Other Tools Page

These Tools are for Computer Security, C0VERTl, its host and ISPs are not liable for intentional misuse or problems caused by these files.

Below is a list of programs used to improve security of computers and networks, although most of these are listed for a Unix system. A good number of these programs may also have Windows, Linux, Novell versions. I will add more a more detailed description as I investigate them.

Abacus Sentry
Detects the use of a port scanner in real-time. Availability and Additional Info: Abacus Sentry
anonftpd is a read-only anonymous FTP server. Availability: anonymous ftp at koobera.math.uic.edu
Additional Info: anonftd
Argus is a powerful tool for monitoring IP networks. It provides tools for sophisticated analysis of network activity that can be used to verify the efforcement of network security policies, network performance analysis and more. Availability: anonymous ftp at ftp.sei.cmu.edu
An ethernet monitor program that keeps tracks of ethernet/IP address pairings.
Availability: anonymous ftp at ftp.ee.lbl.gov
COPS (Computer Oracle and Password System)
Identifies security risks on a Unix system. It checks for empty passwords in /etc/passwd, world-writable files, misconfigured anonymous ftp and many others.
Availability: anonymous ftp at ftp.cert.org
It is a program that tries identifies the use of SATAN on a subnet. The program tcpdump will also be needed in order to run Courtney. See below for information above tcpdump.
Availability: anonymous ftp at ciac.llnl.gov Additional Info: CIAC Notes 08
Crack is a password cracker. Availability: www.users.dircon.co.uk
Additional Info: Crack Version v5.0 User Manual
Crack lib
Checks plaintext words against Crack. Availability: anonymous ftp at coast.cs.purdue.edu
Provides a more secure method for remote login than telnet or rlogin in untrusted networks. Deslogin encrypts the connection using DES. Availability: anonymous ftp at ftp.uu.net
Dig is a network utility which queries Domain Name Servers similar to nslookup.
Availability: anonymous ftp at venera.isi.edu
Powerful bridging filter package. Availability: anonymous ftp at net.tamu.edu
It is an open source PERL script providing intrusion detection and policy enforcement of Windows 95/98/NT/3.x and Unix server administration through the use of comparative system snapshots.
Additional Info: anonymous ftp at The Fcheck Homepage
An efficient way to test whether a large number of hosts are up. Availability: anonymous ftp at slapshot.stanford.edu
It displays unusual ICMP messages received by a host and this can be used to detect suspicious network activity. Availability: anonymous ftp at hplyot.obspm.fr Additional Info: icmpinfo man page
Checks hosts within a specified range of IP address for various security vulnerabilities in sendmail, anonymous FTP setup, NFS and many more. Availability: anonymous ftp at info.cert.org
Additional Info: CERT Advisory 93:14.Internet.Security.Scanner
Filters incoming and outgoing TCP and UDP in a SVR4/386 kernel.Availability: anonymous ftp at ftp.porcupine.org
Java based client-server link monitoring tool fo rNOC operations.
Availability and Additional Info: Home of Jetmon
Kerberos is an authentication system used to protect security networks. (Export restricted)
Availability: web.mit.edu Additional Info: Kerberos: The Network Authentication Protocol
It is a daemon that is used to identify the use of port scanners like ISS and SATAN.
Availability: anonymous ftp at ftp.eng.auburn.edu
Provides a flexible and intelligent interface for periodic integrity checks of data using Perl
Availability: anonymous ftp at L6 Additional Info: L6
Replacement for system ftp, rlogin, rexec, rsh daemons and login program that have added security features such as login in failures and S/Key one-time passwords support.
Availability: anonymous ftp at ftp.porcupine.org Additional Info: Wietse's tools and papers
Analyzes any text-based log files real-time using contexts and executes a corresponding action.
Availability: anonymous ftp at ftp.cert.dfn.de Additional Info: Lo gsurfer Homepage
Displays all open files on a UNIX system. Availability: anonymous ftp at vic.cc.purdue.edu
It is a utility that either checks existing passwords for weakness or forces users to choose good passwords. Availability: anonymous ftp at ftp.informatik.uni-erlangen.de Additional Info: Readme file for Mangle
Mason is a tool that interactively builds a firewall using Linux' ipfwadm or ipchains firewalling. You leave mason running on the firewall machine while you are making all the kinds of connections that you want the firewall to support (and want it to block). Mason gives you a list of firewall rules that exactly allow and block those connections. Availability: Mason
Merlin is an interface to five popular security package to make it easier to analyze and manage the data. Availability: anonymous ftp at ciac.llnl.gov Additional Info: Merlin Information
MD5 is a hash function using to the authenticity of a file. Availability: anonymous ftp at rsa.com
Additional Info: RFC 1544, www.rsa.com
MIME Object Security Services (MOSS)
It is an extension of Multi-purpose Internet Mail Extensions (MIME) that provides authentication, integrity, and confidentiality of an email message. (export restricted) Availability: anonymous ftp at ftp.tis.com
Additional Info: MOSS FAQ
The Nessus Project
The "Nessus" Project is a free, powerful, up-to-date and easy to use remote security scanner.
Additional Info: The Nessus Project
Network logging and monitoring of all TCP and UDP connections on a subnet. Netlog also includes tools to analyzing the output. Availability: anonymous ftp at net.tamu.edu
Network Security Scanner (NSS)
NSS is a perl that scans one host on subnet or an entire subnet for various simple security problems.
Availability: anonymous ftp at jhunix.hcf.jhu.edu
NFSWatch monitors NFS requests and measures response time for each RPC.
Availability: anonymous ftp at coast.cs.purdue.edu
Utility for stealthily port scanning large networks. See Syn for tracking these types of scans.
Additional Info: Information and download for Nmap
It is a replacement for the system passwd command that enforces stronger passwords.
Availability: anonymous ftp at ftp.cc.utexas.edu Additional Info: Information about npasswd
This software provides the ability to generate and use one time passwords. Related tools are also available for Windows, DOS and Mac. Availability: anonymous ftp at ftp.nrl.navy.mil (may not be for public use)
Osh is a restricted C shell that allows the administrator to control access to files and directories and to provide logging. Availability: anonymous ftp at ftp.c3.lanl.gov Additional Info: The Operator Shell
Passwd+ is a proactive password checker which replaces the system passwd command. It enforces strong passwords. Availability: anonymous ftp at ftp.dartmouth.edu
Pretty Good Privacy (PGP) protects documents such as email from unauthorized reading using public key encryption. This is the famous program by NAI. (Some versions are export restricted) Availability: USA and Canada--anonymous ftp at www.eff.org or via web form Availability: International-- anonymous ftp at ftp.ifi.uio.no
Additional Info: Cryptography, PGP, and Your Privacy
Identd tries to identify the remote user name of a TCP/IP connection. Identd is an implementation of RFC 1413. Availability: anonymous ftp at ftp.lysator.liu.se or ftp.csc.ncsu.edu Additional Info: RFC 1413
PingLogger detects and logs ICMP ECHO REQUESTS. Availability: world wide web at www.students.uiuc.edu
It is a modified version of portmapper that reduces the vulnerabilities and denies proxy access.
Availability: anonymous ftp at ftp.porcupine.org
Riordan's Internet Privacy Enhanced Mail (RIPEM) improves the security of email by verifying the authenticity of the message sender among other things. ( Export restricted) Availability: anonymous ftp at ripem.msu.edu Additional Info: Information about RIPEM
A modified version of rpcbind (System V.4 portmapper) that prevents intruders from bypassing NFS export restrictions. Availability: anonymous ftp at porcupine.org
Rscan is a extensible network scanner that checks for common network problems and SGI specific vulnerabilities. Availability: anonymous ftp at ftp.vis.colostate.edu Additional Info: Rscan: Heterogeneous Network Interrogation
SARA, Security Auditor's Research Assitant, is a third generation security analysis tool that is based on the SATAN model, covered by the GNU GPL-like open license, fosters a collaberative environment and is updated periodically to address hte latest security threats. Availability and additional info: SARA
SATAN is a program that gathers network information such the type of machines and services available on these machine as well as potential security flaws. Availability: anonymous ftp at ftp.porcupine.org. Also see wzv.win.tue.nl for a list of mirror sites. Additional Info: Cert Advisory CA-95:06.satan
Scan-detector determines when an automated scan of UDP/TCP ports is being done on a host running this program. Logs to either syslog or strerr. Availability: anonymous ftp at coast.cs.purdue.edu
Additional Info: COAST Projects' Tools
A replacement for the system sendmail. This version includes all of the latest patches.
Availability: anonymous ftp at ftp.cs.berkeley.edu
Sendmail Wrapper
The sendmail wrapper provides some protection against local sendmail attacks.
Availability: anonymous ftp at ftp.auscert.org.au
A flexible, Java-based security tool that enables organizations to audit and secure their systems and networks in a modern, heterogeneous, corporate intranet. Availability and more info: Sun Enterprise Network Security Service
This package includes everything that is necessary to use shadow password file.
Availability: anonymous ftp at ftp.cs.widener.edu
Simple Socksd
It is another implementation of Version 4 SOCKS protocol that is fast, easy to compile, and simple to configure. Availability: http at Simple SOCKS Daemon Additional Info: Simple SOCKS Daemon
S/Key generates one time passwords to gain authenticated access to computers.
Availability: anonymous ftp at thumper.bellcore.com or coast.cs.purdue.edu
Simple Key-Management For Internet Protocols (SKIP)
SKIP adds privacy and authentication at the network level. Availability: USA and Canada--via web form Availability: International--anonymous ftp at ftp.elvis.ru Additional Info: SKIP Information and SKIP in Russia
Smrsh is a restricted shell for sendmail to restrict the number of programs that can be executed by sendmail. Availability: anonymous ftp at ftp.nec.com
Socks is a package which allows various Internet service such as gopher, ftp and telnet to be used through a Firewall. Availability: anonymous ftp at ftp.nec.com Additional Info: Welcome to SOCKS
SSH (Secure Shell) is an enhance versions of rlogin, rsh and rcp that provides RSA authentication and encryption of communications as well as many other security improvements. ( Export restrictions)
Availability: anonymous ftp at ftp.cs.hut.fi Additional Info: Ssh (Secure Shell) Home Page or Ssh FAQ
STEL is a system replacement for telnet which provides strong mutual authentication and encryption.
Availability: anonymous ftp at idea.sec.dsi.unimi.it
Strobe displays all active listening TCP port on remote hosts. It uses an algorithm that efficiently uses network bandwidth. Availability: anonymous ftp at suburbia.apana.org or minnie.cs.adfa.oz.au
Sudo allows a system administrator to give limited root privileges to user and log their activities. This version of Sudo is also known as CU-sudo. Availability: anonymous ftp at ftp.cs.colorado.edu
Additional Info: Sudo - a utility to allow restricted root access
Swatch is a package used to monitor and filter log files and executes a specified action depending of pattern in the log. Availability: anonymous ftp at ee.stanford.edu
Perl utility for tracking stealth port scanning Availability: anonymous ftp at Syn Additional Info: Syn
TCP Wrapper
Allows a Unix System Administrator to control access to various network services through the use of access control list. It also provides logging information of wrapped network services which may be used to prevent or monitor of network attacks. Availability: anonymous ftp at ftp.porcupine.org Additional Info: TCP Wrapper
Tcpdump captures and dumps protocol packets to monitor or debug a network.
Availability: anonymous ftp at ftp.ee.lbl.gov
Tcpr is a set of perl scripts that forwards ftp and telnet commands across a firewall.
Availability: anonymous ftp at ftp.alantec.com
Checks for known security vulnerabilities of Unix workstations. It is similar to Cops with many extensions. Availability: anonymous ftp at net.tamu.edu
TIS Firewall Toolkit
Firewall Toolkit is a software package to build and maintain a system which is used to protect networks from unwanted network activities. Availability: anonymous ftp at ftp.tis.com
Additional Info: TIS Firewall Toolkit Overview
Monitors for changes in system binaries.
Availability: anonymous ftp at coast.cs.purdue.edu Additional Info: Tripwire
TTY-Watcher monitors, logs and interacts with all of the tty on a system.
Availability: anonymous ftp at coast.cs.purdue.edu Additional Info: TTY-Watcher
A replacement ftp server for UNIX systems that has many features including extensive logging and as well as limiting the number of ftp users. Availability: anonymous ftp at wuarchive.wustl.edu
It's a replacement for inetd which has extensive logging and access control capabilities for both TCP and UDP services. Availability: anonymous ftp at qiclab.scn.rain.com
It is a utility to retrieve a NIS map from a host running NIS daemon.
Availability: anonymous ftp at ftp.uu.net or WWW server at mls.saic.com

Notify C0VERTl of any dead ftp/links and I will attempt to relocate the programs.