Difference between revisions of "Security packages"
m (→crypto) |
m (→logkeys) |
||
(3 intermediate revisions by the same user not shown) | |||
Line 31: | Line 31: | ||
memdump - utility to dump memory contents to standard output |
memdump - utility to dump memory contents to standard output |
||
pdfresurrect - tool for extracting/scrubbing versioning data from PDF documents |
pdfresurrect - tool for extracting/scrubbing versioning data from PDF documents |
||
⚫ | |||
recoverdm - recover files/disks with damaged sectors |
recoverdm - recover files/disks with damaged sectors |
||
recoverjpeg - tool to recover JPEG images from a filesystem image |
recoverjpeg - tool to recover JPEG images from a filesystem image |
||
Line 41: | Line 40: | ||
vbindiff - visual binary diff, visually compare binary files |
vbindiff - visual binary diff, visually compare binary files |
||
</pre> |
</pre> |
||
+ | Kali: |
||
⚫ | |||
+ | |||
==stegano== |
==stegano== |
||
<pre> |
<pre> |
||
Line 49: | Line 51: | ||
<pre> |
<pre> |
||
fcrackzip - password cracker for zip archives |
fcrackzip - password cracker for zip archives |
||
⚫ | |||
password-gorilla - cross-platform password manager |
password-gorilla - cross-platform password manager |
||
pdfcrack - PDF files password cracker |
pdfcrack - PDF files password cracker |
||
Line 55: | Line 56: | ||
rotix - A program to generate rotational obfuscations |
rotix - A program to generate rotational obfuscations |
||
</pre> |
</pre> |
||
+ | |||
⚫ | |||
John is more complete on Kali, so let's pin it: |
John is more complete on Kali, so let's pin it: |
||
Line 64: | Line 67: | ||
==reverse-engineering== |
==reverse-engineering== |
||
<pre> |
<pre> |
||
⚫ | |||
flasm - assembler and disassembler for Flash (SWF) bytecode |
flasm - assembler and disassembler for Flash (SWF) bytecode |
||
</pre> |
</pre> |
||
+ | Kali: |
||
⚫ | |||
+ | -> |
||
+ | apt-get install binwalk/kali |
||
==coding== |
==coding== |
||
Line 136: | Line 142: | ||
echo "bash: $(basename $0): command not found" |
echo "bash: $(basename $0): command not found" |
||
exit 127 |
exit 127 |
||
+ | If you get wrong keys in the log, create a mapfile according to /usr/share/doc/logkeys/README.gz ch4.2 then save it into /etc/logkeys-keymap and to load it, add to /etc/default/logkeys: |
||
+ | DAEMON_OPTS="--keymap /etc/logkeys-keymap" |
||
+ | But /etc/init.d/logkeys adds the incompatible option -u that we've to remove, so edit /etc/init.d/logkeys: |
||
+ | DAEMON_OPTS="-s -d $DEVICE -o $LOGFILE $DAEMON_OPTS" |
||
+ | |||
===Wireshark=== |
===Wireshark=== |
||
<pre> |
<pre> |
Latest revision as of 22:26, 6 August 2014
Here is a list of security-related packages available in Debian-alike distros that I'm using.
My setup is made of a basis of LMDE with Debian and Kali pinned repositories.
network
arping - sends IP and/or ARP pings (to the MAC address) dsniff - Various tools to sniff network traffic for cleartext insecurities etherwake - tool to send magic Wake-on-LAN packets iodine - tool for tunneling IPv4 data through a DNS server kismet - wireless sniffer and monitor - core kismet-plugins - wireless sniffer and monitor - plugins ndisc6 - IPv6 diagnostic tools netcat - TCP/IP swiss army knife -- transitional package netsniff-ng - packet sniffing beast nmap - The Network Mapper socat - multipurpose relay for bidirectional data transfer sshfs - filesystem client based on SSH File Transfer Protocol themole - automatic SQL injection exploitation tool
forensics
autopsy - graphical interface to SleuthKit chkrootkit - rootkit detector cruft - program that finds any cruft built up on your system dc3dd - patched version of GNU dd with forensic features dcfldd - enhanced version of dd for forensics and security ext4magic - recover deleted files from ext3 or ext4 partitions foremost - forensic program to recover lost files gpart - Guess PC disk partition table, find lost partitions logkeys - keylogger for GNU/Linux systems mac-robber - collects data about allocated files in mounted filesystems memdump - utility to dump memory contents to standard output pdfresurrect - tool for extracting/scrubbing versioning data from PDF documents recoverdm - recover files/disks with damaged sectors recoverjpeg - tool to recover JPEG images from a filesystem image rkhunter - rootkit, backdoor, sniffer and exploit scanner tiger - Report system security vulnerabilities unhide.rb - Forensic tool to find processes hidden by rootkits vinetto - A forensics tool to examine Thumbs.db files wipe - Secure file deletion vbindiff - visual binary diff, visually compare binary files
Kali:
recover - Undelete files on ext2 partitions
stegano
outguess - Universal Steganographic tool steghide - A steganography hiding tool
crypto
fcrackzip - password cracker for zip archives password-gorilla - cross-platform password manager pdfcrack - PDF files password cracker ssss - Shamir's secret sharing scheme implementation rotix - A program to generate rotational obfuscations
john - active password cracking tool
John is more complete on Kali, so let's pin it:
Add to /etc/apt/preferences.d/kali-package-repositories.pref
Package: john john-data Pin: release n=kali Pin-Priority: 990
reverse-engineering
flasm - assembler and disassembler for Flash (SWF) bytecode
Kali:
binwalk - A firmware analysis tool
->
apt-get install binwalk/kali
coding
ckport - portability analysis and security checking tool cppcheck - tool for static C/C++ code analysis flawfinder - examines source code and looks for security weaknesses pychecker - tool to find common bugs in Python source code pylint - python code static checker and UML diagram generator
Specific installation instructions
Building dependencies
Some of the softs require prerequisites, see LMDE#devel
LUKS Nuke
- http://www.kali.org/how-to/emergency-self-destruction-luks-kali/
- http://www.kali.org/how-to/nuke-kali-linux-luks/
- http://lxer.com/module/newswire/view/103692/index.html :
The first part of the new feature is to actually store a "nuke" passphrase in a keyslot. However, this passphrase does not encrypt the masterkey used for en-/decrypting the partition, but rather encrypts a magic value (0x0...0).
cryptsetup luksAddNuke <device>
It behaves pretty much like a "luksAddKey", only that the actual keyslot data does not contain any cryptographic material.
The second part of the implementation is a modification of the function that unlocks a keyslot and extracts the key material for en-/decryption. This function now contains a check for said magical value and deletes all keyslots if it encounters it.
apt-get install cryptsetup/kali cryptsetup-bin/kali libcryptsetup4/kali
If initrd was not rebuilt in the process:
dpkg-reconfigure cryptsetup
cryptsetup luksAddNuke /dev/sda1
Better to pin it:
Add to /etc/apt/preferences.d/kali-package-repositories.pref
Package: /cryptsetup/ Pin: release n=kali Pin-Priority: 990
pwsafe
Have to backport from squeeze: get and install those
http://ftp.de.debian.org/debian/pool/main/o/openssl/libssl0.9.8_0.9.8o-4squeeze14_amd64.deb http://ftp.de.debian.org/debian/pool/main/p/pwsafe/pwsafe_0.2.0-3_amd64.deb
IDA Pro
See http://blog.stalkr.net/2014/01/ida-on-debian-amd64-with-python.html
Run installation file
It requires libglib2.0-0 but because of chromium/jessie we need the jessie one:
apt-get install -t jessie libglib2.0-0:i386 libselinux1:i386
apt-get install libstdc++6:i386 libc6-i686:i386 libexpat1:i386 libffi6:i386 libfontconfig1:i386 libfreetype6:i386 libgcc1:i386 libglib2.0-0:i386 \ libice6:i386 libpcre3:i386 libpng12-0:i386 libsm6:i386 libstdc++6:i386 libuuid1:i386 libx11-6:i386 libxau6:i386 libxcb1:i386 \ libxdmcp6:i386 libxext6:i386 libxrender1:i386 zlib1g:i386 apt-get install libpython2.7:i386
logkeys
apt-get install logkeys
Find keyboard device to see which eventX to use:
grep "^[NH]" /proc/bus/input/devices
Edit /etc/default/logkeys:
ENABLED=1 LOGFILE=/var/log/logkeys DEVICE=/dev/input/event0
Avoid it to start automatically:
update-rc.d logkeys disable
Allow starting it without password prompt:
Create /etc/sudoers.d/logkeys:
<myuser> ALL = NOPASSWD: /etc/init.d/logkeys
Provide stealth hooks, under your choice name, e.g. "sl" (for mispelled "ls") etc:
#!/bin/bash sudo /etc/init.d/logkeys start >/dev/null echo "bash: $(basename $0): command not found" exit 127
#!/bin/bash sudo /etc/init.d/logkeys stop >/dev/null echo "bash: $(basename $0): command not found" exit 127
If you get wrong keys in the log, create a mapfile according to /usr/share/doc/logkeys/README.gz ch4.2 then save it into /etc/logkeys-keymap and to load it, add to /etc/default/logkeys:
DAEMON_OPTS="--keymap /etc/logkeys-keymap"
But /etc/init.d/logkeys adds the incompatible option -u that we've to remove, so edit /etc/init.d/logkeys:
DAEMON_OPTS="-s -d $DEVICE -o $LOGFILE $DAEMON_OPTS"
Wireshark
tshark - network traffic analyzer - console version wireshark - network traffic analyzer - GTK+ version
apt-get install wireshark tshark dpkg-reconfigure wireshark-common adduser <myuser> wireshark
GUFW
Firewall:
apt-get install gufw
Add entry in menu manually... see /usr/share/applications/gufw.desktop
Right-click the Mint Menu, select "Configure" then "Open the menu editor", Click a software category / "New Item".
mitmproxy
mitmproxy - SSL-capable man-in-the-middle HTTP proxy
apt-get install mitmproxy/jessie python-netlib/jessie
After first run of mitmproxy, certs are created.
Install ~/.mitmproxy/mitmproxy-ca-cert.cer as authority or:
Run mitmproxy, visit http://mitm.it and install certificate
To run mitmproxy on a router as transparent proxy, e.g. on the exit node of my VPN:
I keep same certs as my local ones
scp -r .mitmproxy myvpn.box:
On myvpn.box I've the following scripts:
./mitmproxy:
iptables -t nat -A PREROUTING -i tap0 -p tcp --dport 80 -j REDIRECT --to-port 8765
iptables -t nat -A PREROUTING -i tap0 -p tcp --dport 443 -j REDIRECT --to-port 8765
export LANG=en_US.UTF-8
mitmproxy -T --host -p 8765 $*
iptables -t nat -D PREROUTING -i tap0 -p tcp --dport 80 -j REDIRECT --to-port 8765
iptables -t nat -D PREROUTING -i tap0 -p tcp --dport 443 -j REDIRECT --to-port 8765
./mitmdump:
iptables -t nat -A PREROUTING -i tap0 -p tcp --dport 80 -j REDIRECT --to-port 8765
iptables -t nat -A PREROUTING -i tap0 -p tcp --dport 443 -j REDIRECT --to-port 8765
export LANG=en_US.UTF-8
mitmdump -T --host -p 8765 $*
iptables -t nat -D PREROUTING -i tap0 -p tcp --dport 80 -j REDIRECT --to-port 8765
iptables -t nat -D PREROUTING -i tap0 -p tcp --dport 443 -j REDIRECT --to-port 8765
And I can call them remotely:
vpn_mitmproxy:
ssh -t myvpn.box ./mitmproxy $*
vpn_mitmdump:
ssh myvpn.box ./mitmdump $*
PyCryptoPlus
$ git clone https://github.com/doegox/python-cryptoplus $ cd python-cryptoplus/ # python setup.py install
Belgian eID
cf http://eid.belgium.be/fr/utiliser_votre_eid/installer_le_logiciel_eid/linux/
-> debian 64
See also https://code.google.com/p/eid-mw/wiki/ChromeLinux :
libnss3-tools - Network Security Service tools
Close Chrome
cd modutil -dbdir sql:.pki/nssdb/ -add "Belgium eID" -libfile /usr/lib/libbeidpkcs11.so modutil -dbdir sql:.pki/nssdb/ -list
EMV-CAP
python setup.py install
And install:
python-pyscard - Python wrapper above PC/SC API
libnfc/libfreefare
libfreefare-bin - MIFARE card manipulations binaries libfreefare-dev - MIFARE card manipulations library (development files) libfreefare-doc - documentation for libfreefare libnfc-bin - Near Field Communication (NFC) binaries libnfc-dev - Near Field Communication (NFC) library (development files) libnfc-examples - Near Field Communication (NFC) examples libnfc-pn53x-examples - Near Field Communication (NFC) examples for PN53x chips only
Better to pin what we always want from Debian directly:
Add to /etc/apt/preferences.d/debian-package-repositories.pref
Package: libnfc* Pin: origin ftp.be.debian.org Pin-Priority: 990 Package: libfreefare* Pin: origin ftp.be.debian.org Pin-Priority: 990
Then
apt-get install libnfc-bin libnfc-dev libnfc-examples libnfc-pn53x-examples apt-get install libfreefare-bin libfreefare-dev libfreefare-doc modprobe -r pn533 adduser <myuser> plugdev
bp-tools
From http://www.eftlab.co.uk/index.php/downloads/bp-tools
Needs libpthread-stubs0:
http://ftp.de.debian.org/debian/pool/main/libp/libpthread-stubs/libpthread-stubs0_0.3-3_amd64.deb
apt-get install libsqlite3-dev sqlite3 dpkg --purge bp-tools dpkg -i bp-tools_14.04_amd64_free.deb