Alpine security: Difference between revisions

From Alpine Linux
mNo edit summary
(Add "Category:Security")
 
(82 intermediate revisions by 6 users not shown)
Line 1: Line 1:
{{Note|This is work in progress. Not all packages are available at the moment.}}
{{obsolete|See notice on [[Alpine Security and Rescue]]}}
 
 
Alpine Security provides a toolset to work on security auditing, forensics, system rescue, and teaching security testing methodologies. The tool list contains packages for code analysis, forensics and data recovery, reconnaissance, network statistics, VoIP, wireless lan, and IDS.
 
The target is not to start a competition with the [https://fedorahosted.org/security-spin/ Fedora Security Lab] or [http://www.backtrack-linux.org/ Backtrack]. But rather make it easy to use the particular tools with Alpine Linux in a small, non GUI, and busybox-based system.
 
With the simple python-based <tt>[http://git.alpinelinux.org/cgit/fab/alpine-iso/tree/config-builder.py config-builder]</tt> script this page can be transformed into a plaintext file for the usage with <tt>alpine-iso</tt>.


== Basics ==
== Basics ==
Line 18: Line 11:
| alpine-base
| alpine-base
| Alpine base package
| Alpine base package
| http://alpinelinux.org
| https://pkgs.alpinelinux.org/packages?name=alpine-base
|-
|-
| alpine-mirrors
| alpine-mirrors
| List of Alpine Linux Mirrors
| List of Official Alpine Linux Mirrors
| http://alpinelinux.org/
| https://mirrors.alpinelinux.org/
|-
|-
| bkeymaps
| kbd-bkeymaps
| Binary keymaps for busybox
| Binary keymaps for busybox
| http://dev.alpinelinux.org/alpine/bkeymaps
| https://pkgs.alpinelinux.org/packages?name=kbd-bkeymaps
|-
|-
| network-extras
| network-extras
| Meta package to pull in vlan, bonding, bridge and wifi support
| Meta package to pull in vlan, bonding, bridge and wifi support
| http://alpinelinux.org
| https://pkgs.alpinelinux.org/packages?name=network-extras
|-
|-
| openssl
| {{pkg|openssl}}
| Toolkit for SSL v2/v3 and TLS v1
| Toolkit for TLS
| http://openssl.org
| https://www.openssl.org/
|-
|-
| tzdata
| {{pkg|tzdata}}
| Timezone data
| Timezone data
| http://www.twinsun.com/tz/tz-link.htm
| https://www.iana.org/time-zones
|}
|}


Line 49: Line 42:
! URL
! URL
|-
|-
| rpmlint
| {{pkg|py3-pylint}}
| A tool for checking common errors in RPM packages
| http://rpmlint.zarb.org
|-
| pylint
| Analyzes Python code looking for bugs and signs of poor quality
| Analyzes Python code looking for bugs and signs of poor quality
| http://pypi.python.org/pypi/pylint
| https://pypi.org/project/pylint/
|-
|-
| flawfinder
| {{pkg|flawfinder}}
| Examines C/C++ source code for security flaws
| Examines C/C++ source code for security flaws
| http://www.dwheeler.com/flawfinder/
| https://www.dwheeler.com/flawfinder/
|-
| rats
| A tool to find security related programming errors
| https://www.fortify.com/ssa-elements/threat-intelligence/rats.html
|-
| pychecker
| A analyser for python source code
| http://pychecker.sourceforge.net/
|-
|-
| pyflakes
| {{pkg|py3-pyflakes}}
| A passive checker of Python programs
| A passive checker of Python programs
| https://launchpad.net/pyflakes
| https://launchpad.net/pyflakes
|-
|-
| strace
| {{pkg|strace}}
| A useful diagnositic, instructional, and debugging tool
| A useful diagnositic, instructional, and debugging tool
| http://sourceforge.net/projects/strace/
| https://strace.io/
|}
 
<!--
Todo
 
|-
|-
| splint
| {{pkg|valgrind}}
| An implementation of the lint program
| http://www.splint.org/
|-
| valgrind
| A tool for finding memory-management problems
| A tool for finding memory-management problems
| http://valgrind.org/
| https://valgrind.org/
|-
|}
| pscan
| Limited problem scanner for C source files
|
-->


== Forensics / Data recovery tools ==
== Forensics / Data recovery tools ==
Line 103: Line 71:
! URL
! URL
|-
|-
| dc3dd
| {{pkg|ddrescue}}
| Patched version of GNU dd for use in computer forensics
| http://dc3dd.sourceforge.net/
|-
| ddrescue
| Data recovery tool for block devices with errors  
| Data recovery tool for block devices with errors  
| http://www.gnu.org/s/ddrescue/ddrescue.html
| https://www.gnu.org/s/ddrescue/ddrescue.html
|-
|-
| testdisk
| {{pkg|testdisk}}
| A powerful free data recovery software
| A powerful free data recovery software
| http://www.cgsecurity.org/wiki/TestDisk
| https://www.cgsecurity.org/wiki/TestDisk
|-
|-
| scrub
| {{pkg|scrub}}
| Disk scrubbing program
| Disk scrubbing program
| http://code.google.com/p/diskscrub/
| https://code.google.com/archive/p/diskscrub/
|-
|-
| ncdu
| {{pkg|ncdu}}
| A curses-based version of the well-known "du"
| A curses-based version of the well-known "du"
| http://dev.yorhel.nl/ncdu
| https://dev.yorhel.nl/ncdu
|-
|-
| htop
| {{pkg|htop}}
| An interactive process viewer for Linux
| An interactive process viewer for Linux
| http://htop.sourceforge.net/
| https://htop.dev/
|-
|-
| mac-robber
| {{pkg|wipe}}
| A tool that collects data from allocated files in a mounted file system
| http://www.sleuthkit.org/mac-robber/desc.php
|-
| wipe
| Tool for securely erasing files from magnetic media
| Tool for securely erasing files from magnetic media
| http://lambda-diode.com/software/wipe/
| https://wipe.sourceforge.net/
|-
|-
| nwipe
| {{pkg|jhead}}
| Securely erase disks using a variety of recognized methods
| http://nwipe.sourceforge.net
|-
| jhead
| An Exif jpeg header manipulation tool
| An Exif jpeg header manipulation tool
| http://www.sentex.net/~mwandel/jhead/
| https://www.sentex.net/~mwandel/jhead/
|}
|}


Line 148: Line 104:
|-
|-
| aimage
| aimage
| Advanced Disk Imager
| Advanced Disk Imager (part of krita now???)
| http://www.afflib.org
| https://www.afflib.org
 
|-
|-
| fiwalk
| fiwalk (part of sleuthkit now???)
| Batch analysis of a disk image
| Batch analysis of a disk image
| http://www.afflib.org
| https://www.afflib.org
 
 
|-
| ftimes
| A system baselining and evidence collection too
| http://ftimes.sourceforge.net/FTimes/
 
http://sourceforge.net/projects/cdpr/
| rarcrack
| http://rarcrack.sourceforge.net/
 
| extcarve
| safecopy
| A data recovery tool
| http://safecopy.sourceforge.net/
* scalpel Fast file carver working on disk images http://www.digitalforensicssolutions.com/Scalpel/
* afftools - Utilities for afflib http://afflib.org/
* examiner - Utility to disassemble and comment foreign executable binaries
* firstaidkit - System Rescue Tool
* foremost - Recover files by "carving" them from a raw disk
* hexedit - A hexadecimal file viewer and editor
* ntfs-3g - Linux NTFS userspace driver
* ntfs-3g - Linux NTFS userspace driver
* ntfsprogs - NTFS filesystem libraries and utilities
* scanmem - Simple interactive debugging utility
* sleuthkit - The Sleuth Kit (TSK)
* sleuthkit - The Sleuth Kit (TSK)
* srm - Secure file deletion
* unhide - Tool to find hidden processes and TCP/UDP ports from rootkits


chntpw
chntpw
samdump2  http://sourceforge.net/projects/ophcrack/files/samdump2/2.0.1/
creddump http://code.google.com/p/creddump/
Hydra
Hydra
Medusa
volatility3 An advanced memory forensics framework https://github.com/volatilityfoundation/volatility3
volatility An advanced memory forensics framework http://code.google.com/p/volatility/
pdfcrack A Password Recovery Tool for PDF files https://pdfcrack.sourceforge.net/
pdfcrack A Password Recovery Tool for PDF files http://pdfcrack.sourceforge.net/
http://code.google.com/p/logkeys/
-->
-->


Line 201: Line 127:
! URL
! URL
|-
|-
| arpalert
| {{pkg|arpon}}
| Monitor ARP changes in ethernet networks
| http://www.arpalert.org
|-
| arpon
| ARP handler inspection
| ARP handler inspection
| http://arpon.sourceforge.net/
| https://arpon.sourceforge.io/
|-
|-
| dnsenum
| {{pkg|dnsenum}}
| A tool to enumerate DNS info about domains
| A tool to enumerate DNS info about domains
| http://code.google.com/p/dnsenum/
| https://github.com/fwaeytens/dnsenum
|-
| halberd
| A tool to discover HTTP load balancers
| http://halberd.superadditive.com/
|-
|-
| scanssh
| {{pkg|scanssh}}
| Fast SSH server and open proxy scanner
| Fast SSH server and open proxy scanner
| http://monkey.org/~provos/scanssh/
| https://monkey.org/~provos/scanssh/
|-
|-
| ngrep
| {{pkg|ngrep}}
| Network layer grep tool
| Network layer grep tool
| http://ngrep.sourceforge.net/
| https://github.com/jpr5/ngrep/
|-
| netsniff-ng
| A performant Linux network analyzer and networking toolkit
| http://netsniff-ng.org/
|-
|-
| scapy
| {{pkg|scapy}}
| Interactive packet manipulation tool and network scanner
| Interactive packet manipulation tool and network scanner
| http://www.secdev.org/projects/scapy/
| https://scapy.net/
|-
|-
| socat
| {{pkg|socat}}
| Bidirectional data relay between two data channels ('netcat++')
| Bidirectional data relay between two data channels ('netcat++')
| http://www.dest-unreach.org/socat/
| <p>http://www.dest-unreach.org/socat/{{insecure url|Self-signed certificate on HTTPS}}</p>
|-
|-
| tcpdump
| {{pkg|tcpdump}}
| A network traffic monitoring tool
| A network traffic monitoring tool
| http://www.tcpdump.org/
| https://www.tcpdump.org/
|-
| {{pkg|tcpflow}}
| A tool for monitoring, capturing and storing TCP connections flows
| https://github.com/simsong/tcpflow
|-
| {{pkg|nmap}}
| A network exploration tool and security/port scanner
| https://nmap.org
|-
| {{pkg|arpwatch}}
| An ethernet monitoring program
| https://ee.lbl.gov/
|-
| {{pkg|p0f}}
| Passive traffic fingerprinting tool
| https://lcamtuf.coredump.cx/p0f3/
|-
|-
| tcptrack
| {{pkg|hping3}}
| Displays information about tcp connections on a network interface
| A ping-like TCP/IP packet assembler/analyzer
| http://www.rhythm.cx/~steve/devel/tcptrack/
| <p><s><nowiki>http://www.hping.org/</nowiki></s> <small>(Website down, alternates are: http://wiki.hping.org/{{insecure url|HTTPS connection refused}} and https://github.com/antirez/hping )</small></p>
|-
|-
| tcpflow
| {{pkg|sslscan}}
| A tool for monitoring, capturing and storing TCP connections flows
| fast SSL/TLS configuration scanner
| http://www.circlemud.org/~jelson/software/tcpflow/
| https://github.com/rbsec/sslscan
|-
|-
| tcpproxy
| {{pkg|httpry}}
| Transparent TCP Proxy
| A packet sniffer designed for HTTP traffic
| http://www.quietsche-entchen.de/cgi-bin/wiki.cgi/proxies/TcpProxy
| https://dumpsterventures.com/jason/httpry
|-
|-
| etherdump
| {{pkg|bannergrab}}
| An extremely small packet sniffer
| A banner grabbing tool
| http://freshmeat.net/projects/etherdump/
| https://sourceforge.net/projects/bannergrab
|-
|-
| netdiscover
| {{pkg|dnstop}}
| A network address discovering tool
| A DNS traffic capture utility
| http://sourceforge.net/projects/netdiscover/
| <p>http://dns.measurement-factory.com/tools/dnstop/{{insecure url|Invalid certificate on HTTPS}}</p>
|-
|-
| nmap
| {{pkg|swaks}}
| A network exploration tool and security/port scanner
| A transaction-oriented SMTP test tool
| http:/nmap.org
| https://www.jetmore.org/john/code/swaks/
|-
|-
| arpwatch
| {{pkg|mitmproxy}}
| An ethernet monitoring program
| An interactive SSL-capable intercepting HTTP proxy
| http://www-nrg.ee.lbl.gov/
| https://www.mitmproxy.org/
|-
|-
| nfswatch
| {{pkg|hexinject}}
| An NFS traffic monitoring tool
| A very versatile packet injector and sniffer
| http://nfswatch.sourceforge.net/
| https://hexinject.sourceforge.net/
|-
|-
| p0f
| {{pkg|openvas-scanner}}
| Passive traffic fingerprinting tool
| Vulnerability scanner and manager
| http://lcamtuf.coredump.cx/p0f3/
| https://www.openvas.org/
|}
|}


<!-- ToDo
<!-- ToDo
whatweb
A website fingerprinter
http://www.morningstarsecurity.com/research/whatweb
blindelephant
A web application fingerprinter
http://blindelephant.sourceforge.net/


dpkt
dpkt
python packet creation / parsing library  
python packet creation / parsing library  
http://code.google.com/p/dpkt/
https://code.google.com/p/dpkt/


Wireplay
* nuttcp https://www.nuttcp.net
A minimalist approach to replay pcap dumped TCP sessions with modification as required.
http://code.google.com/p/wireplay/
 
|-
| ike-scan
| An IPsec VPN scanning, fingerprinting and testing tool
| http://www.nta-monitor.com/tools/ike-scan/
 
http://inguma.sourceforge.net/
* nuttcp http://www.nuttcp.net
* argus http://qosient.com/argus/
* tcpick http://tcpick.sourceforge.net/
* tcpreen -- A TCP/IP re-engineering and monitoring program
* tcpdump -- A network traffic monitoring tool
* tcpdump -- A network traffic monitoring tool
* tcpflow -- Network traffic recorder
* tcpflow -- Network traffic recorder
* tcpick -- A tcp stream sniffer, tracker and capturer
* tcping -- Check of TCP connection to a given IP/Port
* tcpjunk -- TCP protocols testing tool
* tcpreplay -- Replay captured network traffic
* tcpreplay -- Replay captured network traffic
* tcptraceroute -- A traceroute implementation using TCP packets
* tcptraceroute -- A traceroute implementation using TCP packets
* tcptrack -- Displays information about tcp connections on a network interface
* ettercap https://ettercap.sourceforge.net/ A network traffic sniffer/analyser
* tcputils -- Utilities for TCP programming in shell-scripts
* tcp_wrappers -- A security tool which acts as a wrapper for TCP daemons
* tcpxtract -- Tool for extracting files from network traffic
* ttcp A tool for testing TCP connections http://www.pcausa.com/Utilities/pcattcp.htm
* unicornscan http://www.unicornscan.org/
* dsniff - Tools for network auditing and penetration testing
* httpry
* justniffer
* dietsniff
* Nast http://nast.berlios.de/
* brutessh http://www.edge-security.com/brutessh.php
* ettercap http://ettercap.sourceforge.net/ A network traffic sniffer/analyser
* icmpshell A tool that only uses ICMP for connections http://icmpshell.sourceforge.net/
 
http://code.google.com/p/yapscan/
egressor http://packetfactory.openwall.net/projects/egressor/
arpoc http://www.phenoelit.org/arpoc/index.html
loadbalancer-finder http://code.google.com/p/loadbalancer-finder/


-->
-->
Line 343: Line 231:
! URL
! URL
|-
|-
| wbox
| {{pkg|lynis}}
| HTTP testing tool and configuration-less HTTP server
| Security and system auditing tool
| http://www.hping.org/wbox/
| https://cisofy.com/lynis/
|-
| {{pkg|nikto}}
| A web application security scanner
| https://www.cirt.net/Nikto2
|-
| {{pkg|sqlmap}}
| Automatic SQL injection and database takeover tool
| https://sqlmap.org/
|-
| {{pkg|zaproxy}}
| OWASP Zed Attack Proxy web app scanner
| https://www.zaproxy.org/
|}
|}
<!--
|-
| arachni
| Web application security scanner framework
| http://arachni-scanner.com/
|
wpscan http://code.google.com/p/wpscan/ A vulnerability scanner for WordPress installations
http://www.rootkit.nl/projects/lynis.html
wapiti http://www.ict-romulus.eu/web/wapiti/home
* proxystrike http://www.edge-security.com/proxystrike.php
* sqlmap http://sqlmap.sourceforge.net/
* ratproxy - A passive web application security assessment tool
* sqlninja
* fimap A little tool for local and remote file inclusion auditing and exploitation http://code.google.com/p/fimap/
* burpproxy
mysqlenum An automatic blind SQL injection tool
mole themole.nasel.com.ar
http://motomastyle.com/pyloris/
http://www.buck-security.org/buck-security.html
http://freecode.com/projects/trusion
http://www.parosproxy.org/
BeEF  http://beefproject.com/
http://code.google.com/p/zaproxy/
http://code.google.com/p/webapptools/
slowhttptest An application Layer DoS attack simulator  http://code.google.com/p/slowhttptest/
http://code.google.com/p/ghost-phisher/
http://code.google.com/p/fern-wifi-cracker/
http://code.google.com/p/intrinsec-xmlrpc-scanner/
http://code.google.com/p/gsploit/
patator A multi-purpose brute-forcer, with a modular design and a flexible usage http://code.google.com/p/patator/
-->


== Network statistics ==
== Network statistics ==
Line 389: Line 255:
! URL
! URL
|-
|-
| iperf
| {{pkg|iperf}}
| Tool to measure IP bandwidth using UDP or TCP
| Tool to measure IP bandwidth using UDP or TCP
| http://iperf.sourceforge.net/
| https://github.com/esnet/iperf
|-
|-
| iptraf
| {{pkg|iptraf-ng}}
| A console-based network monitoring utility  
| A console-based network monitoring utility  
| http://iptraf.seul.org/
| https://fedorahosted.org/iptraf-ng/
|-
|-
| iptop
| {{pkg|iftop}}
| Command line tool that displays bandwidth usage on an interface  
| Command line tool that displays bandwidth usage on an interface  
| http://www.ex-parrot.com/~pdw/iftop/
| https://www.ex-parrot.com/~pdw/iftop/
|-
|-
| fping
| {{pkg|fping}}
| A utility to ping multiple hosts at once
| A utility to ping multiple hosts at once
| http://fping.sourceforge.net/
| https://fping.sourceforge.net/
|-
|-
| mtr
| {{pkg|mtr}}
| Full screen ncurses traceroute tool
| Full screen ncurses traceroute tool
| http://www.bitwizard.nl/mtr/
| https://www.bitwizard.nl/mtr/
|-
| {{pkg|nfdump}}
| The nfdump tools collect and process netflow data on the command line
| https://github.com/phaag/nfdump
|-
|-
| speedometer
| {{pkg|nethogs}}
| Measure and display the rate of data across a network connection or data being stored in a file
| Top-like monitor for network traffic
| http://excess.org/speedometer/
| https://raboof.github.io/nethogs/
|-
|-
| nfdump
| {{pkg|iptstate}}
| The nfdump tools collect and process netflow data on the command line
| Top-like interface to netfilter connection-tracking table
| http://nfdump.sourceforge.net/
| https://www.phildev.net/iptstate/
|}
|}
<!--
EthStatus
nttcp
netio http://www.ars.de/ars/ars.nsf/docs/netio
-->


== Misc tools ==
== Misc tools ==
Line 433: Line 296:
! URL
! URL
|-
|-
| bash-completion
| {{pkg|bash-completion}}
| Command-line tab-completion for bash
| Command-line tab-completion for bash
| http://bash-completion.alioth.debian.org/
| https://github.com/scop/bash-completion
|-
|-
| clamav
| {{pkg|clamav}}
| An anti-virus toolkit for UNIX
| An anti-virus toolkit for UNIX
| http://www.clamav.net
| https://www.clamav.net
|-
|-
| p7zip
| {{pkg|7zip}}
| A command-line port of the 7zip compression utility
| A command-line port of the 7zip compression utility
| http://p7zip.sourceforge.net/
| https://7-zip.org/
|-
|-
| nano
| {{pkg|nano}}
| A simple ncurses text editor
| A simple ncurses text editor
| http://www.nano-editor.org/
| https://www.nano-editor.org/
|-
|-
| rsync
| {{pkg|rsync}}
| A file transfer program to keep remote files in sync
| A file transfer program to keep remote files in sync
| http://rsync.samba.org/
| https://rsync.samba.org/
|-
|-
| screen
| {{pkg|screen}}
| A window manager that multiplexes a physical terminal
| A terminal multiplexer, used to multiplex several virtual consoles. Similar to "tmux" below
| http://www.gnu.org/software/screen/
| https://www.gnu.org/software/screen/
|-
|-
| multitail
| {{pkg|tmux}}
| A terminal multiplexer, used to multiplex several virtual consoles. Similar to "screen" above
| https://tmux.github.io/
|-
| {{pkg|multitail}}
| A tool to view one or multiple files
| A tool to view one or multiple files
| http://www.vanheusden.com/multitail
| https://www.vanheusden.com/multitail
|-
|-
| shed
| {{pkg|e2fsprogs}}
| A simple hex editor
| http://shed.sourceforge.net/
|-
| e2fsprogs
| Standard Ext2/3/4 filesystem utilities
| Standard Ext2/3/4 filesystem utilities
| http://e2fsprogs.sourceforge.net/
| https://e2fsprogs.sourceforge.net/
|-
|-
| openssh
| {{pkg|openssh}}
| An open source implementation of SSH protocol versions 1 and 2
| An open source implementation of SSH protocol versions 1 and 2
| http://www.openssh.org/
| https://www.openssh.com/
|-
|-
| passwdgen
| {{pkg|partclone}}
| A random password generator
| http://code.google.com/p/passwdgen/
|-
| partclone
| Back up and restore used-blocks of a partition  
| Back up and restore used-blocks of a partition  
| http://partclone.org
| https://partclone.org/
|-
|-
| sshguard
| {{pkg|sshguard}}
| Log monitor that blocks with iptables on bad behaviour
| Log monitor that blocks with iptables on bad behaviour
| http://www.sshguard.net/download/
| https://www.sshguard.net/
|-
|-
| proxychains
| {{pkg|proxychains-ng}}
| A tool that forces any TCP connection through proxies
| A tool that forces any TCP connection through proxies
| http://proxychains.sourceforge.net
| https://github.com/rofl0r/proxychains-ng
|-
|-
| knock
| {{pkg|knock}}
| A simple port-knocking daemon
| A simple port-knocking daemon
| http://www.zeroflux.org/projects/knock
| https://github.com/TDFKAOlli/knock
|-
| {{pkg|logcheck}}
| A simple utility which is designed to allow a system administrator to view the logfiles
| https://logcheck.org
|-
| {{pkg|mc}}
| A visual file manager
| https://midnight-commander.org/
|-
| {{pkg|makepasswd}}
| Generates (pseudo-)random passwords of a desired length
| https://www.defora.org/os/project/117/makepasswd
|-
| {{pkg|lnav}}
| A curses-based tool for viewing and analyzing log files
| https://lnav.org
|-
| {{pkg|goaccess}}
| A real-time web log analyzer and interactive viewer
| https://goaccess.io/
|}
|}


Line 501: Line 380:
| denyhosts  
| denyhosts  
| A script to help thwart ssh server attacks
| A script to help thwart ssh server attacks
| http://denyhosts.sourceforge.net/
| https://denyhosts.sourceforge.net/


| fwknop
| fwknop
| A cobination of port knocking and passive OS fingerprinting
| A cobination of port knocking and passive OS fingerprinting
| http://www.cipherdyne.org/fwknop/
| https://www.cipherdyne.org/fwknop/


chkrootkit
bonesi http://code.google.com/p/bonesi/
-->
-->


Line 519: Line 396:
! URL
! URL
|-
|-
| sipp
| {{pkg|sipp}}
| A test tool / traffic generator for the SIP protocol
| A test tool / traffic generator for the SIP protocol
| http://sipp.sourceforge.net/
| https://sipp.sourceforge.net/
|-
| voiphopper
| A VLAN Hop security test
| http://voiphopper.sourceforge.net/
|-
| sipvicious
| Tools for auditing SIP based VoIP systems
| http://code.google.com/p/sipvicious/
|-
|-
| sipcrack
| {{pkg|sipsak}}
| A SIP protocol login cracker
| http://packages.debian.org/lenny/sipcrack
|-
| sipsak
| SIP swiss army knife
| SIP swiss army knife
| http://sipsak.org/
| https://github.com/nils-ohlmeier/sipsak
|-
| smap
| A simple scanner for SIP enabled devices
| http://www.wormulon.net/smap
|}
|}
<!--
ucsniff A VoIP and IP video security assessment tool http://ucsniff.sourceforge.net/
videosharf
-->


== Wireless ==
== Wireless ==
Line 558: Line 413:
! URL
! URL
|-
|-
| weplab
| {{pkg|aircrack-ng}}
| Analyzing WEP encryption security on wireless networks
| 802.11 (wireless) sniffer and WEP/WPA-PSK key cracker
| http://weplab.sourceforge.net/
| https://www.aircrack-ng.org/
|-
|-
| kismet
| {{pkg|kismet}}
| A WLAN detector, sniffer, and IDS
| A WLAN detector, sniffer, and IDS
| http://www.kismetwireless.org/
| https://www.kismetwireless.org/
|-
|-
| cowpatty
| {{pkg|reaver-wps-fork-t6x}}
| Attacking WPA/WPA2-PSK exchanges
| WPS Password Cracker
| http://www.willhackforsushi.com/Cowpatty.html
| https://github.com/t6x/reaver-wps-fork-t6x
|-
|-
| wavemon
| {{pkg|wavemon}}
| Ncurses-based monitoring application for wireless network devices
| Ncurses-based monitoring application for wireless network devices
| http://eden-feed.erg.abdn.ac.uk/wavemon/
| https://github.com/uoaerg/wavemon
|}
|}
<!-- Todo
|-
| wavemon
| 0
| An ncurses-based monitoring application for wireless network devices.
| http://eden-feed.erg.abdn.ac.uk/wavemon/
|-
| aircrack-ng
| 802.11 (wireless) sniffer and WEP/WPA-PSK key cracker
| http://www.aircrack-ng.org/
* pgpry PGP private key recovery http://pgpry.sourceforge.net/
* airsnarf A rogue AP setup utility http://airsnarf.shmoo.com/
* lorcon http://802.11ninja.net/lorcon/ A library for injecting 802.11 (WLAN) frames
quickset A suite of tools designed to setup the basics for a PenTest http://code.google.com/p/quickset/
wifite An automated wireless auditor http://code.google.com/p/wifite/
reaver Brute force attack against Wifi Protected Setup http://code.google.com/p/reaver-wps/
-->


== Intrusion detection ==
== Intrusion detection ==
Line 604: Line 438:
! URL
! URL
|-
|-
| nebula
| {{pkg|nebula}}
| An Intrusion Signature Generator
| An Intrusion Signature Generator
| http://nebula.carnivore.it/
| https://github.com/slackhq/nebula
|-
|-
| snort
| {{pkg|snort}}
| A network intrusion prevention and detection system
| A network intrusion prevention and detection system
| http://www.snort.org/
| https://www.snort.org/
|}
|}
<!--
aide| Intrusion detection environment
chkrootkit| Tool to locally check for signs of a rootkit
honeyd| Honeypot daemon
labrea| Tarpit (slow to a crawl) worms and port scanners
pads| Passive Asset Detection System
rkhunter| A host-based tool to scan for rootkits, backdoors and local exploits
tiger| Security auditing on UNIX systems| http://www.nongnu.org/tiger/
prelude-lml| The prelude log analyzer
prewikka| Graphical front-end analysis console for the Prelude Hybrid IDS * Framework
prelude-manager| Prelude-Manager
nemesis|A TCP/IP packet injection tool| http://nemesis.sourceforge.net/
inundator| An IDS detection false positives generator| http://inundator.sourceforge.net/
-->


<!--
<!--
More tools:
More tools:
http://sectools.org/tag/new/
https://sectools.org/tag/new/
https://www.voipsa.org/Resources/tools.php
http://securitytube-tools.net/index.php?title=Welcome_to_SecurityTube_Tools
http://securitytube-tools.net/index.php?title=Welcome_to_SecurityTube_Tools
http://www.goitworld.com/top-15-free-sql-injection-scanners/
  -->
  -->


[[Category:ISO]]
[[Category:ISO]]
[[Category:Security]]
[[Category:Security]]

Latest revision as of 08:53, 7 July 2024

This material is obsolete ...

See notice on Alpine Security and Rescue (Discuss)

Basics

Name Description URL
alpine-base Alpine base package https://pkgs.alpinelinux.org/packages?name=alpine-base
alpine-mirrors List of Official Alpine Linux Mirrors https://mirrors.alpinelinux.org/
kbd-bkeymaps Binary keymaps for busybox https://pkgs.alpinelinux.org/packages?name=kbd-bkeymaps
network-extras Meta package to pull in vlan, bonding, bridge and wifi support https://pkgs.alpinelinux.org/packages?name=network-extras
openssl Toolkit for TLS https://www.openssl.org/
tzdata Timezone data https://www.iana.org/time-zones

Code Analysis

Name Description URL
py3-pylint Analyzes Python code looking for bugs and signs of poor quality https://pypi.org/project/pylint/
flawfinder Examines C/C++ source code for security flaws https://www.dwheeler.com/flawfinder/
py3-pyflakes A passive checker of Python programs https://launchpad.net/pyflakes
strace A useful diagnositic, instructional, and debugging tool https://strace.io/
valgrind A tool for finding memory-management problems https://valgrind.org/

Forensics / Data recovery tools

Name Description URL
ddrescue Data recovery tool for block devices with errors https://www.gnu.org/s/ddrescue/ddrescue.html
testdisk A powerful free data recovery software https://www.cgsecurity.org/wiki/TestDisk
scrub Disk scrubbing program https://code.google.com/archive/p/diskscrub/
ncdu A curses-based version of the well-known "du" https://dev.yorhel.nl/ncdu
htop An interactive process viewer for Linux https://htop.dev/
wipe Tool for securely erasing files from magnetic media https://wipe.sourceforge.net/
jhead An Exif jpeg header manipulation tool https://www.sentex.net/~mwandel/jhead/


Reconnaissance

Name Description URL
arpon ARP handler inspection https://arpon.sourceforge.io/
dnsenum A tool to enumerate DNS info about domains https://github.com/fwaeytens/dnsenum
scanssh Fast SSH server and open proxy scanner https://monkey.org/~provos/scanssh/
ngrep Network layer grep tool https://github.com/jpr5/ngrep/
scapy Interactive packet manipulation tool and network scanner https://scapy.net/
socat Bidirectional data relay between two data channels ('netcat++')

http://www.dest-unreach.org/socat/ 🔓

tcpdump A network traffic monitoring tool https://www.tcpdump.org/
tcpflow A tool for monitoring, capturing and storing TCP connections flows https://github.com/simsong/tcpflow
nmap A network exploration tool and security/port scanner https://nmap.org
arpwatch An ethernet monitoring program https://ee.lbl.gov/
p0f Passive traffic fingerprinting tool https://lcamtuf.coredump.cx/p0f3/
hping3 A ping-like TCP/IP packet assembler/analyzer

http://www.hping.org/ (Website down, alternates are: http://wiki.hping.org/ 🔓 and https://github.com/antirez/hping )

sslscan fast SSL/TLS configuration scanner https://github.com/rbsec/sslscan
httpry A packet sniffer designed for HTTP traffic https://dumpsterventures.com/jason/httpry
bannergrab A banner grabbing tool https://sourceforge.net/projects/bannergrab
dnstop A DNS traffic capture utility

http://dns.measurement-factory.com/tools/dnstop/ 🔓

swaks A transaction-oriented SMTP test tool https://www.jetmore.org/john/code/swaks/
mitmproxy An interactive SSL-capable intercepting HTTP proxy https://www.mitmproxy.org/
hexinject A very versatile packet injector and sniffer https://hexinject.sourceforge.net/
openvas-scanner Vulnerability scanner and manager https://www.openvas.org/


Application Testing

Name Description URL
lynis Security and system auditing tool https://cisofy.com/lynis/
nikto A web application security scanner https://www.cirt.net/Nikto2
sqlmap Automatic SQL injection and database takeover tool https://sqlmap.org/
zaproxy OWASP Zed Attack Proxy web app scanner https://www.zaproxy.org/

Network statistics

Name Description URL
iperf Tool to measure IP bandwidth using UDP or TCP https://github.com/esnet/iperf
iptraf-ng A console-based network monitoring utility https://fedorahosted.org/iptraf-ng/
iftop Command line tool that displays bandwidth usage on an interface https://www.ex-parrot.com/~pdw/iftop/
fping A utility to ping multiple hosts at once https://fping.sourceforge.net/
mtr Full screen ncurses traceroute tool https://www.bitwizard.nl/mtr/
nfdump The nfdump tools collect and process netflow data on the command line https://github.com/phaag/nfdump
nethogs Top-like monitor for network traffic https://raboof.github.io/nethogs/
iptstate Top-like interface to netfilter connection-tracking table https://www.phildev.net/iptstate/

Misc tools

Name Description URL
bash-completion Command-line tab-completion for bash https://github.com/scop/bash-completion
clamav An anti-virus toolkit for UNIX https://www.clamav.net
7zip A command-line port of the 7zip compression utility https://7-zip.org/
nano A simple ncurses text editor https://www.nano-editor.org/
rsync A file transfer program to keep remote files in sync https://rsync.samba.org/
screen A terminal multiplexer, used to multiplex several virtual consoles. Similar to "tmux" below https://www.gnu.org/software/screen/
tmux A terminal multiplexer, used to multiplex several virtual consoles. Similar to "screen" above https://tmux.github.io/
multitail A tool to view one or multiple files https://www.vanheusden.com/multitail
e2fsprogs Standard Ext2/3/4 filesystem utilities https://e2fsprogs.sourceforge.net/
openssh An open source implementation of SSH protocol versions 1 and 2 https://www.openssh.com/
partclone Back up and restore used-blocks of a partition https://partclone.org/
sshguard Log monitor that blocks with iptables on bad behaviour https://www.sshguard.net/
proxychains-ng A tool that forces any TCP connection through proxies https://github.com/rofl0r/proxychains-ng
knock A simple port-knocking daemon https://github.com/TDFKAOlli/knock
logcheck A simple utility which is designed to allow a system administrator to view the logfiles https://logcheck.org
mc A visual file manager https://midnight-commander.org/
makepasswd Generates (pseudo-)random passwords of a desired length https://www.defora.org/os/project/117/makepasswd
lnav A curses-based tool for viewing and analyzing log files https://lnav.org
goaccess A real-time web log analyzer and interactive viewer https://goaccess.io/


VoIP

Name Description URL
sipp A test tool / traffic generator for the SIP protocol https://sipp.sourceforge.net/
sipsak SIP swiss army knife https://github.com/nils-ohlmeier/sipsak

Wireless

Name Description URL
aircrack-ng 802.11 (wireless) sniffer and WEP/WPA-PSK key cracker https://www.aircrack-ng.org/
kismet A WLAN detector, sniffer, and IDS https://www.kismetwireless.org/
reaver-wps-fork-t6x WPS Password Cracker https://github.com/t6x/reaver-wps-fork-t6x
wavemon Ncurses-based monitoring application for wireless network devices https://github.com/uoaerg/wavemon

Intrusion detection

Name Description URL
nebula An Intrusion Signature Generator https://github.com/slackhq/nebula
snort A network intrusion prevention and detection system https://www.snort.org/