< Prev 1 2 3 4 5 6 7 8 9 Next >
Category: Auditing » File Integrity
screamingCobra is an application for remote vulnerability discovery in ANY UNKNOWN web applications such as CGIs and PHP pages. Simply put, it attemps to find vulernabilities in all web applications on a host without knowing anything about the applications. Modern CGI scanners scan a host for CGIs with known vulnerabilities. screamingCobra is able to 'find' the actual vulnerabilities in ANY CGI, whether it has been discovered before or not.
The modular syslog allows for an easy implementation of input and output modules. The modules that mantain compatibility with its precursor are included in the standard distribution along with four modules: om_peo (an implementation of PEO-1 and L-PEO, two algorithmic protocols for integrity checking), om_mysql and om_pgsql (modules that sends output to a mysql and postgresql database, respectively) and om_regex (a module that allows output redirection using regular expressions).
Saswire is a little program written in perl , which generates database in SDBM format with modification time, MD5 Checksum, Size and creation time for a list of files specified in a input file, one per line with full pathnames to them. Usefull for checking unwanted modification on UNIX system binaries.
Worm Report 1.2
Worm Report is a very simple Perl script to filter out the known worm hits from the access log, and put them into their own files named for the IP/Host that has been "wormed". A basic report containing the count, hostname, ip, and a guess at the parent domain is then printed to STDOUT to facilitate contacting these individuals. This script is useful in the short term to get the info to the people who need it. Adding a new worm requires adding a new worm hit string to the DATA section of the script, nothing so fancy (or exhaustive) as an Apache module.
cqual is a typed-based analysis tool for finding bugs in C programs. It extends the type system of C with extra user-defined type qualifiers. The programmer annotates their program with the appropriate qualifiers, and cqual checks for errors. Incorrect annotations indicate potential bugs. cqual presents the analysis results using Program Analysis Mode, an emacs-based GUI. Among other applications, cqual can be used to detect potential format-string vulnerabilities. It includes default configuration files to detect format-string bugs out-of-the-box.
Site Watcher is a utility that 'watches' a directory for changes. If a file is deleted or changed, the script will reload that file from a repository. This utility is a MUST HAVE for NT administrators to monitor web, FTP, or user's home directories. The readme file in the archive contains all necessary information to run Site Watcher. Site Watcher was developed on NT 4.0 SP6, using ActiveState Perl build 618. You MUST have Digest::MD5 installed for Site Watcher. This will also require the installation of Convert::ASN1. Both modules can be installed via PPM: ppm install Digest-MD5 ppm install Convert-ASN1 Site Watcher is a Perl module (with an accompanying driver script) that monitors a directory for activity. When a file is deleted or changed, Site Watcher will attempt to reload the file from a repository directory. All activity is logged to a file called 'sw.log', located in the repository directory. Site Watcher has not been tested under the following: 1. Win9x 2. Win2000 3. Remote directories All questions or comments should be sent to email@example.com
SocketWatcher is an SGI utility similar to lsof.
Assitch is a remote packetfilter analyzer, that detects in and OUT rules by doing ACK scanning. (It's useless against state-full filters.) Assitch is nearly 3 years old, but still useful for debugging filter rules.
Integrity checking utility (ICU)
ICU (Integrity Checking Utility) is a Perl program used for executing AIDE filesystem integrity checks on remote hosts from an ICU server and sending reports via email. This is done with help from SSH(1).
Browse by category