Alpine security: Difference between revisions

Revision as of 01:56, 25 August 2023

Note: This is work in progress. Not all packages are available at the moment.

Basics

Name	Description	URL
alpine-base	Alpine base package	https://pkgs.alpinelinux.org/packages?name=alpine-base
alpine-mirrors	List of Official Alpine Linux Mirrors	https://mirrors.alpinelinux.org/
bkeymaps	Binary keymaps for busybox	https://dev.alpinelinux.org/alpine/bkeymaps^{[Dead Link]}
network-extras	Meta package to pull in vlan, bonding, bridge and wifi support	https://pkgs.alpinelinux.org/packages?name=network-extras
openssl	Toolkit for TLS	https://www.openssl.org/
tzdata	Timezone data	https://www.iana.org/time-zones

Code Analysis

Name	Description	URL
rpmlint	A tool for checking common errors in RPM packages	https://github.com/rpm-software-management/rpmlint
pylint	Analyzes Python code looking for bugs and signs of poor quality	https://pypi.org/project/pylint/
flawfinder	Examines C/C++ source code for security flaws	https://www.dwheeler.com/flawfinder/
rats	A tool to find security related programming errors	https://www.fortify.com/ssa-elements/threat-intelligence/rats.html
pychecker	A analyser for python source code	https://pychecker.sourceforge.net/
pyflakes	A passive checker of Python programs	https://launchpad.net/pyflakes
strace	A useful diagnositic, instructional, and debugging tool	https://strace.io/
netsink	A Network Sinkhole for Isolated Malware Analysis	https://github.com/shendo/netsink

Forensics / Data recovery tools

Name	Description	URL
dc3dd	Patched version of GNU dd for use in computer forensics	https://sourceforge.net/projects/dc3dd/
ddrescue	Data recovery tool for block devices with errors	https://www.gnu.org/s/ddrescue/ddrescue.html
testdisk	A powerful free data recovery software	https://www.cgsecurity.org/wiki/TestDisk
scrub	Disk scrubbing program	https://code.google.com/archive/p/diskscrub/
ncdu	A curses-based version of the well-known "du"	https://dev.yorhel.nl/ncdu
htop	An interactive process viewer for Linux	https://htop.dev/
mac-robber	A tool that collects data from allocated files in a mounted file system	https://www.sleuthkit.org/mac-robber/desc.php
wipe	Tool for securely erasing files from magnetic media	https://lambda-diode.com/software/wipe/^{[Dead Link]}
nwipe	Securely erase disks using a variety of recognized methods	https://github.com/martijnvanbrummelen/nwipe/
jhead	An Exif jpeg header manipulation tool	https://www.sentex.net/~mwandel/jhead/

Reconnaissance

Name	Description	URL
arpon	ARP handler inspection	https://arpon.sourceforge.io/
dnsenum	A tool to enumerate DNS info about domains	https://github.com/fwaeytens/dnsenum
scanssh	Fast SSH server and open proxy scanner	https://monkey.org/~provos/scanssh/
ngrep	Network layer grep tool	https://github.com/jpr5/ngrep/
scapy	Interactive packet manipulation tool and network scanner	https://scapy.net/
socat	Bidirectional data relay between two data channels ('netcat++')	http://www.dest-unreach.org/socat/ 🔓
tcpdump	A network traffic monitoring tool	https://www.tcpdump.org/
tcpflow	A tool for monitoring, capturing and storing TCP connections flows	https://github.com/simsong/tcpflow
nmap	A network exploration tool and security/port scanner	https://nmap.org
arpwatch	An ethernet monitoring program	https://ee.lbl.gov/
p0f	Passive traffic fingerprinting tool	https://lcamtuf.coredump.cx/p0f3/
hping3	A ping-like TCP/IP packet assembler/analyzer	http://www.hping.org/ 🔓
sslscan	fast SSL/TLS configuration scanner	https://github.com/rbsec/sslscan
httpry	A packet sniffer designed for HTTP traffic	https://dumpsterventures.com/jason/httpry
bannergrab	A banner grabbing tool	https://sourceforge.net/projects/bannergrab
dnstop	A DNS traffic capture utility	http://dns.measurement-factory.com/tools/dnstop/ 🔓
swaks	A transaction-oriented SMTP test tool	https://www.jetmore.org/john/code/swaks/
mitmproxy	An interactive SSL-capable intercepting HTTP proxy	https://www.mitmproxy.org/
hexinject	A very versatile packet injector and sniffer	https://hexinject.sourceforge.net/
openvas-scanner	Vulnerability scanner and manager	https://www.openvas.org/

Application Testing

Name	Description	URL
lynis	Security and system auditing tool	https://cisofy.com/lynis/
nikto	A web application security scanner	https://www.cirt.net/Nikto2
sqlmap	Automatic SQL injection and database takeover tool	https://sqlmap.org/
zaproxy	OWASP Zed Attack Proxy web app scanner	https://www.zaproxy.org/

Network statistics

Name	Description	URL
iperf	Tool to measure IP bandwidth using UDP or TCP	https://github.com/esnet/iperf
iptraf-ng	A console-based network monitoring utility	https://fedorahosted.org/iptraf-ng/
iftop	Command line tool that displays bandwidth usage on an interface	https://www.ex-parrot.com/~pdw/iftop/
fping	A utility to ping multiple hosts at once	https://fping.sourceforge.net/
mtr	Full screen ncurses traceroute tool	https://www.bitwizard.nl/mtr/
nfdump	The nfdump tools collect and process netflow data on the command line	https://github.com/phaag/nfdump
nethogs	Top-like monitor for network traffic	https://raboof.github.io/nethogs/
iptstate	Top-like interface to netfilter connection-tracking table	https://www.phildev.net/iptstate/

Misc tools

Name	Description	URL
bash-completion	Command-line tab-completion for bash	https://github.com/scop/bash-completion
clamav	An anti-virus toolkit for UNIX	https://www.clamav.net
7zip	A command-line port of the 7zip compression utility	https://7-zip.org/
nano	A simple ncurses text editor	https://www.nano-editor.org/
rsync	A file transfer program to keep remote files in sync	https://rsync.samba.org/
screen	A terminal multiplexer, used to multiplex several virtual consoles. Similar to "tmux" below	https://www.gnu.org/software/screen/
tmux	A terminal multiplexer, used to multiplex several virtual consoles. Similar to "screen" above	https://tmux.github.io/
multitail	A tool to view one or multiple files	https://www.vanheusden.com/multitail
e2fsprogs	Standard Ext2/3/4 filesystem utilities	https://e2fsprogs.sourceforge.net/
openssh	An open source implementation of SSH protocol versions 1 and 2	https://www.openssh.com/
partclone	Back up and restore used-blocks of a partition	https://partclone.org/
sshguard	Log monitor that blocks with iptables on bad behaviour	https://www.sshguard.net/
proxychains-ng	A tool that forces any TCP connection through proxies	https://github.com/rofl0r/proxychains-ng
knock	A simple port-knocking daemon	https://www.zeroflux.org/projects/knock
logcheck	A simple utility which is designed to allow a system administrator to view the logfiles	https://logcheck.org{
mc	A visual file manager	https://www.midnight-commander.org/
makepasswd	Generates (pseudo-)random passwords of a desired length	https://www.defora.org/os/project/117/makepasswd
lnav	A curses-based tool for viewing and analyzing log files	https://lnav.org
goaccess	A real-time web log analyzer and interactive viewer	https://goaccess.io/

VoIP

Name	Description	URL
sipp	A test tool / traffic generator for the SIP protocol	https://sipp.sourceforge.net/
sipsak	SIP swiss army knife	https://github.com/nils-ohlmeier/sipsak

Wireless

Name	Description	URL
aircrack-ng	802.11 (wireless) sniffer and WEP/WPA-PSK key cracker	https://www.aircrack-ng.org/
kismet	A WLAN detector, sniffer, and IDS	https://www.kismetwireless.org/
reaver-wps-fork-t6x	WPS Password Cracker	https://github.com/t6x/reaver-wps-fork-t6x
wavemon	Ncurses-based monitoring application for wireless network devices	https://github.com/uoaerg/wavemon

Intrusion detection

Name	Description	URL
nebula	An Intrusion Signature Generator	https://github.com/slackhq/nebula
snort	A network intrusion prevention and detection system	https://www.snort.org/

@@ Line 198: / Line 198: @@
 ! URL
 |-
-| arpalert
+| {{pkg|arpon}}
-| Monitor ARP changes in ethernet networks
-| https://www.arpalert.org/arpalert.html
-|-
-| arpon
 | ARP handler inspection
 | https://arpon.sourceforge.io/
 |-
-| dnsenum
+| {{pkg|dnsenum}}
 | A tool to enumerate DNS info about domains
 | https://github.com/fwaeytens/dnsenum
 |-
-| halberd
+| {{pkg|scanssh}}
-| A tool to discover HTTP load balancers
-| https://github.com/jmbr/halberd
-|-
-| scanssh
 | Fast SSH server and open proxy scanner
 | https://monkey.org/~provos/scanssh/
 |-
-| ngrep
+| {{pkg|ngrep}}
 | Network layer grep tool
 | https://github.com/jpr5/ngrep/
 |-
-| netsniff-ng
+| {{pkg|scapy}}
-| A performant Linux network analyzer and networking toolkit
-| <p>http://netsniff-ng.org/{{insecure url|Invalid server certificate on HTTPS}}</p>
-|-
-| scapy
 | Interactive packet manipulation tool and network scanner
 | https://scapy.net/
 |-
-| socat
+| {{pkg|socat}}
 | Bidirectional data relay between two data channels ('netcat++')
 | <p>http://www.dest-unreach.org/socat/{{insecure url|Self-signed certificate on HTTPS}}</p>
 |-
-| tcpdump
+| {{pkg|tcpdump}}
 | A network traffic monitoring tool
 | https://www.tcpdump.org/
 |-
-| tcptrack
+| {{pkg|tcpflow}}
-| Displays information about tcp connections on a network interface
-| https://www.rhythm.cx/~steve/devel/tcptrack/{{dead link}}
-|-
-| tcpflow
 | A tool for monitoring, capturing and storing TCP connections flows
 | https://github.com/simsong/tcpflow
 |-
-| tcpproxy
+| {{pkg|nmap}}
-| Transparent TCP Proxy
-| https://www.quietsche-entchen.de/cgi-bin/wiki.cgi/proxies/TcpProxy{{dead link}}
-|-
-| etherdump
-| An extremely small packet sniffer
-| https://freshmeat.sourceforge.net/projects/etherdump/
-|-
-| netdiscover
-| A network address discovering tool
-| https://sourceforge.net/projects/netdiscover/
-|-
-| nmap
 | A network exploration tool and security/port scanner
 | https://nmap.org
 |-
-| arpwatch
+| {{pkg|arpwatch}}
 | An ethernet monitoring program
 | https://ee.lbl.gov/
 |-
-| nfswatch
+| {{pkg|p0f}}
-| An NFS traffic monitoring tool
-| https://nfswatch.sourceforge.net/
-|-
-| p0f
 | Passive traffic fingerprinting tool
 | https://lcamtuf.coredump.cx/p0f3/
 |-
-| hping3
+| {{pkg|hping3}}
 | A ping-like TCP/IP packet assembler/analyzer
 | <p>http://www.hping.org/{{insecure url|Connection refused on HTTPS}}</p>
 |-
-| sslscan
+| {{pkg|sslscan}}
-| Security assessment tool for SSL
+| fast SSL/TLS configuration scanner
-| https://sourceforge.net/projects/sslscan/
+| https://github.com/rbsec/sslscan
 |-
-| httpry
+| {{pkg|httpry}}
 | A packet sniffer designed for HTTP traffic
 | https://dumpsterventures.com/jason/httpry
 |-
-| bannergrab
+| {{pkg|bannergrab}}
 | A banner grabbing tool
 | https://sourceforge.net/projects/bannergrab
 |-
-| dnstop
+| {{pkg|dnstop}}
 | A DNS traffic capture utility
 | <p>http://dns.measurement-factory.com/tools/dnstop/{{insecure url|Invalid certificate on HTTPS}}</p>
 |-
-| flunym0us
+| {{pkg|swaks}}
-| A vulnerability scanner for wordpress and moodle
-| https://code.google.com/archive/p/flunym0us/
-|-
-| swaks
 | A transaction-oriented SMTP test tool
 | https://www.jetmore.org/john/code/swaks/
 |-
-| onesixtyone
+| {{pkg|mitmproxy}}
-| An efficient SNMP scanner
-| <p>http://www.phreedom.org/software/onesixtyone/{{insecure url|HTTPS times out}}</p>
-|-
-| mitmproxy
 | An interactive SSL-capable intercepting HTTP proxy
 | https://www.mitmproxy.org/
 |-
-| hexinject
+| {{pkg|hexinject}}
 | A very versatile packet injector and sniffer
 | https://hexinject.sourceforge.net/
 |-
-| [[Setting up OpenVAS9|openvas]]
+| {{pkg|openvas-scanner}}
 | Vulnerability scanner and manager
 | https://www.openvas.org/
 |}
 <!-- ToDo
-whatweb
-A website fingerprinter
-https://www.morningstarsecurity.com/research/whatweb
-blindelephant
-A web application fingerprinter
-https://blindelephant.sourceforge.net/
 dpkt
@@ Line 333: / Line 285: @@
 https://code.google.com/p/dpkt/
-Wireplay
-A minimalist approach to replay pcap dumped TCP sessions with modification as required.
-https://code.google.com/p/wireplay/
-|-
-| ike-scan
-| An IPsec VPN scanning, fingerprinting, and testing tool
-| http://www.nta-monitor.com/tools/ike-scan/
-https://inguma.sourceforge.net/
 * nuttcp https://www.nuttcp.net
-* argus https://qosient.com/argus/
-* tcpick https://tcpick.sourceforge.net/
-* tcpreen -- A TCP/IP re-engineering and monitoring program
 * tcpdump -- A network traffic monitoring tool
 * tcpflow -- Network traffic recorder
-* tcpick -- A tcp stream sniffer, tracker and capturer
-* tcping -- Check of TCP connection to a given IP/Port
-* tcpjunk -- TCP protocols testing tool
 * tcpreplay -- Replay captured network traffic
 * tcptraceroute -- A traceroute implementation using TCP packets
-* tcptrack -- Displays information about tcp connections on a network interface
-* tcputils -- Utilities for TCP programming in shell-scripts
-* tcp_wrappers -- A security tool which acts as a wrapper for TCP daemons
-* tcpxtract -- Tool for extracting files from network traffic
-* ttcp A tool for testing TCP connections http://www.pcausa.com/Utilities/pcattcp.htm
-* unicornscan http://www.unicornscan.org/
-* dsniff - Tools for network auditing and penetration testing
-* httpry https://dumpsterventures.com/jason/httpry/
-* justniffer
-* dietsniff
-* Nast http://nast.berlios.de/
-* brutessh http://www.edge-security.com/brutessh.php
 * ettercap https://ettercap.sourceforge.net/ A network traffic sniffer/analyser
-* icmpshell A tool that only uses ICMP for connections https://icmpshell.sourceforge.net/
-https://code.google.com/p/yapscan/
-egressor http://packetfactory.openwall.net/projects/egressor/
-arpoc http://www.phenoelit.org/arpoc/index.html
-loadbalancer-finder https://code.google.com/p/loadbalancer-finder/
 -->