vim-expl-01.tar.gz[MISSING]| 5,300 | vim exploit poc by {}
|
unlg_q3a_d0s.fuq| 5,300 | Quake Server DoS PoC/Advisory by infected(HET)
|
sscan2k-pre6.HWA.tar.gz| 298,051 | sscan2k pre 6 by eth0^
|
sscan2k-pre5.HWA.tar.gz| 346,247 | sscan2k pre 5 by eth0^
|
sscan2k-pre4.HWA.tar.gz| 333,392 | sscan2k pre 4 by eth0^
|
sscan2k-pre3.b0f.tar.gz| 336,314 | b0f pre3 version of sscan by eth0
|
sscan2k-pre2.b0f.tar.gz| 338,859 | b0f pre2 version of sscan by eth0
|
HWA-warpcrash.c| 2,740 | will crash OS/2 warp FTP servers v4.5/V4.0/V4.2/V4.3 possibly others (see source) by eth0^
|
apivs.c| 13,263 | APIVS.C 'script kiddy' banner scanner by oasis
|
b0f-lin14.c| 1,834 | The following userspace code will locally hang recent linux machines. The send system call immediately puts the kernel in a loop spewing kmalloc: Size (131076) too large. Linux 2.2.14
and 2.3.99-pre2 are vulnerable by eth0
|
namedscan.c| 8,403 | namedscan.c finds the version of a remote nameserver by eth0
|
standalone.sh| 9,223 | A sample ipchains firewall script, featuring many options you can uncomment by eth0
|
pirchslap.c| 2,361 | Pirch98 irc client ident/fserve daemon DoS overflow attack by eth0
|
pirchslap.exe| 36,854 | Windows port of pirchslap originally by eth0 by DigitalMonkey
|
apivs.c| 13,263 | APIVS.C 'script kiddy' banner scanner by oasis
|
bb-1.3.tar.gz| 175,757 | description
|
claymore.tar.gz| 4,866 | Claymore v0.3 is an intrusion detection and integrity monitoring system. To accomplish its task, it runs from cron and reads in a list of files stored in flat ASCII, and uses md5sum to check their integrity against that recorded earlier in a database. If the database is placed on a read-only medium such as a write-protected floppy, then it should provide an infallible record against remotely installed trojan horses.
|
fragrouter-1.6.tar.gz| 277,726 | Fragrouter v1.6 - Fragrouter is aimed at testing the correctness of a NIDS, according to the specific TCP/IP attacks listed in the Secure Networks NIDS evasion paper. Other NIDS evasion toolkits which implement these attacks are in circulation among hackers or publically available, and it is assumed that they are currently being used to bypass NIDSs.
|
hostsentry-0.02.tar.gz| 33,983 | HostSentry v0.02 is a host based intrusion detection tool that performs Login Anomaly Detection (LAD), and is the most recent edition to the Abacus Project suite of security tools. This tool allows administrators to spot strange login behavior and quickly respond to compromised accounts and unusual behavior. HostSentry incorporates a dynamic database and actually "learns" the user login behavior. This behavior is then utilized by modular signatures to detect unusual events. Specifically, HostSentry monitors system login accounting records in real-time (wtmp/utmp). These records are used to build a dynamic database of active users and run a series of signature modules during the login and logout phases. The signature modules are pluggable and easily activated or deactivated by the admin.
|
icmpinfo-1.11.tar.gz| 13,712 | Tracks ICMP packets, allowing you to proactively watch for suspicious behaviour, mainly ICMP unreachables.
|
killerd-0_2.tar.gz| 4,958 | A daemon which kills shells with idle time above a certain limit.
|
ktcpd-strobemasker-1.4.gz| 12,185 | Linux 2.0.x kernel patch that protects you from strobes. Detects all strobes, logs all strobe attempts, refuses connections after a strobe begins, logs ALL packets (tcp, icmp, udp). Basically, makes your Linux box appear to be a Macintosh.
|
logwatch-1.6.6.tar.gz| 36,751 | LogWatch 1.6.6 is a customizable, pluggable log-monitoring system that analyzes and reports on system logs. It will go through your logs for a given period of time and make a report in the areas that you wish with the detail that you wish. Easy to use - works right out of the package on almost all systems. Now analyzes samba logs.
|
lsof_4.50_W.tar.gz| 764,666 | Lsof is an extremely powerfiul unix diagnostic tool. Its name stands for LiSt Open Files, and it does just that. It lists information about any files that are open by processes currently running on the system. It easily pinpoints which process is using each network connection / open port.
|
osiris-1.3.0.tar.gz| 232,001 | Osiris catalogs specified directories of files, including MD5 hashes, modification dates, and file attributes into a specified database and/or to STDOUT as directed. The second program, scale, compares two such databases against each other. It will output, either to a file or STDOUT, any differences it finds between the two catalogs including missing or additional files, differing MD5 hashes, modification dates, and file attributes. Together, the two programs give an administrator the tools to follow changes in files on a server or workstation. This keeps an administrator apprised of possible attacks and/or nasty little trojans.
|
overcr-1.49.02.tar.gz| 13,185 | OverCR 1.49.02 - OverCR is a remote systems monitoring tool that utilizes a simple language for queries. It is designed as a GPL'd program similar to the popular (and non-GPL) Big Brother Monitoring system.
|
samhain-0.8.tar.gz| 410,427 | samhain is a distributed host integrity monitoring system. It consists of monitoring agents running on individual hosts, and a central log server collecting reports from these agents via authenticated TCP/IP connections. On single hosts, it is possible to run a standalone monitoring agent. Currently, agents may monitor the integrity of files and directories, and watch for login/logout events. In addition to forwarding reports to the log server, other logging facilities (e-mail, console, tamper-resistant log file, and syslog) are available. samhain has been tested on Linux, AIX 4.1, HP-UX 10.20, Unixware 7.1.0, and Solaris 2.6.
|
secureworx0_7-B1.sh| 107,122 | Secure Worx (TM) Network Intrusion Detection System - The intrusion detection system is a network based system that performs high-speed traffic analysis of the content and context of a network packet to detect unauthorized traffic in real-time. It has inexpensive hardware and OS requirements. The intrusion detection system runs on a Intel Pentium class compatible processor with a 10/100 Ethernet card running the Linux OS with kernel 2.2 and above with a configured TCP/IP stack. The installation process involves running an installation script that asks a few simple questions. It is then a simple matter of starting the software and your network is then searched for anomalous activity.
|
sentinel-1.2.0.tar.gz| 395,168 | Sentinel is a fast file/drive scanning utility similar to the Tripwire and Viper.pl utilities available. It uses a database similar to Tripwire, but uses a RIPEMD-160bit MAC checksumming algorithm (no patents) which is more secure than the patented MD5 128 bit checksum. It should run on most unixes (tested on redhat linux v6.0 & v5.2, slackware linux v3.x & 4.xb and IRIX (v5.2 and v6.x). Several other utilities which are used for Sentinel development are also posted here. Most utilities are included with the sentinel tarball. gSentinel is a graphical front-end to sentinel. Newbies should download gSentinel as it comes with a very simple rpm based installation and offers a friendly interface. Beware that gSentinel is currently under development and may be fairly crude compared to most GUI packages.
|
sniffer_detector.letter.ps.gz| 116,350 | Whitepaper by IBM that discusses basic sniffer detector concepts. IBM Security ITS '98
|
sploitmon.pl| 1,957 | sploitmon.pl is a simple yet sophisticated perl script that runs in the background to monitor Apache's access_log file for indications of an exploit scan. If one is detected, a new exploit_scan_log file is created with the details. Checks for /cgi-bin/phf, /cgi-bin/nph-test-cgi, and /cgi-bin/whois_raw.cgi.
|
suidshow.c| 1,677 | description
|
tcp_wrappers_7.6.tar.gz| 99,438 | Wietse Venema's tcp wrapper. The package provides tiny daemon wrapper programs that can be installed without any changes to existing software or to existing configuration files. The wrappers report the name of the client host and of the requested service; the wrappers do not exchange information with the client or server applications, and impose no overhead on the actual conversation between the client and server applications.
|
trojan.pl| 31,215 | Perl script that searches for trojan horses installed on system.
|
viperdb_v0.9.1.txt| 12,573 | ViperDB was created as a smaller and faster option to Tripwire. ViperDB does not use a fancy all-in-one database to keep records. Instead it uses a plaintext db which is stored in each "watched" directory. By using this there is no real one attack point for an attacker to focus his attention on. This coupled with the running of ViperDB every 5 minutes (via cron root job) decreases that likelihood that an attacker will be able to modify your "watched" filesystem while ViperDB is monitoring your system.
|
whowatch-1.4.tar.gz| 43,084 | Whowatch is an interactive utility that displays information about the users currently on the machine in real time. Besides standard information (login name, tty, host, user's process) you can see the connection type (ie. telnet or ssh). You can also watch the process tree, navigate it, and send INT and KILL signals. Ncurses ascii graphics.
|
zombie-1.2.tgz| 12,170 | Zombie Zapper Unix version 1.2 - Zombie Zapper [tm] is a free, open source tool that can tell a zombie system flooding packets to stop flooding. It works against Trinoo, TFN, and Stacheldraht. It does assume various defaults used by these attack tools are still in place, but allows you to put the zombies to sleep.
|
ZZ.exe| 65,536 | Zombie Zapper v1.2 Windows NT Binary - Zombie Zapper [tm] is a free, open source tool that can tell a zombie system flooding packets to stop flooding. It works against Trinoo, TFN, and Stacheldraht. It does assume various defaults used by these attack tools are still in place, but allows you to put the zombies to sleep.
|
| |
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | |