Snort is an open source network intrusion detection system, capable of performing real-time traffic analysis and packet logging on IP networks. It can perform protocol analysis, content searching/matching and can be used to detect a variety of attacks and probes, such as buffer overflows, stealth port scans, CGI attacks, SMB probes, OS fingerprinting attempts, and much more. Includes real time alerting, incorporating alerting mechanisms for syslog, a user specified file, a UNIX socket, or WinPopup messages via smbclient.
a9d3059d1855779a06ffff9856c3179ae8d49e99a95d8a6c3cb5d6cbe3fa9246
2c2 implements a deniable (and thus subpoena-proof) encryption by creating a file that can be decrypted into several variants, depending on the key, and for which the presence of any of the variants cannot be detected without knowing the key. Please don't use it for an evil conspiracy to take over the world, mmmkay? Also check out James's 4c, a successor to this tool.
8ab2ccdd6ad01164a0ac0b9ec08123e7500a906c94df03689121a249a3d691d5
p0f performs passive OS detection by watching SYN packets with tcpdump. Additionally, it is able to determine distance to remote host, and can be used to determine the structure of a foreign or local network. When running on the gateway of a network it is able to gather huge amounts of data and provide useful statistics. On a user-end computer it could be used to track which operating systems are making each connection. p0f supports full tcpdump-style filtering expressions, and has an easily modified fingerprinting database. Tested on Linux, FreeBSD, OpenBSD, NetBSD, SunOS, and Solaris.
e2d58c71a5e014e8391789f48f787c493b1c81901001c55d5ce888aba5b84a41
Snowdrop adds invisible watermarks to text or source code documents. Similar to steganography, watermarking adds invisible information to the document which allows you to track which copy of the document leaked, for example. Separate logical channels are used to carry a highly redundant watermark to ensure it is extremely difficult to remove this information by accident, simple reformatting, etc. Tested on Linux and FreeBSD.
0956fa7b69fc405cc4c00ff224e5435d4165a1298ffd1ba107c7cb07d1891573
Valgrind is a GPL'd tool to help you find memory-management problems in your programs. When a program is run under Valgrind's supervision, all reads and writes of memory are checked, and calls to malloc/new/free/delete are intercepted. You can use it to debug most dynamically linked ELF x86 executable, without modification, recompilation, or anything. If you want, Valgrind can start GDB and attach it to your program at the point(s) where errors are detected, so that you can poke around and figure out what was going on at the time.
36f95c24257c440eadcff12f88b18d8572aa7e47c014494d8804f3d194719cd9
The Autopsy Forensics Browser is a graphical interface to The Sleuth Kit (TASK). Autopsy allows one to view allocated and deleted file system content in a "File Manager" style interface, create timelines of file activity, sort files by type, and perform key word searches.
61d752dcec0c92b9a7bb0dcc844a24e8b30913646d2f64d78e2fbb5deb440033
The Sleuth Kit is a collection of open source file system forensics tools that allow one to view allocated and deleted data from NTFS, FAT, FFS, and EXT2FS images. The Autopsy Forensic Browser provides a graphical interface to The Sleuth Kit.
2ef8cd41584b70c595c997932c5f219bf03632be6bf787f6333e75349026b29c
Fragmented ICMP packet generator.
ff8302c76379341492e7d4b5c00d34c04aaceee1802459aaf36d4bd83c34b98f
This linux kernel module acts like an icmp proxy for echo/echo-reply packets at kernel level, preventing icmp tunnels through firewalls or directly to the server it is installed on.
9fad32f633cbf5845c1c9aa19434551345fd747ac16e91b836ef8dfa81ef6435
Tunnelshell is a client/server program written in C for Linux users that tunnels a shell using various methods which can bypass firewalls, such as fragmented packets, tcp ACK packets, UDP, ICMP, and raw IP packets (ipsec).
11113a593b4f526f8fca20dd243ea7d92507104f9d79654f598013a116da4886
TCPStatFlow is a tool for network administrators which detects covert network tunnels running on ports which are accepted by most outbound firewalls by sniffing the network and measuring the symmetry of the data sent. HTTP / HTTPS / FTP / SMTP / POP3 protocols send much more data one direction than the other, and if a ssh server is set up on these ports, this tool will detect it by noticing that the amounts of data sent don't look like the protocol which is supposed to run on that port.
edb152cf1f06f1962ff42720fbff6cfbd9daa4d1d85ea1d53115ce88c1b4b64d
The Distributed Checksum Clearinghouse, or DCC, is a cooperative and distributed system intended to detect bulk mail coming into a system and will reject it.
2f476de13060b278cb221d669067e66c09195b7dcecfec7dcc04ef5cfee1d3d0
CryptoFS is an encrypted filesystem utility for Linux that makes use of a normal directory to store files encrypted.
ae2f691a9721e9208cc390c6d006895155fc2518ad2da913cf5ed1c0c1674fdd
Network tool used to grab IP traffic and keep track of data counts. Makes use of libpcap with a network interface card in promiscuous mode.
ab75c578a74824c7ab52a814a16237cb83af9f0389b8ed8e2ef897b019c54aab
WifiScanner is an analyzer and detector of 802.11b stations and access points which can listen alternatively on all the 14 channels, write packet information in real time, search access points and associated client stations, and can generate a graphic of the architecture using GraphViz. All network traffic may be saved in the libpcap format for post analysis. It works under Linux with a PrismII card and with the linux-wlan driver.
2922011841b10545e3600b736c01294e263378a69b8cb0786618609b7add895a
afick is another file integrity checker, designed to be fast and fully portable between Unix and Windows platforms. It works by first creating a database that represents a snapshot of the most essential parts of your computer system. Then a user can run the script to discover all modifications made since the snapshot was taken (i.e. files added, changed, or removed). The configuration syntax is very close to that of aide or tripwire, and a graphical interface is provided.
a9418042c3490f68bb352a42942e86fffb10c67a8e8be9dc065aa60b8d9a1ebc
Rkdet is a small daemon intended to catch someone installing a rootkit or running a packet sniffer.
70566370454539579616899488fd4883ab43de0eba344590afd540a01ddd50b6
Application Mapper is a next-generation scanning tool that allows you to identify the applications that are running on a specific port. It does this by connecting to the port(s) and sending trigger packets. These trigger packets will typically be an application protocol handshake (i.e. SSL). Amap then looks up the response in a list and prints out any match it finds. Adding new response identifications can be done just by adding them to an easy-to-read text file. With amap, you will be able to identify that SSL server running on port 3445 and some oracle listener on port 233!
4923561c01a4c32b8a2d4f42772f5d3002c1c22b849d7cbf665111013dba4682
THC-Secure Deletion v3.1 for UNIX is the latest release of van Hauser's suite of secure deletion and overwriting utilities. Included are 'srm' - secure deletion of files
84723b3bc93dbba5d4c86c232ca6c84566ef1cbf281823588a7b902a539b70ac