Alpine security: Difference between revisions

From Alpine Linux
m (Which deprecated script?)
(Add "Category:Security")
 
(18 intermediate revisions by 2 users not shown)
Line 1: Line 1:
{{Note|This is work in progress. Not all packages are available at the moment.}}
{{obsolete|See notice on [[Alpine Security and Rescue]]}}


== Basics ==
== Basics ==
Line 17: Line 17:
| https://mirrors.alpinelinux.org/
| https://mirrors.alpinelinux.org/
|-
|-
| bkeymaps
| kbd-bkeymaps
| Binary keymaps for busybox
| Binary keymaps for busybox
| https://dev.alpinelinux.org/alpine/bkeymaps{{dead link}}
| https://pkgs.alpinelinux.org/packages?name=kbd-bkeymaps
|-
|-
| network-extras
| network-extras
Line 25: Line 25:
| https://pkgs.alpinelinux.org/packages?name=network-extras
| https://pkgs.alpinelinux.org/packages?name=network-extras
|-
|-
| openssl
| {{pkg|openssl}}
| Toolkit for TLS
| Toolkit for TLS
| https://www.openssl.org/
| https://www.openssl.org/
|-
|-
| tzdata
| {{pkg|tzdata}}
| Timezone data
| Timezone data
| https://www.iana.org/time-zones
| https://www.iana.org/time-zones
Line 42: Line 42:
! URL
! URL
|-
|-
| rpmlint
| {{pkg|py3-pylint}}
| A tool for checking common errors in RPM packages
| https://github.com/rpm-software-management/rpmlint
|-
| pylint
| Analyzes Python code looking for bugs and signs of poor quality
| Analyzes Python code looking for bugs and signs of poor quality
| https://pypi.org/project/pylint/
| https://pypi.org/project/pylint/
|-
|-
| flawfinder
| {{pkg|flawfinder}}
| Examines C/C++ source code for security flaws
| Examines C/C++ source code for security flaws
| https://www.dwheeler.com/flawfinder/
| https://www.dwheeler.com/flawfinder/
|-
|-
| rats
| {{pkg|py3-pyflakes}}
| A tool to find security related programming errors
| https://www.fortify.com/ssa-elements/threat-intelligence/rats.html
|-
| pychecker
| A analyser for python source code
| https://pychecker.sourceforge.net/
|-
| pyflakes
| A passive checker of Python programs
| A passive checker of Python programs
| https://launchpad.net/pyflakes
| https://launchpad.net/pyflakes
|-
|-
| strace
| {{pkg|strace}}
| A useful diagnositic, instructional, and debugging tool
| A useful diagnositic, instructional, and debugging tool
| https://strace.io/
| https://strace.io/
|-
|-
| netsink
| {{pkg|valgrind}}
| A Network Sinkhole for Isolated Malware Analysis
| https://github.com/shendo/netsink
|}
 
<!--
Todo
 
|-
| splint
| An implementation of the lint program
| https://www.splint.org/
|-
| valgrind
| A tool for finding memory-management problems
| A tool for finding memory-management problems
| https://valgrind.org/
| https://valgrind.org/
|-
|}
| pscan
| Limited problem scanner for C source files
|
-->


== Forensics / Data recovery tools ==
== Forensics / Data recovery tools ==
Line 100: Line 71:
! URL
! URL
|-
|-
| dc3dd
| {{pkg|ddrescue}}
| Patched version of GNU dd for use in computer forensics
| https://sourceforge.net/projects/dc3dd/
|-
| ddrescue
| Data recovery tool for block devices with errors  
| Data recovery tool for block devices with errors  
| https://www.gnu.org/s/ddrescue/ddrescue.html
| https://www.gnu.org/s/ddrescue/ddrescue.html
|-
|-
| testdisk
| {{pkg|testdisk}}
| A powerful free data recovery software
| A powerful free data recovery software
| https://www.cgsecurity.org/wiki/TestDisk
| https://www.cgsecurity.org/wiki/TestDisk
|-
|-
| scrub
| {{pkg|scrub}}
| Disk scrubbing program
| Disk scrubbing program
| https://code.google.com/archive/p/diskscrub/
| https://code.google.com/archive/p/diskscrub/
|-
|-
| ncdu
| {{pkg|ncdu}}
| A curses-based version of the well-known "du"
| A curses-based version of the well-known "du"
| https://dev.yorhel.nl/ncdu
| https://dev.yorhel.nl/ncdu
|-
|-
| htop
| {{pkg|htop}}
| An interactive process viewer for Linux
| An interactive process viewer for Linux
| https://htop.dev/
| https://htop.dev/
|-
|-
| mac-robber
| {{pkg|wipe}}
| A tool that collects data from allocated files in a mounted file system
| https://www.sleuthkit.org/mac-robber/desc.php
|-
| wipe
| Tool for securely erasing files from magnetic media
| Tool for securely erasing files from magnetic media
| https://lambda-diode.com/software/wipe/{{dead link}}
| https://wipe.sourceforge.net/
|-
|-
| nwipe
| {{pkg|jhead}}
| Securely erase disks using a variety of recognized methods
| https://github.com/martijnvanbrummelen/nwipe/
|-
| jhead
| An Exif jpeg header manipulation tool
| An Exif jpeg header manipulation tool
| https://www.sentex.net/~mwandel/jhead/
| https://www.sentex.net/~mwandel/jhead/
Line 145: Line 104:
|-
|-
| aimage
| aimage
| Advanced Disk Imager
| Advanced Disk Imager (part of krita now???)
| https://www.afflib.org
| https://www.afflib.org
|-
|-
| fiwalk
| fiwalk (part of sleuthkit now???)
| Batch analysis of a disk image
| Batch analysis of a disk image
| https://www.afflib.org
| https://www.afflib.org
|-
| ftimes
| A system baselining and evidence collection too
| https://ftimes.sourceforge.net/FTimes/
https://sourceforge.net/projects/cdpr/
| rarcrack
| https://rarcrack.sourceforge.net/
| extcarve
| safecopy
| A data recovery tool
| https://safecopy.sourceforge.net/
* scalpel Fast file carver working on disk images http://www.digitalforensicssolutions.com/Scalpel/
* afftools - Utilities for afflib https://afflib.org/
* examiner - Utility to disassemble and comment foreign executable binaries
* firstaidkit - System Rescue Tool
* foremost - Recover files by "carving" them from a raw disk
* hexedit - A hexadecimal file viewer and editor
* ntfs-3g - Linux NTFS userspace driver
* ntfs-3g - Linux NTFS userspace driver
* ntfsprogs - NTFS filesystem libraries and utilities
* scanmem - Simple interactive debugging utility
* sleuthkit - The Sleuth Kit (TSK)
* sleuthkit - The Sleuth Kit (TSK)
* srm - Secure file deletion
* unhide - Tool to find hidden processes and TCP/UDP ports from rootkits


chntpw
chntpw
samdump2  https://sourceforge.net/projects/ophcrack/files/samdump2/2.0.1/
creddump https://code.google.com/p/creddump/
Hydra
Hydra
Medusa
volatility3 An advanced memory forensics framework https://github.com/volatilityfoundation/volatility3
volatility An advanced memory forensics framework https://code.google.com/p/volatility/
pdfcrack A Password Recovery Tool for PDF files https://pdfcrack.sourceforge.net/
pdfcrack A Password Recovery Tool for PDF files https://pdfcrack.sourceforge.net/
https://code.google.com/p/logkeys/
-->
-->


Line 198: Line 127:
! URL
! URL
|-
|-
| arpalert
| {{pkg|arpon}}
| Monitor ARP changes in ethernet networks
| https://www.arpalert.org/arpalert.html
|-
| arpon
| ARP handler inspection
| ARP handler inspection
| https://arpon.sourceforge.io/
| https://arpon.sourceforge.io/
|-
|-
| dnsenum
| {{pkg|dnsenum}}
| A tool to enumerate DNS info about domains
| A tool to enumerate DNS info about domains
| https://github.com/fwaeytens/dnsenum
| https://github.com/fwaeytens/dnsenum
|-
|-
| halberd
| {{pkg|scanssh}}
| A tool to discover HTTP load balancers
| https://github.com/jmbr/halberd
|-
| scanssh
| Fast SSH server and open proxy scanner
| Fast SSH server and open proxy scanner
| https://monkey.org/~provos/scanssh/
| https://monkey.org/~provos/scanssh/
|-
|-
| ngrep
| {{pkg|ngrep}}
| Network layer grep tool
| Network layer grep tool
| https://github.com/jpr5/ngrep/
| https://github.com/jpr5/ngrep/
|-
|-
| netsniff-ng
| {{pkg|scapy}}
| A performant Linux network analyzer and networking toolkit
| <p>http://netsniff-ng.org/{{insecure url|Invalid server certificate on HTTPS}}</p>
|-
| scapy
| Interactive packet manipulation tool and network scanner
| Interactive packet manipulation tool and network scanner
| https://scapy.net/
| https://scapy.net/
|-
|-
| socat
| {{pkg|socat}}
| Bidirectional data relay between two data channels ('netcat++')
| Bidirectional data relay between two data channels ('netcat++')
| <p>http://www.dest-unreach.org/socat/{{insecure url|Self-signed certificate on HTTPS}}</p>
| <p>http://www.dest-unreach.org/socat/{{insecure url|Self-signed certificate on HTTPS}}</p>
|-
|-
| tcpdump
| {{pkg|tcpdump}}
| A network traffic monitoring tool
| A network traffic monitoring tool
| https://www.tcpdump.org/
| https://www.tcpdump.org/
|-
|-
| tcptrack
| {{pkg|tcpflow}}
| Displays information about tcp connections on a network interface
| https://www.rhythm.cx/~steve/devel/tcptrack/{{dead link}}
|-
| tcpflow
| A tool for monitoring, capturing and storing TCP connections flows
| A tool for monitoring, capturing and storing TCP connections flows
| https://github.com/simsong/tcpflow
| https://github.com/simsong/tcpflow
|-
|-
| tcpproxy
| {{pkg|nmap}}
| Transparent TCP Proxy
| https://www.quietsche-entchen.de/cgi-bin/wiki.cgi/proxies/TcpProxy{{dead link}}
|-
| etherdump
| An extremely small packet sniffer
| https://freshmeat.sourceforge.net/projects/etherdump/
|-
| netdiscover
| A network address discovering tool
| https://sourceforge.net/projects/netdiscover/
|-
| nmap
| A network exploration tool and security/port scanner
| A network exploration tool and security/port scanner
| https://nmap.org
| https://nmap.org
|-
|-
| arpwatch
| {{pkg|arpwatch}}
| An ethernet monitoring program  
| An ethernet monitoring program  
| https://ee.lbl.gov/
| https://ee.lbl.gov/
|-
|-
| nfswatch
| {{pkg|p0f}}
| An NFS traffic monitoring tool
| https://nfswatch.sourceforge.net/
|-
| p0f
| Passive traffic fingerprinting tool
| Passive traffic fingerprinting tool
| https://lcamtuf.coredump.cx/p0f3/
| https://lcamtuf.coredump.cx/p0f3/
|-
|-
| hping3
| {{pkg|hping3}}
| A ping-like TCP/IP packet assembler/analyzer
| A ping-like TCP/IP packet assembler/analyzer
| <p>http://www.hping.org/{{insecure url|Connection refused on HTTPS}}</p>
| <p><s><nowiki>http://www.hping.org/</nowiki></s> <small>(Website down, alternates are: http://wiki.hping.org/{{insecure url|HTTPS connection refused}} and https://github.com/antirez/hping )</small></p>
|-
|-
| sslscan
| {{pkg|sslscan}}
| Security assessment tool for SSL
| fast SSL/TLS configuration scanner
| https://sourceforge.net/projects/sslscan/
| https://github.com/rbsec/sslscan
|-
|-
| httpry
| {{pkg|httpry}}
| A packet sniffer designed for HTTP traffic
| A packet sniffer designed for HTTP traffic
| https://dumpsterventures.com/jason/httpry
| https://dumpsterventures.com/jason/httpry
|-
|-
| bannergrab
| {{pkg|bannergrab}}
| A banner grabbing tool
| A banner grabbing tool
| https://sourceforge.net/projects/bannergrab
| https://sourceforge.net/projects/bannergrab
|-
|-
| dnstop
| {{pkg|dnstop}}
| A DNS traffic capture utility
| A DNS traffic capture utility
| <p>http://dns.measurement-factory.com/tools/dnstop/{{insecure url|Invalid certificate on HTTPS}}</p>
| <p>http://dns.measurement-factory.com/tools/dnstop/{{insecure url|Invalid certificate on HTTPS}}</p>
|-
|-
| flunym0us
| {{pkg|swaks}}
| A vulnerability scanner for wordpress and moodle
| https://code.google.com/archive/p/flunym0us/
|-
| swaks
| A transaction-oriented SMTP test tool
| A transaction-oriented SMTP test tool
| https://www.jetmore.org/john/code/swaks/
| https://www.jetmore.org/john/code/swaks/
|-
|-
| onesixtyone
| {{pkg|mitmproxy}}
| An efficient SNMP scanner
| <p>http://www.phreedom.org/software/onesixtyone/{{insecure url|HTTPS times out}}</p>
|-
| mitmproxy
| An interactive SSL-capable intercepting HTTP proxy
| An interactive SSL-capable intercepting HTTP proxy
| https://www.mitmproxy.org/
| https://www.mitmproxy.org/
|-
|-
| hexinject
| {{pkg|hexinject}}
| A very versatile packet injector and sniffer
| A very versatile packet injector and sniffer
| https://hexinject.sourceforge.net/
| https://hexinject.sourceforge.net/
|-
|-
| [[Setting up OpenVAS9|openvas]]
| {{pkg|openvas-scanner}}
| Vulnerability scanner and manager
| Vulnerability scanner and manager
| https://www.openvas.org/
| https://www.openvas.org/
|}
|}


<!-- ToDo
<!-- ToDo
whatweb
A website fingerprinter
https://www.morningstarsecurity.com/research/whatweb
blindelephant
A web application fingerprinter
https://blindelephant.sourceforge.net/


dpkt
dpkt
Line 333: Line 214:
https://code.google.com/p/dpkt/
https://code.google.com/p/dpkt/


Wireplay
A minimalist approach to replay pcap dumped TCP sessions with modification as required.
https://code.google.com/p/wireplay/
|-
| ike-scan
| An IPsec VPN scanning, fingerprinting, and testing tool
| http://www.nta-monitor.com/tools/ike-scan/
https://inguma.sourceforge.net/
* nuttcp https://www.nuttcp.net
* nuttcp https://www.nuttcp.net
* argus https://qosient.com/argus/
* tcpick https://tcpick.sourceforge.net/
* tcpreen -- A TCP/IP re-engineering and monitoring program
* tcpdump -- A network traffic monitoring tool
* tcpdump -- A network traffic monitoring tool
* tcpflow -- Network traffic recorder
* tcpflow -- Network traffic recorder
* tcpick -- A tcp stream sniffer, tracker and capturer
* tcping -- Check of TCP connection to a given IP/Port
* tcpjunk -- TCP protocols testing tool
* tcpreplay -- Replay captured network traffic
* tcpreplay -- Replay captured network traffic
* tcptraceroute -- A traceroute implementation using TCP packets
* tcptraceroute -- A traceroute implementation using TCP packets
* tcptrack -- Displays information about tcp connections on a network interface
* tcputils -- Utilities for TCP programming in shell-scripts
* tcp_wrappers -- A security tool which acts as a wrapper for TCP daemons
* tcpxtract -- Tool for extracting files from network traffic
* ttcp A tool for testing TCP connections http://www.pcausa.com/Utilities/pcattcp.htm
* unicornscan http://www.unicornscan.org/
* dsniff - Tools for network auditing and penetration testing
* httpry https://dumpsterventures.com/jason/httpry/
* justniffer
* dietsniff
* Nast http://nast.berlios.de/
* brutessh http://www.edge-security.com/brutessh.php
* ettercap https://ettercap.sourceforge.net/ A network traffic sniffer/analyser
* ettercap https://ettercap.sourceforge.net/ A network traffic sniffer/analyser
* icmpshell A tool that only uses ICMP for connections https://icmpshell.sourceforge.net/
https://code.google.com/p/yapscan/
egressor http://packetfactory.openwall.net/projects/egressor/
arpoc http://www.phenoelit.org/arpoc/index.html
loadbalancer-finder https://code.google.com/p/loadbalancer-finder/


-->
-->
Line 384: Line 231:
! URL
! URL
|-
|-
| wbox
| {{pkg|lynis}}
| HTTP testing tool and configuration-less HTTP server
| Security and system auditing tool
| <p>http://www.hping.org/wbox/{{insecure url|Unable to connect on HTTPS}}</p>
| https://cisofy.com/lynis/
|-
|-
| slowhttptest
| {{pkg|nikto}}
| An application Layer DoS attack simulator
| https://github.com/shekyan/slowhttptest
|-
| nikto
| A web application security scanner
| A web application security scanner
| https://www.cirt.net/Nikto2
| https://www.cirt.net/Nikto2
|-
| {{pkg|sqlmap}}
| Automatic SQL injection and database takeover tool
| https://sqlmap.org/
|-
| {{pkg|zaproxy}}
| OWASP Zed Attack Proxy web app scanner
| https://www.zaproxy.org/
|}
|}
<!--
|-
| arachni
| Web application security scanner framework
| https://arachni-scanner.com/
|
wpscan https://wpscan.org/ A vulnerability scanner for WordPress installations
http://www.rootkit.nl/projects/lynis.html
wapiti https://www.ict-romulus.eu/web/wapiti/home
* proxystrike http://www.edge-security.com/proxystrike.php
* sqlmap https://sqlmap.sourceforge.net/
* ratproxy - A passive web application security assessment tool
* sqlninja
* fimap A little tool for local and remote file inclusion auditing and exploitation https://code.google.com/p/fimap/
* burpproxy
mysqlenum An automatic blind SQL injection tool
mole themole.nasel.com.ar
http://motomastyle.com/pyloris/
http://www.buck-security.org/buck-security.html
http://freecode.com/projects/trusion
http://www.parosproxy.org/
BeEF  https://beefproject.com/
https://code.google.com/p/zaproxy/
https://code.google.com/p/webapptools/
slowhttptest An application Layer DoS attack simulator  https://code.google.com/p/slowhttptest/
https://code.google.com/p/ghost-phisher/
https://code.google.com/p/fern-wifi-cracker/
https://code.google.com/p/intrinsec-xmlrpc-scanner/
https://code.google.com/p/gsploit/
patator A multi-purpose brute-forcer, with a modular design and a flexible usage https://code.google.com/p/patator/
-->


== Network statistics ==
== Network statistics ==
Line 438: Line 255:
! URL
! URL
|-
|-
| iperf
| {{pkg|iperf}}
| Tool to measure IP bandwidth using UDP or TCP
| Tool to measure IP bandwidth using UDP or TCP
| https://github.com/esnet/iperf
| https://github.com/esnet/iperf
|-
|-
| iptraf-ng
| {{pkg|iptraf-ng}}
| A console-based network monitoring utility  
| A console-based network monitoring utility  
| https://fedorahosted.org/iptraf-ng/
| https://fedorahosted.org/iptraf-ng/
|-
|-
| iptop
| {{pkg|iftop}}
| Command line tool that displays bandwidth usage on an interface  
| Command line tool that displays bandwidth usage on an interface  
| https://www.ex-parrot.com/~pdw/iftop/
| https://www.ex-parrot.com/~pdw/iftop/
|-
|-
| fping
| {{pkg|fping}}
| A utility to ping multiple hosts at once
| A utility to ping multiple hosts at once
| https://fping.sourceforge.net/
| https://fping.sourceforge.net/
|-
|-
| mtr
| {{pkg|mtr}}
| Full screen ncurses traceroute tool
| Full screen ncurses traceroute tool
| https://www.bitwizard.nl/mtr/
| https://www.bitwizard.nl/mtr/
|-
|-
| speedometer
| {{pkg|nfdump}}
| Measure and display the rate of data across a network connection or data being stored in a file
| https://excess.org/speedometer/
|-
| nfdump
| The nfdump tools collect and process netflow data on the command line
| The nfdump tools collect and process netflow data on the command line
| https://github.com/phaag/nfdump
| https://github.com/phaag/nfdump
|-
|-
| nethogs
| {{pkg|nethogs}}
| Top-like monitor for network traffic
| Top-like monitor for network traffic
| https://raboof.github.io/nethogs/
| https://raboof.github.io/nethogs/
|-
|-
| iptstate
| {{pkg|iptstate}}
| Top-like interface to netfilter connection-tracking table
| Top-like interface to netfilter connection-tracking table
| https://www.phildev.net/iptstate/
| https://www.phildev.net/iptstate/
|}
|}
<!--
EthStatus
nttcp
netio http://www.ars.de/ars/ars.nsf/docs/netio
-->


== Misc tools ==
== Misc tools ==
Line 490: Line 296:
! URL
! URL
|-
|-
| bash-completion
| {{pkg|bash-completion}}
| Command-line tab-completion for bash
| Command-line tab-completion for bash
| https://bash-completion.alioth.debian.org/{{dead link}}
| https://github.com/scop/bash-completion
|-
|-
| clamav
| {{pkg|clamav}}
| An anti-virus toolkit for UNIX
| An anti-virus toolkit for UNIX
| https://www.clamav.net
| https://www.clamav.net
|-
|-
| p7zip
| {{pkg|7zip}}
| A command-line port of the 7zip compression utility
| A command-line port of the 7zip compression utility
| https://p7zip.sourceforge.net/
| https://7-zip.org/
|-
|-
| nano
| {{pkg|nano}}
| A simple ncurses text editor
| A simple ncurses text editor
| https://www.nano-editor.org/
| https://www.nano-editor.org/
|-
|-
| rsync
| {{pkg|rsync}}
| A file transfer program to keep remote files in sync
| A file transfer program to keep remote files in sync
| https://rsync.samba.org/
| https://rsync.samba.org/
|-
|-
| screen
| {{pkg|screen}}
| A terminal multiplexer, used to multiplex several virtual consoles. Similar to "tmux" below
| A terminal multiplexer, used to multiplex several virtual consoles. Similar to "tmux" below
| https://www.gnu.org/software/screen/
| https://www.gnu.org/software/screen/
|-
|-
| tmux
| {{pkg|tmux}}
| A terminal multiplexer, used to multiplex several virtual consoles. Similar to "screen" above
| A terminal multiplexer, used to multiplex several virtual consoles. Similar to "screen" above
| https://tmux.github.io/
| https://tmux.github.io/
|-
|-
| multitail
| {{pkg|multitail}}
| A tool to view one or multiple files
| A tool to view one or multiple files
| https://www.vanheusden.com/multitail
| https://www.vanheusden.com/multitail
|-
|-
| shed
| {{pkg|e2fsprogs}}
| A simple hex editor
| https://shed.sourceforge.net/
|-
| e2fsprogs
| Standard Ext2/3/4 filesystem utilities
| Standard Ext2/3/4 filesystem utilities
| https://e2fsprogs.sourceforge.net/
| https://e2fsprogs.sourceforge.net/
|-
|-
| openssh
| {{pkg|openssh}}
| An open source implementation of SSH protocol versions 1 and 2
| An open source implementation of SSH protocol versions 1 and 2
| https://www.openssh.com/
| https://www.openssh.com/
|-
|-
| passwdgen
| {{pkg|partclone}}
| A random password generator
| https://code.google.com/archive/p/passwdgen/
|-
| partclone
| Back up and restore used-blocks of a partition  
| Back up and restore used-blocks of a partition  
| https://partclone.org/
| https://partclone.org/
|-
|-
| sshguard
| {{pkg|sshguard}}
| Log monitor that blocks with iptables on bad behaviour
| Log monitor that blocks with iptables on bad behaviour
| https://www.sshguard.net/
| https://www.sshguard.net/
|-
|-
| proxychains
| {{pkg|proxychains-ng}}
| A tool that forces any TCP connection through proxies
| A tool that forces any TCP connection through proxies
| https://proxychains.sourceforge.net
| https://github.com/rofl0r/proxychains-ng
|-
|-
| knock
| {{pkg|knock}}
| A simple port-knocking daemon
| A simple port-knocking daemon
| https://www.zeroflux.org/projects/knock
| https://github.com/TDFKAOlli/knock
|-
|-
| logcheck
| {{pkg|logcheck}}
| A simple utility which is designed to allow a system administrator to view the logfiles
| A simple utility which is designed to allow a system administrator to view the logfiles
| https://logcheck.org{
| https://logcheck.org
|-
|-
| mc
| {{pkg|mc}}
| A visual file manager
| A visual file manager
| https://www.midnight-commander.org/
| https://midnight-commander.org/
|-
|-
| makepasswd
| {{pkg|makepasswd}}
| Generates (pseudo-)random passwords of a desired length
| Generates (pseudo-)random passwords of a desired length
| https://people.defora.org/~khorben/projects/makepasswd/{{dead link}}
| https://www.defora.org/os/project/117/makepasswd
|-
|-
| lnav
| {{pkg|lnav}}
| A curses-based tool for viewing and analyzing log files
| A curses-based tool for viewing and analyzing log files
| https://lnav.org
| https://lnav.org
|-
|-
| goaccess
| {{pkg|goaccess}}
| A real-time web log analyzer and interactive viewer
| A real-time web log analyzer and interactive viewer
| https://goaccess.io/
| https://goaccess.io/
Line 588: Line 386:
| https://www.cipherdyne.org/fwknop/
| https://www.cipherdyne.org/fwknop/


chkrootkit
bonesi https://code.google.com/p/bonesi/
-->
-->


Line 600: Line 396:
! URL
! URL
|-
|-
| sipp
| {{pkg|sipp}}
| A test tool / traffic generator for the SIP protocol
| A test tool / traffic generator for the SIP protocol
| https://sipp.sourceforge.net/
| https://sipp.sourceforge.net/
|-
|-
| voiphopper
| {{pkg|sipsak}}
| A VLAN Hop security test
| https://voiphopper.sourceforge.net/
|-
| sipvicious
| Tools for auditing SIP based VoIP systems
| https://github.com/EnableSecurity/sipvicious
|-
| sipcrack
| A SIP protocol login cracker
| https://packages.debian.org/sipcrack
|-
| sipsak
| SIP swiss army knife
| SIP swiss army knife
| https://sipsak.org/{{dead link}}
| https://github.com/nils-ohlmeier/sipsak
|-
| smap
| A simple scanner for SIP enabled devices
| https://www.wormulon.net/smap{{dead link}}
|}
|}
<!--
|-
| oreka
| An audio stream recording and retrieval system
| https://oreka.sourceforge.net/
|-
| sipflanker
| Finder for vulnerable Web GUIs deployed by IP phones and PBXs
| https://code.google.com/p/sipflanker/
ucsniff A VoIP and IP video security assessment tool https://ucsniff.sourceforge.net/
videosharf
-->


== Wireless ==
== Wireless ==
Line 647: Line 413:
! URL
! URL
|-
|-
| weplab
| {{pkg|aircrack-ng}}
| Analyzing WEP encryption security on wireless networks
| 802.11 (wireless) sniffer and WEP/WPA-PSK key cracker
| https://weplab.sourceforge.net/{{dead link}}
| https://www.aircrack-ng.org/
|-
|-
| kismet
| {{pkg|kismet}}
| A WLAN detector, sniffer, and IDS
| A WLAN detector, sniffer, and IDS
| https://www.kismetwireless.org/
| https://www.kismetwireless.org/
|-
|-
| cowpatty
| {{pkg|reaver-wps-fork-t6x}}
| Attacking WPA/WPA2-PSK exchanges
| WPS Password Cracker
| https://www.willhackforsushi.com/Cowpatty.html{{dead link}}
| https://github.com/t6x/reaver-wps-fork-t6x
|-
|-
| wavemon
| {{pkg|wavemon}}
| Ncurses-based monitoring application for wireless network devices
| Ncurses-based monitoring application for wireless network devices
| https://github.com/uoaerg/wavemon
| https://github.com/uoaerg/wavemon
|}
|}
<!-- Todo
|-
| aircrack-ng
| 802.11 (wireless) sniffer and WEP/WPA-PSK key cracker
| https://www.aircrack-ng.org/
* pgpry PGP private key recovery https://pgpry.sourceforge.net/
* airsnarf A rogue AP setup utility http://airsnarf.shmoo.com/
* lorcon http://802.11ninja.net/lorcon/ A library for injecting 802.11 (WLAN) frames
quickset A suite of tools designed to setup the basics for a PenTest https://code.google.com/p/quickset/
wifite An automated wireless auditor https://code.google.com/p/wifite/
reaver Brute force attack against Wifi Protected Setup https://code.google.com/p/reaver-wps/
-->


== Intrusion detection ==
== Intrusion detection ==
Line 687: Line 438:
! URL
! URL
|-
|-
| nebula
| {{pkg|nebula}}
| An Intrusion Signature Generator
| An Intrusion Signature Generator
| https://nebula.carnivore.it/{{dead link}}
| https://github.com/slackhq/nebula
|-
|-
| snort
| {{pkg|snort}}
| A network intrusion prevention and detection system
| A network intrusion prevention and detection system
| https://www.snort.org/
| https://www.snort.org/
|}
|}
<!--
aide| Intrusion detection environment
chkrootkit| Tool to locally check for signs of a rootkit
honeyd| Honeypot daemon
labrea| Tarpit (slow to a crawl) worms and port scanners
pads| Passive Asset Detection System
rkhunter| A host-based tool to scan for rootkits, backdoors and local exploits
tiger| Security auditing on UNIX systems| https://www.nongnu.org/tiger/
prelude-lml| The prelude log analyzer
prewikka| Graphical front-end analysis console for the Prelude Hybrid IDS * Framework
prelude-manager| Prelude-Manager
nemesis|A TCP/IP packet injection tool| https://nemesis.sourceforge.net/
inundator| An IDS detection false positives generator| https://inundator.sourceforge.net/
-->


<!--
<!--
Line 720: Line 456:


[[Category:ISO]]
[[Category:ISO]]
[[Category:Security]]

Latest revision as of 08:53, 7 July 2024

This material is obsolete ...

See notice on Alpine Security and Rescue (Discuss)

Basics

Name Description URL
alpine-base Alpine base package https://pkgs.alpinelinux.org/packages?name=alpine-base
alpine-mirrors List of Official Alpine Linux Mirrors https://mirrors.alpinelinux.org/
kbd-bkeymaps Binary keymaps for busybox https://pkgs.alpinelinux.org/packages?name=kbd-bkeymaps
network-extras Meta package to pull in vlan, bonding, bridge and wifi support https://pkgs.alpinelinux.org/packages?name=network-extras
openssl Toolkit for TLS https://www.openssl.org/
tzdata Timezone data https://www.iana.org/time-zones

Code Analysis

Name Description URL
py3-pylint Analyzes Python code looking for bugs and signs of poor quality https://pypi.org/project/pylint/
flawfinder Examines C/C++ source code for security flaws https://www.dwheeler.com/flawfinder/
py3-pyflakes A passive checker of Python programs https://launchpad.net/pyflakes
strace A useful diagnositic, instructional, and debugging tool https://strace.io/
valgrind A tool for finding memory-management problems https://valgrind.org/

Forensics / Data recovery tools

Name Description URL
ddrescue Data recovery tool for block devices with errors https://www.gnu.org/s/ddrescue/ddrescue.html
testdisk A powerful free data recovery software https://www.cgsecurity.org/wiki/TestDisk
scrub Disk scrubbing program https://code.google.com/archive/p/diskscrub/
ncdu A curses-based version of the well-known "du" https://dev.yorhel.nl/ncdu
htop An interactive process viewer for Linux https://htop.dev/
wipe Tool for securely erasing files from magnetic media https://wipe.sourceforge.net/
jhead An Exif jpeg header manipulation tool https://www.sentex.net/~mwandel/jhead/


Reconnaissance

Name Description URL
arpon ARP handler inspection https://arpon.sourceforge.io/
dnsenum A tool to enumerate DNS info about domains https://github.com/fwaeytens/dnsenum
scanssh Fast SSH server and open proxy scanner https://monkey.org/~provos/scanssh/
ngrep Network layer grep tool https://github.com/jpr5/ngrep/
scapy Interactive packet manipulation tool and network scanner https://scapy.net/
socat Bidirectional data relay between two data channels ('netcat++')

http://www.dest-unreach.org/socat/ 🔓

tcpdump A network traffic monitoring tool https://www.tcpdump.org/
tcpflow A tool for monitoring, capturing and storing TCP connections flows https://github.com/simsong/tcpflow
nmap A network exploration tool and security/port scanner https://nmap.org
arpwatch An ethernet monitoring program https://ee.lbl.gov/
p0f Passive traffic fingerprinting tool https://lcamtuf.coredump.cx/p0f3/
hping3 A ping-like TCP/IP packet assembler/analyzer

http://www.hping.org/ (Website down, alternates are: http://wiki.hping.org/ 🔓 and https://github.com/antirez/hping )

sslscan fast SSL/TLS configuration scanner https://github.com/rbsec/sslscan
httpry A packet sniffer designed for HTTP traffic https://dumpsterventures.com/jason/httpry
bannergrab A banner grabbing tool https://sourceforge.net/projects/bannergrab
dnstop A DNS traffic capture utility

http://dns.measurement-factory.com/tools/dnstop/ 🔓

swaks A transaction-oriented SMTP test tool https://www.jetmore.org/john/code/swaks/
mitmproxy An interactive SSL-capable intercepting HTTP proxy https://www.mitmproxy.org/
hexinject A very versatile packet injector and sniffer https://hexinject.sourceforge.net/
openvas-scanner Vulnerability scanner and manager https://www.openvas.org/


Application Testing

Name Description URL
lynis Security and system auditing tool https://cisofy.com/lynis/
nikto A web application security scanner https://www.cirt.net/Nikto2
sqlmap Automatic SQL injection and database takeover tool https://sqlmap.org/
zaproxy OWASP Zed Attack Proxy web app scanner https://www.zaproxy.org/

Network statistics

Name Description URL
iperf Tool to measure IP bandwidth using UDP or TCP https://github.com/esnet/iperf
iptraf-ng A console-based network monitoring utility https://fedorahosted.org/iptraf-ng/
iftop Command line tool that displays bandwidth usage on an interface https://www.ex-parrot.com/~pdw/iftop/
fping A utility to ping multiple hosts at once https://fping.sourceforge.net/
mtr Full screen ncurses traceroute tool https://www.bitwizard.nl/mtr/
nfdump The nfdump tools collect and process netflow data on the command line https://github.com/phaag/nfdump
nethogs Top-like monitor for network traffic https://raboof.github.io/nethogs/
iptstate Top-like interface to netfilter connection-tracking table https://www.phildev.net/iptstate/

Misc tools

Name Description URL
bash-completion Command-line tab-completion for bash https://github.com/scop/bash-completion
clamav An anti-virus toolkit for UNIX https://www.clamav.net
7zip A command-line port of the 7zip compression utility https://7-zip.org/
nano A simple ncurses text editor https://www.nano-editor.org/
rsync A file transfer program to keep remote files in sync https://rsync.samba.org/
screen A terminal multiplexer, used to multiplex several virtual consoles. Similar to "tmux" below https://www.gnu.org/software/screen/
tmux A terminal multiplexer, used to multiplex several virtual consoles. Similar to "screen" above https://tmux.github.io/
multitail A tool to view one or multiple files https://www.vanheusden.com/multitail
e2fsprogs Standard Ext2/3/4 filesystem utilities https://e2fsprogs.sourceforge.net/
openssh An open source implementation of SSH protocol versions 1 and 2 https://www.openssh.com/
partclone Back up and restore used-blocks of a partition https://partclone.org/
sshguard Log monitor that blocks with iptables on bad behaviour https://www.sshguard.net/
proxychains-ng A tool that forces any TCP connection through proxies https://github.com/rofl0r/proxychains-ng
knock A simple port-knocking daemon https://github.com/TDFKAOlli/knock
logcheck A simple utility which is designed to allow a system administrator to view the logfiles https://logcheck.org
mc A visual file manager https://midnight-commander.org/
makepasswd Generates (pseudo-)random passwords of a desired length https://www.defora.org/os/project/117/makepasswd
lnav A curses-based tool for viewing and analyzing log files https://lnav.org
goaccess A real-time web log analyzer and interactive viewer https://goaccess.io/


VoIP

Name Description URL
sipp A test tool / traffic generator for the SIP protocol https://sipp.sourceforge.net/
sipsak SIP swiss army knife https://github.com/nils-ohlmeier/sipsak

Wireless

Name Description URL
aircrack-ng 802.11 (wireless) sniffer and WEP/WPA-PSK key cracker https://www.aircrack-ng.org/
kismet A WLAN detector, sniffer, and IDS https://www.kismetwireless.org/
reaver-wps-fork-t6x WPS Password Cracker https://github.com/t6x/reaver-wps-fork-t6x
wavemon Ncurses-based monitoring application for wireless network devices https://github.com/uoaerg/wavemon

Intrusion detection

Name Description URL
nebula An Intrusion Signature Generator https://github.com/slackhq/nebula
snort A network intrusion prevention and detection system https://www.snort.org/