Alpine security: Difference between revisions
m (→Network statistics: Update nethogs URL) |
|||
(103 intermediate revisions by 4 users not shown) | |||
Line 1: | Line 1: | ||
{{Note|This is work in progress. Not all packages are available at the moment}} | {{Note|This is work in progress. Not all packages are available at the moment.}} | ||
== Basics == | == Basics == | ||
Line 23: | Line 20: | ||
| Binary keymaps for busybox | | Binary keymaps for busybox | ||
| http://dev.alpinelinux.org/alpine/bkeymaps | | http://dev.alpinelinux.org/alpine/bkeymaps | ||
|- | |||
| network-extras | |||
| Meta package to pull in vlan, bonding, bridge and wifi support | |||
| http://alpinelinux.org | |||
|- | |||
| openssl | |||
| Toolkit for SSL v2/v3 and TLS v1 | |||
| http://openssl.org | |||
|- | |||
| tzdata | |||
| Timezone data | |||
| http://www.twinsun.com/tz/tz-link.htm | |||
|} | |} | ||
Line 36: | Line 45: | ||
| A tool for checking common errors in RPM packages | | A tool for checking common errors in RPM packages | ||
| http://rpmlint.zarb.org | | http://rpmlint.zarb.org | ||
|- | |- | ||
| pylint | | pylint | ||
Line 49: | Line 57: | ||
| A tool to find security related programming errors | | A tool to find security related programming errors | ||
| https://www.fortify.com/ssa-elements/threat-intelligence/rats.html | | https://www.fortify.com/ssa-elements/threat-intelligence/rats.html | ||
|- | |||
| pychecker | |||
| A analyser for python source code | |||
| http://pychecker.sourceforge.net/ | |||
|- | |||
| pyflakes | |||
| A passive checker of Python programs | |||
| https://launchpad.net/pyflakes | |||
|- | |||
| strace | |||
| A useful diagnositic, instructional, and debugging tool | |||
| http://sourceforge.net/projects/strace/ | |||
|- | |||
| netsink | |||
| A Network Sinkhole for Isolated Malware Analysis | |||
| https://github.com/shendo/netsink | |||
|} | |} | ||
Line 79: | Line 103: | ||
| Patched version of GNU dd for use in computer forensics | | Patched version of GNU dd for use in computer forensics | ||
| http://dc3dd.sourceforge.net/ | | http://dc3dd.sourceforge.net/ | ||
|- | |||
| ddrescue | |||
| Data recovery tool for block devices with errors | |||
| http://www.gnu.org/s/ddrescue/ddrescue.html | |||
|- | |- | ||
| testdisk | | testdisk | ||
Line 99: | Line 127: | ||
| A tool that collects data from allocated files in a mounted file system | | A tool that collects data from allocated files in a mounted file system | ||
| http://www.sleuthkit.org/mac-robber/desc.php | | http://www.sleuthkit.org/mac-robber/desc.php | ||
|- | |||
| wipe | |||
| Tool for securely erasing files from magnetic media | |||
| http://lambda-diode.com/software/wipe/ | |||
|- | |||
| nwipe | |||
| Securely erase disks using a variety of recognized methods | |||
| http://nwipe.sourceforge.net | |||
|- | |||
| jhead | |||
| An Exif jpeg header manipulation tool | |||
| http://www.sentex.net/~mwandel/jhead/ | |||
|} | |} | ||
<!-- ToDo | <!-- ToDo | ||
| | |- | ||
| | | aimage | ||
| http://www. | | Advanced Disk Imager | ||
| http://www.afflib.org | |||
|- | |||
| fiwalk | |||
| Batch analysis of a disk image | |||
| http://www.afflib.org | |||
|- | |||
| ftimes | |||
| A system baselining and evidence collection too | |||
| http://ftimes.sourceforge.net/FTimes/ | |||
http://sourceforge.net/projects/cdpr/ | |||
| rarcrack | |||
| http://rarcrack.sourceforge.net/ | |||
| extcarve | | extcarve | ||
| safecopy | | safecopy | ||
Line 122: | Line 179: | ||
* srm - Secure file deletion | * srm - Secure file deletion | ||
* unhide - Tool to find hidden processes and TCP/UDP ports from rootkits | * unhide - Tool to find hidden processes and TCP/UDP ports from rootkits | ||
chntpw | |||
samdump2 http://sourceforge.net/projects/ophcrack/files/samdump2/2.0.1/ | |||
creddump http://code.google.com/p/creddump/ | |||
Hydra | |||
Medusa | |||
volatility An advanced memory forensics framework http://code.google.com/p/volatility/ | |||
pdfcrack A Password Recovery Tool for PDF files http://pdfcrack.sourceforge.net/ | |||
http://code.google.com/p/logkeys/ | |||
--> | --> | ||
Line 131: | Line 197: | ||
! Description | ! Description | ||
! URL | ! URL | ||
|- | |||
| arpalert | |||
| Monitor ARP changes in ethernet networks | |||
| http://www.arpalert.org | |||
|- | |- | ||
| arpon | | arpon | ||
Line 187: | Line 257: | ||
| A network address discovering tool | | A network address discovering tool | ||
| http://sourceforge.net/projects/netdiscover/ | | http://sourceforge.net/projects/netdiscover/ | ||
|- | |||
| nmap | |||
| A network exploration tool and security/port scanner | |||
| http://nmap.org | |||
|- | |- | ||
| arpwatch | | arpwatch | ||
| An ethernet monitoring program | | An ethernet monitoring program | ||
| http://www-nrg.ee.lbl.gov/ | | http://www-nrg.ee.lbl.gov/ | ||
|- | |||
| nfswatch | |||
| An NFS traffic monitoring tool | |||
| http://nfswatch.sourceforge.net/ | |||
|- | |||
| p0f | |||
| Passive traffic fingerprinting tool | |||
| http://lcamtuf.coredump.cx/p0f3/ | |||
|- | |||
| hping3 | |||
| A ping-like TCP/IP packet assembler/analyzer | |||
| http://www.hping.org | |||
|- | |||
| sslscan | |||
| Security assessment tool for SSL | |||
| http://sourceforge.net/projects/sslscan/ | |||
|- | |||
| httpry | |||
| A packet sniffer designed for HTTP traffic | |||
| http://dumpsterventures.com/jason/httpry | |||
|- | |||
| bannergrab | |||
| A banner grabbing tool | |||
| http://sourceforge.net/projects/bannergrab | |||
|- | |||
| dnstop | |||
| A DNS traffic capture utility | |||
| http://dns.measurement-factory.com/tools/dnstop/ | |||
|- | |||
| flunym0us | |||
| A vulnerability scanner for wordpress and moodle | |||
| http://code.google.com/p/flunym0us/ | |||
|- | |||
| swaks | |||
| A transaction-oriented SMTP test tool | |||
| http://www.jetmore.org/john/code/swaks/ | |||
|- | |||
| onesixtyone | |||
| An efficient SNMP scanner | |||
| http://www.phreedom.org/software/onesixtyone/ | |||
|- | |||
| mitmproxy | |||
| An interactive SSL-capable intercepting HTTP proxy | |||
| http://www.mitmproxy.org/ | |||
|- | |||
| hexinject | |||
| A very versatile packet injector and sniffer | |||
| http://hexinject.sourceforge.net/ | |||
|- | |||
| [[Setting up OpenVAS9|openvas]] | |||
| Vulnerability scanner and manager | |||
| http://www.openvas.org/src-doc/openvas-manager/index.html | |||
|} | |} | ||
<!-- ToDo | <!-- ToDo | ||
whatweb | |||
A website fingerprinter | |||
http://www.morningstarsecurity.com/research/whatweb | |||
blindelephant | |||
A web application fingerprinter | |||
http://blindelephant.sourceforge.net/ | |||
dpkt | |||
python packet creation / parsing library | |||
http://code.google.com/p/dpkt/ | |||
Wireplay | |||
A minimalist approach to replay pcap dumped TCP sessions with modification as required. | |||
http://code.google.com/p/wireplay/ | |||
|- | |||
| ike-scan | |||
| An IPsec VPN scanning, fingerprinting, and testing tool | |||
| http://www.nta-monitor.com/tools/ike-scan/ | |||
http://inguma.sourceforge.net/ | |||
* nuttcp http://www.nuttcp.net | * nuttcp http://www.nuttcp.net | ||
* argus http://qosient.com/argus/ | * argus http://qosient.com/argus/ | ||
Line 213: | Line 361: | ||
* unicornscan http://www.unicornscan.org/ | * unicornscan http://www.unicornscan.org/ | ||
* dsniff - Tools for network auditing and penetration testing | * dsniff - Tools for network auditing and penetration testing | ||
* httpry | * httpry http://dumpsterventures.com/jason/httpry/ | ||
* justniffer | * justniffer | ||
* dietsniff | * dietsniff | ||
Line 220: | Line 368: | ||
* ettercap http://ettercap.sourceforge.net/ A network traffic sniffer/analyser | * ettercap http://ettercap.sourceforge.net/ A network traffic sniffer/analyser | ||
* icmpshell A tool that only uses ICMP for connections http://icmpshell.sourceforge.net/ | * icmpshell A tool that only uses ICMP for connections http://icmpshell.sourceforge.net/ | ||
http://code.google.com/p/yapscan/ | |||
egressor http://packetfactory.openwall.net/projects/egressor/ | |||
arpoc http://www.phenoelit.org/arpoc/index.html | |||
loadbalancer-finder http://code.google.com/p/loadbalancer-finder/ | |||
--> | --> | ||
== | ==Application Testing== | ||
{| cellpadding="5" border="1" class="wikitable" | {| cellpadding="5" border="1" class="wikitable" | ||
|- | |- | ||
! Name | ! Name | ||
! Description | ! Description | ||
! URL | ! URL | ||
|- | |- | ||
| | | wbox | ||
| | | HTTP testing tool and configuration-less HTTP server | ||
| | | http://www.hping.org/wbox/ | ||
| | |- | ||
| slowhttptest | |||
| An application Layer DoS attack simulator | |||
| http://code.google.com/p/slowhttptest | |||
|- | |||
| nikto | |||
| A web application security scanner | |||
| https://www.cirt.net/Nikto2 | |||
|} | |||
<!-- | |||
|- | |- | ||
| | | arachni | ||
| | | Web application security scanner framework | ||
| http://arachni-scanner.com/ | |||
| | | | ||
wpscan http://wpscan.org/ A vulnerability scanner for WordPress installations | |||
- | |||
http://www.rootkit.nl/projects/lynis.html | |||
wapiti http://www.ict-romulus.eu/web/wapiti/home | |||
* proxystrike http://www.edge-security.com/proxystrike.php | * proxystrike http://www.edge-security.com/proxystrike.php | ||
* sqlmap http://sqlmap.sourceforge.net/ | * sqlmap http://sqlmap.sourceforge.net/ | ||
* ratproxy - A passive web application security assessment tool | * ratproxy - A passive web application security assessment tool | ||
* sqlninja | * sqlninja | ||
* fimap A little tool for local and remote file inclusion auditing and exploitation http://code.google.com/p/fimap/ | |||
* burpproxy | * burpproxy | ||
mysqlenum An automatic blind SQL injection tool | |||
mole themole.nasel.com.ar | |||
http://motomastyle.com/pyloris/ | |||
http://www.buck-security.org/buck-security.html | |||
http://freecode.com/projects/trusion | |||
http://www.parosproxy.org/ | |||
BeEF http://beefproject.com/ | |||
http://code.google.com/p/zaproxy/ | |||
http://code.google.com/p/webapptools/ | |||
slowhttptest An application Layer DoS attack simulator http://code.google.com/p/slowhttptest/ | |||
http://code.google.com/p/ghost-phisher/ | |||
http://code.google.com/p/fern-wifi-cracker/ | |||
http://code.google.com/p/intrinsec-xmlrpc-scanner/ | |||
http://code.google.com/p/gsploit/ | |||
patator A multi-purpose brute-forcer, with a modular design and a flexible usage http://code.google.com/p/patator/ | |||
--> | |||
== | == Network statistics == | ||
{| cellpadding="5" border="1" class="wikitable" | {| cellpadding="5" border="1" class="wikitable" | ||
|- | |- | ||
Line 256: | Line 438: | ||
! URL | ! URL | ||
|- | |- | ||
| iptraf | | iperf | ||
| Tool to measure IP bandwidth using UDP or TCP | |||
| http://iperf.sourceforge.net/ | |||
|- | |||
| iptraf-ng | |||
| A console-based network monitoring utility | | A console-based network monitoring utility | ||
| | | https://fedorahosted.org/iptraf-ng/ | ||
|- | |- | ||
| iptop | | iptop | ||
| Command line tool that displays bandwidth usage on an interface | | Command line tool that displays bandwidth usage on an interface | ||
| http://www.ex-parrot.com/~pdw/iftop/ | | http://www.ex-parrot.com/~pdw/iftop/ | ||
|- | |||
| fping | |||
| A utility to ping multiple hosts at once | |||
| http://fping.sourceforge.net/ | |||
|- | |||
| mtr | |||
| Full screen ncurses traceroute tool | |||
| http://www.bitwizard.nl/mtr/ | |||
|- | |||
| speedometer | |||
| Measure and display the rate of data across a network connection or data being stored in a file | |||
| http://excess.org/speedometer/ | |||
|- | |||
| nfdump | |||
| The nfdump tools collect and process netflow data on the command line | |||
| http://nfdump.sourceforge.net/ | |||
|- | |||
| nethogs | |||
| Top-like monitor for network traffic | |||
| http://raboof.github.io/nethogs/ | |||
|- | |||
| iptstate | |||
| Top-like interface to netfilter connection-tracking table | |||
| http://www.phildev.net/iptstate/ | |||
|} | |||
<!-- | |||
EthStatus | |||
nttcp | |||
netio http://www.ars.de/ars/ars.nsf/docs/netio | |||
--> | |||
== Misc tools == | |||
{| cellpadding="5" border="1" class="wikitable" | |||
|- | |||
! Name | |||
! Description | |||
! URL | |||
|- | |||
| bash-completion | |||
| Command-line tab-completion for bash | |||
| http://bash-completion.alioth.debian.org/ | |||
|- | |- | ||
| clamav | | clamav | ||
Line 275: | Line 505: | ||
| A simple ncurses text editor | | A simple ncurses text editor | ||
| http://www.nano-editor.org/ | | http://www.nano-editor.org/ | ||
|- | |- | ||
| rsync | | rsync | ||
Line 289: | Line 511: | ||
|- | |- | ||
| screen | | screen | ||
| A | | A terminal multiplexer, used to multiplex several virtual consoles. Similar to "tmux" below | ||
| http://www.gnu.org/software/screen/ | | http://www.gnu.org/software/screen/ | ||
|- | |||
| tmux | |||
| A terminal multiplexer, used to multiplex several virtual consoles. Similar to "screen" above | |||
| https://tmux.github.io/ | |||
|- | |- | ||
| multitail | | multitail | ||
Line 299: | Line 525: | ||
| A simple hex editor | | A simple hex editor | ||
| http://shed.sourceforge.net/ | | http://shed.sourceforge.net/ | ||
|- | |- | ||
| e2fsprogs | | e2fsprogs | ||
Line 311: | Line 533: | ||
| An open source implementation of SSH protocol versions 1 and 2 | | An open source implementation of SSH protocol versions 1 and 2 | ||
| http://www.openssh.org/ | | http://www.openssh.org/ | ||
|- | |||
| passwdgen | |||
| A random password generator | |||
| http://code.google.com/p/passwdgen/ | |||
|- | |||
| partclone | |||
| Back up and restore used-blocks of a partition | |||
| http://partclone.org | |||
|- | |||
| sshguard | |||
| Log monitor that blocks with iptables on bad behaviour | |||
| http://www.sshguard.net/download/ | |||
|- | |||
| proxychains | |||
| A tool that forces any TCP connection through proxies | |||
| http://proxychains.sourceforge.net | |||
|- | |||
| knock | |||
| A simple port-knocking daemon | |||
| http://www.zeroflux.org/projects/knock | |||
|- | |||
| logcheck | |||
| A simple utility which is designed to allow a system administrator to view the logfiles | |||
| http://www.logcheck.org | |||
|- | |||
| mc | |||
| A visual file manager | |||
| https://www.midnight-commander.org/ | |||
|- | |||
| makepasswd | |||
| Generates (pseudo-)random passwords of a desired length | |||
| http://people.defora.org/~khorben/projects/makepasswd/ | |||
|- | |||
| lnav | |||
| A curses-based tool for viewing and analyzing log files | |||
| http://lnav.org | |||
|- | |||
| goaccess | |||
| A real-time web log analyzer and interactive viewer | |||
| http://goaccess.prosoftcorp.com/ | |||
|} | |} | ||
<!-- | |||
| macchanger | |||
| An utility for viewing/manipulating the MAC address of network interfaces | |||
| http://www.alobbs.com/macchanger | |||
| denyhosts | |||
| A script to help thwart ssh server attacks | |||
| http://denyhosts.sourceforge.net/ | |||
| fwknop | |||
| A cobination of port knocking and passive OS fingerprinting | |||
| http://www.cipherdyne.org/fwknop/ | |||
chkrootkit | |||
bonesi http://code.google.com/p/bonesi/ | |||
--> | |||
== VoIP== | |||
{| cellpadding="5" border="1" class="wikitable" | |||
|- | |||
! Name | |||
! Description | |||
! URL | |||
|- | |||
| sipp | |||
| A test tool / traffic generator for the SIP protocol | |||
| http://sipp.sourceforge.net/ | |||
|- | |||
| voiphopper | |||
| A VLAN Hop security test | |||
| http://voiphopper.sourceforge.net/ | |||
|- | |||
| sipvicious | |||
| Tools for auditing SIP based VoIP systems | |||
| http://code.google.com/p/sipvicious/ | |||
|- | |||
| sipcrack | |||
| A SIP protocol login cracker | |||
| http://packages.debian.org/lenny/sipcrack | |||
|- | |||
| sipsak | |||
| SIP swiss army knife | |||
| http://sipsak.org/ | |||
|- | |||
| smap | |||
| A simple scanner for SIP enabled devices | |||
| http://www.wormulon.net/smap | |||
|} | |||
<!-- | |||
|- | |||
| oreka | |||
| An audio stream recording and retrieval system | |||
| http://oreka.sourceforge.net/ | |||
|- | |||
| sipflanker | |||
| Finder for vulnerable Web GUIs deployed by IP phones and PBXs | |||
| http://code.google.com/p/sipflanker/ | |||
ucsniff A VoIP and IP video security assessment tool http://ucsniff.sourceforge.net/ | |||
videosharf | |||
--> | |||
== Wireless == | == Wireless == | ||
Line 330: | Line 654: | ||
| A WLAN detector, sniffer, and IDS | | A WLAN detector, sniffer, and IDS | ||
| http://www.kismetwireless.org/ | | http://www.kismetwireless.org/ | ||
| | |- | ||
| cowpatty | |||
| Attacking WPA/WPA2-PSK exchanges | |||
| http://www.willhackforsushi.com/Cowpatty.html | |||
|- | |- | ||
| wavemon | | wavemon | ||
| | | Ncurses-based monitoring application for wireless network devices | ||
| http://eden-feed.erg.abdn.ac.uk/wavemon/ | | http://eden-feed.erg.abdn.ac.uk/wavemon/ | ||
|} | |||
<!-- Todo | |||
|- | |- | ||
| aircrack-ng | | aircrack-ng | ||
Line 346: | Line 674: | ||
* airsnarf A rogue AP setup utility http://airsnarf.shmoo.com/ | * airsnarf A rogue AP setup utility http://airsnarf.shmoo.com/ | ||
* lorcon http://802.11ninja.net/lorcon/ A library for injecting 802.11 (WLAN) frames | * lorcon http://802.11ninja.net/lorcon/ A library for injecting 802.11 (WLAN) frames | ||
quickset A suite of tools designed to setup the basics for a PenTest http://code.google.com/p/quickset/ | |||
wifite An automated wireless auditor http://code.google.com/p/wifite/ | |||
reaver Brute force attack against Wifi Protected Setup http://code.google.com/p/reaver-wps/ | |||
--> | |||
== Intrusion detection == | == Intrusion detection == | ||
Line 364: | Line 696: | ||
|} | |} | ||
<!-- | |||
aide| Intrusion detection environment | |||
chkrootkit| Tool to locally check for signs of a rootkit | |||
honeyd| Honeypot daemon | |||
labrea| Tarpit (slow to a crawl) worms and port scanners | |||
pads| Passive Asset Detection System | |||
rkhunter| A host-based tool to scan for rootkits, backdoors and local exploits | |||
tiger| Security auditing on UNIX systems| http://www.nongnu.org/tiger/ | |||
prelude-lml| The prelude log analyzer | |||
prewikka| Graphical front-end analysis console for the Prelude Hybrid IDS * Framework | |||
prelude-manager| Prelude-Manager | |||
nemesis|A TCP/IP packet injection tool| http://nemesis.sourceforge.net/ | |||
inundator| An IDS detection false positives generator| http://inundator.sourceforge.net/ | |||
--> | |||
<!-- | |||
More tools: | |||
http://sectools.org/tag/new/ | |||
http://www.voipsa.org/Resources/tools.php | |||
http://securitytube-tools.net/index.php?title=Welcome_to_SecurityTube_Tools | |||
http://www.goitworld.com/top-15-free-sql-injection-scanners/ | |||
--> | |||
[[Category:ISO]] |
Revision as of 19:29, 2 December 2017
Note: This is work in progress. Not all packages are available at the moment.
Basics
Name | Description | URL |
---|---|---|
alpine-base | Alpine base package | http://alpinelinux.org |
alpine-mirrors | List of Alpine Linux Mirrors | http://alpinelinux.org/ |
bkeymaps | Binary keymaps for busybox | http://dev.alpinelinux.org/alpine/bkeymaps |
network-extras | Meta package to pull in vlan, bonding, bridge and wifi support | http://alpinelinux.org |
openssl | Toolkit for SSL v2/v3 and TLS v1 | http://openssl.org |
tzdata | Timezone data | http://www.twinsun.com/tz/tz-link.htm |
Code Analysis
Name | Description | URL |
---|---|---|
rpmlint | A tool for checking common errors in RPM packages | http://rpmlint.zarb.org |
pylint | Analyzes Python code looking for bugs and signs of poor quality | http://pypi.python.org/pypi/pylint |
flawfinder | Examines C/C++ source code for security flaws | http://www.dwheeler.com/flawfinder/ |
rats | A tool to find security related programming errors | https://www.fortify.com/ssa-elements/threat-intelligence/rats.html |
pychecker | A analyser for python source code | http://pychecker.sourceforge.net/ |
pyflakes | A passive checker of Python programs | https://launchpad.net/pyflakes |
strace | A useful diagnositic, instructional, and debugging tool | http://sourceforge.net/projects/strace/ |
netsink | A Network Sinkhole for Isolated Malware Analysis | https://github.com/shendo/netsink |
Forensics / Data recovery tools
Name | Description | URL |
---|---|---|
dc3dd | Patched version of GNU dd for use in computer forensics | http://dc3dd.sourceforge.net/ |
ddrescue | Data recovery tool for block devices with errors | http://www.gnu.org/s/ddrescue/ddrescue.html |
testdisk | A powerful free data recovery software | http://www.cgsecurity.org/wiki/TestDisk |
scrub | Disk scrubbing program | http://code.google.com/p/diskscrub/ |
ncdu | A curses-based version of the well-known "du" | http://dev.yorhel.nl/ncdu |
htop | An interactive process viewer for Linux | http://htop.sourceforge.net/ |
mac-robber | A tool that collects data from allocated files in a mounted file system | http://www.sleuthkit.org/mac-robber/desc.php |
wipe | Tool for securely erasing files from magnetic media | http://lambda-diode.com/software/wipe/ |
nwipe | Securely erase disks using a variety of recognized methods | http://nwipe.sourceforge.net |
jhead | An Exif jpeg header manipulation tool | http://www.sentex.net/~mwandel/jhead/ |
Reconnaissance
Name | Description | URL |
---|---|---|
arpalert | Monitor ARP changes in ethernet networks | http://www.arpalert.org |
arpon | ARP handler inspection | http://arpon.sourceforge.net/ |
dnsenum | A tool to enumerate DNS info about domains | http://code.google.com/p/dnsenum/ |
halberd | A tool to discover HTTP load balancers | http://halberd.superadditive.com/ |
scanssh | Fast SSH server and open proxy scanner | http://monkey.org/~provos/scanssh/ |
ngrep | Network layer grep tool | http://ngrep.sourceforge.net/ |
netsniff-ng | A performant Linux network analyzer and networking toolkit | http://netsniff-ng.org/ |
scapy | Interactive packet manipulation tool and network scanner | http://www.secdev.org/projects/scapy/ |
socat | Bidirectional data relay between two data channels ('netcat++') | http://www.dest-unreach.org/socat/ |
tcpdump | A network traffic monitoring tool | http://www.tcpdump.org/ |
tcptrack | Displays information about tcp connections on a network interface | http://www.rhythm.cx/~steve/devel/tcptrack/ |
tcpflow | A tool for monitoring, capturing and storing TCP connections flows | http://www.circlemud.org/~jelson/software/tcpflow/ |
tcpproxy | Transparent TCP Proxy | http://www.quietsche-entchen.de/cgi-bin/wiki.cgi/proxies/TcpProxy |
etherdump | An extremely small packet sniffer | http://freshmeat.net/projects/etherdump/ |
netdiscover | A network address discovering tool | http://sourceforge.net/projects/netdiscover/ |
nmap | A network exploration tool and security/port scanner | http://nmap.org |
arpwatch | An ethernet monitoring program | http://www-nrg.ee.lbl.gov/ |
nfswatch | An NFS traffic monitoring tool | http://nfswatch.sourceforge.net/ |
p0f | Passive traffic fingerprinting tool | http://lcamtuf.coredump.cx/p0f3/ |
hping3 | A ping-like TCP/IP packet assembler/analyzer | http://www.hping.org |
sslscan | Security assessment tool for SSL | http://sourceforge.net/projects/sslscan/ |
httpry | A packet sniffer designed for HTTP traffic | http://dumpsterventures.com/jason/httpry |
bannergrab | A banner grabbing tool | http://sourceforge.net/projects/bannergrab |
dnstop | A DNS traffic capture utility | http://dns.measurement-factory.com/tools/dnstop/ |
flunym0us | A vulnerability scanner for wordpress and moodle | http://code.google.com/p/flunym0us/ |
swaks | A transaction-oriented SMTP test tool | http://www.jetmore.org/john/code/swaks/ |
onesixtyone | An efficient SNMP scanner | http://www.phreedom.org/software/onesixtyone/ |
mitmproxy | An interactive SSL-capable intercepting HTTP proxy | http://www.mitmproxy.org/ |
hexinject | A very versatile packet injector and sniffer | http://hexinject.sourceforge.net/ |
openvas | Vulnerability scanner and manager | http://www.openvas.org/src-doc/openvas-manager/index.html |
Application Testing
Name | Description | URL |
---|---|---|
wbox | HTTP testing tool and configuration-less HTTP server | http://www.hping.org/wbox/ |
slowhttptest | An application Layer DoS attack simulator | http://code.google.com/p/slowhttptest |
nikto | A web application security scanner | https://www.cirt.net/Nikto2 |
Network statistics
Name | Description | URL |
---|---|---|
iperf | Tool to measure IP bandwidth using UDP or TCP | http://iperf.sourceforge.net/ |
iptraf-ng | A console-based network monitoring utility | https://fedorahosted.org/iptraf-ng/ |
iptop | Command line tool that displays bandwidth usage on an interface | http://www.ex-parrot.com/~pdw/iftop/ |
fping | A utility to ping multiple hosts at once | http://fping.sourceforge.net/ |
mtr | Full screen ncurses traceroute tool | http://www.bitwizard.nl/mtr/ |
speedometer | Measure and display the rate of data across a network connection or data being stored in a file | http://excess.org/speedometer/ |
nfdump | The nfdump tools collect and process netflow data on the command line | http://nfdump.sourceforge.net/ |
nethogs | Top-like monitor for network traffic | http://raboof.github.io/nethogs/ |
iptstate | Top-like interface to netfilter connection-tracking table | http://www.phildev.net/iptstate/ |
Misc tools
Name | Description | URL |
---|---|---|
bash-completion | Command-line tab-completion for bash | http://bash-completion.alioth.debian.org/ |
clamav | An anti-virus toolkit for UNIX | http://www.clamav.net |
p7zip | A command-line port of the 7zip compression utility | http://p7zip.sourceforge.net/ |
nano | A simple ncurses text editor | http://www.nano-editor.org/ |
rsync | A file transfer program to keep remote files in sync | http://rsync.samba.org/ |
screen | A terminal multiplexer, used to multiplex several virtual consoles. Similar to "tmux" below | http://www.gnu.org/software/screen/ |
tmux | A terminal multiplexer, used to multiplex several virtual consoles. Similar to "screen" above | https://tmux.github.io/ |
multitail | A tool to view one or multiple files | http://www.vanheusden.com/multitail |
shed | A simple hex editor | http://shed.sourceforge.net/ |
e2fsprogs | Standard Ext2/3/4 filesystem utilities | http://e2fsprogs.sourceforge.net/ |
openssh | An open source implementation of SSH protocol versions 1 and 2 | http://www.openssh.org/ |
passwdgen | A random password generator | http://code.google.com/p/passwdgen/ |
partclone | Back up and restore used-blocks of a partition | http://partclone.org |
sshguard | Log monitor that blocks with iptables on bad behaviour | http://www.sshguard.net/download/ |
proxychains | A tool that forces any TCP connection through proxies | http://proxychains.sourceforge.net |
knock | A simple port-knocking daemon | http://www.zeroflux.org/projects/knock |
logcheck | A simple utility which is designed to allow a system administrator to view the logfiles | http://www.logcheck.org |
mc | A visual file manager | https://www.midnight-commander.org/ |
makepasswd | Generates (pseudo-)random passwords of a desired length | http://people.defora.org/~khorben/projects/makepasswd/ |
lnav | A curses-based tool for viewing and analyzing log files | http://lnav.org |
goaccess | A real-time web log analyzer and interactive viewer | http://goaccess.prosoftcorp.com/ |
VoIP
Name | Description | URL |
---|---|---|
sipp | A test tool / traffic generator for the SIP protocol | http://sipp.sourceforge.net/ |
voiphopper | A VLAN Hop security test | http://voiphopper.sourceforge.net/ |
sipvicious | Tools for auditing SIP based VoIP systems | http://code.google.com/p/sipvicious/ |
sipcrack | A SIP protocol login cracker | http://packages.debian.org/lenny/sipcrack |
sipsak | SIP swiss army knife | http://sipsak.org/ |
smap | A simple scanner for SIP enabled devices | http://www.wormulon.net/smap |
Wireless
Name | Description | URL |
---|---|---|
weplab | Analyzing WEP encryption security on wireless networks | http://weplab.sourceforge.net/ |
kismet | A WLAN detector, sniffer, and IDS | http://www.kismetwireless.org/ |
cowpatty | Attacking WPA/WPA2-PSK exchanges | http://www.willhackforsushi.com/Cowpatty.html |
wavemon | Ncurses-based monitoring application for wireless network devices | http://eden-feed.erg.abdn.ac.uk/wavemon/ |
Intrusion detection
Name | Description | URL |
---|---|---|
nebula | An Intrusion Signature Generator | http://nebula.carnivore.it/ |
snort | A network intrusion prevention and detection system | http://www.snort.org/ |