Tool Name : Nessus URL : http://www.nessus.org Debian Package Name : nessus Description: Remote network security auditor, the client The Nessus Security Scanner is a security auditing tool. It makes possible to test security modules in an attempt to find vulnerable spots that should be fixed. . It is made up of two parts: a server, and a client. The server/daemon, nessusd, is in charge of the attacks, whereas the client, nessus, interferes with the user through nice X11/GTK+ interface. . This package contains the GTK+ 1.2 client, which exists in other forms and on other platforms, too. ------------------------------------------------------------------------- Tool Name : Netcat URL : http://www.l0pht.com/~weld/netcat/ (unofficial site) Debian Package Name : netcat Description: TCP/IP swiss army knife A simple Unix utility which reads and writes data across network connections using TCP or UDP protocol. It is designed to be a reliable "back-end" tool that can be used directly or easily driven by other programs and scripts. At the same time it is a feature-rich network debugging and exploration tool, since it can create almost any kind of connection you would need and has several interesting built-in capabilities. ------------------------------------------------------------------------- Tool Name : Tcpdump URL : http://www.tcpdump.org Debian Package Name : tcpdump Description: A powerful tool for network monitoring and data acquisition This program allows you to dump the traffic on a network. It can be used to print out the headers of packets on a network interface that matches a given expression. You can use this tool to track down network problems, to detect "ping attacks" or to monitor the network activities. ------------------------------------------------------------------------- Tool Name : Snort URL : http://www.snort.org Debian Package Name : snort Description: flexible packet sniffer/logger that detects attacks Snort is a libpcap-based packet sniffer/logger which can be used as a lightweight network intrusion detection system. It features rules based logging and can perform content searching/matching in addition to being used to detect a variety of other attacks and probes, such as buffer overflows, stealth port scans, CGI attacks, SMB probes, and much more. Snort has a real-time alerting capability, with alerts being sent to syslog, a separate "alert" file, or even to a Windows computer via Samba. ------------------------------------------------------------------------- Tool Name : Ethereal URL : http://ethereal.zing.org/ Debian Package Name : ethereal Description: Network traffic analyzer Ethereal is a network traffic analyzer, or "sniffer", for Unix and Unix-like operating systems. It uses GTK+, a graphical user interface library, and libpcap, a packet capture and filtering library. ------------------------------------------------------------------------- Tool Name : Abacus Portsentry URL : http://www.psionic.com/abacus/portsentry/ Debian Package Name : portsentry Description: Portscan detection daemon PortSentry has the ability to detect portscans(including stealth scans) on the network interfaces of your machine. Upon alarm it can block the attacker via hosts.deny, dropped route or firewall rule. It is part of the Abacus program suite. . Note: If you have no idea what a port/stealth scan is, I'd recommend to have a look at http://www.psionic.com/abacus/portsentry/ before installing this package. Otherwise you might easily block hosts you'd better not(e.g. your NFS-server, name-server, ...). ------------------------------------------------------------------------- Tool Name : Tripwire URL : http://www.tripwire.com/ (COMMERCIAL) Debian Package Name : tripwire Description: A file and directory integrity checker. Tripwire is a tool that aids system administrators and users in monitoring a designated set of files for any changes. Used with system files on a regular (e.g., daily) basis, Tripwire can notify system administrators of corrupted or tampered files, so damage control measures can be taken in a timely manner. ------------------------------------------------------------------------- Tool Name : Sniffit URL : http://reptile.rug.ac.be/~coder/sniffit/sniffit.html Debian Package Name : sniffit Description: packet sniffer and monitoring tool sniffit is a packet sniffer for TCP/UDP/ICMP packets. sniffit is able to give you very detailed technical info on these packets (SEC, ACK, TTL, Window, ...) but also packet contents in different formats (hex or plain text, etc. ). ------------------------------------------------------------------------- Tool Name : SATAN URL : http://www.fish.com/satan/ Debian Package Name : satan Description: Security Auditing Tool for Analysing Networks This is a powerful tool for analyzing networks for vulnerabilities created for sysadmins that cannot keep a constant look at bugtraq, rootshell and the like. ------------------------------------------------------------------------- Tool Name : iptables URL : http://netfilter.kernelnotes.org/ Debian Package Name : iptables Description: IP packet filter administration for 2.4.X kernels Iptables is used to set up, maintain, and inspect the tables of IP packet filter rules in the Linux kernel. The iptables tool also supports configuration of dynamic and static network address translation. ------------------------------------------------------------------------- Tool Name : John The Ripper URL : http://www.openwall.com/john/ Debian Package Name : john Description: An active password cracking tool john, normally called john the ripper, is a tool to find weak passwords of your users. ------------------------------------------------------------------------- Tool Name : Hunt URL : http://www.cri.cz/kra/index.html#HUNT Debian Package Name : hunt Description: Advanced packet sniffer and connection intrusion. Hunt is a program for intruding into a connection, watching it and resetting it. . Note that hunt is operating on Ethernet and is best used for connections which can be watched through it. However, it is possible to do something even for hosts on another segments or hosts that are on switched ports. ------------------------------------------------------------------------- Tool Name : SSH URL : http://www.ssh.com/commerce/index.html (some versions COMMERCIAL) Debian Package Name : ssh Description: Secure rlogin/rsh/rcp replacement (OpenSSH) OpenSSH is derived from OpenBSD's version of ssh, which was in turn derived from ssh code from before the time when ssh's license was changed to be non-free. Ssh (Secure Shell) is a program for logging into a remote machine and for executing commands on a remote machine. It provides secure encrypted communications between two untrusted hosts over an insecure network. X11 connections and arbitrary TCP/IP ports can also be forwarded over the secure channel. It is intended as a replacement for rlogin, rsh and rcp, and can be used to provide rdist, and rsync with a secure communication channel. This software may be freely imported into the United States; however, the United States Government may consider re-exporting it a criminal offense. Thus, if you are outside the US, please retrieve this software from outside the US. In some countries, particularly Russia, Iraq, Pakistan, and France, it may be illegal to use any encryption at all without a special permit. ------------------------------------------------------------------------- Tool Name : tcp wrappers URL : ftp://ftp.porcupine.org/pub/security/index.html Debian Package Name : libwrap0 Description: Wietse Venema's TCP wrappers library Wietse Venema's network logger, also known as TCPD or LOG_TCP. . These programs log the client host name of incoming telnet, ftp, rsh, rlogin, finger etc. requests. Security options are: access control per host, domain and/or service; detection of host name spoofing or host address spoofing; booby traps to implement an early-warning system. ------------------------------------------------------------------------- Tool Name : Ntop URL : http://www.ntop.org Debian Package Name : ntop Description: display network usage in top-like format ntop is a Network Top program. It displays a summary of network usage by machines on your network in a format reminicent of the unix top utility. . It can also be run in web mode, which allows the display to be browsed with a web browser. ------------------------------------------------------------------------- Tool Name : traceroute URL : http://www.linux.com (or most other UNIX) Debian Package Name : traceroute Description: Traces the route taken by packets over a TCP/IP network. The traceroute utility displays the route used by IP packets on their way to a specified network (or Internet) host. Traceroute displays the IP number and host name (if possible) of the machines along the route taken by the packets. Traceroute is used as a network debugging tool. If you're having network connectivity problems, traceroute will show you where the trouble is coming from along the route. . Install traceroute if you need a tool for diagnosing network connectivity problems. ------------------------------------------------------------------------- Tool Name : telnet URL : http://www.linux.com (or most other UNIX) Debian Package Name : telnet Description: The telnet client. The telnet command is used for interactive communication with another host using the TELNET protocol. ------------------------------------------------------------------------- Tool Name : scanlogd URL : http://www.openwall.com/scanlogd/ Debian Package Name : scanlogd Description: A portscan detecting tool Scanlogd is a daemon written by Solar Designer to detect portscan attacks on your maschine. ------------------------------------------------------------------------- Tool Name : logcheck URL : http://www.psionic.com/abacus/logcheck/ Debian Package Name : logcheck Description: Mails anomalies in the system logfiles to the administrator Logcheck is part of the Abacus Project of security tools. It is a program created to help in the processing of UNIX system logfiles generated by the various Abacus Project tools, system daemons, Wietse Venema's TCP Wrapper and Log Daemon packages, and the Firewall Toolkit© by Trusted Information Systems Inc.(TIS). . Logcheck helps spot problems and security violations in your logfiles automatically and will send the results to you in e-mail. This program is free to use at any site. Please read the disclaimer before you use any of this software. ------------------------------------------------------------------------- Tool Name : Perl URL : http://www.perl.org Debian Package Name : perl Description: Fake package used for a smooth upgrade This package depends on perl-5.004. Perl-5.005 will conflict with perl so that all dependencies on perl will have to have vanished before perl-5.005 will be installed. The scripts and non-binary modules have to depend on perl5 and the binary modules on perl-5.005 (or whatever is the latest version of perl available in Debian). . It does also contain the io provides/replaces/conflicts. This has been removed from the perl-5.00X since io has disappeared a long time ago. ------------------------------------------------------------------------- Tool Name : Ngrep URL : http://www.packetfactory.net/Projects/ngrep/ Debian Package Name : ngrep Description: grep for network traffic ngrep strives to provide most of GNU grep's common features, applying them to the network layer. ngrep is a pcap-aware tool that will allow you to specify extended regular expressions to match against data payloads of packets. It currently recognizes TCP, UDP and ICMP across Ethernet, PPP, SLIP and null interfaces, and understands bpf filter logic in the same fashion as more common packet sniffing tools, such as tcpdump and snoop. ------------------------------------------------------------------------- Tool Name : Cheops URL : http://www.marko.net/cheops/ Debian Package Name : cheops Description: A GTK based network "swiss-army-knife" Cheops gives a simple interface to most network utilities, maps local or remote networks and can show OS types of the machines on the network. ------------------------------------------------------------------------- Tool Name : Libnet URL : http://www.packetfactory.net/libnet/ Debian Package Name : libnet0-dev Description: Routines for the construction and handling of network packets. libnet provides a portable framework for low-level network packet writing and handling. . Libnet features portable packet creation interfaces at the IP layer and link layer, as well as a host of supplementary functionality. Still in it's infancy however, the library is evolving quite a bit. Additional functionality and stability are added with each release. . Using libnet, quick and simple packet assembly applications can be whipped up with little effort. With a bit more time, more complex programs can be written (Traceroute and ping were easily rewritten using libnet and libpcap). ------------------------------------------------------------------------- Tool Name : LSOF URL : ftp://vic.cc.purdue.edu/pub/tools/unix/lsof/ Debian Package Name : lsof-2.2 Description: List open files. Lsof is a Unix-specific diagnostic tool. Its name stands for LiSt Open Files, and it does just that. It lists information about any files that are open by processes current running on the system. The binary is specific to kernel version 2.2 ------------------------------------------------------------------------- Tool Name : IPTraf URL : http://cebu.mozcom.com/riker/iptraf/ Debian Package Name : iptraf Description: Interactive Colorful IP LAN Monitor IPTraf is an ncurses-based IP LAN monitor that generates various network statistics including TCP info, UDP counts, ICMP and OSPF information, Ethernet load info, node stats, IP checksum errors, and others. . Note that since 2.0.0 IPTraf requires a kernel >= 2.2 ------------------------------------------------------------------------- Tool Name : Queso URL : http://www.apostols.org/projectz/queso/ Debian Package Name : queso Description: Guess the operating system of a remote machine by looking in the TCP replies. -------------------------------------------------------------------------