|
(Page 3 of 9) < Prev 1 2 3 4 5 6 7 8 Next > Category: Auditing » File Integrity Fenris Added 2002-05-09 Fenris started as a binary code tracing utility, but since the first release, it gets more and more difficult to write a simple summary of its functionality. Fenris is a comprehensive multi-level code tracer, a bit of a C decompiler, an interactive modular debugger, a code analysis tool, an execution path visualisation tool, a function fingerprinting and symtab recovery tool - all depends on how you use it. Fenris is suitable for everything from bug tracking or protocol analysis to forensics and reverse engineering, doing all the mindless work for you and making your life a bit easier. Trophie Added 2002-04-29 Trophie is a daemon which uses libvsapi library from TrendMicro, an antivirus vendor. On startup, Trophie initializes VSAPI, loads virus patterns into memory, opens a local Unix domain socket, waits for someone to connect, and instructs it which path to scan. Since the database is loaded in RAM, scanning is very fast. DLock Added 2002-04-29 A full blown multithreaded file and folder watcher tool. DLock v1.o has 3 modes of operation, and probably many more of total failure. It can lock a file for exclusive access, it can watch your system and alert you when files and folders are created, or it can watch your system and alert you when existing files and folders have changes made to/in them. Like I said, mildly useful. CodeBlue Added 2002-03-14 CodeBlue is an attempt to increase the awareness of hosts that are infected with malicious worms by scanning Apache log files and emailing the infected hosts with details of their infection and how to obtain help removing the worm. Currently, CodeBlue scans Apache logs for Code Red, Code Red 2, and Nimda. Nabou Advanced Host Intrusion Detection System Added 2002-02-28 nabou is a Perl program which can be used to monitor file changes and directories on your system using MD5 checksums. It can also monitor crontab entries, suid files, user accounts, listening TCP/UDP ports, and processes. Nabou stores all data in standard dbm databases. Encrypted databases are supported using RSA public key encryption. Nabou is highly configurable; you can exclude files from being checked, configure which file attributes it should look for, use custom checks, and much more. AIDE (Advanced Intrusion Detection Environment) Added 2002-02-11 AIDE (Advanced Intrusion Detection Environment) is a free replacement for Tripwire(tm). It generates a database that can be used to check the integrity of files on server. It uses regular expressions for determening which files get added to the database. You can use several message digest algorithms to ensure that the files have not been tampered with. xScan Added 2002-02-05 X-Scan is a general network vulnerabilities scanner for scanning network vulnerabilities for specific IP address scope or stand-alone computer by multi-threading method. Plug-ins are supportable and GUI or CUI programs are separately provided. Locker Added 2002-01-30 This tool turns off Windows 2000/.Net Group Policies (GPO) on your network. It is completly automated and you do not have to be administrator to run the application or turn off all of the security policies in your environment. The developer takes no responsibility for damage or loss of production due to missuse of this tool. C++ source code provided by request. Qmail-Scanner Added 2002-01-23 Qmail-Scanner, (also known as scan4virus) is an addon that enables a Qmail Email server to scan all gatewayed Email for certain characteristics. It is typically used for its anti-virus protection functions, in which case it is used in conjunction with commercial virus scanners. but also enables a site to react to Email (at a server/site level) that contains specific strings in particular headers, or particular attachment filenames or types (e.g. *.VBS attachments). It also can be used as an archiving tool for auditing or backup purposes. Qmail-Scanner is integrated into the mail server at a lower level than some other Unix-based virus scanners, resulting in better performance. It is capable of scanning not only locally sent/received Email, but also Email that crosses the server in a relay capacity. screamingCobra Added 2002-01-23 screamingCobra is an application for remote vulnerability discovery in ANY UNKNOWN web applications such as CGIs and PHP pages. Simply put, it attemps to find vulernabilities in all web applications on a host without knowing anything about the applications. Modern CGI scanners scan a host for CGIs with known vulnerabilities. screamingCobra is able to 'find' the actual vulnerabilities in ANY CGI, whether it has been discovered before or not. Browse by category |
|
|
Privacy Statement |
