Difference between revisions of "Security packages"
Jump to navigation
Jump to search
m |
m |
||
| Line 1: | Line 1: | ||
Here is a list of security-related packages available in Debian-alike distros. |
Here is a list of security-related packages available in Debian-alike distros. |
||
<br>My setup is made of a basis of [[LMDE]] with [[LMDE#Add_Debian_repositories|Debian]] and [[Kali#Add_Kali_repositories_to_LMDE|Kali]] pinned repositories. |
<br>My setup is made of a basis of [[LMDE]] with [[LMDE#Add_Debian_repositories|Debian]] and [[Kali#Add_Kali_repositories_to_LMDE|Kali]] pinned repositories. |
||
| − | == |
+ | ==network== |
| + | <pre> |
||
| + | arping - sends IP and/or ARP pings (to the MAC address) |
||
| + | dsniff - Various tools to sniff network traffic for cleartext insecurities |
||
| + | etherwake - tool to send magic Wake-on-LAN packets |
||
| + | iodine - tool for tunneling IPv4 data through a DNS server |
||
| + | kismet - wireless sniffer and monitor - core |
||
| + | kismet-plugins - wireless sniffer and monitor - plugins |
||
| + | ndisc6 - IPv6 diagnostic tools |
||
| + | netcat - TCP/IP swiss army knife -- transitional package |
||
| + | netsniff-ng - packet sniffing beast |
||
| + | nmap - The Network Mapper |
||
| + | socat - multipurpose relay for bidirectional data transfer |
||
| + | sshfs - filesystem client based on SSH File Transfer Protocol |
||
| + | themole - automatic SQL injection exploitation tool |
||
| + | </pre> |
||
| + | ==forensics== |
||
| + | <pre> |
||
| + | autopsy - graphical interface to SleuthKit |
||
| + | chkrootkit - rootkit detector |
||
| + | cruft - program that finds any cruft built up on your system |
||
| + | dc3dd - patched version of GNU dd with forensic features |
||
| + | dcfldd - enhanced version of dd for forensics and security |
||
| + | ext4magic - recover deleted files from ext3 or ext4 partitions |
||
| + | foremost - forensic program to recover lost files |
||
| + | gpart - Guess PC disk partition table, find lost partitions |
||
| + | logkeys - keylogger for GNU/Linux systems |
||
| + | mac-robber - collects data about allocated files in mounted filesystems |
||
| + | memdump - utility to dump memory contents to standard output |
||
| + | pdfresurrect - tool for extracting/scrubbing versioning data from PDF documents |
||
| + | recover - Undelete files on ext2 partitions |
||
| + | recoverdm - recover files/disks with damaged sectors |
||
| + | recoverjpeg - tool to recover JPEG images from a filesystem image |
||
| + | rkhunter - rootkit, backdoor, sniffer and exploit scanner |
||
| + | tiger - Report system security vulnerabilities |
||
| + | unhide.rb - Forensic tool to find processes hidden by rootkits |
||
| + | vinetto - A forensics tool to examine Thumbs.db files |
||
| + | wipe - Secure file deletion |
||
| + | vbindiff - visual binary diff, visually compare binary files |
||
| + | </pre> |
||
| + | ==stegano== |
||
| + | <pre> |
||
| + | outguess - Universal Steganographic tool |
||
| + | steghide - A steganography hiding tool |
||
| + | </pre> |
||
| + | ==crypto== |
||
| + | <pre> |
||
| + | fcrackzip - password cracker for zip archives |
||
| + | john - active password cracking tool |
||
| + | password-gorilla - cross-platform password manager |
||
| + | pdfcrack - PDF files password cracker |
||
| + | ssss - Shamir's secret sharing scheme implementation |
||
| + | rotix - A program to generate rotational obfuscations |
||
| + | </pre> |
||
| + | ==reverse-engineering== |
||
| + | <pre> |
||
| + | flasm - assembler and disassembler for Flash (SWF) bytecode |
||
| + | </pre> |
||
| + | ==coding== |
||
| + | <pre> |
||
| + | ckport - portability analysis and security checking tool |
||
| + | cppcheck - tool for static C/C++ code analysis |
||
| + | flawfinder - examines source code and looks for security weaknesses |
||
| + | pychecker - tool to find common bugs in Python source code |
||
| + | pylint - python code static checker and UML diagram generator |
||
| + | </pre> |
||
| + | |||
| + | ==Specific installation instructions== |
||
| + | ===LUKS Nuke=== |
||
* http://www.kali.org/how-to/emergency-self-destruction-luks-kali/ |
* http://www.kali.org/how-to/emergency-self-destruction-luks-kali/ |
||
* http://www.kali.org/how-to/nuke-kali-linux-luks/ |
* http://www.kali.org/how-to/nuke-kali-linux-luks/ |
||
Revision as of 21:09, 3 April 2014
Here is a list of security-related packages available in Debian-alike distros.
My setup is made of a basis of LMDE with Debian and Kali pinned repositories.
network
arping - sends IP and/or ARP pings (to the MAC address) dsniff - Various tools to sniff network traffic for cleartext insecurities etherwake - tool to send magic Wake-on-LAN packets iodine - tool for tunneling IPv4 data through a DNS server kismet - wireless sniffer and monitor - core kismet-plugins - wireless sniffer and monitor - plugins ndisc6 - IPv6 diagnostic tools netcat - TCP/IP swiss army knife -- transitional package netsniff-ng - packet sniffing beast nmap - The Network Mapper socat - multipurpose relay for bidirectional data transfer sshfs - filesystem client based on SSH File Transfer Protocol themole - automatic SQL injection exploitation tool
forensics
autopsy - graphical interface to SleuthKit chkrootkit - rootkit detector cruft - program that finds any cruft built up on your system dc3dd - patched version of GNU dd with forensic features dcfldd - enhanced version of dd for forensics and security ext4magic - recover deleted files from ext3 or ext4 partitions foremost - forensic program to recover lost files gpart - Guess PC disk partition table, find lost partitions logkeys - keylogger for GNU/Linux systems mac-robber - collects data about allocated files in mounted filesystems memdump - utility to dump memory contents to standard output pdfresurrect - tool for extracting/scrubbing versioning data from PDF documents recover - Undelete files on ext2 partitions recoverdm - recover files/disks with damaged sectors recoverjpeg - tool to recover JPEG images from a filesystem image rkhunter - rootkit, backdoor, sniffer and exploit scanner tiger - Report system security vulnerabilities unhide.rb - Forensic tool to find processes hidden by rootkits vinetto - A forensics tool to examine Thumbs.db files wipe - Secure file deletion vbindiff - visual binary diff, visually compare binary files
stegano
outguess - Universal Steganographic tool steghide - A steganography hiding tool
crypto
fcrackzip - password cracker for zip archives john - active password cracking tool password-gorilla - cross-platform password manager pdfcrack - PDF files password cracker ssss - Shamir's secret sharing scheme implementation rotix - A program to generate rotational obfuscations
reverse-engineering
flasm - assembler and disassembler for Flash (SWF) bytecode
coding
ckport - portability analysis and security checking tool cppcheck - tool for static C/C++ code analysis flawfinder - examines source code and looks for security weaknesses pychecker - tool to find common bugs in Python source code pylint - python code static checker and UML diagram generator
Specific installation instructions
LUKS Nuke
- http://www.kali.org/how-to/emergency-self-destruction-luks-kali/
- http://www.kali.org/how-to/nuke-kali-linux-luks/
- http://lxer.com/module/newswire/view/103692/index.html :
The first part of the new feature is to actually store a "nuke" passphrase in a keyslot. However, this passphrase does not encrypt the masterkey used for en-/decrypting the partition, but rather encrypts a magic value (0x0...0).
cryptsetup luksAddNuke <device>
It behaves pretty much like a "luksAddKey", only that the actual keyslot data does not contain any cryptographic material.
The second part of the implementation is a modification of the function that unlocks a keyslot and extracts the key material for en-/decryption. This function now contains a check for said magical value and deletes all keyslots if it encounters it.
apt-get install cryptsetup/kali cryptsetup-bin/kali libcryptsetup4/kali
If initrd was not rebuilt in the process:
dpkg-reconfigure cryptsetup
cryptsetup luksAddNuke /dev/sda1
Better to pin it:
Add to /etc/apt/preferences.d/kali-package-repositories.pref
Package: /cryptsetup/ Pin: release n=kali Pin-Priority: 990