Alpine security: Difference between revisions
m (intro) |
(→Reconnaissance: whatweb) |
||
Line 276: | Line 276: | ||
<!-- ToDo | <!-- ToDo | ||
whatweb | |||
A website fingerprinter | |||
http://www.morningstarsecurity.com/research/whatweb | |||
dpkt | dpkt | ||
python packet creation / parsing library | python packet creation / parsing library |
Revision as of 09:34, 24 May 2012
Note: This is work in progress. Not all packages are available at the moment.
Alpine Security provides a toolset to work on security auditing, forensics, system rescue, and teaching security testing methodologies. The tool list contains packages for code analysis, forensics and data recovery, reconnaissance, network statistics, VoIP, wireless lan, and IDS.
The target is not to start a competition with the Fedora Security Lab or Backtrack. But rather make it easy to use the particular tools with Alpine Linux in a small, non GUI, and busybox-based system.
With the simple python-based config-builder script this page can be transformed into a plaintext file for the usage with alpine-iso.
Basics
Name | Description | URL |
---|---|---|
alpine-base | Alpine base package | http://alpinelinux.org |
alpine-mirrors | List of Alpine Linux Mirrors | http://alpinelinux.org/ |
bkeymaps | Binary keymaps for busybox | http://dev.alpinelinux.org/alpine/bkeymaps |
network-extras | Meta package to pull in vlan, bonding, bridge and wifi support | http://alpinelinux.org |
openssl | Toolkit for SSL v2/v3 and TLS v1 | http://openssl.org |
tzdata | Timezone data | http://www.twinsun.com/tz/tz-link.htm |
Code Analysis
Name | Description | URL |
---|---|---|
rpmlint | A tool for checking common errors in RPM packages | http://rpmlint.zarb.org |
pylint | Analyzes Python code looking for bugs and signs of poor quality | http://pypi.python.org/pypi/pylint |
flawfinder | Examines C/C++ source code for security flaws | http://www.dwheeler.com/flawfinder/ |
rats | A tool to find security related programming errors | https://www.fortify.com/ssa-elements/threat-intelligence/rats.html |
pychecker | A analyser for python source code | http://pychecker.sourceforge.net/ |
pyflakes | A passive checker of Python programs | https://launchpad.net/pyflakes |
strace | A useful diagnositic, instructional, and debugging tool | http://sourceforge.net/projects/strace/ |
Forensics / Data recovery tools
Name | Description | URL |
---|---|---|
dc3dd | Patched version of GNU dd for use in computer forensics | http://dc3dd.sourceforge.net/ |
ddrescue | Data recovery tool for block devices with errors | http://www.gnu.org/s/ddrescue/ddrescue.html |
testdisk | A powerful free data recovery software | http://www.cgsecurity.org/wiki/TestDisk |
scrub | Disk scrubbing program | http://code.google.com/p/diskscrub/ |
ncdu | A curses-based version of the well-known "du" | http://dev.yorhel.nl/ncdu |
htop | An interactive process viewer for Linux | http://htop.sourceforge.net/ |
mac-robber | A tool that collects data from allocated files in a mounted file system | http://www.sleuthkit.org/mac-robber/desc.php |
wipe | Tool for securely erasing files from magnetic media | http://lambda-diode.com/software/wipe/ |
nwipe | Securely erase disks using a variety of recognized methods | http://nwipe.sourceforge.net |
jhead | An Exif jpeg header manipulation tool | http://www.sentex.net/~mwandel/jhead/ |
Reconnaissance
Name | Description | URL |
---|---|---|
arpalert | Monitor ARP changes in ethernet networks | http://www.arpalert.org |
arpon | ARP handler inspection | http://arpon.sourceforge.net/ |
dnsenum | A tool to enumerate DNS info about domains | http://code.google.com/p/dnsenum/ |
halberd | A tool to discover HTTP load balancers | http://halberd.superadditive.com/ |
scanssh | Fast SSH server and open proxy scanner | http://monkey.org/~provos/scanssh/ |
ngrep | Network layer grep tool | http://ngrep.sourceforge.net/ |
netsniff-ng | A performant Linux network analyzer and networking toolkit | http://netsniff-ng.org/ |
scapy | Interactive packet manipulation tool and network scanner | http://www.secdev.org/projects/scapy/ |
socat | Bidirectional data relay between two data channels ('netcat++') | http://www.dest-unreach.org/socat/ |
tcpdump | A network traffic monitoring tool | http://www.tcpdump.org/ |
tcptrack | Displays information about tcp connections on a network interface | http://www.rhythm.cx/~steve/devel/tcptrack/ |
tcpflow | A tool for monitoring, capturing and storing TCP connections flows | http://www.circlemud.org/~jelson/software/tcpflow/ |
tcpproxy | Transparent TCP Proxy | http://www.quietsche-entchen.de/cgi-bin/wiki.cgi/proxies/TcpProxy |
etherdump | An extremely small packet sniffer | http://freshmeat.net/projects/etherdump/ |
netdiscover | A network address discovering tool | http://sourceforge.net/projects/netdiscover/ |
arpwatch | An ethernet monitoring program | http://www-nrg.ee.lbl.gov/ |
nfswatch | An NFS traffic monitoring tool | http://nfswatch.sourceforge.net/ |
p0f | Passive traffic fingerprinting tool | http://lcamtuf.coredump.cx/p0f3/ |
Application Testing
Name | Description | URL |
---|---|---|
wbox | HTTP testing tool and configuration-less HTTP server | http://www.hping.org/wbox/ |
Network statistics
Name | Description | URL |
---|---|---|
iperf | Tool to measure IP bandwidth using UDP or TCP | http://iperf.sourceforge.net/ |
iptraf | A console-based network monitoring utility | http://iptraf.seul.org/ |
iptop | Command line tool that displays bandwidth usage on an interface | http://www.ex-parrot.com/~pdw/iftop/ |
fping | A utility to ping multiple hosts at once | http://fping.sourceforge.net/ |
mtr | Full screen ncurses traceroute tool | http://www.bitwizard.nl/mtr/ |
speedometer | Measure and display the rate of data across a network connection or data being stored in a file | http://excess.org/speedometer/ |
nfdump | The nfdump tools collect and process netflow data on the command line | http://nfdump.sourceforge.net/ |
Misc tools
Name | Description | URL |
---|---|---|
bash-completion | Command-line tab-completion for bash | http://bash-completion.alioth.debian.org/ |
clamav | An anti-virus toolkit for UNIX | http://www.clamav.net |
p7zip | A command-line port of the 7zip compression utility | http://p7zip.sourceforge.net/ |
nano | A simple ncurses text editor | http://www.nano-editor.org/ |
rsync | A file transfer program to keep remote files in sync | http://rsync.samba.org/ |
screen | A window manager that multiplexes a physical terminal | http://www.gnu.org/software/screen/ |
multitail | A tool to view one or multiple files | http://www.vanheusden.com/multitail |
shed | A simple hex editor | http://shed.sourceforge.net/ |
e2fsprogs | Standard Ext2/3/4 filesystem utilities | http://e2fsprogs.sourceforge.net/ |
openssh | An open source implementation of SSH protocol versions 1 and 2 | http://www.openssh.org/ |
passwdgen | A random password generator | http://code.google.com/p/passwdgen/ |
partclone | Back up and restore used-blocks of a partition | http://partclone.org |
sshguard | Log monitor that blocks with iptables on bad behaviour | http://www.sshguard.net/download/ |
proxychains | A tool that forces any TCP connection through proxies | http://proxychains.sourceforge.net |
knock | A simple port-knocking daemon | http://www.zeroflux.org/projects/knock |
VoIP
Name | Description | URL |
---|---|---|
sipp | A test tool / traffic generator for the SIP protocol | http://sipp.sourceforge.net/ |
voiphopper | A VLAN Hop security test | http://voiphopper.sourceforge.net/ |
sipvicious | Tools for auditing SIP based VoIP systems | http://code.google.com/p/sipvicious/ |
sipcrack | A SIP protocol login cracker | http://packages.debian.org/lenny/sipcrack |
sipsak | SIP swiss army knife | http://sipsak.org/ |
smap | A simple scanner for SIP enabled devices | http://www.wormulon.net/smap |
Wireless
Name | Description | URL |
---|---|---|
weplab | Analyzing WEP encryption security on wireless networks | http://weplab.sourceforge.net/ |
kismet | A WLAN detector, sniffer, and IDS | http://www.kismetwireless.org/ |
cowpatty | Attacking WPA/WPA2-PSK exchanges | http://www.willhackforsushi.com/Cowpatty.html |
Intrusion detection
Name | Description | URL |
---|---|---|
nebula | An Intrusion Signature Generator | http://nebula.carnivore.it/ |
snort | A network intrusion prevention and detection system | http://www.snort.org/ |