#!/bin/sh # securitybox.sh - Turn a generic Ubuntu or Debian SO into a security auditing m achine with one command # Version 1.01 # ekx0day at GMAIL.COM # Yu may have r00t privileges in order to install if [ `id | cut -d= -f3 | cut -d\( -f1` = 0 ] then echo echo " Okay, you are r00t and can run this script" echo sleep 1 # dnswalk #Checks dns zone information using nameserver lookups #dnswalk is a DNS debugger. It performs zone transfers of specified #domains, and checks the database in numerous ways for internal #consistency, as well as accuracy. apt-get -y install dnswalk # dns-bruteforce # dnsenum # dnsmap # DNSPredict # Finger Google #finger-ldap #Finger for machines that authenticate against LDAP #finger-ldap displays information about system users, by calling the BSD #finger command. However, it works around a gross inefficiency of #BSD finger's full-name matching algorithm by exploiting the LDAP #Search Filter mechanism, outlined in RFC 2254. #apt-get -y install finger-ldap # Commented out because the install asked too many questions # Firewalk # Goog Mail Enum # Google-search # Googrape # Gooscan # Host #utility for querying DNS servers #'host' is a utility, similar to 'nslookup' (deprecated) or 'dig', #used to query DNS servers for domain names and zones. # #This package provides the original version of 'host', originally #in the package 'dnsutils'. BIND9 provides a similar utility, in #'bind9-host'. # apt-get -y install bind9-host apt-get -y install host #Internetwork Routing Protocol Attack Suite #Despite the "exciting" title this is merely a collection of programs #used for advanced network operations, testing, and debugging. # #CDP and the route injectors can be useful in a production network. #Several other tools are useful for security and firewall testing. #Finally some tools such as netenum are useful for general admin #scripting. # #Like all powerful tools, someone whom is terminally stupid could #cause great damage when using these tools, so be careful. # #cdp - Cisco discovery protocol packet sender #igrp - IGRP route injector #ass - Autonomous system scanner #irdp - IRDP sender #irdpresponder - IRDP responder #itrace - ICMP based traceroute #tctrace - TCP SYN based traceroute #protos - ICMP based port scanner #netmask - Asks for netmask via ICMP #file2cable - Dumps any binary file direct to ethernet #dfkaa - Troubleshoot devices formerly known as Ascend (Pipeline, etc) #netenum - Ping scanner designed for shell scripts #hsrp - HSRP failover tester #icmp_redirect - ICMP redirection system #timestamp - ICMP timestamp requester #dhcpx - DHCP server "exerciser" # #I placed this program in "non-free" because per the license: #1) A developer is required to get written permission to use code # from IRPAS in derivative works #2) Users are barred from using this software for illegal purposes apt-get -y install irpas # Pirana # QGoogle # Relay Scanner # SMTP-Vrfy # - Network Mapping # Amap 5.2 # Autoscan 0.99_R1 # cdpr #Cisco Discovery Protocol Reporter #cdpr listens on specified network interfaces for Cisco Discovery #Protocol packets. It then decodes those packets and outputs the #information, optionally sending the information to a server for #processing. apt-get -y install cdpr # Cheops NG #Network swiss army knife #Cheops-ng is a Network management tool for mapping and monitoring #your network. It has host/network discovery functionality as well as #OS detection of hosts making. Cheops-ng has the ability to probe hosts to see #what services they are running. On some services, cheops-ng is actually #able to see what program is running for a service and the version #number of that program. # #Cheops-ng is a replacement for Cheops ('ng' stands for 'Next Generation'). #Main differences with cheops are: # * Cheops is a GUI program whereas cheops-ng has a backend server # that is running all of the time. The GUI for cheops-ng just logs into # the server to use the server's functions, like OS detection and mapping. # * OS detection is done with nmap not with queso (which is out of date) # * Cheops-ng does not have monitoring capabilities yet. # * It is being maintained and supported # #Homepage: http://cheops-ng.sourceforge.net apt-get -y install cheops-ng # doscan #port scanner for discovering services on large networks #doscan is a tool to discover TCP services on your network. It is #designed for scanning a single ports on a large network. doscan #contacts many hosts in parallel, using standard TCP sockets provided #by the operating system. It is possible to send strings to remote #hosts, and collect the banners they return. # #There are better tools for scanning many ports on a small set of #hosts, for example nmap. apt-get -y install doscan # Fping #sends ICMP ECHO_REQUEST packets to network hosts #fping is a ping like program which uses the Internet Control Message Protocol #(ICMP) echo request to determine if a target host is responding. fping #differs from ping in that you can specify any number of targets on the command #line, or specify a file containing the lists of targets to ping. Instead of #sending to one target until it times out or replies, fping will send out a #ping packet and move on to the next target in a round-robin fashion. # # Homepage: http://www.fping.com/ apt-get -y install fping # Hping #Active Network Smashing Tool #hping3 is a network tool able to send custom ICMP/UDP/TCP packets and #to display target replies like ping does with ICMP replies. It handles #fragmentation and arbitrary packet body and size, and can be used to #transfer files under supported protocols. Using hping3, you can test #firewall rules, perform (spoofed) port scanning, test network #performance using different protocols, do path MTU discovery, perform #traceroute-like actions under different protocols, fingerprint remote #operating systems, audit TCP/IP stacks, etc. hping3 is scriptable #using the TCL language. #apt-get -y install hping2 apt-get -y install hping3 # IDSWakeup #tool for testing network intrusion detection systems #idswakeup is a Bourne shell script invoking hping2 (required) and iwu #(part of this package) to generate false alarms in order to check if #a network intrusion detection system works all right. # #idswakeup requires no configuration and includes many common attack #simulations. apt-get -y install idswakeup # Python-Scapy #Packet generator/sniffer and network scanner/discovery #Scapy is a powerful interactive packet manipulation tool, packet #generator, network scanner, network discovery, packet sniffer, etc. It #can for the moment replace hping, 85% of nmap, arpspoof, arp-sk, arping, #tcpdump, tethereal, p0f, .... # #In scapy you define a set of packets, then it sends them, receives #answers, matches requests with answers and returns a list of packet couples #(request, answer) and a list of unmatched packets. This has the big advantage #over tools like nmap or hping that an answer is not reduced to #(open/closed/filtered), but is the whole packet. # # Homepage: http://www.secdev.org/projects/scapy/ apt-get -y install python-scapy # IKE-Scan #discover and fingerprint IKE hosts (IPsec VPN Servers) #ike-scan discovers IKE hosts and can also fingerprint them using the #retransmission backoff pattern. # #ike-scan does two things: # #a) Discovery: Determine which hosts are running IKE. # This is done by displaying those hosts which respond to the IKE requests # sent by ike-scan. # . #b) Fingerprinting: Determine which IKE implementation the hosts are using. # This is done by recording the times of the IKE response packets from the # target hosts and comparing the observed retransmission backoff pattern # against known patterns. # . # The retransmission backoff fingerprinting concept is discussed in more # detail in the UDP backoff fingerprinting paper which should be included # in the ike-scan kit as udp-backoff-fingerprinting-paper.txt. apt-get -y install ike-scan # IKEProbe # lft #layer-four traceroute #lft sends various TCP SYN and FIN probes (differing from Van Jacobson's #UDP-based method) utilizing the IP protocol "time to live" field and #attempts to elicit an ICMP TIME_EXCEEDED response from each gateway along #the path to some host. #lft also listens for various TCP and ICMP messages along the way to assist #network managers in ascertaining per-protocol heuristic routing information #and can optionally retrieve various information about the networks it #traverses. # #Homepage: http://www.mainnerve.com/lft/index.html apt-get -y install lft # Netdiscover #active/passive address scanner using arp requests #The netdiscover tool is an active/passive address reconnaissance #program, mainly developed to gain informations about wireless #networks without dhcp servers in wardriving scenarios. It can #also be used on switched networks. Built on top of libnet and #libpcap, it can passively detect online hosts or search for #them by sending arp requests. Furthermore, it can be used to #inspect your network's arp traffic and find network addresses #using auto scan mode which will scan for common local networks. apt-get -y install netdiscover # Nmap #The Network Mapper #Nmap is a utility for network exploration or security auditing. It #supports ping scanning (determine which hosts are up), many port #scanning techniques, version detection (determine service protocols #and application versions listening behind ports), and TCP/IP #fingerprinting (remote host OS or device identification). Nmap also #offers flexible target and port specification, decoy/stealth scanning, #sunRPC scanning, and more. Most Unix and Windows platforms are #supported in both GUI and commandline modes. Several popular handheld #devices are also supported, including the Sharp Zaurus and the iPAQ. apt-get -y install nmap # NmapFE # ndiff #Compares two nmap scans #NDiff is a tool that can take the output from two nmap scans #and give you the difference between them. # #The difference can be new or removed hosts and services. apt-get -y install ndiff # NWatch #Network service detector #NWatch is a sniffer but can be conceptualized as a "passive port #scanner", in that it is only interested in IP traffic and it organizes #results as a port scanner would.