FOSS Security Tools

Resources for Free/Open Source Software Security Tools

Intrusion Detection with SNORT: Advanced IDS Techniques Using SNORT, Apache, MySQL, PHP, and ACID by Khairil Yusof — last modified 2005-12-30 09:09 AM

Protect your network with Snort: the high-performance, open source IDS. Snort gives network administrators an open source intrusion detection system that outperforms proprietary alternatives. This book explains and simplifies every aspect of deploying and managing Snort in your network. Includes custom scripts to integrate Snort with Apache, MySQL, PHP, and ACID so you can build and optimize a complete IDS solution.

Nessus vulnerability scanner by Ryan Talabis — last modified 2006-01-09 04:49 PM

Nessus is the world's most popular vulnerability scanner used in over 75,000 organizations world-wide. Many of the world's largest organizations are realizing significant cost savings by using Nessus to audit business-critical enterprise devices and applications.

Honeywall CDROM by Ryan Talabis — last modified 2006-01-09 04:51 PM

The Honeywall CDROM is a collection of various OpenSource software. The purpose of the Honeywall CDROM is to make it easier to deploy, manage, and derive value from honeynet technologies.

Cain & Abel by Ryan Talabis — last modified 2006-01-12 02:47 PM

Cain & Abel is a password recovery tool for Microsoft Operating Systems. It allows easy recovery of various kind of passwords by sniffing the network, cracking encrypted passwords using Dictionary, Brute-Force and Cryptanalysis attacks, recording VoIP conversations, decoding scrambled passwords, revealing password boxes, uncovering cached passwords and analyzing routing protocols. The program does not exploit any software vulnerabilities or bugs that could not be fixed with little effort. It covers some security aspects/weakness present in protocol's standards, authentication methods and caching mechanisms; its main purpose is the simplified recovery of passwords and credentials from various sources, however it also ships some "non standard" utilities for Microsoft Windows users.

Ethereal network protocol analyzer by Ryan Talabis — last modified 2006-01-09 04:53 PM

Ethereal is used by network professionals around the world for troubleshooting, analysis, software and protocol development, and education. It has all of the standard features you would expect in a protocol analyzer, and several features not seen in any other product. Its open source license allows talented experts in the networking community to add enhancements. It runs on all popular computing platforms, including Unix, Linux, and Windows.

Metasploit Project by Ryan Talabis — last modified 2006-01-09 04:56 PM

The Metasploit Framework is an advanced open-source platform for developing, testing, and using exploit code. This project initially started off as a portable network game and has evolved into a powerful tool for penetration testing, exploit development, and vulnerability research.

HoneyMole 1.0 by Ryan Talabis — last modified 2006-03-01 02:47 PM

A tool designed for virtual deployment of honeypot farms.

Nmap (Network Mapper) by Ryan Talabis — last modified 2006-01-09 05:02 PM

Nmap ("Network Mapper") is a free open source utility for network exploration or security auditing. It was designed to rapidly scan large networks, although it works fine against single hosts. Nmap uses raw IP packets in novel ways to determine what hosts are available on the network, what services (application name and version) those hosts are offering, what operating systems (and OS versions) they are running, what type of packet filters/firewalls are in use, and dozens of other characteristics. Nmap runs on most types of computers and both console and graphical versions are available. Nmap is free and open source.

SARA, spawn of SATAN by Ryan Talabis — last modified 2006-01-31 10:11 AM

If you are an old school Linux or Unix user, you probably remember the System Administrator's Tool for Scanning Networks (SATAN). In 1995, SATAN brought browser-based network auditing to the world. Despite its initial splash, SATAN fell to the wayside due to lack of updates. Thanks to the kind folks at the Advanced Research Corp., SATAN is back, in the form of the Security Auditor's Research Assistant (SARA), a kinder, gentler, easier to use, and more updated auditing tool.

Network Monitoring with Zabbix by Ryan Talabis — last modified 2006-03-14 05:41 PM

Zabbix has the capability to monitor just a about any event on your network from network traffic to how many papers are left in your printer. It produces really cool grahps.

The Perfect Linux Firewall Part I -- IPCop by Ryan Talabis — last modified 2006-03-12 09:04 PM

This document describes how to install the GNU/Linux GPL IPCop firewall and create a small home office network. In the second installment we cover creating a DMZ for hosting your own web server or mail server and the Copfilter proxy for filtering web and email traffic.

John the Ripper password cracker by Ryan Talabis — last modified 2006-01-12 02:50 PM

John the Ripper is a fast password cracker, currently available for many flavors of Unix (11 are officially supported, not counting different architectures), DOS, Win32, BeOS, and OpenVMS. Its primary purpose is to detect weak Unix passwords. Besides several crypt(3) password hash types most commonly found on various Unix flavors, supported out of the box are Kerberos AFS and Windows NT/2000/XP/2003 LM hashes, plus several more with contributed patches.

Secure and Private Browsing with Squid by Ryan Talabis — last modified 2006-03-12 09:01 PM

Browsing a site that supports SSL is a definite way to make sure no one can snoop in on what you're doing -- which is a good thing when you're doing something personal like checking email over the web or buying something from amazon. But if you're just doing stuff like reading the daily news or checking movie times, is privacy that important? The ultra-paranoid will give a resounding "yes" to that question while most people will just shrug. I find myself in between those two parties. At home while I'm reading the news, I could care less if the traffic is encrypted or not. However, when I'm at a public wi-fi spot, it does bother me a bit.

Encrypt filesystems with EncFS and Loop-AES by Ryan Talabis — last modified 2006-03-22 05:15 PM

Encrypted filesystems may be overkill for family photos or your résumé, but they make sense for network-accessible servers that hold sensitive business documents, databases that contain credit-card information, offline backups, and laptops. EncFS and Loop-AES, which are both released under the GNU General Public License (GPL), are two approaches to encrypting Linux filesystems. I'll compare the two and then look at other alternatives.

Zero to IPSec in 4 minutes by Ryan Talabis — last modified 2006-03-17 11:35 PM

This short article looks at how to get a fully functional IPSec VPN up and running between two fresh OpenBSD installations in about four minutes flat.

Add an extra layer of security with systrace by Ryan Talabis — last modified 2006-03-22 05:17 PM

Niels Provos' Systrace is a utility that monitors and controls what an application can access on a system by creating and enforcing access policies for system calls. For the Linux crowd, it's something like the US National Security Agency's SE Linux, but it's more flexible and, if used properly, it can improve a system's overall security by "sandboxing" untrusted applications and users.

Scapy by Khairil Yusof — last modified 2006-03-20 11:05 PM

Scapy is a powerful interactive packet manipulation program. It is able to forge or decode packets of a wide number of protocols, send them on the wire, capture them, match requests and replies, and much more. It can easily handle most classical tasks like scanning, tracerouting, probing, unit tests, attacks or network discovery (it can replace hping, 85% of nmap, arpspoof, arp-sk, arping, tcpdump, tethereal, p0f, etc.). It also performs very well at a lot of other specific tasks that most other tools can't handle, like sending invalid frames, injecting your own 802.11 frames, combining technics (VLAN hopping+ARP cache poisoning, VOIP decoding on WEP encrypted channel, ...), etc.

Nepenthes by Khairil Yusof — last modified 2006-03-24 03:32 PM

Nepenthes is a versatile tool to collect malware. It acts passively by emulating known vulnerabilities and downloading malware trying to exploit these vulnerabilities.

EnGarde Secure Linux by Ryan Talabis — last modified 2006-03-22 05:18 PM

EnGarde Secure Linux is a server-based distribution developed with security in mind. It comes with a minimal set of services so that the server is not unnecessarily exposed, and no superfluous software -- including no X Window-based window manager. Even compilers, such as GCC, are not included. Yet EnGarde enables you to run any sort of Web presence, from a simple mail server to a complete e-commerce site.

Chkrootkit-Portsentry-Howto by Ryan Talabis — last modified 2006-03-27 01:39 PM

This document describes how to install chkrootkit and portsentry. It should work (maybe with slight changes concerning paths etc.) on all *nix operating systems.

A straightforward guide to a complex topic: how to encrypt email with PGP or GPG by Ryan Talabis — last modified 2006-04-10 11:32 AM

In today's world of electronic eavesdropping and computer security breaches, who isn't a little paranoid? The fact is, email isn't private. Any number of people can view your email, whether that someone is working at your ISP, working in your office, or sniffing your communications on the wire. When sending sensitive communications, such as credit card numbers, medical history, or even simple personal or family information, it's critical that you take steps to protect yourself.