Pages

Feb 27, 2004

Knoppix STD 0.1

std.png
STDはsecurity tools distributionの略、CDブートLinuxとして人気の高いKnoppixのディストリビューションの一つで、その名の通りセキュリティ(ネットワーク系の)ツールてんこもり。
ネットワークのパフォーマンス測定やトラブルシューティング程度ならこのCD一枚とノートPCでほぼ事足りるはず。
(これをネットカフェに持ち込んでゴニョゴニョとか楽しそうです)
tcpreplay,arping ,tcpdump,snort-ACID,ethereal,nmapなど普段使っている
アプリケーションが全てデフォルトで入ってるのはとても魅力的。
アップデートの激しいパッケージが多くてメンテナーさんは大変でしょうが頑張ってください。
プロジェクトのホームページはこちら
詳しいパッケージ情報は詳細↓


Tools are grouped as follows:
authentication
/usr/bin/auth/
freeradius 0.9.3 : GPL RADIUS server
encryption
/usr/bin/crypto/
2c2 : multiple plaintext -> one ciphertext
4c : as with 2c2 (think plausible deniability)
acfe : traditional cryptanalysis (like Vigenere)
cryptcat : netcat + encryption
gifshuffle : stego tool for gif images
gpg 1.2.3 : GNU Privacy Guard
ike-scan : VPN fingerprinting
mp3stego : stego tool for mp3
openssl 0.9.7c
outguess : stego tool
stegbreak : brute-force stego'ed JPG
stegdetect : discover stego'ed JPG
sslwrap : SSL wrapper
stunnel : SSL wrapper
super-freeSWAN 1.99.8 : kernel IPSEC support
texto : make gpg ascii-armour look like weird English
xor-analyze : another "intro to crytanalysis" tool
forensics
/usr/bin/forensics/
sleuthkit 1.66 : extensions to The Coroner's Toolkit forensic toolbox.
autopsy 1.75 : Web front-end to TASK. Evidence Locker defaults to /mnt/evidence
biew : binary viewer
bsed : binary stream editor
consh : logged shell (from F.I.R.E.)
coreography : analyze core files
dcfldd : US DoD Computer Forensics Lab version of dd
fenris : code debugging, tracing, decompiling, reverse engineering tool
fatback : Undelete FAT files
foremost : recover specific file types from disk images (like all JPG files)
ftimes : system baseline tool (be proactive)
galleta : recover Internet Explorer cookies
hashdig : dig through hash databases
hdb : java decompiler
mac-robber : TCT's graverobber written in C
md5deep : run md5 against multiple files/directories
memfetch : force a memory dump
pasco : browse IE index.dat
photorec : grab files from digital cameras
readdbx : convert Outlook Express .dbx files to mbox format
readoe : convert entire Outlook Express .directory to mbox format
rifiuti : browse Windows Recycle Bin INFO2 files
secure_delete : securely delete files, swap, memory....
testdisk : test and recover lost partitions
wipe : wipe a partition securely. good for prep'ing a partition for dd
and other typical system tools used for forensics (dd, lsof, strings, grep, etc.)
firewall
/usr/bin/fw/
blockall : script to block all inbound TCP (excepting localhost)
flushall : flush all firewall rules
firestarter : quick way to a firewall
firewalk : map a firewall's rulebase
floppyfw : turn a floppy into a firewall
fwlogwatch : monitor firewall logs
iptables 1.2.8
gtk-iptables : GUI front-end
shorewall 1.4.8-RC1 : iptables based package
honeypots
/usr/bin/honeypot/
honeyd 0.7
labrea : tarpit (slow to a crawl) worms and port scanners
thp : tiny honeypot
ids
/usr/bin/ids/
snort 2.1.0: everyone's favorite networks IDS
ACID : snort web frontend
barnyard : fast snort log processor
oinkmaster : keep your snort rules up to date
hogwash : access control based on snort sigs
bro : network IDS
prelude : network and host IDS
WIDZ : wireless IDS, ap and probe monitor
aide : host baseline tool, tripwire-esque
logsnorter : log monitor
swatch : monitor any file, oh like say syslog
sha1sum
md5sum
syslogd
network utilities
/usr/bin/net-utils/
LinNeighboorhood : browse SMB networks like windows network neighborhood
argus : network auditor
arpwatch : keep track of the MACs on your wire
cdpr : cisco discovery protocol reporter
cheops : snmp, network discovery and monitor tool
etherape : network monitor and visualization tool
iperf : measure IP performance
ipsc : IP subnet calculator
iptraf : network monitor
mrtg : multi router traffic grapher
mtr : traceroute tool
ntop 2.1.0 : network top, protocol analyzer
rrdtool : round robin database
samba : opensource SMB support
tcptrack : track existing connections
password tools
/usr/bin/pwd-tools/
john 1.6.34 : John the Ripper password cracker
allwords2 : CERIAS's 27MB English dictionary
chntpw : reset passwords on a Windows box (including Administrator)
cisilia : distributed password cracker
cmospwd : find local CMOS password
djohn : distributed John the Ripper
pwl9x : crack Win9x password files
rcrack : rainbow crack
servers
/usr/bin/servers
apache
ircd-hybrid
samba
smail
sshd
vnc
net-snmp
tftpd
xinetd
packet sniffers
/usr/bin/sniff/
aimSniff : sniff AIM traffic
driftnet : sniffs for images
dsniff : sniffs for cleartext passwords (thanks Dug)
ethereal 0.10.0 : the standard. includes tethereal
ettercap 0.6.b : sniff on a switched network and more.
filesnarf : grab files out of NFS traffic
mailsnarf : sniff smtp/pop traffic
msgsnarf : sniff aol-im, msn, yahoo-im, irc, icq traffic
ngrep : network grep, a sniffer with grep filter capabilities
tcpdump : the core of it all
urlsnarf : log all urls visited on the wire
webspy : mirror all urls visited by a host in your local browser
tcp tools
/usr/bin/tcp-tools/
arpfetch : fetch MAC
arping : ping by MAC
arpspoof : spoof arp
arpwatch : montior MAC addresses on the wire
despoof : detect spoofed packets via TTL measurement
excalibur : packet generator
file2cable : replay a packet capture
fragroute : packet fragmentation tool (thanks again Dug)
gspoof : packet generator
hopfake : spoof hopcount replies
hunt : tcp hijacker
ipmagic : packet generator
lcrzoex : suite of tcp tools
macof : flood a switch with MACs
packetto : Dan Kaminsky's suite of tools (includes 1.10 and 2.0pre3)
netsed : insert and replace strings in live traffic
packETH : packet generator
tcpkill : die tcp, die!
tcpreplay : replay packet captures
tunnels
/usr/bin/tunnels/
cryptcat : encrypted netcat
httptunnel : tunnel data over http
icmpshell : tunnel data over icmp
netcat : the incomparable tcp swiss army knife
shadyshell : tunnel data over udp
stegtunnel : hide data in TCP/IP headers
tcpstatflow : detect data tunnels
tiny shell : small encrypted shell
vulnerability assessment
/usr/bin/vuln-test/
Way too many to list them all. There's much from THC, ADM, RFP, NMRC, TESO, Phenoelit. Be very careful with these tools. Remember, no guarantees are offered and you are entirely responsible for your own actions.
ADM tools : like ADM-smb and ADMkillDNS
amap 4.5 : maps applications running on remote hosts
IRPAS : Internet Routing Protocol Attack Suite
chkrootkit 0.43 : look for rootkits
clamAV : virus scanner. update your signatures live with freshclam
curl : commandline utility for transferring anything with a URL
exodus : web application auditor
ffp : fuzzy fingerprinter for encrypted connections
firewalk : map a firewall rulebase
hydra : brute force tool
nbtscan : scan SMB networks
ncpquery : scan NetWare servers
nessus 2.0.9 : vulnerability scanner. update your plugins live with nessus-update-plugins
nikto : CGI scanner
nmap 3.48 : the standard in host/port enumeration
p0f : passive OS fingerprinter
proxychains: chain together multiple proxy servers
rpcinfo : hmmmm.... info from RPC?
screamingCobra : CGI scanner
siege : http testing and benchmarking utility
sil : tiny banner grabber
snot : replay snort rules back onto the wire. test your ids/incidence response/etc.
syslog_deluxe : spoof syslog messages
thcrut : THC's "r you there?" network mapper
vmap : maps application versions
warscan : exploit automation tool
xprobe2 : uses ICMP for fingerprinting
yaph : yet another proxy hunter
zz : zombie zapper kills DDoS zombies
wireless tools
/usr/bin/wireless/
airsnarf : rogue AP setup utility
airsnort : sniff, find, crack 802.11b
airtraf : 802.11b network performance analyzer
gpsdrive : use GPS and maps
kismet 3.0.1 : for 802.11 what else do you need?
kismet-log-viewer : manage your kismet logs
macchanger : change your MAC address
wellenreiter : 802.11b discovery and auditing
patched orinoco drivers : automatic (no scripts necessary)