< Prev 1 2 3 4 5 6 7 8 9 10 11 Next >
Category: Auditing » Host
Saint Jude is a wholly kernel-based intrusion detection and intrusion response system that implements the Saint Jude Model for detection of improper privilege transitions. Saint Jude can detect the presence of ongoing and successful attacks, from sources both local and remote, that would yield root-level access to the attacking individual. Detection is performed using a rule-based anomaly detector that uses a model of normal system behavior that is generated on the protected machine during a training phase. By comparing actual actions against a fully developed model, it is possible to detect attacks against vulnerabilities that are both known and unknown with no false positives or negatives.
Ghost Port Scan
GPS is an advanced port scanner and a firewall rules disclosure software, which uses IP and ARP spoofing, sniffing and other technics in order to perform stealth information collections. GPS is especially efficient in LAN pen-testing, due to its ability to disclose the firewall settings of a host.
Linux Trace Toolkit (LTT)
The Linux trace toolkit is a suite of tools designed to extract program execution details from the Linux operating system and interpret them. Specifically, it enables its user to extract processor utilisation and allocation information for a certain period of time. It is then possible to perform various calculations on this data and dump this in a text file. The list of probed events can also be included in this. The integrated environment, based on the GTK+ library, can also plot these results and perform specific searches.
The ELZA is a scripting language aimed at automating requests on web pages. Scripts written in ELZA are capable of mimicing browser behavior almost perfectly, making it extremely difficult for remote servers to distinguish their activity from the activity generated by ordinary users and browsers. This gives those scripts the opportunity to act upon servers that will not respond to requests generated using netcat, rebol, telnet or similar tool.
NSL is a small, easy to use TCP/IP protocol monitor which can be used to see your exact throughput on both incoming and outgoing data - whether you're using a modem, cable modem, DSL, or even local network. It allows you see how quickly your data goes from your computer to another computer on the internet; it even will tell you how many other computers your data must go through to get there. NSL also graphs your CPU usage of your system. This can be especially useful in identifying if your computer is what's slowing things down, or if it's your internet connection.
SNARE (System iNtrusion Analysis and Reporting Environment) is a dynamically loadable kernel module that will form the basis for a host intrusion detection facility and C2-style auditing/event logging capability for Linux.
Diskmon for Windows NT
Diskmon is a GUI/device driver combination that together monitor and display all hard disk activity on a system. It has advanced search capabilities that make it a powerful tool for exploring the way NT works and seeing how file systems use the hard disks.
Remote Access Session
Remote Access Session is a security tool to analyze the integrity of systems. The program tries to gain access to a system using the most advanced techniques of remote intrusion. It can either work in normal mode (which is fast) or hard mode (which is more intensive). There is a big difference between Remote Access Session and other remote security audit tools. If Remote Access Session finds a remote vulnerability that gives user account or root, it will try to exploit it and it will return a shell. This allows a network administrator to discard false positives regarding remote vulnerabilities. It also includes all of the information from service banners in its output. It performs vendor and version detection on Web servers and other common servers, and also attempts remote OS identification.
Pluto is a tool that allows you to perform automated vulnerability assesment against remote host. Features included are: - Multi thread portscanner - CGI scanner - Port fingerprinting (under construction, can cause GUI to hang) - MSSQL Audit - FTP Audits - SMTP Audits - Password Audit - Great database of vulnerable software
LADS (List Alternate Data Streams)
LADS (List Alternate Data Streams) scans the entire drive or a given directory. It lists the names and size of all alternate data streams it finds.
Browse by category