ubuntu into a auditing machine

8/10/2019 Ubuntu Into a Auditing Machine

1/30

#!/bin/sh# securitybox.sh - Turn a generic Ubuntu or Debian SO into a security auditing machine with one command# Version 1.01# ekx0day at GMAIL.COM# Yu may have r00t privileges in order to install

if [ `id | cut -d= -f3 | cut -d\( -f1` = 0 ]then echo echo " Okay, you are r00t and can run this script" echosleep 1

# dnswalk#Checks dns zone information using nameserver lookups#dnswalk is a DNS debugger. It performs zone transfers of specified#domains, and checks the database in numerous ways for internal#consistency, as well as accuracy.apt-get -y install dnswalk

# dns-bruteforce

# dnsenum# dnsmap# DNSPredict# Finger Google

#finger-ldap#Finger for machines that authenticate against LDAP#finger-ldap displays information about system users, by calling the BSD#finger command. However, it works around a gross inefficiency of#BSD finger's full-name matching algorithm by exploiting the LDAP#Search Filter mechanism, outlined in RFC 2254.#apt-get -y install finger-ldap

# Commented out because the install asked too many questions

# Firewalk# Goog Mail Enum# Google-search# Googrape# Gooscan

# Host#utility for querying DNS servers#'host' is a utility, similar to 'nslookup' (deprecated) or 'dig',#used to query DNS servers for domain names and zones.

##This package provides the original version of 'host', originally#in the package 'dnsutils'. BIND9 provides a similar utility, in#'bind9-host'.# apt-get -y install bind9-hostapt-get -y install host

#Internetwork Routing Protocol Attack Suite#Despite the "exciting" title this is merely a collection of programs


2/30

#used for advanced network operations, testing, and debugging.##CDP and the route injectors can be useful in a production network.#Several other tools are useful for security and firewall testing.#Finally some tools such as netenum are useful for general admin#scripting.##Like all powerful tools, someone whom is terminally stupid could#cause great damage when using these tools, so be careful.##cdp - Cisco discovery protocol packet sender#igrp - IGRP route injector#ass - Autonomous system scanner#irdp - IRDP sender#irdpresponder - IRDP responder#itrace - ICMP based traceroute#tctrace - TCP SYN based traceroute#protos - ICMP based port scanner#netmask - Asks for netmask via ICMP#file2cable - Dumps any binary file direct to ethernet#dfkaa - Troubleshoot devices formerly known as Ascend (Pipeline, etc)#netenum - Ping scanner designed for shell scripts#hsrp - HSRP failover tester#icmp_redirect - ICMP redirection system

#timestamp - ICMP timestamp requester#dhcpx - DHCP server "exerciser"##I placed this program in "non-free" because per the license:#1) A developer is required to get written permission to use code# from IRPAS in derivative works#2) Users are barred from using this software for illegal purposesapt-get -y install irpas

# Pirana# QGoogle# Relay Scanner

# SMTP-Vrfy

# - Network Mapping# Amap 5.2# Autoscan 0.99_R1

# cdpr#Cisco Discovery Protocol Reporter#cdpr listens on specified network interfaces for Cisco Discovery#Protocol packets. It then decodes those packets and outputs the#information, optionally sending the information to a server for

#processing.apt-get -y install cdpr

# Cheops NG#Network swiss army knife#Cheops-ng is a Network management tool for mapping and monitoring#your network. It has host/network discovery functionality as well as#OS detection of hosts making. Cheops-ng has the ability to probe hosts to see#what services they are running. On some services, cheops-ng is actually


3/30

#able to see what program is running for a service and the version#number of that program.##Cheops-ng is a replacement for Cheops ('ng' stands for 'Next Generation').#Main differences with cheops are:# * Cheops is a GUI program whereas cheops-ng has a backend server# that is running all of the time. The GUI for cheops-ng just logs into# the server to use the server's functions, like OS detection and mapping.# * OS detection is done with nmap not with queso (which is out of date)# * Cheops-ng does not have monitoring capabilities yet.# * It is being maintained and supported##Homepage: http://cheops-ng.sourceforge.netapt-get -y install cheops-ng

# doscan#port scanner for discovering services on large networks#doscan is a tool to discover TCP services on your network. It is#designed for scanning a single ports on a large network. doscan#contacts many hosts in parallel, using standard TCP sockets provided#by the operating system. It is possible to send strings to remote#hosts, and collect the banners they return.#

#There are better tools for scanning many ports on a small set of#hosts, for example nmap.apt-get -y install doscan

# Fping#sends ICMP ECHO_REQUEST packets to network hosts#fping is a ping like program which uses the Internet Control Message Protocol#(ICMP) echo request to determine if a target host is responding. fping#differs from ping in that you can specify any number of targets on the command#line, or specify a file containing the lists of targets to ping. Instead of#sending to one target until it times out or replies, fping will send out a#ping packet and move on to the next target in a round-robin fashion.

## Homepage: http://www.fping.com/apt-get -y install fping

# Hping#Active Network Smashing Tool#hping3 is a network tool able to send custom ICMP/UDP/TCP packets and#to display target replies like ping does with ICMP replies. It handles#fragmentation and arbitrary packet body and size, and can be used to#transfer files under supported protocols. Using hping3, you can test#firewall rules, perform (spoofed) port scanning, test network#performance using different protocols, do path MTU discovery, perform#traceroute-like actions under different protocols, fingerprint remote

#operating systems, audit TCP/IP stacks, etc. hping3 is scriptable#using the TCL language.#apt-get -y install hping2apt-get -y install hping3

# IDSWakeup#tool for testing network intrusion detection systems#idswakeup is a Bourne shell script invoking hping2 (required) and iwu#(part of this package) to generate false alarms in order to check if#a network intrusion detection system works all right.


4/30

##idswakeup requires no configuration and includes many common attack#simulations.apt-get -y install idswakeup

# Python-Scapy#Packet generator/sniffer and network scanner/discovery#Scapy is a powerful interactive packet manipulation tool, packet#generator, network scanner, network discovery, packet sniffer, etc. It#can for the moment replace hping, 85% of nmap, arpspoof, arp-sk, arping,#tcpdump, tethereal, p0f, ....##In scapy you define a set of packets, then it sends them, receives#answers, matches requests with answers and returns a list of packet couples#(request, answer) and a list of unmatched packets. This has the big advantage#over tools like nmap or hping that an answer is not reduced to#(open/closed/filtered), but is the whole packet.## Homepage: http://www.secdev.org/projects/scapy/apt-get -y install python-scapy

# IKE-Scan#discover and fingerprint IKE hosts (IPsec VPN Servers)

#ike-scan discovers IKE hosts and can also fingerprint them using the#retransmission backoff pattern.##ike-scan does two things:##a) Discovery: Determine which hosts are running IKE.# This is done by displaying those hosts which respond to the IKE requests# sent by ike-scan.# .#b) Fingerprinting: Determine which IKE implementation the hosts are using.# This is done by recording the times of the IKE response packets from the# target hosts and comparing the observed retransmission backoff pattern# against known patterns.

# .# The retransmission backoff fingerprinting concept is discussed in more# detail in the UDP backoff fingerprinting paper which should be included# in the ike-scan kit as udp-backoff-fingerprinting-paper.txt.apt-get -y install ike-scan

# IKEProbe

# lft#layer-four traceroute#lft sends various TCP SYN and FIN probes (differing from Van Jacobson's#UDP-based method) utilizing the IP protocol "time to live" field and

#attempts to elicit an ICMP TIME_EXCEEDED response from each gateway along#the path to some host.#lft also listens for various TCP and ICMP messages along the way to assist#network managers in ascertaining per-protocol heuristic routing information#and can optionally retrieve various information about the networks it#traverses.##Homepage: http://www.mainnerve.com/lft/index.htmlapt-get -y install lft


5/30


6/30

#user-end computer it could be used as powerful IDS add-on. p0f#supports full tcpdump-style filtering expressions, and has an#extensible and detailed fingerprinting database.apt-get -y install p0f

# pnscan#Multi threaded port scanner#Pnscan is a multi threaded port scanner that can scan a large network#very quickly. If does not have all the features that nmap have but#is much faster.apt-get -y install pnscan

# PSK-Crack

# Paketto#Unusual TCP/IP testing tools#The Paketto Keiretsu is a collection of tools that use new and unusual#strategies for manipulating TCP/IP networks. scanrand is said to be#faster than nmap and more useful in some scenarios.##This package includes:# * scanrand, a very fast port, host, and network trace scanner# * minewt, a user space NAT/MAT (MAC Address Translation) gateway

# * linkcat(lc), that provides direct access to the network (Level 2)# * paratrace, a "traceroute"-like tool using existing TCP connections# * phentropy, that plots a large data source onto a 3D matrixapt-get -y install paketto

# SinFP# UnicornScan# UnicornScan pgsql 0.4.6e module version 1.03

# XProbe2#Remote OS identification

#Xprobe2 allows you to determine what operating system is running on a#remote host. It sends several packets to a host and analyses the#returned answers.##Xprobe2's functionality is comparable to the OS fingerprinting feature#in nmap (written by a different Fyodor):# - Outputs its level of confidence about the OS on the remote host.# - Remains usable even if intermediate systems (routers, firewalls) make# slight modifications to the packets.# - Can list the type of intermediate device (e.g. "Linux IP masquerading").# - Modular architecture allows new fingerprinting tests and new OS# signatures to be added.#

#Project homepage: apt-get -y install xprobe

# PBNJ#a suite of tools to monitor changes on a network#PBNJ is a network suite to monitor changes that occur on a network#over time. It does this by checking for changes on the target#machine(s), which includes the details about the services running on


7/30

#them as well as the service state. PBNJ parses the data from a scan#and stores it in a database. PBNJ uses Nmap to perform scans.apt-get -y install pbnj

# zenmap#The Network Mapper Front End#Zenmap is an Nmap frontend. It is meant to be useful for advanced users#and to make Nmap easy to use by beginners. It was originally derived#from Umit, an Nmap GUI created as part of the Google Summer of Code.apt-get -y install zenmap

# - Vulnerability Identification# Absinthe# Bed# CIRT Fuzzer# Checkpwd# Cisco Auditing Tool# Cisco Enable Bruteforcer# Cisco Global Exploiter# Cisco OCS Mass Scanner# Cisco Scanner# Cisco Torch

# Curl#Get a file from an HTTP, HTTPS or FTP server#curl is a client to get files from servers using any of the supported#protocols. The command is designed to work without user interaction#or any kind of interactivity.##curl offers a busload of useful tricks like proxy support, user#authentication, ftp upload, HTTP post, file transfer resume and more.apt-get -y install curl

# eLinks

#Advanced text-mode WWW browser#ELinks (Enhanced Links) is a lynx-like character mode browser, created#from the Links browser with many patches and enhancements. It includes#support for rendering tables and frames, features background downloads,#can display colors, supports the Lua scripting language, IPV6 and has#many other features.apt-get -y install elinks

# fragroute#Test a NIDS by attempting to evade using fragmented packets#fragroute intercepts, modifies, and rewrites egress traffic destined

#for a specified host, implementing most of the attacks described in the#Secure Networks "Insertion, Evasion, and Denial of Service: Eluding#Network Intrusion Detection" paper of January 1998.##It features a simple ruleset language to delay, duplicate, drop,#fragment, overlap, print, reorder, segment, source-route, or otherwise#monkey with all outbound packets destined for a target host, with#minimal support for randomized or probabilistic behaviour.##This tool was written in good faith to aid in the testing of network


8/30

#intrusion detection systems, firewalls, and basic TCP/IP stack#behaviour. Please do not abuse this software.apt-get -y install fragroute

# fragrouter#Test a NIDS by attempting to evade using fragmented packets#Fragrouter is aimed at testing the correctness of a NIDS, according#to the specific TCP/IP attacks listed in the Secure Networks NIDS#evasion paper. ``Insertion, Evasion, and Denial of Service: Eluding#Network Intrusion Detection.'' It does this by routing network#traffic in such a way as to elude most network intrusion detection#systems.apt-get -y install fragrouter

# fuzz#stress-test programs by giving them random input#The fuzz generator is designed to attack certain kinds of software and#expose one particular kind of bug common in software. This is the#situation where the programmer implicitly makes some assumptions about#the data stream that the program will be parsing. If the data stream#is substantially different then the program might not be able to deal#with it.

apt-get -y install fuzz

# Fuzzer 1.2# GFI LanGuard 2.0# GetSids# HTTP PUT# Halberd

# harden-remoteaudit#Audit your remote systems from this host#This package helps you to install a set of tools to check remote systems,#sniff for passwords and more. Observe that this kind of activity can be

#illegal so you have to check if you are authorized to do so in the environment#where you install this package.##You can check exploits, sniff for passwords and similar things.##Nessus note: You have to have the nessus client installed on some host. The#client is provided by the 'nessus' package. You can install it on the same#host but that is not necessary.##NOTE! This package includes packages that can damage the system that#you audit. It should ONLY be used to audit hosts, networks or systems#that you are allowed to audit. I repeat: it can damage the hosts that are#checked. You have been warned!

apt-get -y install harden-remoteaudit

# Httprint# Httprint GUI# ISR-Form# Jbrofuzz# List-Urls# Merge Router Config


9/30


10/30

#and smbspool. If you want to mount shares exported from Microsoft#Windows machines or a Samba server you must install the smbfs package.apt-get -y install smb-client

# SMB Serverscan

# SMB-NAT#Netbios Auditing Tool#This tool can perform various security checks on remote#servers running NetBIOS file sharing services. It#is capable of enumerating shares and make break-in attempts#using a (user-provided) list of users and passwords.apt-get -y install smb-nat

# SMBdumpusers# SMBgetserverinfo

# SNMP Scanner# SNMP Walk

# scli#a collection of SNMP command line management tools#The scli package was written in order to have small and efficient command#line utility to monitor and configure network devices and host systems. The#scli package is based on the SNMP management protocol and it utilizes a#MIB compiler called smidump to generate C stub code. In fact, virtually no#SNMP knowledge is required in order to extend the scli programs with new#features.##In other words, the slogan for this little package is:## "After more than 10 years of SNMP, I felt it is time for really useful

# command line SNMP monitoring and configuration tools. ;-)"##(description taken from upstream sources)##scli replaces the stools packageapt-get -y install scli

# Spike Proxy#Web application security testing proxy#SPIKE proXy is part of the SPIKE Application Testing Suite,#It functions as an HTTP and HTTPS proxy, and allows the web developer#or web application auditor low level access to the entire web application

#interface, while also providing a bevy of automated tools and techniques#for discovering common problems. These automated tools include:## - Automated SQL Injection Detection# - Web Site Crawling (guaranteed not to crawl sites other than# the one being tested)# - Login form brute forcing# - Automated overflow detection# - Automated directory traversal detection#


11/30

#In addition to automated analysis, SPIKE proXy allows the user to#analyse the internals of the web application by viewing and changing#all variables, cookies, headers, or other parts of the request and#resubmit them. Also, a single installation can be shared by multiple users.apt-get -y install spikeproxy

# SQL Inject# SQL Scanner# SQLLibf# SQLbrute# Sidguess

# xsmbrowser#X11 tool for navigating SMB Networks#xSMBrowser is a tool for navigating SMB Networks (Samba, SMB, CIFS).#It retains the features of the program it was based upon (Microsoft's#Network Neighborhood), but adds convenient features for Unix users.#These include mounting, ability to change networks on-the-fly, and#conveniences such as a Stop Button.apt-get -y install xsmbrowser

# Snmpcheck# Snmp Enum

# Spike# Stompy# SuperScan# TNScmd# Taof# VNC_bypauth

# Wapiti#Web application vulnerability scanner#Wapiti allows you to audit the security of your web applications.#It performs "black-box" scans, i.e. it does not study the source code of the#application but will scans the webpages of the deployed webapp, looking for

#scripts and forms where it can inject data.#Once it gets this list, Wapiti acts like a fuzzer, injecting payloads to see#if a script is vulnerable.#Wapiti can detect the following vulnerabilities:# - File Handling Errors (Local and remote include/require, fopen, ...)# - Database Injection (PHP/JSP/ASP SQL Injections and XPath Injections)# - XSS (Cross Site Scripting) Injection# - LDAP Injection# - Command Execution detection (eval(), system(), passtru()...)# - CRLF Injection (HTTP Response Splitting, session fixation...)## Homepage: http://wapiti.sourceforge.net/#apt-get -y install wapiti

# Yersinia#Network vulnerabilities check software#Yersinia is a framework for performing layer 2 attacks. It is designed#to take advantage of some weakeness in different network protocols. It#pretends to be a solid framework for analyzing and testing the deployed#networks and systems.##Attacks for the following network protocols are implemented in this


12/30

#particular release:# - Spanning Tree Protocol (STP).# - Cisco Discovery Protocol (CDP).# - Dynamic Trunking Protocol (DTP).# - Dynamic Host Configuration Protocol (DHCP).# - Hot Standby Router Protocol (HSRP).# - 802.1q.# - 802.1x.# - Inter-Switch Link Protocol (ISL).# - VLAN Trunking Protocol (VTP).## Homepage: http://www.yersinia.net/#apt-get -y install yersina

# zzuf#transparent application input fuzzer#Zzuf is a transparent fuzzer. It works by intercepting applications' file#and network operations and changing random bits in their input. Its behaviour#is deterministic, making it easy to reproduce bugs.##Zzuf has support for variable fuzzing ratio, character filtering, fuzzing#decision based on filenames and optional network fuzzing. It can also stop#processes that run for too long or that output too much data.

apt-get -y install zzuf

# sqlanlz# sqldict# sqldumplogins# sqlquery# sqlupload

# - Penetration# Framework3-MsfC# Framework3-MsfUpdate

# Framework3-Msfcli# Framework3-Msfweb# Init Pgsql (autopwn)# Milw0rm Archive# MsfCli# MsfConsole# MsfUpdate# OpenSSL-To-Open# Update Milw0rm

# - Privilege Escalation

# Ascend attacker

# BitTwist#libpcap-based Ethernet packet generator#Bit-Twist is designed to complement tcpdump, which by itself has done a great#job in capturing network traffic. Bit-Twist can regenerate the captured#traffic onto a live network (the packets are generated from tcpdump trace#file, generating a .pcap file).#


13/30

#Bit-Twist also comes with a comprehensive trace file editor to allow to change#the contents of a trace file.##Generally, a packet generator is useful in simulating networking traffic or#scenario, testing firewall, IDS, and IPS, and troubleshooting various network#problems.##The Bit-Twist features are:## * send multiple trace files at a time;# * send packets at a specific speed or line rate in Mbps;# * comprehensive trace file editor with control over most fields in# Ethernet, ARP, IP, ICMP, TCP, and UDP headers with automatic header# checksum correction;# * append user payload to existing packets after a specific header;# * select a specific range of packets and save them in another trace file;# * if you are teaching Computer Networks classes, you may find Bit-Twist# useful as a practical teaching material. It gives your students a# hands-on experience to learn various networking protocols etc.apt-get -y install bittwist

# CDP Spoofer# Cisco Enable Bruteforcer

# Crunch Dictgen# DHCPX Flooder# DNSspoof

# Driftnet#Picks out and displays images from network traffic#Inspired by EtherPEG, Driftnet is a program which listens to network#traffic and picks out images from TCP streams it observes. It is#interesting to run it on a host which sees a lot of web traffic.##(Obviously, this is an invasion of privacy of a fairly blatant sort.#Also, if you are possessed of Victorian sensibilities, and share an

#unswitched network with others who are not, you should probably not#use it.)## Homepage: http://www.ex-parrot.com/~chris/driftnet/apt-get -y install driftnet

# Dsniff#Various tools to sniff network traffic for cleartext insecurities#This package contains several tools to listen to and create network traffic:## * arpspoof - Send out unrequested (and possibly forged) arp replies.# * dnsspoof - forge replies to arbitrary DNS address / pointer queries

# on the Local Area Network.# * dsniff - password sniffer for several protocols.# * filesnarf - saves selected files sniffed from NFS traffic.# * macof - flood the local network with random MAC addresses.# * mailsnarf - sniffs mail on the LAN and stores it in mbox format.# * msgsnarf - record selected messages from different Instant Messengers.# * sshmitm - SSH monkey-in-the-middle. proxies and sniffs SSH traffic.# * sshow - SSH traffic analyser.# * tcpkill - kills specified in-progress TCP connections.# * tcpnice - slow down specified TCP connections via "active"


14/30

# traffic shaping.# * urlsnarf - output selected URLs sniffed from HTTP traffic in CLF.# * webmitm - HTTP / HTTPS monkey-in-the-middle. transparently proxies.# * webspy - sends URLs sniffed from a client to your local browser# (requires libx11-6 installed).##Please do not abuse this software.apt-get -y install dsniff

# Etherape#graphical network monitor modeled after etherman#EtherApe is an etherman clone. It displays network activity#graphically. Active hosts are shown as circles of varying size,#and traffic among them is shown as lines of varying width. It's#Gnome and libpcap based.apt-get -y install etherape

# EtterCap#Multipurpose sniffer/interceptor/logger for switched LAN#Ettercap supports active and passive dissection of many protocols#(even ciphered ones) and includes many feature for network and host#analysis.

##Data injection in an established connection and filtering (substitute#or drop a packet) on the fly is also possible, keeping the connection#synchronized.##Many sniffing modes were implemented to give you a powerful and complete#sniffing suite. It's possible to sniff in four modes: IP Based, MAC Based,#ARP Based (full-duplex) and PublicARP Based (half-duplex).##It has the ability to check whether you are in a switched LAN or#not, and to use OS fingerprints (active or passive) to let you know the#geometry of the LAN.apt-get -y install ettercap

# HSRP Spoofer# Hash Collision# Httpcapture# Hydra# Hydra GTK# ICMP Redirect

# ICMPush#ICMP packet builder#icmpush is a tool that builds ICMP packets fully customized

#from command line.##It supports the following ICMP error types: Redirect, Source#Quench, Time Exceeded, Destination Unreach and Parameter#Problem.##And the following ICMP information types: Address Mask Request,#Timestamp, Information Request, Echo Request, Router Solicitation#and Router Advertisement.apt-get -y install icmpush


15/30

# IGRP Spoofer# IRDP Responder# IRDP Spoofer

# John the Ripper#active password cracking tool#john, mostly known as John the Ripper, is a tool designed to help systems#administrators to find weak (easy to guess or crack through brute force)#passwords, and even automatically mail users warning them about it, if it#is desired.##It can also be used with different cyphertext formats, including Unix's#DES and MD5, Kerberos AFS passwords, Windows' LM hashes, BSDI's extended DES,#and OpenBSD's Blowfish.##Homepage: http://www.openwall.com/john/apt-get -y install john

# Lodowep

# Medusa#fast, parallel, modular, login brute-forcer for network services#Medusa is intended to be a speedy, massively parallel, modular, login#brute-forcer. The goal is to support as many services which allow remote#authentication as possible. The author considers following items as some of#the key features of this application:# * Thread-based parallel testing. Brute-force testing can be# performed against multiple hosts, users or passwords# concurrently.# * Flexible user input. Target information (host/user/password) can# be specified in a variety of ways. For example, each item can be# either a single entry or a file containing multiple entries.# Additionally, a combination file format allows the user to

# refine their target listing.# * Modular design. Each service module exists as an# independent .mod file. This means that no modifications are# necessary to the core application in order to extend the# supported list of services for brute-forcing.apt-get -y install medusa

# nast#packet sniffer and lan analyzer#Can sniff in normal mode or in promiscuous mode the packets on a network#interface and log it. It dumps the headers of packets and the payload in#ascii or ascii-hex format. You can apply a filter. The sniffed data can

#be saved in a separated file.##As analyzer tool, it has many features like:# * Build LAN hosts list# * Follow a TCP-DATA stream# * Find LAN internet gateways# * Discover promiscuous nodes# * Reset an established connection# * Perform a single half-open portscanner# * Perform a multi half-open portscanner


16/30


17/30

#to define (spoof) nearly all TCP, UDP, ICMP, IP, ARP, RARP, and Ethernet#header options, Packit can be useful in testing firewalls, intrusion#detection systems, port scanning, simulating network traffic, and general#TCP/IP auditing. Packit is also an excellent tool for learning TCP/IP.apt-get -y install packit

# PHoss

# PackETH#ethernet packet generator#packeth is a GUI packet generator tool for ethernet.#It allows you to create and send any possible packet#or sequence of packets on the ethernet.##You can create and send any ethernet packet. The#supported protocols are: ethernet II, ethernet#802.3, 802.1q, QinQ, ARP, IPv4, UDP, TCP, ICMP,#IGMP, RTP.apt-get -y install packeth

# Rcrack

# sendip#A commandline tool to allow sending arbitrary IP packets#SendIP has a large number of command line options to specify the#content of every header of a RIP, TCP, UDP, ICMP or raw IPv4 and IPv6#packet. It also allows any data to be added to the packet. Checksums#can be calculated automatically, but if you wish to send out wrong#checksums, that is supported too.apt-get -y install sendip

# SIPdump

# SMB Sniffer

# Sing#A fully programmable ping replacement#Sing is a little tool that sends ICMP packets fully customized from command#line. The main purpose is to replace/complement the nice ping command#with certain enhancements as:# - Send fragmented packets (Linux and BSD).# - Send monster packets > 65534 (Linux and BSD).# - Send/read spoofed packets.(Libpcap included in distribution).# - Send many ICMP Information types in addition to the ECHO REQUEST type# sent by default as Address Mask Request, Timestamp, Information Request,

# - Router Solicitation and Router Advertisement.# - Send many ICMP error types: Redirect, Source Quench, Time Exceeded,# Destination Unreach and Parameter Problem.# - Send to host with Loose or Strict Source Routing.# - Use little fingerprinting techniques to discover Windows or Solaris# boxes.# - Send ICMP packets emulating certain OS: Cisco, Solaris, Linux, Shiva,# Unix and Windows at the moment.apt-get -y install sing# Note: sing asks whether to be suid - this response should be scripted


18/30

# sucrack#multithreaded su bruteforcer#sucrack is a multithreaded Linux/UNIX tool for cracking local user#accounts via wordlist bruteforcing suapt-get -y install sucrack

# tcpxtract#extracts files from network traffic based on file signatures#tcpxtract is a fast console tool to extract files from network traffic#based on file headers and footers (so called carving).#26 file formats are supported out of the box by tcpxtract but new formats#can be added without problems.#Foremost configurations are simple to convert to tcpxtracts configuration#files.##It uses libpcap and it can be used with tcpdump files.apt-get -y install tcpxtract

# TFTP-Brute# THC PPTP

# TcPick#TCP stream sniffer and connection tracker#This libpcap-based textmode sniffer can:# * track, reassemble and reorder TCP streams# * save the captured flows in different files or display them in the terminal# * display all the stream on the terminal with different display modes like# hexdump, hexdump + ascii, only printable characters, raw mode, colorized# mode ...# * handle several network interface types, including ethernet cards and PPP# interfacesapt-get -y install tcpick

# VNCrack# WebCrack

# Wireshark#network traffic analyzer#Wireshark is a network traffic analyzer, or "sniffer", for Unix and#Unix-like operating systems. A sniffer is a tool used to capture#packets off the wire. Wireshark decodes numerous protocols (too many#to list).#

#This package provides wireshark (the GTK+ version)apt-get -y install wireshark

# Wireshark Wifi# WyD# XSpy

# chntpw


19/30

#NT SAM password recovery utility#This little program provides a way to view information and#change user passwords in a Windows NT/2000 userdatabase file.#Old passwords need not be known since they are overwritten.#In addition it also contains a simple registry editor#(same size data writes) and an hex-editor which enables you to#fiddle around with bits and bytes in the file as you wish.##If you want GNU/Linux bootdisks for offline password recovery#you can add this utility to custom image disks or use those provided#at the tools homepage.## Homepage: http://home.eunet.no/~pnordahl/ntpasswd/apt-get -y install chntpw

# bkhive#Dump the syskey bootkey from a Windows NT/2K/XP system hive#This tool is designed to recover the syskey bootkey from a Windows NT/2K/XP#system hive. Then we can decrypt the SAM file with the syskey and dump#password hashes.##Syskey is a Windows feature that adds an additional encryption layer to the#password hashes stored in the SAM database.

apt-get -y install bkhive

# samdump2#Dump Windows 2k/NT/XP password hashes#This tool is designed to dump Windows 2k/NT/XP password hashes from a SAM#file. It requires the syskey key which can be found with tools like bkhive.##Syskey is a Windows feature that adds an additional encryption layer to the#password hashes stored in the SAM database.apt-get -y install samdump2

# - Maintaining Access# 3proxy# Backdoors# Matahari

# CryptCat#TCP/IP swiss army knife extended with twofish encryption#Cryptcat is a simple Unix utility which reads and writes data across#network connections, using TCP or UDP protocol while encrypting the#data being transmitted.#It is designed to be a reliable "back-end" tool that can be used directly

#or easily driven by other programs and scripts. At the same time, it is a#feature-rich network debugging and exploration tool, since it can create#almost any kind of connection you would need and has several interesting#built-in capabilities.apt-get -y install cryptcat

# httptunnel#Tunnels a data stream in HTTP requests.#Creates a bidirectional virtual data stream tunnelled in


20/30

#HTTP requests. The requests can be sent via a HTTP proxy#if so desired.apt-get -y install httptunnel

# ICMPTX

# Iodine#tool for tunneling IPv4 data through a DNS server#This is a piece of software that lets you tunnel IPv4 data through a DNS#server. This can be usable in different situations where internet access is#firewalled, but DNS queries are allowed.##iodine is similar to nstx but has password authentication, brings up the#tun interface automatically and lets the user specify the IP address as a#command line option.apt-get -y install iodine

# NSTX#Tunnel IP over DNS#nstx allows you to pass IP packets via DNS queries. This allows you to use

#standard network protocols when otherwise only DNS would be available.apt-get -y install nstx

# Privoxy#Privacy enhancing HTTP Proxy#Privoxy is a web proxy with advanced filtering capabilities for#protecting privacy, filtering web page content, managing cookies,#controlling access, and removing ads, banners, pop-ups and other#obnoxious Internet junk. Privoxy has a very flexible configuration#and can be customized to suit individual needs and tastes. Privoxy#has application for both stand-alone systems and multi-user networks.#

#Privoxy is based on Internet Junkbuster (tm).apt-get -y install privoxy

# tor#anonymizing overlay network for TCP#Tor is a connection-based low-latency anonymous communication system which#addresses many flaws in the original onion routing design.##In brief, Onion Routing is a connection-oriented anonymizing communication#service. Users choose a source-routed path through a set of nodes, and#negotiate a "virtual circuit" through the network, in which each node#knows its predecessor and successor, but no others. Traffic flowing down

#the circuit is unwrapped by a symmetric key at each node, which reveals#the downstream node.##Basically Tor provides a distributed network of servers ("onion#routers"). Users bounce their tcp streams (web traffic, ftp, ssh, etc)#around the routers, and recipients, observers, and even the routers#themselves have difficulty tracking the source of the stream.##Note that Tor does no protocol cleaning. That means there is a danger that#application protocols and associated programs can be induced to reveal


21/30

#information about the initiator. Tor depends on Privoxy and similar protocol#cleaners to solve this problem.##Client applications can use the Tor network by connecting to the local#onion proxy. If the application itself does not come with socks support#you can use a socks client such as tsocks. Some web browsers like mozilla#and web proxies like privoxy come with socks support, so you don't need an#extra socks client if you want to use Tor with them.##This package enables only the onion proxy by default, but it can be configured#as a relay (server) node.##Remember that this is development code -- don't rely on the current Tor#network if you really need strong anonymity.##The latest information can be found at http://tor.eff.org/, or on the#mailing lists, archived at http://archives.seul.org/or/talk/ or#http://archives.seul.org/or/announce/.apt-get -y install tor

# ProxyTunnel

# Rinetd#Internet TCP redirection server#rinetd redirects TCP connections from one IP address and port to another,#with basic IP-based access control.##rinetd is a single-process server which handles any number of connections#to the address/port pairs specified in the file /etc/rinetd.conf. Since#rinetd runs as a single process using nonblocking I/O, it is able to#redirect a large number of connections without a severe impact on the#machine. This makes it practical to run services on machines inside an IP#masquerading firewall.apt-get -y install rinetd

# TinyProxy#A lightweight, non-caching, optionally anonymizing http proxy#An anonymizing http proxy which is very light on system resources,#ideal for smaller networks and similar situations where other proxies#(such as Squid) may be overkill and/or a security risk. Tinyproxy can#also be configured to anonymize http requests (allowing for exceptions#on a per-header basis).apt-get -y install tinyproxy

# sbd

# socat#multipurpose relay for bidirectional data transfer#Socat (for SOcket CAT) establishes two bidirectional byte streams#and transfers data between them. Data channels may be files, pipes,#devices (terminal or modem, etc.), or sockets (Unix, IPv4, IPv6, raw,#UDP, TCP, SSL). It provides forking, logging and tracing, different#modes for interprocess communication and many more options.##It can be used, for example, as a TCP relay (one-shot or daemon),


22/30

#as an external socksifier, as a shell interface to Unix sockets,#as an IPv6 relay, as a netcat and rinetd replacement, to redirect#TCP-oriented programs to a serial line, or to establish a relatively#secure environment (su and chroot) for running client or server shell#scripts inside network connections.apt-get -y install socat

# - Covering Tracks# Housekeeping

# - Radio Network Analysis# - 802.11# AFrag# ASLeap

# Air Crack NG#wireless WEP/WPA cracking utilities#aircrack-ng is an 802.11a/b/g WEP/WPA cracking program that can recover a#40-bit, 104-bit, 256-bit or 512-bit WEP key once enough encrypted packets have

#been gathered. Also it can attack WPA1/2 networks with some advanced#methods or simply by brute force.##It implements the standard FMS attack along with some optimizations,#thus making the attack much faster compared to other WEP cracking tools.#It can also fully use a multiprocessor system to its full power in order#to speed up the cracking process.##aircrack-ng is a fork of aircrack, as that project has been stopped by#the upstream maintainer.apt-get -y install aircrack-ng

# Air Decap

# Air Replay# Airmon Script# Airpwn# AirSnarf# Airbase# Airodump# Airoscript# Airsnort# CowPatty# FakeAP# GenKeys# Genpmk# Hotspotter

# Karma

# Kismet#Wireless 802.11b monitoring tool#Kismet is a 802.11b wireless network sniffer. It is capable of sniffing#using almost any supported wireless card using the Airo, HostAP, Wlan-NG,#and Orinoco (with a kernel patch) drivers.##Can make use of sox and festival to play audio alarms for network events


23/30

#and speak out network summary on discovery. Optionally works with gpsd#to map scanning.apt-get -y install kismet

# MDK2

# MacChanger#utility for manipulating the MAC address of network interfaces#Features:## * set specific MAC address of a network interface# * set the MAC randomly# * set a MAC of another vendor# * set another MAC of the same vendor# * set a MAC of the same kind (eg: wireless card)# * display a vendor MAC list (today, 6200 items) to choose from##Homepage: http://www.alobbs.com/macchangerapt-get -y install macchanger

# MacChanger-GTK

#a GTK+ interface for GNU/MACchanger#MACchanger is an utility for manipulating the MAC#address of network interfaces. This program was#made using Glade and Perl.##Homepage: http://www.mogaal.com/macchanger-gtkapt-get -y install macchanger-gtk

# Unload Drivers# Wep_crack# Wep_decrypt

# WEPLab#tool designed to break WEP keys#WepLab is a tool designed to teach how WEP works, what different#vulnerabilities it has, and how they can be used in practice to#break a WEP protected wireless network.##WepLab can dump network traffic, analyse it or crack the WEP key.apt-get -y install weplab

# WifiTap# Wicrawl

# Wlassistant#User friendly KDE frontend for wireless network connection#Wireless Assistant scans for wireless access points and displays link quality,#encryption and other useful information. When user wants to connect to a#network, Wireless Assistant opens up its wizards and guides the user through#Wi-Fi settings. After a successful connection is made the settings are#remembered so next time the user won't have to enter them again.#


24/30

# Homepage: http://wlassistant.sourceforge.net/#apt-get -y install wlassistant#Commented out because homey don't play KDE

# - Bluetooth# Bluebugger# Blueprint# Bluesnarfer

# Btscanner#ncurses-based scanner for Bluetooth devices#btscanner is a tool designed specifically to extract as much information#as possible from a Bluetooth device without the requirement to pair. A#detailed information screen extracts HCI and SDP information, and#maintains an open connection to monitor the RSSI and link quality.#btscanner is based on the BlueZ Bluetooth stack, which is included with#recent Linux kernels, and the BlueZ toolset. btscanner also contains a#complete listing of the IEEE OUI numbers and class lookup tables. Using#the information gathered from these sources it is possible to make#educated guesses as to the host device type.apt-get -y install btscanner

# Carwhisperer# CuteCom# Ghettotooth# HCIDump

# Ussp-Push#Client for OBEX PUSH#This program allows you to send objects using the OBEX PUSH protocol.##The OBEX PUSH protocol is used to transfer files to a mobile device,#generally via Bluetooth or IrDA. THe protocol does not allow any other

#action than sending and generally requires less strict authentication,#which is why it is sometimes preferred to the OBEX FTP protocol (which#allows full filesystem access and is provided by the obexftp package).apt-get -y install ussp-push

# - VOIP & Telephony Analysis# PcapSipDump# PcapToSip_RTP

# SIPSak#SIP Swiss army knife

#sipsak is a small command line tool for developers and administrators of#Session Initiation Protocol (SIP) applications.#It can be used for some simple tests on SIP applications and devices.apt-get -y install sipsak

# SIPcrack# SIPdump# SIPp# Smap


25/30

# - Digital Forensics# Allin1

# Autopsy#graphical interface to SleuthKit#The Autopsy Forensic Browser is a graphical interface to the command line#digital forensic analysis tools in The Sleuth Kit. Together, The Sleuth Kit#and Autopsy provide many of the same features as commercial digital forensics#tools for the analysis of Windows and UNIX file systems (NTFS, FAT, FFS,#EXT2FS, and EXT3FS).apt-get -y install autopsy

# chkrootkit#Checks for signs of rootkits on the local system#chkrootkit identifies whether the target computer is infected with a rootkit.#Some of the rootkits that chkrootkit identifies are:# 1. lrk3, lrk4, lrk5, lrk6 (and some variants);# 2. Solaris rootkit;# 3. FreeBSD rootkit;# 4. t0rn (including latest variant);

# 5. Ambient's Rootkit for Linux (ARK);# 6. Ramen Worm;# 7. rh[67]-shaper;# 8. RSHA;# 9. Romanian rootkit;# 10. RK17;# 11. Lion Worm;# 12. Adore Worm.#Please note that this is not a definitive test, it does not ensure that the#target has not been cracked. In addition to running chkrootkit, one should#perform more specific tests.apt-get -y install chkrootkit

# DCFLDD#enhanced version of dd for forensics and security#Based on the dd program with the following additional features:## - Hashing on-the-fly, dcfldd can hash the input data as it is being# transferred, helping to ensure data integrity.# - Status output, dcfldd can update the user of its progress in terms of the# amount of data transferred and how much longer operation will take.# - Flexible disk wipes, dcfldd can be used to wipe disks quickly and with a# known pattern if desired.# - Image/wipe Verify, dcfldd can verify that a target drive is a bit-for-bit# match of the specified input file or pattern.

# - Multiple outputs, dcfldd can output to multiple files or disks at the same# time.# - Split output, dcfldd can split output to multiple files with more# configurability than the split command.# - Piped output and logs, dcfldd can send all its log data and output to# commands as well as files natively.##Homepage: http://dcfldd.sourceforge.net/apt-get -y install dcfldd


26/30

# DD_Rescue#copies data from one file or block device to another#dd_rescue is a tool to help you to save data from crashed partition.#It tries to read and if it fails, it will go on with the next sectors#where tools like dd will fail. If the copying process is interrupted#by the user it is possible to continue at any position later.#It can copy backwards.apt-get -y install ddrescue

# Foremost#Forensics application to recover data#This is a console program to recover files based on their headers and#footers for forensics purposes.##Foremost can work on disk image files, such as those generated by dd,#Safeback, Encase, etc, or directly on a drive. The headers and footers#are specified by a configuration file, so you can pick and choose which#headers you want to look for.apt-get -y install foremost

# Magicrescue

#recovers files by looking for magic bytes#Magic Rescue scans a block device for file types it knows how to recover#and calls an external program to extract them. It looks at "magic bytes"#in file contents, so it can be used both as an undelete utility and for#recovering a corrupted drive or partition. As long as the file data is#there, it will find it.apt-get -y install magicrescue

# Mboxgrep#Grep through mailboxes#mboxgrep is a small utility that scans either standard Unix#mailboxes, Gnus nnml or nnmh mailboxes, MH mailboxes or Maildirs,

#and displays messages matching a basic, extended, or#Perl-compatible regular expression.apt-get -y install mboxgrep

# Memfetch# Memfetch Find# Pasco

# Rootkithunter#rootkit, backdoor, sniffer and exploit scanner#Rootkit Hunter scans systems for known and unknown rootkits,

#backdoors, sniffers and exploits.##It checks for:# - MD5 hash changes;# - files commonly created by rootkits;# - executables with anomalous file permissions;# - suspicious strings in kernel modules;# - hidden files in system directories;#and can optionally scan within files.#


27/30

#Using rkhunter alone does not guarantee that a system is not#compromised. Running additional tests, such as chkrootkit, is#recommended.apt-get -y install rkhunter

# Sleuthkit#Tools for forensics analysis#The Sleuth Kit (previously known as TASK) is a collection of UNIX-based#command line file system and media management forensic analysis tools.#The file system tools allow you to examine file systems of a suspect#computer in a non-intrusive fashion. Because the tools do not rely on#the operating system to process the file systems, deleted and hidden#content is shown.##The media management tools allow you to examine the layout of disks and#other media. The Sleuth Kit supports DOS partitions, BSD partitions#(disk labels), Mac partitions, and Sun slices (Volume Table of#Contents). With these tools, you can identify where partitions are#located and extract them so that they can be analyzed with file system#analysis tools.##When performing a complete analysis of a system, we all know that#command line tools can become tedious. The Autopsy Forensic Browser is

#a graphical interface to the tools in The Sleuth Kit, which allows you#to more easily conduct an investigation. Autopsy provides case#management, image integrity, keyword searching, and other automated#operations.##The Sleuth Kit's upstream homepage can be found at#http://www.sleuthkit.org/sleuthkit/.apt-get -y install sleuthkit

# unhide#Forensic tool to find hidden processes and ports#Unhide is a forensic tool to find processes and TCP/UDP ports hidden by

#rootkits, Linux kernel modules or by other techniques. It includes two#utilities: unhide and unhide-tcp.##unhide detects hidden processes using three techniques:# - comparing the output of /proc and /bin/ps# - comparing the information gathered from /bin/ps with the one gathered# from system calls (syscall scanning)# - full scan of the process ID space (PIDs bruteforcing)##unhide-tcp identifies TCP/UDP ports that are listening but are not listed in#/bin/netstat through brute forcing of all TCP/UDP ports available.##This package can be used by rkhunter in its daily scans.

apt-get -y install unhide

# Vinetto#A forensics tool to examine Thumbs.db files#A tool intended for forensics examinations. It is a console program to extract#thumbnail images and their metadata from those thumbs.db files generated under#Windows. Used in forensic environments.apt-get -y install vinetto


28/30

# - Reverse Engineering

# GDB GNU Debugger#The GNU Debugger#GDB is a source-level debugger, capable of breaking programs at#any specific line, displaying variable values, and determining#where errors occurred. Currently, it works for C, C++, Fortran,#Modula 2 and Java programs. A must-have for any serious#programmer.apt-get -y install gdb

# GDB Console GUI# GDB Server

# GNU DDD#The Data Display Debugger, a graphical debugger frontend#The Data Display Debugger (DDD) is a popular graphical user interface to#UNIX debuggers such as GDB, DBX, XDB, JDB and others. Besides ``usual''#front-end features such as viewing source texts and breakpoints, DDD#provides an interactive graphical data display, where data structures are

#displayed as graphs. Using DDD, you can reason about your application by#watching its data, not just by viewing it execute lines of source code.##Other DDD features include: debugging of programs written in Ada, Bash, C,#C++, Chill, Fortran, Java, Modula, Pascal, Perl and Python; machine-level#debugging; hypertext source navigation and lookup; breakpoint, backtrace,#and history editors; preferences and settings editors; program execution#in terminal emulator window; debugging on remote host; on-line manual;#interactive help on the Motif user interface; GDB/DBX/XDB command-line#interface with full editing, history, and completion capabilities.##This version is linked against Lesstif, an LGPL-ed implementation of Motif.apt-get -y install ddd

# Hexcat#HEX dumping utility#The output consists of 6 columns. The first column contains#the address of the row (in bytes). Columns 2 to 5 contain#the characters in the row represented as hexadecimal bytes.#The last column contains the bytes as printable characters.#If a character is not printable it is replaced by a dot.apt-get -y install hexcat

# Hexedit

#view and edit files in hexadecimal or in ASCII#hexedit shows a file both in ASCII and in hexadecimal.#The file can be a device as the file is not whole read.#You can modify the file and search through it.#You have also copy&paste and save to file functions.#Truncating or appending to the file.#Modifications are shown in bold.## Homepage: http://www.chez.com/prigaux/hexedit.htmlapt-get -y install hexedit


29/30

# OllyDBG

# - Services

# SNORT#Flexible Network Intrusion Detection System#Snort is a libpcap-based packet sniffer/logger which can be used as a#lightweight network intrusion detection system. It features rules#based logging and can perform content searching/matching in addition#to being used to detect a variety of other attacks and probes, such#as buffer overflows, stealth port scans, CGI attacks, SMB probes, and#much more. Snort has a real-time alerting capability, with alerts being#sent to syslog, a separate "alert" file, or even to a Windows computer#via Samba.##This package provides the plain-vanilla snort distribution and does not#provide database (available in snort-pgsql and snort-mysql) support.apt-get -y install snort# Note: snort wants to know an IP address range - this response should be scripted

# - Source Code Analysis

# flawfinder#examines source code and looks for security weaknesses#Flawfinder searches through C/C++ source code looking for potential#security flaws and produces a report describing the potential flaws#found in source code, ranking them by likely severity.##Like RATS, Flawfinder reports are not a direct indication of a#vulnerability, but provide a reasonable starting point for performing manual

#security audits in source code.##Flawfinder can also generate differential reports by pointing it to#a patch (diff) file describing the code changes. This way it can be used#to determine if the potential flaws found in code have increased or#decreased after a commit to a source code management system like#CVS or Subversion.## Homepage: http://www.dwheeler.com/flawfinder/apt-get -y install flawfinder

# rats

#Rough Auditing Tool for Security#RATS is a security auditing utility for C, C++, PHP, Perl, and Python#code. RATS scans source code, finding potentially dangerous function calls.#The goal of rats is not to definitively find bugs (yet), but to provide a#reasonable starting point for performing manual security audits.##The initial vulnerability database is taken directly from things that#could be easily found when starting with the book, "Building Secure#Software" by Viega and McGraw.#


30/30

#The homepage for rats is:# http://www.fortifysoftware.com/security-resources/rats.jspapt-get -y install rats

# - Data File Analysis

# frackzip#password cracker for zip archives#fcrackzip is a fast password cracker partly written in assembler.#It is able to crack password protected zip files with brute#force or dictionary based attacks, optionally testing with#unzip its results.##It can also crack cpmask'ed images.##Homepage: http://www.goof.com/pcg/marc/fcrackzip.htmlapr-get install fcrackzip

# pdfcrack#PDF files password cracker#pdfcrack is a simple tool for recovering passwords from pdf-documents.#It should be able to handle all pdfs that uses the standard security handler

#but the pdf-parsing routines are a bit of a quick hack so you might stumble#across some pdfs where the parser needs to be fixed to handle.##pdfcrack allows configure the size of the searched password, use an#external wordlist file and save cracking sessions to restore it later.apt-get -y install pdfcrack

#Hunt hjiacking tcp and moreapt-get -y install hunt

# Search terms

#scanner, tcp, snort, smb, inject, honey, attacker, spoofer, crack, sniff, password

else user=`id | cut -d= -f2 | cut -d$ -f2 |cut -d$ -f1` echo echo "Sorry, you are NOT root. you are $user and cannot run this script" echofi

exit 0

ubuntu into a auditing machine

Documents