ATTACK, PENETRATION, VULNERBILITY, IDS, IPS

NUMEROUS WEB LINKS, INFORMATION, TOOLS RELATED TO DENIAL OF SERVICE

http://staff.washington.edu/dittrich/misc/ddos/

DATAPOOL

http://packetstormsecurity.org/DoS/datapool3.3.tar.gz

DATAPOOL V3.3 COMBINES 106 DOS ATTACKS INTO ONE SCRIPT. THIS VERSION ACTUALLY LEARNS BY KEEPING A DATABASE OF WHICH ATTACKS ARE SUCCESSFUL AGAINST EACH HOST, SO THE NEXT TIME IT USES THE MOST SUCCESSFUL ATTACK FIRST. FEATURES LOGGING, PORT RANCE SPECIFICATION, CONTINUOUS ATTACK OPTION, MULTIPLE IP ADDRESSES, AND LOOPING ATTACK OF MULTIPLE IPS. INCLUDES SOURCES OF ALMOST ALL ATTACKS USED, MANY OF WHICH ARE EDITED FOR SPEED AND GREATER EFFECT.

DSNIFF

http://naughty.monkey.org/~dugsong/dsniff/

DSNIFF IS A COLLECTION OF TOOLS FOR NETWORK AUDITING AND PENETRATION TESTING. DSNIFF, FILESNARF, MAILSNARF, MSGSNARF, URLSNARF, AND WEBSPY PASSIVELY MONITOR A NETWORK FOR INTERESTING DATA (PASSWORDS, E-MAIL, FILES, ETC.). ARPSPOOF, DNSSPOOF, AND MACOF FACILITATE THE INTERCEPTION OF NETWORK TRAFFIC NORMALLY UNAVAILABLE TO AN ATTACKER (E.G, DUE TO LAYER-2 SWITCHING). SSHMITM AND WEBMITM IMPLEMENT ACTIVE MONKEY-IN-THE-MIDDLE ATTACKS AGAINST REDIRECTED SSH AND HTTPS SESSIONS BY EXPLOITING WEAK BINDINGS IN AD-HOC PKI.

OSIRIS

http://osiris.shmoo.com/

OSIRIS IS A HOST INTEGRITY MONITORING SYSTEM THAT PERIODICALLY MONITORS ONE OR MORE HOSTS FOR CHANGE. IT MAINTAINS DETAILED LOGS OF CHANGES TO THE FILE SYSTEM, USER AND GROUP LISTS, RESIDENT KERNEL MODULES, AND MORE. OSIRIS CAN BE CONFIGURED TO EMAIL THESE LOGS TO THE ADMINISTRATOR. HOSTS ARE PERIODICALLY SCANNED AND, IF DESIRED, THE RECORDS CAN BE MAINTAINED FOR FORENSIC PURPOSES. OSIRIS KEEPS AN ADMINISTRATOR APPRISED OF POSSIBLE ATTACKS AND/OR NASTY LITTLE TROJANS. THE PURPOSE HERE IS TO ISOLATE CHANGES THAT INDICATE A BREAK-IN OR A COMPROMISED SYSTEM. OSIRIS MAKES USE OF OPENSSL FOR ENCRYPTION AND AUTHENTICATION IN ALL COMPONENTS.

OSPF ATTACK SHELL PROGRAM

http://www.gomor.org/files/ospf-ash.pl

SNORT

http://www.snort.org/dl/

SNORT IS AN OPEN SOURCE NETWORK INTRUSION PREVENTION AND DETECTION SYSTEM UTILIZING A RULE-DRIVEN LANGUAGE, WHICH COMBINES THE BENEFITS OF SIGNATURE, PROTOCOL AND ANOMALY BASED INSPECTION METHODS. WITH MILLIONS OF DOWNLOADS TO DATE, SNORT IS THE MOST WIDELY DEPLOYED INTRUSION DETECTION AND PREVENTION TECHNOLOGY WORLDWIDE AND HAS BECOME THE DE FACTO STANDARD FOR THE INDUSTRY.

NOTE: THE BELOW TOOL WILL PROVE AS A VALUABLE COMPLIMENT TO SNORT.

http://sguil.sourceforge.net/

SGUIL (PRONOUNCED SGWEEL) IS BUILT BY NETWORK SECURITY ANALYSTS FOR NETWORK SECURITY ANALYSTS. SGUIL'S MAIN COMPONENT IS AN INTUITIVE GUI THAT PROVIDES REALTIME EVENTS FROM SNORT/BARNYARD. IT ALSO INCLUDES OTHER COMPONENTS WHICH FACILITATE THE PRACTICE OF NETWORK SECURITY MONITORING AND EVENT DRIVEN ANALYSIS OF IDS ALERTS. THE SGUIL CLIENT IS WRITTEN IN TCL/TK AND CAN BE RUN ON ANY OPERATING SYSTEM THAT SUPPORTS TCL/TK (INCLUDING LINUX, *BSD, SOLARIS, MACOS, AND WIN32).

PRELUDE

http://www.prelude-ids.org/

PRELUDE IS A HYBRID IDS FRAMEWORK, THAT IS, IT IS A PRODUCT THAT ENABLES ALL AVAILABLE SECURITY APPLICATION, BE IT OPEN SOURCE OR PROPRIETARY, TO REPORT TO A CENTRALIZED SYSTEM. IN ORDER TO ACHIEVE THIS TASK, PRELUDE RELIES ON THE IDMEF (INTRUSION DETECTION MESSAGE EXCHANGE FORMAT) IETF STANDARD, THAT ENABLES DIFFERENT KINDS OF SENSORS TO GENERATE EVENTS USING A UNIFIED LANGUAGE.

PRELUDE BENEFITS FROM ITS ABILITY TO FIND TRACES OF MALICIOUS ACTIVITY FROM DIFFERENT SENSORS (SNORT, HONEYD, NESSUS VULNERABILITY SCANNER, SAMHAIN, OVER 30 TYPES OF SYSTEMS LOGS, AND MANY OTHERS) IN ORDER TO BETTER VERIFY AN ATTACK AND IN THE END TO PERFORM AUTOMATIC CORRELATION BETWEEN THE VARIOUS EVENTS. PRELUDE IS COMMITTED TO PROVIDING A HYBRID IDS THAT OFFERS THE ABILITY TO UNIFY CURRENTLY AVAILABLE TOOLS INTO ONE, POWERFUL, AND DISTRIBUTED APPLICATION.

FIRESTORM

http://www.scaramanga.co.uk/firestorm/

FIRESTORM IS AN EXTREMELY HIGH PERFORMANCE NETWORK INTRUSION DETECTION SYSTEM (NIDS). AT THE MOMENT IT JUST A SENSOR BUT PLANS ARE TO INCLUDE REAL SUPPORT FOR ANALYSIS, REPORTING, REMOTE CONSOLE AND ON-THE-FLY SENSOR CONFIGURATION. IT IS FULLY PLUGGABLE AND HENCE EXTREMELY FLEXIBLE.

(OSSIM)

http://www.ossim.net/home.php

OSSIM STANDS FOR OPEN SOURCE SECURITY INFORMATION MANAGEMENT. ITS GOAL IS TO PROVIDE A COMPREHENSIVE COMPILATION OF TOOLS WHICH, WHEN WORKING TOGETHER, GRANT A NETWORK/SECURITY ADMINISTRATOR WITH DETAILED VIEW OVER EACH AND EVERY ASPECT OF HIS NETWORKS/HOSTS/PHYSICAL ACCESS DEVICES/SERVER/ETC… BESIDES GETTING THE BEST OUT OF WELL KNOWN OPEN SOURCE TOOLS, SOME OF WHICH ARE QUICKLY DESCRIBED BELOW THESE LINES, OSSIM PROVIDES A STRONG CORRELATION ENGINE, DETAILED LOW, MID AND HIGH LEVEL VISUALIZATION INTERFACES AS WELL AS REPORTING AND INCIDENT MANAGING TOOLS, WORKING ON A SET OF DEFINED ASSETS SUCH AS HOSTS, NETWORKS, GROUPS AND SERVICES.

ALL THIS INFORMATION CAN BE LIMITED BY NETWORK OR SENSOR IN ORDER TO PROVIDE JUST THE NEEDED INFORMATION TO SPECIFIC USERS ALLOWING FOR A FINE GRAINED MULTI-USER SECURITY ENVIRONMENT. ALSO, THE ABILITY TO ACT AS AN IPS (INTRUSION PREVENTION SYSTEM) BASED ON CORRELATED INFORMATION FROM VIRTUALLY ANY SOURCE RESULT IN A USEFUL ADDITION TO ANY SECURITY PROFESSIONAL.

COMPONENTS:

  • OSAMA FEATURES THE FOLLOWING SOFTWARE COMPONENTS:
  • WARPATH, USED FOR MAC ANOMALY DETECTION.
  • P0F, USED FOR PASSIVE OS DETECTION AND SO CHANGE ANALYSIS.
  • PADS, USED FOR SERVICE ANOMALY DETECTION.
  • NESSUS, USED FOR VULNERABILITY ASSESSMENT AND FOR CROSS CORRELATION (IDS VS. SECURITY SCANNER).
  • SNORT, THE IDS, ALSO USED FOR CROSS CORRELATION WITH NESSES.
  • SPADE, THE STATISTICAL PACKET ANOMALY DETECTION ENGINE. USED TO GAIN KNOWLEDGE ABOUT ATTACKS WITHOUT SIGNATURE.
  • TICKTACK, USED FOR SESSION DATA INFORMATION WHICH CAN GRANT USEFUL INFORMATION FOR ATTACK CORRELATION.
  • TOP, WHICH BUILDS AN IMPRESSIVE NETWORK INFORMATION DATABASE FROM WHICH WE CAN GET ABERRANT BEHAVIOR ANOMALY DETECTION.
  • NAGIOS. BEING FED FROM THE HOST ASSET DATABASE IT MONITORS HOST AND SERVICE AVAILABILITY INFORMATION.
  • OSIRIS, A GREAT HIDS.

BEEF

http://www.bindshell.net/tools/beef/

BEEF IS THE BROWSER EXPLOITATION FRAMEWORK. ITS PURPOSES IN LIFE ARE TO PROVIDE AN FRAMEWORK TO DEMONSTRATE THE IMPACT OF BROWSER AND CROSS-SITE SCRIPTING (XSS) ISSUES IN REAL-TIME. THE MODULAR STRUCTURE HAS FOCUSED ON MAKING MODULE DEVELOPMENT A TRIVIAL PROCESS WITH THE INTELLIGENCE EXISTING WITHIN BEEF. SOME OF THE BASIC FUNCTIONALITY INCLUDES KEYLOGGING AND CLIPBOARD THEFT.

ATK (ATTACK TOOL KIT)

http://www.computec.ch/projekte/atk/

THE ACRONYM ATK STANDS FOR ATTACK TOOL KIT. IT WAS FIRST DEVELOPED TO PROVIDE A VERY SMALL AND HANDY TOOL FOR WINDOWS TO REALIZE FAST CHECKS FOR DEDICATED VULNERABILITIES. IN THE MEANWHILE IT IS A COMBINATION OF SECURITY SCANNER (E.G. NESSUS) AND EXPLOITING FRAMEWORK (E.G. METASPLOIT). THE SPECIAL THING ABOUT ATK IS THAT THE TOOL IS ABLE TO DO THE WORK WITHOUT GREAT INTERACTION. BUT THERE IS ALSO ALWAYS THE POSSIBILITY TO VARY AND CHANGE THE BEHAVIOR OF THE SOFTWARE. THIS CONCERN THE PLUGINS, CHECKING, ENUMERATION AND REPORTING. THE USER IS NOT DEPENDENT OF THE IDEAS OF THE DEVELOPERS - IF NEEDED BECAUSE OF THE MODULARITY NEARLY EVERY CHANGE CAN BE DONE WITHIN A FEW SECONDS. ATK IS WRITTEN IN VISUAL BASIC, UNDERLIES THE GENERAL PUBLIC LICENSE (GPL) AND IS ABSOLUTELY FREE TO USE AND DISTRIBUTE.

BOREAL (COMMERCIAL)

http://www.iwl.com/products/boreal---vulnerability/

BOREAL, THE SNMP VULNERABILITY TEST SUITE ALLOWS NETWORK ADMINISTRATORS AND TESTERS TO VERIFY THE ROBUSTNESS OF EACH OF THEIR NETWORK DEVICES IN THE FACE OF PACKET DECODING VULNERABILITIES.
BOREAL INCLUDES MORE THAN 700,000 VULNERABILITY TEST CASES FOR SNMP V1, V2C, AND V3 AGENTS. BOREAL ALLOWS THE NETWORK ADMINISTRATOR TO UNCOVER THE VULNERABILITIES IN A NETWORK DEVICE IN THREE EASY STEPS: (1) ENTER THE IP ADDRESS OF THE NETWORK DEVICE, (2) CLICK ON TEST ALL, (3) COLLECT THE RESULTS REPORT OR EMAIL IT TO THE NETWORK DEVICE SUPPLIER. BOREAL CAN ALSO AUTOMATICALLY TEST ALL THE NETWORK DEVICES IN A NETWORK, THROUGH AN AUTOMATED COMMAND LINE SCRIPT.

KEY FEATURES:

  • AUTOMATICALLY RUN ALL THE TEST CASES AGAINST ONE AGENT.
  • AUTOMATICALLY RUN ALL THE TEST CASES AGAINST ALL AGENTS ON ALL DEVICES IN THE NETWORK IN ONE STEP.
  • VERIFY IF THE MANUFACTURER'S PATCHES RESOLVE ALL VULNERABILITY PROBLEMS.
  • SEND REPORTS BACK TO THE MANUFACTURER FOR RESOLUTION.
  • VERIFY IF THE AGENT PROPERLY RESPONDED BY "EXPECTED OUTCOME".
  • TURN ON DEBUGGING PREFERENCES AND PINPOINT THE PRECISE SEQUENCE AND TYPE OF PACKET THAT CAUSED THE FAILURE FOR REPORTING BACK TO THE MANUFACTURER.
  • CHANGE VALUES AND PARAMETERS IN THE TEST CASES.
  • ELIMINATE LEGAL WORRIES. BOREAL CONTAINS NO FREE SOFTWARE FOUNDATION-GNU LICENSE DEPENDENCIES. ALL THE CODE IS THE ORIGINAL WORK OF INTERWORKING LABS.
  • INTEGRATE WITH SILVERCREEK, THE OFFICIAL SNMP TEST SUITE, TO PROVIDE MORE CAPABILITIES TO THE TESTER WHO WOULD LIKE A FULL AND COMPLETE PICTURE OF ALL ASPECTS OF THE SNMP AGENT QUALITY.

ISIC

http://www.packetfactory.net/projects/ISIC/

http://packetstormsecurity.org/UNIX/misc/isic-0.06.tgz

ISIC IS A SUITE OF UTILITIES TO EXERCISE THE STABILITY OF AN IP STACK AND ITS COMPONENT STACKS (TCP, UDP, ICMP ET. AL.). IT GENERATES PILES OF PSEUDO RANDOM PACKETS OF THE TARGET PROTOCOL.
THE PACKETS BE GIVEN TENDENCIES TO CONFORM TO. I.E. 50% OF THE PACKETS GENERATED CAN HAVE IP OPTIONS. 25% OF THE PACKETS CAN BE IP FRAGMENTS… BUT THE PERCENTAGES ARE ARBITRARY AND MOST OF THE PACKET FIELDS HAVE A CONFIGURABLE TENDENCY.
THE PACKETS ARE THEN SENT AGAINST THE TARGET MACHINE TO EITHER PENETRATE ITS FIREWALL RULES OR FIND BUGS IN THE IP STACK.
IT ALSO CONTAINS A UTILITY GENERATE RAW ETHER FRAMES TO EXAMINE HARDWARE IMPLEMENTATIONS.
OTHER NOVEL USES PEOPLE HAVE FOUND FOR ISIC INCLUDE IDS TESTING, STACK FINGERPRINTING, BREAKING SNIFFERS AND BARRAGING THE IRC KIDDIE.

REQUIREMENTS:

  • LIBNET 1.1.X

NOTE: THE LIBNET PACKAGE CAN BE FOUND AT THIS LOCATION:

http://linux.softpedia.com/get/Programming/Libraries/Libnet-10275.shtml

METASPLOIT

http://www.metasploit.com/index.html

THE METASPLOIT PROJECT IS AN OPEN SOURCE COMPUTER SECURITY PROJECT WHICH PROVIDES INFORMATION ABOUT SECURITY VULNERABILITIES AND AIDS IN PENETRATION TESTING AND IDS SIGNATURE DEVELOPMENT. ITS MOST WELL-KNOWN SUB-PROJECT IS THE METASPLOIT FRAMEWORK, A TOOL FOR DEVELOPING AND EXECUTING EXPLOIT CODE AGAINST A REMOTE TARGET MACHINE. OTHER IMPORTANT SUB-PROJECTS INCLUDE THE OPCODE DATABASE, SHELLCODE ARCHIVE, AND SECURITY RESEARCH. THE METASPLOIT FRAMEWORK IS MOST NOTABLY KNOWN FOR RELEASING SOME OF THE MOST TECHNICALLY SOPHISTICATED EXPLOITS TO PUBLIC SECURITY VULNERABILITIES, RATHER THAN THE MOST RECENT. IN ADDITION IT IS A POWERFUL TOOL FOR 3RD PARTY SECURITY RESEARCHERS TO INVESTIGATE POTENTIAL VULNERABILITIES. LIKE COMPARABLE COMMERCIAL PRODUCTS SUCH AS IMMUNITY'S CANVAS OR CORE SECURITY TECHNOLOGY'S CORE IMPACT, METASPLOIT CAN BE USED BY ADMINISTRATORS TO TEST THE VULNERABILITY OF COMPUTER SYSTEMS IN ORDER TO PROTECT THEM, OR BY BLACK HAT HACKERS AND SCRIPT KIDDIES TO BREAK INTO REMOTE SYSTEMS. INDEED, THE METASPLOIT FRAMEWORK FACILITATES THE LATTER TASK CONSIDERABLY.

SECURESCOUT NX (COMMERCIAL)

http://www.securescout.com/nx

SECURESCOUT NX IS A NETWORK VULNERABILITY ASSESSMENT TOOL THAT DETERMINES WHETHER NETWORKS AND FIREWALLS ARE VULNERABLE TO ATTACKS, AND RECOMMENDS CORRECTIVE ACTION FOR IDENTIFIED VULNERABILITIES.

WEBINSPECT (COMMERCIAL)

http://www.spidynamics.com

WEBINSPECT IS THE FIRST AND ONLY SOLUTION TO ADDRESS THE COMPLEXITY OF WEB 2.0 AND IDENTIFY VULNERABILITIES THAT ARE UNDETECTABLE BY TRADITIONAL SCANNERS.

SECURITYFOREST'S EXPLOITATION FRAMEWORK

http://www.securityforest.com/wiki/index.php/Exploitation_Framework

SECURITYFOREST'S EXPLOITATION FRAMEWORK IS SIMILAR IN CONCEPT TO THE OPEN-SOURCE METASPLOIT FRAMEWORK (http://www.metasploit.com) AND THE COMMERCIAL OFFERINGS SUCH AS IMMUNITY'S CANVAS (http://www.immunitysec.com) AND CORE SECURITY TECHNOLOGY'S IMPACT (http://www.corest.com).

THE MAJOR DIFFERENCE BETWEEN THE ABOVE MENTIONED FRAMEWORKS AND THE SECURITYFOREST EXPLOITATION FRAMEWORK IS THAT IT LEVERAGES THE MASSIVE AMOUNT OF EXPLOITS AVAILABLE IN THE EXPLOITTREE. THESE EXPLOITS ARE PUBLICLY AVAILABLE AND DO NOT HAVE TO BE RE-WRITTEN TO BE USED IN THE FRAMEWORK (NO MATTER WHAT LANGUAGE AND SOMETIMES NO MATTER WHAT OS). IT BASICALLY ACTS AS A GRAPHICAL USER INTERFACE TO THE EXPLOITTREE WHICH IS DYNAMICALLY UPDATED AT THE SAME TIME AS THE EXPLOITTREE.

THE ABOVE MENTIONED FRAMEWORKS ARE GREAT AND THE EXPLOITATION FRAMEWORK DOESN'T EVEN COMPARE TO THEM ON A TECHNICAL LEVEL, IT JUST FILLS THE GAP.

THE EXPLOITATION FRAMEWORK IS PROVIDED FOR LEGAL PENETRATION TESTING AND RESEARCH PURPOSES ONLY

PIRANA

http://www.guay-leroux.com/projects/pirana-0.3.3.tar.gz

PIRANA IS AN EXPLOITATION FRAMEWORK THAT TESTS THE SECURITY OF A EMAIL CONTENT FILTER. BY MEANS OF A VULNERABILITY DATABASE, THE CONTENT FILTER TO BE TESTED WILL BE BOMBARDED BY VARIOUS EMAILS CONTAINING A MALICIOUS PAYLOAD INTENDED TO COMPROMISE THE COMPUTING PLATFORM. PIRANA'S GOAL IS TO TEST WHETHER OR NOT ANY VULNERABILITY EXISTS ON THE CONTENT FILTERING PLATFORM. THIS TOOL USES THE EXCELLENT SHELLCODE GENERATOR FROM THE METASPLOIT FRAMEWORK!

SARA (SECURITY AUDITOR'S RESEARCH ASSISTANT)

http://www-arc.com/sara/

SARA IS A VULNERABILITY ASSESSMENT TOOL THAT WAS DERIVED FROM THE INFAMOUS SATAN SCANNER. THEY TRY TO RELEASE UPDATES TWICE A MONTH AND TRY TO LEVERAGE OTHER SOFTWARE CREATED BY THE OPEN SOURCE COMMUNITY (SUCH AS NMAP AND SAMBA).

THE IBM INTERNET SCANNER (COMMERCIAL)

http://www.iss.net/products/Internet_Scanner/product_main_page.html

THE IBM INTERNET SCANNER CAN IDENTIFY MORE THAN 1,300 TYPES OF NETWORKED DEVICES ON YOUR NETWORK, INCLUDING DESKTOPS, SERVERS, ROUTERS/SWITCHES, FIREWALLS, SECURITY DEVICES AND APPLICATION ROUTERS.
ONCE ALL OF YOUR NETWORKED DEVICES ARE IDENTIFIED, INTERNET SCANNER ANALYZES THE CONFIGURATIONS, PATCH LEVELS, OPERATING SYSTEMS AND INSTALLED APPLICATIONS TO FIND VULNERABILITIES THAT COULD BE EXPLOITED BY HACKERS TRYING TO GAIN UNAUTHORIZED ACCESS.

NESSUS VULNERABILITY SCANNER

http://www.nessus.org/

NESSUS IS A REMOTE SECURITY SCANNER FOR LINUX, BSD, SOLARIS, AND OTHER UNICES. IT IS PLUG-IN-BASED, HAS A GTK INTERFACE, AND PERFORMS OVER 1200 REMOTE SECURITY CHECKS. IT ALLOWS FOR REPORTS TO BE GENERATED IN HTML, XML, LATEX, AND ASCII TEXT, AND SUGGESTS SOLUTIONS FOR SECURITY PROBLEMS.

NOTE: YOU MAY WANT TO CONSIDER USING A NEW WEB INTERFACE CALLED INPROTECT.

INPROTECT IS A PHP, PERL AND MYSQL BASED WEB INTERFACE FOR THE NESSUS SECURITY SCANNER AND NMAP PORT SCANNER. THE SYSTEM PRESENTS SCAN RESULTS VIA AN EMAIL NOTIFICATION, A HTML INTERFACE, OR EXPORTED TO A PDF FILE.

THE LOCATION TO THE INTERFACE CAN BE FOUND HERE:

http://sourceforge.net/project/showfiles.php?group_id=67220

NOTE: A GREAT CLIENT INTERFACE CALLED NESSJ IS AVAILABLE FROM SOURCEFORGE TO DOWNLOAD.

http://sourceforge.net/projects/reason/

NESSJ IS A NETWORK SECURITY SCANNER CLIENT FOR NESSUS AND COMPATIBLE SERVERS. IN ADDITION TO AN IMPROVED USER INTERFACE, IT PROVIDES SESSION MANAGEMENT WITH TEMPLATES, REPORT GENERATION USING XSLT INCLUDING CHARTS/GRAPHS, AND VULNERABILITY TRENDING.

ADDITIONAL NESSUS PLUGINS CAN BE FOUND HERE:

http://www.cirt.net/code/nessus.shtml

CENZIC'S WINDOWSPORT OF NESSUS SCANNER

http://sourceforge.net/projects/nessuswin32/

CENZIC HAS PORTED THE NESSUS ENGINE (http://www.nessus.org) TO THE MICROSOFT WINDOWS PLATFORM. NESSUS IS TRADEMARK OF TENABLE NETWORK SECURITY. CENZIC, INC. PRODUCTS ARE NOT AFFILIATED WITH OR OTHERWISE APPROVED BY TENABLE.

NEXPOSE VULNERABILITY SCANNER & PENETRATION (COMMERCIAL)

http://www.rapid7.com/

NEXPOSE, RAPID7'S ENTERPRISE VULNERABILITY ASSESSMENT AND RISK MANAGEMENT SOLUTION, WAS LAUNCHED IN 2001 TO HELP IT AND SECURITY PROFESSIONALS GAIN OVERALL CONTROL OF THEIR NETWORK AND PROTECT SOFTWARE AND APPLICATIONS FROM INTERNAL AND EXTERNAL INTRUDERS. NEXPOSE MINIMIZES THE TIME SPENT LOCATING AND ELIMINATING AN ORGANIZATION'S SECURITY VULNERABILITIES, THEREBY INCREASING NETWORK RELIABILITY, ENHANCING ORGANIZATIONAL EFFICIENCIES, AND IMPROVING RESOURCE MANAGEMENT ACROSS OPERATING SYSTEMS, SERVERS, DATABASES, AND APPLICATIONS.

HAILSTORM (COMMERCIAL)

http://www.cenzic.com/products_services/cenzic_hailstorm.php

BY INTEGRATING ASSESSMENT TECHNOLOGY WITH A UNIQUE SMARTATTACK™-BASED APPROACH, CENZIC HAILSTORM CORE PROVIDES HIGH QUALITY OF RESULTS FOR ASSESSING APPLICATIONS BY:

  • TESTING COMMERCIAL AND CUSTOM WEB APPLICATIONS AGAINST BEST PRACTICE SECURITY POLICIES
  • TESTING AND MONITORING APPLICATIONS FOR COMMONLY KNOWN VULNERABILITIES
  • BUILDING SECURITY INTO WEB APPLICATIONS AS THEY ARE BEING DEVELOPED, GREATLY REDUCING THE COST, RISK, TESTING, AND TIME TO MARKET.

CAPABILITIES:

  • ENTERPRISE DEPLOYMENT
  • MANAGEMENT DASHBOARD AND EXTENSIVE REPORTING

DIFFERENTIATORS:

  • ACCURACY:
  • APPLICATION ASSESSMENT
  • APPLICATION SPECIFIC SETTINGS
  • STEP MODE AND USER INJECTIONS
  • COMPREHENSIVENESS:
  • INTERACTIVE RESULTS
  • ENHANCED SMART ATTACKS
  • EXTENSIBILITY:
  • RAPID CONFIGURATION OF SMART ATTACK PARAMETERS, APPLICATION SPECIFIC SETTINGS
  • AUTOMATION:
  • ASSESSMENT SCHEDULING
  • ASSESSMENT SHARING
  • PERFORMANCE:
  • PARALLEL EXECUTION OF SMARTATTACKS™

ENTERPRISE DEPLOYMENT:

  • CENTRALIZED DATABASE FOR ASSESSMENT RESULTS, REPORTS, APPLICATION SETTINGS AND JOB DEFINITIONS
  • USER ROLES
  • CENTRALIZED APPLICATION SETTING THROUGH USE OF PROJECTS
  • JOB SHARING, CONTROL OVER TASKS AND PRIVILEGES
  • GLOBAL DASHBOARD FOR TRACKING TESTING EFFECTIVENESS

RETINA NETWORK SECURITY SCANNER (COMMERCIAL)

http://www.eeye.com/html/products/retina/index.html

FASTEST, MOST ACCURATE, NON-INTRUSIVE SECURITY SCANNER RETINA WILL SCAN AN ENTIRE CLASS C NETWORK IN LESS THAN 15 MINUTES. IT WILL QUICKLY IDENTIFY SECURITY THREATS ON EVERY MACHINE ON YOUR NETWORK, IDENTIFYING OPERATING SYSTEMS, NETWORKED DEVICES OR CUSTOM APPLICATIONS. THIS GIVES SECURITY ADMINISTRATORS A CONSIDERABLE TIME ADVANTAGE OVER ATTACKS LEVERAGING KNOWN VULNERABILITIES, OR WHEN PERFORMING VULNERABILITY TESTING ACTIVITIES. RETINA DOES NOT USE EXPLOIT CODE AND TYPICALLY DOES NOT REQUIRE ADMINISTRATIVE RIGHTS TO FUNCTION, THEREBY ALLOWING FOR COMPLETELY NON-INTRUSIVE SCANS ACROSS THE NETWORK WHERE APPLICATIONS OR SERVICES ARE NOT IMPACTED AS PART OF YOUR VULNERABILITY ASSESSMENT PROCESS.

SUPERIOR RESEARCH TEAM CONTRIBUTES TO BETTER SECURITY SCANNER NO SECURITY VENDOR CAN MATCH THE TECHNICAL EXPERTISE OF THE EEYE RESEARCH TEAM, HAVING DISCOVERED MORE HIGH-RISK VULNERABILITIES THAN ALL OTHER RESEARCH GROUPS COMBINED. THE INTELLECTUAL CAPITAL AMASSED THROUGH THIS RESEARCH TEAM IS CONTINUALLY BEING ADDED TO RETINA'S SCANNING CAPABILITIES AND CONTRIBUTES TO EACH NEW VERSION RELEASE.

BEST PRACTICES VULNERABILITY ASSESSMENT WORKFLOW RETINA GUIDES USERS THROUGH THE LOGICAL STEPS OF DISCOVERING ASSETS, PERFORMING AUDITS FOR KNOWN VULNERABILITY AND CONFIGURATION ISSUES, AND THEN RECOMMENDING REMEDIATION ACTIONS TO ADDRESS THE IDENTIFIED VULNERABILITIES. YOUR ENTIRE VULNERABILITY MANAGEMENT PROCESS WILL THEN BE DOCUMENTED THROUGH EITHER THE INCLUDED REPORTING FUNCTIONALITY OF RETINA, OR FURTHER AUGMENTED THROUGH THE EXTENDED REPORTING CAPABILITIES OF REM SECURITY MANAGEMENT CONSOLE TO ACHIEVE CORPORATE AND REGULATORY COMPLIANCE FOR NETWORK SECURITY.

KEY REASONS TO CHOOSE RETINA FOR NETWORK VULNERABILITY ASSESSMENT:

  • COMPREHENSIVE, FREQUENTLY UPDATED DATABASE
  • MULTIPLATFORM SECURITY SCANNING
  • ADVANCED SCHEDULING CAPABILITIES
  • CUSTOMIZABLE REPORTING
  • REMEDIATION PRIORITIZATION AND AUTOMATION
  • CUSTOM SECURITY AUDITS
  • SMART SCANNING TECHNOLOGY
  • OPEN ARCHITECTURE FOR THIRD PARTY APPLICATION INTEGRATION, INCLUDING IBM TIVOLI, CA UNICENTER, BMC REMEDY, HP OPENVIEW, AND OTHERS

SAINT VULNERABILITY SCANNER (COMMERCIAL)

http://www.saintcorporation.com/about_SAINT.html

SAINT IS ANOTHER COMMERCIAL VULNERABILITY ASSESSMENT TOOL (LIKE ISS INTERNET SCANNER OR EEYE RETINA). UNLIKE THOSE WINDOWS-ONLY TOOLS, SAINT RUNS EXCLUSIVELY ON UNIX. SAINT USED TO BE FREE AND OPEN SOURCE, BUT IS NOW A COMMERCIAL PRODUCT.

CANVAS (COMMERCIAL)

http://www.immunityinc.com

CANVAS IS A COMPREHENSIVE EXPLOITATION FRAMEWORK AIMED AT PROMOTING CONVENIENT EXPLOIT DEVELOPMENT AND PROVIDING A ROBUST YET FLEXIBLE PENETRATION PLATFORM. SIMPLY PUT, CANVAS LETS YOU MOLD VULNERABILITY INFORMATION INTO PRACTICAL EXPLOITS.

CORE IMPACT (COMMERCIAL)

http://www.coresecurity.com/products/coreimpact/index.php

CORE IMPACT DELIVERS A SOFTWARE FRAMEWORK TO ORGANIZATIONS THAT REQUIRE EFFICIENT AND EFFECTIVE PENETRATION TESTING.
NEXT GENERATION RAPID PENETRATION TEST (RPT) AUTOMATION: IMPACT'S INDUSTRY-FIRST, STEP-BY-STEP AUTOMATION OF THE PENETRATION PROCESS IS POWERFUL AND EASY TO USE. THE RPT STEPS, INCLUDING INFORMATION GATHERING, ATTACK AND PENETRATION, LOCAL INFORMATION GATHERING, PRIVILEGE ESCALATION, CLEAN UP, AND REPORT GENERATION HAVE BEEN SIGNIFICANTLY ENHANCED TO INCLUDE:

  • VULNERABILITY SCANNER INTEGRATION WITH EEYE'S RETINA, NESSUS, AND GFI LANGUARD, WHICH ALLOWS FOR INCREASED EFFICIENCIES IN MANAGING AND REMEDIATING VULNERABILITIES, ENABLING USERS TO FOCUS ON THE MOST CRITICAL VULNERABILITIES FIRST.
  • THE ABILITY TO LAUNCH SIMULTANEOUS, MULTIPLE ATTACKS, WHICH IMPROVES THE SPEED AND EASE WITH WHICH USERS CAN EVALUATE THEIR NETWORK DEFENSES.
  • FLEXIBLE REPORTING THAT ENABLES USERS TO GENERATE CORE IMPACT'S REPORTS AS HTML, PDF, MICROSOFT WORD AND OTHER POPULAR FORMATS SO THAT CONTENT CAN BE EASILY CUSTOMIZED AND SHARED WITH AUDITORS AND OTHER PARTS OF THE ORGANIZATION.

FTESTER – FIREWALL AND IDS TESTING TOOL

http://dev.inversepath.com/trac/ftester

THE FIREWALL TESTER (FTESTER) IS A TOOL DESIGNED FOR TESTING FIREWALLS FILTERING POLICIES AND INTRUSION DETECTION SYSTEM (IDS) CAPABILITIES. THE TOOL CONSISTS OF TWO PERL SCRIPTS, A PACKET INJECTOR (FTEST) AND THE LISTENING SNIFFER (FTESTD). THE FIRST SCRIPT INJECTS CUSTOM PACKETS, DEFINED IN FTEST.CONF, WITH A SIGNATURE IN THE DATA PART WHILE THE SNIFFER LISTENS FOR SUCH MARKED PACKETS. THE SCRIPTS BOTH WRITE A LOG FILE WHICH IS IN THE SAME FORM FOR BOTH SCRIPTS. A DIFF OF THE TWO PRODUCED FILES (FTEST.LOG AND FTESTD.LOG) SHOWS THE PACKETS THAT WERE UNABLE TO REACH THE SNIFFER DUE TO FILTERING RULES IF THESE TWO SCRIPTS ARE RAN ON HOSTS PLACED ON TWO DIFFERENT SIDES OF A FIREWALL. STATEFUL INSPECTION FIREWALLS ARE HANDLED WITH THE ‘CONNECTION SPOOFING’ OPTION. A SCRIPT CALLED FREPORT IS ALSO AVAILABLE FOR AUTOMATICALLY PARSE THE LOG FILES.

FEATURES:

  • FIREWALL TESTING
  • IDS TESTING
  • SIMULATION OF REAL TCP CONNECTIONS FOR STATEFUL INSPECTION FIREWALLS AND IDS
  • CONNECTION SPOOFING
  • IP FRAGMENTATION / TCP SEGMENTATION
  • IDS EVASION TECHNIQUES

FRAGROUTE

http://www.monkey.org/~dugsong/fragroute/

FRAGROUTE IS A *NIX-BASED TOOL THAT INTERCEPTS, MODIFIES, AND REWRITES EGRESS TRAFFIC DESTINED FOR A SPECIFIED HOST. IT INCLUDES A RULE-BASED LANGUAGE TO DELAY, DUPLICATE, DROP, FRAGMENT, OVERLAP, PRINT, REORDER, SEGMENT, SOURCE-ROUTE, OR OTHERWISE MONKEY WITH ALL OUTBOUND PACKETS DESTINED FOR A TARGET HOST, WITH MINIMAL SUPPORT FOR RANDOMIZED OR PROBABILISTIC BEHAVIOR. POSSIBLE USES OF FRAGROUTE INCLUDE THE FOLLOWING:

  • TESTING NETWORK IDS TIMEOUT AND REASSEMBLY
  • TESTING STATEFUL FIREWALL INSPECTION
  • SIMULATING ONE-WAY LATENCY, LOSS, REORDERING, AND RETRANSMISSIONS
  • EVADING "PASSIVE OS FINGERPRINTING" TECHNIQUES

FRAGROUTER

http://www.packetstormsecurity.nl/UNIX/IDS/nidsbench/nidsbench.html

FRAGROUTER IS A ONE-WAY FRAGMENTING ROUTER - IP PACKETS GET SENT FROM THE ATTACKER TO THE FRAGROUTER, WHICH TRANSFORMS THEM INTO A FRAGMENTED DATA STREAM TO FORWARD TO THE VICTIM. MANY NETWORK IDS ARE UNABLE OR SIMPLY DON'T BOTHER TO RECONSTRUCT A COHERENT VIEW OF THE NETWORK DATA (VIA IP FRAGMENTATION AND TCP STREAM REASSEMBLY), AS DISCUSSED IN THE PAPER, INSERTION, EVASION, AND DENIAL OF SERVICE: ELUDING NETWORK INTRUSION DETECTION. THE LINK TO THIS PAPER IS: http://insecure.org/stf/secnet_ids/secnet_ids.html

FRAGROUTER HELPS AN ATTACKER LAUNCH IP-BASED ATTACKS WHILE AVOIDING DETECTION. IT IS PART OF THE NIDSBENCH SUITE OF TOOLS BY DUG SONG. THE LINK CAN BE FOUND HERE: http://www.packetstormsecurity.nl/UNIX/IDS/nidsbench/nidsbench.html
FRAGROUTE IS A SIMILAR TOOL WHICH IS ALSO WRITTEN BY THE SAME AUTHOR DUG SONG.

FREL-1.0

http://packetstormsecurity.nl/0102-exploits/frel-1.0.beta.tgz

FREL-1.0 IS A MODIFIED VERSION OF FRAGROUTER, USED TO EVADE NIDS. THE FRAG PROXY CAN RUN ON THE SAME MACHINE AS THE ATTACKER. IT CAN ALSO RUN IN PARTIAL TAKEOVER MODE, SO THAT THE FRAGMENTED ATTACK STREAM SEEMS TO BE COMING FROM ANOTHER ACTIVE MACHINE ON THE SAME PHYSICAL SUBNET. THE NEIGHBOR MACHINE RUNS NORMALLY EXCEPT FOR THE PORTS BEING USED BY ATTACKER.

YERSINIA

http://www.yersinia.net/

YERSINIA IS A NETWORK TOOL DESIGNED TO TAKE ADVANTAGE OF SOME WEAKNESS IN DIFFERENT NETWORK PROTOCOLS. IT PRETENDS TO BE A SOLID FRAMEWORK FOR ANALYZING AND TESTING THE DEPLOYED NETWORKS AND SYSTEMS.
CURRENTLY, THERE ARE SOME NETWORK PROTOCOLS IMPLEMENTED, BUT OTHERS ARE COMING (TELL US WHICH ONE IS YOUR PREFERRED). ATTACKS FOR THE FOLLOWING NETWORK PROTOCOLS ARE IMPLEMENTED (BUT OF COURSE YOU ARE FREE FOR IMPLEMENTING NEW ONES):

  • SPANNING TREE PROTOCOL (STP).
  • CISCO DISCOVERY PROTOCOL (CDP).
  • DYNAMIC TRUNKING PROTOCOL (DTP).
  • DYNAMIC HOST CONFIGURATION PROTOCOL (DHCP).
  • HOT STANDBY ROUTER PROTOCOL (HSRP).
  • 802.1Q.
  • INTER-SWITCH LINK PROTOCOL (ISL).
  • VLAN TRUNKING PROTOCOL (VTP).

NSAT (NETWORK SECURITY ANALYSIS TOOL)

http://nsat.sourceforge.net/

NSAT IS A ROBUST SCANNER WHICH IS DESIGNED FOR:

  • DIFFERENT KINDS OF WIDE-RANGING SCANS, KEEPING STABLE FOR DAYS
  • SCANNING ON MULTI-USER BOXES (LOCAL STEALTH AND NON-PRIORITY SCANNING OPTIONS)
  • PROFESSIONAL-GRADE PENETRATION TESTING AND COMPREHENSIVE AUDITING
  • EASY FULL-SCALE ARCHIVING OF VULNERABILITY AND VERSION INFORMATION FOR FURTHER PURPOSES
  • TIME-LESS CONFIGURATION - AS A BANNER SCANNER FOR MANY KNOWN SERVICES AND PROTOCOLS
  • VIRTUAL HOST SUPPORT, HOST/NETWORK EXCLUSION SUPPORT
  • FLEXIBILITY AND CONFIGURABLE SCANNING
  • DISTRIBUTED SCANNING (NEW FEATURE; BETA STATUS)

NIKTO

http://www.cirt.net/code/nikto.shtml

NIKTO IS AN OPEN SOURCE (GPL) WEB SERVER SCANNER WHICH PERFORMS COMPREHENSIVE TESTS AGAINST WEB SERVERS FOR MULTIPLE ITEMS, INCLUDING OVER 3200 POTENTIALLY DANGEROUS FILES/CGIS, VERSIONS ON OVER 625 SERVERS, AND VERSION SPECIFIC PROBLEMS ON OVER 230 SERVERS. SCAN ITEMS AND PLUGINS ARE FREQUENTLY UPDATED AND CAN BE AUTOMATICALLY UPDATED (IF DESIRED).
NIKTO IS NOT DESIGNED AS AN OVERLY STEALTHY TOOL. IT WILL TEST A WEB SERVER IN THE SHORTEST TIMESPAN POSSIBLE, AND IT'S FAIRLY OBVIOUS IN LOG FILES. HOWEVER, THERE IS SUPPORT FOR LIBWHISKER'S ANTI-IDS METHODS IN CASE YOU WANT TO GIVE IT A TRY (OR TEST YOUR IDS SYSTEM).
NOT EVERY CHECK IS A SECURITY PROBLEM, THOUGH MOST ARE. THERE ARE SOME ITEMS THAT ARE "INFO ONLY" TYPE CHECKS THAT LOOK FOR ITEMS THAT MAY NOT HAVE A SECURITY FLAW, BUT THE WEBMASTER OR SECURITY ENGINEER MAY NOT KNOW ARE PRESENT ON THE SERVER. THESE ITEMS ARE USUALLY MARKED APPROPRIATELY IN THE INFORMATION PRINTED. THERE ARE ALSO SOME CHECKS FOR UNKNOWN ITEMS WHICH HAVE BEEN SEEN SCANNED FOR IN LOG FILES.

FEATURES:

  • USES RFP'S LIBWHISKER AS A BASE FOR ALL NETWORK FUNCTIONALITY
  • MAIN SCAN DATABASE IN CSV FORMAT FOR EASY UPDATES
  • DETERMINES "OK" VS "NOT FOUND" RESPONSES FOR EACH SERVER, IF POSSIBLE
  • DETERMINES CGI DIRECTORIES FOR EACH SERVER, IF POSSIBLE
  • SWITCH HTTP VERSIONS AS NEEDED SO THAT THE SERVER UNDERSTANDS REQUESTS PROPERLY
  • SSL SUPPORT (UNIX WITH OPENSSL OR MAYBE WINDOWS WITH ACTIVESTATE'S PERL/NETSSL)
  • OUTPUT TO FILE IN PLAIN TEXT, HTML OR CSV
  • GENERIC AND "SERVER TYPE" SPECIFIC CHECKS
  • PLUGIN SUPPORT (STANDARD PERL)
  • CHECKS FOR OUTDATED SERVER SOFTWARE
  • PROXY SUPPORT (WITH AUTHENTICATION)
  • HOST AUTHENTICATION (BASIC)
  • WATCHES FOR "BOGUS" OK RESPONSES
  • ATTEMPTS TO PERFORM EDUCATED GUESSES FOR AUTHENTICATION REALMS
  • CAPTURES/PRINTS ANY COOKIES RECEIVED
  • MUTATE MODE TO "GO FISHING" ON WEB SERVERS FOR ODD ITEMS
  • BUILDS MUTATE CHECKS BASED ON ROBOTS.TXT ENTRIES (IF PRESENT)
  • SCAN MULTIPLE PORTS ON A TARGET TO FIND WEB SERVERS (CAN INTEGRATE NMAP FOR SPEED, IF AVAILABLE)
  • MULTIPLE IDS EVASION TECHNIQUES
  • USERS CAN ADD A CUSTOM SCAN DATABASE
  • SUPPORTS AUTOMATIC CODE/CHECK UPDATES (WITH WEB ACCESS)
  • MULTIPLE HOST/PORT SCANNING (SCAN LIST FILES)
  • USERNAME GUESSING PLUGIN VIA THE CGIWRAP PROGRAM AND APACHE ~USER METHODS

SECURECENTRAL™ SCANFI (COMMERCIAL)

http://www.securecentral.com/products/scanfi/index.html

SECURECENTRAL™ SCANFI IS A AUTOMATED VULNERABILITY MANAGEMENT SOFTWARE FOR DETECTING, ASSESSING AND REMEDIATING NETWORK VULNERABILITIES ACROSS HETEROGENEOUS NETWORKS COMPRISING SERVERS, WORKSTATIONS, LAPTOPS, ROUTERS, SWITCHES AND OTHER NETWORK ENTITIES.

  • NON-INTRUSIVELY SCANS YOUR ENTERPRISE NETWORK
  • PROVIDES A DETAILED INVENTORY OF YOUR NETWORK ASSETS
  • IDENTIFIES NETWORK DEVICES THAT ARE OPEN TO KNOWN VULNERABILITIES
  • REMEDIATES VULNERABLE SYSTEMS BY DEPLOYING MISSING PATCHES AND SERVICE PACKS
  • PROVIDES DETAILED REPORTS OF THE SCAN ALONG WITH REMEDIATION SOLUTIONS TO MITIGATE THE RISKS, THUS PAVING WAY FOR A MORE SECURE ENVIRONMENT.

SCANFI'S WEB-BASED ARCHITECTURE GIVES YOU THE FLEXIBILITY TO MANAGE SYSTEMS EFFECTIVELY AGAINST EVEN THE MOST RECENT OF DISCOVERED VULNERABILITIES.

VLAD

http://www.bindview.com/Services/RAZOR/Utilities/Unix_Linux/vlad.cfm

VLAD THE SCANNER IS AN OPEN-SOURCE SECURITY SCANNER THAT CHECKS FOR THE SANS TOP TEN SECURITY VULNERABILITIES COMMONLY FOUND TO BE THE SOURCE OF A SYSTEM COMPROMISE. IT HAS BEEN TESTED ON LINUX, OPENBSD, AND FREEBSD.

(IRPAS) INTERNETWORK ROUTING PROTOCOL ATTACK SUITE

http://www.phenoelit.de/irpas/index.html

IRPAS IS NOT A COLLECTION OF EXPLOITS. WHILE SEVERAL CIRCUMSTANCES CAN LEAD TO A DENIAL OF SERVICE ATTACK, THE TOOLS TRY TO IMPLEMENT ROUTING PROTOCOL FUNCTIONALITY AS DESCRIBED BY THE PAPERS, THEREFORE ENABLING THE USER OF THESE TOOLS (PROBABLY YOU) TO DESIGN ITS OWN CUSTOMIZED ATTACK.

SUPPORTED PROTOCOLS:

  • CDP
  • IRDP
  • IGRP
  • EIGRP (DISCOVERY)
  • RIPV1 (DISCOVERY)
  • RIPV2 (DISCOVERY)
  • OSPF (DISCOVERY)
  • HSRP
  • DHCP DORA
  • ICMP REDIRECTS

BURP PROXY

http://portswigger.net/proxy/

BURP PROXY IS AN INTERACTIVE HTTP/S PROXY SERVER FOR ATTACKING AND DEBUGGING WEB-ENABLED APPLICATIONS. IT OPERATES AS A MAN-IN-THE-MIDDLE BETWEEN THE END BROWSER AND THE TARGET WEB SERVER, AND ALLOWS THE USER TO INTERCEPT, INSPECT AND MODIFY THE RAW TRAFFIC PASSING IN BOTH DIRECTIONS.
BURP PROXY ALLOWS AN ATTACKER TO FIND AND EXPLOIT APPLICATION VULNERABILITIES BY MONITORING AND MANIPULATING CRITICAL PARAMETERS AND OTHER DATA TRANSMITTED BY THE APPLICATION. BY MODIFYING BROWSER REQUESTS IN VARIOUS MALICIOUS WAYS, BURP PROXY CAN BE USED TO PERFORM ATTACKS SUCH AS SQL INJECTION, COOKIE SUBVERSION, PRIVILEGE ESCALATION, SESSION HIJACKING, DIRECTORY TRAVERSAL AND BUFFER OVERFLOWS.

KEY FEATURES INCLUDE:

  • FULL HTTP AND HTTPS PROXY SERVER.
  • TEXT AND HEX-EDITING OF INTERCEPTED TRAFFIC, SO EVEN BINARY DATA CAN BE MANIPULATED.
  • FULL HISTORY OF ALL REQUESTS, MODIFICATIONS AND RESPONSES, WITH ABILITY TO VIEW CACHED REQUESTS AND RESPONSES, AND TO REISSUE AND RE-MODIFY INDIVIDUAL REQUESTS.
  • FINE-GRAINED RULES GOVERNING INTERCEPTION OF REQUESTS AND RESPONSES, BASED ON PRACTICALLY ANY MESSAGE ATTRIBUTE.
  • SEARCH AND HIGHLIGHT OF INTERCEPTED MESSAGE TEXT.
  • FULL INTEGRATION WITH OTHER BURP SUITE PLUGINS.
  • SUPPORT FOR DOWNSTREAM PROXY SERVER.
  • AUTHENTICATION TO DOWNSTREAM PROXY AND WEB SERVERS, USING BASIC, NTLM OR DIGEST AUTHENTICATION TYPES.
  • AUTOMATED REGEX-BASED MANIPULATION OF HTTP REQUEST AND RESPONSE HEADERS.
  • GUI FRONT-END AND IN-BROWSER CONTROLS.
  • AUTOMATIC UPDATE OF CONTENT-LENGTH HEADER IN MODIFIED MESSAGES.
  • EXTENSIBILITY VIA THE IBURPEXTENDER INTERFACE.
  • RUNS IN BOTH LINUX AND WINDOWS.

OWASP PANTERA WEB ASSESSMENT STUDIO

http://www.owasp.org/index.php/Category:OWASP_Pantera_Web_Assessment_Studio_Project

OWASP PANTERA WEB ASSESSMENT STUDIO (WAS) IS A MIX BETWEEN A PENTEST PROXY, AN APPLICATION SCANNER AND AN INTELLIGENCE ANALYSIS FRAMEWORK. PANTERA LEAVES THE ANALYSIS AND AUTOMATIC (REPETITIVE) STUFF TO THE ENGINE, LEAVING ONLY THE IMPORTANT DECISIONS TO THE SECURITY EXPERT. IT HAS BEEN DESIGNED BY PROFESSIONALS WITH MANY YEARS OF EXPERIENCE IN THE APPLICATION SECURITY INDUSTRY TO OFFER USERS THE NECESSARY FEATURES REQUIRED FOR THEM TO CREATE SECURE CODE. PANTERA USES AN IMPROVED VERSION OF SPIKEPROXY TO PROVIDE A POWERFUL WEB APPLICATION ANALYSIS ENGINE.

WEBSCARAB

http://www.owasp.org/index.php/Category:OWASP_WebScarab_Project

WEBSCARAB IS A FRAMEWORK FOR ANALYSING APPLICATIONS THAT COMMUNICATE USING THE HTTP AND HTTPS PROTOCOLS. IT IS WRITTEN IN JAVA, AND IS THUS PORTABLE TO MANY PLATFORMS. WEBSCARAB HAS SEVERAL MODES OF OPERATION, IMPLEMENTED BY A NUMBER OF PLUGINS. IN ITS MOST COMMON USAGE, WEBSCARAB OPERATES AS AN INTERCEPTING PROXY, ALLOWING THE OPERATOR TO REVIEW AND MODIFY REQUESTS CREATED BY THE BROWSER BEFORE THEY ARE SENT TO THE SERVER, AND TO REVIEW AND MODIFY RESPONSES RETURNED FROM THE SERVER BEFORE THEY ARE RECEIVED BY THE BROWSER. WEBSCARAB IS ABLE TO INTERCEPT BOTH HTTP AND HTTPS COMMUNICATION. THE OPERATOR CAN ALSO REVIEW THE CONVERSATIONS (REQUESTS AND RESPONSES) THAT HAVE PASSED THROUGH WEBSCARAB.

NOTE: THE NEXT GENERATION WEBSCARAB PLATFORM CAN BE FOUND HERE:

http://www.owasp.org/index.php/OWASP_WebScarab_NG_Project

NOTE: A PLUGIN CALLED SAML PUMMEL WILL COMPLEMENT THE WEBSCARAB TOOL

http://www.isecpartners.com/samlpummel.html

SAML PUMMEL IS A BEANSHELL PLUG-IN FOR WEBSCARAB. IT AUTOMATES EIGHT DIFFERENT INJECTION ATTACKS TO ASSIST IN AUDITING THE IMPLEMENTATION OF SAML 2.0 SINGLE SIGN-ON SYSTEMS.

  • C14N ENTITY EXPANSION
  • C14N TRANSFORMS
  • REMOTE DTD
  • REMOTE KEYINFO RETRIEVALMETHOD
  • REMOTE KEYINFO WSSE SECURITY TOKEN REFERENCE
  • SIGNEDINFO REMOTE REFERENCE
  • XSLT TRANSFORM URL RETRIEVAL (XALAN)
  • XSLT TRANSFORM THREAD SUSPENSION (XALAN)

TCP DENIAL OF SERVICE TOOL

http://www.gotfault.net/research/tool/misc/panic-reloaded.c

TCP DENIAL OF SERVICE TOOL FOR UNIX. PANIC-RELOADED DOES NOT REQUIRE LARGE LINK OR FAST INTERNET CONNECTION, IT CREATES MANY PTHREADS, LEAVING OPENED CONNECTIONS TO VICTIM HOST. IT IS FAST AND AN EFFICIENT WAY TO DENY A TCP SERVICE.

ICMP ATTACK TOOLS

http://www.gont.com.ar/tools/icmp-attacks/index.html

http://www.securityfocus.com/data/vulnerabilities/exploits/HOD-icmp-attacks-poc.c

  • ICMP-RESET - BLINDLY RESETTING ARBITRARY TCP CONNECTIONS
  • ICMP-QUENCH - BLINDLY REDUCING THE THROUGHPUT OF ARBITRARY TCP CONNECTIONS
  • ICMP-MTU - BLINDLY REDUCING THE PERORMANCE OF ARBITRARY TCP CONNECTIONS

NOTE: DOCUMENTED ICMP ATTACKS SUBMITTED TO THE IETF

http://www.gont.com.ar/drafts/icmp-attacks-against-tcp.html

ENGARDE SECURE LINUX

http://www.engardelinux.org/modules/index/features.cgi

ENGARDE SECURE LINUX PROVIDES A SECURE PLATFORM FOR YOUR ORGANIZATION'S ENTIRE INTERNET FACING SYSTEMS. DESIGNED FROM THE GROUND UP WITH SECURITY IN MIND, BUILDING YOUR BUSINESS ON AN ENGARDE PLATFORM ALLOWS YOU THE PEACE OF MIND THAT COMES WITH KNOWING YOU ARE PROTECTED FROM AN ARRAY OF THREATS.

ENGARDE SECURE LINUX TECHNICAL FEATURES INCLUDE:

  • LINUX 2.6 KERNEL FOR THE LATEST HARDWARE COMPATIBILITY
  • SELINUX MANDATORY ACCESS CONTROL PROVIDES HIGH SECURITY BY STRICTLY ENFORCING SERVICE SEPARATION AT THE KERNEL LEVEL
  • GUARDIAN DIGITAL SECURE NETWORK FEATURES FREE ACCESS TO ALL SYSTEM AND SECURITY UPDATES AND ALLOWS FOR QUICK AND EASY UPDATING OF THE ENTIRE SERVER
  • BROAD SUPPORT FOR SERVER HARDWARE, INCLUDING 64-BIT AMD ARCHITECTURE AND HARDWARE RAID
  • WEB-BASED MANAGEMENT OF ALL FUNCTIONS, INCLUDING THE ABILITY TO BUILD A COMPLETE WEB PRESENCE WITH FTP, DNS, HTTP, SMTP AND MORE
  • SECURE UP-TO-DATE LAMP STACK SERVES VIRTUAL WEBSITES WITH APACHE V2.0, MYSQL 5.0, AND PHP 4.4 (PHP 5.0 AVAILABLE AS AN OPTIONAL PACKAGE)
  • LATEST BIND 9.3 PROVIDES SECURE DNS SERVICES
  • COMPLETELY NEW WEBTOOL, FEATURING EASIER NAVIGATION AND GREATER ABILITY TO MANAGE THE COMPLETE SYSTEM VIA A SECURE WEB BROWSER CONNECTION
  • RSS FEED PROVIDES ABILITY TO DISPLAY CURRENT NEWS AND IMMEDIATE ACCESS TO SYSTEM AND SECURITY UPDATES
  • INTEGRATED FIREWALL WITH ABILITY TO MANAGE INDIVIDUAL FIREWALL RULES, CONTROL PORT FORWARDING, AND CREATION OF IP BLACKLISTS
  • COMMERCIAL GRADE NETWORK INTRUSION DETECTION SYSTEM DISPLAYS AND GRAPHS INCOMING ATTACKS IN REAL TIME
  • BUILT-IN HOST IDS MONITORS SYSTEM FILES FOR UNAUTHORIZED CHANGES TO ENSURE SYSTEM INTEGRITY
  • BUILT-IN UPS CONFIGURATION PROVIDES ABILITY TO MANAGE AN ENTIRE NETWORK OF BATTERY-BACKUP DEVICES
  • REAL-TIME ACCESS TO SYSTEM AND SERVICE LOG INFORMATION

YAHA

http://www.cirt.net/code/yaha.shtml

YAHA IS AN HTTP AUTHENTICATION ATTACK TOOL WHICH TRIES COMBINATIONS OF USER IDS AND PASSWORDS WHAT DOES IT DO, AND WHY WOULD I WANT IT?

  • ATTEMPTS HTTP AUTHENTICATION USING PREDEFINED IDS AND PASSWORDS
  • MUTATES PASSWORDS BY REPLACING LETTERS FOR NUMBERS (O TO 0, I TO 1, E TO 3), MAKES WORDS PLURAL
  • WRITTEN IN PERL, SO IF YOU WANT TO MAKE CHANGES, IT'S QUITE EASY
  • CROSS-PLATFORM
  • WORKS ON ANY TCP PORT

SAMHAIN

http://www.la-samhna.de/samhain/index.html

SAMHAIN IS A MULTIPLATFORM, OPEN SOURCE SOLUTION FOR CENTRALIZED FILE INTEGRITY CHECKING / HOST-BASED INTRUSION DETECTION ON POSIX SYSTEMS (UNIX, LINUX, CYGWIN/WINDOWS). IT HAS BEEN DESIGNED TO MONITOR MULTIPLE HOSTS WITH POTENTIALLY DIFFERENT OPERATING SYSTEMS FROM A CENTRAL LOCATION, ALTHOUGH IT CAN ALSO BE USED AS STANDALONE APPLICATION ON A SINGLE HOST.

Unless otherwise stated, the content of this page is licensed under Creative Commons Attribution-ShareAlike 3.0 License