| | Name | Description | License |
| |
AIDE v0.9 |
AIDE (Advanced Intrusion Detection Environment) is a free replacement for Tripwire. It does the same things as the semi-free Tripwire and more. |
GNU General Public License (GPL) |
| |
|
| |
AINTX |
A large collection of handy command line tools for NT account, log and security maintenance.
|
GNU General Public License (GPL) |
| |
|
| |
angst v0.4b |
Angst is an active sniffer. |
angst-license |
| |
|
| |
argus |
the network Audit Record Generation and utilization System. The Argus Open Project is
focused on developing network activity audit strategies that can do real work for the network architect, administrator and network user.
|
Quosient public license |
| |
|
| |
Autopsy v1.7.1 |
The Autopsy Forensic Browser is an HTML-based graphical interface to The Sleuth Kit and standard UNIX utilities. Autopsy automates many of the tasks required during a digital forensic analysis using the TASK collection of powerful command line tools as a foundation. Since this graphical interface is separate from the file system tools, an investigator can still use a command line interface if Autopsy cannot accomplish the desired outcome. |
GNU General Public License (GPL) |
| |
|
| |
biew v5.3.2 |
BIEW- is a free, portable, advanced file viewer with built-in editor for binary, hexadecimal and disassembler modes. |
GNU General Public License (GPL) |
| |
|
| |
bsed |
binary stream editor |
GNU General Public License (GPL) |
| |
|
| |
bwplot |
Plot information about packet captures. |
GNU General Public License (GPL) |
| |
|
| |
centurion |
No Description Entered |
GNU General Public License (GPL) |
| |
|
| |
chkrootkit v0.40 |
chkrootkit is a tool to locally check for signs of a rootkit |
chkrootkit license |
| |
|
| |
CmosPwd v4.2 |
Cmos password recovery tools
Works with the following BIOSes
- ACER/IBM BIOS
- AMI BIOS
- AMI WinBIOS 2.5
- Award 4.5x/4.6x
- Compaq (1992)
- Compaq (New version)
- IBM (PS/2, Activa, Thinkpad)
- Packard Bell
- Phoenix 1.00.09.AC0 (1994), a486 1.03, 1.04, 1.10 A03, 4.05 rev 1.02.943,
4.06 rev 1.13.1107
- Phoenix 4 release 6 (User)
- Gateway Solo - Phoenix 4.0 release 6
- Toshiba
- Zenith AMI
|
GNU General Public License (GPL) |
| |
|
| |
cryptcat |
encryption enabled netcat |
GNU General Public License (GPL) |
| |
|
| |
ddos-scan dds |
"dds" is a program to scan for a limited set of distributed denial of
service (ddos) agents.
|
GNU General Public License (GPL) |
| |
|
| |
dsniff tools v2.3 |
dsniff is a collection of tools for network auditing and penetration testing. dsniff, filesnarf, mailsnarf, msgsnarf, urlsnarf, and webspy passively monitor a network for interesting data (passwords, e-mail, files, etc.). arpspoof, dnsspoof, and macof facilitate the interception of network traffic normally unavailable to an attacker (e.g, due to layer-2 switching). sshmitm and webmitm implement active monkey-in-the-middle attacks against redirected SSH and HTTPS sessions by exploiting weak bindings in ad-hoc PKI. |
GNU General Public License (GPL) |
| |
|
| |
etherape v.0.8.2 |
network traffic visualization tool |
GNU General Public License (GPL) |
| |
|
| |
ettercap v0.6a |
Ettercap is a multipurpose sniffer/interceptor/logger for switched LAN.
It supports active and passive dissection of many protocols (even ciphered ones) and includes many feature for network and host analysis. |
GNU General Public License (GPL) |
| |
|
| |
gpart 0.1h |
Gpart is a tool which tries to guess the primary partition table of a PC-type hard disk in case the primary partition table in sector 0 is damaged, incorrect or deleted. The guessed table can be written to a file or device. |
GNU General Public License (GPL) |
| |
|
| |
hbd v0.2.3 |
The HomeBrew Java decompiler
|
GNU General Public License (GPL) |
| |
|
| |
hexedit v1.2.1 |
ncurses based hexeditor |
GNU General Public License (GPL) |
| |
|
| |
hogwash v0.5 |
Hogwash is an inline packet scrubber that uses Snort's (www.snort.org) detection engine to drop malicious packets before they reach the target machine. |
GNU General Public License (GPL) |
| |
|
| |
iptraf v2.4.0 |
IPTraf is an ncurses-based IP LAN monitor that generates various network statistics including TCP info, UDP counts, ICMP and OSPF information, Ethernet load info, node stats, IP checksum errors, and others. |
GNU General Public License (GPL) |
| |
|
| |
ish_detect v0.1 |
ICMP Shell Detection |
Freeware |
| |
|
| |
LDE - Linux Disk Editor v2.5 |
LDE allows you to view and edit disk blocks as hex and/or ASCII, view/navigate directory entries, and view and edit formatted inodes. Most of the functions can be accessed using the program's curses interface or from the command line so that you can automate things with your own scripts. |
GNU General Public License (GPL) |
| |
|
| |
logdump v1.0 |
Extracts syslog data from tcpdump savefiles. |
GNU General Public License (GPL) |
| |
|
| |
lsof v4.66 |
list open files |
GNU General Public License (GPL) |
| |
|
| |
MAC Daddy |
MAC Time collector for forensic incident response. This toolset is a modified version of the two programs tree.pl and mactime from the Coroner's Toolkit by Dan Farmer and Venema Weiste. |
GNU General Public License (GPL) |
| |
|
| |
mac-robber v1.0 |
mac-robber is a forensics and incident response program that collects Modified, Access, and Change (MAC) times from files. Its output can be used as input to the mactime tool in The Coroner's Toolkit (TCT) to make a timeline of file activity. mac-robber is similar to running the grave-robber tool with the '-m' flag, except this is written in C and not Perl. This work was done at @stake |
GNU General Public License (GPL) |
| |
|
| |
md5deep v0.16 (linux & win32) |
md5deep is a cross-platform program to compute MD5 message digests on an arbitrary number of files. |
GNU General Public License (GPL) |
| |
|
| |
memfetch v0.04b |
Linux on-demand process image dumper |
GNU General Public License (GPL) |
| |
|
| |
MemTest86 v2.9 |
Memtest-86 is a very thorough stand-alone memory test for x86 and Pentium systems (and compatibles). It currently does 11 tests to fully determine whether you have faulty RAM or not. |
Freely distributable |
| |
|
| |
mtools |
Mtools is a public domain collection of tools to allow UNIX systems to manipulate MS-DOS files: read, write, and move around files on an MS-DOS filesystem |
GNU General Public License (GPL) |
| |
|
| |
ngrep v1.40 |
Ngrep is a powerful network sniffing tool which strives to provide most of GNU grep's common features, applying them to all network traffic. |
Other/Proprietary License with Source |
| |
|
| |
p0f v1.8.3 - Passive OS detection |
p0f performs passive OS detection based on SYN packets. Unlike nmap, p0f does recognition without sending any data. Additionally, it is able to determine distance to remote host, and can be used to determine the structure of a foreign or local network. When running on the gateway of a network it is able to gather huge amounts of data and provide useful statistics. On a user-end computer it could be used as powerful IDS add-on. p0f supports full tcpdump-style filtering expressions, and has an extensible and detailed fingerprinting database. It runs on Linux 2.0/2.2, FreeBSD, OpenBSD, NetBSD, SunOS, and Solaris. |
GNU General Public License (GPL) |
| |
|
| |
PHoss v0.1.13 |
PHoss is a sniffer that picks out clear text passwords from common protocols. http, ftp, pop3, imap4, telnet and obtains VNC challenge for cracking. |
GNU General Public License (GPL) |
| |
|
| |
rec (reverse engineering compiler) |
Reverse Engineering compiler |
Other/Proprietary License with Free Trial |
| |
|
| |
rid v1.11 |
The Theory Group's DDoS agent detector |
GNU General Public License (GPL) |
| |
|
| |
Sentinel v0.91beta |
Libnet-based remote promiscuous detection |
GNU General Public License (GPL) |
| |
|
| |
snort v2.0 (inline) |
snort! need i say more? |
GNU General Public License (GPL) |
| |
|
| |
Sonar v1.0BETA4 |
Sonar is a network reconnaissance utility which runs all its scans from plugins. The currently supported plugins are an ICMP scan and an ACK scan which can see if hosts that don't respond to ICMP are online. Changes: This release fixes a few annoying bugs. The ICMP scan has been made more versatile, allowing you to choose an ICMP type and ICMP code |
GNU General Public License (GPL) |
| |
|
| |
stunnel v4.03 |
stunnel! |
GNU General Public License (GPL) |
| |
|
| |
tcpdstat |
get summary information of a tcpdump file. tcpdstat reads a tcpdump file
using the pcap library and prints the statistics of a trace. The output
includes the number of packets, the average rate and its standard
deviation, the number of unique source and destination address pairs,
and the breakdown of protocols.
|
GNU General Public License (GPL) |
| |
|
| |
tcpdump v3.7.1 |
Tcpdump allows you to dump the traffic on a network. It can be used to print out the headers of packets on a network interface that matches a given expression. You can use this tool to track down network problems, to detect "ping attacks" or to monitor the network activities. |
BSD License |
| |
|
| |
tcpflow v0.20 |
tcpflow is a program that captures data transmitted as part of TCP
connections (flows), and stores the data in a way that is convenient for
protocol analysis or debugging. A program like 'tcpdump' shows a summary
of packets seen on the wire, but usually doesn't store the data that's
actually being transmitted. In contrast, tcpflow reconstructs the actual
data streams and stores each flow in a separate file for later analysis.
|
GNU General Public License (GPL) |
| |
|
| |
tcpreplay v1.4 |
Tcpreplay is aimed at testing the performance of a NIDS by replaying real background network traffic in which to hide attacks. Tcpreplay allows you to control the speed at which the traffic is replayed, and can replay arbitrary tcpdump traces. Unlike programmatically-generated artificial traffic which doesn't exercise the application/protocol inspection that a NIDS performs, and doesn't reproduce the real-world anomalies that appear on production networks (asymmetric routes, traffic bursts/lulls, fragmentation, retransmissions, etc.), tcpreplay allows for exact replication of real traffic seen on real networks. |
GNU General Public License (GPL) |
| |
|
| |
tcpslice v1.2a1 |
a tool for extracting portions of packet trace files generated using tcpdump's -w flag. |
GNU General Public License (GPL) |
| |
|
| |
tcptrace v6.2.0 |
tcptrace is a tool written by Shawn Ostermann at Ohio University, for
analysis of TCP dump files. It can take as input the files produced by
several popular packet-capture programs, including tcpdump, snoop,
etherpeek, HP Net Metrix, and WinDump. tcptrace can produce several
different types of output containing information on each connection
seen, such as elapsed time, bytes and segments sent and recieved,
retransmissions, round trip times, window advertisements, throughput,
and more. It can also produce a number of graphs for further analysis. |
GNU General Public License (GPL) |
| |
|
| |
tcptraceroute v1.4 |
tcptraceroute is a traceroute implementation using TCP SYN packets, instead of the more traditional UDP or ICMP ECHO packets. In doing so, it is able to trace through many common firewall filters. |
GNU General Public License (GPL) |
| |
|
| |
TCT v1.11 |
TCT is a collection of programs by Dan Farmer and Wietse Venema for a post-mortem analysis of a UNIX system after break-in. |
GNU General Public License (GPL) |
| |
|
| |
The Sleuth Kit v1.61 |
The Sleuth Kit (previously known as TASK) is a collection of UNIX-based command line file system forensic tools that allow an investigator to examine NTFS, FAT, FFS, EXT2FS, and EXT3FS file systems of a suspect computer in a non-intrusive fashion. The tools have a layer-based design and can extract data from internal file system structures. Because the tools do not rely on the operating system to process the file systems, deleted and hidden content is shown. |
GNU General Public License (GPL) |
| |
|
| |
trafshow v3.1 |
TrafShow continuously display the information regarding packet traffic on the configured network interface that match the boolean expression |
GNU General Public License (GPL) |
| |
|
| |
VNC - tightvnc |
VNC (an abbreviation for Virtual Network Computing) is a great client/server software package allowing remote network access to graphical desktops. Used in biatchux to send remote consoles! |
GNU General Public License (GPL) |
| |
|
| |
VNCrack v0.1.17 BETA 3 |
VNCrack is what it looks like: crack VNC |
GNU General Public License (GPL) |
| |
|
| |
w3m v0.4.1 |
a text based web browser and pager |
MIT License |
Tracker
Forums
Doc Manager
Mailing Lists
Released Files
Requests.... comments... flames... change (@) dmzs.com