Alpine security: Difference between revisions

From Alpine Linux
m (intro)
m (→‎Network statistics: Update nethogs URL)
(38 intermediate revisions by 4 users not shown)
Line 1: Line 1:
{{Note|This is work in progress. Not all packages are available at the moment.}}
{{Note|This is work in progress. Not all packages are available at the moment.}}
Alpine Security provides a toolset to work on security auditing, forensics, system rescue, and teaching security testing methodologies. The tool list contains packages for code analysis, forensics and data recovery, reconnaissance, network statistics, VoIP, wireless lan, and IDS.
The target is not to start a competition with the [https://fedorahosted.org/security-spin/ Fedora Security Lab] or [http://www.backtrack-linux.org/ Backtrack]. But rather make it easy to use the particular tools with Alpine Linux in a small, non GUI, and busybox-based system.
With the simple python-based <tt>[http://git.alpinelinux.org/cgit/fab/alpine-iso/tree/config-builder.py config-builder]</tt> script this page can be transformed into a plaintext file for the usage with <tt>alpine-iso</tt>.


== Basics ==
== Basics ==
Line 76: Line 69:
| A useful diagnositic, instructional, and debugging tool
| A useful diagnositic, instructional, and debugging tool
| http://sourceforge.net/projects/strace/
| http://sourceforge.net/projects/strace/
|-
| netsink
| A Network Sinkhole for Isolated Malware Analysis
| https://github.com/shendo/netsink
|}
|}


Line 260: Line 257:
| A network address discovering tool
| A network address discovering tool
| http://sourceforge.net/projects/netdiscover/
| http://sourceforge.net/projects/netdiscover/
|-
| nmap
| A network exploration tool and security/port scanner
| http://nmap.org
|-
|-
| arpwatch
| arpwatch
Line 272: Line 273:
| Passive traffic fingerprinting tool
| Passive traffic fingerprinting tool
| http://lcamtuf.coredump.cx/p0f3/
| http://lcamtuf.coredump.cx/p0f3/
|-
| hping3
| A ping-like TCP/IP packet assembler/analyzer
| http://www.hping.org
|-
| sslscan
| Security assessment tool for SSL
| http://sourceforge.net/projects/sslscan/
|-
| httpry
| A packet sniffer designed for HTTP traffic
| http://dumpsterventures.com/jason/httpry
|-
| bannergrab
| A banner grabbing tool
| http://sourceforge.net/projects/bannergrab
|-
| dnstop
| A DNS traffic capture utility
| http://dns.measurement-factory.com/tools/dnstop/
|-
| flunym0us
| A vulnerability scanner for wordpress and moodle
| http://code.google.com/p/flunym0us/
|-
| swaks
| A transaction-oriented SMTP test tool
| http://www.jetmore.org/john/code/swaks/
|-
| onesixtyone
| An efficient SNMP scanner
| http://www.phreedom.org/software/onesixtyone/
|-
| mitmproxy
| An interactive SSL-capable intercepting HTTP proxy
| http://www.mitmproxy.org/
|-
| hexinject
| A very versatile packet injector and sniffer
| http://hexinject.sourceforge.net/
|-
| [[Setting up OpenVAS9|openvas]]
| Vulnerability scanner and manager
| http://www.openvas.org/src-doc/openvas-manager/index.html
|}
|}




<!-- ToDo
<!-- ToDo
whatweb
A website fingerprinter
http://www.morningstarsecurity.com/research/whatweb
blindelephant
A web application fingerprinter
http://blindelephant.sourceforge.net/
dpkt
dpkt
python packet creation / parsing library  
python packet creation / parsing library  
Line 286: Line 339:
|-
|-
| ike-scan
| ike-scan
| An IPsec VPN scanning, fingerprinting and testing tool
| An IPsec VPN scanning, fingerprinting, and testing tool
| http://www.nta-monitor.com/tools/ike-scan/
| http://www.nta-monitor.com/tools/ike-scan/


Line 308: Line 361:
* unicornscan http://www.unicornscan.org/
* unicornscan http://www.unicornscan.org/
* dsniff - Tools for network auditing and penetration testing  
* dsniff - Tools for network auditing and penetration testing  
* httpry
* httpry http://dumpsterventures.com/jason/httpry/
* justniffer
* justniffer
* dietsniff
* dietsniff
Line 320: Line 373:
arpoc http://www.phenoelit.org/arpoc/index.html
arpoc http://www.phenoelit.org/arpoc/index.html
loadbalancer-finder http://code.google.com/p/loadbalancer-finder/
loadbalancer-finder http://code.google.com/p/loadbalancer-finder/
-->
-->


Line 333: Line 387:
| HTTP testing tool and configuration-less HTTP server
| HTTP testing tool and configuration-less HTTP server
| http://www.hping.org/wbox/
| http://www.hping.org/wbox/
|-
| slowhttptest
| An application Layer DoS attack simulator
| http://code.google.com/p/slowhttptest
|-
| nikto
| A web application security scanner
| https://www.cirt.net/Nikto2
|}
|}


Line 342: Line 404:
|  
|  


wpscan http://code.google.com/p/wpscan/ A vulnerability scanner for WordPress installations  
wpscan http://wpscan.org/ A vulnerability scanner for WordPress installations  


http://www.rootkit.nl/projects/lynis.html
http://www.rootkit.nl/projects/lynis.html
Line 380: Line 442:
| http://iperf.sourceforge.net/
| http://iperf.sourceforge.net/
|-
|-
| iptraf
| iptraf-ng
| A console-based network monitoring utility  
| A console-based network monitoring utility  
| http://iptraf.seul.org/
| https://fedorahosted.org/iptraf-ng/
|-
|-
| iptop
| iptop
Line 403: Line 465:
| The nfdump tools collect and process netflow data on the command line
| The nfdump tools collect and process netflow data on the command line
| http://nfdump.sourceforge.net/
| http://nfdump.sourceforge.net/
|-
| nethogs
| Top-like monitor for network traffic
| http://raboof.github.io/nethogs/
|-
| iptstate
| Top-like interface to netfilter connection-tracking table
| http://www.phildev.net/iptstate/
|}
|}


Line 441: Line 511:
|-
|-
| screen
| screen
| A window manager that multiplexes a physical terminal
| A terminal multiplexer, used to multiplex several virtual consoles. Similar to "tmux" below
| http://www.gnu.org/software/screen/
| http://www.gnu.org/software/screen/
|-
| tmux
| A terminal multiplexer, used to multiplex several virtual consoles. Similar to "screen" above
| https://tmux.github.io/
|-
|-
| multitail
| multitail
Line 479: Line 553:
| A simple port-knocking daemon
| A simple port-knocking daemon
| http://www.zeroflux.org/projects/knock
| http://www.zeroflux.org/projects/knock
|-
| logcheck
| A simple utility which is designed to allow a system administrator to view the logfiles
| http://www.logcheck.org
|-
| mc
| A visual file manager
| https://www.midnight-commander.org/
|-
| makepasswd
| Generates (pseudo-)random passwords of a desired length
| http://people.defora.org/~khorben/projects/makepasswd/
|-
| lnav
| A curses-based tool for viewing and analyzing log files
| http://lnav.org
|-
| goaccess
| A real-time web log analyzer and interactive viewer
| http://goaccess.prosoftcorp.com/
|}
|}


Line 485: Line 579:
| An utility for viewing/manipulating the MAC address of network interfaces
| An utility for viewing/manipulating the MAC address of network interfaces
| http://www.alobbs.com/macchanger
| http://www.alobbs.com/macchanger
| proxychains
| A tool that forces any TCP connection through proxies
| http://proxychains.sourceforge.net


| denyhosts  
| denyhosts  
Line 537: Line 626:


<!--
<!--
|-
| oreka
| An audio stream recording and retrieval system
| http://oreka.sourceforge.net/
|-
| sipflanker
| Finder for vulnerable Web GUIs deployed by IP phones and PBXs
| http://code.google.com/p/sipflanker/


ucsniff A VoIP and IP video security assessment tool http://ucsniff.sourceforge.net/
ucsniff A VoIP and IP video security assessment tool http://ucsniff.sourceforge.net/
Line 561: Line 658:
| Attacking WPA/WPA2-PSK exchanges
| Attacking WPA/WPA2-PSK exchanges
| http://www.willhackforsushi.com/Cowpatty.html
| http://www.willhackforsushi.com/Cowpatty.html
|-
| wavemon
| Ncurses-based monitoring application for wireless network devices
| http://eden-feed.erg.abdn.ac.uk/wavemon/
|}
|}




<!-- Todo
<!-- Todo
|-
| wavemon
| 0
| An ncurses-based monitoring application for wireless network devices.
| http://eden-feed.erg.abdn.ac.uk/wavemon/
|-
|-
| aircrack-ng
| aircrack-ng
Line 581: Line 676:
quickset A suite of tools designed to setup the basics for a PenTest http://code.google.com/p/quickset/
quickset A suite of tools designed to setup the basics for a PenTest http://code.google.com/p/quickset/
wifite An automated wireless auditor http://code.google.com/p/wifite/  
wifite An automated wireless auditor http://code.google.com/p/wifite/  
reaver Brute force attack against Wifi Protected Setup http://code.google.com/p/reaver-wps/
-->
-->


Line 615: Line 711:
-->
-->


<!-- More tools: http://sectools.org/tag/new/ -->
<!--
More tools:
http://sectools.org/tag/new/
http://www.voipsa.org/Resources/tools.php
http://securitytube-tools.net/index.php?title=Welcome_to_SecurityTube_Tools
http://www.goitworld.com/top-15-free-sql-injection-scanners/
-->


[[Category:ISO]]
[[Category:ISO]]

Revision as of 19:29, 2 December 2017

Note: This is work in progress. Not all packages are available at the moment.

Basics

Name Description URL
alpine-base Alpine base package http://alpinelinux.org
alpine-mirrors List of Alpine Linux Mirrors http://alpinelinux.org/
bkeymaps Binary keymaps for busybox http://dev.alpinelinux.org/alpine/bkeymaps
network-extras Meta package to pull in vlan, bonding, bridge and wifi support http://alpinelinux.org
openssl Toolkit for SSL v2/v3 and TLS v1 http://openssl.org
tzdata Timezone data http://www.twinsun.com/tz/tz-link.htm

Code Analysis

Name Description URL
rpmlint A tool for checking common errors in RPM packages http://rpmlint.zarb.org
pylint Analyzes Python code looking for bugs and signs of poor quality http://pypi.python.org/pypi/pylint
flawfinder Examines C/C++ source code for security flaws http://www.dwheeler.com/flawfinder/
rats A tool to find security related programming errors https://www.fortify.com/ssa-elements/threat-intelligence/rats.html
pychecker A analyser for python source code http://pychecker.sourceforge.net/
pyflakes A passive checker of Python programs https://launchpad.net/pyflakes
strace A useful diagnositic, instructional, and debugging tool http://sourceforge.net/projects/strace/
netsink A Network Sinkhole for Isolated Malware Analysis https://github.com/shendo/netsink


Forensics / Data recovery tools

Name Description URL
dc3dd Patched version of GNU dd for use in computer forensics http://dc3dd.sourceforge.net/
ddrescue Data recovery tool for block devices with errors http://www.gnu.org/s/ddrescue/ddrescue.html
testdisk A powerful free data recovery software http://www.cgsecurity.org/wiki/TestDisk
scrub Disk scrubbing program http://code.google.com/p/diskscrub/
ncdu A curses-based version of the well-known "du" http://dev.yorhel.nl/ncdu
htop An interactive process viewer for Linux http://htop.sourceforge.net/
mac-robber A tool that collects data from allocated files in a mounted file system http://www.sleuthkit.org/mac-robber/desc.php
wipe Tool for securely erasing files from magnetic media http://lambda-diode.com/software/wipe/
nwipe Securely erase disks using a variety of recognized methods http://nwipe.sourceforge.net
jhead An Exif jpeg header manipulation tool http://www.sentex.net/~mwandel/jhead/


Reconnaissance

Name Description URL
arpalert Monitor ARP changes in ethernet networks http://www.arpalert.org
arpon ARP handler inspection http://arpon.sourceforge.net/
dnsenum A tool to enumerate DNS info about domains http://code.google.com/p/dnsenum/
halberd A tool to discover HTTP load balancers http://halberd.superadditive.com/
scanssh Fast SSH server and open proxy scanner http://monkey.org/~provos/scanssh/
ngrep Network layer grep tool http://ngrep.sourceforge.net/
netsniff-ng A performant Linux network analyzer and networking toolkit http://netsniff-ng.org/
scapy Interactive packet manipulation tool and network scanner http://www.secdev.org/projects/scapy/
socat Bidirectional data relay between two data channels ('netcat++') http://www.dest-unreach.org/socat/
tcpdump A network traffic monitoring tool http://www.tcpdump.org/
tcptrack Displays information about tcp connections on a network interface http://www.rhythm.cx/~steve/devel/tcptrack/
tcpflow A tool for monitoring, capturing and storing TCP connections flows http://www.circlemud.org/~jelson/software/tcpflow/
tcpproxy Transparent TCP Proxy http://www.quietsche-entchen.de/cgi-bin/wiki.cgi/proxies/TcpProxy
etherdump An extremely small packet sniffer http://freshmeat.net/projects/etherdump/
netdiscover A network address discovering tool http://sourceforge.net/projects/netdiscover/
nmap A network exploration tool and security/port scanner http://nmap.org
arpwatch An ethernet monitoring program http://www-nrg.ee.lbl.gov/
nfswatch An NFS traffic monitoring tool http://nfswatch.sourceforge.net/
p0f Passive traffic fingerprinting tool http://lcamtuf.coredump.cx/p0f3/
hping3 A ping-like TCP/IP packet assembler/analyzer http://www.hping.org
sslscan Security assessment tool for SSL http://sourceforge.net/projects/sslscan/
httpry A packet sniffer designed for HTTP traffic http://dumpsterventures.com/jason/httpry
bannergrab A banner grabbing tool http://sourceforge.net/projects/bannergrab
dnstop A DNS traffic capture utility http://dns.measurement-factory.com/tools/dnstop/
flunym0us A vulnerability scanner for wordpress and moodle http://code.google.com/p/flunym0us/
swaks A transaction-oriented SMTP test tool http://www.jetmore.org/john/code/swaks/
onesixtyone An efficient SNMP scanner http://www.phreedom.org/software/onesixtyone/
mitmproxy An interactive SSL-capable intercepting HTTP proxy http://www.mitmproxy.org/
hexinject A very versatile packet injector and sniffer http://hexinject.sourceforge.net/
openvas Vulnerability scanner and manager http://www.openvas.org/src-doc/openvas-manager/index.html


Application Testing

Name Description URL
wbox HTTP testing tool and configuration-less HTTP server http://www.hping.org/wbox/
slowhttptest An application Layer DoS attack simulator http://code.google.com/p/slowhttptest
nikto A web application security scanner https://www.cirt.net/Nikto2


Network statistics

Name Description URL
iperf Tool to measure IP bandwidth using UDP or TCP http://iperf.sourceforge.net/
iptraf-ng A console-based network monitoring utility https://fedorahosted.org/iptraf-ng/
iptop Command line tool that displays bandwidth usage on an interface http://www.ex-parrot.com/~pdw/iftop/
fping A utility to ping multiple hosts at once http://fping.sourceforge.net/
mtr Full screen ncurses traceroute tool http://www.bitwizard.nl/mtr/
speedometer Measure and display the rate of data across a network connection or data being stored in a file http://excess.org/speedometer/
nfdump The nfdump tools collect and process netflow data on the command line http://nfdump.sourceforge.net/
nethogs Top-like monitor for network traffic http://raboof.github.io/nethogs/
iptstate Top-like interface to netfilter connection-tracking table http://www.phildev.net/iptstate/


Misc tools

Name Description URL
bash-completion Command-line tab-completion for bash http://bash-completion.alioth.debian.org/
clamav An anti-virus toolkit for UNIX http://www.clamav.net
p7zip A command-line port of the 7zip compression utility http://p7zip.sourceforge.net/
nano A simple ncurses text editor http://www.nano-editor.org/
rsync A file transfer program to keep remote files in sync http://rsync.samba.org/
screen A terminal multiplexer, used to multiplex several virtual consoles. Similar to "tmux" below http://www.gnu.org/software/screen/
tmux A terminal multiplexer, used to multiplex several virtual consoles. Similar to "screen" above https://tmux.github.io/
multitail A tool to view one or multiple files http://www.vanheusden.com/multitail
shed A simple hex editor http://shed.sourceforge.net/
e2fsprogs Standard Ext2/3/4 filesystem utilities http://e2fsprogs.sourceforge.net/
openssh An open source implementation of SSH protocol versions 1 and 2 http://www.openssh.org/
passwdgen A random password generator http://code.google.com/p/passwdgen/
partclone Back up and restore used-blocks of a partition http://partclone.org
sshguard Log monitor that blocks with iptables on bad behaviour http://www.sshguard.net/download/
proxychains A tool that forces any TCP connection through proxies http://proxychains.sourceforge.net
knock A simple port-knocking daemon http://www.zeroflux.org/projects/knock
logcheck A simple utility which is designed to allow a system administrator to view the logfiles http://www.logcheck.org
mc A visual file manager https://www.midnight-commander.org/
makepasswd Generates (pseudo-)random passwords of a desired length http://people.defora.org/~khorben/projects/makepasswd/
lnav A curses-based tool for viewing and analyzing log files http://lnav.org
goaccess A real-time web log analyzer and interactive viewer http://goaccess.prosoftcorp.com/


VoIP

Name Description URL
sipp A test tool / traffic generator for the SIP protocol http://sipp.sourceforge.net/
voiphopper A VLAN Hop security test http://voiphopper.sourceforge.net/
sipvicious Tools for auditing SIP based VoIP systems http://code.google.com/p/sipvicious/
sipcrack A SIP protocol login cracker http://packages.debian.org/lenny/sipcrack
sipsak SIP swiss army knife http://sipsak.org/
smap A simple scanner for SIP enabled devices http://www.wormulon.net/smap


Wireless

Name Description URL
weplab Analyzing WEP encryption security on wireless networks http://weplab.sourceforge.net/
kismet A WLAN detector, sniffer, and IDS http://www.kismetwireless.org/
cowpatty Attacking WPA/WPA2-PSK exchanges http://www.willhackforsushi.com/Cowpatty.html
wavemon Ncurses-based monitoring application for wireless network devices http://eden-feed.erg.abdn.ac.uk/wavemon/


Intrusion detection

Name Description URL
nebula An Intrusion Signature Generator http://nebula.carnivore.it/
snort A network intrusion prevention and detection system http://www.snort.org/