|
(Page 7 of 17) < Prev 2 3 4 5 6 7 8 9 10 11 12 Next > Category: Auditing » Host XploiterStat Pro Added 2001-10-22 XploiterStat Pro is a shareware network management tool in a similar vein to the dos program 'Netstat.exe' - i.e. shows all the connections to your machine, listening ports (identifying trojans) etc. allowing you the user to see TCP/UDP & ICMP connections are present on your machine. This is the latest release of the program formerly known as Totostat Enhanced. It can be used by networking professionals to determine what connections are on the machine at any time along with all the ports that may be listening (i.e. services, trojan horses etc.). userdump Added 2001-10-22 The purpose of this app is to illustrate inconsistencies in the MS implementation of the RestrictAnonymous registry setting. RACF PC-based Utilities Added 2001-10-22 The 'RACF' utilities are text processing programs which take an IRRDBU00 ASCII flat file download from RACF and produces as output text reports and depending on the program JCL which can be checked, transfered back to mainframe and submitted. Please refer to the web page for notes on using the RACF utilities, and for the RACF.ini file (not included in the ZIP file). ImSafe - Host Based Anomaly Detection Added 2001-10-22 Immue Security Architecture for Your Enterprise: detect changes in the "normal" behavior of processes (eg: ftp server). Use a kernel driver to monitor system calls and build a "profile" of the monitored application. Fast heuristics for detection of Buffer Overflows. athena-2k.pl Added 2001-10-22 This tool is a ~600 line PERL script that utilizes the Net::SNMP module. It's purpose is to retrieve A LOT of information out of a remote Windows 2000 machine running the SNMP Service with a known community string. I may or may not get around to making it work alright with Windows NT 4, currently it does not. It queries/walks a predefined set of SNMP OIDs, and displays the return values in a nice, formatted ASCII output. I find it to be quite speedy. It's a snapshot of my work so far, most of it being sheer research (trying to find exciting, new OIDs, and THEN finding out what exactly, they're returning that can be useful ;-) ) I think many people will be suprised at the amount of information the SNMP Service shares with the world on a misconfigured (read: default) setup. Among the items one can retrieve from such a server is: - Server Name & Primary Domain/Workgroup - OS version, CPU type (& if it's Multiprocessor or not) - SNMP Contact & Location information (If defined) - System uptime - System date/time - List of all user accounts - Total RAM - Storage devices, volume label, device type, & partition type - Running processes & process id's - Installed applications & the date they were each installed - List of services - List of network interfaces (Description, HW Address, Int Speed, IP address, netmask, Bytes In/Out, Status) - List of all share names, file system location, & comments - Routing table - TCP connections & listening ports - UDP listening ports JMscan Added 2001-10-22 A module-based security-check tool. Currently comes with just tw modules the IIS-Unicode-check and IIS-CGi-filename-decode-check. IIS_PROMISC Added 2001-10-22 MS-IIS Web Server auditing tool, it checks for many serious vulnerabilities using a Perl script, support proxy server and if is found a hole, prints it and the Patch URL. Vlad Added 2001-10-22 VLAD the Scanner is an open-source security scanner that checks for the SANS Top Ten security vulnerabilities commonly found to be the source of a system compromise. It has been tested on Linux, OpenBSD, and FreeBSD. It requires several Perl modules to run (see the README for more details). VLAD has been updated and will check for the latest IIS Unicode bug recently reported in MS00-078. CrucialADS Added 2001-10-22 CrucialADS is a GUI based Alternate Data Stream scanning tool. CrucialADS is designed to quickly and easily detect the presence of Alternate Data Streams in NTFS files and directories. ForixNT Added 2001-10-22 ForixNT is an NT vulnerability scanner...and so much more! ForixNT is a flexible, extensible toolkit that NT administrators can use to automate policy-based security management in a way that fits their infrastructure. Rather than spending $1000's for a commercial product, NT administrators can use ForixNT to collect configuration information from NT systems across the enterprise. For example, ForixNT collects: Host information (Service Pack, HotFixes, modems, trusted domains, etc) Services (state, account each service runs under, etc) Registry key values "Trojan Keys" (see my article, "What you really need to know about network backdoor "trojan" programs"on NT) Audit settings (what events are being audited...if any) EventLog settings (via the Registry) File Permissions (checks for NTFS file system first...even remotely) Registry Permissions Domain Account Policy Browse by category |
|
|
Privacy Statement |
