Security Tools News & Tips

Turtle Firewall is a software which allows you to realize a Linux firewall in a simply and fast way. It’s based on Kernel 2.4.x/2.6.x and Iptables. Its way of working is easy to understand: you can define the different firewall elements (zones, hosts, networks) and then set the services you want to enable among the different elements or groups of elements. You can do this simply editing a XML file or using the comfortable web interface Webmin. Turtle Firewall is an Open Source project written using the perl language and realeased under GPL version 2.0 by Andrea Frigido (Frisoft).

• More information or Read user reviews...(1)

Babel Enterprise is a systems auditing tool. Babel performs a security level check of the machine, or hardening. The check consists of a number of auditing tests that obtain a snap of the security status of each machine. The result is a security index of the system that is given after each execution. Babel Enterprise has a version of its agent for each of the latest Microsoft operating systems, Windows 2003 and Windows XP, and the main Unix system: Solaris 10, AIX 5.x, SUSE GNU/Linux 9 ES and Ubuntu Dapper, although they can be easily adapted to different versions and other UNIX OSs (such as BDS or HP-UX ).

• More information or Write a review...(0)

Sussen is a tool that checks for vulnerabilities and configuration issues on computer systems. It is based on the Open Vulnerability and Assessment Language. The Sussen project is comprised of three main components:

Interpreter - This library can analyze a system using OVAL definition files. It comes with documentation and a test suite. All the other components depend on it. This can also be used by application developers who wish to add this kind of functionality to their applications.
Applet - A GNOME-based applet for your desktop. Allows users to easily scan their systems for vulnerabilities.
Agent - A command line program for scanning a system.

The interpreter takes a set of OVAL definitions and starts to collect characteristics and configuration information about the target system. These are non-destructive probes and are not running any exploit code. After the data collection is complete it analyzes each OVAL definition and sees if the conditions were met on the target system. When the analysis is complete the results are presented to the user.

• More information or Write a review...(0)

Linux systems, as many others in the Unix family, have a well-known lack of access control. There is a small granularity of discretionary access rights, only dividing between read, write and execute rights for file owner, and file group members. The RSBAC (Rule Set Based Access Control) framework solves this access control deficiency by giving detailed access control information, and you can implement almost any access control model in it, e.g. as a runtime registered kernel module. Also, there is a powerful logging system which makes intrusion attempts easily detectable.

• More information or Write a review...(0)

The Firewall Tester (FTester) is a tool designed for testing firewalls filtering policies and Intrusion Detection System (IDS) capabilities. The tool consists of two perl scripts, a packet injector (ftest) and the listening sniffer (ftestd). The first script injects custom packets, defined in ftest.conf, with a signature in the data part while the sniffer listens for such marked packets. The scripts both write a log file which is in the same form for both scripts. A diff of the two produced files (ftest.log and ftestd.log) shows the packets that were unable to reach the sniffer due to filtering rules if these two scripts are ran on hosts placed on two different sides of a firewall. Stateful inspection firewalls are handled with the ‘connection spoofing’ option. A script called freport is also available for automatically parse the log files.

• More information or Write a review...(0)

Revhosts is a project for Passive information Gathering. It’s written in Python, it help pentesters to find informations (Host, VirtualHost, DNS entry, Directories, mail address, subnet,..), with very less false positive.

• More information or Write a review...(0)

DirBuster is a multi threaded java application designed to brute force directories and files names on web/application servers. Often is the case now of what looks like a web server in a state of default installation is actually not, and has pages and applications hidden within. DirBuster attempts to find these. What DirBuster can do for you? Attempt to find hidden pages/directories and directories with a web application, thus giving a another attack vector (For example. Finding an unlinked to administration page).

• More information or Write a review...(0)

ProxMon is an extensible Python based framework that reduces testing effort, improves consistency and reduces errors. Its use requires limited additional effort as it processes the proxy logs that you’re already generating and reports discovered issues. In addition to penetration testing, ProxMon is useful in QA, developer testing and regression testing scenarios. Key features: automatic value tracing of set cookies, sent cookies, query strings and post parameters across sites; proxy agnostic; included library of vulnerability checks; active testing mode; cross platform; open source license; easy to program extensible python framework.

• More information or Write a review...(0)

BlockSSHD is a Perl script based on BruteForceBlocker v1.2.3 that dynamically adds IPTables rules for Linux and pf firewall rules for BSD that block SSH brute force attacks. It can also detect ProFTPd login failures. BlockSSHD checks a log file you specify, for example /var/log/secure on a Red Hat, for SSH login failure messages. If it detects a failure message it records the source IP address and starts a counter. If messages continue to be detected from the same source IP address the counter is incremented for each message. When the counter reaches a user-specified threshold then the script will add a firewall rule blocking SSH connections from that source IP address. A user-specified time-out is also defined to trigger a reset of the counter. If the counter is incremented but has not yet reached the blocking threshold and a new login failure message arrives then BlockSSHD checks the time-out. If the last increment of the counter occurred earlier than the current time minus the time-out period then the counter is reset rather than incremented. The time-out defaults to 600 seconds (10 minutes).

• More information or Write a review...(0)

Hardscan is a local netstat replacement that scans for open ports the hard way: by binding to each of them and attempting to handshake with itself. It is meant to be useful in a situation where you may have been rooted, rendering the output of netstat and other security tools untrustworthy.

• More information or Write a review...(0)