fwlogwatch is a packet filter and firewall log analyzer
General features:
- Can detect and process log entries in the following formats:
- Linux ipchains, Linux netfilter/iptables, Solaris/BSD/Irix/HP-UX
ipfilter, BSD ipfw, Cisco IOS, Cisco PIX / FWSM, NetScreen,
Windows XP firewall, Elsa Lancom router, Snort IDS
- Entries can be parsed from single, multiple and combined log files,
the parsers to be used can be selected.
- Gzip-compressed logs are supported transparently.
- Can separate recent from old entries and detects timewarps in log files.
- Can recognize 'last message repeated' entries concerning the firewall.
- Integrated resolver for protocols, services and host names.
- Can do lookups in the whois database.
- Own DNS and whois information cache for faster lookups.
- Hosts, networks, ports, chains and branches (targets) can be selected or
excluded as needed.
- Support for internationalization (available in english, german,
portuguese, simplified and traditional chinese, swedish and japanese).
This perl script is an official DShield client who's purpose is to
read your FreeBSD ipfilter firewall ipmon log file and convert the
log records to the standard DShield reporting record format, and
imbed the converted log records into the body of an email that gets
sent to DShield for automatic addition to their database and abuse
reporting to the offenders ISP if you are an subscribed DShield member.
Script contains user customable defaults which can be overridden with
command line flags. (visit http://www.dshield.org for details).
Script is installed into /usr/local/sbin where you can edit the
defaults to meet your requirements. Issue rehash command to enable.
Joe Barbish
fbsd_user@a1poweruser.com
L0phtCrack 1.5 is a tool for turning Microsoft LANMAN and NT password hashes
back into the original clear text passwords. The program does this using
dictionary cracking and also brute force. L0phtCrack returns not just the
LANMAN password but the NT password up to 14 characters in length.
L0phtCrack includes the ability to dictionary attack or brute force the
network NT server challenge that is used to prevent the OWF (one-way format)
from going across the wire in its plain-text format. Sample network sniffed
challenges are in files sniff.txt and sniff2.txt. This means you can obtain
NT passwords without administrator privileges when you have network access
between the client and the server.
Nikto is an Open Source (GPL) web server scanner which performs
comprehensive tests against web servers for multiple items, including
over 6100 potentially dangerous files/CGIs, checks for outdated
versions of over 950 servers, and version specific problems on over
260 servers. It also checks for server configuration items such as
the presence of multiple index files, HTTP server options, and will
attempt to identify installed web servers and software. Scan items
and plugins are frequently updated and can be automatically updated.
It uses Rain Forest Puppy's LibWhisker (wiretrip.net) for HTTP
functionality, and can perform checks in HTTP or HTTPS. It also
supports basic port scanning and will determine if a web server is
running on any open ports.
Nikto is written by Chris Sullo and David Lodge.
Crypt::Passwd::XS - Full XS implementation of common crypt() algorithms
This module provides several common crypt() schemes as full XS
implementations. It allows you to validate crypted passwords that were
hashed using a scheme that the system's native crypt() implementation
does not support.
The following files are adapted from other sources (primarily DragonFly BSD.)
See the copyright notices in these files for full details:
crypt_to64.c - copyright 1991 University of California
crypt_to64.h - copyright 1991 University of California
des.c - copyright 1994 David Burren, Geoffrey M. Rehmet, Mark R V Murray
md5.c - copyright 1999, 2000, 2002 Aladdin Enterprises
md5.h - copyright 1999, 2000, 2002 Aladdin Enterprises
md5crypt.c - copyright Poul-Henning Kamp
md5crypt.h - copyright Poul-Henning Kamp
sha256crypt.c - public domain reference implementation by Ulrich Drepper
sha512crypt.c - public domain reference implementation by Ulrich Drepper
Some commonly used Perl modules don't have SSL support at all, even if the
protocol supports it. Others have SSL support, but most of them don't do proper
checking of the server's certificate.
The Net::SSLGlue::* modules try to add SSL support or proper certificate
checking to these modules. Currently support for the following modules is
available:
- Net::SMTP - add SSL from beginning or using STARTTLS
- Net::POP3 - add SSL from beginning or using STLS
- Net::FTP - add SSL and IPv6 support to Net::FTP
- Net::LDAP - add proper certificate checking
- LWP - add proper certificate checking
There is also a Net::SSLGlue::Socket package which combines SSL and non-SSL and
IPv6 capabilities to make it easier to enhance modules based on
IO::Socket::INET.
Unix::Passwd::File can be used to read and manipulate entries in Unix system
password files (/etc/passwd, /etc/group, /etc/group, /etc/gshadow) but can also
be told to search in custom location, for testing purposes).
This module uses a procedural (non-OO) interface. Each function in this module
open and read the passwd files once. Read-only functions like `list_users()` and
`get_max_gid()` open in read-only mode. Functions that might write to the files
like `add_user()` or `delete_group()` first lock `passwd.lock` file, open in
read+write mode and also read the files in the first pass, then seek to the
beginning and write back the files.
No caching is done so you should do your own if you need to.
Pam_p11 is a plugable authentication module (pam) package
for using crpytographic tokens such as smart cards and
usb crypto tokens for authentication.
Pam_p11 uses libp11 to access any PKCS#11 module.
It should be compatible with any implementation, but it
is primarely developed using OpenSC.
Pam_p11 implements two authentication modules:
* pam_p11_openssh authenticates the user using his
openssh ~/.ssh/authorized_keys file.
* pam_p11_opensc authenticates the user using
certificates found in ~/.eid/authorized_certificates.
Pam_p11 is very simple, it has no config file, no options
other than the PKCS#11 module file, does not know about
certificate chains, certificate authorities, revocation
lists or OCSP. Perfect for the small installation with no
frills.
The Suricata Engine is an Open Source Next Generation Intrusion Detection and
Prevention Engine developed by the Open Information Security Foundation (OISF).
This engine is not intended to just replace or emulate the existing tools in
the industry, but will bring new ideas and technologies to the field.
OISF is part of and funded by the Department of Homeland Security's Directorate
for Science and Technology HOST program (Homeland Open Security Technology),
by the Navy's Space and Naval Warfare Systems Command (SPAWAR), as well as
through the very generous support of the members of the OISF Consortium.
More information about the Consortium is available, as well as a list of our
current Consortium Members.
xjobs reads job descriptions line by line and executes them in parallel. It
limits the number of parallel executing jobs and starts new jobs when jobs
finish. Therefore, it combines the arguments from every input line with the
utility and arguments given on the command line. If no utility is given as an
argument to xjobs, then the first argument on every job line will be used as
utility. To execute utility xjobs searches the directories given in the PATH
environment variable and uses the first file found in these directories.
xjobs is most useful on multi-processor/core machines when one needs to execute
several time consuming command several that could possibly be run in parallel.
With xjobs this can be achieved easily, and it is possible to limit the load of
the machine to a useful value. It works similar to xargs, but starts several
processes simultaneously and gives only one line of arguments to each utility
call.