey don't play KDE

# - Bluetooth # Bluebugger # Blueprint # Bluesnarfer

# Btscanner #ncurses-based scanner for Bluetooth devices #btscanner is a tool designed specifically to extract as much information #as possible from a Bluetooth device without the requirement to pair. A #detailed information screen extracts HCI and SDP information, and #maintains an open connection to monitor the RSSI and link quality. #btscanner is based on the BlueZ Bluetooth stack, which is included with #recent Linux kernels, and the BlueZ toolset. btscanner also contains a #complete listing of the IEEE OUI numbers and class lookup tables. Using #the information gathered from these sources it is possible to make #educated guesses as to the host device type. apt-get -y install btscanner

# Carwhisperer # CuteCom # Ghettotooth # HCIDump

# Ussp-Push #Client for OBEX PUSH #This program allows you to send objects using the OBEX PUSH protocol. # #The OBEX PUSH protocol is used to transfer files to a mobile device, #generally via Bluetooth or IrDA. THe protocol does not allow any other #action than sending and generally requires less strict authentication, #which is why it is sometimes preferred to the OBEX FTP protocol (which #allows full filesystem access and is provided by the obexftp package). apt-get -y install ussp-push

# - VOIP & Telephony Analysis # PcapSipDump # PcapToSip_RTP

# SIPSak #SIP Swiss army knife #sipsak is a small command line tool for developers and administrators of #Session Initiation Protocol (SIP) applications. #It can be used for some simple tests on SIP applications and devices. apt-get -y install sipsak

# SIPcrack # SIPdump # SIPp # Smap # - Digital Forensics # Allin1

# Autopsy #graphical interface to SleuthKit #The Autopsy Forensic Browser is a graphical interface to the command line #digital forensic analysis tools in The Sleuth Kit. Together, The Sleuth Kit #and Autopsy provide many of the same features as commercial digital forensics #tools for the analysis of Windows and UNIX file systems (NTFS, FAT, FFS, #EXT2FS, and EXT3FS). apt-get -y install autopsy

# chkrootkit #Checks for signs of rootkits on the local system #chkrootkit identifies whether the target computer is infected with a rootkit. #Some of the rootkits that chkrootkit identifies are: # 1. lrk3, lrk4, lrk5, lrk6 (and some variants); # 2. Solaris rootkit; # 3. FreeBSD rootkit; # 4. t0rn (including latest variant); # 5. Ambient's Rootkit for Linux (ARK); # 6. Ramen Worm; # 7. rh[67]-shaper; # 8. RSHA; # 9. Romanian rootkit; # 10. RK17; # 11. Lion Worm; # 12. Adore Worm. #Please note that this is not a definitive test, it does not ensure that the #target has not been cracked. In addition to running chkrootkit, one should #perform more specific tests. apt-get -y install chkrootkit

# DCFLDD #enhanced version of dd for forensics and security #Based on the dd program with the following additional features: # # - Hashing on-the-fly, dcfldd can hash the input data as it is being # transferred, helping to ensure data integrity. # - Status output, dcfldd can update the user of its progress in terms of the # amount of data transferred and how much longer operation will take. # - Flexible disk wipes, dcfldd can be used to wipe disks quickly and with a # known pattern if desired. # - Image/wipe Verify, dcfldd can verify that a target drive is a bit-for-bit # match of the specified input file or pattern. # - Multiple outputs, dcfldd can output to multiple files or disks at the same # time. # - Split output, dcfldd can split output to multiple files with more # configurability than the split command. # - Piped output and logs, dcfldd can send all its log data and output to # commands as well as files natively. # #Homepage: http://dcfldd.sourceforge.net/ apt-get -y install dcfldd # DD_Rescue #copies data from one file or block device to another #dd_rescue is a tool to help you to save data from crashed partition. #It tries to read and if it fails, it will go on with the next sectors #where tools like dd will fail. If the copying process is interrupted #by the user it is possible to continue at any position later. #It can copy backwards. apt-get -y install ddrescue

# Foremost #Forensics application to recover data #This is a console program to recover files based on their headers and #footers for forensics purposes. # #Foremost can work on disk image files, such as those generated by dd, #Safeback, Encase, etc, or directly on a drive. The headers and footers #are specified by a configuration file, so you can pick and choose which #headers you want to look for. apt-get -y install foremost

# Magicrescue #recovers files by looking for magic bytes #Magic Rescue scans a block device for file types it knows how to recover #and calls an external program to extract them. It looks at "magic bytes" #in file contents, so it can be used both as an undelete utility and for #recovering a corrupted drive or partition. As long as the file data is #there, it will find it. apt-get -y install magicrescue

# Mboxgrep #Grep through mailboxes #mboxgrep is a small utility that scans either standard Unix #mailboxes, Gnus nnml or nnmh mailboxes, MH mailboxes or Maildirs, #and displays messages matching a basic, extended, or #Perl-compatible regular expression. apt-get -y install mboxgrep

# Memfetch # Memfetch Find # Pasco

# Rootkithunter #rootkit, backdoor, sniffer and exploit scanner #Rootkit Hunter scans systems for known and unknown rootkits, #backdoors, sniffers and exploits. # #It checks for: # - MD5 hash changes; # - files commonly created by rootkits; # - executables with anomalous file permissions; # - suspicious strings in kernel modules; # - hidden files in system directories; #and can optionally scan within files. # #Using rkhunter alone does not guarantee that a system is not #compromised. Running additional tests, such as chkrootkit, is #recommended. apt-get -y install rkhunter

# Sleuthkit #Tools for forensics analysis #The Sleuth Kit (previously known as TASK) is a collection of UNIX-based #command line file system and media management forensic analysis tools. #The file system tools allow you to examine file systems of a suspect #computer in a non-intrusive fashion. Because the tools do not rely on #the operating system to process the file systems, deleted and hidden #content is shown. # #The media management tools allow you to examine the layout of disks and #other media. The Sleuth Kit supports DOS partitions, BSD partitions #(disk labels), Mac partitions, and Sun slices (Volume Table of #Contents). With these tools, you can identify where partitions are #located and extract them so that they can be analyzed with file system #analysis tools. # #When performing a complete analysis of a system, we all know that #command line tools can become tedious. The Autopsy Forensic Browser is #a graphical interface to the tools in The Sleuth Kit, which allows you #to more easily conduct an investigation. Autopsy provides case #management, image integrity, keyword searching, and other automated #operations. # #The Sleuth Kit's upstream homepage can be found at #http://www.sleuthkit.org/sleuthkit/. apt-get -y install sleuthkit

# unhide #Forensic tool to find hidden processes and ports #Unhide is a forensic tool to find processes and TCP/UDP ports hidden by #rootkits, Linux kernel modules or by other techniques. It includes two #utilities: unhide and unhide-tcp. # #unhide detects hidden processes using three techniques: # - comparing the output of /proc and /bin/ps # - comparing the information gathered from /bin/ps with the one gathered # from system calls (syscall scanning) # - full scan of the process ID space (PIDs bruteforcing) # #unhide-tcp identifies TCP/UDP ports that are listening but are not listed in #/bin/netstat through brute forcing of all TCP/UDP ports available. # #This package can be used by rkhunter in its daily scans. apt-get -y install unhide

# Vinetto #A forensics tool to examine Thumbs.db files #A tool intended for forensics examinations. It is a console program to extract #thumbnail images and their metadata from those thumbs.db files generated under #Windows. Used in forensic environments. apt-get -y install vinetto # - Reverse Engineering

# GDB GNU Debugger #The GNU Debugger #GDB is a source-level debugger, capable of breaking programs at #any specific line, displaying variable values, and determining #where errors occurred. Currently, it works for C, C++, Fortran, #Modula 2 and Java programs. A must-have for any serious #programmer. apt-get -y install gdb

# GDB Console GUI # GDB Server

# GNU DDD #The Data Display Debugger, a graphical debugger frontend #The Data Display Debugger (DDD) is a popular graphical user interface to #UNIX debuggers such as GDB, DBX, XDB, JDB and others. Besides ``usual'' #front-end features such as viewing source texts and breakpoints, DDD #provides an interactive graphical data display, where data structures are #displayed as graphs. Using DDD, you can reason about your application by #watching its data, not just by viewing it execute lines of source code. # #Other DDD features include: debugging of programs written in Ada, Bash, C, #C++, Chill, Fortran, Java, Modula, Pascal, Perl and Python; machine-level #debugging; hypertext source navigation and lookup; breakpoint, backtrace, #and history editors; preferences and settings editors; program execution #in terminal emulator window; debugging on remote host; on-line manual; #interactive help on the Motif user interface; GDB/DBX/XDB command-line #interface with full editing, history, and completion capabilities. # #This version is linked against Lesstif, an LGPL-ed implementation of Motif. apt-get -y install ddd

# Hexcat #HEX dumping utility #The output consists of 6 columns. The first column contains #the address of the row (in bytes). Columns 2 to 5 contain #the characters in the row represented as hexadecimal bytes. #The last column contains the bytes as printable characters. #If a character is not printable it is replaced by a dot. apt-get -y install hexcat

# Hexedit #view and edit files in hexadecimal or in ASCII #hexedit shows a file both in ASCII and in hexadecimal. #The file can be a device as the file is not whole read. #You can modify the file and search through it. #You have also copy&paste and save to file functions. #Truncating or appending to the file. #Modifications are shown in bold. # # Homepage: http://www.chez.com/prigaux/hexedit.html apt-get -y install hexedit # OllyDBG

# - Services

# SNORT #Flexible Network Intrusion Detection System #Snort is a libpcap-based packet sniffer/logger which can be used as a #lightweight network intrusion detection system. It features rules #based logging and can perform content searching/matching in addition #to being used to detect a variety of other attacks and probes, such #as buffer overflows, stealth port scans, CGI attacks, SMB probes, and #much more. Snort has a real-time alerting capability, with alerts being #sent to syslog, a separate "alert" file, or even to a Windows computer #via Samba. # #This package provides the plain-vanilla snort distribution and does not #provide database (available in snort-pgsql and snort-mysql) support. apt-get -y install snort # Note: snort wants to know an IP address range - this response should be script ed

# - Source Code Analysis # flawfinder #examines source code and looks for security weaknesses #Flawfinder searches through C/C++ source code looking for potential #security flaws and produces a report describing the potential flaws #found in source code, ranking them by likely severity. # #Like RATS, Flawfinder reports are not a direct indication of a #vulnerability, but provide a reasonable starting point for performing manual #security audits in source code. # #Flawfinder can also generate differential reports by pointing it to #a patch (diff) file describing the code changes. This way it can be used #to determine if the potential flaws found in code have increased or #decreased after a commit to a source code management system like #CVS or Subversion. # # Homepage: http://www.dwheeler.com/flawfinder/ apt-get -y install flawfinder

# rats #Rough Auditing Tool for Security #RATS is a security auditing utility for C, C++, PHP, Perl, and Python #code. RATS scans source code, finding potentially dangerous function calls. #The goal of rats is not to definitively find bugs (yet), but to provide a #reasonable starting point for performing manual security audits. # #The initial vulnerability database is taken directly from things that #could be easily found when starting with the book, "Building Secure #Software" by Viega and McGraw. # #The homepage for rats is: # http://www.fortifysoftware.com/security-resources/rats.jsp apt-get -y install rats

# - Data File Analysis # frackzip #password cracker for zip archives #fcrackzip is a fast password cracker partly written in assembler. #It is able to crack password protected zip files with brute #force or dictionary based attacks, optionally testing with #unzip its results. # #It can also crack cpmask'ed images. # #Homepage: http://www.goof.com/pcg/marc/fcrackzip.html apr-get install fcrackzip

# pdfcrack #PDF files password cracker #pdfcrack is a simple tool for recovering passwords from pdf-documents. #It should be able to handle all pdfs that uses the standard security handler #but the pdf-parsing routines are a bit of a quick hack so you might stumble #across some pdfs where the parser needs to be fixed to handle. # #pdfcrack allows configure the size of the searched password, use an #external wordlist file and save cracking sessions to restore it later. apt-get -y install pdfcrack

#Hunt hjiacking tcp and more apt-get -y install hunt

# Search terms #scanner, tcp, snort, smb, inject, honey, attacker, spoofer, crack, sniff, passw ord else user=`id | cut -d= -f2 | cut -d\( -f2 |cut -d\) -f1` echo echo "Sorry, you are NOT root. you are $user and cannot run this script " echo fi

exit 0