Difference between revisions of "Network security tools"
Jump to navigation
Jump to search
m (→Tools) |
m (Reverted edits by Etegohy (Talk) to last revision by PhilippeTeuwen) |
||
| (4 intermediate revisions by the same user not shown) | |||
| Line 15: | Line 15: | ||
** [http://netcat6.sourceforge.net/ Netcat6] with IPv6 support |
** [http://netcat6.sourceforge.net/ Netcat6] with IPv6 support |
||
** [http://farm9.org/Cryptcat/ CryptCat]: Netcat with cryptography |
** [http://farm9.org/Cryptcat/ CryptCat]: Netcat with cryptography |
||
| + | My own recipes for partition to partition copy over the network (ex. copying sdb5 from source on hda1 of target): |
||
| + | <br>Target (192.168.1.1): |
||
| + | netcat -l -p 2000 -w 5 | dd of=/dev/hda1 |
||
| + | It will wait max 5 secs so be prepared to launch immediately the next command as well on the source. |
||
| + | <br>Source (192.168.1.2): |
||
| + | dd if=/dev/sdb5 conv=noerror,sync | netcat 192.168.1.1 2000 |
||
| + | We can do better: |
||
| + | <br>See what happen: add |pipeview| or |pv| if you have them to get real-time statistics on speed |
||
| + | <br>Without pipeview you can still provoke dd to display stats by sending signals to it: |
||
| + | while :; do sleep 5; killall -SIGUSR1 dd;done |
||
| + | Compress on the fly: add |gzip -c| on source and |gunzip -c| on target |
||
| + | <br>Compute checksums on-the-fly on both sides: create a fifo and md5 it. |
||
| + | <br><br>So the complete ideal example: |
||
| + | <br>Target (192.168.1.1): |
||
| + | mkfifo /tmp/foo |
||
| + | netcat -l -p 2000 -w 5 | pipeview | gunzip -c | tee /tmp/foo | dd of=/dev/hda1 |
||
| + | # and in another window |
||
| + | md5sum /tmp/foo |
||
| + | Source (192.168.1.2), within next 5 secs: |
||
| + | mkfifo /tmp/foo |
||
| + | dd if=/dev/sdb5 conv=noerror,sync | tee /tmp/foo | pipeview | gzip -c | netcat 192.168.1.1 2000 |
||
| + | # and in another window |
||
| + | md5sum /tmp/foo |
||
| + | Note that pipeview will measure drive speed on the source and network speed on the target due to its relative position with gzip (which you can swap of course) |
||
* [http://www.dest-unreach.org/socat/ SoCat]: Netcat on steroids, if you were amazed by netcat, you've seen *nothing*!!! |
* [http://www.dest-unreach.org/socat/ SoCat]: Netcat on steroids, if you were amazed by netcat, you've seen *nothing*!!! |
||
** See [[Bypass Proxy|here]] how we use it to bypass proxies and [[Serial Login|there]] to replace minicom |
** See [[Bypass Proxy|here]] how we use it to bypass proxies and [[Serial Login|there]] to replace minicom |
||
| + | ** We can also sniff a tty |
||
| + | socat -v -x PTY,link=/tmp/myttyUSB0,raw,echo=0,isig=0 /dev/ttyUSB0,raw,echo=0,isig=0 |
||
* [http://ettercap.sourceforge.net/ Ettercap] |
* [http://ettercap.sourceforge.net/ Ettercap] |
||
* [http://www.wireshark.org Wireshark] |
* [http://www.wireshark.org Wireshark] |
||
Sniff over network: |
Sniff over network: |
||
| − | wireshark -k -i <(ssh |
+ | wireshark -N n -S -l -k -i <(ssh root@zeus tshark -w - not tcp port 22) |
| + | wireshark -N n -S -l -k -i <(ssh root@zeus tcpdump -s 1500 -w - -i lo not tcp port 22) |
||
===Others=== |
===Others=== |
||
Latest revision as of 21:37, 24 November 2010
Tools
- Top 75 Security Tools
- arp-sk tools
- dsniff, Various tools to sniff network traffic for cleartext insecurities
- Snort, The Open Source Network Intrusion Detection System
- Scapy - Packet generator/sniffer and network scanner/discovery
- cf excellent article in LM52 (Linux France Magazine no 52)
- Scapy Homepage
- Python Tutorial
- Netcat
- Penetration Testing Tip #21: netcat ( nc ) utility resources
- Netcat rules the net
- How to duplicate a complete PC via network
- Wonders of 'dd' and 'netcat' :: Cloning Operating Systems
- Netcat6 with IPv6 support
- CryptCat: Netcat with cryptography
My own recipes for partition to partition copy over the network (ex. copying sdb5 from source on hda1 of target):
Target (192.168.1.1):
netcat -l -p 2000 -w 5 | dd of=/dev/hda1
It will wait max 5 secs so be prepared to launch immediately the next command as well on the source.
Source (192.168.1.2):
dd if=/dev/sdb5 conv=noerror,sync | netcat 192.168.1.1 2000
We can do better:
See what happen: add |pipeview| or |pv| if you have them to get real-time statistics on speed
Without pipeview you can still provoke dd to display stats by sending signals to it:
while :; do sleep 5; killall -SIGUSR1 dd;done
Compress on the fly: add |gzip -c| on source and |gunzip -c| on target
Compute checksums on-the-fly on both sides: create a fifo and md5 it.
So the complete ideal example:
Target (192.168.1.1):
mkfifo /tmp/foo netcat -l -p 2000 -w 5 | pipeview | gunzip -c | tee /tmp/foo | dd of=/dev/hda1 # and in another window md5sum /tmp/foo
Source (192.168.1.2), within next 5 secs:
mkfifo /tmp/foo dd if=/dev/sdb5 conv=noerror,sync | tee /tmp/foo | pipeview | gzip -c | netcat 192.168.1.1 2000 # and in another window md5sum /tmp/foo
Note that pipeview will measure drive speed on the source and network speed on the target due to its relative position with gzip (which you can swap of course)
- SoCat: Netcat on steroids, if you were amazed by netcat, you've seen *nothing*!!!
socat -v -x PTY,link=/tmp/myttyUSB0,raw,echo=0,isig=0 /dev/ttyUSB0,raw,echo=0,isig=0
Sniff over network:
wireshark -N n -S -l -k -i <(ssh root@zeus tshark -w - not tcp port 22) wireshark -N n -S -l -k -i <(ssh root@zeus tcpdump -s 1500 -w - -i lo not tcp port 22)
Others
Filtering
- IPTables Linux firewall with packet string-matching support
- Filtering packets based on string matching