This appendix lists security tools for various platforms. Most such tools are freeware, shareware, or open source. The rest are commercial products. URLs are included so that you can check to see if there have been any updates since the book was published. If you don’t find a product listed in this appendix on the CD-ROM, you can use the provided URL to get more information on it.
.NET Hook
Description: Allows insertion of arbitrary code at the beginning of each function called in a .NET assembly (whether executable or assembly).
[Blutch] Network Simulator
Description: Simulates networks. Good for network modeling.
AATools
Description: Network diagnostic tools that do just about everything including port scanner, proxy analysis, tracing routes, email address vertification, link analysis, network monitor, process monitoring, and a few other functions. The primary purpose is to get network status and availability information.
Access Road
Description: Diagram and model your access controls. Very powerful.
ACID-PHP
Description: PHP-based engine to search and process security incident database in conjunction with Snort.
AckCmd
Description: Allows you to get command prompts on remote Windows 2000 systems. Can bypass some firewalls by communicating via ACK packets.
Active Ports
Description: A Windows NT/2000/XP tool to monitor TCP/IP port usage, including the applications which own the ports and the IP address connected to it. Useful to detect trojans on your system.
ActivPack for Windows NT
Description: ActivPack is a Windows RADIUS and TACACS+ authentication server. It suports a variety of devices such as hardware tokens, USB keys, soft tokens, and smart cards.
URL: http://www.activcard.com/activ/products/infrastructure/activpack_nt/index.html
Adding SecurID protection to EXE files
Description: Adds SecurID protection to EXE files.
Address Lookup
Description: Resolves multiple hostnames or IPs (good for automating checks of who’s accessing your site).
AdmWin
Description: A set of five tools that make managing Windows NT/2000/XP easier. The tools manage users, groups, active directory, events, and can perform remote management.
Advanced Security Control (ASC)
Description: Lets Windows administrators control the time of day that users can run certain applications.
AGT
Description: A front end for IP routing tables that allows you to make changes to your firewall quickly.
Alert Reaction Enemy System ARES LX
Description: Alert Reaction Enemy System is an intrusion detection engine for Linux.
Alfandega
Description: An easy-to-use front end to configure a netfiler firewall.
AMaViS - A Mail Virus Scanner
Description: POSIX-compliant and OS-independent system that grafts virus scanning capabilities to MTAs. Perl required.
Anax Linux Distribution
Description: Live-CD Linux distribution. It’s difficult to hack a read-only OS, right?
Anti Defacement System
Description: An anti-defacement system for Linux.
Antivirus for Linux
Description: Antivirus system for Linux.
antivisor
Description: GUI-based antivirus management system (uses Python).
apache - mod_antihak
Description: Apache module that kills Nimda and Code Red.
Apache Intrusion Detection Module
Description: A simple tool to discover intrusion attempts by examining the client requests in real time.
Apache Web Server Benchmark
Description: AWS Benchmark is for hardening Apache servers.
Apache-ACEProxy
Description: Perl modules for Apache proxy services.
URL: http://www.cpan.org/authors/id/M/MI/MIYAGAWA/Apache-ACEProxy-0.03.tar.gz
Apache-AntiSpam
Description: Apache Perl module to filter spam from Web pages.
URL: http://www.cpan.org/authors/id/M/MI/MIYAGAWA/Apache-AntiSpam-0.04.tar.gz
Apache-AuthCookie
Description: Perl authentication and authorization via cookies.
URL: http://www.cpan.org/authors/id/M/MS/MSCHOUT/Apache-AuthCookie-3.00.tar.gz
Apache-AuthCookieDBI
Description: An AuthCookie module backed by a DBI database.
URL: http://www.cpan.org/authors/id/C/CR/CROMIS/Apache-AuthCookieDBI-1.18.tar.gz
Apache-AuthCookieDBIRadius
Description: An AuthCookie module backed by a DBI database and an optional Radius server.
URL: http://www.cpan.org/authors/id/B/BA/BARRACODE/Apache-AuthCookieDBIRadius-1.19.tar.gz
Apache-AuthCookieLDAP
Description: An AuthCookie module backed by an LDAP server.
URL: http://www.cpan.org/authors/id/B/BJ/BJORNARDO/Apache-AuthCookieLDAP-0.02.tar.gz
Apache-AuthCookieURL
Description: Perl authentication and authorization via cookies and URLs.
URL: http://www.cpan.org/authors/id/H/HA/HANK/Apache-AuthCookieURL-1.003.tar.gz
Apache-AuthenCache
Description: Authentication caching used in conjunction with Apache.
URL: http://www.cpan.org/authors/id/J/JB/JBODNAR/Apache-AuthenCache-0.05.tar.gz
Apache-AuthenLDAP
Description: Apache LDAP Authentication Module.
URL: http://www.cpan.org/authors/id/C/CG/CGILMORE/Apache-AuthenLDAP-0.61.tar.gz
Apache-AuthenN2
Description: Authenticates into the NT and NIS+ domains.
URL: http://www.cpan.org/authors/id/V/VA/VALERIE/Apache-AuthenN2-0.05.tar.gz
Apache-AuthenNIS
Description: NIS authentication module.
URL: http://www.cpan.org/authors/id/D/DE/DEP/Apache-AuthenNIS-0.10.tar.gz
Apache-AuthenNISPlus
Description: Authenticates into a NIS+ domain.
URL: http://www.cpan.org/authors/id/V/VA/VALERIE/Apache-AuthenNISPlus-0.06.tar.gz
Apache-AuthenPasswd
Description: Unix
passwdfile authentication module.URL: http://www.cpan.org/authors/id/D/DE/DEP/Apache-AuthenPasswd-0.10.tar.gz
Apache-AuthenPasswdSrv
Description: Socket-based authenticator handler.
URL: http://www.cpan.org/authors/id/J/JE/JEFFH/Apache-AuthenPasswdSrv-0.01.tar.gz
Apache-AuthenRadius
Description: Authentication via a Radius server.
URL: http://www.cpan.org/authors/id/D/DA/DANIEL/Apache-AuthenRadius-0.3.tar.gz
Apache-AuthenSmb
Description: NT authentication module.
URL: http://www.cpan.org/authors/id/PARKER/Apache-AuthenSmb-0.60.tar.gz
Apache-AuthenURL
Description: Authenticates via another URL.
URL: http://www.cpan.org/authors/id/JGROENVEL/Apache-AuthenURL-0.8.tar.gz
Apache-AuthExpire
Description: Provides authentication time limits on
.htaccess-protected pages.URL: http://www.cpan.org/authors/id/J/JJ/JJHORNER/Apache-AuthExpire-0.36.tar.gz
Apache-AuthLDAP
Description: LDAP access control and authentication module.
URL: http://www.cpan.org/authors/id/CDONLEY/Apache-AuthLDAP-0.21.tar.gz
Apache-AuthNetLDAP
Description: Module that uses the Net::LDAP module for user authentication for Apache.
URL: http://www.cpan.org/authors/id/M/ME/MEWILCOX/Apache-AuthNetLDAP-0.19.tar.gz
Apache-AuthTicket
Description: Cookie-based access module.
URL: http://www.cpan.org/authors/id/M/MS/MSCHOUT/Apache-AuthTicket-0.31.tar.gz.
Apache-AuthzCache
Description: Cache authorization module.
URL: http://www.cpan.org/authors/id/C/CG/CGILMORE/Apache-AuthzCache-0.06.tar.gz
Apache-AuthzLDAP
Description: LDAP authorization module.
URL: http://www.cpan.org/authors/id/C/CG/CGILMORE/Apache-AuthzLDAP-0.61.tar.gz
Apache-AuthzNIS
Description: NIS group authorization module.
URL: http://www.cpan.org/authors/id/D/DE/DEP/Apache-AuthzNIS-0.10.tar.gz
Apache-CodeRed
Description: Responds to CodeRed worm attacks with email warnings.
URL: http://www.cpan.org/authors/id/R/RE/REUVEN/Apache-CodeRed-1.07.tar.gz
ApacheCookieEncrypted
Description: Encrypted HTTP cookies.
URL: http://www.cpan.org/authors/id/J/JK/JKRASNOO/ApacheCookieEncrypted-0.03.tar.gz
ApacheDBI
Description: Authentication and authorization via Perl’s DBI.
URL: http://www.cpan.org/authors/id/MERGL/ApacheDBI-0.88.tar.gz
Apache-DBILogConfig
Description: Logs access information in a DBI database.
URL: http://www.cpan.org/authors/id/J/JB/JBODNAR/Apache-DBILogConfig-0.02.tar.gz
Apache-DBILogger
Description: Tracks what’s being transferred in a DBI database.
URL: http://www.cpan.org/authors/id/ABH/Apache-DBILogger-0.93.tar.gz
Apache-DBILogin
Description: Authenticates and authorizes via a DBI connection.
URL: http://www.cpan.org/authors/id/JGROENVEL/Apache-DBILogin-2.0.tar.gz
Apache-DebugInfo
Description: Logs various bits of per-request data.
URL: http://www.cpan.org/authors/id/G/GE/GEOFF/Apache-DebugInfo-0.05.tar.gz
Apache-DumpHeaders
Description: Watches HTTP transaction via headers.
URL: http://www.cpan.org/authors/id/ABH/Apache-DumpHeaders-0.93.tar.gz
Apache-GTopLimit
Description: Limits Apache httpd processes.
URL: http://www.cpan.org/authors/id/S/ST/STAS/Apache-GTopLimit-0.01.tar.gz
Apache-Htaccess
Description: Creates and modifies Apache
.htaccessfiles.URL: http://www.cpan.org/authors/id/BDFOY/Apache-Htaccess-1.2.tar.gz
Apache-Htgroup
Description: Manages Apache authentication group files.
URL: http://www.cpan.org/authors/id/RBOW/Apache-Htgroup-1.20.tar.gz
Apache-Htpasswd
Description: Manages Unix crypt-style password file.
URL: http://www.cpan.org/authors/id/K/KM/KMELTZ/Apache-Htpasswd-1.5.3.tar.gz
Apache-Keywords
Description: Stores keywords as a personal profile in a cookie.
URL: http://www.cpan.org/authors/id/M/MA/MAGNUS/Apache-Keywords-0.1.tar.gz
Apache-LogFile
Description: Interface to Apache’s logging routines.
URL: http://www.cpan.org/authors/id/DOUGM/Apache-LogFile-0.12.tar.gz
Apache-MimeXML
Description: mod_perl mime encoding sniffer for XML files.
URL: http://www.cpan.org/authors/id/M/MS/MSERGEANT/Apache-MimeXML-0.08.tar.gz
Apache-ParseLog
Description: Parses Apache log files.
URL: http://www.cpan.org/authors/id/A/AK/AKIRA/Apache-ParseLog-1.02.tar.gz
Apache-PHLogin
Description: Authenticates via a PH database.
URL: http://www.cpan.org/authors/id/JGROENVEL/Apache-PHLogin-0.5.tar.gz
Apache-ProxyPass
Description: Implements ProxyPass in Perl.
URL: http://www.cpan.org/authors/id/MJS/Apache-ProxyPass-0.06.tar.gz
Apache-RefererBlock
Description: Blocks requests based upon referrer header.
URL: http://www.cpan.org/authors/id/C/CH/CHOLET/Apache-RefererBlock-0.03.tar.gz
Apache-ReverseProxy
Description: An Apache mod_perl reverse proxy.
URL: http://www.cpan.org/authors/id/CLINTDW/Apache-ReverseProxy-0.06.tar.gz
Apache-RewritingProxy
Description: Proxy that works by rewriting requested documents with no client proxy config needed.
URL: http://www.cpan.org/authors/id/H/HA/HAGANK/Apache-RewritingProxy-0.7.tar.gz
Apache-Session
Description: A persistence framework for session data. Many, many fine tools here.
URL: http://www.cpan.org/authors/id/JBAKER/Apache-Session-1.54.tar.gz
Apache-Session-Generate-ModUsertrack
Description: Use mod_user_track for session ID generation.
URL: http://www.cpan.org/authors/id/M/MI/MIYAGAWA/Apache-Session-Generate-ModUsertrack-0.01.tar.gz
Apache-Traffic
Description: Tracks hits and bytes transferred on a per-user basis.
URL: http://www.cpan.org/authors/id/MAURICE/Apache-Traffic-1.02.tar.gz
Apache-Usertrack
Description: Emulates the mod_usertrack apache module.
URL: http://www.cpan.org/authors/id/ABH/Apache-Usertrack-0.03.tar.gz
AppShield by Sanctum
Description: Protects applications against cracking attempts.
URL: http://www.sanctuminc.com/solutions/appshield/index.html
Argante
Description: Secure Virtual Operating System (VOS) written in C.
Armed
Description: Linux-based intrusion detection system.
armor
Description: Hardening module for HP-UX and Solaris.
ArMyZ Traceroute detector
Description: Linux and Solaris tool for tracing those who trace you via Traceroute.
Astaro Security Linux
Description: A Linux distribution with advanced security features such as firewalling, content-filtering, and VPN features.
Atelier Web Ports Traffic Analyzer
Description: A Windows-based TCP/IP port monitor with maps ports to processes.
Attack and Probe Reporter
Description: Finds scans and attacks based on Linux logs. Researches who to contact at ISPs to stop the attacks.
auth_ip
Description: Provides user authentication by client IP address.
URL: http://www.troppoavanti.it//modules/mod_auth_ip/mod_auth_ip.html
auth_ldap
Description: LDAP authentication module.
auth_oracle module
Description: Authentication module for Apache 1.3 -> Oracle8.
auth_script
Description: Authentication decision by an external CGI or PHP script.
Authen::Prot
Description: Provides access to protected password databases through Unix system calls.
Authentication (Windows NT Domain Controller)
Description: An Apache for Windows Perl module that does NT Domain Controller/password-based authentication.
Automated Security Tools
Description: Provides tools that let network administrators test their network security. For Linux, Solaris, *BSD, and Mac OS X.
Automatic Dynamic Firewall
Description: Assists in the deployment of a firewall.
Automatic Security
Description: A Linux security scanner that automatically downloads patches.
Autonomous Agents for Intrusion Detection
Description: A powerful intrusion detection system for Unix.
AVirCap (CodeHunt)
Description: Detects CodeRed and Nimda attacks as well as some others. For Windows.
azAuth
Description: azAuth is a PHP class for authentication.
Bandwidth management
Description: Limits bandwidth based on the number of connections.
BANXAD Network Monitoring Analyzer
Description: A combination network monitor, intrusion detector, and file integrity checker.
Bash Iptables Script Firewall
Description: An easy-to-use firewall for Linux.
BeatLm
Description: BeatLm searches out the password from LM/NTLM authentication information (LanManager and Windows NT challenge/response).
URL: http://www.securityfriday.com/ToolDownload/BeatLM/beatlm_doc.html
BLAAST
Description: Scans a machine for vulnerabilities.
Blaster Scanner
Description: A TCP port scanner for Linux that does extra security checks.
B-Level Compliant Linux
Description: A stripped-down version of Linux that attempts to meet the DOS’s B-Level security.
BLISS
Description: A security scanner for Unix.
BrickHouse
Description: Makes using the firewall built into Mac OS X as easy as possible.
URL: http://personalpages.tds.net/~brian_hill/brickhouse.html
BrowseList
Description: Retrieves the browse list from any Windows system. This is useful for mapping a Windows network.
Brute Force Binary Tester
Description: BFBTester does proactive security checks of binary programs. BFBTester will perform checks of single- and multiple-argument command-line overflows and environment variable overflows. For Solaris and BSD.
BruteEX
Description: Tests applications against hacking attempts.
Bruth
Description: Performs remote security assessments and penetration testings.
BsdScan
Description: A lightweight port scanner for BSD-derived operating systems.
bwshare
Description: Bandwidth throttling by client IP address.
Bypass
Description: An IP forwarding/tunneling tool that can bypass firewalls. For Linux.
cage
Description: Creates a secure chroot environment for running programs on Linux.
Camera Monitoring System
Description: Manages video sources such as security cameras, but records only when motion has been detected. For Windows NT/2000.
CDLock
Description: Allows the administrator to set rules on Windows machines regarding how users can use removable storage.
CECrypt
Description: A file encryption tool for Windows CE.
Cerber
Description: A kernel module for FreeBSD that makes the system more secure.
CGI SUGId
Description: Sets User/Group IDs for CGI execution.
CGIWrap
Description: A wrapper for sites that allows individual users to post CGI scripts. CGIWrap protects the security of the HTTP server.
ChatKiller
Description: ChatKiller is used on Windows to manage running processes.
Choom
Description: Web-based administration of Linux firewall tables.
Cimtrak WSE
Description: Detects unauthorized changes to an IIS server and restores the original content.
cina vb proxy server
Description: Windows-based proxy server.
Class Router
Description: Modifies Cisco router configurations through the Web.
ClearLogs
Description: Clears Windows event logs.
CogniSec Enterprise Firewall
Description: Open source enterprise-level firewall and VPN gateway.
ColdFusion Module
Description: Interface to the ColdFusion application server.
Connection Limitation
Description: This Apache module can limit the number of concurrent connections from one host.
Connection Tracking System
Description: Tracks connections and lets you view them through the Web.
ConnProbe IDS
Description: A distributed intrusion detection system.
Control Freak: Administrator utility
Description: Monitors activity on a system.
Cookie authentication (MySQL-based)
Description: Compares cookies against the contents of MySQL for authentication.
CopyPwd
Description: A command-line utility that allows Windows accounts to be copied from one computer to another.
Covalent Antivirus for Apache
Description: McAfee virus scanning engine in an Apache module.
Covalent Intrusion Detector
Description: Monitors a site, replaces any defaced content with a notice, and notifies a system administrator.
Covalent NetTruss
Description: Tools to set up a network infrastructure quickly.
Covalent Raven SSL
Description: Secures Web transactions with SSL/TLS.
cp2fwbuilder
Description: Checkpoint Firewall 1-to-Linux/BSD firewall migration tool.
CPU - Change Password Utility
Description: An LDAP user management tool.
CPU Indicator Screen Saver
Description: A screensaver for Windows that shows CPU utilization.
CrackWhore
Description: A Windows security scanner.
cryptf
Description: A file encryption tool for Windows.
Cryptix SASL Library
Description: A Java implementation of SASL.
C-TUN Daemon
Description: Secure tunneling daemon for FreeBSD.
CueCat PAM Module
Description: A PAM (Pluggable Authentication Module) for Linux that uses a CueCat for authentication.
DansGuardian
Description: A Web content filter that currently runs on Linux, FreeBSD, OpenBSD and Solaris. It filters the actual content of pages based on many methods, including phrase matching, PICS filtering, and URL filtering. It does not purely filter based on a banned list of sites like lesser commercial filters.
DAXFi
Description: DAXFi helps configure firewalls consistently.
DCE Authentication
Description: DCE Authentication/secure DFS module for Apache.
URL: http://www.intranet.csupomona.edu/~henson/www/projects/mod_auth_dce/
debian-trusted
Description: A hardened Linux distribution based on debian.
demure
Description: A dictionary-based attack tool for POP3, IMAP and FTP.
DeSniff
Description: A sniffer detector for Linux.
DevilExecuter
Description: Makes Web access more anonymous by using a series of proxies.
devsecure
Description: A Web-based log analyzer for OpenBSD, though it can work with most BSD/Linux systems.
DHCP hijack
Description: Hijacks LANs using DHCP.
Dial Server and Client
Description: Allows you to remotely control your network gateway from a modem.
Dial-Up Lock Millennium Edition
Description: Allows the administrator to set up per-user security for RAS connections on Windows.
Distributed IDS Analysis & Response
Description: Distributed IDS system with a centralized database.
Distributed Integrity Manager/Client
Description: An integrity-checker for Unix operating systems.
Distributed Secure File System
Description: Serverless, redundant, secure, infinite, nonrevocable filesystem.
DMZS-Biatchux Bootable CD Distro
Description: Bootable CD forensics, virus scanning, recovery, and PenTesting system for Windows and Linux.
DNS Blocker
Description: Allows administrators to filter out and redirect selected inappropriate sites for Linux. This is useful to prevent employees from browsing inappropiate sites at work.
DoorStop
Description: Firewall for the Mac.
Dr. Steganoctagon
Description: An acoustic steganography application.
DS NT Authentication Plugin
Description: A Netscape/SunONE LDAP server plugin that performs pass-through authentication to an NT domain controller.
DShield IPFW Client
Description: Takes firewall logs and submits them to dshield.net, the distributed intrusion detection system.
Dsniff for Win32
Description: Simple password sniffer that can sniff numerous protocols.
DumpSec, DumpReg, DumpEvt
Description: Products that dump NTFS permissions, user information, event logs, and registry information.
E2ECard
Description: An end-to-end architecture to enable universal identification and universal commerce via smart cards.
echolot
Description: An ARP packet sniffer for Unix.
eJPassword
Description: A simple password generator for the Palm OS.
Electric Death Ferret
Description: A Perl daemon that sets up accounts and virtual hosting via the Web.
Embedded Coyote Linux (Wolverine Firewall and VPN server)
Description: Firewall and VPN server based on Linux.
Endoshield
Description: Easy-to-use Linux-based firewall. It is designed for home users who have no knowledge of firewalls.
Enigma Mailer
Description: Allows users to send encrypted email messages to anyone with an email account.
entren
Description: A packet-matching IDS and traffic analyzer.
epasswd
Description: An improved Unix passwd program.
EPIC SSL support
Description: SSL support for epic4-2000.
EtherFlood
Description: Floods a network with Ethernet frames with random hardware addresses.
eTrust Intrusion Detection
Description: An IDS system.
EMERALD
Description: A comprehensive IDS.
eXistenZ
Description: TripWire 2.3 remote administration for Linux.
Extensible User Folder
Description: An authentication system for the Zope Application Server.
External Authentication Module
Description: An Apache authentication module that allows the use of external data sources.
Eyeball
Description: Tracks DoS and DDoS attacks.
FakeBO
Description: Logs and emulates common Trojan attacks for Linux.
FakeGINA
Description: Intercepts and captures the communication between Winlogon and the normal GINA.
Falcon
Description: A free, secure, and OS-independent firewall system.
FastSpy Port Scanner
Description: A network port scanner for Windows and Linux.
ferm
Description: A firewall rule parser for Linux.
FileManager
Description: A Web-based remote command and directory manager for Linux and Unix.
Finger Print Verification System
Description: A library for adding fingerprinting to applications.
FireBox
Description: A Web authentication system that uses PHP and MySQL for BSD and Linux.
fireflier
Description: A Linux firewall rule building tool.
Firepoint Firewall Management Server
Description: Another Linux firewall rule-building tool.
Firestarter
Description: A firewall solution for Linux.
Firewall Builder
Description: A GUI-based tool to help build firewall rules.
Firewallscript
Description: Parses firewall settings in a configuration file and implements them in a script.
FK
Description: A lightweight firewall toolkit.
Flow Controller
Description: A Java-based control layer of the MVC design pattern using a servlet and an XML-based flow description.
FlySolo
Description: Client-side APIs for an alternative to Microsoft’s Passport.
Foremost
Description: Linux tool for conducting computer forensic examinations.
Fortress Network User Authentication
Description: Tool for managing user accounts.
Free Agents DIDS
Description: Distributed intrusion detection system for Linux.
FTimes
Description: System-baselining and evidence collection tool for Windows and Linux.
FUZZauth
Description: Pluggable local and network-based authentication system.
Fwctl
Description: Easy-to-use Linux packet filtering configuration.
FwGold FW-1 Graphical Log Representation
Description: Graphs a Firewall-1 access log.
fwlogwatch
Description: Firewall log analyzer and real-time attack detector for Unix.
FWM
Description: Manages firewall and routing configuration.
fwmap
Description: Eases management of firewalls on large networks.
fwwebgui
Description: A replacement for the Checkpoint GUI.
GetAcct
Description: Acquires account information on Windows NT/2000 machines.
URL: http://www.securityfriday.com/ToolDownload/GetAcct/getacct_doc.html
Ghost Port Scan
Description: Tests firewalls with port scanning and address spoofing.
GIPTables Firewall
Description: GIPTables Firewall is a free set of shell scripts that help you generate iptables rules for Linux 2.4.x and later kernels. It’s easy to configure, and at present, designed to run on hosts with one or two network cards. It doesn’t require you to install any additional components to make it work with your GNU/Linux system.
GnoKart Kerberos Utility
Description: A Kerberos authentication utility for Linux.
GNotary Digital Notary
Description: An asynchronous peer-to-peer digital notary service based on email.
GNU Revolutionary Infrastructure
Description: A P2P infrastructure.
GNU userv
Description: A Unix system facility to allow one program to invoke another when only limited trust exists between them. Similar to the well-known sudo.
GnuUsr (New User)
Description: An automated administration tool for Linux that allows remote users to create user accounts in a secure manner.
GrabItAll
Description: Spoofs ARP replies to redirect traffic.
grsecurity
Description: A Linux 2.4 security system with a ton of features.
GSD - Get Service DACL
Description: Gets the DACL (Discretionary Access Control List) of a Windows NT service.
gShield
Description: A generic iptables firewall script, which allows some configuration, that will work for most people.
GTK PassWord Generator
Description: A Linux password generation system.
Hardware-ID
Description: A Linux module that gives programs a way to forge hardware IDs.
Heimdall Linuxconf Firewall
Description: Simple-to-use internet firewall (distributed as part of Linuxconf). Works in the background (as a daemon). Features a Net interface monitor based on a configuration in Linuxconf (done by Web, GUI, client/server or text interface). Linux.
HFNetNag
Description: Makes tracking the Windows Hot Fixes easy.
HLFL (High Level Firewall Language)
Description: A general purpose firewall language that can translate rules into the format needed for various devices.
URL: http://www.hlfl.org/
Hoggett
Description: A Web management console for the Snort IDS.
Hotwired Mod_include
Description: Hotwired extensions to mod_include.
hping2
Description: Tests firewalls and port scanning via ping.
Hsftp
Description: An FTP emulator that uses ssh for secure transport.
httpf
Description: A filtering proxy that improves HTML security by removing potentially dangerous things like Javascript.
HTTPush
Description: Audits HTTP and HTTPS security.
identd for Windows
Description: An identd (user identification) server for Windows.
IDMS Firewall
Description: Easy-to-use firewall configuration script with advanced features for Linux.
ImSafe
Description: A Unix-based IDS system.
Industrial Linux
Description: A secure Linux distribution.
inst_auth_module
Description: Apache module for instant password authentication.
INTACT Change Detection System
Description: Takes snapshots of a system and then later compares against them to detect changes.
Integrit File Verification System
Description: Another snapshot and change verification system.
Internet Access Scheduler
Description: Allows a Windows administrator to control which users can access which TCP/IP ports based on the time of day.
Intrusion Prevention Module for Apache
Description: Filters Web input to prevent intrusions.
inzider
Description: Lists ports and associated processes for Windows.
IP Filter
Description: Provides network address translation (NAT) or firewall services for Unix.
IP Personality
Description: A Linux kernel patch that pretends it is another OS to defeat tools such as Nmap.
IP Sorcery
Description: A BSD/Linux custom packet generator.
IP Tables State
Description: Displays which IP filtering rules on Linux are being used the most.
ipEye
Description: A TCP port scanner for Windows 2000.
IPNetMonitor
Description: Twelve Internet tools for the Macintosh that are useful for network debugging.
IPNetRouter
Description: Low-cost router for sharing a connection.
IPNetSentry
Description: Protects a Macintosh from Internet attacks.
iProtect
Description: Apache module to prevent password theft and abuse.
IPSecScan
Description: A scanner for IPSec-enabled systems.
iptables
Description: The Linux 2.4.x/2.5.x firewalling subsystem.
ipwatch
Description: Dumps network packets on Linux.
Iridium
Description: A Linux-based firewall geared to protect a LAN from the Internet.
Jail Chroot Project
Description: A simple-to-use chroot environment for running programs securely.
URL: http://www.gsyc.inf.uc3m.es/~assman/jail/configuring/quickguide.html
Jailinit
Description: Monitors and keeps track of jails and jailproc.
James Bond Log
Description: A daemon log watcher for Linux and BSD.
Java API for Role-Based Access Control
Description: A Java API and default implementation for role-based access control.
JAVA/Struts Security Framework
Description: A J2SE 2.3/1.2-compliant security layer that can be integrated into any Struts application.
JCartera
Description: Stores and protects passwords in a Pocket PC.
JRSAAce
Description: Converts the RSA Ace/Agent Authentication API 5.0.1 into JAVA API.
jWall
Description: Another Linux firewall management tool.
Kerberos Authentication
Description: An Apache Kerberos authentication module.
URL: http://stonecold.unity.ncsu.edu/software/mod_auth_kerb/
Kerberos Module For Apache
Description: Another Apache Kerberos authentication module.
Kerberos Poppassd
Description: A Kerberos password-changing daemon.
Kfirewall
Description: A front end to Linux firewalls, tcpwrappers and IDS systems.
Kiosk Control library/Module
Description: Disables the mouse and keyboard on Windows machines to use them as Kiosks.
KISS - Kernel Improved Security System
Description: A BSD kernel security tool.
kkp NetBIOS Security Tool
Description: A security tool for a NetBIOS vulnerability.
klogger
Description: A keystroke logger for Windows NT/2000.
KNet
Description: A network infrastructure for encrypted anonymous distributed P2P communication.
Knetfilter
Description: A GUI for managing filtering functions in the Linux 2.4 kernel.
Komoku
Description: A Linux IDS that relies on an Intel EBSA-285 embedded board.
kssl - Kerberized SSL
Description: Apache module and patches to OpenSSL and modssl to support Kerberos authentication for Linux and Solaris.
LanFileWatcher
Description: Extracts files from HTTP and FTP network traffic.
LANguard Content Filtering & Anti-Virus
Description: Checks incoming data for viruses and unwanted content, blocking them without blocking other data.
lcrzo
Description: A C-based network library useful in creating network-based programs.
lcrzoex
Description: Extensive toolbox for testing an Ethernet network.
LDAP auth module for Apache
Description: Provides HTTP basic authentication by using LDAP.
URL: http://www.muquit.com/muquit/software/mod_auth_ldap/mod_auth_ldap.html
LEAF “Bering”
Description: A Linux-based firewall.
Leviathan Auditor
Description: A penetration testing tool for Windows.
libconnect
Description: A transparent proxy library.
Libidmef
Description: An implementation of IDMEF (Intrusion Detection Message Exchange Format) in C.
libpam-sfs
Description: A Linux Pluggable Authentication Module (PAM) that allows for the mounting of home directories from SFS-enabled (Self-certifying File System) servers.
LineControl
Description: Runs a server application on a masquerading Linux server.
linids
Description: A modular, highly configurable network IDS.
Linksys Activity Logger
Description: Captures the logging messages from a Linksys router and stores them in a database.
Linux Access Control LIsts support
Description: Adds full ACLs to the Linux Kernel.
Linux Intrusion Detection System
Description: A Linux kernel-based intrusion detection system.
Linux packet filtering
Description: Linux packet filter.
Linux rootkit detector
Description: Detects attacks by rootkits.
Linux Security Auditing Tool
Description: A Linux Security Auditing Tool (LSAT).
Linux terminal sniffer
Description: A Linux shell sniffer.
LinuxBSM-2
Description: Adds auditing to the Linux kernel.
ListModules
Description: Lists the modules (EXEs and DLLs) that are loaded into a process.
LNS - List NTFS Streams
Description: A tool that searches for NTFS streams.
LnxFire
Description: A Linux firewall tool for the SOHO environment.
LockDown Direct
Description: Alters the registry to lock Windows down.
LockOut 4
Description: Keeps unauthorized people from using a Mac.
Log-Dispatch
Description: Apache logging module.
URL: http://www.cpan.org/authors/id/D/DR/DROLSKY/Log-Dispatch-1.80.tar.gz
LogHog
Description: Takes proactive actions based on Snort (an IDS) output.
LPRman
Description: Utility that allows remote creation and management of LPR (printer) ports.
Lubbock
Description: A Linux distribution based on Linuxcare Bootable Business Card, which is an emergency tool with many uses.
MacAnalysis
Description: A tool that attempts to hack your servers (Unix and Windows as well as Mac), and tells you what you need to fix.
Machine Learning for Anomaly Detection
Description: Detects anomalies for Linux systems.
macMatch
Description: Searches files based on various dates, which can help with a forensic investigation.
Mailchecker
Description: Checks email for unsafe content.
md5bfcpf
Description: A brute-force MD5 cracker for Linux.
Mechanical ID
Description: A password and random code generator.
mmtcpfwd
Description: Additions for Linux firewalls, such as a secure TCP/IP port forwarder, a MASQ fake ident, and a FTP passive proxy superserver.
mod_auth_any
Description: Apache mod_auth_style module that allows for arbitrary authentication back ends.
mod_access_identd
Description: Mandatory access control based upon RFC 1413 (identd) credentials for Apache.
mod_access_rbl
Description: Controls access via MAPS RBL-style DNS servers for Apache.
mod_access_referer
Description: Provides Apache access control based on “Referer” HTTP header content.
mod_accessCookie
Description: Apache cookie management module.
URL: http://unet.univie.ac.at/~a9506264/mod_accessCookie.tgz
mod_auth_cache
Description: Authentication caching module using authentication from another module.
mod_auth_ldap
Description: Apache LDAP authentication module.
mod_auth_mysql
Description: Apache MySQL-based authentication.
mod_auth_nds
Description: Apache NDS authentication module.
mod_auth_notes
Description: Apache Lotus Notes-based authentication.
mod_auth_nt
Description: Apache NT-based authentication for users/groups.
mod_auth_ora7
Description: Apache Oracle 7 authentication module.
mod_auth_ora8
Description: Apache Oracle 8 authentication module.
mod_auth_oracle
Description: Authentication module for Apache 1.3 through Oracle8/8i.
mod_auth_oracle/win32
Description: Module for authenticating against an Oracle8.x.x database. For Apache 1.3.x with and without mod_ssl (for Win32 only!).
URL: http://www.designlab.de/service_support/downloads/downloads/mod_auth_oracle.zip
mod_auth_pgsql
Description: Authentication module for Apache 1.3 through PostgreSQL.
mod_auth_radius
Description: RADIUS authentication module.
mod_auth_rdbm
Description: Apache dbm or db authentication.
mod_auth_samba
Description: Samba authentication module for Apache.
mod_auth_sys
Description: Basic authentication using system accounts for Apache.
mod_auth_tacacs
Description: TACACS+ authentication module for Apache.
mod_auth_tds
Description: TDS authentication (works with MSSQL and SYBASE) for Apache.
mod_auth_tkt
Description: Cookie-based authentication module.
mod_auth_udp
Description: Forwards Apache auth-requests to an external server with udp-packets.
mod_auth_yp.c
Description: Authenticates Apache usernames/passwords and usernames/groups through NIS (Yellow Pages).
mod_authz_ldap
Description: LDAP authorization and certificate verification for Apache.
mod_bakery
Description: Encrypted Apache cookie access-checking.
mod_become
Description: Policy-based application of setuid()/setgid() per HTTP request.
mod_bol
Description: Sends two WWW-Authenticate headers, one for basic and one for digest.
URL: http://www.berlinonline.de/wissen/computer/linux_tips/os/
mod_fortress
Description: Apache Application IDS and firewall.
mod_hosts_access
Description: Allows you to use the TCPWrapper hosts.allow and hosts.deny files to configure access to your Apache Web server.
mod_ip_forwarding
Description: Forwards IP packets between a proxy and a main server.
URL: http://dev.w3.org/cgi-bin/cvsweb/apache-modules/mod_ip_forwarding/
mod_ldap.c
Description: LDAP authentication and access rules.
mod_LDAPauth
Description: LDAP authentication module.
mod_limitipconn
Description: Limits the number of simultaneous connections from a single client IP address.
mod_log_mysql
Description: Allows Apache to log access log entries to a MySQL database.
mod_loopback
Description: Web client debugging tool that echoes everything concerning an HTTP request.
mod_macro
Description: Apache runtime configuration files with macro capability.
mod_mya
Description: MySQL basic authentication.
mod_mylog
Description: Logs input into a MySQL database.
mod_ntlm
Description: NTLM authentication for Apache/Unix.
mod_odbc_auth
Description: ODBC authorization module for Win32 Apache.
URL: http://www.provox.de
mod_rpaf
Description: Reverse proxy add forward.
mod_ssl
Description: Free Apache Interface to SSLeay.
mod_test
Description: Tests entry for authentication.
mod_throttle
Description: Limits the bandwidth usage and server load based on policies.
mod_throttle_access
Description: Limits access on a per-resource basis.
mod_ticket
Description: Adds digitally signed tickets at the base of a URL.
mod_tproxt
Description: A module for transparent HTTP proxies.
mod_tracker
Description: Advanced user tracking module.
mod_usertrack_proxypass_front and mod_usertrack_proxy
Description: A pair of Apache modules to allow the sending of Set-Cookie headers from a fat back end.
mod_watch
Description: Watches Web traffic statistics.
mod_z_auth
Description: Authentication using NIS or other methods.
Monitorer
Description: A keystroke logger that can also take screenshots.
MonMotha’s Firewall
Description: Powerful but compact firewall.
Mouse Lock
Description: Windows program that locks down the mouse.
mSQL authentification module
Description: Basic authentication with the mSQL database.
NetBarrier
Description: Personal firewall for the Mac.
NetBiosSpy
Description: Watches shared folders on a PC.
NetBSD/i386 Firewall
Description: A firewall solution for permanent Internet connections.
netfilter
Description: A firewall for untrusted LANs.
NetUsers
Description: A utility to view logged-on users on a specific computer.
NetView
Description: Command-line version of Network Neighborhood.
NoCase
Description: Non-case sensitive URL mapping for Linux.
NorthStar
Description: Tracks and allocates IP addresses in an IP network.
nscopy
Description: A copy command that bypasses security controls.
NSS-MySQL
Description: Authenticates Unix groups and users using a MySQL database.
OB1
Description: A sample implementation of a B1-rated trusted system.
OnGuard
Description: Powerful desktop security suite (file, folder, application, and other access controls).
PAM_Auth
Description: Apache authentication against Pluggable Auth Modules (PAM).
pam_mount
Description: A PAM module that allows remote volumes to be mounted during login.
parselog
Description: Perl script to parse and store logs by server and date.
Password Age
Description: Displays the age of the password for user and computer accounts.
PEriscope
Description: A PE file inspection tool.
PHP Firewall Generator
Description: A firewall generation script.
PipeACL tools
Description: Tools to view and modify Windows ACLs.
URL: http://razor.bindview.com/tools/desc/pipeacltools1.0-readme.html
PMDump
Description: Dumps the memory of a process, which can be useful in a forensic investigation.
PortBlocker
Description: Allows you to block the most common types of servers that might be on a system (FTP, HTTP, and so on), but is NOT a firewall.
URL: http://www.analogx.com/contents/download/network/pblock.htm
Posum’s Windows Enforcer
Description: Tools for locking down Windows machines for uses such as a computer lab.
ProDiscover DFT
Description: Forensic analysis suite.
URL: http://www.techpathways.com/DesktopDefault.aspx?tabindex=4&tabid=12
PromiScan
Description: Searches for promiscuous nodes on the network.
URL: http://www.securityfriday.com/ToolDownload/PromiScan/promiscan_doc.html
PromiscDetect
Description: Checks the local machine to see whether the network card is in promiscuous mode.
proxyfloppy Linux distribution
Description: A floppy-based Linux that supports three types of Web proxies.
PureSecure
Description: An intrusion detection system.
RADIUS Authentication module
Description: RADIUS authentication for Apache.
RBA Proxy Filter
Description: An MS Proxy Server plug-in that puts different Web sites in different NT groups for access control.
Realm and MD5 Digest-based cookie authentication
Description: Security realms for document tree and fast login for users using MD5-signed cookies.
Remote Task Manager
Description: Like Windows Task Manager, but can control remote machines.
rTables for Linux
Description: A Linux-based firewall solution.
runsuid
Description: Runs scripts with another effective user ID/group ID.
ScoopLM
Description: Captures LM/NTLM authentication information (LanManager and Windows NT challenge/response) on the network.
URL: http://www.securityfriday.com/ToolDownload/ScoopLM/scooplm_doc.html
Seattle Firewall
Description: A Linux-based dedicated firewall.
SecureCopy
Description: Copies files and directories on NTFS files while keeping the security intact.
SecurID Authentication
Description: RSA SecurID authentication for Apache.
Share Password Checker
Description: Checks passwords for Windows shares.
URL: http://www.securityfriday.com/ToolDownload/SPC/spc_doc.html
SMB Downgrade Attacker
Description: Tries to get people’s Windows networking passwords.
SMBProxy
Description: Authenticates to a Windows NT4/2000 server with only the MD4 hash.
snitch
Description: Converts the asterisks in password fields to plaintext passwords.
Snort
Description: Packet sniffer and logger.
SOAP-Lite-SmartProxy
Description: Redirects and forwards requests.
URL: http://www.cpan.org/authors/id/D/DY/DYACOB/SOAP-Lite-SmartProxy-0.11.tar.gz
SOLID Database Authentication
Description: auth_solid provides username/password checking against a SOLID database.
URL: http://www.synchronis.com/synchronis/html/apache/auth_solid_frame.html
SQLdict
Description: A dictionary-based password attack tool for SQL Server.
Squidtaild
Description: A monitoring/managing program for the Squid Web cache server.
StegFS
Description: Steganographic File System for Linux, which encrypts data.
SystemTools NTconnect
Description: Creates a login script, allowing commands for NT users.
SystemTools RenameUser
Description: Renames Windows NT user accounts from the command line.
The SINUS Firewall
Description: TCP/IP packet filter for Linux.
theWall
Description: A collection of PicoBSD configuration trees and prebuilt binaries that provide NAT and firewall services for a small network.
tini
Description: A simple and very small (3KB) back door for Windows, coded in assembler. It listens at TCP port 7777 and gives anybody who connects a remote command prompt.
TrustWALL Toolkit
Description: An inbound proxy that protects your Web site.
tsocks
Description: A transparent SOCKS proxying library.
UserPath Module
Description: Provides a different method of mapping user URLs.
VXE
Description: Protects Unix servers from attacks.
Win Info
Description: Shows inventory information on your Windows system.
Windows Task Lock
Description: Provides a way to password-protect specific applications for Windows.
WinDump
Description: Windows version of TCPDump, a network sniffer.
Winfingerprint
Description: Provides information about your Windows system.
WinRelay
Description: A TCP/UDP forwarder/redirector.
WinSCP
Description: SCP (Secure CoPy) client for Windows using SSH (Secure SHell).