Transcript Cosc 4765 - uwyo.edu

Cosc 4765
Security Tools
A note
• This is not intended to be complete list
• Cover the more popular
• The tools will be covered by Topic/area of use
Password Crackers
• Ophcrack
– Of course a password cracker can be used for
nefarious purposes, but there are plenty of times
they come in handy for perfectly legitimate
reasons, namely, forgetting your password. If you
don't use a password manager and can't
remember an important password, try this tool. It
claims to recover 99 percent of passwords within
seconds. Operating System: Windows, Linux, OS X.
Password Crackers (2)
• Cain and Abel
– This Windows-only password recovery tool handles an
enormous variety of tasks.
– Also a packet Sniffer!
• It can recover passwords by sniffing the network, cracking
encrypted passwords using Dictionary, Brute-Force and
Cryptanalysis attacks, recording VoIP conversations,
decoding scrambled passwords, revealing password boxes,
uncovering cached passwords and analyzing routing
protocols.
– It is also well documented.
• Also on the download page are some other “interesting”
tools.
Wireless key crackers
• Aircrack
– The fastest available WEP/WPA cracking tool
Aircrack is a suite of tools for 802.11a/b/g WEP and WPA
cracking.
– It can recover a 40 through 512-bit WEP key once enough
encrypted packets have been gathered. It can also attack
WPA 1 or 2 networks using advanced cryptographic
methods or by brute force.
– The suite includes airodump (an 802.11 packet capture
program), aireplay (an 802.11 packet injection program),
aircrack (static WEP and WPA-PSK cracking), and airdecap
(decrypts WEP/WPA capture files).
– Has a windows installer, live CD and Vmware image.
Network Monitoring
• Wireshark
– Wireshark (formerly known as Ethereal) captures and interactively
analyzes network traffic. As the world' most popular network protocol
analyzer, it has a huge community, and the Web site includes a
staggering amount of documentation and support. Operating System:
Windows, Linux, OS X.
• tcpdump
– Although it doesn't have as many bells and whistles as some newer
programs, tcpdump effectively monitors networks and helps
administrators track down problems. Operating System: Linux.
• WinDump
– As you might guess from the name, WinDump offers a Windows
version of tcpdump. The site also includes downloads for the WinPCap
packet capture and filtering engine. Operating System: Windows.
Network Monitoring (2)
• Angry IP Scanner
– Also known as "ipscan," Angry IP Scanner scans IP addresses and ports
very quickly. It can generate reports that include NetBIOS information
(computer name, workgroup name, and currently logged in Windows
user), favorite IP address ranges, web server detection, and more.
Operating System: Windows, Linux, OS X.
• Knocker
– This simple TCP security port scanner works on multiple platforms and
is easy to use. Operating System: Windows, Linux, Unix.
• No updates since 2003.
• NSAT
– Short for "Network Security Analysis Tool," NSAT performs bulk scans
for 50 different services and hundreds of vulnerabilities. It provides
professional-grade penetration testing and comprehensive auditing.
Operating System: Linux, Unix, FreeBSD, OS X.
• Getting to be badly out of date.
Network Monitoring (3)
• SniffDet
– This tool implements a number of different open-source
tests to see if any of the machines in your network are
running in promiscuous mode or with a sniffer. Note that
some of the documentation for this app is in Portuguese.
Operating System: Linux.
• SEC
– Although we put this app in the Network Monitoring
category, the Simple Event Coordinator (SEC) actually
works with many different applications. To use it, you set
up a set of rules that specify what actions you want to
occur whenever a particular event occurs. Operating
System: OS Independent.
Network Monitoring (4)
• Ettercap
– In case you still thought switched LANs provide much extra security. It
is a terminal-based network sniffer/interceptor/logger for ethernet
LANs. It supports active and passive dissection of many protocols
(even ciphered ones, like ssh and https). Data injection in an
established connection and filtering on the fly is also possible, keeping
the connection synchronized. Many sniffing modes were implemented
to give you a powerful and complete sniffing suite. Plugins are
supported. It has the ability to check whether you are in a switched
LAN or not, and to use OS fingerprints (active or passive) to let you
know the geometry of the LAN.
• Ntop
– A network traffic usage monitor. Ntop shows network usage in a way
similar to what top does for processes. In interactive mode, it displays
the network status on the user's terminal. In Web mode, it acts as a
Web server, creating an HTML dump of the network status. Operating
System: linux, windows, mac
Wireless Network Monitoring
• NetStumbler
– Windows 802.11 Sniffer. It is the best known Windows tool for finding
open wireless access points ("wardriving").
• They also distribute a WinCE version for PDAs and such named Ministumbler.
The tool is currently free but Windows-only and no source code is provided. It
uses a more active approach to finding WAPs than passive sniffers such as
Kismet or KisMAC.
• Kismet
– Kismet is an console (ncurses) based 802.11 layer2 wireless network
detector, sniffer, and intrusion detection system. It identifies networks
by passively sniffing (as opposed to NetStumbler), and can even
decloak hidden (non-beaconing) networks if they are in use.
– It can automatically detect network IP blocks by sniffing TCP, UDP, ARP,
and DHCP packets, log traffic in Wireshark/TCPDump compatible
format, and even plot detected networks and estimated ranges on
downloaded maps
Intrusion Detection
• Snort
– Boasting of millions of downloads and more than 200,000 registered
users, Snort claims to be the mostly widely deployed intrustion
detection and prevention system in the world and "the de facto
standard for IPS." Developed by Sourcefire, it combines the benefits of
signature, protocol and anomaly-based inspection in a single
download. Operating System: Linux, Unix, OS X.
• AFICK
– Very similar to Tripwire, AFICK (which stands for "Another File Integrity
Checker") monitors changes to your file systems in order to alert you
to possible intrusion. It's fast and easy to install. Operating System:
Windows, Linux.
• OISF
– an open source IDP (Intrusion Detection and Preventation). From the
some of the authors of Snort, that left after Snort was purchased.
Operating system: linux
Systems Monitoring
• Nagios
– Nagios is a powerful monitoring system that
enables organizations to identify and resolve IT
infrastructure problems before they affect critical
business processes. And Free
– Takes time to configure, but one up and running it
can monitor computers, networks, etc
– And alert you to problems in many area
– Can insert notifications from IDS, logs and other
applications.
Log File Analyzers
•
BASE
– The "Basic Analysis and Security Engine," or BASE, use a Web-based interface to analyze alerts
from Snort IDS. Features include role-based user authentication and Web-based setup.
Operating System: OS Independent.
•
IPtables Log Analyzer
– This app makes it easier to understand the log files from your Shorewall, or SUSE Firewall, or
Netfilter-based firewall logs. It organizes rejected, acepted, masqueraded packets, etc. into an
attractive HTML page. Operating System: Linux.
•
Snare
– The various Snare agents are used by hundreds of thousands of users, including many large
enterprises, to collect and analyze security, application, system, DNS, file replication service,
and active directory logs. The site includes a variety of open-source downloads for different
operating systems and purposes, as well as the commercially available Snare Server. Operating
System: Windows, Linux, OS X, others.
•
Splunk
– Splunk can analyze data from any application, server, or device, making it possible to
troubleshoot problems or investigate security incidents in a fraction of the time it would take
otherwise. The enterprise features are free for 60 days, and after that you have to either
convert to the free version or pay to keep using the full feature set. Operating System:
Windows, Linux, OS X, others.
– Plugins for Nagios as well.
Forensics
•
ODESSA
– The Open Digital Evidence Search and Seizure Architecture, a.k.a. ODESSA, includes several
different tools for collecting and analyzing digital evidence. In addition, it provides the ability
to create easy-to-understand reports detailing the results of the analysis. For those who want
to learn more about digital forensics, the Web site also offers a number of white papers and
articles on related topics. Operating System: Windows, Linux, OS X.
•
Live View
– This Java-based tool creates a VMWare virtual image of the machine you are analyzing so that
you can interact with it without changing the underlying image or disk. Developed by CERT
and the Software Engineering Institute at Carnegie Mellon, it's an excellent tool for forensic
examiners. Operating System: Windows.
•
The Sleuth Kit
– This site offers two sets of forensic tools meant to aid in digital investigations: The Sleuth Kit is
a command line tool for use with Linux, Unix, OS X, Solaris, and BSD systems. The Autopsy
Forensic Browser uses the same tools, but makes them more user-friendly by providing an
html-based graphic interface that also works with Windows. Operating System: Windows,
Linux, OS X.
Data Removal
•
BleachBit
– In addition to "shredding" deleted files so that they cannot be recovered, BleachBit cleans up
your cache, cookies, Internet history, logs, temp files, etc. for faster performance and greater
privacy. Operating System: Windows, Linux.
•
Eraser
– Just because you delete a file doesn't mean it's gone. Eraser makes sure no one can recover
your old files by writing over them with random data. Operating System: Windows
•
Wipe
– Wipe does the same thing as Eraser, but it works on Linux. Operating System: Linux.
•
Darik's Boot and Nuke
– Before you give away or donate an old computer, make sure you completely erase the hard
drive. How? Just run Darik's Boot and Nuke (DBAN) from a boot disk. Operating System: OS
Independent.
•
Disk Cleaner
– This small utility cleans all the “junk” out of your temporary files, cache etc. It deserves
inclusion in our security tools because it's also handy for protecting your privacy when using
public machines. Operating System: Windows
SysAdmin Tools
• Inside Security Rescue Toolkit
– Also known as INSERT, the Inside Security Rescue Toolkit packs dozens of
helpful security and system administration apps into a single download. In
addition to a complete, bootable Linux system (based on Debian), you'll get
apps for anti-virus protection, network analysis, forensics, and more.
Operating System: Linux.
• German only. Use google to translate.
• Network Security Toolkit (NST)
– Like INSERT, NST includes a whole lot of tools and a complete Linux
distribution that fit on a CD-ROM. In this case, you get nearly 100 tools and
the Linux copy is based on Fedora. Operating System: OS Independent.
• Startup Manager and HiJackThis
– Tired of waiting forever while Windows starts up? This app gives you control
over which applications and services launch when you start up your system, so
that you get better performance and greater security. Operating System:
Windows.
General Tools (2)
• Netcat
– The network Swiss army knife
– This simple utility reads and writes data across TCP or UDP network
connections. It is designed to be a reliable back-end tool that can be used
directly or easily driven by other programs and scripts. At the same time, it is a
feature-rich network debugging and exploration tool, since it can create
almost any kind of connection you would need, including port binding to
accept incoming connections.
– It can sometimes even be hard to find nc110.tgz.
– The flexibility and usefulness of this tool have prompted people to write
numerous other Netcat implementations
– Socat, which extends Netcat to support many other socket types, SSL
encryption, SOCKS proxies, and more.
– There is also Chris Gibson's Ncat, which offers even more features while
remaining portable and compact.
– Other takes on Netcat include OpenBSD's nc, Cryptcat, Netcat6, PNetcat, SBD,
and so-called GNU Netcat.
General Tools
• nmap
– Nmap ("Network Mapper") is a free and open
source utility for network exploration or security
auditing. Many systems and network
administrators also find it useful for tasks such as
network inventory, managing service upgrade
schedules, and monitoring host or service uptime
Vulnerability Scanners
• Nessus
– Premier UNIX vulnerability assessment tool
– Nessus was a popular free and open source
vulnerability scanner until they closed the source
code in 2005 and removed the free "registered
feed" version in 2008. A limited “Home Feed” is
still available, though it is only licensed for home
network use.
Vulnerability Scanners (2)
• Metasploit Framework
– It is an advanced open-source platform for
developing, testing, and using exploit code. The
extensible model through which payloads, encoders,
no-op generators, and exploits can be integrated has
made it possible to use the Metasploit Framework as
an outlet for cutting-edge exploitation research. It
ships with hundreds of exploits. This makes writing
your own exploits easier, and it certainly beats
scouring the darkest corners of the Internet for illicit
shellcode of dubious quality
Web Vulnerability scanners
• Nikto
– A more comprehensive web scanner. Nikto is an open source (GPL) web
server scanner which performs comprehensive tests against web servers for
multiple items.
• WebInspect
– SPI Dynamics' WebInspect application security assessment tool helps identify
known and unknown vulnerabilities within the Web application layer.
WebInspect can also help check that a Web server is configured properly, and
attempts common web attacks such as parameter injection, cross-site
scripting, directory traversal, and more. Commercial license only.
• Burp Suite
– an integrated platform for performing security testing of web applications. Its
various tools work seamlessly together to support the entire testing process,
from initial mapping and analysis of an application's attack surface, through to
finding and exploiting security vulnerabilities.
• As a note, most vulnerability scanners check http, but these are specially
for web applications.
Want more?
• Top 125 tools. Updated annually.
• http://sectools.org/
– But note, not all are tools.
• Perl is #23 on the list. 
Q&A
References
• http://itmanagement.earthweb.com/osrc/arti
cle.php/12068_3872596_1/75-Top-OpenSource-Security-Apps.htm
• http://sectools.org/