Alpine security: Difference between revisions

From Alpine Linux
m (→‎Intrusion detection: Link cleanup)
m (Formatting.)
Line 52: Line 52:
| flawfinder
| flawfinder
| Examines C/C++ source code for security flaws
| Examines C/C++ source code for security flaws
| http://www.dwheeler.com/flawfinder/{{insecure url|HTTPS times out}}
| <p>http://www.dwheeler.com/flawfinder/{{insecure url|HTTPS times out}}</p>
|-
|-
| rats
| rats
Line 60: Line 60:
| pychecker
| pychecker
| A analyser for python source code
| A analyser for python source code
| http://pychecker.sourceforge.net/{{insecure url|HTTPS returns connection refused}}
| <p>http://pychecker.sourceforge.net/{{insecure url|HTTPS returns connection refused}}</p>
|-
|-
| pyflakes
| pyflakes
Line 224: Line 224:
| netsniff-ng
| netsniff-ng
| A performant Linux network analyzer and networking toolkit
| A performant Linux network analyzer and networking toolkit
| http://netsniff-ng.org/{{insecure url|Invalid server certificate on HTTPS}}
| <p>http://netsniff-ng.org/{{insecure url|Invalid server certificate on HTTPS}}</p>
|-
|-
| scapy
| scapy
Line 232: Line 232:
| socat
| socat
| Bidirectional data relay between two data channels ('netcat++')
| Bidirectional data relay between two data channels ('netcat++')
| http://www.dest-unreach.org/socat/{{insecure url|Self-signed certificate on HTTPS}}
| <p>http://www.dest-unreach.org/socat/{{insecure url|Self-signed certificate on HTTPS}}</p>
|-
|-
| tcpdump
| tcpdump
Line 268: Line 268:
| nfswatch
| nfswatch
| An NFS traffic monitoring tool
| An NFS traffic monitoring tool
| http://nfswatch.sourceforge.net/{{insecure url|Unable to connect on HTTPS}}
| <p>http://nfswatch.sourceforge.net/{{insecure url|Unable to connect on HTTPS}}</p>
|-
|-
| p0f
| p0f
Line 276: Line 276:
| hping3
| hping3
| A ping-like TCP/IP packet assembler/analyzer
| A ping-like TCP/IP packet assembler/analyzer
| http://www.hping.org/{{insecure url|Connection refused on HTTPS}}
| <p>http://www.hping.org/{{insecure url|Connection refused on HTTPS}}</p>
|-
|-
| sslscan
| sslscan
Line 292: Line 292:
| dnstop
| dnstop
| A DNS traffic capture utility
| A DNS traffic capture utility
| http://dns.measurement-factory.com/tools/dnstop/{{insecure url|Invalid certificate on HTTPS}}
| <p>http://dns.measurement-factory.com/tools/dnstop/{{insecure url|Invalid certificate on HTTPS}}</p>
|-
|-
| flunym0us
| flunym0us
Line 304: Line 304:
| onesixtyone
| onesixtyone
| An efficient SNMP scanner
| An efficient SNMP scanner
| http://www.phreedom.org/software/onesixtyone/{{insecure url|HTTPS times out}}
| <p>http://www.phreedom.org/software/onesixtyone/{{insecure url|HTTPS times out}}</p>
|-
|-
| mitmproxy
| mitmproxy
Line 312: Line 312:
| hexinject
| hexinject
| A very versatile packet injector and sniffer
| A very versatile packet injector and sniffer
| http://hexinject.sourceforge.net/{{insecure url|Connection refused on HTTPS}}
| <p>http://hexinject.sourceforge.net/{{insecure url|Connection refused on HTTPS}}</p>
|-
|-
| [[Setting up OpenVAS9|openvas]]
| [[Setting up OpenVAS9|openvas]]

Revision as of 04:59, 23 December 2021

Note: This is work in progress. Not all packages are available at the moment.

Basics

Name Description URL
alpine-base Alpine base package https://pkgs.alpinelinux.org/packages?name=alpine-base
alpine-mirrors List of Official Alpine Linux Mirrors https://mirrors.alpinelinux.org/
bkeymaps Binary keymaps for busybox http://dev.alpinelinux.org/alpine/bkeymaps[Dead Link]
network-extras Meta package to pull in vlan, bonding, bridge and wifi support https://pkgs.alpinelinux.org/packages?name=network-extras
openssl Toolkit for TLS https://www.openssl.org/
tzdata Timezone data https://www.iana.org/time-zones

Code Analysis

Name Description URL
rpmlint A tool for checking common errors in RPM packages https://github.com/rpm-software-management/rpmlint
pylint Analyzes Python code looking for bugs and signs of poor quality https://pypi.org/project/pylint/
flawfinder Examines C/C++ source code for security flaws

http://www.dwheeler.com/flawfinder/ 🔓

rats A tool to find security related programming errors https://www.fortify.com/ssa-elements/threat-intelligence/rats.html
pychecker A analyser for python source code

http://pychecker.sourceforge.net/ 🔓

pyflakes A passive checker of Python programs https://launchpad.net/pyflakes
strace A useful diagnositic, instructional, and debugging tool https://strace.io/
netsink A Network Sinkhole for Isolated Malware Analysis https://github.com/shendo/netsink


Forensics / Data recovery tools

Name Description URL
dc3dd Patched version of GNU dd for use in computer forensics https://sourceforge.net/projects/dc3dd/
ddrescue Data recovery tool for block devices with errors https://www.gnu.org/s/ddrescue/ddrescue.html
testdisk A powerful free data recovery software https://www.cgsecurity.org/wiki/TestDisk
scrub Disk scrubbing program https://code.google.com/archive/p/diskscrub/
ncdu A curses-based version of the well-known "du" https://dev.yorhel.nl/ncdu
htop An interactive process viewer for Linux https://htop.dev/
mac-robber A tool that collects data from allocated files in a mounted file system https://www.sleuthkit.org/mac-robber/desc.php
wipe Tool for securely erasing files from magnetic media http://lambda-diode.com/software/wipe/[Dead Link]
nwipe Securely erase disks using a variety of recognized methods https://github.com/martijnvanbrummelen/nwipe/
jhead An Exif jpeg header manipulation tool https://www.sentex.net/~mwandel/jhead/


Reconnaissance

Name Description URL
arpalert Monitor ARP changes in ethernet networks https://www.arpalert.org/arpalert.html
arpon ARP handler inspection https://arpon.sourceforge.io/
dnsenum A tool to enumerate DNS info about domains https://github.com/fwaeytens/dnsenum
halberd A tool to discover HTTP load balancers https://github.com/jmbr/halberd
scanssh Fast SSH server and open proxy scanner https://monkey.org/~provos/scanssh/
ngrep Network layer grep tool https://github.com/jpr5/ngrep/
netsniff-ng A performant Linux network analyzer and networking toolkit

http://netsniff-ng.org/ 🔓

scapy Interactive packet manipulation tool and network scanner https://scapy.net/
socat Bidirectional data relay between two data channels ('netcat++')

http://www.dest-unreach.org/socat/ 🔓

tcpdump A network traffic monitoring tool https://www.tcpdump.org/
tcptrack Displays information about tcp connections on a network interface http://www.rhythm.cx/~steve/devel/tcptrack/[Dead Link]
tcpflow A tool for monitoring, capturing and storing TCP connections flows https://github.com/simsong/tcpflow
tcpproxy Transparent TCP Proxy http://www.quietsche-entchen.de/cgi-bin/wiki.cgi/proxies/TcpProxy[Dead Link]
etherdump An extremely small packet sniffer http://freshmeat.sourceforge.net/projects/etherdump/
netdiscover A network address discovering tool https://sourceforge.net/projects/netdiscover/
nmap A network exploration tool and security/port scanner https://nmap.org
arpwatch An ethernet monitoring program https://ee.lbl.gov/
nfswatch An NFS traffic monitoring tool

http://nfswatch.sourceforge.net/ 🔓

p0f Passive traffic fingerprinting tool https://lcamtuf.coredump.cx/p0f3/
hping3 A ping-like TCP/IP packet assembler/analyzer

http://www.hping.org/ 🔓

sslscan Security assessment tool for SSL http://sourceforge.net/projects/sslscan/
httpry A packet sniffer designed for HTTP traffic https://dumpsterventures.com/jason/httpry
bannergrab A banner grabbing tool https://sourceforge.net/projects/bannergrab
dnstop A DNS traffic capture utility

http://dns.measurement-factory.com/tools/dnstop/ 🔓

flunym0us A vulnerability scanner for wordpress and moodle https://code.google.com/archive/p/flunym0us/
swaks A transaction-oriented SMTP test tool https://www.jetmore.org/john/code/swaks/
onesixtyone An efficient SNMP scanner

http://www.phreedom.org/software/onesixtyone/ 🔓

mitmproxy An interactive SSL-capable intercepting HTTP proxy https://www.mitmproxy.org/
hexinject A very versatile packet injector and sniffer

http://hexinject.sourceforge.net/ 🔓

openvas Vulnerability scanner and manager https://www.openvas.org/


Application Testing

Name Description URL
wbox HTTP testing tool and configuration-less HTTP server

http://www.hping.org/wbox/ 🔓

slowhttptest An application Layer DoS attack simulator https://github.com/shekyan/slowhttptest
nikto A web application security scanner https://www.cirt.net/Nikto2


Network statistics

Name Description URL
iperf Tool to measure IP bandwidth using UDP or TCP https://github.com/esnet/iperf
iptraf-ng A console-based network monitoring utility https://fedorahosted.org/iptraf-ng/
iptop Command line tool that displays bandwidth usage on an interface https://www.ex-parrot.com/~pdw/iftop/
fping A utility to ping multiple hosts at once

http://fping.sourceforge.net/ 🔓

mtr Full screen ncurses traceroute tool https://www.bitwizard.nl/mtr/
speedometer Measure and display the rate of data across a network connection or data being stored in a file https://excess.org/speedometer/
nfdump The nfdump tools collect and process netflow data on the command line https://github.com/phaag/nfdump
nethogs Top-like monitor for network traffic https://raboof.github.io/nethogs/
iptstate Top-like interface to netfilter connection-tracking table https://www.phildev.net/iptstate/


Misc tools

Name Description URL
bash-completion Command-line tab-completion for bash http://bash-completion.alioth.debian.org/[Dead Link]
clamav An anti-virus toolkit for UNIX https://www.clamav.net
p7zip A command-line port of the 7zip compression utility

http://p7zip.sourceforge.net/ 🔓

nano A simple ncurses text editor https://www.nano-editor.org/
rsync A file transfer program to keep remote files in sync https://rsync.samba.org/
screen A terminal multiplexer, used to multiplex several virtual consoles. Similar to "tmux" below https://www.gnu.org/software/screen/
tmux A terminal multiplexer, used to multiplex several virtual consoles. Similar to "screen" above https://tmux.github.io/
multitail A tool to view one or multiple files https://www.vanheusden.com/multitail
shed A simple hex editor

http://shed.sourceforge.net/ 🔓

e2fsprogs Standard Ext2/3/4 filesystem utilities

http://e2fsprogs.sourceforge.net/ 🔓

openssh An open source implementation of SSH protocol versions 1 and 2 https://www.openssh.com/
passwdgen A random password generator https://code.google.com/archive/p/passwdgen/
partclone Back up and restore used-blocks of a partition https://partclone.org/
sshguard Log monitor that blocks with iptables on bad behaviour https://www.sshguard.net/
proxychains A tool that forces any TCP connection through proxies

http://proxychains.sourceforge.net 🔓

knock A simple port-knocking daemon https://www.zeroflux.org/projects/knock
logcheck A simple utility which is designed to allow a system administrator to view the logfiles

https://logcheck.org 🔓

mc A visual file manager https://www.midnight-commander.org/
makepasswd Generates (pseudo-)random passwords of a desired length http://people.defora.org/~khorben/projects/makepasswd/[Dead Link]
lnav A curses-based tool for viewing and analyzing log files https://lnav.org
goaccess A real-time web log analyzer and interactive viewer https://goaccess.io/


VoIP

Name Description URL
sipp A test tool / traffic generator for the SIP protocol

http://sipp.sourceforge.net/ 🔓

voiphopper A VLAN Hop security test

http://voiphopper.sourceforge.net/ 🔓

sipvicious Tools for auditing SIP based VoIP systems https://github.com/EnableSecurity/sipvicious
sipcrack A SIP protocol login cracker http://packages.debian.org/sipcrack
sipsak SIP swiss army knife http://sipsak.org/[Dead Link]
smap A simple scanner for SIP enabled devices http://www.wormulon.net/smap[Dead Link]


Wireless

Name Description URL
weplab Analyzing WEP encryption security on wireless networks http://weplab.sourceforge.net/[Dead Link]
kismet A WLAN detector, sniffer, and IDS https://www.kismetwireless.org/
cowpatty Attacking WPA/WPA2-PSK exchanges http://www.willhackforsushi.com/Cowpatty.html[Dead Link]
wavemon Ncurses-based monitoring application for wireless network devices https://github.com/uoaerg/wavemon


Intrusion detection

Name Description URL
nebula An Intrusion Signature Generator http://nebula.carnivore.it/[Dead Link]
snort A network intrusion prevention and detection system https://www.snort.org/