1. John The Ripper
John The Ripper - a free program designed to recover passwords for their hashes . The main purpose of the program - audit weak passwords on UNIX systems. The program can also perform audit NTLM hashes , Kerberos, etc. There are different operating systems under implementation . Very popular because of the support of a large number of hashes , hashes of your auto and custom cracker. Also supports modules that provide support MD4 hashes , LDAP and MySQL passwords.
[user @ Host ~] $ cat hash
user: $ 1 $ plJCD2DU $ lpYpkehFUxysMkYmxtrGZ.: 14107:0:99999:7 :::
[user @ Host ~] $ john hash
Loaded 1 password hash (FreeBSD MD5 [ 32/32 ] )
guesses: 0 time: 0:00:00:21 46 % (2 ) c / s: 3102 trying: eilrahC
guesses: 0 time: 0:00:00:26 57 % (2 ) c / s: 3126 trying: Laddie2
John The Ripper holds a dictionary attack and brute force . In the dictionary attack program takes guessed passwords from the specified file and compares them with the attacked hash hash. In the brute force program through all possible combinations of passwords.
downloadinstallation
wget http://ubuntu-russian.ru/download/X/brute-force/john-1.7.9.tar.gz
tar-zxf john-1.7.9.tar.gz
cd john-1.7.9/src
make
sudo make clean generic
cd .. / run
. / john - test
2 . Nmap
nmap - a free utility designed for a variety of custom scanning IP-based networks with any number of objects , determine the status of network objects to be scanned ( ports and corresponding services ) . Initially, the program was implemented for systems of UNIX, but now versions available for multiple operating systems .
Nmap uses many different scanning techniques , such as UDP, TCP (connect), TCP SYN ( half-open ), FTP-proxy ( breaking through ftp), Reverse-ident, ICMP (ping), FIN, ACK, Xmas tree, SYN- and NULL- scan . Nmap also supports a wide range of additional features , namely the definition of an operating system of the remote host using fingerprint stack TCP / IP, « invisible » scan , the dynamic calculation of time delays and packet retransmission , parallel scanning , identification of inactive hosts by ping- parallel poll scan using false hosts detect packet filters , direct (without using portmapper) RPC- scanning, scanning using IP- fragmentation as well as any indication of IP- addresses and port numbers to scan networks.
Installing ubuntu
sudo apt-get install nmap
3 . Nessus
Nessus - a program to automatically search for known flaws in the protection of information systems. It is able to detect the most common types of vulnerabilities , such as :
The presence of vulnerable versions of the services or daemons
Configuration errors (for example , no need to login to SMTP- server)
Availability default passwords , empty or weak passwords
The program has a client-server architecture , which greatly extends the capabilities of scanning. According to a survey conducted by the portal securitylab.ru , nessus use 17% of respondents
Since I'm using Ubuntu, I will tell you how to install and configure Nessus under this distribution . It should be noted that the site developer installation instructions available , but it is too complicated .
Download the debian package from the page http://www.nessus.org/download/. Developer provides a lot of assembly for different operating systems . To date, current version - 5.0.1 . Nessus is established in the directory / opt / nessus.
The program has no GUI in its usual form , Nessus is managed via a web interface . After you install and start the daemon scanner IP-address of your computer will be available web server , which provides a graphical user interface based on Flash. However, before you get access to it you need to prepare the program accordingly.
tisg @ ubuntu :/ $ su
password:
root @ ubuntu :/ # / opt / nessus / sbin / nessus-adduser
Login: tisg
Login password:
Login password (again):
Do you want this user to be a Nessus 'admin' user? (can upload plugins, etc ...) (y / n) [n]: y
User rules
----------
nessusd has a rules system which allows you to restrict the hosts
that tisg has the right to test. For instance, you may want
him to be able to scan his own host only.
Please see the nessus-adduser manual for the rules syntax
Enter the rules for this user, and enter a BLANK LINE once you are done:
(the user can have an empty rules set)
Login: tisg
Password: ***********
This user will have 'admin' privileges within the Nessus server
Rules:
Is that ok? (y / n) [y] y
User added
root @ ubuntu :/ #
Our first user will have all the rights without restrictions. Subsequently , for each user can be assigned different kinds of restrictions . For example, you can restrict access to only a particular address for a particular user . The program prompts you to enter the password and logs , and then take an interest in whether to make this user an administrator . Answer in the affirmative. Then you will need to leave a blank line restrictive rules . In this procedure to create a user is over.
The next step - registration program. Fill in the fields on the registration page and will send you a free registration code via email . Run the program , substituting your code
/ opt / nessus / bin / nessus-fetch - register XXXX-XXXX-XXXX-XXXX-XXXX
This is an important moment. After this operation, Nessus will start downloading your plugins , without which it is useless. Plugin Nessus - a set of rules and program codes to be used for the detection of a particular vulnerability. The first time will have to wait : a great many plugins . Upon completion of this process, Nessus becomes fully operational.
Your Activation Code has been registered properly - thank you.
Now fetching the newest plugin set from plugins.nessus.org ...
Your Nessus installation is now up-to-date.
If auto_update is set to 'yes' in nessusd.conf, Nessus will
update the plugins by itself.
Start the server by the command
/ etc / init.d / nessusd start
root @ ubuntu :/ # / etc / init.d / nessusd start
$ Starting Nessus:.
Now you can open a browser and type the address https://127.0.0.1:8834/. Port 8834 - is the port used by the server by default . Communication goes through SSL- secured connection , so take the certificate and as a result see a welcome window Nessus.
Nessus ready to go!
4 . chkrootkit
Chkrootkit program designed to search for malicious code (rootkit) and other suspicious events in the system. The program includesinto several modules :
chkrootkit - test script system;
ifpromisc - search interfaces operating in capture mode
packets.
chklastlog - the discovery of facts to delete records from the log
file lastlog.
chkwtmp - the discovery of facts to delete records from the log file
wtmp.
check_wtmpx - the discovery of facts to delete records from the log
file (only for OS Solaris).
chkproc - search for traces of trojans LKM (Linux Kernel Module - kernel module Linux.)
chkdirs - search for traces of trojans LKM.
strings - program for quick search and replace text strings.
Installation .
Install the chkrootkit command.
sudo apt-get install chkrootkit
Start searching for rootkits command:
sudo chkrootkit
5 . Wireshark
Wireshark - traffic analyzer software for computer networks, Ethernet and others. It has a graphical user interface. In June 2006 the project was renamed Wireshark due to trademark issues . Functionality that provides Wireshark, very similar to the capabilities of the program tcpdump, but Wireshark has a graphical user interface and many more features for sorting and filtering information. The program allows the user to view all the traffic through the network in real time .
Wireshark - is an application that "knows" the structure of a wide variety of network protocols , and therefore allows you to parse network packet , showing the value of each protocol field at any level. As for packet capture using pcap, there is the ability to capture data only from those networks that are supported by this library. Nevertheless , Wireshark able to work with multiple formats of input data , respectively , can open data files captured by other programs that enhances capture.
Main characteristics Wireshark:
Support for hundreds of protocols , the number of which is constantly updated
Sniffing is capable of storing and subsequent offline analysis.
Cross-platform : Windows, Linux, OS X, Solaris, FreeBSD, NetBSD and for many other operating systems
Analysis of VoIP traffic
View intercepted network traffic through GUI, or via the TTY- mode utility Tshark
Powerful custom filter
Writing and reading various data formats , as created by the application , and third-party utilities : tcpdump (libpcap), Pcap NG, Catapult DCT2000, Cisco Secure IDS iplog, Microsoft Network Monitor, Network General Sniffer, Sniffer Pro, and NetXray, Network Instruments Observer , NetScreen snoop, Novell LANalyzer, RADCOM WAN / LAN Analyzer, Shomiti / Finisar Surveyor, Tektronix K12xx, Visual Networks Visual UpTime, WildPackets EtherPeek / TokenPeek / AiroPeek and many others.
Unzipping compressed files in gzip format on the fly.
Support reading traffic through protocols : Ethernet, IEEE 802.11, PPP / HDLC, ATM, Bluetooth, USB, Token Ring, Frame Relay, FDDI and many others ( regardless of platform ) .
Deciphering the different protocols : IPsec, ISAKMP, Kerberos, SNMPv3, SSL / TLS, WEP , and WPA/WPA2
Ability to export data to XML, PostScript, CSV or text file.
Installing wireshark in Ubuntu from PPA
sudo add-apt-repository ppa: n-muench/programs-ppa
sudo apt-get update
sudo apt-get install wireshark
6. netcat
netcat - utility Unix, allowing to establish a TCP or UDP, to take out the data and transmit them . Despite its usefulness and simplicity, this utility is not included in any standard (eg , POSIX).
In the simple case NetCat invoked as :
nc host port
This leads to the creation of TCP- connection with these requisites and closing standard input to network output and vice versa , the standard output to the network input. This functionality resembles command cat, which led to the choice of the name «netcat». If you can not connect the program displays an error message to stderr.
The utility accepts the following options :
-h Help , nothing is done
Additional diagnostics -v (verbose)
-o outfile dumps data
-i number of delay between sending data ( in seconds)
-t Compatible with Telnet
-z Do not send data ( port scan )
-u Connect on UDP ( instead of TCP)
Passive mode -l (listening port )
-p number * Local port number ( for -l)
-s host Use the specified local (" your ») IP- address
-n Disable DNS and port numbers to search / etc / services
-w number Specifies the timeout (in seconds)
number -q Set timeout after EOF on input ( in seconds) **
ispolnyaemyy_fayl -e ! Starts the specified program to exchange data with the network ( instead of the standard input and output )
- with the team ! Same as a command for / bin / sh
! - Requires special assembly , supplied in executable files off ( easy to create network vulnerability) .
* - In some implementations, the port number is set to listen to through -l, and the-p option is not available.
** - Is not available in all versions.
installation
sudo apt-get install netcat
7. Kismet
Kismet - a network analyzer for wireless standard 802.11b. It allows you to listen to the traffic using almost any supported wireless network adapter drivers using Airo, HostAP, Wlan-NG , and Orinoco ( with a patch for the kernel ) .
Can use sox and festival to play notifications about network events and a brief description of utterance detection . Additionally, it may be used to bind to the gpsd areas.installation
sudo apt-get install kismet
8. hping3
hping3 - a computer program that allows you to generate and send an arbitrary computer network packet (IP, TCP, UDP, ICMP).
installation
sudo apt-get install hping3
root @ ubuntu :/ # hping3-p 80 ubuntu-russian.ru
HPING ubuntu-russian.ru (wlan0 31.31.203.200): NO FLAGS are set, 40 headers + 0 data bytes
len = 52 ip = 31.31.203.200 ttl = 55 DF id = 48950 sport = 80 flags = A seq = 0 win = 928 rtt = 0.0 ms
9. Snort
Snort is a free network intrusion prevention system (IPS) and network intrusion detection system (IDS) with open source, capable of carrying out registration packets and perform real-time analysis of traffic in IP networks. Snort was written by Martin Roesch and is currently being developed by Sourcefire, founder and technical director is Roesch . Sourcefire also offers commercial versions of systems for businesses , specialized hardware platforms and support services .
Snort performs logging , analysis, search for content , and is also widely used for blocking the active or passive detection of a number of attacks and soundings , such as buffer overflows , stealth port scans , attacks on web applications , SMB- sensing and attempts to determine the OS. The software is mainly used to prevent the entry , block attacks when they occur .
Snort can operate in conjunction with other software , for example , SnortSnarf, sguil, OSSIM and Basic Analysis and Security Mechanism (BASE) provides a visual representation of data intrusion. With the additions to Snort source from Bleeding Edge Threats, support antivirus scanning packet streams ClamAV and analysis of network anomalies SPADE 3 and 4 layer network , possibly including a history of changes . ( These patches seem to be no longer supported )installation
sudo apt-get install snort
10 . tcpdump
tcpdump - utility UNIX, allowing intercept and analyze network traffic passing through a computer that is running the program .installation
sudo apt-get install tcpdump
Комментариев нет:
Отправить комментарий