what you don't know can hurt you
Home Files News &[SERVICES_TAB]About Contact Add New
Showing 1 - 19 of 19 RSS Feed

Files Date: 2003-11-21

snort-2.0.5.tar.gz
Posted Nov 21, 2003
Authored by Martin Roesch | Site snort.org

Snort is an open source network intrusion detection system, capable of performing real-time traffic analysis and packet logging on IP networks. It can perform protocol analysis, content searching/matching and can be used to detect a variety of attacks and probes, such as buffer overflows, stealth port scans, CGI attacks, SMB probes, OS fingerprinting attempts, and much more. Includes real time alerting, incorporating alerting mechanisms for syslog, a user specified file, a UNIX socket, or WinPopup messages via smbclient.

Changes: Stream4 fixes from Andrew Rucker Jones. Allow memcap to be configured for threshold features.
tags | tool, overflow, cgi, sniffer, protocol
systems | unix
SHA-256 | a9d3059d1855779a06ffff9856c3179ae8d49e99a95d8a6c3cb5d6cbe3fa9246
2c2.tgz
Posted Nov 21, 2003
Authored by Michal Zalewski | Site lcamtuf.coredump.cx

2c2 implements a deniable (and thus subpoena-proof) encryption by creating a file that can be decrypted into several variants, depending on the key, and for which the presence of any of the variants cannot be detected without knowing the key. Please don't use it for an evil conspiracy to take over the world, mmmkay? Also check out James's 4c, a successor to this tool.

tags | encryption
SHA-256 | 8ab2ccdd6ad01164a0ac0b9ec08123e7500a906c94df03689121a249a3d691d5
p0f-2.0.3.tgz
Posted Nov 21, 2003
Authored by Michal Zalewski | Site lcamtuf.coredump.cx

p0f performs passive OS detection by watching SYN packets with tcpdump. Additionally, it is able to determine distance to remote host, and can be used to determine the structure of a foreign or local network. When running on the gateway of a network it is able to gather huge amounts of data and provide useful statistics. On a user-end computer it could be used to track which operating systems are making each connection. p0f supports full tcpdump-style filtering expressions, and has an easily modified fingerprinting database. Tested on Linux, FreeBSD, OpenBSD, NetBSD, SunOS, and Solaris.

Changes: Masquerade detection code now checks for time going backwards in timestamps, added uptime in query data and p0fq.c, added -F fuzzy TTL matching option, added more signatures, and fixed some bugs.
tags | tool, remote, local, scanner
systems | linux, netbsd, unix, solaris, freebsd, openbsd
SHA-256 | e2d58c71a5e014e8391789f48f787c493b1c81901001c55d5ce888aba5b84a41
snowdrop-0.02b.tgz
Posted Nov 21, 2003
Authored by Michal Zalewski | Site lcamtuf.coredump.cx

Snowdrop adds invisible watermarks to text or source code documents. Similar to steganography, watermarking adds invisible information to the document which allows you to track which copy of the document leaked, for example. Separate logical channels are used to carry a highly redundant watermark to ensure it is extremely difficult to remove this information by accident, simple reformatting, etc. Tested on Linux and FreeBSD.

tags | encryption, steganography
systems | linux, freebsd
SHA-256 | 0956fa7b69fc405cc4c00ff224e5435d4165a1298ffd1ba107c7cb07d1891573
valgrind-2.0.0.tar.bz2
Posted Nov 21, 2003
Authored by Nick Nethercote | Site valgrind.kde.org

Valgrind is a GPL'd tool to help you find memory-management problems in your programs. When a program is run under Valgrind's supervision, all reads and writes of memory are checked, and calls to malloc/new/free/delete are intercepted. You can use it to debug most dynamically linked ELF x86 executable, without modification, recompilation, or anything. If you want, Valgrind can start GDB and attach it to your program at the point(s) where errors are detected, so that you can poke around and figure out what was going on at the time.

tags | x86
systems | linux
SHA-256 | 36f95c24257c440eadcff12f88b18d8572aa7e47c014494d8804f3d194719cd9
autopsy-1.75.tar.gz
Posted Nov 21, 2003
Authored by Brian Carrier | Site sleuthkit.org

The Autopsy Forensics Browser is a graphical interface to The Sleuth Kit (TASK). Autopsy allows one to view allocated and deleted file system content in a "File Manager" style interface, create timelines of file activity, sort files by type, and perform key word searches.

Changes: Fixed some bugs and improved error messages.
tags | tool, forensics
SHA-256 | 61d752dcec0c92b9a7bb0dcc844a24e8b30913646d2f64d78e2fbb5deb440033
sleuthkit-1.66.tar.gz
Posted Nov 21, 2003
Authored by Brian Carrier | Site sleuthkit.org

The Sleuth Kit is a collection of open source file system forensics tools that allow one to view allocated and deleted data from NTFS, FAT, FFS, and EXT2FS images. The Autopsy Forensic Browser provides a graphical interface to The Sleuth Kit.

Changes: Added support for Solaris x86 partition tables to 'mmls', Fixed compilation problems in OpenBSD 3 and several other bugs and minor feature additions.
tags | tool, forensics
SHA-256 | 2ef8cd41584b70c595c997932c5f219bf03632be6bf787f6333e75349026b29c
frag.c
Posted Nov 21, 2003
Authored by fryxar | Site geocities.com

Fragmented ICMP packet generator.

systems | unix
SHA-256 | ff8302c76379341492e7d4b5c00d34c04aaceee1802459aaf36d4bd83c34b98f
mod_icmp.c
Posted Nov 21, 2003
Authored by fryxar | Site geocities.com

This linux kernel module acts like an icmp proxy for echo/echo-reply packets at kernel level, preventing icmp tunnels through firewalls or directly to the server it is installed on.

tags | kernel
systems | linux
SHA-256 | 9fad32f633cbf5845c1c9aa19434551345fd747ac16e91b836ef8dfa81ef6435
tunnelshell_2.3.tgz
Posted Nov 21, 2003
Authored by fryxar | Site geocities.com

Tunnelshell is a client/server program written in C for Linux users that tunnels a shell using various methods which can bypass firewalls, such as fragmented packets, tcp ACK packets, UDP, ICMP, and raw IP packets (ipsec).

tags | tool, shell, udp, tcp, rootkit
systems | linux, unix
SHA-256 | 11113a593b4f526f8fca20dd243ea7d92507104f9d79654f598013a116da4886
tcpstatflow_v1.1.tgz
Posted Nov 21, 2003
Authored by fryxar | Site geocities.com

TCPStatFlow is a tool for network administrators which detects covert network tunnels running on ports which are accepted by most outbound firewalls by sniffing the network and measuring the symmetry of the data sent. HTTP / HTTPS / FTP / SMTP / POP3 protocols send much more data one direction than the other, and if a ssh server is set up on these ports, this tool will detect it by noticing that the amounts of data sent don't look like the protocol which is supposed to run on that port.

tags | tool, web, protocol, intrusion detection
systems | unix
SHA-256 | edb152cf1f06f1962ff42720fbff6cfbd9daa4d1d85ea1d53115ce88c1b4b64d
dcc-dccd.tar.Z
Posted Nov 21, 2003
Authored by Vernon Schryver | Site rhyolite.com

The Distributed Checksum Clearinghouse, or DCC, is a cooperative and distributed system intended to detect bulk mail coming into a system and will reject it.

Changes: Fixed broken whitelist database entries in prior versions, various bug fixes.
systems | unix
SHA-256 | 2f476de13060b278cb221d669067e66c09195b7dcecfec7dcc04ef5cfee1d3d0
cryptofs-0.2.1.tar.gz
Posted Nov 21, 2003
Authored by Christoph Hohmann

CryptoFS is an encrypted filesystem utility for Linux that makes use of a normal directory to store files encrypted.

tags | encryption
systems | linux
SHA-256 | ae2f691a9721e9208cc390c6d006895155fc2518ad2da913cf5ed1c0c1674fdd
pmacct-0.5.3.tar.gz
Posted Nov 21, 2003
Authored by Paolo Lucente | Site ba.cnr.it

Network tool used to grab IP traffic and keep track of data counts. Makes use of libpcap with a network interface card in promiscuous mode.

systems | unix
SHA-256 | ab75c578a74824c7ab52a814a16237cb83af9f0389b8ed8e2ef897b019c54aab
WifiScanner-0.9.3.tar.gz
Posted Nov 21, 2003
Site wifiscanner.sourceforge.net

WifiScanner is an analyzer and detector of 802.11b stations and access points which can listen alternatively on all the 14 channels, write packet information in real time, search access points and associated client stations, and can generate a graphic of the architecture using GraphViz. All network traffic may be saved in the libpcap format for post analysis. It works under Linux with a PrismII card and with the linux-wlan driver.

Changes: Various code clean ups and fixes.
tags | tool, wireless
systems | linux
SHA-256 | 2922011841b10545e3600b736c01294e263378a69b8cb0786618609b7add895a
afick-1.4-0.tgz
Posted Nov 21, 2003
Authored by Eric Gerbier | Site afick.sourceforge.net

afick is another file integrity checker, designed to be fast and fully portable between Unix and Windows platforms. It works by first creating a database that represents a snapshot of the most essential parts of your computer system. Then a user can run the script to discover all modifications made since the snapshot was taken (i.e. files added, changed, or removed). The configuration syntax is very close to that of aide or tripwire, and a graphical interface is provided.

Changes: Added an auto-control to check afick changes, various code tuning and bug fixes.
tags | tool, integrity
systems | windows, unix
SHA-256 | a9418042c3490f68bb352a42942e86fffb10c67a8e8be9dc065aa60b8d9a1ebc
rkdet-0.54.tar.gz
Posted Nov 21, 2003
Authored by Andrew Daviel | Site vancouver-webpages.com

Rkdet is a small daemon intended to catch someone installing a rootkit or running a packet sniffer.

Changes: Various bug fixes.
tags | tool, intrusion detection
systems | unix
SHA-256 | 70566370454539579616899488fd4883ab43de0eba344590afd540a01ddd50b6
amap-4.5.tar.gz
Posted Nov 21, 2003
Authored by van Hauser, thc, DJ Revmoon | Site thc.org

Application Mapper is a next-generation scanning tool that allows you to identify the applications that are running on a specific port. It does this by connecting to the port(s) and sending trigger packets. These trigger packets will typically be an application protocol handshake (i.e. SSL). Amap then looks up the response in a list and prints out any match it finds. Adding new response identifications can be done just by adding them to an easy-to-read text file. With amap, you will be able to identify that SSL server running on port 3445 and some oracle listener on port 233!

Changes: Added portability fixes for OpenBSD and Cygwin.
tags | tool, protocol
SHA-256 | 4923561c01a4c32b8a2d4f42772f5d3002c1c22b849d7cbf665111013dba4682
THC Secure Deletion v3.1
Posted Nov 21, 2003
Authored by van Hauser, thc | Site thc.org

THC-Secure Deletion v3.1 for UNIX is the latest release of van Hauser's suite of secure deletion and overwriting utilities. Included are 'srm' - secure deletion of files

Changes: Linux LKM for secure file deletion included. Bug fixes.
systems | unix
SHA-256 | 84723b3bc93dbba5d4c86c232ca6c84566ef1cbf281823588a7b902a539b70ac
Page 1 of 1
Back1Next

File Archive:

November 2024

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Nov 1st
    30 Files
  • 2
    Nov 2nd
    0 Files
  • 3
    Nov 3rd
    0 Files
  • 4
    Nov 4th
    12 Files
  • 5
    Nov 5th
    44 Files
  • 6
    Nov 6th
    18 Files
  • 7
    Nov 7th
    9 Files
  • 8
    Nov 8th
    8 Files
  • 9
    Nov 9th
    3 Files
  • 10
    Nov 10th
    0 Files
  • 11
    Nov 11th
    0 Files
  • 12
    Nov 12th
    0 Files
  • 13
    Nov 13th
    0 Files
  • 14
    Nov 14th
    0 Files
  • 15
    Nov 15th
    0 Files
  • 16
    Nov 16th
    0 Files
  • 17
    Nov 17th
    0 Files
  • 18
    Nov 18th
    0 Files
  • 19
    Nov 19th
    0 Files
  • 20
    Nov 20th
    0 Files
  • 21
    Nov 21st
    0 Files
  • 22
    Nov 22nd
    0 Files
  • 23
    Nov 23rd
    0 Files
  • 24
    Nov 24th
    0 Files
  • 25
    Nov 25th
    0 Files
  • 26
    Nov 26th
    0 Files
  • 27
    Nov 27th
    0 Files
  • 28
    Nov 28th
    0 Files
  • 29
    Nov 29th
    0 Files
  • 30
    Nov 30th
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2024 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close