Bastille Linux
website: http://www.bastille-linux.org/
Hardens Red Hat or Mandrake with many security enhancements. Server Security Software > Secure Linux
Distro's TWWWScan
website: http://www.bruck-inc.com/download/downloads.htm
Scans for over 180 CGI holes, with anti-IDS and passive mode.
Server Security Software > Auditing > Windows
Nessus Client
website: http://nessuswx.nessus.org/
A client/server based remote security scanner, frequent updates.
Winfingerprint
website: http://www.winfingerprint.sourceforge.net/
A Win32 based NetBIOS scanner that is able to determine OS, enumerate users, groups, shares, transports, sessions, services, service pack and hotfix level, date and time, disks, and open tcp ports.
Network Auditing>Windows NT, 2000, XP
EtherApe
website: http://etherape.sourceforge.net/download.shtml
Graphical network monitor featuring Ethernet, IP, and TCP modes
Server Security Software > Sniffers > Linux
LaBrea
website: http://www.hackbusters.net/LaBrea/
Sticky honeypot that creates virtual systems to trap scanners
Server Security Software > Intrusion Detection > Network Based > Linux
Reptor
website: http://www.wankwood.com/reptor/
Perl utility for analyzing Symantec Enterprise Firewall logfiles
Server Security Software > Firewalls > Linux
PEriscope
website: http://ntsecurity.nu/toolbox/periscope/
PE file inspector, can be used to find malicious code in files
Server Security Software > Auditing > Windows
ArpTools
Searches for and audits wireless access points on 802.11b nets
Server Security Software > Auditing > Windows
Firewall Tester
website: http://www.infis.univ.trieste.it/~lcars/ftester/
A pair of client/daemon perl scripts to help audit firewalls
Server Security Software > Auditing > Other
Stealth HTTP Security Scanner
website: http://www.nstalker.com/stealth/
Excellent HTTP scanner with anti-IDS, proxying, 1000s of checks.
Server Security Software > Auditing > Windows
Analyzer
website: http://www.ethereal.com/
Sniffer with graphical interface, analysis engine, and capture.
Server Security Software > Sniffers > Windows
NmapNT
website: http://www.eeye.com/html/Research/Tools/nmapnt.html
A Windows NT port of Nmap - the best port scanner available.
Server Security Software > Auditing > Windows
HandleEx
Web Site: http://www.sysinternals.com/
Platform: Windows NT
Freeware
A GUI/device driver combination that together show you information about which handles and DLLs processes have opened or loaded.
Intact Open Use
Web Site: http://www.pedestalsoftware.com/intact/openuse.htm
Platform: Windows NT, 2000
Freeware
Intact Open Use is a fully-functional easy-to-use integrity checking system for Windows NT. Detects changes to file attributes and contents, registry keys and values, user and group permissions, auditing parameters, SAM and LSA, etc.
FreeVeracity
Web Site: http://www.freeveracity.org/
Platform: Linux, *BSD
Freeware
FreeVeracity is a general-purpose data integrity tool for free platforms (e.g. GNU/Linux, FreeBSD, NetBSD, OpenBSD) that uses cryptographic hashes to detect changes in files. FreeVeracity can be deployed in a wide variety of applications including network intrusion detection and firewall monitoring. By installing FreeVeracity integrity servers on your computers, you can actively monitor the integrity of your entire network.
AIDE
Web Site: http://www.cs.tut.fi/~rammer/aide.html
Platform: Linux, *BSD
Freeware
AIDE (Advanced intrusion detection environment) is an intrusion detection program and file integrity checker. It constructs a database of the files specified in aide.conf, aide's configuration file. It stores various file attributes including: permissions, inode number, user, group, file size, mtime and ctime, atime, growing size and number of links. AIDE also creates a cryptographic checksum or hash of each file using several message digest algorithms.
Secure Files
Web Site: http://www.rdcrew.com.ar/
Platform: Linux
Freeware
Checks for current md5sum output with an included list of files/md5sums and warns you in case they are different.
ViperDB
Web Site: http://www.resentment.org/projects/viperdb/
Platform: *nix with Perl
Freeware
ViperDB was created as a smaller & faster alternative to Tripwire. Instead of writing to one database, ViperDB writes to database files in each "watched" directory, decreasing the chances of an attacker being able to successfully modify your "watchd" filesystem.
Lsof
Web Site: ftp://vic.cc.purdue.edu/pub/tools/unix/lsof/
Platform: UNIX based systems
Freeware
Lsof is an extremely powerful unix diagnostic tool. Its name stands for LiSt Open Files, and it does just that. It lists information about any files that are open by processes currently running on the system. It easily pinpoints which process is using each network connection / open port.
FSS
Web Site: http://www.insecure.dk/index.phtml?content=fss
Platform: *nix
Freeware
A simple Tripwire-like IDS utility.
Log Analyzer
Web Site:
Platform: Windows NT
Freeware
A simple log analyzer in Visual Basic that can parse, search, and label Microsoft Proxy, Microsoft Internet Information Server, Apache access_log, and Squid2 Proxy logs.
Winetd
Web Site: http://www.cotse.com/CotseLabs/winetd/
Platform: Windows NT, 2000
Freeware
WInetd is a true inetd for NT 4 and Windows 2000. It will run real daemons, honey pot modules (simulated daemons with simulated exploits), or both.
We have included many simulated daemons in this release, some real daemons, tcp_wrappers, and the skeleton code for the daemons. New daemons can be programmed by anyone in the language of their choice
Rainbow Diamond Intrusion Detector
Web Site: http://www.hideaway.net/Server_....det.exe
Platform: Windows 95/98/NT/2k
Demo
Rainbow Diamond Intrusion Detector monitors for break-in attempts, acting as a burglar alarm to alert you when your computer may be under attack. It monitors for suspicious network activity directed at your computer. When an event is noted, it is logged and you are alerted. Intrusion Detector will also attempt to discover the identity of the person who may be trying to attack your computer.
SNORT - Win32
Web Site: http://www.snort.org/snort-files.htm
Platform: Linux, Windows
Freeware
Snort is a lightweight network intrusion detection system, capable of performing real-time traffic analysis and packet logging on IP networks. It can perform protocol analysis, content searching/matching and can be used to detect a variety of attacks and probes, such as buffer overflows, stealth port scans, CGI attacks, SMB probes, OS fingerprinting attempts, and much more.
SnortPanel
Web Site: http://www.xato.net/files.htm
Platform: Windows
Freeware
Size: 458 kb
A very useful windows-based utility for managing, controlling, and monitoring the Snort IDS.
IDSCenter
Web Site: http://www.eclipse.fr.fm/snort.htm
Platform: Windows NT/2000
Freeware
A new panel for the WIN32 version of SNORT. Includes integrated Alertviewer and alarms.
Pakemon IDS
Web Site: http://www.sfc.keio.ac.jp/~keiji/ids/pakemon/
Platform: Linux, *BSD
Freeware
Packet Monster has been developed to share IDS components based on the open source development model. The current version of Packet Monster monitors all TCP and UDP packets on your network and captures specified string patterns with given port numbers. It generates a detection log that includes summary of the detections and a log for entire the session.
iplog
Web Site: http://ojnk.sourceforge.net/
Platform: *BSD, Solaris
Freeware
iplog is a TCP/IP traffic logger. Currently, it is capable of logging TCP, UDP and ICMP traffic. Can detect nmap OS detection probing, denial of service attacks, and more as well.
Abacus Intrusion Prevention System
Web Site: http://www.psionic.com/abacus
Platform: Linux, *BSD, SunOS
Freeware
A suite of three tools that form an effective IDS for a number of server platforms. Includes Logcheck- an automated log analyzer that can e-mail administrators any security violations periodically, Portsentry- a port scan detector, and HostSentry - a login anomaly detector.
FireStorm
Web Site: http://firestorm.geek-ware.co.uk/menu.php
Platform: Linux
Freeware
Firestorm is a very lightweight and flexible base for a heirarchical NIDS. It aims to be very fast and support many open protocols and formats. It will also support SQL integration, and more.
CGI Scanner Trap
Web Site: http://online.securityfocus.com/tools/1468
Platform: Linux, *nix
Freeware
Detects a CGI scan and sends an alert message to syslog with the attackers IP+Web Browser.
SecureStack
Web Site: http://www.securewave.com/html/secure_stack.html
Platform: Windows NT/2000
Freeware/Commercial
SecureStack offers protection from all buffer overflow attacks that try to inject and execute arbitrary code on your system. SecureStack flags data sections as non-executable, and it detects and prevents any attempt to run illegitimate code, thus making it impossible for attackers to gain control of your system.
BOWall
Web Site: http://www.security.nnov.ru/bo/eng/BOWall/
Platform: Windows NT 4.0
Freeware
BOWall is the program that implement protection against buffer overflow attacks for the binary executed Windows NT 4.0 files. The protection is given as two methods: Vulnerable functions monitoring, and Obstacle to execution of dynamic libraries functions from data and stack memory.
AntiSniff
website: http://www.securitysoftwaretech.com/antisniff/download.html
A proactive security monitoring tool that scans a network and detects whether or not any computers are in promiscuous mode.