Security packages

From YobiWiki
Jump to navigation Jump to search

Here is a list of security-related packages available in Debian-alike distros.
My setup is made of a basis of LMDE with Debian and Kali pinned repositories.

network

arping                         - sends IP and/or ARP pings (to the MAC address)
dsniff                         - Various tools to sniff network traffic for cleartext insecurities
etherwake                      - tool to send magic Wake-on-LAN packets
iodine                         - tool for tunneling IPv4 data through a DNS server
kismet                         - wireless sniffer and monitor - core
kismet-plugins                 - wireless sniffer and monitor - plugins
ndisc6                         - IPv6 diagnostic tools
netcat                         - TCP/IP swiss army knife -- transitional package
netsniff-ng                    - packet sniffing beast
nmap                           - The Network Mapper
socat                          - multipurpose relay for bidirectional data transfer
sshfs                          - filesystem client based on SSH File Transfer Protocol
themole                        - automatic SQL injection exploitation tool

forensics

autopsy                        - graphical interface to SleuthKit
chkrootkit                     - rootkit detector
cruft                          - program that finds any cruft built up on your system
dc3dd                          - patched version of GNU dd with forensic features
dcfldd                         - enhanced version of dd for forensics and security
ext4magic                      - recover deleted files from ext3 or ext4 partitions
foremost                       - forensic program to recover lost files
gpart                          - Guess PC disk partition table, find lost partitions
logkeys                        - keylogger for GNU/Linux systems
mac-robber                     - collects data about allocated files in mounted filesystems
memdump                        - utility to dump memory contents to standard output
pdfresurrect                   - tool for extracting/scrubbing versioning data from PDF documents
recover                        - Undelete files on ext2 partitions
recoverdm                      - recover files/disks with damaged sectors
recoverjpeg                    - tool to recover JPEG images from a filesystem image
rkhunter                       - rootkit, backdoor, sniffer and exploit scanner
tiger                          - Report system security vulnerabilities
unhide.rb                      - Forensic tool to find processes hidden by rootkits
vinetto                        - A forensics tool to examine Thumbs.db files
wipe                           - Secure file deletion
vbindiff                       - visual binary diff, visually compare binary files

stegano

outguess                       - Universal Steganographic tool
steghide                       - A steganography hiding tool

crypto

fcrackzip                      - password cracker for zip archives
john                           - active password cracking tool
password-gorilla               - cross-platform password manager
pdfcrack                       - PDF files password cracker
ssss                           - Shamir's secret sharing scheme implementation
rotix                          - A program to generate rotational obfuscations

reverse-engineering

flasm                          - assembler and disassembler for Flash (SWF) bytecode

coding

ckport                         - portability analysis and security checking tool
cppcheck                       - tool for static C/C++ code analysis
flawfinder                     - examines source code and looks for security weaknesses
pychecker                      - tool to find common bugs in Python source code
pylint                         - python code static checker and UML diagram generator

Specific installation instructions

LUKS Nuke

The first part of the new feature is to actually store a "nuke" passphrase in a keyslot. However, this passphrase does not encrypt the masterkey used for en-/decrypting the partition, but rather encrypts a magic value (0x0...0).

 cryptsetup luksAddNuke <device>

It behaves pretty much like a "luksAddKey", only that the actual keyslot data does not contain any cryptographic material.
The second part of the implementation is a modification of the function that unlocks a keyslot and extracts the key material for en-/decryption. This function now contains a check for said magical value and deletes all keyslots if it encounters it.

apt-get install cryptsetup/kali cryptsetup-bin/kali libcryptsetup4/kali

If initrd was not rebuilt in the process:

dpkg-reconfigure cryptsetup
cryptsetup luksAddNuke /dev/sda1

Better to pin it:
Add to /etc/apt/preferences.d/kali-package-repositories.pref

Package: /cryptsetup/
Pin: release n=kali
Pin-Priority: 990