Alpine security: Difference between revisions

From Alpine Linux
(Add "Category:Security")
 
(144 intermediate revisions by 7 users not shown)
Line 1: Line 1:
{{Note|This is work in progress. Not all packages are available at the moment}}
{{obsolete|See notice on [[Alpine Security and Rescue]]}}
 
 
Alpine Security provides a toolset to work on security auditing, forensics, system rescue, and teaching security testing methodologies.


== Basics ==
== Basics ==
Line 14: Line 11:
| alpine-base
| alpine-base
| Alpine base package
| Alpine base package
| http://alpinelinux.org
| https://pkgs.alpinelinux.org/packages?name=alpine-base
|-
|-
| alpine-mirrors
| alpine-mirrors
| List of Alpine Linux Mirrors
| List of Official Alpine Linux Mirrors
| http://alpinelinux.org/
| https://mirrors.alpinelinux.org/
|-
|-
| bkeymaps
| kbd-bkeymaps
| Binary keymaps for busybox
| Binary keymaps for busybox
| http://dev.alpinelinux.org/alpine/bkeymaps
| https://pkgs.alpinelinux.org/packages?name=kbd-bkeymaps
|-
| network-extras
| Meta package to pull in vlan, bonding, bridge and wifi support
| https://pkgs.alpinelinux.org/packages?name=network-extras
|-
| {{pkg|openssl}}
| Toolkit for TLS
| https://www.openssl.org/
|-
| {{pkg|tzdata}}
| Timezone data
| https://www.iana.org/time-zones
|}
|}


Line 33: Line 42:
! URL
! URL
|-
|-
| rpmlint
| {{pkg|py3-pylint}}
| A tool for checking common errors in RPM packages
| http://rpmlint.zarb.org
 
|-
| pylint
| Analyzes Python code looking for bugs and signs of poor quality
| Analyzes Python code looking for bugs and signs of poor quality
| http://pypi.python.org/pypi/pylint
| https://pypi.org/project/pylint/
|-
|-
| flawfinder
| {{pkg|flawfinder}}
| Examines C/C++ source code for security flaws
| Examines C/C++ source code for security flaws
| http://www.dwheeler.com/flawfinder/
| https://www.dwheeler.com/flawfinder/
|-
|-
| rats
| {{pkg|py3-pyflakes}}
| A tool to find security related programming errors
| A passive checker of Python programs
| https://www.fortify.com/ssa-elements/threat-intelligence/rats.html
| https://launchpad.net/pyflakes
|}
 
<!--
Todo
 
|-
|-
| splint
| {{pkg|strace}}
| An implementation of the lint program
| A useful diagnositic, instructional, and debugging tool
| http://www.splint.org/
| https://strace.io/
|-
|-
| valgrind
| {{pkg|valgrind}}
| A tool for finding memory-management problems
| A tool for finding memory-management problems
| http://valgrind.org/
| https://valgrind.org/
|-
|}
| pscan
| Limited problem scanner for C source files
|
-->


== Forensics / Data recovery tools ==
== Forensics / Data recovery tools ==
Line 76: Line 71:
! URL
! URL
|-
|-
| dc3dd
| {{pkg|ddrescue}}
| Patched version of GNU dd for use in computer forensics
| Data recovery tool for block devices with errors
| http://dc3dd.sourceforge.net/
| https://www.gnu.org/s/ddrescue/ddrescue.html
|-
|-
| testdisk
| {{pkg|testdisk}}
| A powerful free data recovery software
| A powerful free data recovery software
| http://www.cgsecurity.org/wiki/TestDisk
| https://www.cgsecurity.org/wiki/TestDisk
|-
|-
| scrub
| {{pkg|scrub}}
| Disk scrubbing program
| Disk scrubbing program
| http://code.google.com/p/diskscrub/
| https://code.google.com/archive/p/diskscrub/
|-
|-
| ncdu
| {{pkg|ncdu}}
| A curses-based version of the well-known "du"
| A curses-based version of the well-known "du"
| http://dev.yorhel.nl/ncdu
| https://dev.yorhel.nl/ncdu
|-
|-
| htop
| {{pkg|htop}}
| An interactive process viewer for Linux
| An interactive process viewer for Linux
| http://htop.sourceforge.net/
| https://htop.dev/
|-
|-
| mac-robber
| {{pkg|wipe}}
| A tool that collects data from allocated files in a mounted file system
| Tool for securely erasing files from magnetic media
| http://www.sleuthkit.org/mac-robber/desc.php
| https://wipe.sourceforge.net/
|-
|-
| wipe
| {{pkg|jhead}}
| Tool for securely erasing files from magnetic media
| An Exif jpeg header manipulation tool
| http://lambda-diode.com/software/wipe/
| https://www.sentex.net/~mwandel/jhead/
|}
|}


<!-- ToDo
<!-- ToDo


| diskrescue
|-
| GNU data recovery tool
| aimage
| http://www.gnu.org/software/ddrescue/ddrescue.html
| Advanced Disk Imager (part of krita now???)
| extcarve
| https://www.afflib.org
| safecopy
|-
| A data recovery tool
| fiwalk (part of sleuthkit now???)
| http://safecopy.sourceforge.net/
| Batch analysis of a disk image
* scalpel Fast file carver working on disk images http://www.digitalforensicssolutions.com/Scalpel/
| https://www.afflib.org
* afftools - Utilities for afflib http://afflib.org/
* examiner - Utility to disassemble and comment foreign executable binaries
* firstaidkit - System Rescue Tool
* foremost - Recover files by "carving" them from a raw disk
* hexedit - A hexadecimal file viewer and editor
* ntfs-3g - Linux NTFS userspace driver
* ntfs-3g - Linux NTFS userspace driver
* ntfsprogs - NTFS filesystem libraries and utilities
* scanmem - Simple interactive debugging utility
* sleuthkit - The Sleuth Kit (TSK)
* sleuthkit - The Sleuth Kit (TSK)
* srm - Secure file deletion
 
* unhide - Tool to find hidden processes and TCP/UDP ports from rootkits
chntpw
Hydra
volatility3 An advanced memory forensics framework https://github.com/volatilityfoundation/volatility3
pdfcrack A Password Recovery Tool for PDF files https://pdfcrack.sourceforge.net/
-->
-->


Line 136: Line 127:
! URL
! URL
|-
|-
| arpon
| {{pkg|arpon}}
| ARP handler inspection
| ARP handler inspection
| http://arpon.sourceforge.net/
| https://arpon.sourceforge.io/
|-
|-
| dnsenum
| {{pkg|dnsenum}}
| A tool to enumerate DNS info about domains
| A tool to enumerate DNS info about domains
| http://code.google.com/p/dnsenum/
| https://github.com/fwaeytens/dnsenum
|-
| halberd
| A tool to discover HTTP load balancers
| http://halberd.superadditive.com/
|-
|-
| scanssh
| {{pkg|scanssh}}
| Fast SSH server and open proxy scanner
| Fast SSH server and open proxy scanner
| http://monkey.org/~provos/scanssh/
| https://monkey.org/~provos/scanssh/
|-
|-
| ngrep
| {{pkg|ngrep}}
| Network layer grep tool
| Network layer grep tool
| http://ngrep.sourceforge.net/
| https://github.com/jpr5/ngrep/
|-
|-
| netsniff-ng
| {{pkg|scapy}}
| A performant Linux network analyzer and networking toolkit
| http://netsniff-ng.org/
|-
| scapy
| Interactive packet manipulation tool and network scanner
| Interactive packet manipulation tool and network scanner
| http://www.secdev.org/projects/scapy/
| https://scapy.net/
|-
|-
| socat
| {{pkg|socat}}
| Bidirectional data relay between two data channels ('netcat++')
| Bidirectional data relay between two data channels ('netcat++')
| http://www.dest-unreach.org/socat/
| <p>http://www.dest-unreach.org/socat/{{insecure url|Self-signed certificate on HTTPS}}</p>
|-
|-
| tcpdump
| {{pkg|tcpdump}}
| A network traffic monitoring tool
| A network traffic monitoring tool
| http://www.tcpdump.org/
| https://www.tcpdump.org/
|-
| {{pkg|tcpflow}}
| A tool for monitoring, capturing and storing TCP connections flows
| https://github.com/simsong/tcpflow
|-
|-
| tcptrack
| {{pkg|nmap}}
| Displays information about tcp connections on a network interface
| A network exploration tool and security/port scanner
| http://www.rhythm.cx/~steve/devel/tcptrack/
| https://nmap.org
|-
|-
| tcpflow
| {{pkg|arpwatch}}
| A tool for monitoring, capturing and storing TCP connections flows
| An ethernet monitoring program
| http://www.circlemud.org/~jelson/software/tcpflow/
| https://ee.lbl.gov/
|-
| {{pkg|p0f}}
| Passive traffic fingerprinting tool
| https://lcamtuf.coredump.cx/p0f3/
|-
| {{pkg|hping3}}
| A ping-like TCP/IP packet assembler/analyzer
| <p><s><nowiki>http://www.hping.org/</nowiki></s> <small>(Website down, alternates are: http://wiki.hping.org/{{insecure url|HTTPS connection refused}} and https://github.com/antirez/hping )</small></p>
|-
| {{pkg|sslscan}}
| fast SSL/TLS configuration scanner
| https://github.com/rbsec/sslscan
|-
| {{pkg|httpry}}
| A packet sniffer designed for HTTP traffic
| https://dumpsterventures.com/jason/httpry
|-
| {{pkg|bannergrab}}
| A banner grabbing tool
| https://sourceforge.net/projects/bannergrab
|-
|-
| tcpproxy
| {{pkg|dnstop}}
| Transparent TCP Proxy
| A DNS traffic capture utility
| http://www.quietsche-entchen.de/cgi-bin/wiki.cgi/proxies/TcpProxy
| <p>http://dns.measurement-factory.com/tools/dnstop/{{insecure url|Invalid certificate on HTTPS}}</p>
|-
|-
| etherdump
| {{pkg|swaks}}
| An extremely small packet sniffer
| A transaction-oriented SMTP test tool
| http://freshmeat.net/projects/etherdump/
| https://www.jetmore.org/john/code/swaks/
|-
|-
| netdiscover
| {{pkg|mitmproxy}}
| A network address discovering tool
| An interactive SSL-capable intercepting HTTP proxy
| http://sourceforge.net/projects/netdiscover/
| https://www.mitmproxy.org/
|-
|-
| arpwatch
| {{pkg|hexinject}}
| An ethernet monitoring program
| A very versatile packet injector and sniffer
| http://www-nrg.ee.lbl.gov/
| https://hexinject.sourceforge.net/
|-
|-
| nfswatch
| {{pkg|openvas-scanner}}
| An NFS traffic monitoring tool
| Vulnerability scanner and manager
| http://nfswatch.sourceforge.net/
| https://www.openvas.org/
|}
|}


<!-- ToDo
dpkt
python packet creation / parsing library
https://code.google.com/p/dpkt/


<!-- ToDo
* nuttcp https://www.nuttcp.net
* nuttcp http://www.nuttcp.net
* argus http://qosient.com/argus/
* tcpick http://tcpick.sourceforge.net/
* tcpreen -- A TCP/IP re-engineering and monitoring program
* tcpdump -- A network traffic monitoring tool
* tcpdump -- A network traffic monitoring tool
* tcpflow -- Network traffic recorder
* tcpflow -- Network traffic recorder
* tcpick -- A tcp stream sniffer, tracker and capturer
* tcping -- Check of TCP connection to a given IP/Port
* tcpjunk -- TCP protocols testing tool
* tcpreplay -- Replay captured network traffic
* tcpreplay -- Replay captured network traffic
* tcptraceroute -- A traceroute implementation using TCP packets
* tcptraceroute -- A traceroute implementation using TCP packets
* tcptrack -- Displays information about tcp connections on a network interface
* ettercap https://ettercap.sourceforge.net/ A network traffic sniffer/analyser
* tcputils -- Utilities for TCP programming in shell-scripts
 
* tcp_wrappers -- A security tool which acts as a wrapper for TCP daemons
* tcpxtract -- Tool for extracting files from network traffic
* ttcp A tool for testing TCP connections http://www.pcausa.com/Utilities/pcattcp.htm
* unicornscan http://www.unicornscan.org/
* dsniff - Tools for network auditing and penetration testing
* httpry
* justniffer
* dietsniff
* Nast http://nast.berlios.de/
* brutessh http://www.edge-security.com/brutessh.php
* ettercap http://ettercap.sourceforge.net/ A network traffic sniffer/analyser
* icmpshell A tool that only uses ICMP for connections http://icmpshell.sourceforge.net/
-->
-->


==Web Application Testing==
==Application Testing==


{| cellpadding="5" border="1" class="wikitable"
{| cellpadding="5" border="1" class="wikitable"
Line 238: Line 231:
! URL
! URL
|-
|-
| wbox
| {{pkg|lynis}}
| HTTP testing tool and configuration-less HTTP server
| Security and system auditing tool
| http://www.hping.org/wbox/
| https://cisofy.com/lynis/
|-
| {{pkg|nikto}}
| A web application security scanner
| https://www.cirt.net/Nikto2
|-
| {{pkg|sqlmap}}
| Automatic SQL injection and database takeover tool
| https://sqlmap.org/
|-
| {{pkg|zaproxy}}
| OWASP Zed Attack Proxy web app scanner
| https://www.zaproxy.org/
|}
|}


<!--
== Network statistics ==
{| cellpadding="5" border="1" class="wikitable"
|-
! Name
! Description
! URL
|-
| {{pkg|iperf}}
| Tool to measure IP bandwidth using UDP or TCP
| https://github.com/esnet/iperf
|-
| {{pkg|iptraf-ng}}
| A console-based network monitoring utility
| https://fedorahosted.org/iptraf-ng/
|-
| {{pkg|iftop}}
| Command line tool that displays bandwidth usage on an interface
| https://www.ex-parrot.com/~pdw/iftop/
|-
| {{pkg|fping}}
| A utility to ping multiple hosts at once
| https://fping.sourceforge.net/
|-
| {{pkg|mtr}}
| Full screen ncurses traceroute tool
| https://www.bitwizard.nl/mtr/
|-
| {{pkg|nfdump}}
| The nfdump tools collect and process netflow data on the command line
| https://github.com/phaag/nfdump
|-
| {{pkg|nethogs}}
| Top-like monitor for network traffic
| https://raboof.github.io/nethogs/
|-
|-
| xxx
| {{pkg|iptstate}}
| xxx
| Top-like interface to netfilter connection-tracking table
|  
| https://www.phildev.net/iptstate/
|  
|}
* proxystrike http://www.edge-security.com/proxystrike.php
* sqlmap http://sqlmap.sourceforge.net/
* ratproxy - A passive web application security assessment tool
* sqlninja
* burpproxy
-->


== Misc tools ==
== Misc tools ==
Line 264: Line 296:
! URL
! URL
|-
|-
| iptraf
| {{pkg|bash-completion}}
| A console-based network monitoring utility
| Command-line tab-completion for bash
| http://iptraf.seul.org/
| https://github.com/scop/bash-completion
|-
| iptop
| Command line tool that displays bandwidth usage on an interface
| http://www.ex-parrot.com/~pdw/iftop/
|-
|-
| clamav
| {{pkg|clamav}}
| An anti-virus toolkit for UNIX
| An anti-virus toolkit for UNIX
| http://www.clamav.net
| https://www.clamav.net
|-
|-
| p7zip
| {{pkg|7zip}}
| A command-line port of the 7zip compression utility
| A command-line port of the 7zip compression utility
| http://p7zip.sourceforge.net/
| https://7-zip.org/
|-
|-
| nano
| {{pkg|nano}}
| A simple ncurses text editor
| A simple ncurses text editor
| http://www.nano-editor.org/
| https://www.nano-editor.org/
|-
|-
| ethtool
| {{pkg|rsync}}
| ...
| A file transfer program to keep remote files in sync
| ...
| https://rsync.samba.org/
|-
|-
| fping
| {{pkg|screen}}
| A utility to ping multiple hosts at once
| A terminal multiplexer, used to multiplex several virtual consoles. Similar to "tmux" below
| http://fping.sourceforge.net/
| https://www.gnu.org/software/screen/
|-
| {{pkg|tmux}}
| A terminal multiplexer, used to multiplex several virtual consoles. Similar to "screen" above
| https://tmux.github.io/
|-
| {{pkg|multitail}}
| A tool to view one or multiple files
| https://www.vanheusden.com/multitail
|-
| {{pkg|e2fsprogs}}
| Standard Ext2/3/4 filesystem utilities
| https://e2fsprogs.sourceforge.net/
|-
| {{pkg|openssh}}
| An open source implementation of SSH protocol versions 1 and 2
| https://www.openssh.com/
|-
| {{pkg|partclone}}
| Back up and restore used-blocks of a partition
| https://partclone.org/
|-
|-
| rsync
| {{pkg|sshguard}}
| A file transfer program to keep remote files in sync
| Log monitor that blocks with iptables on bad behaviour
| http://rsync.samba.org/
| https://www.sshguard.net/
|-
|-
| screen
| {{pkg|proxychains-ng}}
| A window manager that multiplexes a physical terminal
| A tool that forces any TCP connection through proxies
| http://www.gnu.org/software/screen/
| https://github.com/rofl0r/proxychains-ng
|-
|-
| multitail
| {{pkg|knock}}
| A tool to view one or multiple files
| A simple port-knocking daemon
| http://www.vanheusden.com/multitail
| https://github.com/TDFKAOlli/knock
|-
|-
| shed
| {{pkg|logcheck}}
| A simple hex editor
| A simple utility which is designed to allow a system administrator to view the logfiles
| http://shed.sourceforge.net/
| https://logcheck.org
|-
|-
| mtr
| {{pkg|mc}}
| Full screen ncurses traceroute tool
| A visual file manager
| http://www.bitwizard.nl/mtr/
| https://midnight-commander.org/
|-
|-
| e2fsprogs
| {{pkg|makepasswd}}
| Standard Ext2/3/4 filesystem utilities
| Generates (pseudo-)random passwords of a desired length
| http://e2fsprogs.sourceforge.net/
| https://www.defora.org/os/project/117/makepasswd
|-
|-
| openssh
| {{pkg|lnav}}
| An open source implementation of SSH protocol versions 1 and 2
| A curses-based tool for viewing and analyzing log files
| http://www.openssh.org/
| https://lnav.org
|-
|-
| passwdgen
| {{pkg|goaccess}}
| A random password generator
| A real-time web log analyzer and interactive viewer
| http://code.google.com/p/passwdgen/
| https://goaccess.io/
|}
|}


<!--
<!--
* macchanger An utility for viewing/manipulating the MAC address of network interfaces http://www.alobbs.com/macchanger
| macchanger
| An utility for viewing/manipulating the MAC address of network interfaces
| http://www.alobbs.com/macchanger
 
| denyhosts
| A script to help thwart ssh server attacks
| https://denyhosts.sourceforge.net/
 
| fwknop
| A cobination of port knocking and passive OS fingerprinting
| https://www.cipherdyne.org/fwknop/
 
-->
-->


== Wireless ==
== VoIP==


{| cellpadding="5" border="1" class="wikitable"
{| cellpadding="5" border="1" class="wikitable"
Line 337: Line 396:
! URL
! URL
|-
|-
| weplab
| {{pkg|sipp}}
| Analyzing WEP encryption security on wireless networks
| A test tool / traffic generator for the SIP protocol
| http://weplab.sourceforge.net/
| https://sipp.sourceforge.net/
|-
| kismet
| A WLAN detector, sniffer, and IDS
| http://www.kismetwireless.org/
|-
|-
| cowpatty
| {{pkg|sipsak}}
| Attacking WPA/WPA2-PSK exchanges
| SIP swiss army knife
| http://www.willhackforsushi.com/Cowpatty.html
| https://github.com/nils-ohlmeier/sipsak
|}
|}


== Wireless ==


<!-- Todo
{| cellpadding="5" border="1" class="wikitable"
|-
! Name
! Description
! URL
|-
| {{pkg|aircrack-ng}}
| 802.11 (wireless) sniffer and WEP/WPA-PSK key cracker
| https://www.aircrack-ng.org/
|-
| {{pkg|kismet}}
| A WLAN detector, sniffer, and IDS
| https://www.kismetwireless.org/
|-
|-
| wavemon
| {{pkg|reaver-wps-fork-t6x}}
| 0
| WPS Password Cracker
| An ncurses-based monitoring application for wireless network devices.
| https://github.com/t6x/reaver-wps-fork-t6x
| http://eden-feed.erg.abdn.ac.uk/wavemon/
 
|-
|-
| aircrack-ng
| {{pkg|wavemon}}
| 802.11 (wireless) sniffer and WEP/WPA-PSK key cracker
| Ncurses-based monitoring application for wireless network devices
| http://www.aircrack-ng.org/
| https://github.com/uoaerg/wavemon
 
|}
* pgpry PGP private key recovery http://pgpry.sourceforge.net/
* airsnarf A rogue AP setup utility http://airsnarf.shmoo.com/
* lorcon http://802.11ninja.net/lorcon/ A library for injecting 802.11 (WLAN) frames
-->


== Intrusion detection ==
== Intrusion detection ==
Line 376: Line 438:
! URL
! URL
|-
|-
| nebula
| {{pkg|nebula}}
| An Intrusion Signature Generator
| An Intrusion Signature Generator
| http://nebula.carnivore.it/
| https://github.com/slackhq/nebula
|-
|-
| snort
| {{pkg|snort}}
| A network intrusion prevention and detection system
| A network intrusion prevention and detection system
| http://www.snort.org/
| https://www.snort.org/
|}
|}


<!--
<!--
* aide - Intrusion detection environment
More tools:
* chkrootkit - Tool to locally check for signs of a rootkit
https://sectools.org/tag/new/
* honeyd - Honeypot daemon
https://www.voipsa.org/Resources/tools.php
* labrea - Tarpit (slow to a crawl) worms and port scanners
http://securitytube-tools.net/index.php?title=Welcome_to_SecurityTube_Tools
* pads - Passive Asset Detection System
http://www.goitworld.com/top-15-free-sql-injection-scanners/
* rkhunter - A host-based tool to scan for rootkits, backdoors and local exploits
-->
* tiger Security auditing on UNIX systems http://www.nongnu.org/tiger/
 
* prelude-lml - The prelude log analyzer
[[Category:ISO]]
* prewikka - Graphical front-end analysis console for the Prelude Hybrid IDS * Framework
[[Category:Security]]
* prelude-manager - Prelude-Manager
-->

Latest revision as of 08:53, 7 July 2024

This material is obsolete ...

See notice on Alpine Security and Rescue (Discuss)

Basics

Name Description URL
alpine-base Alpine base package https://pkgs.alpinelinux.org/packages?name=alpine-base
alpine-mirrors List of Official Alpine Linux Mirrors https://mirrors.alpinelinux.org/
kbd-bkeymaps Binary keymaps for busybox https://pkgs.alpinelinux.org/packages?name=kbd-bkeymaps
network-extras Meta package to pull in vlan, bonding, bridge and wifi support https://pkgs.alpinelinux.org/packages?name=network-extras
openssl Toolkit for TLS https://www.openssl.org/
tzdata Timezone data https://www.iana.org/time-zones

Code Analysis

Name Description URL
py3-pylint Analyzes Python code looking for bugs and signs of poor quality https://pypi.org/project/pylint/
flawfinder Examines C/C++ source code for security flaws https://www.dwheeler.com/flawfinder/
py3-pyflakes A passive checker of Python programs https://launchpad.net/pyflakes
strace A useful diagnositic, instructional, and debugging tool https://strace.io/
valgrind A tool for finding memory-management problems https://valgrind.org/

Forensics / Data recovery tools

Name Description URL
ddrescue Data recovery tool for block devices with errors https://www.gnu.org/s/ddrescue/ddrescue.html
testdisk A powerful free data recovery software https://www.cgsecurity.org/wiki/TestDisk
scrub Disk scrubbing program https://code.google.com/archive/p/diskscrub/
ncdu A curses-based version of the well-known "du" https://dev.yorhel.nl/ncdu
htop An interactive process viewer for Linux https://htop.dev/
wipe Tool for securely erasing files from magnetic media https://wipe.sourceforge.net/
jhead An Exif jpeg header manipulation tool https://www.sentex.net/~mwandel/jhead/


Reconnaissance

Name Description URL
arpon ARP handler inspection https://arpon.sourceforge.io/
dnsenum A tool to enumerate DNS info about domains https://github.com/fwaeytens/dnsenum
scanssh Fast SSH server and open proxy scanner https://monkey.org/~provos/scanssh/
ngrep Network layer grep tool https://github.com/jpr5/ngrep/
scapy Interactive packet manipulation tool and network scanner https://scapy.net/
socat Bidirectional data relay between two data channels ('netcat++')

http://www.dest-unreach.org/socat/ 🔓

tcpdump A network traffic monitoring tool https://www.tcpdump.org/
tcpflow A tool for monitoring, capturing and storing TCP connections flows https://github.com/simsong/tcpflow
nmap A network exploration tool and security/port scanner https://nmap.org
arpwatch An ethernet monitoring program https://ee.lbl.gov/
p0f Passive traffic fingerprinting tool https://lcamtuf.coredump.cx/p0f3/
hping3 A ping-like TCP/IP packet assembler/analyzer

http://www.hping.org/ (Website down, alternates are: http://wiki.hping.org/ 🔓 and https://github.com/antirez/hping )

sslscan fast SSL/TLS configuration scanner https://github.com/rbsec/sslscan
httpry A packet sniffer designed for HTTP traffic https://dumpsterventures.com/jason/httpry
bannergrab A banner grabbing tool https://sourceforge.net/projects/bannergrab
dnstop A DNS traffic capture utility

http://dns.measurement-factory.com/tools/dnstop/ 🔓

swaks A transaction-oriented SMTP test tool https://www.jetmore.org/john/code/swaks/
mitmproxy An interactive SSL-capable intercepting HTTP proxy https://www.mitmproxy.org/
hexinject A very versatile packet injector and sniffer https://hexinject.sourceforge.net/
openvas-scanner Vulnerability scanner and manager https://www.openvas.org/


Application Testing

Name Description URL
lynis Security and system auditing tool https://cisofy.com/lynis/
nikto A web application security scanner https://www.cirt.net/Nikto2
sqlmap Automatic SQL injection and database takeover tool https://sqlmap.org/
zaproxy OWASP Zed Attack Proxy web app scanner https://www.zaproxy.org/

Network statistics

Name Description URL
iperf Tool to measure IP bandwidth using UDP or TCP https://github.com/esnet/iperf
iptraf-ng A console-based network monitoring utility https://fedorahosted.org/iptraf-ng/
iftop Command line tool that displays bandwidth usage on an interface https://www.ex-parrot.com/~pdw/iftop/
fping A utility to ping multiple hosts at once https://fping.sourceforge.net/
mtr Full screen ncurses traceroute tool https://www.bitwizard.nl/mtr/
nfdump The nfdump tools collect and process netflow data on the command line https://github.com/phaag/nfdump
nethogs Top-like monitor for network traffic https://raboof.github.io/nethogs/
iptstate Top-like interface to netfilter connection-tracking table https://www.phildev.net/iptstate/

Misc tools

Name Description URL
bash-completion Command-line tab-completion for bash https://github.com/scop/bash-completion
clamav An anti-virus toolkit for UNIX https://www.clamav.net
7zip A command-line port of the 7zip compression utility https://7-zip.org/
nano A simple ncurses text editor https://www.nano-editor.org/
rsync A file transfer program to keep remote files in sync https://rsync.samba.org/
screen A terminal multiplexer, used to multiplex several virtual consoles. Similar to "tmux" below https://www.gnu.org/software/screen/
tmux A terminal multiplexer, used to multiplex several virtual consoles. Similar to "screen" above https://tmux.github.io/
multitail A tool to view one or multiple files https://www.vanheusden.com/multitail
e2fsprogs Standard Ext2/3/4 filesystem utilities https://e2fsprogs.sourceforge.net/
openssh An open source implementation of SSH protocol versions 1 and 2 https://www.openssh.com/
partclone Back up and restore used-blocks of a partition https://partclone.org/
sshguard Log monitor that blocks with iptables on bad behaviour https://www.sshguard.net/
proxychains-ng A tool that forces any TCP connection through proxies https://github.com/rofl0r/proxychains-ng
knock A simple port-knocking daemon https://github.com/TDFKAOlli/knock
logcheck A simple utility which is designed to allow a system administrator to view the logfiles https://logcheck.org
mc A visual file manager https://midnight-commander.org/
makepasswd Generates (pseudo-)random passwords of a desired length https://www.defora.org/os/project/117/makepasswd
lnav A curses-based tool for viewing and analyzing log files https://lnav.org
goaccess A real-time web log analyzer and interactive viewer https://goaccess.io/


VoIP

Name Description URL
sipp A test tool / traffic generator for the SIP protocol https://sipp.sourceforge.net/
sipsak SIP swiss army knife https://github.com/nils-ohlmeier/sipsak

Wireless

Name Description URL
aircrack-ng 802.11 (wireless) sniffer and WEP/WPA-PSK key cracker https://www.aircrack-ng.org/
kismet A WLAN detector, sniffer, and IDS https://www.kismetwireless.org/
reaver-wps-fork-t6x WPS Password Cracker https://github.com/t6x/reaver-wps-fork-t6x
wavemon Ncurses-based monitoring application for wireless network devices https://github.com/uoaerg/wavemon

Intrusion detection

Name Description URL
nebula An Intrusion Signature Generator https://github.com/slackhq/nebula
snort A network intrusion prevention and detection system https://www.snort.org/
Retrieved from "https://wiki.alpinelinux.org/w/index.php?title=Alpine_security&oldid=26897"