Alpine security: Difference between revisions

From Alpine Linux
m (→‎Network statistics: Update nethogs URL)
(64 intermediate revisions by 4 users not shown)
Line 1: Line 1:
{{Note|This is work in progress. Not all packages are available at the moment}}
{{Note|This is work in progress. Not all packages are available at the moment.}}
 
 
Alpine Security provides a toolset to work on security auditing, forensics, system rescue, and teaching security testing methodologies.


== Basics ==
== Basics ==
Line 23: Line 20:
| Binary keymaps for busybox
| Binary keymaps for busybox
| http://dev.alpinelinux.org/alpine/bkeymaps
| http://dev.alpinelinux.org/alpine/bkeymaps
|-
| network-extras
| Meta package to pull in vlan, bonding, bridge and wifi support
| http://alpinelinux.org
|-
| openssl
| Toolkit for SSL v2/v3 and TLS v1
| http://openssl.org
|-
| tzdata
| Timezone data
| http://www.twinsun.com/tz/tz-link.htm
|}
|}


Line 36: Line 45:
| A tool for checking common errors in RPM packages
| A tool for checking common errors in RPM packages
| http://rpmlint.zarb.org
| http://rpmlint.zarb.org
|-
|-
| pylint
| pylint
Line 49: Line 57:
| A tool to find security related programming errors
| A tool to find security related programming errors
| https://www.fortify.com/ssa-elements/threat-intelligence/rats.html
| https://www.fortify.com/ssa-elements/threat-intelligence/rats.html
|-
| pychecker
| A analyser for python source code
| http://pychecker.sourceforge.net/
|-
| pyflakes
| A passive checker of Python programs
| https://launchpad.net/pyflakes
|-
| strace
| A useful diagnositic, instructional, and debugging tool
| http://sourceforge.net/projects/strace/
|-
| netsink
| A Network Sinkhole for Isolated Malware Analysis
| https://github.com/shendo/netsink
|}
|}


Line 79: Line 103:
| Patched version of GNU dd for use in computer forensics  
| Patched version of GNU dd for use in computer forensics  
| http://dc3dd.sourceforge.net/
| http://dc3dd.sourceforge.net/
|-
| ddrescue
| Data recovery tool for block devices with errors
| http://www.gnu.org/s/ddrescue/ddrescue.html
|-
|-
| testdisk
| testdisk
Line 135: Line 163:
| http://rarcrack.sourceforge.net/
| http://rarcrack.sourceforge.net/


| diskrescue
| GNU data recovery tool
| http://www.gnu.org/software/ddrescue/ddrescue.html
| extcarve
| extcarve
| safecopy  
| safecopy  
Line 172: Line 197:
! Description
! Description
! URL
! URL
|-
| arpalert
| Monitor ARP changes in ethernet networks
| http://www.arpalert.org
|-
|-
| arpon
| arpon
Line 228: Line 257:
| A network address discovering tool
| A network address discovering tool
| http://sourceforge.net/projects/netdiscover/
| http://sourceforge.net/projects/netdiscover/
|-
| nmap
| A network exploration tool and security/port scanner
| http://nmap.org
|-
|-
| arpwatch
| arpwatch
Line 236: Line 269:
| An NFS traffic monitoring tool
| An NFS traffic monitoring tool
| http://nfswatch.sourceforge.net/
| http://nfswatch.sourceforge.net/
|-
| sipp
| A test tool / traffic generator for the SIP protocol
| http://sipp.sourceforge.net/
|-
|-
| p0f
| p0f
| Passive traffic fingerprinting tool
| Passive traffic fingerprinting tool
| http://lcamtuf.coredump.cx/p0f3/
| http://lcamtuf.coredump.cx/p0f3/
|-
| hping3
| A ping-like TCP/IP packet assembler/analyzer
| http://www.hping.org
|-
| sslscan
| Security assessment tool for SSL
| http://sourceforge.net/projects/sslscan/
|-
| httpry
| A packet sniffer designed for HTTP traffic
| http://dumpsterventures.com/jason/httpry
|-
| bannergrab
| A banner grabbing tool
| http://sourceforge.net/projects/bannergrab
|-
| dnstop
| A DNS traffic capture utility
| http://dns.measurement-factory.com/tools/dnstop/
|-
| flunym0us
| A vulnerability scanner for wordpress and moodle
| http://code.google.com/p/flunym0us/
|-
| swaks
| A transaction-oriented SMTP test tool
| http://www.jetmore.org/john/code/swaks/
|-
| onesixtyone
| An efficient SNMP scanner
| http://www.phreedom.org/software/onesixtyone/
|-
| mitmproxy
| An interactive SSL-capable intercepting HTTP proxy
| http://www.mitmproxy.org/
|-
| hexinject
| A very versatile packet injector and sniffer
| http://hexinject.sourceforge.net/
|-
| [[Setting up OpenVAS9|openvas]]
| Vulnerability scanner and manager
| http://www.openvas.org/src-doc/openvas-manager/index.html
|}
|}




<!-- ToDo
<!-- ToDo
whatweb
A website fingerprinter
http://www.morningstarsecurity.com/research/whatweb
blindelephant
A web application fingerprinter
http://blindelephant.sourceforge.net/
dpkt
dpkt
python packet creation / parsing library  
python packet creation / parsing library  
Line 255: Line 336:
A minimalist approach to replay pcap dumped TCP sessions with modification as required.  
A minimalist approach to replay pcap dumped TCP sessions with modification as required.  
http://code.google.com/p/wireplay/
http://code.google.com/p/wireplay/
|-
| voiphopper
| A VLAN Hop security test
| http://voiphopper.sourceforge.net/


|-
|-
| ike-scan
| ike-scan
| An IPsec VPN scanning, fingerprinting and testing tool
| An IPsec VPN scanning, fingerprinting, and testing tool
| http://www.nta-monitor.com/tools/ike-scan/
| http://www.nta-monitor.com/tools/ike-scan/


Line 285: Line 361:
* unicornscan http://www.unicornscan.org/
* unicornscan http://www.unicornscan.org/
* dsniff - Tools for network auditing and penetration testing  
* dsniff - Tools for network auditing and penetration testing  
* httpry
* httpry http://dumpsterventures.com/jason/httpry/
* justniffer
* justniffer
* dietsniff
* dietsniff
Line 293: Line 369:
* icmpshell A tool that only uses ICMP for connections http://icmpshell.sourceforge.net/
* icmpshell A tool that only uses ICMP for connections http://icmpshell.sourceforge.net/


http://code.google.com/p/yapscan/
egressor http://packetfactory.openwall.net/projects/egressor/
egressor http://packetfactory.openwall.net/projects/egressor/
arpoc http://www.phenoelit.org/arpoc/index.html
arpoc http://www.phenoelit.org/arpoc/index.html
loadbalancer-finder http://code.google.com/p/loadbalancer-finder/
loadbalancer-finder http://code.google.com/p/loadbalancer-finder/
-->
-->


Line 309: Line 387:
| HTTP testing tool and configuration-less HTTP server
| HTTP testing tool and configuration-less HTTP server
| http://www.hping.org/wbox/
| http://www.hping.org/wbox/
|-
| slowhttptest
| An application Layer DoS attack simulator
| http://code.google.com/p/slowhttptest
|-
| nikto
| A web application security scanner
| https://www.cirt.net/Nikto2
|}
|}


Line 318: Line 404:
|  
|  


wpscan http://code.google.com/p/wpscan/ A vulnerability scanner for WordPress installations  
wpscan http://wpscan.org/ A vulnerability scanner for WordPress installations  


http://www.rootkit.nl/projects/lynis.html
http://www.rootkit.nl/projects/lynis.html
Line 340: Line 426:
http://code.google.com/p/ghost-phisher/
http://code.google.com/p/ghost-phisher/
http://code.google.com/p/fern-wifi-cracker/
http://code.google.com/p/fern-wifi-cracker/
http://code.google.com/p/intrinsec-xmlrpc-scanner/
http://code.google.com/p/gsploit/
patator A multi-purpose brute-forcer, with a modular design and a flexible usage http://code.google.com/p/patator/
-->
-->


Line 349: Line 438:
! URL
! URL
|-
|-
| iptraf
| iperf
| Tool to measure IP bandwidth using UDP or TCP
| http://iperf.sourceforge.net/
|-
| iptraf-ng
| A console-based network monitoring utility  
| A console-based network monitoring utility  
| http://iptraf.seul.org/
| https://fedorahosted.org/iptraf-ng/
|-
|-
| iptop
| iptop
Line 364: Line 457:
| Full screen ncurses traceroute tool
| Full screen ncurses traceroute tool
| http://www.bitwizard.nl/mtr/
| http://www.bitwizard.nl/mtr/
|-
| speedometer
| Measure and display the rate of data across a network connection or data being stored in a file
| http://excess.org/speedometer/
|-
| nfdump
| The nfdump tools collect and process netflow data on the command line
| http://nfdump.sourceforge.net/
|-
| nethogs
| Top-like monitor for network traffic
| http://raboof.github.io/nethogs/
|-
| iptstate
| Top-like interface to netfilter connection-tracking table
| http://www.phildev.net/iptstate/
|}
|}


Line 380: Line 489:
! Description
! Description
! URL
! URL
|-
| bash-completion
| Command-line tab-completion for bash
| http://bash-completion.alioth.debian.org/
|-
|-
| clamav
| clamav
Line 392: Line 505:
| A simple ncurses text editor
| A simple ncurses text editor
| http://www.nano-editor.org/
| http://www.nano-editor.org/
|-
| ethtool
| ...
| ...
|-
|-
| rsync
| rsync
Line 402: Line 511:
|-
|-
| screen
| screen
| A window manager that multiplexes a physical terminal
| A terminal multiplexer, used to multiplex several virtual consoles. Similar to "tmux" below
| http://www.gnu.org/software/screen/
| http://www.gnu.org/software/screen/
|-
| tmux
| A terminal multiplexer, used to multiplex several virtual consoles. Similar to "screen" above
| https://tmux.github.io/
|-
|-
| multitail
| multitail
Line 432: Line 545:
| Log monitor that blocks with iptables on bad behaviour
| Log monitor that blocks with iptables on bad behaviour
| http://www.sshguard.net/download/
| http://www.sshguard.net/download/
|-
| proxychains
| A tool that forces any TCP connection through proxies
| http://proxychains.sourceforge.net
|-
| knock
| A simple port-knocking daemon
| http://www.zeroflux.org/projects/knock
|-
| logcheck
| A simple utility which is designed to allow a system administrator to view the logfiles
| http://www.logcheck.org
|-
| mc
| A visual file manager
| https://www.midnight-commander.org/
|-
| makepasswd
| Generates (pseudo-)random passwords of a desired length
| http://people.defora.org/~khorben/projects/makepasswd/
|-
| lnav
| A curses-based tool for viewing and analyzing log files
| http://lnav.org
|-
| goaccess
| A real-time web log analyzer and interactive viewer
| http://goaccess.prosoftcorp.com/
|}
|}


Line 438: Line 579:
| An utility for viewing/manipulating the MAC address of network interfaces
| An utility for viewing/manipulating the MAC address of network interfaces
| http://www.alobbs.com/macchanger
| http://www.alobbs.com/macchanger
| proxychains
| A tool that forces any TCP connection through proxies
| http://proxychains.sourceforge.net


| denyhosts  
| denyhosts  
Line 455: Line 591:
bonesi http://code.google.com/p/bonesi/
bonesi http://code.google.com/p/bonesi/
-->
-->
<!--
 
== VoIP==
== VoIP==


Line 464: Line 600:
! URL
! URL
|-
|-
|  
| sipp
|  
| A test tool / traffic generator for the SIP protocol
|  
| http://sipp.sourceforge.net/
|-
| voiphopper
| A VLAN Hop security test
| http://voiphopper.sourceforge.net/
|-
| sipvicious
| Tools for auditing SIP based VoIP systems
| http://code.google.com/p/sipvicious/
|-
| sipcrack
| A SIP protocol login cracker
| http://packages.debian.org/lenny/sipcrack
|-
|-
|  
| sipsak
|
| SIP swiss army knife
|  
| http://sipsak.org/
|-
|-
|  
| smap
|  
| A simple scanner for SIP enabled devices
|  
| http://www.wormulon.net/smap
|}
|}
<!--
|-
| oreka
| An audio stream recording and retrieval system
| http://oreka.sourceforge.net/
|-
| sipflanker
| Finder for vulnerable Web GUIs deployed by IP phones and PBXs
| http://code.google.com/p/sipflanker/
ucsniff A VoIP and IP video security assessment tool http://ucsniff.sourceforge.net/
videosharf
-->
-->


Line 497: Line 658:
| Attacking WPA/WPA2-PSK exchanges
| Attacking WPA/WPA2-PSK exchanges
| http://www.willhackforsushi.com/Cowpatty.html
| http://www.willhackforsushi.com/Cowpatty.html
|-
| wavemon
| Ncurses-based monitoring application for wireless network devices
| http://eden-feed.erg.abdn.ac.uk/wavemon/
|}
|}




<!-- Todo
<!-- Todo
|-
| wavemon
| 0
| An ncurses-based monitoring application for wireless network devices.
| http://eden-feed.erg.abdn.ac.uk/wavemon/
|-
|-
| aircrack-ng
| aircrack-ng
Line 515: Line 674:
* airsnarf A rogue AP setup utility http://airsnarf.shmoo.com/
* airsnarf A rogue AP setup utility http://airsnarf.shmoo.com/
* lorcon http://802.11ninja.net/lorcon/ A library for injecting 802.11 (WLAN) frames
* lorcon http://802.11ninja.net/lorcon/ A library for injecting 802.11 (WLAN) frames
 
quickset A suite of tools designed to setup the basics for a PenTest http://code.google.com/p/quickset/
wifite An automated wireless auditor http://code.google.com/p/wifite/  
wifite An automated wireless auditor http://code.google.com/p/wifite/  
reaver Brute force attack against Wifi Protected Setup http://code.google.com/p/reaver-wps/
-->
-->


Line 537: Line 697:


<!--
<!--
* aide - Intrusion detection environment
aide| Intrusion detection environment
* chkrootkit - Tool to locally check for signs of a rootkit
chkrootkit| Tool to locally check for signs of a rootkit
* honeyd - Honeypot daemon
honeyd| Honeypot daemon
* labrea - Tarpit (slow to a crawl) worms and port scanners
labrea| Tarpit (slow to a crawl) worms and port scanners
* pads - Passive Asset Detection System
pads| Passive Asset Detection System
* rkhunter - A host-based tool to scan for rootkits, backdoors and local exploits
rkhunter| A host-based tool to scan for rootkits, backdoors and local exploits
* tiger Security auditing on UNIX systems http://www.nongnu.org/tiger/
tiger| Security auditing on UNIX systems| http://www.nongnu.org/tiger/
* prelude-lml - The prelude log analyzer
prelude-lml| The prelude log analyzer
* prewikka - Graphical front-end analysis console for the Prelude Hybrid IDS * Framework
prewikka| Graphical front-end analysis console for the Prelude Hybrid IDS * Framework
* prelude-manager - Prelude-Manager
prelude-manager| Prelude-Manager
nemesis|A TCP/IP packet injection tool| http://nemesis.sourceforge.net/
inundator| An IDS detection false positives generator| http://inundator.sourceforge.net/
-->
-->
<!--
More tools:
http://sectools.org/tag/new/
http://www.voipsa.org/Resources/tools.php
http://securitytube-tools.net/index.php?title=Welcome_to_SecurityTube_Tools
http://www.goitworld.com/top-15-free-sql-injection-scanners/
-->


[[Category:ISO]]
[[Category:ISO]]

Revision as of 19:29, 2 December 2017

Note: This is work in progress. Not all packages are available at the moment.

Basics

Name Description URL
alpine-base Alpine base package http://alpinelinux.org
alpine-mirrors List of Alpine Linux Mirrors http://alpinelinux.org/
bkeymaps Binary keymaps for busybox http://dev.alpinelinux.org/alpine/bkeymaps
network-extras Meta package to pull in vlan, bonding, bridge and wifi support http://alpinelinux.org
openssl Toolkit for SSL v2/v3 and TLS v1 http://openssl.org
tzdata Timezone data http://www.twinsun.com/tz/tz-link.htm

Code Analysis

Name Description URL
rpmlint A tool for checking common errors in RPM packages http://rpmlint.zarb.org
pylint Analyzes Python code looking for bugs and signs of poor quality http://pypi.python.org/pypi/pylint
flawfinder Examines C/C++ source code for security flaws http://www.dwheeler.com/flawfinder/
rats A tool to find security related programming errors https://www.fortify.com/ssa-elements/threat-intelligence/rats.html
pychecker A analyser for python source code http://pychecker.sourceforge.net/
pyflakes A passive checker of Python programs https://launchpad.net/pyflakes
strace A useful diagnositic, instructional, and debugging tool http://sourceforge.net/projects/strace/
netsink A Network Sinkhole for Isolated Malware Analysis https://github.com/shendo/netsink


Forensics / Data recovery tools

Name Description URL
dc3dd Patched version of GNU dd for use in computer forensics http://dc3dd.sourceforge.net/
ddrescue Data recovery tool for block devices with errors http://www.gnu.org/s/ddrescue/ddrescue.html
testdisk A powerful free data recovery software http://www.cgsecurity.org/wiki/TestDisk
scrub Disk scrubbing program http://code.google.com/p/diskscrub/
ncdu A curses-based version of the well-known "du" http://dev.yorhel.nl/ncdu
htop An interactive process viewer for Linux http://htop.sourceforge.net/
mac-robber A tool that collects data from allocated files in a mounted file system http://www.sleuthkit.org/mac-robber/desc.php
wipe Tool for securely erasing files from magnetic media http://lambda-diode.com/software/wipe/
nwipe Securely erase disks using a variety of recognized methods http://nwipe.sourceforge.net
jhead An Exif jpeg header manipulation tool http://www.sentex.net/~mwandel/jhead/


Reconnaissance

Name Description URL
arpalert Monitor ARP changes in ethernet networks http://www.arpalert.org
arpon ARP handler inspection http://arpon.sourceforge.net/
dnsenum A tool to enumerate DNS info about domains http://code.google.com/p/dnsenum/
halberd A tool to discover HTTP load balancers http://halberd.superadditive.com/
scanssh Fast SSH server and open proxy scanner http://monkey.org/~provos/scanssh/
ngrep Network layer grep tool http://ngrep.sourceforge.net/
netsniff-ng A performant Linux network analyzer and networking toolkit http://netsniff-ng.org/
scapy Interactive packet manipulation tool and network scanner http://www.secdev.org/projects/scapy/
socat Bidirectional data relay between two data channels ('netcat++') http://www.dest-unreach.org/socat/
tcpdump A network traffic monitoring tool http://www.tcpdump.org/
tcptrack Displays information about tcp connections on a network interface http://www.rhythm.cx/~steve/devel/tcptrack/
tcpflow A tool for monitoring, capturing and storing TCP connections flows http://www.circlemud.org/~jelson/software/tcpflow/
tcpproxy Transparent TCP Proxy http://www.quietsche-entchen.de/cgi-bin/wiki.cgi/proxies/TcpProxy
etherdump An extremely small packet sniffer http://freshmeat.net/projects/etherdump/
netdiscover A network address discovering tool http://sourceforge.net/projects/netdiscover/
nmap A network exploration tool and security/port scanner http://nmap.org
arpwatch An ethernet monitoring program http://www-nrg.ee.lbl.gov/
nfswatch An NFS traffic monitoring tool http://nfswatch.sourceforge.net/
p0f Passive traffic fingerprinting tool http://lcamtuf.coredump.cx/p0f3/
hping3 A ping-like TCP/IP packet assembler/analyzer http://www.hping.org
sslscan Security assessment tool for SSL http://sourceforge.net/projects/sslscan/
httpry A packet sniffer designed for HTTP traffic http://dumpsterventures.com/jason/httpry
bannergrab A banner grabbing tool http://sourceforge.net/projects/bannergrab
dnstop A DNS traffic capture utility http://dns.measurement-factory.com/tools/dnstop/
flunym0us A vulnerability scanner for wordpress and moodle http://code.google.com/p/flunym0us/
swaks A transaction-oriented SMTP test tool http://www.jetmore.org/john/code/swaks/
onesixtyone An efficient SNMP scanner http://www.phreedom.org/software/onesixtyone/
mitmproxy An interactive SSL-capable intercepting HTTP proxy http://www.mitmproxy.org/
hexinject A very versatile packet injector and sniffer http://hexinject.sourceforge.net/
openvas Vulnerability scanner and manager http://www.openvas.org/src-doc/openvas-manager/index.html


Application Testing

Name Description URL
wbox HTTP testing tool and configuration-less HTTP server http://www.hping.org/wbox/
slowhttptest An application Layer DoS attack simulator http://code.google.com/p/slowhttptest
nikto A web application security scanner https://www.cirt.net/Nikto2


Network statistics

Name Description URL
iperf Tool to measure IP bandwidth using UDP or TCP http://iperf.sourceforge.net/
iptraf-ng A console-based network monitoring utility https://fedorahosted.org/iptraf-ng/
iptop Command line tool that displays bandwidth usage on an interface http://www.ex-parrot.com/~pdw/iftop/
fping A utility to ping multiple hosts at once http://fping.sourceforge.net/
mtr Full screen ncurses traceroute tool http://www.bitwizard.nl/mtr/
speedometer Measure and display the rate of data across a network connection or data being stored in a file http://excess.org/speedometer/
nfdump The nfdump tools collect and process netflow data on the command line http://nfdump.sourceforge.net/
nethogs Top-like monitor for network traffic http://raboof.github.io/nethogs/
iptstate Top-like interface to netfilter connection-tracking table http://www.phildev.net/iptstate/


Misc tools

Name Description URL
bash-completion Command-line tab-completion for bash http://bash-completion.alioth.debian.org/
clamav An anti-virus toolkit for UNIX http://www.clamav.net
p7zip A command-line port of the 7zip compression utility http://p7zip.sourceforge.net/
nano A simple ncurses text editor http://www.nano-editor.org/
rsync A file transfer program to keep remote files in sync http://rsync.samba.org/
screen A terminal multiplexer, used to multiplex several virtual consoles. Similar to "tmux" below http://www.gnu.org/software/screen/
tmux A terminal multiplexer, used to multiplex several virtual consoles. Similar to "screen" above https://tmux.github.io/
multitail A tool to view one or multiple files http://www.vanheusden.com/multitail
shed A simple hex editor http://shed.sourceforge.net/
e2fsprogs Standard Ext2/3/4 filesystem utilities http://e2fsprogs.sourceforge.net/
openssh An open source implementation of SSH protocol versions 1 and 2 http://www.openssh.org/
passwdgen A random password generator http://code.google.com/p/passwdgen/
partclone Back up and restore used-blocks of a partition http://partclone.org
sshguard Log monitor that blocks with iptables on bad behaviour http://www.sshguard.net/download/
proxychains A tool that forces any TCP connection through proxies http://proxychains.sourceforge.net
knock A simple port-knocking daemon http://www.zeroflux.org/projects/knock
logcheck A simple utility which is designed to allow a system administrator to view the logfiles http://www.logcheck.org
mc A visual file manager https://www.midnight-commander.org/
makepasswd Generates (pseudo-)random passwords of a desired length http://people.defora.org/~khorben/projects/makepasswd/
lnav A curses-based tool for viewing and analyzing log files http://lnav.org
goaccess A real-time web log analyzer and interactive viewer http://goaccess.prosoftcorp.com/


VoIP

Name Description URL
sipp A test tool / traffic generator for the SIP protocol http://sipp.sourceforge.net/
voiphopper A VLAN Hop security test http://voiphopper.sourceforge.net/
sipvicious Tools for auditing SIP based VoIP systems http://code.google.com/p/sipvicious/
sipcrack A SIP protocol login cracker http://packages.debian.org/lenny/sipcrack
sipsak SIP swiss army knife http://sipsak.org/
smap A simple scanner for SIP enabled devices http://www.wormulon.net/smap


Wireless

Name Description URL
weplab Analyzing WEP encryption security on wireless networks http://weplab.sourceforge.net/
kismet A WLAN detector, sniffer, and IDS http://www.kismetwireless.org/
cowpatty Attacking WPA/WPA2-PSK exchanges http://www.willhackforsushi.com/Cowpatty.html
wavemon Ncurses-based monitoring application for wireless network devices http://eden-feed.erg.abdn.ac.uk/wavemon/


Intrusion detection

Name Description URL
nebula An Intrusion Signature Generator http://nebula.carnivore.it/
snort A network intrusion prevention and detection system http://www.snort.org/