Difference between revisions of "Security packages"
Jump to navigation
Jump to search
m (→logkeys) |
|||
| (9 intermediate revisions by the same user not shown) | |||
| Line 1: | Line 1: | ||
| − | Here is a list of security-related packages available in Debian-alike distros. |
+ | Here is a list of security-related packages available in Debian-alike distros that I'm using. |
<br>My setup is made of a basis of [[LMDE]] with [[LMDE#Add_Debian_repositories|Debian]] and [[Kali#Add_Kali_repositories_to_LMDE|Kali]] pinned repositories. |
<br>My setup is made of a basis of [[LMDE]] with [[LMDE#Add_Debian_repositories|Debian]] and [[Kali#Add_Kali_repositories_to_LMDE|Kali]] pinned repositories. |
||
==network== |
==network== |
||
| Line 31: | Line 31: | ||
memdump - utility to dump memory contents to standard output |
memdump - utility to dump memory contents to standard output |
||
pdfresurrect - tool for extracting/scrubbing versioning data from PDF documents |
pdfresurrect - tool for extracting/scrubbing versioning data from PDF documents |
||
| − | recover - Undelete files on ext2 partitions |
||
recoverdm - recover files/disks with damaged sectors |
recoverdm - recover files/disks with damaged sectors |
||
recoverjpeg - tool to recover JPEG images from a filesystem image |
recoverjpeg - tool to recover JPEG images from a filesystem image |
||
| Line 41: | Line 40: | ||
vbindiff - visual binary diff, visually compare binary files |
vbindiff - visual binary diff, visually compare binary files |
||
</pre> |
</pre> |
||
| + | Kali: |
||
| + | recover - Undelete files on ext2 partitions |
||
| + | |||
==stegano== |
==stegano== |
||
<pre> |
<pre> |
||
| Line 49: | Line 51: | ||
<pre> |
<pre> |
||
fcrackzip - password cracker for zip archives |
fcrackzip - password cracker for zip archives |
||
| − | john - active password cracking tool |
||
password-gorilla - cross-platform password manager |
password-gorilla - cross-platform password manager |
||
pdfcrack - PDF files password cracker |
pdfcrack - PDF files password cracker |
||
| Line 55: | Line 56: | ||
rotix - A program to generate rotational obfuscations |
rotix - A program to generate rotational obfuscations |
||
</pre> |
</pre> |
||
| + | |||
| + | john - active password cracking tool |
||
| + | John is more complete on Kali, so let's pin it: |
||
| + | |||
| + | Add to /etc/apt/preferences.d/kali-package-repositories.pref |
||
| + | Package: john john-data |
||
| + | Pin: release n=kali |
||
| + | Pin-Priority: 990 |
||
| + | |||
==reverse-engineering== |
==reverse-engineering== |
||
<pre> |
<pre> |
||
flasm - assembler and disassembler for Flash (SWF) bytecode |
flasm - assembler and disassembler for Flash (SWF) bytecode |
||
</pre> |
</pre> |
||
| + | Kali: |
||
| + | binwalk - A firmware analysis tool |
||
| + | -> |
||
| + | apt-get install binwalk/kali |
||
| + | |||
==coding== |
==coding== |
||
<pre> |
<pre> |
||
| Line 69: | Line 84: | ||
==Specific installation instructions== |
==Specific installation instructions== |
||
| + | ===Building dependencies=== |
||
| + | Some of the softs require prerequisites, see [[LMDE#devel]] |
||
===LUKS Nuke=== |
===LUKS Nuke=== |
||
* http://www.kali.org/how-to/emergency-self-destruction-luks-kali/ |
* http://www.kali.org/how-to/emergency-self-destruction-luks-kali/ |
||
| Line 92: | Line 109: | ||
http://ftp.de.debian.org/debian/pool/main/o/openssl/libssl0.9.8_0.9.8o-4squeeze14_amd64.deb |
http://ftp.de.debian.org/debian/pool/main/o/openssl/libssl0.9.8_0.9.8o-4squeeze14_amd64.deb |
||
http://ftp.de.debian.org/debian/pool/main/p/pwsafe/pwsafe_0.2.0-3_amd64.deb |
http://ftp.de.debian.org/debian/pool/main/p/pwsafe/pwsafe_0.2.0-3_amd64.deb |
||
| − | ===bp-tools=== |
||
| − | From http://www.eftlab.co.uk/index.php/downloads/bp-tools |
||
| − | <br>Needs libpthread-stubs0: |
||
| − | http://ftp.de.debian.org/debian/pool/main/libp/libpthread-stubs/libpthread-stubs0_0.3-3_amd64.deb |
||
| − | |||
| − | apt-get install libsqlite3-dev sqlite3 |
||
| − | dpkg --purge bp-tools |
||
| − | dpkg -i bp-tools_14.04_amd64_free.deb |
||
| − | ===[[Belgian eID]]=== |
||
| − | cf http://eid.belgium.be/fr/utiliser_votre_eid/installer_le_logiciel_eid/linux/ |
||
| − | <br>-> debian 64 |
||
| − | <br>See also https://code.google.com/p/eid-mw/wiki/ChromeLinux : |
||
| − | <pre> |
||
| − | libnss3-tools - Network Security Service tools |
||
| − | </pre> |
||
| − | Close Chrome |
||
| − | cd |
||
| − | modutil -dbdir sql:.pki/nssdb/ -add "Belgium eID" -libfile /usr/lib/libbeidpkcs11.so |
||
| − | modutil -dbdir sql:.pki/nssdb/ -list |
||
| − | ===EMV-CAP=== |
||
| − | python setup.py install |
||
| − | And install: |
||
| − | <pre> |
||
| − | python-pyscard - Python wrapper above PC/SC API |
||
| − | </pre> |
||
===IDA Pro=== |
===IDA Pro=== |
||
See http://blog.stalkr.net/2014/01/ida-on-debian-amd64-with-python.html |
See http://blog.stalkr.net/2014/01/ida-on-debian-amd64-with-python.html |
||
| Line 150: | Line 142: | ||
echo "bash: $(basename $0): command not found" |
echo "bash: $(basename $0): command not found" |
||
exit 127 |
exit 127 |
||
| + | If you get wrong keys in the log, create a mapfile according to /usr/share/doc/logkeys/README.gz ch4.2 then save it into /etc/logkeys-keymap and to load it, add to /etc/default/logkeys: |
||
| + | DAEMON_OPTS="--keymap /etc/logkeys-keymap" |
||
| + | But /etc/init.d/logkeys adds the incompatible option -u that we've to remove, so edit /etc/init.d/logkeys: |
||
| + | DAEMON_OPTS="-s -d $DEVICE -o $LOGFILE $DAEMON_OPTS" |
||
| + | |||
===Wireshark=== |
===Wireshark=== |
||
<pre> |
<pre> |
||
| Line 164: | Line 161: | ||
Add entry in menu manually... see /usr/share/applications/gufw.desktop |
Add entry in menu manually... see /usr/share/applications/gufw.desktop |
||
<br>Right-click the Mint Menu, select "Configure" then "Open the menu editor", Click a software category / "New Item". |
<br>Right-click the Mint Menu, select "Configure" then "Open the menu editor", Click a software category / "New Item". |
||
| − | ===libnfc=== |
||
| − | apt-get install libnfc5 libnfc-bin libnfc-examples libnfc-dev libnfc-pn53x-examples |
||
| − | apt-get install libfreefare0 libfreefare-bin libfreefare-dev libfreefare-doc |
||
| − | modprobe -r pn533 |
||
| − | adduser <myuser> plugdev |
||
===mitmproxy=== |
===mitmproxy=== |
||
<pre> |
<pre> |
||
| Line 216: | Line 208: | ||
$ cd python-cryptoplus/ |
$ cd python-cryptoplus/ |
||
# python setup.py install |
# python setup.py install |
||
| + | |||
| + | ===Smartcard / RFID / NFC related=== |
||
| + | ====[[Belgian eID]]==== |
||
| + | cf http://eid.belgium.be/fr/utiliser_votre_eid/installer_le_logiciel_eid/linux/ |
||
| + | <br>-> debian 64 |
||
| + | <br>See also https://code.google.com/p/eid-mw/wiki/ChromeLinux : |
||
| + | <pre> |
||
| + | libnss3-tools - Network Security Service tools |
||
| + | </pre> |
||
| + | Close Chrome |
||
| + | cd |
||
| + | modutil -dbdir sql:.pki/nssdb/ -add "Belgium eID" -libfile /usr/lib/libbeidpkcs11.so |
||
| + | modutil -dbdir sql:.pki/nssdb/ -list |
||
| + | ====EMV-CAP==== |
||
| + | python setup.py install |
||
| + | And install: |
||
| + | <pre> |
||
| + | python-pyscard - Python wrapper above PC/SC API |
||
| + | </pre> |
||
| + | ====libnfc/libfreefare==== |
||
| + | <pre> |
||
| + | libfreefare-bin - MIFARE card manipulations binaries |
||
| + | libfreefare-dev - MIFARE card manipulations library (development files) |
||
| + | libfreefare-doc - documentation for libfreefare |
||
| + | libnfc-bin - Near Field Communication (NFC) binaries |
||
| + | libnfc-dev - Near Field Communication (NFC) library (development files) |
||
| + | libnfc-examples - Near Field Communication (NFC) examples |
||
| + | libnfc-pn53x-examples - Near Field Communication (NFC) examples for PN53x chips only |
||
| + | </pre> |
||
| + | Better to pin what we always want from Debian directly: |
||
| + | <br>Add to /etc/apt/preferences.d/debian-package-repositories.pref |
||
| + | <pre> |
||
| + | Package: libnfc* |
||
| + | Pin: origin ftp.be.debian.org |
||
| + | Pin-Priority: 990 |
||
| + | |||
| + | Package: libfreefare* |
||
| + | Pin: origin ftp.be.debian.org |
||
| + | Pin-Priority: 990 |
||
| + | </pre> |
||
| + | Then |
||
| + | apt-get install libnfc-bin libnfc-dev libnfc-examples libnfc-pn53x-examples |
||
| + | apt-get install libfreefare-bin libfreefare-dev libfreefare-doc |
||
| + | modprobe -r pn533 |
||
| + | adduser <myuser> plugdev |
||
| + | |||
| + | ====bp-tools==== |
||
| + | From http://www.eftlab.co.uk/index.php/downloads/bp-tools |
||
| + | <br>Needs libpthread-stubs0: |
||
| + | http://ftp.de.debian.org/debian/pool/main/libp/libpthread-stubs/libpthread-stubs0_0.3-3_amd64.deb |
||
| + | |||
| + | apt-get install libsqlite3-dev sqlite3 |
||
| + | dpkg --purge bp-tools |
||
| + | dpkg -i bp-tools_14.04_amd64_free.deb |
||
Latest revision as of 23:26, 6 August 2014
Here is a list of security-related packages available in Debian-alike distros that I'm using.
My setup is made of a basis of LMDE with Debian and Kali pinned repositories.
network
arping - sends IP and/or ARP pings (to the MAC address) dsniff - Various tools to sniff network traffic for cleartext insecurities etherwake - tool to send magic Wake-on-LAN packets iodine - tool for tunneling IPv4 data through a DNS server kismet - wireless sniffer and monitor - core kismet-plugins - wireless sniffer and monitor - plugins ndisc6 - IPv6 diagnostic tools netcat - TCP/IP swiss army knife -- transitional package netsniff-ng - packet sniffing beast nmap - The Network Mapper socat - multipurpose relay for bidirectional data transfer sshfs - filesystem client based on SSH File Transfer Protocol themole - automatic SQL injection exploitation tool
forensics
autopsy - graphical interface to SleuthKit chkrootkit - rootkit detector cruft - program that finds any cruft built up on your system dc3dd - patched version of GNU dd with forensic features dcfldd - enhanced version of dd for forensics and security ext4magic - recover deleted files from ext3 or ext4 partitions foremost - forensic program to recover lost files gpart - Guess PC disk partition table, find lost partitions logkeys - keylogger for GNU/Linux systems mac-robber - collects data about allocated files in mounted filesystems memdump - utility to dump memory contents to standard output pdfresurrect - tool for extracting/scrubbing versioning data from PDF documents recoverdm - recover files/disks with damaged sectors recoverjpeg - tool to recover JPEG images from a filesystem image rkhunter - rootkit, backdoor, sniffer and exploit scanner tiger - Report system security vulnerabilities unhide.rb - Forensic tool to find processes hidden by rootkits vinetto - A forensics tool to examine Thumbs.db files wipe - Secure file deletion vbindiff - visual binary diff, visually compare binary files
Kali:
recover - Undelete files on ext2 partitions
stegano
outguess - Universal Steganographic tool steghide - A steganography hiding tool
crypto
fcrackzip - password cracker for zip archives password-gorilla - cross-platform password manager pdfcrack - PDF files password cracker ssss - Shamir's secret sharing scheme implementation rotix - A program to generate rotational obfuscations
john - active password cracking tool
John is more complete on Kali, so let's pin it:
Add to /etc/apt/preferences.d/kali-package-repositories.pref
Package: john john-data Pin: release n=kali Pin-Priority: 990
reverse-engineering
flasm - assembler and disassembler for Flash (SWF) bytecode
Kali:
binwalk - A firmware analysis tool
->
apt-get install binwalk/kali
coding
ckport - portability analysis and security checking tool cppcheck - tool for static C/C++ code analysis flawfinder - examines source code and looks for security weaknesses pychecker - tool to find common bugs in Python source code pylint - python code static checker and UML diagram generator
Specific installation instructions
Building dependencies
Some of the softs require prerequisites, see LMDE#devel
LUKS Nuke
- http://www.kali.org/how-to/emergency-self-destruction-luks-kali/
- http://www.kali.org/how-to/nuke-kali-linux-luks/
- http://lxer.com/module/newswire/view/103692/index.html :
The first part of the new feature is to actually store a "nuke" passphrase in a keyslot. However, this passphrase does not encrypt the masterkey used for en-/decrypting the partition, but rather encrypts a magic value (0x0...0).
cryptsetup luksAddNuke <device>
It behaves pretty much like a "luksAddKey", only that the actual keyslot data does not contain any cryptographic material.
The second part of the implementation is a modification of the function that unlocks a keyslot and extracts the key material for en-/decryption. This function now contains a check for said magical value and deletes all keyslots if it encounters it.
apt-get install cryptsetup/kali cryptsetup-bin/kali libcryptsetup4/kali
If initrd was not rebuilt in the process:
dpkg-reconfigure cryptsetup
cryptsetup luksAddNuke /dev/sda1
Better to pin it:
Add to /etc/apt/preferences.d/kali-package-repositories.pref
Package: /cryptsetup/ Pin: release n=kali Pin-Priority: 990
pwsafe
Have to backport from squeeze: get and install those
http://ftp.de.debian.org/debian/pool/main/o/openssl/libssl0.9.8_0.9.8o-4squeeze14_amd64.deb http://ftp.de.debian.org/debian/pool/main/p/pwsafe/pwsafe_0.2.0-3_amd64.deb
IDA Pro
See http://blog.stalkr.net/2014/01/ida-on-debian-amd64-with-python.html
Run installation file
It requires libglib2.0-0 but because of chromium/jessie we need the jessie one:
apt-get install -t jessie libglib2.0-0:i386 libselinux1:i386
apt-get install libstdc++6:i386 libc6-i686:i386 libexpat1:i386 libffi6:i386 libfontconfig1:i386 libfreetype6:i386 libgcc1:i386 libglib2.0-0:i386 \
libice6:i386 libpcre3:i386 libpng12-0:i386 libsm6:i386 libstdc++6:i386 libuuid1:i386 libx11-6:i386 libxau6:i386 libxcb1:i386 \
libxdmcp6:i386 libxext6:i386 libxrender1:i386 zlib1g:i386
apt-get install libpython2.7:i386
logkeys
apt-get install logkeys
Find keyboard device to see which eventX to use:
grep "^[NH]" /proc/bus/input/devices
Edit /etc/default/logkeys:
ENABLED=1 LOGFILE=/var/log/logkeys DEVICE=/dev/input/event0
Avoid it to start automatically:
update-rc.d logkeys disable
Allow starting it without password prompt:
Create /etc/sudoers.d/logkeys:
<myuser> ALL = NOPASSWD: /etc/init.d/logkeys
Provide stealth hooks, under your choice name, e.g. "sl" (for mispelled "ls") etc:
#!/bin/bash sudo /etc/init.d/logkeys start >/dev/null echo "bash: $(basename $0): command not found" exit 127
#!/bin/bash sudo /etc/init.d/logkeys stop >/dev/null echo "bash: $(basename $0): command not found" exit 127
If you get wrong keys in the log, create a mapfile according to /usr/share/doc/logkeys/README.gz ch4.2 then save it into /etc/logkeys-keymap and to load it, add to /etc/default/logkeys:
DAEMON_OPTS="--keymap /etc/logkeys-keymap"
But /etc/init.d/logkeys adds the incompatible option -u that we've to remove, so edit /etc/init.d/logkeys:
DAEMON_OPTS="-s -d $DEVICE -o $LOGFILE $DAEMON_OPTS"
Wireshark
tshark - network traffic analyzer - console version wireshark - network traffic analyzer - GTK+ version
apt-get install wireshark tshark dpkg-reconfigure wireshark-common adduser <myuser> wireshark
GUFW
Firewall:
apt-get install gufw
Add entry in menu manually... see /usr/share/applications/gufw.desktop
Right-click the Mint Menu, select "Configure" then "Open the menu editor", Click a software category / "New Item".
mitmproxy
mitmproxy - SSL-capable man-in-the-middle HTTP proxy
apt-get install mitmproxy/jessie python-netlib/jessie
After first run of mitmproxy, certs are created.
Install ~/.mitmproxy/mitmproxy-ca-cert.cer as authority or:
Run mitmproxy, visit http://mitm.it and install certificate
To run mitmproxy on a router as transparent proxy, e.g. on the exit node of my VPN:
I keep same certs as my local ones
scp -r .mitmproxy myvpn.box:
On myvpn.box I've the following scripts:
./mitmproxy:
iptables -t nat -A PREROUTING -i tap0 -p tcp --dport 80 -j REDIRECT --to-port 8765
iptables -t nat -A PREROUTING -i tap0 -p tcp --dport 443 -j REDIRECT --to-port 8765
export LANG=en_US.UTF-8
mitmproxy -T --host -p 8765 $*
iptables -t nat -D PREROUTING -i tap0 -p tcp --dport 80 -j REDIRECT --to-port 8765
iptables -t nat -D PREROUTING -i tap0 -p tcp --dport 443 -j REDIRECT --to-port 8765
./mitmdump:
iptables -t nat -A PREROUTING -i tap0 -p tcp --dport 80 -j REDIRECT --to-port 8765
iptables -t nat -A PREROUTING -i tap0 -p tcp --dport 443 -j REDIRECT --to-port 8765
export LANG=en_US.UTF-8
mitmdump -T --host -p 8765 $*
iptables -t nat -D PREROUTING -i tap0 -p tcp --dport 80 -j REDIRECT --to-port 8765
iptables -t nat -D PREROUTING -i tap0 -p tcp --dport 443 -j REDIRECT --to-port 8765
And I can call them remotely:
vpn_mitmproxy:
ssh -t myvpn.box ./mitmproxy $*
vpn_mitmdump:
ssh myvpn.box ./mitmdump $*
PyCryptoPlus
$ git clone https://github.com/doegox/python-cryptoplus $ cd python-cryptoplus/ # python setup.py install
Belgian eID
cf http://eid.belgium.be/fr/utiliser_votre_eid/installer_le_logiciel_eid/linux/
-> debian 64
See also https://code.google.com/p/eid-mw/wiki/ChromeLinux :
libnss3-tools - Network Security Service tools
Close Chrome
cd modutil -dbdir sql:.pki/nssdb/ -add "Belgium eID" -libfile /usr/lib/libbeidpkcs11.so modutil -dbdir sql:.pki/nssdb/ -list
EMV-CAP
python setup.py install
And install:
python-pyscard - Python wrapper above PC/SC API
libnfc/libfreefare
libfreefare-bin - MIFARE card manipulations binaries libfreefare-dev - MIFARE card manipulations library (development files) libfreefare-doc - documentation for libfreefare libnfc-bin - Near Field Communication (NFC) binaries libnfc-dev - Near Field Communication (NFC) library (development files) libnfc-examples - Near Field Communication (NFC) examples libnfc-pn53x-examples - Near Field Communication (NFC) examples for PN53x chips only
Better to pin what we always want from Debian directly:
Add to /etc/apt/preferences.d/debian-package-repositories.pref
Package: libnfc* Pin: origin ftp.be.debian.org Pin-Priority: 990 Package: libfreefare* Pin: origin ftp.be.debian.org Pin-Priority: 990
Then
apt-get install libnfc-bin libnfc-dev libnfc-examples libnfc-pn53x-examples apt-get install libfreefare-bin libfreefare-dev libfreefare-doc modprobe -r pn533 adduser <myuser> plugdev
bp-tools
From http://www.eftlab.co.uk/index.php/downloads/bp-tools
Needs libpthread-stubs0:
http://ftp.de.debian.org/debian/pool/main/libp/libpthread-stubs/libpthread-stubs0_0.3-3_amd64.deb
apt-get install libsqlite3-dev sqlite3 dpkg --purge bp-tools dpkg -i bp-tools_14.04_amd64_free.deb