Security Tools
In addition to the standard Linux security tools and our custom secure applications, the Bootable CD comes with a collection of open source security tools picked from among the Internet's best.
Ethereal: Ethereal is a graphical protocol analyzer. It provides real-time collection and display of network packets, storage of traffic for analysis and replay, present packet protocol analysis and presents it in a very useful form, allows automatic stream selection and presentation to reassociate TCP sequences, and generally is one of the most helpful free protocol analyzers around. To run it, select utilities->ethereal from the X11 menus.
Snort: Snort provides a TCPdump-like capability augmented with interfaces to databases and intrusion detection and response systems. With snort, you can detect security-relevant events of various sorts and use them to trigger arbitrary response programs of your own making. To run snort, type the following:
libsetup snort -v -i eth0
Whisker: Whisker is a CGI scanner that can detect the running web server and perform only tests specific to that server and version, apply intrusion detection evasion methods, do brute force on accounts using HTTP-AUTH, use virtual hosts, and run in multi-thread mode. It is very helpful for assessing and demonstrating select web site vulnerabilities. To run, type:
whisker
Npulse: nPULSE is a web-based network monitoring package for Unix-like operating systems. It can quickly monitor tens, hundreds, even thousands of sites/devices at a time on multiple ports. nPULSE is written in Perl and comes with its own (SSL optional) web server for extra security. To run, type:
npulse
The default user ID is 'admin' and the default password is 'admin'.
Nessus: The "Nessus" Project aims to provide to the internet community a free, powerful, up-to-date and easy to use remote security scanner. To configure for nessus, type "nessus-setup". To run nessus, select Nessus from the X11 menus.
xprobe: X probe is icmp responses based TCP/IP stack fingerprinting tool based on the research performed by Ofir Arkin in his "ICMP usage in scanning" project. To run, type:
xprobe
sing: Send ICMP Nasty Garbage: SING is a tool that sends fully customized ICMP packets from the command line. Its main purpose is to replace and complement the ping command, adding certain enhancements as fragmentation, sending and receiving spoofed packets, sending many ICMP information types (echo, like the old ping, address mask, timestamp, and router discovery) and errors (redirect, unreachable, and time exceeded); as well as send monstrous packets. It also supports loose and strict source routing and record routing. To run, type:
sing
hunt: Hunt presents Ethernet traffic as sessions and allows the selection of sessions for viewing, session interruption, takeover, and resynchronization. To run it, type:
hunt
arping: Arping is an ARP level ping utility. It's good for finding out if an IP is taken before you have routing to that subnet. It can also ping MAC addresses directly. To run, type:
arping
nmap: Nmap maps out networks and attempts to fingerprint system IP stacks to determine what machines on the network really are. nmapfe is the X11 interface to nmap and can be run by selecting nmap from the X11 network administrator sniffers menus.
Etherape: Etherape provides a near-real-time display of network flows with pleasing graphical presentation. Etherape can be run by selecting nmap from the X11 network administrator sniffers menus.
Ntop: Ntop provides a variety of views on network traffic, gateways, routers, and other network information. It is very handy for understanding what is going on in a network and tracking activities by packet type and IP address over time. Ntop can be run by selecting nmap from the X11 network administrator sniffers menus.
icmpenum: Icmpenum is a proof of concept tool that was written by Simple Nomad. The tool is able of sending ICMP Echo requests, ICMP Timestamp Requests, and ICMP Information requests. It is somewhat useful for mapping out a network. to run, type:
icmpenum
ettercap: Ettercap is a multipurpose sniffer/interceptor/logger for switched LAN. It supports active and passive dissection of many protocols (even ciphered ones) and includes many feature for network and host analysis. To run it, type:
ettercap