Alpine security
Note: This is work in progress. Not all packages are available at the moment
Alpine Security provides a toolset to work on security auditing, forensics, system rescue, and teaching security testing methodologies.
Basics
| Name | Description | URL |
|---|---|---|
| alpine-base | Alpine base package | http://alpinelinux.org |
| alpine-mirrors | List of Alpine Linux Mirrors | http://alpinelinux.org/ |
| bkeymaps | Binary keymaps for busybox | http://dev.alpinelinux.org/alpine/bkeymaps |
Code Analysis
| Name | Description | URL |
|---|---|---|
| rpmlint | A tool for checking common errors in RPM packages | http://rpmlint.zarb.org |
| splint | An implementation of the lint program | http://www.splint.org/ |
| pylint | Analyzes Python code looking for bugs and signs of poor quality | http://pypi.python.org/pypi/pylint |
| flawfinder | Examines C/C++ source code for security flaws | http://www.dwheeler.com/flawfinder/ |
| rats | A tool to find security related programming errors | https://www.fortify.com/ssa-elements/threat-intelligence/rats.html |
| valgrind | A tool for finding memory-management problems | http://valgrind.org/ |
- pscan - Limited problem scanner for C source files
Forensics / Data recovery tools
| Name | Description | URL |
|---|---|---|
| dc3dd | Patched version of GNU dd for use in computer forensics | http://dc3dd.sourceforge.net/ |
| testdisk | A powerful free data recovery software | http://www.cgsecurity.org/wiki/TestDisk |
| scrub | Disk scrubbing program | http://code.google.com/p/diskscrub/ |
| ncdu | A curses-based version of the well-known "du" | http://dev.yorhel.nl/ncdu |
| htop | An interactive process viewer for Linux | http://htop.sourceforge.net/ |
| mac-robber | A tool that collects data from allocated files in a mounted file system | http://www.sleuthkit.org/mac-robber/desc.php |
- diskrescue GNU data recovery tool http://www.gnu.org/software/ddrescue/ddrescue.html
- extcarve
- safecopy A data recovery tool http://safecopy.sourceforge.net/
- scalpel Fast file carver working on disk images http://www.digitalforensicssolutions.com/Scalpel/
- afftools - Utilities for afflib http://afflib.org/
- examiner - Utility to disassemble and comment foreign executable binaries
- firstaidkit - System Rescue Tool
- foremost - Recover files by "carving" them from a raw disk
- hexedit - A hexadecimal file viewer and editor
- ntfs-3g - Linux NTFS userspace driver
- ntfsprogs - NTFS filesystem libraries and utilities
- scanmem - Simple interactive debugging utility
- sleuthkit - The Sleuth Kit (TSK)
- srm - Secure file deletion
- unhide - Tool to find hidden processes and TCP/UDP ports from rootkits
Reconnaissance
| Name | Description | URL |
|---|---|---|
| arpon | ARP handler inspection | http://arpon.sourceforge.net/ |
| dnsenum | A tool to enumerate DNS info about domains | http://code.google.com/p/dnsenum/ |
| halberd | A tool to discover HTTP load balancers | http://halberd.superadditive.com/ |
| scanssh | Fast SSH server and open proxy scanner | http://monkey.org/~provos/scanssh/ |
| ngrep | Network layer grep tool | http://ngrep.sourceforge.net/ |
| netsniff-ng | A performant Linux network analyzer and networking toolkit | http://netsniff-ng.org/ |
| scapy | Interactive packet manipulation tool and network scanner | http://www.secdev.org/projects/scapy/ |
| socat | Bidirectional data relay between two data channels ('netcat++') | http://www.dest-unreach.org/socat/ |
| tcpdump | A network traffic monitoring tool | http://www.tcpdump.org/ |
| tcptrack | Displays information about tcp connections on a network interface | http://www.rhythm.cx/~steve/devel/tcptrack/ |
| tcpflow | A tool for monitoring, capturing and storing TCP connections flows | http://www.circlemud.org/~jelson/software/tcpflow/ |
| tcpproxy | Transparent TCP Proxy | http://www.quietsche-entchen.de/cgi-bin/wiki.cgi/proxies/TcpProxy |
| etherdump | An extremely small packet sniffer | http://freshmeat.net/projects/etherdump/ |
| netdiscover | A network address discovering tool | http://sourceforge.net/projects/netdiscover/ |
| arpwatch | An ethernet monitoring program | http://www-nrg.ee.lbl.gov/ |
- nuttcp http://www.nuttcp.net
- argus http://qosient.com/argus/
- tcpick http://tcpick.sourceforge.net/
- tcpreen -- A TCP/IP re-engineering and monitoring program
- tcpdump -- A network traffic monitoring tool
- tcpflow -- Network traffic recorder
- tcpick -- A tcp stream sniffer, tracker and capturer
- tcping -- Check of TCP connection to a given IP/Port
- tcpjunk -- TCP protocols testing tool
- tcpreplay -- Replay captured network traffic
- tcptraceroute -- A traceroute implementation using TCP packets
- tcptrack -- Displays information about tcp connections on a network interface
- tcputils -- Utilities for TCP programming in shell-scripts
- tcp_wrappers -- A security tool which acts as a wrapper for TCP daemons
- tcpxtract -- Tool for extracting files from network traffic
- ttcp A tool for testing TCP connections http://www.pcausa.com/Utilities/pcattcp.htm
- unicornscan http://www.unicornscan.org/
- dsniff - Tools for network auditing and penetration testing
- httpry
- justniffer
- dietsniff
- Nast http://nast.berlios.de/
- brutessh http://www.edge-security.com/brutessh.php
- ettercap http://ettercap.sourceforge.net/ A network traffic sniffer/analyser
- icmpshell A tool that only uses ICMP for connections http://icmpshell.sourceforge.net/
Web Application Testing
- proxystrike http://www.edge-security.com/proxystrike.php
- sqlmap http://sqlmap.sourceforge.net/
- ratproxy - A passive web application security assessment tool
- sqlninja
- burpproxy
Misc tools
| Name | Description | URL |
|---|---|---|
| iptraf | A console-based network monitoring utility | http://iptraf.seul.org/ |
| iptop | Command line tool that displays bandwidth usage on an interface | http://www.ex-parrot.com/~pdw/iftop/ |
| clamav | An anti-virus toolkit for UNIX | http://www.clamav.net |
| p7zip | A command-line port of the 7zip compression utility | http://p7zip.sourceforge.net/ |
| nano | A simple ncurses text editor | http://www.nano-editor.org/ |
| ethtool | ... | ... |
| fping | A utility to ping multiple hosts at once | http://fping.sourceforge.net/ |
| rsync | A file transfer program to keep remote files in sync | http://rsync.samba.org/ |
| screen | A window manager that multiplexes a physical terminal | http://www.gnu.org/software/screen/ |
| multitail | A tool to view one or multiple files | http://www.vanheusden.com/multitail |
| shed | A simple hex editor | http://shed.sourceforge.net/ |
| mtr | Full screen ncurses traceroute tool | http://www.bitwizard.nl/mtr/ |
| e2fsprogs | Standard Ext2/3/4 filesystem utilities | http://e2fsprogs.sourceforge.net/ |
| openssh | An open source implementation of SSH protocol versions 1 and 2 | http://www.openssh.org/ |
- macchanger An utility for viewing/manipulating the MAC address of network interfaces http://www.alobbs.com/macchanger
Wireless
| Name | Description | URL |
|---|---|---|
| weplab | Analyzing WEP encryption security on wireless networks | http://weplab.sourceforge.net/ |
| kismet | A WLAN detector, sniffer, and IDS | http://www.kismetwireless.org/ |
|- | wavemon | 0 | An ncurses-based monitoring application for wireless network devices. | http://eden-feed.erg.abdn.ac.uk/wavemon/
|- | aircrack-ng | 802.11 (wireless) sniffer and WEP/WPA-PSK key cracker | http://www.aircrack-ng.org/
- pgpry PGP private key recovery http://pgpry.sourceforge.net/
- airsnarf A rogue AP setup utility http://airsnarf.shmoo.com/
- lorcon http://802.11ninja.net/lorcon/ A library for injecting 802.11 (WLAN) frames
Intrusion detection
| Name | Description | URL |
|---|---|---|
| nebula | An Intrusion Signature Generator | http://nebula.carnivore.it/ |
| snort | A network intrusion prevention and detection system | http://www.snort.org/ |
- aide - Intrusion detection environment
- chkrootkit - Tool to locally check for signs of a rootkit
- honeyd - Honeypot daemon
- labrea - Tarpit (slow to a crawl) worms and port scanners
- pads - Passive Asset Detection System
- rkhunter - A host-based tool to scan for rootkits, backdoors and local exploits
- tiger Security auditing on UNIX systems http://www.nongnu.org/tiger/
- prelude-lml - The prelude log analyzer
- prewikka - Graphical front-end analysis console for the Prelude Hybrid IDS * Framework
- prelude-manager - Prelude-Manager