Collection of resources, links and stuff to keep your backbone tidy
DISCLAIMER: There is no security thru obscurity. The purpose of this workshop is solely educational, everyone is responsible for choosing the hat to dress ;)
Anonymous networking
Tools to improve your privacy when sharing informations
MUTE File Sharing (C/C++) is a peer-to-peer network that provides easy search-and-download functionality while also protecting your privacy
ENTROPY (C/C++) stands for Emerging Network To Reduce Orwellian Potency Yield and as such describes the main goal of the project.
Tor (C/C++) is a toolset for a wide range of organizations and people that want to improve their safety and security on the Internet. Using Tor can help you anonymize web browsing and publishing, instant messaging, IRC, SSH, and other applications that use the TCP protocol
Freenet (Java) is free software which lets you publish and obtain information on the Internet without fear of censorship. To achieve this freedom, the network is entirely decentralized and publishers and consumers of information are anonymous. Without anonymity there can never be true freedom of speech, and without decentralization the network will be vulnerable to attack
Kommute (C/C++) is a KDE file sharing client using the anonymous file sharing network MUTE.
I2P (Java) is an anonymizing network, offering a simple layer that identity-sensitive applications can use to securely communicate. All data is wrapped with several layers of encryption, and the network is both distributed and dynamic, with no trusted parties
ANts P2P (Java) realizes a third generation P2P net: it protects your privacy while you are connected and makes you not trackable, hiding your identity (ip) and crypting everything you are sending/receiving from others.
Data encryption
Tools that make your storage devices a safe place where to store your data
Tomb An humble and gentle undertaker for your secrets
Gringotts Easy to use application to encrypt your files (homepage disappeared, sources are still provided by various distributions, our link points to an up-to-date patch for it)
CryptoFS is a encrypted filesystem for Filesystem in Userspace (FUSE) and the Linux Userland FileSystem (LUFS) using a normal directory to store files encrypted
CryptoLoop makes it possible to create encrypted file systems within a partition or another file in the file system
Loop-AES provides loadable Linux kernel module that has AES cipher built-in. The AES cipher can be used to encrypt local file systems and disk partitions.
EncFS provides an encrypted filesystem in user-space. It runs without any special permissions and uses the FUSE library and Linux kernel module to provide the filesystem interface. The way Encfs works is different from the “loopback” encrypted filesystem support built into the Linux kernel because it works on files at a time, not an entire block device.
CryptMount is a utility for GNU/Linux operating systems which allows an ordinary user to mount an encrypted filing system without requiring superuser priveleges. It is aimed at recent Linux systems using the 2.6 kernel series.
Network analizers
Software to intercept and analize data flowing across networks
Ettercap is a suite for man in the middle attacks on LAN. It features sniffing of live connections, content filtering on the fly and many other interesting tricks. It supports active and passive dissection of many protocols (even ciphered ones) and includes many feature for network and host analysis.
Ethereal is used for troubleshooting, analysis, software and protocol development, and education.
dsniff is a collection of tools for network auditing and penetration testing.
Nmap is a free open source utility for network exploration or security auditing. It was designed to rapidly scan large networks, although it works fine against single hosts.
TCPdump The classic sniffer for network monitoring and data acquisition: it can be used to print out the headers of packets on a network interface that matches a given expression.
Hping is a network probing utility which assembles and sends custom ICMP/UDP/TCP packets and displays any replies. It was inspired by the ping command, but offers far more control over the probes sent. It also has a handy traceroute mode and supports IP fragmentation. This tool is particularly useful when trying to traceroute/ping/probe hosts behind a firewall that blocks attempts using the standard utilities.
Nikto is an Open Source (GPL) web server scanner which performs comprehensive tests against web servers for multiple items, including over 3200 potentially dangerous files/CGIs
Kismet is an 802.11b network sniffer and network dissector. It is capable of sniffing using most wireless cards, automatic network IP block detection via UDP, ARP, and DHCP packets, Cisco equipment lists via Cisco Discovery Protocol, weak cryptographic packet logging, and Ethereal and tcpdump compatible packet dump files.
AirSnort is a wireless LAN (WLAN) tool that recovers encryption keys.
NBTScan is a program for scanning IP networks for NetBIOS name information. It sends NetBIOS status query to each address in supplied range and lists received information in human readable form. For each responded host it lists IP address, NetBIOS computer name, logged-in user name and MAC address.
Stealth networking
Software to hide interactions across networks: icmp encapsulation, port knocking etc.
PortKnocking extensive documentation and list of implementations
CoarseKnocking is a simple implementation of Port Knocking techniques. It sniffs network packets (under firewall blocked) with determined keys and executes commands to open and close ports. In the client mode it injects packets with key to server.
Daemon shields
Programs that analize traffic and logfile raising system defenses when needed
sshutout s a Linux daemon, written in C, that periodically monitors log files looking for multiple failed login attempts via the Secure Shell daemon (sshd, or optionally, sshd2). The daemon is meant to mitigate what are commonly known as "dictionary attacks"
mod_evasive is an evasive maneuvers module for Apache to provide evasive action in the event of an HTTP DoS or DDoS attack or brute force attack
unsorted items, please help adding comment and link
Footprinting
- Smart Whois
- eMailTracking Pro
MailTracking.com
Scanning
- Cheops
- Enum
- Hping2
- HTTPort
- HTTrack Web Copier
- icmpenum
- IP Network Browser
- IPEye
- IPSECSCAN
- NAT
- netcraft.com
- Netscan Tools Pro 2000
- nmap
PhoneSweep War Dialer
- Pinger
- Queso
- SID2User
- THC-Scan
- User2SID
- WS_Ping_Pro
Enumeration
- SNMPUtil
SolarWinds Toolset
System Hacking
- Legion
- NTInfoScan
- hk
- SMBRelay
- SMBRelay2
- SMBGrinder
- SMBDie
- NBTDeputy
- nbname
- John the Ripper
- Spector
- eBlaster
- IKS
- Rootkit
- Tripwire
- Elslave
- Winzapper
- Evidence Eliminator
- makestrm
Steganography
- MP3Stego
- Snow
- Camera/Shy
- dskprobe
- EFSView
Buffer Overflows
- Outoutlook
Trojans and Backdoors
- QAZ
- Tini
- Netcat
- Donald Dick
BackOrifice 2000
- Graffiti
- Silk Rope 2000
- Whack a Mole
FireKiller 2000
- Loki
Sniffers
- Etheral
- Snort
- DSniff
- Macof
- mailsnarf
- URLsnarf
- Webspy
- Ettercap
- SMAC
- WinDNSSpoof
- IRIS
- WinTCPKill
Module 8: Denial of Service
- Ping of Death
- SSPing
- Land
- Smurf
- SYN Flood
- CPU Hog
- Win Nuke
- RPC Locator
- Jolt2
- Bubonic
- Targa
- Trinoo
- TFN
- TFN2K
- Stacheldraht
- Shaft
- mstream
Preventing DoS Attack
- mod_dosevasive
- Find_ddos
- SARA
- DDoSPing
- RID
- Zombie Zapper
Social Engineering
(not software tools, but IRL hacks)
- Important User
- Tech Support
- Third Party Authorization
- In Person
- Dumpster Diving
- Shoulder Surfing
- Computer Impersonation
- Mail Attachments
- Popup Windows
- Website Faking
Connection Hijacking
- Juggernaut
- TTYWatcher
- IP Watcher
- T-Sight
Hacking Web Servers
- Jill32
- IIS5-Koei
- IIS5Hack
- IISExploit
- cmdasp.asp
- IISCrack.dll
- ispc.exe
- CleanIISLog
- Whisker
- Shadow Security Scanner
Web Application Vulnerabilities
- Instant Source
- Jad
- Lynx
- Wget
- Black Widow
- IEEN
Web Based Password Cracking
- WinSSLMiM
- Brutus
- Munga Bunga
- Varient
- cURL
SQL Injection
- SQLDict
- SQLExec
- SQLbf
- SQLSmack
- SQL2.exe
- Oracle Password Buster
Hacking Wireless Networks
- WEP Cracker
- Kismet
- WIDZ- Wireless IDS
Virus and Worms
- Cherobyl
- I Love You
- Melissa
- Pretty Park
- Code Red Worm
- W32/Klez
- W32/Opaserv Worm
- Nimda
- Code Red
- SQL Slammer
- Worm Construction Kit
Novell Hacking
- Chknull
- NOVELBFH
- NWPCRACK
- Bindery
- SETPWD.NLM
- Kock
- userdump
- Burglar
- Getit
- Spooflog
- Gobbler
- Novelffs
- Pandora
IDS, Firewalls and Honeypots
- fragrouter
- TCPReplay
- NIDSbench
- ADMutate
Buffer Overflows
- Immunix