Alpine security

From Alpine Linux
Revision as of 11:17, 2 October 2012 by Fab (talk | contribs) (→‎VoIP: sipflanker added)
Note: This is work in progress. Not all packages are available at the moment.


Alpine Security provides a toolset to work on security auditing, forensics, system rescue, and teaching security testing methodologies. The tool list contains packages for code analysis, forensics and data recovery, reconnaissance, network statistics, VoIP, wireless lan, and IDS.

The target is not to start a competition with the Fedora Security Lab or Backtrack. But rather make it easy to use the particular tools with Alpine Linux in a small, non GUI, and busybox-based system.

With the simple python-based config-builder script this page can be transformed into a plaintext file for the usage with alpine-iso.

Basics

Name Description URL
alpine-base Alpine base package http://alpinelinux.org
alpine-mirrors List of Alpine Linux Mirrors http://alpinelinux.org/
bkeymaps Binary keymaps for busybox http://dev.alpinelinux.org/alpine/bkeymaps
network-extras Meta package to pull in vlan, bonding, bridge and wifi support http://alpinelinux.org
openssl Toolkit for SSL v2/v3 and TLS v1 http://openssl.org
tzdata Timezone data http://www.twinsun.com/tz/tz-link.htm

Code Analysis

Name Description URL
rpmlint A tool for checking common errors in RPM packages http://rpmlint.zarb.org
pylint Analyzes Python code looking for bugs and signs of poor quality http://pypi.python.org/pypi/pylint
flawfinder Examines C/C++ source code for security flaws http://www.dwheeler.com/flawfinder/
rats A tool to find security related programming errors https://www.fortify.com/ssa-elements/threat-intelligence/rats.html
pychecker A analyser for python source code http://pychecker.sourceforge.net/
pyflakes A passive checker of Python programs https://launchpad.net/pyflakes
strace A useful diagnositic, instructional, and debugging tool http://sourceforge.net/projects/strace/


Forensics / Data recovery tools

Name Description URL
dc3dd Patched version of GNU dd for use in computer forensics http://dc3dd.sourceforge.net/
ddrescue Data recovery tool for block devices with errors http://www.gnu.org/s/ddrescue/ddrescue.html
testdisk A powerful free data recovery software http://www.cgsecurity.org/wiki/TestDisk
scrub Disk scrubbing program http://code.google.com/p/diskscrub/
ncdu A curses-based version of the well-known "du" http://dev.yorhel.nl/ncdu
htop An interactive process viewer for Linux http://htop.sourceforge.net/
mac-robber A tool that collects data from allocated files in a mounted file system http://www.sleuthkit.org/mac-robber/desc.php
wipe Tool for securely erasing files from magnetic media http://lambda-diode.com/software/wipe/
nwipe Securely erase disks using a variety of recognized methods http://nwipe.sourceforge.net
jhead An Exif jpeg header manipulation tool http://www.sentex.net/~mwandel/jhead/


Reconnaissance

Name Description URL
arpalert Monitor ARP changes in ethernet networks http://www.arpalert.org
arpon ARP handler inspection http://arpon.sourceforge.net/
dnsenum A tool to enumerate DNS info about domains http://code.google.com/p/dnsenum/
halberd A tool to discover HTTP load balancers http://halberd.superadditive.com/
scanssh Fast SSH server and open proxy scanner http://monkey.org/~provos/scanssh/
ngrep Network layer grep tool http://ngrep.sourceforge.net/
netsniff-ng A performant Linux network analyzer and networking toolkit http://netsniff-ng.org/
scapy Interactive packet manipulation tool and network scanner http://www.secdev.org/projects/scapy/
socat Bidirectional data relay between two data channels ('netcat++') http://www.dest-unreach.org/socat/
tcpdump A network traffic monitoring tool http://www.tcpdump.org/
tcptrack Displays information about tcp connections on a network interface http://www.rhythm.cx/~steve/devel/tcptrack/
tcpflow A tool for monitoring, capturing and storing TCP connections flows http://www.circlemud.org/~jelson/software/tcpflow/
tcpproxy Transparent TCP Proxy http://www.quietsche-entchen.de/cgi-bin/wiki.cgi/proxies/TcpProxy
etherdump An extremely small packet sniffer http://freshmeat.net/projects/etherdump/
netdiscover A network address discovering tool http://sourceforge.net/projects/netdiscover/
nmap A network exploration tool and security/port scanner http:/nmap.org
arpwatch An ethernet monitoring program http://www-nrg.ee.lbl.gov/
nfswatch An NFS traffic monitoring tool http://nfswatch.sourceforge.net/
p0f Passive traffic fingerprinting tool http://lcamtuf.coredump.cx/p0f3/


Application Testing

Name Description URL
wbox HTTP testing tool and configuration-less HTTP server http://www.hping.org/wbox/


Network statistics

Name Description URL
iperf Tool to measure IP bandwidth using UDP or TCP http://iperf.sourceforge.net/
iptraf-ng A console-based network monitoring utility https://fedorahosted.org/iptraf-ng/
iptop Command line tool that displays bandwidth usage on an interface http://www.ex-parrot.com/~pdw/iftop/
fping A utility to ping multiple hosts at once http://fping.sourceforge.net/
mtr Full screen ncurses traceroute tool http://www.bitwizard.nl/mtr/
speedometer Measure and display the rate of data across a network connection or data being stored in a file http://excess.org/speedometer/
nfdump The nfdump tools collect and process netflow data on the command line http://nfdump.sourceforge.net/
nethogs Top-like monitor for network traffic http://nethogs.sourceforge.net


Misc tools

Name Description URL
bash-completion Command-line tab-completion for bash http://bash-completion.alioth.debian.org/
clamav An anti-virus toolkit for UNIX http://www.clamav.net
p7zip A command-line port of the 7zip compression utility http://p7zip.sourceforge.net/
nano A simple ncurses text editor http://www.nano-editor.org/
rsync A file transfer program to keep remote files in sync http://rsync.samba.org/
screen A window manager that multiplexes a physical terminal http://www.gnu.org/software/screen/
multitail A tool to view one or multiple files http://www.vanheusden.com/multitail
shed A simple hex editor http://shed.sourceforge.net/
e2fsprogs Standard Ext2/3/4 filesystem utilities http://e2fsprogs.sourceforge.net/
openssh An open source implementation of SSH protocol versions 1 and 2 http://www.openssh.org/
passwdgen A random password generator http://code.google.com/p/passwdgen/
partclone Back up and restore used-blocks of a partition http://partclone.org
sshguard Log monitor that blocks with iptables on bad behaviour http://www.sshguard.net/download/
proxychains A tool that forces any TCP connection through proxies http://proxychains.sourceforge.net
knock A simple port-knocking daemon http://www.zeroflux.org/projects/knock
logcheck A simple utility which is designed to allow a system administrator to view the logfiles http://www.logcheck.org


VoIP

Name Description URL
sipp A test tool / traffic generator for the SIP protocol http://sipp.sourceforge.net/
voiphopper A VLAN Hop security test http://voiphopper.sourceforge.net/
sipvicious Tools for auditing SIP based VoIP systems http://code.google.com/p/sipvicious/
sipcrack A SIP protocol login cracker http://packages.debian.org/lenny/sipcrack
sipsak SIP swiss army knife http://sipsak.org/
smap A simple scanner for SIP enabled devices http://www.wormulon.net/smap


Wireless

Name Description URL
weplab Analyzing WEP encryption security on wireless networks http://weplab.sourceforge.net/
kismet A WLAN detector, sniffer, and IDS http://www.kismetwireless.org/
cowpatty Attacking WPA/WPA2-PSK exchanges http://www.willhackforsushi.com/Cowpatty.html
wavemon Ncurses-based monitoring application for wireless network devices http://eden-feed.erg.abdn.ac.uk/wavemon/


Intrusion detection

Name Description URL
nebula An Intrusion Signature Generator http://nebula.carnivore.it/
snort A network intrusion prevention and detection system http://www.snort.org/